It took more than a year, but a piece I wrote reviewing "best practices" security principles as applied to the well-known .NET "reference" applications (PetShop, F&M, Duwamish) finally made it onto MSDN last week. As you might imagine, the security aspects of these applications don't stand up well when a strong light is shown on them. And yet...what else is there? How are developers, designers, and architects supposed to deal with security when all they have to look at is simple marketing-oriented demos or 2,000 pages of detailed guidance, with nothing in between?
There are probably a number of ways to locate this article (and MSDN's infrastructure discourages permanent links), but here's one from the Architecture Center portal that might be good for a while:
http://msdn.microsoft.com/architecture/default.aspx?pull=/library/en-us/dnbda/html/ppsecguide.asp
I'm particularly tickled by the ratings / comments. The overall is currently 6.4998 (about average), but you just have to laugh at the distribution (see the graph at the bottom on the article). And what are the comments that accompany the 1 ratings?
"this page sucked"
"This article is full of shit..."
But here's the most recent comment (clearly, from an intelligent and perceptive reader <grin>):
"Told it like it is! The author has created has genuinely useful document that should be required reading for anyone writing secure apps."
My friend Susi Johnston - enroute to the US from Bali, where she's been organizing a major relief effort to Aceh for the past 3 weeks - sent me an email from Narita with the subject:
"Robert Scoble on the Cover of FORTUNE magazine"
Robert's blogged about Susi's relief effort a couple of times now, and we're going to his 40th birthday party this Saturday. Anyway, it looks like he's on the cover of the Asia edition of this magazine, which had this story about blogging. And somewhere in that issue is apparently something about the wiki as well, which was created by Ward Cunningham - who's in the group I work with at Microsoft and is doing an evening kickback session the first day of the next patterns & practices Summit. Small world, huh? Hmm...I wonder if I'm ever going to amount to anything myself...nah, prolly not. <grin>