July 2004 - Posts
I agree with Klaus that Smart Clients need another look, as ASP.NET is not the only solution for UI deployment. The P&P book Smart Client Architecture and Design Guide came out in PDF form this week, and I have been reading this with great interest. Take a look:
For myself, I can see several upcoming intranet projects that would better utilize Smart Clients than ASP.NET. I am especially interested in ClickOnce and seeing how Code Access Security (CAS) will play a bigger part in developing secure applications.
As related by Sergey:
Valery posted two interesting articles with some historical facts about password and weakness of password schemes: Passwords. Part I - LM Hash and Passwords. Part II - NIX passwords.
At the same time Robert Hensing from PSS Security start blogging with Why you shouldn't be using passwords of any kind on your Windows networks. [subscribed]
Also subscribed to Robert Hensing's blog -- looks like he is already off to a great start!
Fritz Onion, author of the best ASP.NET book Essential ASP.NET, is writing a follow up book called Essential ASP.NET 2.0. Fritz lists some of his thoughts on the best ways to write technically -- I think they could also apply to speaking technically as well. Check out Fritz' post for his great advice. Fritz is also asking for help in how to present the new ASP.NET 2.0 concepts.
My friend Andrew wonders
if there is a link between the new ECMAScript for XML spec and the recent C-Omega work. Anyone have ideas?
Jeff Prosise has an article posted this month in MSDN Magazine on “Foiling Session Hijacking Attempts”. I was talking about this issue with a friend last week, so this is very timely. If you want to protect against session cookie information being stolen from your ASP.NET website, give Jeff's solution a try.
Have you or a friend of yours been hacked? I am referring to the way an attacker can exploit your computer through a missing patch, or an open port that needs to be closed, and essentially now “owns” the machine.
Dana Epp has posted a link to an introductory article that tries to answer the question “How do I go about seeing if I have been hacked?”:
The guys over at Bleeping Computer have written a tutorial that will show you how to determine if your Windows NT, XP, or 2000 box is hacked and how you can go about cleaning up the files they may have left behind.
The tutorial shows you how to detect most hacks, but there are other methods that will be much harder to detect and will require a greater degree of knowledge in detecting them. The author believes that most of the hacks that are done in mass, especially by the script kiddies, will be detectable through these methods.
Dana lists the tools mentioned in the article for performing a simple forensic analysis on your Windows system:
- Fport - Lists all open ports (Think nstat like)
- TCPView - Similar to Fport, but graphical, and shows more info such as CLOSED connections (very important post analysis)
- Process Explorer - A great tool from Sysinternals which shows parent/child relationships with processes
- PSTools - A set of cmd line tools used to open and kill processes, control servives, change passwords etc
- Filealyzer - Windows explorer shell extension to your right click on a file
This is great for your friends and family members who may be wondering and asking you this question.
I have posted the Powerpoint slides from my Boston .NET Users Group presentation here on my website. It is very similar to the presentation I gave to the Boston C# User Group in February, with a few modifications. The presentation should also be on the Boston .NET User Group website soon as well.
During the presenation, I asked the question “How many are running their development machines with a non-admin user?”. Unfortunately, I got a few hands out of the 150-200 people in attendance. Some reasons given for why not were: 1) too hard, 2) not everything seems to work (development tools, etc.) while running a non-admin. My thought is more information needs to be made available about the whys, but also how to run as non-admin.
I will be speaking specifically on why and how to do this at WIN-DEV later this year. In the meantime, go read Julie Lerman's summary of Don Kiely's excellent talk given this past Monday on this important topic. Also, read Aaron Margosis' excellent blog posts on this topic as well. The word is getting out there, but I still think more needs to be done.
As mentioned by John Bristowe:
Hervey documents the upcoming changes in WSE v2.0 Service Pack 1. Great stuff!
This is one not to miss: Clemens Vasters on .NET Rocks this Thursday, July 15 [see more details].
I want to talk about (guess what) Services. Not Indigo, not WSE, not Enterprise Services, not SOAP, not XML. Services. Mindset first, tools later.
Sounds like a great show! If you miss it, be sure to download the mp3 next Monday from Carl's site.
Update: Get the MP3 here.
More Posts Next page »