As part of a New Year's resolution that's a little overdue :) , I have just rolled out a new blog at http://www.shankun.com. That will be place to find new posts by me.

One of the first posts on the new site is an article on how to host Atlas with PHP, along with code for the sample I showed at the MIX 06 conference.

Do you have other things you'd like me to blog about? Send requests to this post, or through my site.

Rich Ersek has created a new Atlas blog for official announcements about Atlas, at http://weblogs.asp.net/atlas. We'll be using this blog to announce updates to the Atlas site at http://atlas.asp.net, including updated preview bits, new samples and quickstarts, and articles. We're going to be updating the PDC preview bits with bug fixes in the next few days, and then make new releases available every month or so.

If you want to keep track of what's happening with Atlas, please subscribe to the RSS feed for the Atlas Blog.

I've uploaded the slides and demo source code for my PDC 2005 presentation on Atlas.

To run the demo code, you need Visual Studio 2005 Beta 2, the SQL Express 2005 CTP that came with it, and the Atlas Preview bits, found on atlas.asp.net. Install the Atlas demo, and then create a new Atlas project on the filesystem. You can then expand the demo files into the same directory. If you're using IIS, you will also need to give write access to the ASPNET user to the App_Data directory of the site.

Some notes on the demo contents:

1. The database (App_Data\TaskList.mdf) contains the schema for the tasklist. A second database, containing membership and profile info, is generated automatically. You can configure these using the connectionStrings settings in web.config.
2. The app_code directory contains the Task and TaskList business objects, the TaskListService, and the DAL code in the Providers directory.
3. The demo includes the conventional ASP.NET version of the site, in default.aspx and list.aspx.
4. The demo also includes UI to login and register users, in Login.aspx and Register.aspx.
5. A number of asmx files wrap the functionality in TaskListService.cs into web services.
6. AtlasDefault.aspx contains the Atlas version of the list editing UI, showing use of data sources, master details, client-side editing of a DataSource, client-side data insertion, hover behaviors, and autocomplete.
7. AllItems.aspx shows how to use the floating behavior with the profile service to do personalized, interactive UI.

Let me know if you have any questions or problems. Enjoy!

This morning, we just showed Atlas for the first time to the public in Jim Allchin's keynote at PDC 2005. We've been working on Atlas for a few months now, and it's very exciting to be able to have an early preview release in everyone's hands at PDC.

So, how do you get your hands on these Atlas bits? Go check out the Atlas community site at http://atlas.asp.net. Here, you can get download Atlas for use with Whidbey Beta 2. The Atlas preview downloads as a VSI that installs into your Visual Studio Beta 2 release - you get new project items to start building Atlas apps.

We also have some documentation available to help you explore Atlas - including some conceptual docs, the full set of Atlas hands-on labs that PDC attendees are using, and a set of quickstarts to help you learn Atlas. The key to the site, of course, is the feedback we get from you - so we have a set of Atlas forums, and pointers to blogs hosted by team members such as Nikhil, Bertrand, and Jonathan.

Our ultimate goal with the Atlas site is to build a great developer community around Atlas, and get your valuable input to help build the right product. We'll release updates of our community preview on a frequent basis, as well as samples and documentation. I

If you're attending PDC this week, we've got a couple of talks later this week - an overview talk by myself tomorrow at 5, and a custom controls and components talk by Nikhil on Thursday morning. If you didn't get to attend PDC this year, we'll be making the slides and demos from our PDC Atlas talks available on the site in the next few days.

Have fun playing with Atlas! And if you'd like to see us talk more about Atlas on the blogs, let me know.

Anil has some interesting observations about Julia's posting on the ASP.NET Request Validation feature in ASP.NET 1.1, which provides some protection against cross-site scripting attacks.

A bit of background on this feature:

After we shipped v1.0, one of the pieces of customer feedback we got was that it was too easy for developers to make the mistake of leaving their site unprotected from cross-site scripting attacks. In fact, Dmitry, our dev manager, actually went on several prominent commercial sites (some, but not all, running ASP or ASP.NET), and found that a few were prone to cross-site scripting attacks.

As part of the philosophy of securing by default, we decided to create the request validation feature, and turn it on by default, so that all pages immediately got protected. Of course, this meant we'd have the usual problem for security lockdown types of issues, which is backward compatibility. If your page actually expects input that would be blocked by request validation - for example, HTML text with tags - your page would break by default.

So, we provided two ways to turn it off. First, on an individual page basis:

<%@ Page ValidateRequest=”false” %>

And secondly, on a whole site basis by changing the <pages> section of web.config.

The recommendation, of course, was that you turn off the minimum number of pages you need to turn off, but only after verifying whether the page encodes request variables properly. As Anil said, if a 3rd party app you receive abuses this, or a control vendor tells you to turn this off for the entire app, you should rightly question whether the app or component is secure.

There's also some programmatic access to request validation - Victor's post explains this stuff really well.

Note: As G. Andrew Duthie points out on Anil's post, we didn't quite get it right the first time - there's been a patch to fix a problem in this feature.

This month, we're putting together the overall plan and guidelines for Starter Kits for ASP.NET Whidbey. Jeff King (Scott's PDC keynote demo buddy) is managing the overall Starter Kit plan for our team, and has been putting together some samples. Over the next few months, I'll use this blog to share some of the starter kit designs and ideas with you, and get your feedback. If you have any ideas at any time, feel free to shout!

Like V1, the aim of the starter kits is to have real world applications that work “out of the box”, but are easy and tempting to customize.  The first step is to put together a set of guidelines for consistency that apply to any starter kit; we'll then use these guidelines to create specs for each specific starter kit as we develop them. We'll also provide these guidelines for those in the community building projects that look like starter kits.

As you may or may not know, in Whidbey many groups in VS are shipping similar starter kits. One big goal of the starter kits in Whidbey is that you can install them into Visual Studio, and have them appear in File/New - in our case from the File/New Web Site menu item. We will then ship a set of starter kits right in Visual Studio. Of course, we will continue to provide them for free over the web, and we'll also use the web to provide updates for the VS starter kits.

Here is an outline of some of the current common requirements for ASP.NET Starter Kits:

What do you think? Anything you disagree with, or would suggest adding (or removing)?

Duncan's post on the Commodore 64 brings back a flood of memories. 

The Commodore 64 was really my first major computer. Although I used several others at school or friends' (like the TRS-80, PET, TI-99/4A, the Atari 800, the Apple IIe, and the original Mac), the 64 was the first computer I owned.

I got my Commodore 64 for my 12th birthday - we forked out Cdn. $1500 for a system that included a C64, a 1541 floppy drive (170K!), and a 1526 printer. We added a 1701 monitor a few months later - it was the only component I still had by the time I entered university, because it had RCA jacks for inputs, which made it great for a dorm room TV.

Some random memories:

• The 1526 printer was a big mistake. It was billed as a near-letter-quality printer (and the default printout was definitely better than the 1525. But, unlike the 1525, where you could individually access dots on a line, the 1526 only let you define an 8x8 “custom character“ per line. So, when word processors and tools with better fonts (like Print Master) came out, they would support the 1525 well; but on the 1526 (if the software supported it at all), you'd have to print each 8x8 block, then do a carriage return (without a line feed), and then print the next block and so on. It was painful to watch. It's why I used Print Master instead of Print Shop

• I loved playing a game called Micro League Baseball, but I think the disk had a copy protection mechanism where the second track was bad (or maybe it was just my disk). Now, 1541 drives also had frequent problems with the heads misaligning, and it would cost $50 to fix. But I found that if I put the MLB disk in, and then used a tool to seek to the track from the right direction (from track 1 or 3), it would cause the drive to stutter around until it threw back into proper alignment. Scary stuff. Apparently, I am not the only one that loved MLB. Matt McEnerny, lead designer for Inside Pitch Baseball, counts it as his favorite game.

• I remember getting the monthly issue of Compute magazine (and, later, Compute's Gazette, which was dedicated to the Commodore). It was a lot like MSDN magazine, but each article came with a complete listing, usually in machine language, and you had to enter the program by hand into the computer. They had a couple of programs (like MLX) that would show checksums for every line you entered, so you didn't get any lines wrong. But some tools were better than others, and you could make mistakes and still get the right checksum (or worse, sometimes the magazine would print the wrong checksum). I still remember the thrill of getting to the end of typing in the long listing of hex byte sequences, followed by the pain of it not running. But the magazine was great, at least in its early years - they had an entire free word processor called SpeedScript, that fit in 6K!

• I didn't use SpeedScript though, I used a product called Paper Clip. It was a bit more complex, but it served all my needs through high school. And when my uncle wanted to publish a book, I did the entire manuscript in Paper Clip. Later versions came on two floppies, and you had to switch floppies to check spelling, or do a bunch of other things. The innovations you had to do to work within memory constraints in those days - Paper Clip had a dynamic module loading/unloading system.

• My favorite games were the Epyx sports simulations - Summer Games, Winter Games, World Games, etc. I remember sprinting fast by hammering the joystick back and forth as fast as I could.

• Late in its life, the 64 got a boost from a GUI OS called GEOS. I didn't have much of a need for this at the time (I had access to a Mac at school). But it had a whole new programming methodology, complete with a programmer's guide - I remember being drawn to it because of how different it was to write GEOS programs.

There's a real nice site on the history of the C64, including what happened to Commodore and it's leaders. If you really want to revisit memory lane, you can use one of the very good C-64 emulators. There's even a couple of web browsers for the 64!

It's been a while since Rob set this up for me, but I'm finally online and blogging. My only hope is that I can keep it updated with frequent entries!

For those of you who don't know me, here's a brief bio, from the February 2004 aspnetPRO magazine:

As the Group Program Manager of the ASP.NET team at Microsoft, Shanku Niyogi leads the program management team responsible for design of both ASP.NET and Microsoft’s web development toolset in Visual Studio.NET.

Shanku joined Microsoft as a developer in 1998, with several years of experience in the Windows software industry. He worked on both Windows and web versions of Microsoft’s chat software, before going on to be a development lead on the Adaptive User Interface team, looking at the problem of adapting user interfaces to different form factors. This work led to the design and development of the ASP.NET Mobile Controls. Shanku then joined the ASP.NET team as an architect in 2002, helping prototype and design several features of the next version (“Whidbey”) of ASP.NET, before switching to the PM role this year.

Outside work, Shanku is predominantly occupied with playing with his daughter Acacia. Shanku is Canadian, and a graduate of the University of Waterloo, but his Indian heritage accounts for his obsession with trains and cricket.