Dave: dotNetDave

New Blog Location!

Sat, 26 Mar 2005 15:17:40 GMT

I am moving my blog to a new URL. Please go to the following location from now on:

http://blog.davidmccarter.net

Thanks!
David McCarter

Learn VB.NET from dotNetDave

Thu, 03 Mar 2005 01:56:22 GMT

If you live in the San Diego area, dotNetDave (a.k.a. David McCarter) will be teaching a 6 week VB.NET course at the University of California, San Diego Extension beginning on Thursday March 31st from 5:30pm to 9:30pm. For more information and to enroll, please click here.

Security Configuration Wizard in Windows Server 2003 Service Pack 1

Tue, 08 Feb 2005 15:48:37 GMT

Microsoft has developed an almost ideal tool to help you configure security on computers in your organization. The tool is the Security Configuration Wizard, which is available in Windows Server 2003 Service Pack 1. The tool can help you configure services, network security, auditing, registry settings, and more. The wizard accomplishes these goals by producing security policies, which can be used in conjunction with security templates and specific server roles.

Click here for the complete article.

.NET Chosen for POS System!

Wed, 26 Jan 2005 01:55:44 GMT

Paderborn, Germany - 25 Jan 2005 - The joint value proposition between Microsoft and Wincor Nixdorf, focusing on Microsoft's Smarter Retailing Initiative (SRI), has resulted in more than 15 major retailers, including Axfood, ICA, Metro Cash & Carry and Superdrug ordering a total of over 60,000 licences of BEETLE point-of-sale (POS) systems that use the Microsoft® Windows® XP Embedded operating system. The decision to invest in new technology for the store and back office illustrates the growing view among European retailers that their existing POS solutions, many of which are between seven and 10 years old, are not able to perform the tasks that smart retailers deem essential, such as providing an enhanced consumer shopping experience. Included among the benefits that retailers using Microsoft XP Embedded enjoy are enhanced performance at the checkout, with significant improvements in transaction times, and the opportunity to offer a consistent level of service, whether a customer is shopping in the store or online. "The debate around which new point-of-sale system to select is shifting from being simply around the selection of a till device to tackling the much broader question of how to implement the best point-of-service offering," said Dilip Popat, managing director, Retail Industry Solutions Unit for Microsoft Europe, Middle East and Africa (EMEA). "Retailers are being driven to upgrade their systems to take advantage of new technology that can provide better customer service, with lower total cost of ownership." To this end, Microsoft has been working closely with Wincor Nixdorf. According to Michael Schulte, head of software marketing for Wincor Nixdorf, any replacement hardware and software has to address value-added customer service scenarios and integrate multiple device formats such as self-checkouts and information kiosks, in addition to traditional checkout lanes. As a result of customer and development partner feedback, Microsoft will soon be shipping a retail-optimised software platform, Windows Embedded for Point of Service, designed for easy setup, use and management of point-of-service systems. Wincor Nixdorf has been an early and active member of the Joint Development Program for Windows Embedded for Point of Service, which will be available in the first half of 2005. "We are committed to supporting Windows Embedded for Point of Service and developing solutions that deliver greater value to retailers by allowing them to take advantage of their legacy systems, while providing plug-and-play functionality for retail device peripherals, which is the single most requested feature by retailers," said Schulte. As further evidence of this commitment to delivering greater value to retailers, Wincor Nixdorf will soon deliver its Store Communication Framework, a product that will simplify the connectivity and data management issues inherent in today’s retailing infrastructures. Key elements of Store Communication Framework will be built upon the Microsoft .NET platform and leverage the Microsoft enterprise connectivity toolset. Wincor Nixdorf has also chosen Microsoft .NET as the platform for TP.net, its newest point-of-sale solution. "This decision was taken based on four key factors: the relative simplicity of developing, maintaining and extending solutions; the speed and effectiveness with which solutions can be deployed worldwide; the low cost of developing and modifying web services-based concepts, and the strength of our relationship with Microsoft as our technology partner," said Schulte. Windows Embedded for Point of Service and the Microsoft .NET Framework are core technologies within Microsoft's Smarter Retailing Initiative, which provides an innovative, open standards-based approach that allows retailers to easily create next-generation point-of-service systems that connect the store to the consumer. These future systems will also support emerging technologies such as RFID and biometrics.

Bringing .Net rules to light

Thu, 20 Jan 2005 01:45:10 GMT

Products give business people and programmers a shared language that helps them implement changes quickly. Click here for the full article.

Oh, So Linux Does Have Problems :-)

Sun, 16 Jan 2005 23:15:30 GMT

Linux vendors Red Hat, Novell and Mandrakesoft on Wednesday released patches for several vulnerabilities, ranging from flaws that could allow denial-of-service attacks to buffer overflows.

For the complete article click here.

Microsoft .NET Is Named Best Program Development Platform

Sat, 18 Dec 2004 00:08:54 GMT

Microsoft .NET Is Named Best Program Development Platform In Financial Industry by Waters Magazine... pretty cool huh? Here is the complete article.

Woolworths Deploys .Net App in J2EE

Fri, 03 Dec 2004 02:54:13 GMT

South Africa-based retailer Woolworths Holdings is set to deploy an upgraded application that it developed with the help of a new Mainsoft tool that converts code written using Microsoft's intermediate languages to Java byte code. For the complete article, go to: http://www.computerworld.com/printthis/2004/0,4814,96180,00.html

Microsoft open sources Web authoring application

Fri, 03 Dec 2004 02:53:26 GMT

Continuing its flirtation with open source, Microsoft Corp. on Monday posted the code of a little-known collaboration application to open-source development site SourceForge.net.

[InfoWorld: Top News]

Reported Security Vulnerability in ASP.NET

Fri, 03 Dec 2004 02:50:23 GMT

For those of you working with ASP.NET, please be aware of the following reported security vulnerability in ASP.NET.

Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.

This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.

The underlying issue is that ASP.NET is failing to perform proper canonicalization of some URLs. Microsoft Knowledge Base (KB) article 887459, "Programmatically Checking for Canonicalization Issues with ASP.NET," describes how to add additional safeguards to an ASP.NET application to help protect against common canonicalization issues, such as those related to this reported vulnerability.

The ASP.NET Team has confirmed that all versions of ASP.NET on all operating systems may be susceptible to this potential exploit. They strongly recommend you apply the following code to the Global.asax for each of your applications.

Global.asax code sample (Visual Basic .NET)

Sub Application_BeginRequest(Sender as Object, E as EventArgs)

    If (Request.Path.IndexOf(chr(92)) >= 0 OR _

        System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) then

        Throw New HttpException(404, "Not Found")

    End If

End Sub

Global.asax code sample (C#)

void Application_BeginRequest(object source, EventArgs e) {

    if (Request.Path.IndexOf('\') >= 0 ||

        System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {

        throw new HttpException(404, "not found");

The ASP.NET team is continuing to work on this problem and will post more information once it becomes available to http://www.microsoft.com/security/incident/aspnet.mspx.

Resources

http://www.microsoft.com/security/incident/aspnet.mspx

http://support.microsoft.com/?kbid=887459

Study finds dramatic loss of tech jobs

Fri, 03 Dec 2004 02:47:32 GMT

CNet is reporting that tech jobs are on the decline. Click Here for Article

Modeling Tool for Visual Studio 2005

Fri, 03 Dec 2004 02:43:20 GMT

Microsoft previews 'Whitehorse' modeling tools for web applications for Visual Studio 2005. Click here for the complete article from CNet.

Writing Installs With The Windows Installer Is A Pain!

Sat, 18 Sep 2004 16:00:31 GMT

For the first time since the Microsoft Windows Installer has been around, I have had to write a “real” install for the small startup company that I am working at. What I mean by “real” install is one that customers who purchase our product or install it for demos will actually use. I am starting this tale a week into my ordeal. While I might talk a lot about the shortcomings of the Windows Installer here, you might learn a few tricks too.

Since I am one of the very first users of Wise, I decided to use the latest copy that I have from them (since they were bought out by another company, I cannot get a hold of any newer versions) called Wise for Visual Studio .NET. I did not want to use the installer that comes with Visual Studio .NET since I knew I would quickly run into issues with it.

Requirements

Both Wise and VS.NET will do a simple install your files and features with no issues. Wise has many more built in features than VS.NET has. However, my install has some additional requirements that I think are not that outrageous and should be simple to do. Here they are:

Edit a web.config and app.config file.
Install a SQL Server database.
Install IIS if it is not installed (okay, this is a big one). Warn the user this is about to happen and allow them to back out of the install.
Display a dialog based on a feature that the user has chosen.
Create a virtual directory in IIS.
Only install on Windows XP and Windows 2003.
Create a directory and set permissions.

Except for automatically installing IIS, I do not think any of these things should be that difficult. To me, they are just normal tasks that any normal .NET application needs to perform these days. Well none of these tasks is easy with the Windows Installer/Wise. Before I continue, I need to say that the Windows Installer team has taken something that is not that difficult and have made it horribly complicated and hard to understand and even harder to test and debug. While Wise helped in some of the tasks above, I believe that the real problem lies in the lack of robustness in the Windows Installer. I come from the old Wise Installer days that use a top down scripting way of doing things. After working with the Windows Installer for a week now, I wish it were more like that.

What the Windows Installer Can Do?

One of the requirements is that our application can only run on Windows XP or Windows 2003. The Windows Installer can check for these system requirements but in a very limited way. I can set it to say it does not support any version of Windows before XP (good), but when it comes to the Windows NT versions, it can either check for all or one specific version (bad). Therefore, unless I write some custom script later, I cannot say “Requires Windows XP or Windows 2003”. All the other system requirements work in the same way.

Update: It turns out you can check for specific Windows versions with the installer (just not with the Wise IDE), but it is very confusing. After reading some of the Apress book listed at the end of this article I found out that installer properties can be Boolean or hold an actual value!?!? Okay, I have never heard of this before. Here is an example:

If you want to see if the user is running some version of Windows NT, you can use this:

NOT VersionNT

If you want to check to see if the user is running Windows XP or higher, you would use this:

VersionNT >= 501

As I am writing this, I am struggling with displaying a dialog that gathers information about a database server (server name, user name and password) so that it will only display after the Select Feature dialog if a certain feature was selected. This basically boils down to using Windows Installer events (discussed more in the “Wise or not so Wise” below).

Editing Files

Okay, this to me is a no brainer, most installs needs to edit files like web.config files, log files etc. Well, the Windows Installer does not have this capability!?!?! You have to write an external DLL or EXE to do this (which is not easy if you want to get information from the installer) or in my case, I used the Wise Script Editor (which complies to an outside EXE). While the Wise scripting worked, it was not elegant. I wanted to take a value in my web.config file like “{dbserver}” and just replace it with the real database server name gathered from the user during the install. Well you cannot…. the (Wise) script only has the ability to replace an entire line of text in a file.

Another issue with editing installed files is when to do it! With the old scripting version of Wise, it was easy, you knew when the file was installed and you then could edit it. Well, the Windows Installer does not work like that. It has these different areas called “Interface”, “Immediate” and “Deferred”. Furthermore, in these areas it has calls that is makes like MoveFiles, InstallFiles, InstallFinalize and more. So at first glance, you would just implement the editing EXE after InstallFiles… right? Wrong! In the install script, InstallFiles is not actually executed until InstallFinalize is called. Actually, everything in the script between InstallInitialize and InstallFinalize actually is queued up and run when InstallFinalize is called. Very confusing. I am still trying to understand when the Immediate and Deferred calls are run. I also found out that some of the properties (internal variables) are not available at certain places, like in Deferred. Dang!

Installing SQL Server Database

The Windows Installer cannot install (run) SQL scripts to create a SQL Server database. Wise dose have a very cool feature called “SQL Server Scripts” that will not only run scripts for your but it will even recreated a database, data and all! This saved me a ton of time.

Install IIS

Here is the big requirement and I did not think that any install program would do this and I was correct. It took me awhile to figure out how to force an install of IIS but I did right before I gave up. To do the install, the Microsoft Unattended Install program (sysocmgr.exe) needs to be called. Simply call it from the install like this:

sysocmgr /i:%windir%infsysoc.inf /u:c:iis.txt /x

The iis.txt file (that you create and install) should look something like this:

[Components]
iis_common = on
iis_inetmgr = on
iis_www = on
iis_ftp = off
iis_htmla = on

There is more information about sysocmgr.exe and the format of this file on the Microsoft web site. The iis.txt file format above is for IIS 5.0. Here is the format for IIS 6.0:

[Components]
iis_common = ON
iis_inetmgr = ON
iis_www = ON
fp_extensions = OFF
iis_ftp = OFF
aspnet= ON

There is another thing to worry about after IIS is installed. If the .NET framework is already installed, then none of the mappings in IIS for .NET pages like .aspx, .asmx etc. will be there. Therefore your ASP.NET applications and web services will not work.

To create the mappings the aspnet_regiis.exe program will need to be used (which is located in the latest version of .NET framework directory). However, this is not as easy as you might think. First, you need to figure out where the latest version of .NET is installed. This is the issue. There is a registry key called:

HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework
Value Name: InstallRoot

Which will bring back “C:WINDOWSMicrosoft.NETFramework”. From there it is difficult from the registry to figure out what is the latest version that is installed. I just gave up (for now) and hard coded it to the version of the framework we are supporting (v1.1.4322). (If anyone knows of a better way, please let me know)

Call aspnet_regiis.exe like this:

C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_regiis.exe -s W3SVC/1/ROOT/MyWebService

This “-s” switch will make the mappings only for the specified web site (I like this switch because this does not mess with other web sites that could have different mappings). The second parameter is of course the path to the web site.

Another thing to worry about is that with IIS 6.0, due to security reasons ASP.NET page extensions are not enabled by default. The only way I could find to do this automatically is with this VB script:

Set IIsWebServiceObj = GetObject("IIS://localhost/W3SVC")
' Enable ASP.NET
IIsWebServiceObj.EnableWebServiceExtension "ASP.NET v1.1.4322"
IIsWebServiceObj.SetInfo

Now that I have listed all the gotcha’s, the order in which these are done (as I have found out the hard way) is very important. Here they are:

1. Right before CreateFolders in the Execute Immediate section

a. Install IIS.

b. Also run aspnet_regiis.exe with the “-ir” switch (this was very critical for our install because during CreateFolders a folder is created that the ASPNET user is given access too. If aspnet_regiis.exe is not run, then this user could not exist on the machine!)

2. After your virtual directories are created in the Execute Deferred section

a. Run the VB Script that enables the ASP.NET page extensions in IIS 6.0.
b. Then run aspnet_regiis.exe as described above so that the ASP.NET pages are mapped to your web application.

Interact With The User/ Display A Dialog

As you have read, I need to install IIS if it is not there already. In the actual wsi script, I wanted to display a yes/no message box to make sure the user wants to install IIS. Well you cannot do this in the Windows Installer (not from what I could figure out). The Windows Install can display a message, but that is it. Again, I looked to the Wise Script for help. It can display yes/not message boxes and use that as the beginning of an “if” statement. Score! Well this would not work… I wanted to give the user the ability to abort the installation (because without IIS the feature they selected would not work). The problem is that the Wise Script cannot return to the install an exit code that would abort the install.

Create A Virtual Directory In IIS

Again, the Windows Install does not have the capability to create a virtual directory in IIS. Wise does and it works great.

Create A Directory And Set Permissions

While this was not easy to find in Wise, the Windows Installer can do this. It took a learning curve to get it right because the Wise documentation was not that good and an article on their web site told me to do the wrong thing. I only got it to work after a support call to them.

Wise Or Not So Wise

Now lets talk a but about Wise for Visual Studio .NET. While it has features that the Visual Studio install does not, over all it is flaky and difficult to use (if you are doing any type of custom install). One of the things that makes Wise hard to use is their lack of documentation. While it does come with a reference manual and a help file, both are severely lacking in details and “how to’s” and there literally no samples on how to do the tasks in Wise. It took me awhile to figure out the only way to get to the help file is via a dialog box… there is no way to “browse” the help file if you want to just look around and get familiar with the product. Speaking of samples, Wise does not come with any sample projects or sample scripts to help you get started. It only comes with two tutorials in one of the included PDF’s. So, if you want help on how to write VBScript files or .NET projects to interact with your install, forget it. Their help file also includes many links to the Windows Install SDK help file, which did not work even after I installed the SDK.

Unfortunately, as long as Wise has been around their documentation has not been very good. They do have a knowledgebase up on their web site, but you have to be a registered user to even use it and it is not much better than their help files. I actually found an article that told me to do something the wrong way (which caused a support call to Wise).

Now let’s talk more about why Wise is flaky. Here is an example: Sometimes it takes three or more tries (or the planets align) to add a script from the Wise Script Editor to get it to work. It never seems to work on the first try. I usually add the script… nothing happens when I run the install. Then I add it again and I get a memory error when run from the install. Then I add it again and I get another error that the program cannot be run. Then, if I am lucky the forth try (or more) it will just magically start working! There seems to be no rhyme or reason.

Setting and creating dialog boxes in Wise is very difficult. What makes it so difficult if you want to move the dialog box to a different place in the sequence during the install. Basically, you can’t. One time I just deleted the dialog, added a new one and Wise totally screwed up the dialog sequences some how. I kept getting a “loop” error and I could not figure out why. I just had to start over and create an entirely new install.

Also when adding and removing dialogs, I have found out the hard way that to move from forward and backward through the dialogs it all has to be set up in Windows Install events. You would think that Wise would help you out when adding and removing dialogs and add these events so the dialogs will appear correctly. Well Wise tries (I think) but does a very poor job. You will have to learn all about events (not as easy as you might think) and fix them on your own. It took me about half a day or more of messing with the events and conditions and testing to fix what I figured Wise should have done.

To get support with Wise and you are the registered user, you can log “Support Calls” on their web site, which are just really logging a question to their database. When you log a question, it says they will get back to you within three days! Well the good news is that they usually got back to me in one day or a little longer. The bad part is that I had to log seven of these support calls to finish my install requirements listed above.

Summary

Therefore, to end this long list of complaints on the Windows Installer and Wise, I just hope that the new version of Wise is better and comes with better documentation. I also hope that the Windows Installer starts coming out with more features and their SDK documentation get easier to read and understand. I’m fearful on what how much more difficult it will be when Longhorn is released. I just bought a book from Apress titled “The Definitive Guide to Windows Install” that I hope will help me understand more about the Windows Installer. In addition, I am completely surprised about the lack of information on the web on this subject. I Google’d for many, many hours and did not find much of any inforatmion, especially on interacting with the installer during runtime with VBScript or .NET. I did find a web site that seems like it might be of some help: http://www.installsite.org/. In addition, I found some help on the Microsoft newsgroup located at: http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.platformsdk.msi. If you have any comments of suggestions on the article, please let me know!

Great Advice from Robert Scoble on Keeping Your Computer Safe

Sun, 22 Aug 2004 15:56:11 GMT

The layers of security I use to keep criminals at bay.

Tim Anderson: SP2 debate exposes deeper problems.

ZDNet's David Berlind: SP2's new firewall: better than nothing, but not good enough.

Security is an interesting issue. How much security is good enough?

Let's get out of the computer world. Let's talk about heirloom jewelry. My wife, Maryam, has a bit of jewelry. Does she store it here in the house? No. Why not? It's not secure enough. Where does she store it? In a safe deposit box in a bank. Let's talk about a bank's security and how many layers it has.

1) The jewelry is stored in a safe deposit box with a lock.
2) There's a camera on the box area, so if something goes missing they can verify what happened later.
3) Each box is alarmed. So, if you try to break into someone else's box, an alarm will cry out.
4) The safe deposit boxes are stored inside the bank vault. Three feet of concrete and steel with a very sophisticated lock on the door.
5) Video cameras on the vault door to verify who goes in and out.
6) The vault is behind a counter and you aren't allowed to go near it unless an employee lets you in.
7) The vault is in a building that's designed to be difficult to break into. Alarms. Heavy duty doors. Lighting that makes it easy to see in.

I'm sure there's more layers too that I'm not even aware of. But, let's not dwell on this. The point is that there's multiple layers of security all to protect my wife's jewelry. Let's say any one of these layers failed. Her jewelry would still be safe. It would take multiple failures for a criminal to be able to steal her jewelry.

So, what's my point? Well, when it comes to computer security you should have multiple layers as well. If you have multiple layers of security, then any one layer -- even if it's not well designed -- will prove sufficient in keeping criminals away from the digital equivilent of your jewelry.

If you visit www.microsoft.com/protect you'll see the layers that Microsoft is recommending. For me, I go further. Here's what I'm doing now.

1) Install Windows XP Service Pack 2. This update has many protections against attacks (recompiled code, closed APIs, firewall on by default, all known patches, etc).

2) Get a good anti-virus program. Visit www.microsoft.com/protect for some suggestions, including a Computer Associates one that's free for first 12 months. Why is this important? It'll protect your system from all the known viruses, worms, and trojan horses.

3) Get a good two-way firewall on every machine. The Sygate Personal Firewall is free and is good. Zone Alarm is another popular choice. Why don't I just use the firewall that's included in XPSP2? Because it is only a one-way firewall. Sygate's watches activity going on from both inside your computer as well as out on the Internet. What if your company already has a firewall? That's not enough. You need one on every machine now because if someone takes a laptop outside of your network, gets infected, then comes back in, they'll infect you too. In fact, I use two firewalls now, even at work (one software that runs on all my machines, and one that hooks to the network before I even hook a machine to it). XPSP2's firewall is definitely better than not having a firewall at all, but for some people like me it's not enough.

4) Get a hardware-based firewall or NAT at point of network entry. Why? Because many of us attach unpatched computers while installing, or want to play networked games, or have other reasons for turning off our software firewalls (some software won't work through firewalls). Plus, even if you don't turn them off, provides one more barrier that hackers have to go through. Again, it's about layers of security and not needing to rely on any one security device.

5) Turn on automatic updating. Visit www.microsoft.com/protect so you'll always have the latest security patches. Why do that? Because software evolves. We learn about mistakes we made in our code. We find new ways to keep criminals out. If you aren't running the absolute latest software, you're vulnerable (and this is true if you're on Linux or the Macintosh too).

6) Run the latest email and Web clients. Outlook 2003 and the latest Outlook Express, for instance, has another level of security against running exe's (you can't even run them if emailed in the latest versions, but if you used earlier versions they didn't have those protections). If you are running Firefox or Netscape, they regularly fix vulnerabilities in their products too. Always run the latest. That's the safest.

7) Visit www.microsoft.com/security regularly. for the latest information on security threats. That's the official place where Microsoft will communicate about security threats and/or the latest updates.

8) Run at least one good anti-spyware program like Adaware or Webroot's Spy Sweeper or Spyware Blaster. That'll make sure that no spyware sneaks onto your system. With XPSP2 I've found that spyware is far less likely to get onto your system, but I've already found one site that has some spyware that gets past XPSP2. So, you'll need to still check, particularly if you visit "high risk" sites (sites that aren't known to you, for instance, or adult sites which are famous for putting spyware on your systems).

9) If you visit high-risk Websites, turn off ActiveX and scripting in your browser. (I turn off scripting even on Firefox when I'm visiting high-risk sites -- you all can guess what I'm talking about here. It's just too risky.) In Internet Explorer, just visit Tools/Internet Options. Click on the security tab. Then move the security slider to "high." That'll disable both ActiveX and scripting.

10) Don't run in administrator mode. I'm slowly moving my machines to not running in administrator mode. That way if something does get through all the protection it can't do as much damage. Out of all the steps here, this one is the hardest to do, though, because a lot of things don't work on Windows if you're not running as administrator.

11) Keep an install partition on each of your machines. I put a backup version of my Windows XP install CD on the second partition so that if all else fails and my machine is taken down, I can quickly repair the system and get back up with nothing more than a boot floppy that any machine can produce (since my install bits are on the second partition I don't need to do anything fancy to get back up).

Update: Chris Coulter says that an even better thing to do is to get a second hard drive and put an image of the first drive on the second (he recommends Norton Ghost). If something happens to the first drive, you can build a new image off of the second drive and be back up and running within minutes.

12) Don't allow anonymous users on your wireless network. Why not? Because if they have been infected then you'll have invited them behind several layers of your security. Plus, a criminal could use your line to send spam or infect other people. Do you really want to help those people out?

13) Use better passwords. Come on, I know some of you aren't using good passwords. For instance, I knew one person who'd just use "password" as his password. That meant his machine could be broken into very quickly (never use a single word as a password -- hackers have dictionary cracking tools that can break such passwords ). Read Robert Hensing's advice. He's a security expert here at Microsoft and works in support and explains a good way to choose passwords that are hard to break.

14) Backup your data regularly. It's amazing how few people backup their stuff. Hard drives die. Things happen. If you have backups, you'll be OK even if your machine gets wiped by something. Personally most people don't need to do it very often. I backup once a month. Why? I'm willing to lose a month's worth of stuff. (Most of my important stuff is in Outlook and that's backed up automatically by the company I work for).

Anyway, my whole thing is to treat your computers like you treat valuable jewelry. Put up multiple security barriers. This is true, by the way, whether you are on a Mac or Linux too. All the above except for loading XPSP2 apply to you too. Just because the criminals aren't attacking your systems right now doesn't mean they won't in the future. That's like saying "well, if I hide my jewelry in a box at the North Pole the criminals aren't going to take the time to go there." That might be true, but is that really a good way to approach the world?

What do you think? How many layers of security do you have? How many do you need?

You might not need all the above, by the way. At home I don't have an alarm. I don't have video cameras. I don't have a vault with three-feet of concrete between me and any potential criminal.

So, the 14 security layers I use for my computers might be overkill for you. Which layers above do you choose not to have and why?

[Scobleizer: Microsoft Geek Blogger]

Forget about Bush and Kerry, Vote for .NET in 2004!

Sat, 14 Aug 2004 22:03:59 GMT

Sick of the presidential race already? Then why not show off your pride of the .NET language with these cool "Vote .NET" buttons and magnets! These are being sold at no cost by the San Diego .NET Developers Group. To purchase these items or others from their store go to: http://www.cafeshops.com/sddotnetdg

Will We See VS.NET 2005 in 2005?

Sat, 14 Aug 2004 21:46:33 GMT

I just heard the other day from a source with very close ties with Microsoft that VS.NET 2005 might slip 6 months. This source said the target manufacturing date was March 2005, now it might be September? Maybe later? Should we be calling this VS.NET 2006?

No .NET Book Section In Stores?

Tue, 08 Jun 2004 23:56:41 GMT

So I actually went to a book store today (I usually shop at Amazon.com for books) to go looking for some .NET books. Much to my surprise there isn’t a .NET section (at Bookstar at least). I found that they have books on .NET spread throughout the web, c/c++, vb, database and network sections. I found it strange they have an entire shelf section dedicated to Visual Basic, but not .NET?

A friend of mine told me later that day that the publishers like this… but for me, having a limited amount of time in the store, I found it frustrating to find the books I was looking for.

TechEd: Day 6

Fri, 28 May 2004 22:36:45 GMT

Today is the final day of TechEd and I woke up hurting all over… my feet, my head, my back and the rest of my body. Also today is the first day of the entire conference that I made it to the first session of the day (9 a.m.). The rest of the time I could not bring myself to get up that early and drive down to the convention center. Here are the final sessions that I went to:

.Net Security In The Real World - Examples From Corporate America
Visual Studio: Deploying .NET Applications with Ease
Defending Against Layer 8: How to Recognize and Combat Social Engineering
IIS Data Mining with Log Parser

I attended my first “cabana” session today. These were small open areas in the Sail Pavilion that had seats for about 20 people. I kind of liked it because the speakers were more laid back. The problem was because the light came from the sun, it was near impossible to see the plasma screen they used. If it weren’t cloudy, it would have been impossible!

The speaker for “Defending Against Layer 8” (Steve Riley) was hands down the best speaker of the entire conference. He kept the lights on and did not stand on the podium at all. Instead he walked around the huge room and really engaged the audience. He was so energetic and had a great attitude even though his talk was next to the last of the conference. He also seemed to have the largest audience of the day and got the most applause at the end of his talk than any other session I attended the entire conference. One thing Steve mentioned was that he never uses the computers in the Commnet area to check his e-mail because someone could put a keyboard sniffer on them. Well he is completely correct… I use to work for the company that did Commnet (located in Carlsbad) for TechEd last year and they found keyboard sniffers on some of the computers. So attendees beware!

Is it just me or did some of you notice too that the presenters had a lot of programs running in their taskbar? One presenter today had 11 and another had 13! Okay, maybe I’m the only one around that is minimalist and keeps as few things running the in the taskbar as possible for performance reasons?

It’s been 1.5 years since I have been at a conference, but I still see that the number of women engineers does not seem to be growing at all. Also I noticed that the number of engineers with long hair have decreased (I only spotted two others). Maybe I should finally cut mine… not!

After the sessions were over, I meet up with my friend Stan and my new friend Ambrose and we hit the Gaslamp area. We went to The Field for food, played pool at San Diego Billiards, hit Dick’s Last Resort and back to the W for a few drinks.

Summary
To sum up, I think TechEd was great. I would say it was the best conference I’ve been to. I was very impressed on how Microsoft ran the conference. I wished there were less Microsoft speakers and more “real world” speakers. I also wished the talks were more technical and less “50,000 foot level”. Some people told me that the PDC is more technical, but I figured with “tech” in the name of the conference, it would be more technical than it was. I hope TechEd comes back to San Diego soon!

Business Card Count = 3

For more pictures click here.

TechEd: Day 5

Thu, 27 May 2004 22:33:14 GMT

Day five of the TechEd conference… the wear and tare of going to a conference it starting to hit me… having to drink coffee in the afternoon. Here are the sessions I went to today:

ASP.NET: Blackbelt Web Forms Programming
SQL Server Data Access Developer Don'ts (10 Things You Currently Do That You Shouldn't)
ASP.NET: Tips and Tricks for Building Server Controls
ASP.NET: Best Practices for Managing and Operating IIS 6.0 and ASP.NET Solutions

At lunch I did my pass through the exhibit area since it was the last day for them. I gathered information I could take to the next meeting of the user group I hope run (San Diego .NET Developers Group). One thing I did notice was that it seemed that there were more vendors focued on the IT pro type person… not on the software developer. I thought TechEd was a developers conference… guess I was wrong.

After the sessions Microsoft rented out Sea World for the attendee party! It was pretty cool going to an amusement park and not pay for anything! Got to walk on to rides and exhibits. It was fun… thanks Microsoft!

Business Card Count = 3

For more pictures click here.

TechEd: Day 4

Wed, 26 May 2004 22:26:38 GMT

Today, day #4 of the main TechEd conference I had more energy that I thought I would. Usually by this time at conferences I’m running low in that department. The sessions I went to today were:

Connected Systems: Using Web Services Enhancements v2.0 for Messaging Over Multiple Machines and Networks
Smart Clients in a Service-Oriented World: Thomson Financial Case Study
SQL Server 2000 Reporting Services: Managing a Reporting Services Implementation
Improving Application Performance and Scalability

I think one of the reasons we all could keep our energy up was that throughout the day and throughout the conference area there were always coffee, snacks, soda and bottled water available. So any time we wanted, we could fuel up!

I made an effort at TechEd to not go to any Whidbey talks. Why? Easy, it’s a year away. Sure I want to learn about it, but it’s not even in an alpha release. I thought the conference focused too much on future technologies and not enough on the current ones.

They gave us two hours for lunch, so I spent the majority of that time doing what I call “slumming” for the user group that I help run (San Diego .NET Developers Group). What I do is go to all the vendors that I think could help out with the group by either donating software or come speak at a meeting. All of the vendors I targeted seemed into it… we shall see.

After the session I was invited to a private party thrown by Microsoft for people they call “influencers”. They rented all of the Dicks Last Resort bar/ restaurant and the billiards hall above it for three hours. It was a lot of fun. After that, my friend Stan and I went over to his hotel, the W, and hung out at the upstairs bar which is mostly a sand beach type of thing. That was pretty cool too.

Business Card Count = 6

For more pictures click here.

TechEd: Day 3

Wed, 26 May 2004 01:32:05 GMT

Well today is day two of the main TechEd conference. I happened to make it for the last half of the keynote speaker (Andrew Lees, Corporate Vice President, Microsoft Server Tools Marketing Worldwide). He announced a number of new things coming from Microsoft including that all developer tools will have 10 years of product support and that SQL Server 2005 will include data encryption. Cool!

Here are the sessions that I attended today:

XML Today and Tomorrow
ASP.NET: Building Secure Web Applications-Defenses and Countermeasures
Visual Studio: Programming Middle-Tier Business Logic

As I was sitting in these talks, I noticed that it seemed to me that a large number of Microsoft speakers have some sort of British accent. I checked with my friend later in the week to see if he noticed the same thing and he verified my thinking. I’m curious to know why this is. Do they make for better speakers? More charismatic? I wondered.

Today was the first day I went down to the exhibit area. I had a mission of just signing up for all the prize giveaways. Do my dismay, I found out when I got to some of the vendors (HP to name one) they made me go to three or more other vendors to get a card stamped before you could be entered for the prize. So I ran around the (huge) exhibit area and did as they instructed only to find out that I had to come back later in the week because I had to be present to win? What a scam! Some of the times they picked to give out the prize were the same time sessions were happening. Not cool at all vendors! From then on I only entered giveaways that they would notify me via e-mail or phone that I won.

Also I went and had my first TechEd lunch in the massive lunch area today. I have never seen a dining area so big (see picture)! There were 970 tables that sat 10 people each and an army of waiters/ waitresses that corralled you to your table and served you iced-tea. I was very impressed how they pulled this off and the food was good and hot! No boxed lunched the entire week! They even had special lunches for vegetarians, vegans, lactose free and more! I also found out that the convention center donates any leftover food to two different shelters located in downtown San Diego. Very cool!

Early that evening I went and attend the Regional .NET User Group Meeting (put on by the San Diego .NET Users Group) held at the Horton Plaza Westin. It was a very informative meeting featuring a speaker from the Microsoft VB.NET team and one from the C# team, each giving a separate talk on what is coming in VS 2005. Lots of cool things coming next year, but I have to say the VB.NET teem needs to add the refactoring that C# has!!!

My friend Woody and I found out about a party that MSDN Magazine was throwing at The Bitter End. On our way there (in an attempt to crash it), we meet up with Ari Bixhorn (from VBTV fame at Microsoft) and someone convinced him to go to the party with us. He had a pass in his hotel room… without him I don’t think we could have gotten in. Thanks Ari!

Business Card Count = 1 | Free Shirt Count = 4

For more pictures click here.

TechEd: Day 2

Tue, 25 May 2004 06:26:09 GMT

TechEd Day 2... well I arrived right after the keynote given by Steve Ballmer, which I hear was pretty good. He officially announced Web Services Enhancements (WSE) 2.0. To learn more click here. I also heard that the conference “over” sold out. There are 12,000 geeks in this place. WOW! I have never seen so many at one place in my life.

The rest of my day was filled with going to the following sessions:

Service Orientation and the Windows/.NET Developer
Prescriptive Guidance-Juggling Web Services, WSE, .NET Remoting, System.EnterpriseServices, and MSMQ
Applied Web Services in Hewlett Packard's Core eCommerce Solutions
Best Practices for Dealing With State at Multiple Layers Within Your .NET Applications.

All of these sessions were in the Connected Systems topic group. Unfortunately, most of them were kind of a let down, especially the first one. The last one was the best out of the bunch.

I was impressed how nice the San Diego Convention Center people were and there were always (free) food and drinks (including bottled water) outside of the session rooms at all times. On my way out for the day I stopped by the TechEd store to pick up some shirts.

Free Shirt Count = 2

For more pictures click here.

TechEd store and purchased some Microsoft shirts.

TechEd: Day 1

Mon, 24 May 2004 04:28:24 GMT

TechEd Day 1… actually the pre-conference day, but I did not go to that. Instead, I went to the INETA User Group Leader Summit on behalf of the user group that I help run called the San Diego .Net Developers Group. This meeting had over 70 user group leaders from around the country and a few from other countries. It was great to learn about how INETA can and is planning to help our user group. I meet some old friends and made some new contacts that I hope will be useful in the future for our group.

Besides a cool bag of swag we received when we arrived, the meeting was followed by an open-bar cocktail party (see picture to the right) and another very cool bag of swag provided by MSDN.

Business Card Count = 4 | Free Shirt Count = 3

For more pictures click here.

TechEd: Day 0

Sun, 23 May 2004 04:02:24 GMT

If you did not know it, TechEd is in San Diego this year! I believe this is the biggest Microsoft conference here since the PDC in late 90’s. The best part is since it’s here, I get to go (thanks to INETA)! Who knows when we will get a Microsoft of this magnitude in San Diego again, so I decided to take pictures and write some of my experiences in my blog for every day that I go (7 days total).

My TechEd experience actually started off the day before the pre-conference started (Saturday May 22, 2004) at a “Pre-Tech Ed Geeks Only Party” thrown by my very good friend Michele Leroux Bustamante (see in the picture to the right… the blonde) at her house in Bonita. The guests included lots of TechEd speakers, Microsoft RD’s and more! It was a very cool catered affair. I got to talk to some old friends and made some new ones. Any party is good when there is an open bar!

For more pictures click here.

Mac OS Get a Trojan Horse!

Fri, 09 Apr 2004 22:32:59 GMT

Okay, I just can't pass up promoting that the MAC has a trojan horse. I know that Windows has many more than the MAC but I still have to bring it up :-) Trojan Horse Attacks Mac OS X. A security company warns of malicious code that targets the operating system. It could be the start of a whole new world of pain for blithe Mac users. By Leander Kahney.