Ok, this stretched into a 1 hour blogging fest, but I have to comment that I never thought I'd blog more than once per day, maybe twice, this has to up my nerd standings...no?

Over and out.

Yet another article published in December 2004, the architecture-focused continuation of the 15 Seconds article mentioned in my last blog entry. This one talks about architecture for ASP.NET applications to run with least privilege, design and allocate components, and handle runtime security elevation as needed while starving the application runtime of privileges to prevent hackers from getting in. Part 1 focuses on a solution without allocating other processes with Enterprise Services.

http://theserverside.net/articles/showarticle.tss?id=SandboxingComponents

Part 2 is being written as I write this...well, not exactly...but after I write this I'll get back to it...

Ok, this was published in December 2004 - but clearly I've been blogabsent. The goal of the article is to provide an overview of the differences between process identity and thread security principal in the .NET Framework, and how you leverage both to design Windows vs. custom role-based security models. Enjoy!

http://www.15seconds.com/issue/041208.htm

I learned something new last night: shrinkster.com

I guess I had heard my geek friends discussing urls with this domain before, but didn't really probe into it (that must have been my other 55% non-geek-personality taking over). So it's really cool, when you have to rattle off urls verbally (say on a radio show taping) or want to deliver a presentation and give attendees a single short url to go for everything. So it generates a shrinkster.com/bla address for you (where bla is some short value like 31g).

What I want to know is, since shrinkster.com has virtually no company information on the site and no advertising...not to mention no freaking indication that they will be in business (if there is a business) for any length of time...then how can I possibly create shrinkster urls that I can guarantee for some lifetime?

I think I'll only use it for transient purposes...related to phone conversations and live events...to ease in verbal delivery...

VSTO (or, Visual Studio Tools for Office) 2005 is pretty darned cool. Yeah, I know about it...yeah, I've thought about it...and yeah, I know some day I'll spend some time using it...but not yet.

So, I stayed for Tim's presentation at the San DIego .NET Developer's group this past Tuesday, and realized that I can actually build better spreadsheets now, as a developer, using VSTO, than I ever stood a chance of doing just by using Excel directly. I suck at Excel macros, I never cared for VBA, but I love VSTO. The sheer idea of my own developer environment that I know and love letting me write some “code-behind” for my Excel spreadsheets and Word documents, letting me drag and dop buttons to create forms in a natural design environment, and letting me debug this like I would any other application...wow.

I know, it is nothing new, but I feel like I really “saw” it for the first time this week. Was it Tim's good looks, his killer presentation, or was I just ready to accept the promise of VSTO? We may never know the answer, but it doesn't matter, I'm going to build killer spreadsheets....er....as soon as I get a few minutes free...

Want to know more? Clearly I have no sample code to share (yet) but you can go here to get started:

http://msdn.microsoft.com/office/understanding/vsto/

On Tuesday night this week I volunteered to do the 101 talk for the .NET Developer's group, before the famous and infamous Tim Huckaby did his killer, wicked Visual Studio Tools for Office (VSTO) presentation.

For my talk, I took a much deeper, advanced talk I do, which articulates 10 steps to versioning and deployment success, and I basically c-o-v-e-r-e-d   t-h-e   f-i-r-s-t  b-u-l-l-e-t  w-e-r-y  w-e-r-y   s-l-o-o-o-w-l-y to turn it into 1 hour of deep discussion on the subject of strong names, their value from a security and versioining perspective, some of the pains of using them, and some demonstrations to go along. The complete list of materials for this subject can be found on my versioning and deployment resource site:

http://www.dotnetdashboard.net/sessions/versiondeploy.aspx

The next time I do a 101 talk for this group, if Dave and Woody invite me back ;), I'll move to bullets 2 and three of the 10 step presentation...and so on, and so on, and so on...

What are the 10 steps I discuss in the advanced talk?

1. 1.Use strongly named assemblies
2. 2.Think before you GAC
3. 3.Covet all private keys
4. 4.Get to know Code Access Security
5. 5.Evaluate runtime security requirements
6. 6.Run with least privilege
7. 7.Protect your intellectual property
8. 8.Master assembly versioning
9. 9.Design a deploy/upgrade strategy
10. 10.Prepare for future of .NET

No blogging = pretty freaking busy != nothing to talk about

In fact, I've been so over my head in WS* interop, ASP.NET security and scalabiltiy architecture work and writing, that I have been a really really bad blogger...and now I don't know where to begin posting...

How about this for starters, it is now official, I am 45% geek...

I took the test after I found out Don Keily and Rocky Lotka did...unfortunately I can't meet their geek levels, I knew I should have installed Firefox. Damn!

But you know there are different types of geeks...and compared to most of my friends and family...I'm pretty darned geeky. I mean, how many non-geeks do you know who...

Insist on playing giant chess even though they are going to lose against the master they are playing (see the stress on my face?)...ok, the glass of wine helped:

And how many non-geeks do you know that would wear a “We are #” t-shirt from Newtelligence?

And how many non-geeks do you know that would hang out with other super geeks like Juval Lowy, Kimberly Tripp, and Clemens Vasters? C'mon, these guys (and gals) are geeky...just like me!

And seriously, only a geek would do their hair like this for a new years eve party....er...right?

So, have I proven that I'm a geek yet? Did I convince you that I deserve a higher score than 45% on the geek quiz? Take the quiz yourself (above click the link) and see where you rank...

In the meantime, back to serious content...although this post probably makes it look like I have time on my hands...er...I don't...back to work.

Caio!

Please see this InteropWarriors blog for a new post with code samples demonstrating WS* interop.

http://www.interopwarriors.com/PermaLink.aspx?guid=8b01c523-59d6-47be-9843-139f710c5a84

Glad to see everyone last night at this presentation, it was quite enjoyable, great questions from the audience as well which always makes my day! Here's the link to the site with access to my slide deck and other resources:

http://www.dotnetdashboard.net/resources/scalability.aspx

You can get the Enterprise Services sample from there, and a reference to my article which provide more detail. In addition, I demonstrated some asynchronous handler examples, but I found a great article from Fritz Onion on the subject, so here's the link to his article with access to his samples for the article, that will be even more detailed from that I demonstrated:

http://msdn.microsoft.com/msdnmag/issues/03/06/Threading/default.aspx

If you are new to handlers, check out my handlers page, with reference to some other articles I've written as well:

http://www.dotnetdashboard.net/sessions/handlers.aspx

Enjoy!

For the first time, UCSD Extension will be offering the official IDesign Master Class curriculum:

http://www.idesign.net/idesign/links/classes/master.aspx

This is the most thorough .NET training content around, with plenty of useful samples in the code library, not to mention tools to help you get started with your next application. 

You can check out the registration schedule here:

http://www.extension.ucsd.edu/Schedule/index.cfm?vCourse=CSE-40901 

If you attended the 1 day tutorial I presented at VS Connections you have probably been waiting for my site to be back up to get your resources. In fact, the conference will post all of my code samples up on the conference site by this Monday. So, I will be sure and updated this entry with the link you need to get all that good stuff!!!

If you were up at 8am for this session at VS Connections, I hope you had a coffee first because we covered a lot of ground! My resources for this talk are on this site:

http://www.dotnetdashboard.net/resources/wse.aspx

Some of my new code samples I showed you in the talk have been written with WSE SP2 (pre-release version), so I'll post those shortly once the service pack is public. Should be very very soon.

Also, you'll notice my DIME example on this site is pre SP1, I am working on an article to discuss the specifications around attachments, and will compare DIME with SwA for interoperability between platforms. Stay tuned for an update there. (this was not part of the security session, of course)

Thanks to everyone who attended my talk at VS Connections this week in Vegas, despite the temptation to hit the Casino instead! You may have noticed my site was actually down all week, I had to move it to a new location, and I thank you for your patience.

Here's the link to my Versioning and Deployment Resource page which you may have already visited (that site wasn't down). I have updated the site with new content, however, so check it own again and let me know if you have any questions.

http://www.dasblonde.net/PermaLink.aspx?guid=17d12fa3-59c9-4c49-9cc6-9b62f959df19

Also, don't forget to check out the slides for my talk, there are many links in there to other resources.

Nostrovia!

I recently wrote up an article that discusses best practices for versioning and deployment of .NET components. In the article, and in my sessions on this subject I emphasize code access security, running with least privilege, versioning issues, publisher policies and more. Check it out here: http://www.15seconds.com/Issue/041103.htm

On a related resource page, you can find the tutorial I wrote for the code sample: http://www.dotnetdashboard.net/sessions/versiondeploy.aspx

This month, you can expect an article explaining .NET runtime security and sandboxing.

Cheers!

Hey everyone, I recently updated my localization resources page with the latest links to my articles, webcasts and code. Let me know if you want to see more!

http://www.dotnetdashboard.net/sessions/globalization.aspx

Look to this page first for updates to any of my article code, for example. I periodically updated my way of thinking about a problem, so this page will always have my latest best practices.

Just wanted to mention that the Interop Warriors are at it again. We have a number of events coming soon that we're beginning to prepare for, and we'll be showing off our latest in San Diego at this FREE event. For more information, check this out:

http://www.interopwarriors.com/PermaLink.aspx?guid=f3f79b24-a4df-49d2-9323-b8fb3b59b832

This whitepaper is finally live and you will not believe how cool the new localization features are for ASP.NET 2.0, I'm duly impressed with the new integrated IDE support for resources, and in particular with the extensibility of localization expressions. Peaked your interest? Read it here:

http://msdn.microsoft.com/asp.net/whidbey/default.aspx?pull=/library/en-us/dnvs05/html/ASP2local.asp

I really enjoyed working with Achim Ruopp and Simon Calvert of the localization team at Microsoft on this paper. They were a fantastic resource for getting me up to speed on the underpinnings of the new localization features of ASP.NET 2.0. I could not have written this paper with as much detail without some insider feedback so I really have to thank you guys for answering all of my detailed questions and for all the time you took to give comprehensive feedback during each review cycle. Thanks guys!

Resources for this webcast today can be found here:

http://www.dotnetdashboard.net/sessions/handlers.aspx

The webcast starts at 9:00am PT, you can register online (see a few blog posts ago).