|
>
 Monday, February 14, 2005
Wednesday, February 09, 2005
 |
|
 |
|
|
|
|
|
It is official. Scott Hanselman knows everything there is to know about everything. After my laptop failed to boot last night, I spent 3 hours researching, trying to create a bootable CD that can install the mass storage USB device driver I needed to do a more recent back up of my system to my fantabulous Seagate 250GB drive. My most recent backup was 1 week ago, not good enough!
So, then I see Scott online, and wouldn't you know his “handle” says “If it's been written, I've installed it (at least once)”...so I took the bait and sure enough he had great advice.
”Winternals,” he said, “that's what I would do.”
So this great little utility provides you with a bootable CD that launches their own custom OS layer, providing access to the harddrive, network, external devices (USB/Firewire) and some utilities for recovering the underlying OS. Personally, I didn't give a crap about recovering the OS at this point, it has been 6 months, time for a clean slate (usually triggered by some inconvenient event such as this)...but I wanted my data, that is for sure. It is amazing how much work you can get done on the road in 1 week's time, I had plenty to recover, never mind email.
So, I purchased this for $149, downloaded and pressed a CD, and in less than one hour I was able to see the c: and d: folders of my unlucky machine...what a sight! I had that thing backing up to my Seagate before you could say “make me a ham sandwich“ and today I'm ready to wipe the machine.
http://www.winternals.com/products/repairandrecovery/erdcommander2002.asp?pid=erd
My only comments:
a) if the file explorer encounters an error copying a file from one directory, it moves to the next directory, but skips the remaining files/subfolders in the directory where it encountered the problem. You will KNOW that there is an error, because a dialog will block until you acknowledge the error, so be sure and return to that subfolder to recopy, and check directory size to be sure you got it all.
NOTE: I keep ALL of my files in a single folder “\All My Crap“ so that ultimately I have a single directory that I can move, or back up, at any given time. Forget about \Documents and Settings\ etc...
b) if you want to recopy files to the backup drive, you have to wipe clean existing directories and start fresh, unless you want to sit there and approve “overwrite” for every directory...lame
Still, I'm up and running and happier than I was 12 hours ago. This tool was well worth the $149 bucks ($250 for server systems).
Thanks Scott, you rock!
In my travels, I also encountered this link:
http://www.winsupersite.com/showcase/windowsxp_sp2_slipstream.asp
It talks about slipstreaming XP SP2 onto the same CD when you install XP2...and if you build machines as often as I do, that can be a real time saver, not to mention you don't need to connect to the network to get that security service pack on there. I'm going to give this a shot as well.
Next action item, get that Seagate configured to do the “click once” backup of my entire machine...so I can more easily back up every night on the road, and at home. I'm sure I should have done this ages ago, but alas there is only so much time in the day to be an admin...
|
|
|
 |
|
 |
|
|
|
|
|
|
|
|
 
Dev connections is now the premier .NET developers conference out there. There are three main tracks: Visual Studio (C#/VB.NET/Framework/Visual Studio), ASP.NET and SQL Server. Many of my favorite speakers will be there and you'll get the latest from Microsoft on Indigo, Visual Studio Team Systems, and Visual Studio Tools for Office...all very cool technologies and platform tools.
So, in between visits to the poolside bar, and short bursts of sunny indulgence, you can slink your way over to a few of my talks too!!!
Pre-conference workshop: VPR202: Return of the thick client? What do I do now? (1:00 PM - 4:00 PM)
Sessions:
APF301: The Quest for Scalability: The Right Way to Design ASP.NET Applications
VFE205: Deploying and Versioning .NET Applications--Essentials
VDP351: Best Practice Approaches to .NET 2.0 Localization Architecture
Post-conference workshop:
VPS301: Fundamentals Track-- .NET Fundamentals Advanced Class (9:00 AM - 4:00 PM)
So...come on down, over or up to Florida for Dev Connections, wherever you may be today...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
In a few weeks I'll be heading to Santa Clara in a few weeks to participate in the SD Expo conference. This is one of my favorite conferences because it brings together such a diverse crowd. Not only does this conference draw one of the largest C++ followings in terms of conferences, but you'll meet Java, XML, .NET, Security, Web Services and other types of experts that participate in the various tracks. I find this a great place to go if you want to mingle and learn from developers coming from other areas of expertise, or to dabble in some sessions in “the other world” from which you spend most of your time.
So, if you plan to join me there, be sure and come to my talks too!!!
Christian Gross and I are giving another joint tutorial on Web Services. Christian is one of my favorites speakers, a true philosopher, and this set of tutorials was very well received last year so we're updating it to the latest and greatest and joining forces once again:
(112) Web Services Part One: Web Services Theory
Time/Date: Monday (March 14, 2005) 8:30am - 12:00pm
(117) Web Services Part Two: Implementing Web Services Using .NET
Time/Date: Monday (March 14, 2005) 1:30pm - 5:00pm
(131) Web Services Part Two Continued: Implementing Web Services Using .NET Time/Date: Tuesday (March 15, 2005) 8:30am - 12:00pm
Then, we are doing a special tutorial presented by several of the Interop Warriors (www.interopwarriors.com), focused on WS* interoperability for Web Services platforms:
(140) Web Services Tools and Platform Interoperability
Time/Date: Tuesday (March 15, 2005) 1:30pm - 5:00pm
And I have some other general sessions throughout the week as well:
Best Practices for .NET Versioning and Deployment
Time/Date: Wednesday (March 16, 2005) 1:45pm - 3:15pm
Making Sense of all these Crazy Web Services Standards
Time/Date: Wednesday (March 16, 2005) 3:30pm - 5:00pm
Mastering the Offline Experience with Smart Clients
Time/Date: Friday (March 18, 2005) 8:30am - 10:00am
The Good, the Bad and the Ugly of Web Services Security
Time/Date: Friday (March 18, 2005) 1:45pm - 3:15pm
Designing Scalable ASP.NET Applications
Time/Date: Friday (March 18, 2005) 3:30pm - 5:00pm
We also plan to have an interesting discussion around the REST-ful Web Services topic, with some passionate followers on both sides in the room, this will be interesting!!!
Rest vs. Soap
Time/Date: Thursday (March 17, 2005) 7:30pm - 9:00pm
Hope to see you there....
|
|
|
|
|
|
|
Tuesday, January 25, 2005
|
|
|
|
|
|
|
|
|
Julia Lerman and Stephen Forte have organized a charitable auction to help the Tsunami victims of Banda Aceh. Steven was kind enough to write up the details here:
http://www.stephenforte.net/owdasblog/PermaLink.aspx?guid=61b646aa-ca24-47ef-b013-012bf852f79d
And, even though he continues to spell my name wrong, he is a great guy ;)
Stephen, how long have you known me? Seriously...
At any rate now is your chance to get 1 hour of Q&A with your favorite .NET celebrity. I am certainly honored to be included in such a prestigious list. So, ask yourself: Do you have a few nagging questions about .NET architcture? ASP.NET? Globalization? Assembly versioning and deployment? EnterpriseServices? Security? C# programming in general? Well, just think for the low low prize of $100 you can start bidding...and not only get some help, but help the Tsunami victims and get a tax deduction at the same time. Just imagine the goodwill you are building.
Get on there and start bidding!!!
http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=5552696499
For more info on Aceh Aid: http://www.idepfoundation.org/aceh_aid.html
|
|
|
|
|
|
|
Thursday, January 13, 2005
|
|
|
|
|
|
|
|
|
<blatantmarketing>
Here's a list of local classes I'll be teaching in San Diego at UCSD Extension this quarter. For the Master class, UCSD also helps international students to coordinate a visit to San Diego for the course...
 &  |
January 24-28, 2005 (8:00am-5:00pm): IDesign's .NET Master Class - outline, registration
UCSD Extension partners with IDesign to deliver IDesign's .NET Master Class, an intensive 5-day hands-on training experience, taught exclusively by IDesign. The next class will be held Jan 24-28, 2005.
Feb 8 & 10, 2005 (5:30-9:30pm): .NET Security - outline, registration
At UCSD Extension, new collection of advanced short courses targeting the busy professional are now being offered. This Winter learn .NET Security in one week by spending two evenings with Michele Leroux Bustamante of IDesign, Feb 8 & 10, 2005. Other certificate courses also available (see C# and VB. NET ). |
</blatantmarketing>
|
|
|
|
|
|
|
Wednesday, January 12, 2005
|
|
|
|
|
|
|
|
|
Tonight was my turn to present as part of Regional Directors presentation month in southern california. Tim Huckaby presented at the San DIego .NET Developer's Group last week, I presented to the VBUG in Orange County (with a good collection of C# UG members also present), and Paul Sheriff is next, presenting to the San Diego .NET User Group the last week of January.
Tonight I test drove my latest materials on .NET 2.0 ClickOnce and related subject matters for Smart Clients such as offline connectivity and data storage, versioning and deployment, security evaluation and elevation, and so forth. The slide deck is in PPT format here:
versiondeploysmartclient20.zip (979.02 KB)
Related links I showed at the end of my talk:
http://www.idesign.net - See some of the .NET 2.0 webcasts delivered by my colleagues
http://www.dotnetdashboard.net/sessions/versiondeploy.aspx - see my resources on .NET 1.1 versioning and deployment
Other Microsoft resources for smart clients:
http://www.windowsforms.net
http://msdn.microsoft.com/smartclient
|
|
|
|
|
|
|
Saturday, January 08, 2005
|
|
|
|
|
|
|
|
|
I recently recieved this question from a SearchWebServices.com reader:
I am designing a sample app that has 3 tiers - Web browser, .NET application & DB server. I believe (correct me if I am wrong) that given that each individual user will not be connecting to SQL server directly (except maybe for DB Admin's etc) it is desirable to create a login for IIS to connect to the server and a user login to connect to the DB in question with the appropriate permissions. The .NET application will be connecting to the DB using ADO.NET. Is this true, or am I barking up the wrong tree?
Interestingly this is a subject I have been writing about recently. Here's the answer I posted for this question.
Let’s first clarify the physical tiers you describe here. The Web browser on the client tier, but really doesn’t participate in the description of tiers for the server-side application. Users will provide credentials through the browser that must ultimately be authenticated by IIS or passed through to ASP.NET for custom authentication. The .NET application I presume is hosted on the Web server physical tier, along with IIS. The database server physical tier hosting…well…the database application. potentially The server-side then has two physical tiers. If this is an intranet-based application, the Web site is likely configured for Windows authentication in IIS, which means IIS will authenticate the user within the Windows domain. Authorized requests will be forwarded to the ASP.NET runtime for processing, and if the application is configured to impersonate the authenticated user, application code will be governed by what the impersonated account is authorized to do:
<identity impersonate=”true” />
For example, if the logged in user is authorized to access the database (which really means, whichever database objects the account is granted access to, and for whatever type of access like db_datareader, dbdatawriter) then functionality to access the database will execute without exception. But this is not realistic as you mention. That means the code that tries to access the database must first impersonate an account that is granted appropriate access to the database objects. If the intranet application impersonates the logged in user, then this impersonation must be handled on the fly, and must be reverted so that the logged in user is once again the identity under which the remainder of the request thread executes.
If the application does not impersonate the logged in user, ASP.NET application requests will be executed with the ASP.NET identity configured in the <processModel> section of the machine.config. This is usually the NETWORKSERVICE account, which has limited privileges (by design). In theory you could have the application impersonate a higher privilege account for all requests that also has access to the appropriate database objects. BUT - DO NOT DO THIS. This is the lazy man’s solution to gaining access to protected resources, and it seriously compromises the safety of the application. If a hacker were to gain access to an executing thread inside the worker process, they will have access whatever privileges have been granted that thread. By default, we prefer this to be the NETWORKSERVICE account, or the account of the logged in user for intranet applications.
So, the solution?
- Either impersonate the logged in user or run the application under the NETWORKSERVICE account
- For calls to the database, either impersonate a privileged account at runtime, or use EnterpriseServices to invoke a serviced component that runs with the required account with database privileges (better). This decouples the configuration of the required account to access the database from the code, allowing it to be modified as needed through serviced component configuration (COM+). This also has the benefit that later you could distribute the database access component to another tier for scalability and security requirements.
What accounts do you need?
- It is useful to have an account that can only read the database (db_datareader privileges to appropriate objects), and another that can read and write (db_datareader and db_datawriter privileges). This way, during read operations you are not vulnerable to write attacks.
For more information on this subject, see my article on The Server Side.NET referenced here in my blog: http://www.dasblonde.net/PermaLink.aspx?guid=aa616d20-1089-4a24-8f0c-14326f2a731c
|
|
|
|
|
|
|
Thursday, January 06, 2005
|
|
|
|
|
|
|
|
|
Yet another article published in December 2004, the architecture-focused continuation of the 15 Seconds article mentioned in my last blog entry. This one talks about architecture for ASP.NET applications to run with least privilege, design and allocate components, and handle runtime security elevation as needed while starving the application runtime of privileges to prevent hackers from getting in. Part 1 focuses on a solution without allocating other processes with Enterprise Services.
http://theserverside.net/articles/showarticle.tss?id=SandboxingComponents
Part 2 is being written as I write this...well, not exactly...but after I write this I'll get back to it...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
I learned something new last night: shrinkster.com
I guess I had heard my geek friends discussing urls with this domain before, but didn't really probe into it (that must have been my other 55% non-geek-personality taking over). So it's really cool, when you have to rattle off urls verbally (say on a radio show taping) or want to deliver a presentation and give attendees a single short url to go for everything. So it generates a shrinkster.com/bla address for you (where bla is some short value like 31g).
What I want to know is, since shrinkster.com has virtually no company information on the site and no advertising...not to mention no freaking indication that they will be in business (if there is a business) for any length of time...then how can I possibly create shrinkster urls that I can guarantee for some lifetime?
I think I'll only use it for transient purposes...related to phone conversations and live events...to ease in verbal delivery...
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
VSTO (or, Visual Studio Tools for Office) 2005 is pretty darned cool. Yeah, I know about it...yeah, I've thought about it...and yeah, I know some day I'll spend some time using it...but not yet.
So, I stayed for Tim's presentation at the San DIego .NET Developer's group this past Tuesday, and realized that I can actually build better spreadsheets now, as a developer, using VSTO, than I ever stood a chance of doing just by using Excel directly. I suck at Excel macros, I never cared for VBA, but I love VSTO. The sheer idea of my own developer environment that I know and love letting me write some “code-behind” for my Excel spreadsheets and Word documents, letting me drag and dop buttons to create forms in a natural design environment, and letting me debug this like I would any other application...wow.
I know, it is nothing new, but I feel like I really “saw” it for the first time this week. Was it Tim's good looks, his killer presentation, or was I just ready to accept the promise of VSTO? We may never know the answer, but it doesn't matter, I'm going to build killer spreadsheets....er....as soon as I get a few minutes free...
Want to know more? Clearly I have no sample code to share (yet) but you can go here to get started:
http://msdn.microsoft.com/office/understanding/vsto/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
On Tuesday night this week I volunteered to do the 101 talk for the .NET Developer's group, before the famous and infamous Tim Huckaby did his killer, wicked Visual Studio Tools for Office (VSTO) presentation.
For my talk, I took a much deeper, advanced talk I do, which articulates 10 steps to versioning and deployment success, and I basically c-o-v-e-r-e-d t-h-e f-i-r-s-t b-u-l-l-e-t w-e-r-y w-e-r-y s-l-o-o-o-w-l-y to turn it into 1 hour of deep discussion on the subject of strong names, their value from a security and versioining perspective, some of the pains of using them, and some demonstrations to go along. The complete list of materials for this subject can be found on my versioning and deployment resource site:
http://www.dotnetdashboard.net/sessions/versiondeploy.aspx
The next time I do a 101 talk for this group, if Dave and Woody invite me back ;), I'll move to bullets 2 and three of the 10 step presentation...and so on, and so on, and so on...
What are the 10 steps I discuss in the advanced talk?
- 1.Use strongly named assemblies
- 2.Think before you GAC
- 3.Covet all private keys
- 4.Get to know Code Access Security
- 5.Evaluate runtime security requirements
- 6.Run with least privilege
- 7.Protect your intellectual property
- 8.Master assembly versioning
- 9.Design a deploy/upgrade strategy
- 10.Prepare for future of .NET
Enjoy :)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
No blogging = pretty freaking busy != nothing to talk about
In fact, I've been so over my head in WS* interop, ASP.NET security and scalabiltiy architecture work and writing, that I have been a really really bad blogger...and now I don't know where to begin posting...
How about this for starters, it is now official, I am 45% geek...
I took the test after I found out Don Keily and Rocky Lotka did...unfortunately I can't meet their geek levels, I knew I should have installed Firefox. Damn!
But you know there are different types of geeks...and compared to most of my friends and family...I'm pretty darned geeky. I mean, how many non-geeks do you know who...
Insist on playing giant chess even though they are going to lose against the master they are playing (see the stress on my face?)...ok, the glass of wine helped:
And how many non-geeks do you know that would wear a “We are #” t-shirt from Newtelligence?
And how many non-geeks do you know that would hang out with other super geeks like Juval Lowy, Kimberly Tripp, and Clemens Vasters? C'mon, these guys (and gals) are geeky...just like me!
And seriously, only a geek would do their hair like this for a new years eve party....er...right?
So, have I proven that I'm a geek yet? Did I convince you that I deserve a higher score than 45% on the geek quiz? Take the quiz yourself (above click the link) and see where you rank...
In the meantime, back to serious content...although this post probably makes it look like I have time on my hands...er...I don't...back to work.
Caio!
|
|
|
|
|
|
|
Tuesday, December 07, 2004
|
|
ON THIS PAGE
|
|
|
|
SEARCH
|
|
|
|
CATEGORIES
|
|
|
|
ARCHIVES
|
| | Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|
| 30 | 31 | 1 | 2 | 3 | 4 | 5 | | 6 | 7 | 8 | 9 | 10 | 11 | 12 | | 13 | 14 | 15 | 16 | 17 | 18 | 19 | | 20 | 21 | 22 | 23 | 24 | 25 | 26 | | 27 | 28 | 1 | 2 | 3 | 4 | 5 | | 6 | 7 | 8 | 9 | 10 | 11 | 12 |
|
|
BLOGROLL
|
|
|
|
|
|