January 2005 Blog Posts

I've lost count of the number of times where I have seen it said that "Only experienced xxxx should try to do yyyy." For example, "Only experienced security experts should try to build secure authentication systems." Or, "Only experienced walkers should attempt to tackle this route through the mountains."

In all kinds of different fields, we're warned that certain activities shouldn't be approached by the inexperienced. How do you know when you're no longer too inexperienced? It seems that the more you learn, the more you realise how much you don't know. I think this is a good thing but there's a danger that only the inexperienced ever try to solve the difficult problems yet they probably don't have the skills to succeed.

Eric Lippert starts a series of posts on security with the disclaimer, "This blog posting is for informational purposes only; don't think that after you've read this series, you have enough information to build a secure authentication system!". That's good advice but I wonder how much you have to know to have enough information to build a secure authentication system.

Talking about the divergence between VB.NET and C# while considering their typical audiences is a common theme. The default instance support that provides singletons for common types is another example of this. In and of itself, I don't have a problem with this direction. This is a perfect example of making the things that your customers want to do often much easier.

However, I worry about the effect of this on developers' understanding of types. In the VB6 world, it was common to speak to people who didn't understand the difference between a form type and the form itself because of the default instance. This blurring then made it difficult for them to apply their VB knowledge to producing classes in an OO fashion. I have a feeling that VB.NET default instances is going to cause the same problem again.

The long awaited Enterprise Library Application Blocks have been released. This release of Enterprise Library includes: Caching Application Block, Configuration Application Block, Cryptography Application Block, Data Access Application Block, Exception Handling Application Block, Logging & Instrumentation Application Block, and Security Application Block.

As many have noted, BizTalk 2004 SP1 was recently released. Possibly less well known is the fact that at the same time, the BizTalk team have moved to a "staged delivery model" for releasing product documentation. Updated documentation is available for download, as is an updated installation guide.

A new version of the Log Parser tool (v2.2) has just been published. Scott Hanselman posts about his experiments parsing IIS log files.

This version includes a bunch of new input/output formats including tab separated text files. Not only is Log Parser a great tool for querying common Windows logs, it can be really useful for parsing audit or log files created by your own applications.

If you can't get on with running as a non-admin user or a common task you need to do requires you to be an administrator then take a look at Michael Howard's article Browsing the Web and Reading E-mail Safely as an Administrator. The article describes how to take advantage of the SAFER features built into Windows XP and Windows 2003 to at least go some way to increasing your security.

When Microsoft issues service packs for developer tools and redistributable runtimes or libraries there is usually a knowledge base article published that lists which previously documented problems and bugs have been fixed by the service pack (referring to the KB article describing each issue). These service packs usually include other fixes that were found internally but that hadn't necessarily resulted in a public article. It is much less common for details of these fixes to be made public.

It has been brought to my attention that there are actually two articles that describe the previously undocumented bugs that were fixed in both the .NET 1.0 SP3 and the .NET 1.1 SP1 releases:

With little fanfare, it seems that Windows Installer v3.0 shipped in November. The platform SDK page about Windows Installer notes that this release includes more sophisticated patch handling and a few new enterprise management features. This version also provides some slightly less cryptic command line options.

Tim Sneath outlines how to reduce the time it takes to start Adobe Acrobat Reader by moving those normally unused plug-ins.

There are a couple of good articles about SQL tracing in the MSDN SQL Server Developer Center pulled from SQL Server Professional magazine.

Trace-scrubbing Tools and OpenSQLTrace: Automated Trace Processing and Analysis System discuss how to trace, scrub, and analyse data about the transactions occurring in SQL to identify possibly troublesome operations.

Hervey Wilson posts that the WSE hands on labs have now been updated for WSE 2.0 SP2 and also include VB.NET.

Hands on Lab: Web Services Security and Policy with Web Services Enhancements 2.0
Learn how to secure Web services without writing code, how to author security policies, and how to leverage the WSE programming model to secure you Web services. Now available in Visual Basic and C#.

Hands on Lab: Web Services Messaging with Web Services Enhancements 2.0
Learn how to use WSE’s lightweight Web service messaging infrastructure, do basic one-way and request/response messaging over multiple transports, and build your own peer to peer instant messaging program. Now available in Visual Basic and C#.

Lots of WSE FAQs answered here [via Sam Gentile].

Simon Fell points to an article showing how to add HTTP 1.1 compression support to a .NET web service client proxy.

Yasser Shohoud reports that "IIS 6.0 makes it easy to compress replies including Web services replies. In .NET 2.0, the client will automatically tell the server that it accepts gzip compression and it will automatically decompress replies. [...] Note that we don't have a client side compression feature so if you are sending Base64 data from the client and you want to compress it, you would need to use 3rd party compression library or roll your own." (emphasis mine)