Well, it took 3 days to officially kill my computer after installing Windows XP SP2 RC1.  Well, it didn't necessarily kill it, but it would freeze during the bootup.  That was only the peak of things this evening, however earlier this afternoon everything just shut down...no blue screen of death, nothing.

So, after booting into Safe Mode, I was able to successfully uninstall SP2 RC1 and all the extra beta updates from Windows Update, and all is well once again.  Phew, good thing I don't have to rebuild my laptop this weekend...would have been dificult since I'm at my parents.

BlogJet 1.0.0.16 Beta Release Notes
March 25, 2004

FEATURES
* Multiple categories support.
* Quick test of FTP settings.
* pMachine support.
* "Delete Draft files after posting" option in settings.
* New keyboard shortcuts:
   - Ctrl+Tab - switch between Normal/Code view.
   - Ctrl+M - indent
   - Ctrl+Alt+M - outdent
   - Ctrl+Shift+N - numbering
   - Ctrl+Shift+L - bullet style
   - Ctrl+Shift+I - insert image
   - Ctrl+Shift+V - attach voice
   - Alt+D - select text in Title bar
   - F5 - change account


BUG FIXES
* BlogJet This! did not work with long selection.
* Draft files handling errors.
* Login window when opening draft.
* Installer issue on "Launch BlogJet".
* Printing from code editor did not work.
* Fixed various issues with b2-based blogs.
* Ctrl+A, Ctrl+K in code editor did not work.
* Fixed issue with blog URL for Blogware.
* Code tab wouldn't appear with large fonts.
* "Access violation at address 005489A4" fixed.
* Some main window shortcuts worked in Login dialog.
* Sometimes "t" didn't work in editor - fixed.

Download here!

So I'm watching BillG's keynote at VSLive, and within the first 10 minutes he talked about the SPOT watch.  My question is, did he wear the watch just for his KeyNote, or does he wear it on a daily basis.  Anyone know?

On Monday, my team at work got together and a pow-wow about security and how we can be more pro-active in developing applications.  As we went through sessions 2 & 3 from DevDays, we had a lengthly discussion on how we should proceed in securing the connection strings.  As most of you know, the OpenHack, and "best" method for securing connection strings, is by using DPAPI to encrypt it, and then store that encrypted string in a ACL'd registry key.

As this is a nice security model to follow, it doesn't work all that well in the development arena, when you have multiple machines that are hosting some version of an application.  As we discussed, we found that it would cause more of a headache when setting up a new application, as we'd have to create those ACL'd registry settings, do the encryption, etc. etc. manually.  Sure, a small application or batch could be used, but its still a pain to have to remember that you need to do it on each machine.

Another major item concerning storing the connection string in the registry, was that it breaks (what we think) the web application line.  By storing specific settings in the registry, you're starting to walk into the windows application arena.  It just doesn't make sense to us to provide that form of security when we feel its crossing that line.

Now, you may be starting to disagree with me, and thats fine.  We're still going to take an approach to encrypt the connection string in the Web.Config file, but not use DPAPI.  But - why wouldn't we want to use DPAPI, you ask?  Well, DPAPI is encryption/decryption is specific to the machine, thus decrypting a string on Machine B would not decrypt properly that was encrypted on Machine A.  (If my understanding is incorrect, please let me know - as this is a major setback for using DPAPI for us).  So, whats the big deal...well, you're going back to the model of having to manually configure each machine again, which isn't that easy to do in some environments.  So, we feel that using a specific encryption algorithm with a key is the best method, since it could be ported from machine to machine without having any problems.

I do have to agree, that if you wanted to take that extra security step by securing your encrypted connection string in a ACL'd registry key, that its a wise choice, however in most cases, its just overkill. Also, you won't ever have the option to do something like that on a shared hosting environment, so most web applications that single developers have, don't provide that form of security.

Well, I think thats all for my rant about securing connection strings, I'd love to hear your feedback.

Well I thought long and hard all day about installing XP SP2 RC1 on my laptop that I use for work and home.  I think I'm going to take the plunge since I've seen some pretty positive comments about RC1 being pretty stable.  So, lets just hope tomorrow I won't be rebuilding my laptop, and rather be working more securely & testing out SP2.  If I find anything quirky, I'll definately post it.  Wish me luck :)

PS - I hope I have better luck than Graemef.

I just ran across some free briefings put on by MSDN about security for developers.  It just so happens there's a briefing tomorrow in my town...yay! I'll be there!

Here are the abstracts:

Writing Secure Code - Best Practices
In this session for experienced developers, you will build upon existing knowledge of secure coding best practices to learn about analyzing, mitigating and modeling threats. The session will discuss established threat modeling methodologies and tools and show how they can be applied with other best practices to minimize vulnerabilities and limit damage from attacks.

Essentials of Application Security
In this session for experienced developers, you will gain knowledge and skills essential for the creation of secure applications. The session will cover important security concepts and discuss the need for implementing security at every stage of the development process. You will learn how to secure data and communications and how to implement effective authentication and authorization methods. You will also learn about application filtering and compatibility issues following software updates.

These sessions don't look to be duplicates of DevDay veterans, which is great.  And, now that my company is on the road to developing secure applications, this is just another step up for me to learn and bring back more information.  Check out the briefings to see if there's one near you!

Update: G. Andrew Duthie has stated that the content is different from DevDays, minus a bit of overlap.  Thats great!

EEEK! So I wake up this morning, go to my office, sit down in my chair... then I glance to my left - ITS WHITE OUT!  AHHH! Why does it have to snow in the middle March?  Well, I guess thats okay, because its supposed to be in the 60's by the end of the week.

A coworker of mine was just complaining how the cleaning crew had thrown away his bent-up paperclip that he played with while thinking this last weekend.  This made me start to wonder what I play with when thinking about a problem while programming.  It turns out that I actually have 2 different items. 

My main "thinking toy" is a pen, funny enough.  I, for some reason, like to take the cap off & on many times during the day.  This has, unfortunately, led to the pen cap not staying on that well, and as such I've had many run-ins with the ink.  My second "toy" is a stress ball that looks like a car.  Most of the bumper paint has been worn off, so its obviously had some good use.

What types of "thinking toys" do you use, and have you actually stopped and thought - "Why am I playing with this?"

Today, in the project I'm currently working on, I had to figure out a way of emulating the tab key by pressing the Enter key. I had found a very complicated script that required you to know the next id/name of the textbox or control that would need focus next...and since I'm creating 4+ textboxes in a datagrid, plus the ability of dynamic columns (all containing textboxes), this just wasn't going to be an easy task. As I set out, Google pointed me to a very helpful thread post. All you had to do is capture the enter key code and return the tab key code...simple, and works excellent!

[Previously Posted on old Weblog from October 9, 2003]

Well I just purchased Links 2004 for the XBox yesterday, and the game is great.  I know about a month ago, there was a lot of hoopla about .NET community geeks, like myself, were getting together regularly to play a few rounds.  I unfortunately don't remember who you were, but if you want to add me to your friends list to catch me online playing sometime, my username is MHawley