Monday, February 23, 2004

MSDN WebCasts

Got introduced to the MSDN webcasts (via).
Maybe they're familiar for all of you, but at least I didn't know them so far. In a word: they're great. A great way to view talks by MS engineers just from your computer at home. The Webcasts are broadcasted live of course on previously announced times. There interactive, in that they use simple polls in which you can participate, you can ask questions etc.
I just watched Writing Secure Code - Best Practices by Joel Semeniuk. This was a webcast from last week on, well, building secure applications. The threat modeling process is introduced, among other features like identifying threats by using the STRIDE model (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of privilege). Also, the well-known process of threat rating (DREAD: Damage potential, Reproducibility, Exploitability, Affected users, Discoverability) is explained.
I can only advise you to have a look at this or one of the other webcasts. Take some time to refresh or improve your knowledge. What I'm wondering myself is whether it would be possible to download the contents of the webcast in some way? That way, I'd have the possibility to watch them at home (dialup) instead of at work (DSL). There's no way to do this on dialup. It uses a 104Kbit connection, meaning 56Kb dialup is only half of which is needed.

Thursday, February 19, 2004

Windows XP Bootable CD

Below is a link to "Bart's Preinstalled Environment (BartPE) bootable live windows CD/DVD" (via. We had this harddisk clicking and ticking away in one of our notebooks. It really was on the brink of falling apart. The employee wasn't able to work with it anymore, and we neither could access the disk anymore. So some important files on the C were inaccessible now. I remembered having read this a couple of days ago, but only bookmarked the link for later use. Now, it has proven it's worth. Really amazing, everything went OK the first time. Download a 2MB Builder program, use it to make an XP ISO, burn the image to CD, and off we went. The only things I had to do was tell it to use DHCP, and enter the domain name. Wonderful thingie, we'll certainly use this one more in the future.

Friday, February 13, 2004

Oops, source code leak

Arriving at work yesterday morning and one of the biggest security holes
in Windows ever has been announced. Serious enough. Arriving this morning, and Windows 2000 and NT source code has supposedly leaked to the net, according to Neowin. It has been confirmed by Microsoft already. Guess we'll be hearing much
much more about this the next few days. Just wanted to share this with you, although it probably a bit useless, as everyone is blogging / talking about it right now. This is certainly not the best week for Microsoft...

Sunday, February 08, 2004

No feedreaders for me

I know, all
you guys acquire your information by means of RSS feeds and the like. I myself used Bottomfeeder and AmphetaDesk for a couple of months (I really enjoyed Bottomfeeder the most), but since about half a year I stopped the use of Newsreaders. Now I only hop from blog to blog to other miscellaneous news source, using blogrolls and my own list of favorites. Working this way I can download the information I want for offline reading, disconnect the dialup connection and spend the rest of the evening reading, reading and reading. That's right; I still use a 56k dialup. And in the Netherlands, although telephony rates are not too high, I still notice this puts some stress on me in trying to get my information as quickly as possible, and then disconnect. Even though, this is nonsense, because I'm more limited in that people around me also expect their fair deal of attention, than in the amount of money I spend on the internet connection. And while I'm paying less than (A)DSL or some other broadband connection, I won't go for it. Still, it must be kind of convenient being on broadband without bothering about having to disconnect in order to save on the phone bill. But, back to my point: havingDSL / cable is a big prerequisite for using some kind of newsreader, to my opinion. Using Bottomfeeder on dialup, I'd be downloading the headers, or first paragraphs or whatever is offered in the feed, disconnect, and not being able to read whole blog entries afterward. I would need to be connected the whole time I'd be using the newsreader, in order to read the complete entries. This would mean I'd be on dialup for multiple hours on a regular basis. That certainly would beg for a permanent connection. Which is why I'm not using newsreaders, I guess
Agree? Or think I shouldn't be moaning so much (in any case nothing in life is free, except love, and God's grace)
Take care

Thursday, February 05, 2004

IIS: happy to put your server in a loop

Just found this peace of documentation in the IIS Help files. Imagine what would happen if, for the one or other reason the HTTP_ACCEPT_LANGUAGE server variable would not be known... The welcome.asp file would include itself :) Better use welcome.asp, and something like Lang & ".asp" for each language. And default back to English when the above mentioned variable is empty.



<H1>Company Name</H1>
AcceptLang = Request.ServerVariables("HTTP_ACCEPT_LANGUAGE")
Lang = Left(AcceptLang, 2)
Server.Execute(Lang & "Welcome.asp")

<% Response.Write "Welcome to my website!" %>

<% Response.Write "Willkommen zu meinem website!" %>

<% Response.Write "RecepciĆ³n a mi website!" %>

Windows Search and the XP Indexing Service

Since upgrading to XP, we have problems searching in files with the built-in Windows Search. This is, a college of mine who runs the Indexing Service locally is able to find strings in files on the network (which are - obviously- not indexed on his machine). Whereas, performing the same search on my machine yields no results. This is very annoying: although only a small percentage of the people here use this feature (myself included), it is the most easy way to find things without using third party tools. I've heard of Regexps and command line tools, but that's a step too far for most people here). And, it was working under NT, and I just don't like the idea of something working since 1996, and not in 2004. Anyway, I started this rant because we couldn't think of any other differences between my college's PC and mine, which could explain this difference in search results. And on the net I couldn't find any solution so far. It seems there are problems with the Windows Search, but where's the solution???