Major charing components for Windows are ChartFX and Dundas. Both integrate well with VS.NET and provide easy to use wizards with well architectured .NET apis. While Dundas is significantly more affordable than ChartFX, especially for volume licensing. I have contacted both companies with various charting issues and received prompt and accurate support. Full article is here.
aleksey on 07.17.04 @ 11:40 PM PST [link]
I have analyzed the number of jobs by language on one of the popular job sites to come up with these results
As you can see, Java is currently the most popular programming language as far as US jobs are concerned. C++ and Visual Basic are slightly behind with Visual Basic loosing market. C# keeps steady at about 8% of programming market place. Variation in the number of C++ jobs from May to July is most likely a search error.
aleksey on 07.15.04 @ 10:23 PM PST [link]
Keith book is a great guide into .NET/Windows security with valuable tips on authentication protocols, network security, access control and common security tasks (e.g. locking, deployment, login off, storing secure data) This book would be of interest to Software Engineers, Software Architects and, to some extent, IT managers. There is considerable overlap between this book and Keith’s previous book on Windows Security, so you may not want to buy both.
For many software developers/managers, windows security remains a hindrance rather than a very helpful and essential infrastructure - I would like to see more coverage of common security tasks. Discussion of security in non Microsoft implementations of .NET (e.g. Mono) would also be very interesting.
Chapter1:
Good introduction into security issues including programming, threat modeling, principle of least privilege, authentication, and privileges. Useful tips on VS.NET development, deployment, and windows auditing.
However, I felt that isolated storage, a new concept for many developers, should be discussed more at length. It would also be helpful to have an overview of uses of user profile directory by modern applications and get author’s opinion on why and how Isolated storage concept will affect these uses.
Keith cites Blind Man’s Bluff (BMB) as saying that successful intelligence gathering by the United States helped end the Cold War. This is contrary to the widely held opinion that the Cold war ended because of the collapse of the Soviet Union and not because of eavesdropping on an underwater cable 30 years ago.
Chapter 2:
Excellent discussion of Windows Security with code examples on SID manipulation, tokens and impersonation. Discussion of impersonation and null sessions is especially useful
Chapter 3:
Chapter starts with explanation of role based security and the simplification it brings to server security administration. The author makes a good point by stressing that role based security is centered around the user rather than a particular object.
Then the author discusses ACL based security which focuses on objects rather than users. In item 41 the author makes an interesting point about object ownership and how granting somebody a full control may compromise the system.
Chapter 4:
Good explanation on how to configure authentication and impersonation in ASP.NET
Chapter 5:
Keith explains how to add Windows Authentication and SSPI or Kerberos when running .NET Remoting or Sockets - very useful information. IPSEC discussion is also helpful.
Chapter 6:
This chapter provides helpful tips on Common Security tasks. Deployment, locking, login and login off are useful subjects for many software developers.
I would have added a few things to this chapter:
1. Handling of server certificates, especially invalid ones. For a while, I have been using the following code to handle invalid server certificates:
//This code appeared at a newsgroup
public enum CertificateProblem : uint
{
CertNOERROR = 0x00000000, // This is an unconfirmed assumption
CertEXPIRED = 0x800B0101,
CertVALIDITYPERIODNESTING = 0x800B0102,
CertROLE = 0x800B0103,
CertPATHLENCONST = 0x800B0104,
CertCRITICAL = 0x800B0105,
CertPURPOSE = 0x800B0106,
CertISSUERCHAINING = 0x800B0107,
CertMALFORMED = 0x800B0108,
CertUNTRUSTEDROOT = 0x800B0109,
CertCHAINING = 0x800B010A,
CertREVOKED = 0x800B010C,
CertUNTRUSTEDTESTROOT = 0x800B010D,
CertREVOCATION_FAILURE = 0x800B010E,
CertCN_NO_MATCH = 0x800B010F,
CertWRONG_USAGE = 0x800B0110,
CertUNTRUSTEDCA = 0x800B0112
}
public class OpenCertificatePolicy : System.Net.ICertificatePolicy
{
public OpenCertificatePolicy() { }
public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem)
{
….
//return true if testing with invalid certificate
return true;
}
}
2. ASP.Net security infrastructure e.g. manifest verification
aleksey on 07.15.04 @ 09:28 PM PST [link]
Ten questions to ask yourself when considering a candidate for a developer position:
-Can this candidate bring something to the team that nobody else has?
-Is this candidate constantly learning?
-Is this candidate aware of his/her weaknesses and comfortable discussing them?
-Is this candidate versatile and willing to do "whatever it takes" to help make the product successful?
-Is this candidate one of those "10X coders"?
-Does this candidate have a bachelor's degree from a good computer science department?
-If this candidate has a Ph.D., is there other evidence to suggest that s/he is one of those rare people who also has "Shrinkwrap Qualities"?
-Does this candidate have experience on a team building shrinkwrap software?
-Does this candidate write good code?
-Does this candidate love programming so much that s/he writes code in their spare time?
Full artilce
aleksey on 07.15.04 @ 06:08 PM PST [link]
This is yet another testimony that small companies can't afford to outsource.
aleksey on 07.15.04 @ 04:51 PM PST [link]
Mono implementation of .NET is simply great. I have moved a pretty complex .NET App from Windows to Linux it runs without having to recompile.
Mr. Miguel de Icaza is the man behind it:
http://news.com.com/More+than+an+open-source+curiosity/2008-7344_3-5271084.html?tag=nefd.lede
Way to go Miguel!
aleksey on 07.15.04 @ 02:40 PM PST [link]
When the version of a shared assembly changes, your need to recompily all programs using it.
For a non-shared assembly, you can, in most cases, get away by simply swaping the old assembly with the new one. Say yes to non-shared assemblies :-)
aleksey on 07.15.04 @ 11:08 AM PST [link]
www.cellpoint.com is measuring signal travel time between up to 3 cell towers to determine approximate position of the cell phone caller. The problem with this approach is that it works well in the area that is roughly equidistant from 3 towers - this doesn't happen too often. Combining this approach across multiple Cell networks would probably produce better results (e.g. since some cell providers, like T-Mobile, allow free roaming of AT&T's GSM network).
aleksey on 07.14.04 @ 05:36 PM PST [link]