February 2005 - Posts

Interested in creating compilers (in general or more specifically targeting the CLR)? Take a look at this course: http://dotnet.jku.at/courses/CC/. It covers a C#-like programming language, called Z#, and the compiler itself is implemented in C#.Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

SQL Server 2005 will come in 4 different editions: Express, Workgroup, Standard and Enterprise. The availability of the Workgroup Edition will be ported back to SQL Server 2000 as well. More information (including pricing) is available over here: http://www.microsoft.com/sql/spotlight/expandsqlserver.asp.Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

You have a damn fast network interface card in your laptop (1 Gbit NIC in my case) but performance just sucks. Maybe you've seen this too? Well, since Windows Server 2003 SP1 RC I can finally use my WLAN at home (and on other places) because the WPA security is available in there right now. However, if I'm working on my desk in my office, I'm connecting to the wired network. And still network performance is slower than you'd expect when you're using a 100 Mbit network. The answer to this problem is the binding order of the network adapters in the computer. To check and change this, go to "Network Connections" in Windows Explorer, click Advanced, Advanced Settings and change the order on the "Adapters and Bindings" tab to Local Area Connection, Wireless Network Connection. In my case the order was different, causing the WLAN to be used whenever available (and thus resulting in slower network perf).

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

As I received a question today via MSN about the use of System.Web.Mail in .NET FX v1.x to send e-mails, I'm adding a pointer over here on my blog to the one (and only?) website for this kind of issues: http://www.systemwebmail.com/. An entire domain for one namespace in the .NET Base Class Library :-).

Fortunately, these problems will be solved in .NET v2.0 where the SMTP classes won't rely on CDO anymore but will do the work on their own using TCP sockets directly.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Maybe some of you have been struggling with this... When creating a SQL XML vdir on IIS 6 servers, the tools create a wildcard mapping for the vdir to the sqlisapi.dll. However, when browsing to the vdir to perform a query or to call a template, you receive a 404 message. IIS 6.0 always sends a 404 message if an ISAPI is not allowed to execute. For example, if ASP.NET is installed on the system but not enabled, navigating to an .aspx file on the server (even if it exists) will result in a 404 error message (to mislead hackers too). The same holds for SQL XML. To get it up and running, go to the Web Service Extensions node in the inetmgr tool and add a new extension for SQL XML, mapping to the ISAPI file (in my case this is C:\Program Files\Common Files\system\ole db\sqlisapi.dll). Finally, allow the extension and everything should be okay.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Take a look at Steve Riley's website for a nice comparison of various technologies on the field of security advisories, based on queries to secunia. You can find it over here http://www.steveriley.ms/sbr/default.aspx.Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

There seem to be indications (no proof yet) that SHA1 (one of the well-known hashing algorithms, developed by NIST) is not secure (enough) anymore. According to http://www.schneier.com/blog/archives/2005/02/sha1_broken.html Wang, Yin and Yu would have found weaknesses in the algorithm. You might remember these names as these folks also discovered the weaknesses in MD5 back in August last year as well as weaknesses in MD4, RIPEMD and HAVAL-128 (paper on http://eprint.iacr.org/2004/199.pdf). However, there is no reason to panic (yet).

Nevertheless, if MD5 and SHA1 are both discovered to be insecure, functions such as FormsAuthentication.HashPasswordForStoringInConfigFile() will need a rewrite (or better, will need to be extended). Other hash algorithms that could be used are RIPEMD-160 (invented by some researchers of KU Leuven - Belgium as an answer on RIPEMD, more info on http://www.esat.kuleuven.ac.be/~bosselae/ripemd160.html) and HMAC (which in fact uses an embedded hash function and is used for things such as SSL and IPsec - RFC 2104). And sites such as http://www.secure-hash-algorithm-md5-sha-1.co.uk/ (what a nice URL) seem to be outdated for quite some time already.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Finally I'm using a color printer at home. Actually it's just my 3rd printer right now. In the past I had a matrix printer (on my 286 machine; called the Citizen Swift 24 - cool for large code listings :-) - which is still somewhere around on my attic) and from 1994 on I was using a HP LaserJet 4 machine which is still working very fine. So, I did never pass through the phase of InkJet or Color InkJet. As from today I have a new big beast on my desk over here: HP Color LaserJet 3700 DN. It's just a great machine and I'm sure we'll be able to use it for 10 years as well. Some specs:

  • 33.5 kg; 48 cm x 45 cm x 47 cm (W x D x H)
  • 16 ppm color, 16 ppm black/white; 600x600 dpi
  • Duplex printing
  • 128 MB RAM
  • Ethernet connection

Why I never used a cheap InkJet? Well, a combination of "need for speed", "need for quality" and the fact that the cartridges for InkJets are soooo expensive for a little number of pages (when compared using the same quality as laser). Anyway, I like the machine I have right now so much... And as I'm (and other people in the house for digital photos and scanned "items") printing rather much this is a welcome relief (the HP LJ4 had a great quality too, but only b/w and rather slow). More info on http://h10010.www1.hp.com/wwpc/us/en/sm/WF06b/18972-236251-236268-15077-f51-315849-315857-315858.html.

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

Announcing MBSA 2.0 Beta
MBSA 2.0 is the next version of the Microsoft Baseline Security Analyzer, which utilizes the Windows Update Services infrastructure for security update scanning. Please help us improve the quality of this release. We are currently accepting nominations into the MBSA 2.0 beta program. To nominate yourself for the beta, visit
http://beta.microsoft.com, sign in to the system using your Passport ID and a guest ID of "MBSA20" and complete the survey.

More info on http://www.microsoft.com/technet/security/tools/mbsahome.mspx. Especially interesting for WUS beta testers (see http://www.microsoft.com/windowsserversystem/wus/default.mspx).

Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

It's available now on http://www.microsoft.com/technet/prodtechnol/windowsserver2003/servicepack/default.mspx. As I'm giving a training the next couple of days, I'm going to wait to install it till next week (hope it can be installed on top of RC1). There seem to be quite some changes on the Security Configuration Wizard.Del.icio.us | Digg It | Technorati | Blinklist | Furl | reddit | DotNetKicks

More Posts Next page »