Alan Myrvold has a new post on the Office 2010 engineering blog covering password complexity and related functionality in Office:
http://blogs.technet.com/office2010/archive/2009/10/16/enabling-password-rules-for-office-2010.aspx
Encouraging to see more thought and effort being put into software test patterns. Alan Page recently posted on this topic over at the MS Press Blog.
Here's a C# code snippet for iterative tree traversal of elements in an XML document using XPathNavigator that takes advantage of parent pointers.
[
download source ]
test.xml
1 <?xml version="1.0" encoding="UTF-8" standalone="no" ?>
2 <test>
3 <a/>
4 <b/>
5 <c>
6 <c1/>
7 <c2>
8 <c2i/>
9 <c2ii/>
10 </c2>
11 </c>
12 </test>
test.cs
1 using System;
2 using System.Xml.XPath;
3
4 public class IterativeTraversal
5 {
6
7 public static void Main()
8 {
9
10 XPathDocument doc = new XPathDocument("test.xml");
11 XPathNavigator nav = doc.CreateNavigator();
12 nav.MoveToFollowing(XPathNodeType.Element); /* skip xml decl */
13 XPathNavigator startPosition = nav.Clone();
14
15 bool leaf = false;
16 bool searching = false;
17
18 do
19 {
20 leaf = true;
21 if (nav.HasChildren)
22 {
23 nav.MoveToFirstChild();
24 if (nav.NodeType == XPathNodeType.Element)
25 {
26 leaf = false;
27 nav.MoveToParent();
28
29 /* begin processing interior node */
30 Console.WriteLine(nav.Name);
31 /* end processing interior node */
32
33 nav.MoveToFirstChild();
34 }
35 else
36 {
37 /* parent was a leaf element, this child was not*/
38 nav.MoveToParent();
39 }
40 }
41
42 if (leaf)
43 {
44 /* begin processing leaf node */
45 Console.WriteLine(nav.Name);
46 /* end processing leaf node */
47
48 if (!nav.MoveToNext(XPathNodeType.Element))
49 {
50 do
51 {
52 searching = false;
53 nav.MoveToParent();
54 if ((!nav.IsSamePosition(startPosition)) &&
55 (!nav.NodeType.Equals(XPathNodeType.Root)))
56 {
57 if (!nav.MoveToNext(XPathNodeType.Element))
58 {
59 /* no next sibling, search for parent's next sibling */
60 searching = true;
61 }
62 }
63 } while (searching && !nav.IsSamePosition(startPosition) && !nav.NodeType.Equals(XPathNodeType.Root));
64 }
65 }
66 } while (!nav.IsSamePosition(startPosition) && !nav.NodeType.Equals(XPathNodeType.Root));
67
68 }
69 }
My first article on the topic of security testing and risk management is now published in the March 2009 issue of Testing Experience magazine, pages 28-30.
http://www.testingexperience.com/subscribe.php (free online subscription takes you to PDF download)
The Office security team typically targets memory-corruption bugs in the software like buffer overruns, integer overruns, and format strings...
http://www.darkreading.com/document.asp?doc_id=159305
"posting nearly 5,000 pages of new technical documentation for the Microsoft Office binary file formats for Word, Excel and PowerPoint"
Press release:
http://www.microsoft.com/presspass/press/2008/jun08/06-30InteropUpdatePR.mspx
Technical specs:
http://go.microsoft.com/fwlink/?LinkId=122062
Great article on testing by James Rodriguez that I just came across, you can learn a lot in Little League!
http://msdn2.microsoft.com/en-us/library/bb968981.aspx
This reminds me of a funny thing that happened last year. At the start of baseball season they have parents come together and help prep the neighborhood field. There were about 100 people all out there en masse doing grunt work with shovels and wheelbarrows. I was covered in mud trying to fix a drainage problem near the batting cages. Anyway, a guy comes through asking if there was anybody with carpentry expertise. Silence. Not that there was a shortage of folks ready for some other task. Suddenly another guy pipes up "need any software engineers?" to break the tension and a big knowing laugh went down the line. :)
The Unintended Consequences of the Information Age Lecture Series: Our Infrastructures: Online and Vulnerable?
Jointly sponsored by The Center for Information Assurance and Cybersecurity, UW-INSER, the MS Program in Strategic Planning for Critical Infrastucture, Pacific Northwest National Laboratory and the Information School, this series provides a compelling case for increased research in cybersecurity as related to critical infrastructure.
Part 1 will air on UWTV at the following times:
- Monday October 29 at 6pm
- Wed Oct 31 at 11pm
- Thurs November 1 at 10:30am and 7pm
- Friday Nov 2 at 4pm
- Sunday Nov 4 at 3pm
Future airdates will be posted later on the UWTV website:
http://www.uwtv.org/programs/displayevent.aspx?rID=20354&fID=2095
Something I will definitely be keeping my eyes on. Stuff like this tells me we've come a LONG way since the 1990's ...
"After a great deal of work between the Moonlight and .NET teams, we’re ready to formally announce that we (Microsoft and Novell) will be bringing Silverlight to Linux, fully supported and including application and media codec compatibility."
http://port25.technet.com/archive/2007/09/05/silverlight-on-linux.aspx
Port 25 is running video on what they're calling "dynamic language runtime" with some innovative type system implementations at the core.
"big trick is deferred compilation ... looks a lot like linq expression trees ... backend can decide on different optimizations ... we can take the code and specialize it for the different types ... "
[1/2] http://port25.technet.com/archive/2007/04/30/python-java-ruby-oh-my-cross-platform-net-framework.aspx
[2/2] http://port25.technet.com/archive/2007/04/30/ironruby.aspx
other links:
http://www.codeplex.com/IronPython/
http://blogs.zdnet.com/microsoft/?p=404
