Brian Johnson's Startup Developer Blog

March, 2004


    Visual C++ FAQ

    Today we updated the Visual C++ Frequently Asked Questions page. If you have any questions that you want added to the list, go ahead and ask them here and I'll try to get them added to the list.

    MBSA Chat on Wednesday

    There's an MBSA chat tomorrow at 2:00 P.M. Pacific Time (22:00 UTC/GMT). You can read more about it on the Microsoft Chats page. This is a very important tool for determining the security status of your workstations and servers.
    MBSA (Microsoft Baseline Security Analyzer) v1.2 Join us for a discussion on MBSA, a free downloadable tool to help you establish a baseline of technical security for your Windows Servers and Clients.
    Here's a link to MBSA.

    Tim Bray at Sun

    I see today that Tim Bray is now working for Sun. It's an interesting world we live in. :)

    DLL Tutorial on The Code Project

    People ask about accessing DLLs all the time and now there's a clear little tutorial on The Code Project on just that subject:
    Regular DLL Tutor For Beginners
    This tutorial is in five parts. It gives a step by step procedure for developing a Win32 DLL and a regular MFC DLL object. There are three client applications, two Win32 console applications (one for Load Time linkage and the other illustrates Run Time linkage), the third DLL client application uses the shared MFC Library.

    New Article

    Today we started headlining Kang Su Gatlin's article, Profile-Guided Optimization with Microsoft Visual C++ 2005 on the Visual C++ Developer Center. You'll definitely want to take a look at this article for an introduction to this topic.

    You'll notice that we're changing much of our naming on the site for the next version of Visual C++ from "Visual C++ Whidbey" to "Visual C++ 2005". We'll try to keep the codename "Whidbey" in at least the first reference to the product to help avoid confusion. You can find out more about future versions of Visual Studio and Visual C++ by checking out the Microsoft Developer Tools Roadmap.

    Reminder: Visual C++ Webcast Tomorrow

    Just a reminder... be sure to check out the Visual C++ webcast tomorrow (Monday, March 15th):

    MSDN Webcast: Managed and Native code in Longhorn – Roadmap for Existing C/C++ Applications
    Join Microsoft® experts from the Visual C++® Product Group to discuss the roadmap, best-practices and recommendations for moving existing C/C++ Win32/MFC applications to Longhorn. In this webcast we will also explore topics such as C++ and the CLR, mixing native and managed code, COM interop, migrating to WinFX and the future of MFC.

    Taking this off of the Visual C++ feed now that the event has occurred.

    I've updated with a link to the archive.


    Application Security Best Practices at Microsoft

    Microsoft has published another paper from the IT group describing some of their best practices and experiences. The download page links to a paper and a PowerPoint presentation. From the Lessons Learned section of the paper:
    Microsoft IT's effort to inventory, assess, and, if necessary, fix security vulnerabilities that it discovers in its internal applications has proven to be successful. Microsoft IT has a much better grasp of the number and complexity of the applications that are used to run the company's day-to-day business. Any vulnerability discovered in one application was noted and searched for in other applications.

    You can download the slides and the paper here:

    Application Security Best Practices at Microsoft


    New Security Developer Center Page Design is Live


    As I mentioned a few days ago, we've redesigned the Security Developer Center to include my weblog along with a few other new features. My site manager Mark Olwick really made this possible and I couldn't be happier with the result.

    A quick tour of the new features:

    • Three headlines at the top with graphics allows for the presentation of a more focused set of articles.
    • The Other Resources section on the right gives us a place to highlight important information in a somewhat persistent manner.
    • The Recent Headlines link will start to give you a place to look for past headlines that have been run on the site. (As soon as I update the feed.)

    One other thing I wanted to mention today was that a new Microsoft Security Newsletter went out this week. You'll now be able to find a link to the most recent issue in the Other Resources section on the Security Developer Center. You'll want to check out the article On Measuring Progress by Jeff Jones.

    So let us know how you like the new page and how we can make it easier for you as a developer to find the security information that you need. You can leave a comment here, or you can always drop me a note at


    Stan Lippman on Boxed Value Types

    Stan answers a reader comment on value types. Cutting to the chase...
    Having the right Type Vocabulary to discuss Boxed Value Types ... In the revised language, currently under ECMA standardization as C++/CLI, implicit boxing is supported, and the general user is left blissfully unaware of the potential overhead of the call.

    IIS 6 Security on SecurityFocus


    There's an article by Rohyt Belani and Michael Muckin up on SecurityFocus that provides a great overview of the security features of IIS 6.0. From the conclusion:

    IIS 6.0 Security
    ...IIS 6.0 is a step in the right direction, by Microsoft, to help organizations improve their security postures. It provides a reliable and secure infrastructure to host web applications. The improved security can be attributed to the secure default configuration, the evident emphasis to security in the design process and enhanced monitoring and logging capabilities of the IIS 6.0 server.

Page 2 of 4 (31 items) 1234