Brian Johnson's Startup Developer Blog

February, 2005


    Windows Resource Kits

    If you haven't looked at this before, the links on this page go to some of the best information you can get on Windows. I keep having to search for this, and so I'm making a blog note to myself. :)
    Windows Deployment and Resource Kits
    Here are a few of the top links:
    Windows Server 2003 Technical Reference Windows Server 2003 Resource Kit Tools Windows XP Professional Resource Kit Documentation Other Resource Kits

    Security Updates for February

    The Windows Security Updates for February have been posted. Here's a link to the page:
    Windows Security Updates Summary for February 2005
    The security updates for February 2005 include several high-priority updates for Microsoft Windows that also affect Microsoft SharePoint, Microsoft Internet Explorer, and Microsoft Media Player technologies. If you have any of the software listed on this page installed on your computer, you should install the updates from Windows Update.
    Here's a link to the Microsoft Security Bulletin Summary on TechNet. Also note that there are two Webcasts planned for information around the February bulletins:
    Information about Microsoft's February Security Bulletins (Level 100)
    Wednesday, February 09, 2005 11:00 AM-1:00 PM (GMT-08:00) Pacific Time (US & Canada).
    We are extending this webcast by one hour this month to allow additional time to answer customer questions about the details and deployment of the updates.

    Supplemental Technical Information about Detection and Deployment of Microsoft's February Security Updates (Level 200)
    Thursday, February 17, 2005 11:00 AM 12:00PM (GMT-08:00) Pacific Time (US & Canada)

    April Reagan is Blogging

    April Reagan is a box PM for the Visual C++ team and she's one of my favorite people over in building 41. She's got a blog now and in her first post she explains, among other things, what a box PM is. Check out her blog here (rss). Here's a link to her first post, be sure to stop by and say hi!
    Introduction: A Day in the Life of a Box PM
    A box program manager is basically a project manager without any direct reports (unless, of course you are a box PM lead). In other words, I drive the team from a peer stance. Minding the product cycle and keeping feature teams in check and on schedule is only one small part of the job. Box PMs are ultimately on the hook for everything that ships in the "box." This PM must pick up (or at least prioritize and delegate) all of the loose ends that don't neatly fit into a feature/component area - setup, help, samples, end-to-end product scenarios, customer programs, legal, servicing and external issues, just to name a few.

    Reminder: Digital Blackbelt Series

    The first webast in this series is about to begin.
    MSDN Webcast: Digital Blackbelt Series: The Software Security Crisis: Selling Management on the Need to Invest in Secure Software Development (Level 100)

    Friday, February 4, 200511:00 A.M.12:00 P.M. Pacific Time, United States and Canada (UTC-8)
    Tune in for an introduction to the Digital Blackbelt Series. Learn about the evolving "Secure Culture" at Microsoft Corporation and how your company can save money by spending defensively.
    Here's the page with all the information about the series.

    It's the little things...

    It's amazing to find a feature that you didn't know existed in a product you use all the time. I have (casually) looked for a way to write in white on black in Microsoft Word for years. Today, I was reformatting a document in Word 2003 and I noticed that the Themes menu item was there on the Format menu. Funny, I've used that item extensively in FrontPage, but I never noticed it in Word before. I thought, wow, I can probably use this to type in white on black. So I tried it by applying the Zero theme to a document and it works.

    I don't know what it is about white on black that makes it easier for me to write, but I find the difference amazing. (Probably because I grew up on Wordstar, and character based code editors.) I've tried using the white on blue option in Word, but that was never really what I wanted. This is very exciting in a retro-geek sort of way. I wonder how long its been in the product? Years? I wonder what other features I don't know about.

    Visual C++ Developer Center

    We made some tweaks to the Visual C++ Developer Center today. We added the top five threads from three different newsgroups to the home page. This will make it easy to see what people are talking about around Visual C++ in the newsgroups. For now, I've added the following groups:
    This is sort of an experiment. Add a reply to this thread to let me know if you find it useful or if it causes any difficuties in reading the page.

    Wired: Hide Your IPod, Here Comes Bill

    Well, here's an article that doesn't trim at all with what I've seen at Microsoft. My first thought is, the only people who might give somebody a hard time about a music player are people like me, and it's all in fun. Second, I've seen a couple of music players on people as they walk around campus and most of the time that player isn't an iPod as far as I can tell.
    "About 80 percent of Microsoft employees who have a portable music player have an iPod," said one source, a high-level manager who asked to remain anonymous. "It's pretty staggering."
    If this sentence is true, I don't see it. I don't know of any gadget polls given company wide, so I have no idea where such a number would come from.

    iPods are fine machines. I had one. I sold it. :) There are just too many choices now to limit yourself to one brand or player. I think it's interesting that last spring, Yusuf Mehdi gave a speech where he touched on the idea that media players would proliferate and go down in price. (I blogged about it here.) Very prophetic in light of the new shuffle devices.

    Michael Howard on Safer CRT

    Mike Howard posted a little item on Safer CRT and the relationship between DevDiv (Developer Division) and SBU (Security Business Unit). He promises more posts on security features in Whidby. I get to work with both groups on a regular basis and it's nice to see the great stuff that can come from this sort of cross-group collaboration. The post is here:
    Security Stuff in Whidbey - The Safer CRT
    There has always been a very strong relationship with our team and the developer division (aka DevDiv), in part because they take some of our ideas and turn them into solutions that can be used by our developer customers. And I want to take an opportunity over the next few days to outline some of the excellent security stuff added to Whidbey, most of which you will see when beta 2 ships.

    One of my favorites is a more up-to-date C runtime library, dubbed the Safer CRT. Let's face it, the CRT of 20 or so years ago has turned out to be a little, well, challenging to use from a security perspective. When David and I wrote Writing Secure Code we wrote an appendix describing "issues" with certain functions in Windows and the CRT. The CRT library folks, under the watchful eye of Martyn Lovell, decided to fix the "Appendix A Problem" and they did so with the Safer CRT.

    Office 2003 XML Reference Schemas

    Everything you every wanted to know about them is located here:
    Office 2003 XML Reference Schemas
    Microsoft offers open and royalty-free documentation and licenses for the Microsoft Office 2003 XML Reference Schemas. These Reference Schemas include SpreadsheetML (the schema for Microsoft Office Excel 2003), FormTemplate Schemas (the schema for Microsoft Office InfoPath 2003), WordprocessingML (the schema for Microsoft Office Word 2003), and and DataDiagramingML (the schema for Microsoft Office Visio 2003). The Schemas provide developers and representatives of business and government a standard way to store and exchange data stored in documents. Learn more about these technologies and how you can take advantage of them.
    You can download the schemas and documentation here. Be sure to read Jean Paoli's Clarification of License Terms for Office XML Schema, for the scoop on icense terms.

    AWStats Exploits on Apache/Linux

    It looks like a vulnerability in the AWStats tool that runs on Apache is causing some troubles for people who aren't patched to the latest version. I woundn't mention it normally as this runs on Linux, but I've seen at least one person who's blog server was attacked and I want to make sure that people running Apache servers patch themselves against this. (There's a warning you should read on the AWStats site.) I've seen a couple of bizarre redirects the last couple of days and I suspect this might have something to do with it. Here's a link to some Sans coverage of this exploit.
Page 2 of 3 (22 items) 123