Eric Lawrence tackles the often-misunderstood details of the "deny-read" part of the same-origin policy: http://blogs.msdn.com/ieinternals/archive/2009/08/28/Explaining-Same-Origin-Policy-Part-1-Deny-Read.aspx I've never heard it called "deny-read...

I recently had the experience of taking a home-grown app I've been writing and using for a while, and having other people start using it. Sure, of course it has some rough edges. But the people I work with are smart, they'll figure a way around it, right...

http://www.inc.com/magazine/20090901/joel-spolsky-setting-the-right-priorities.html Joel talks about some of the lessons he learned while starting Fog Creek and getting CityDesk off the ground. The moral of the story is: quality matters. FogCreek...

Why doesn't my XAP load on a cross-domain page? Probably because you're not setting the mime-type of the XAP to "application/x-silverlight-app". What's the point of this restriction? Well, we found during the development of Silverlight 2 that threats...

http://blackhat.com/html/bh-usa-09/bh-usa-09-archives.html I'm watching the Dowd presentation on how browser components attack each other, looks like good stuff.