Blog - Title

27 Jan 2004

  • Peter Torr's Blog

    New VSTO 2 blog

    • 0 Comments
    A new blog for the VSTO 2.0 product has been started at http://weblogs.asp.net/vsto2 I was too busy working this weekend to blog, but I have some things in the pipe. Maybe I'll get around to doing them this week. In the words of Ahnold, I need a...
  • Peter Torr's Blog

    A new name for Windows?

    • 6 Comments
    In unrelated news, we were joking about silly words at dinner. One of our developers said he hated the word "performant" and that Microsoft was the only place where you would hear it (clearly he is mistaken ). Of course I said I didn't like "so" and ...
  • Peter Torr's Blog

    Good discussion of code auditing

    • 5 Comments
    Dana has another great blog about auditing code in open and closed environments. Along with the "many eyes" fallacy used for open source development, I'd also like to see someone with more time on their hands than me tackle the equally fallacious...
  • Peter Torr's Blog

    Romance in Movies

    • 1 Comments
    So today is "Let's-Make-All-The-Single-People-Feel-Bad-About-Themselves Day," but I'm not about to get upset over a simple chemical imbalance (courtesy of Slashdot ). An interesting thought: People get upset about violence in film and how it supposedly...
  • Peter Torr's Blog

    GetObject and LinkDemands

    • 3 Comments
    A few weeks ago I posted a blog entry about a security problem we found with JScript .NET's GetObject method before the initial release of the CLR. Talking about the problem in full would take a while, and I want to get through a few blogs today, so some...
  • Peter Torr's Blog

    Things to come

    • 0 Comments
    Just a quick post to say that I do intend to follow up on the GetObject post and the Five Phases of Security series . I also have about a half-dozen other blogs I want to write... maybe some of that will happen this weekend, but next week will be pretty...
  • Peter Torr's Blog

    A ridiculous "security" tool

    • 8 Comments
    Reading Bugtraq today I saw this message about a "vulnerability" in Windows. Apparently -- get this -- if someone has the ability to install arbitrary system software on your computer, they can replace the SLL library used by IE and log all your internet...
  • Peter Torr's Blog

    Why you can't catch some exceptions

    • 4 Comments
    If you've been using .NET (or any previous exception-based languages like JScript or C++) for a while then you are probably used to doing something like this: try { someObject . MethodThatMightFail () ...
  • Peter Torr's Blog

    Don't use ApplicationClass (unless you have to)

    • 15 Comments
    A comment on Mike Howard's blog exhibits a common problem that I see time and time again: developers are creating instances of Word.ApplicationClass or Excel.ApplicationClass in their projects. Even though it's the wrong thing to do, I don't blame...
  • Peter Torr's Blog

    IE patch and other stuff

    • 4 Comments
    It's time to go to Windows Update to get the latest IE updates, including the %01 bug address bar bug. In other news, Dana has a blog entry about the WSH security settings . Jeroen has an interesting blog about building a JVM on .NET . The X5...
  • Peter Torr's Blog

    Where VSTO creates the project folder

    • 4 Comments
    Julie wrote to me with a problem about where VSTO creates its DLLs and how they get trusted. Hopefully this will help ;-) The other day I blogged about how referenced assemblies are copied around, but there's another piece to the puzzle. If you...
  • Peter Torr's Blog

    MyDoom and VSTO

    • 4 Comments
    I've blogged a lot about the VSTO security model , and many customers have been frustrated / confused by the tight security policy we use. Why on earth would we not trust code just because it's on the local machine? Well, one of our main scenarios...
  • Peter Torr's Blog

    Gandalf is Dracula!

    • 4 Comments
    Many of you probably know that Sir Ian McKellen played both Gandalf in The Lord of the Rings and Magneto in X-Men . But did you also know he plays Dracula in the Pet Shop Boys ' 1988 music video Heart ? I didn't, at least until I listened to the commentary...
  • Peter Torr's Blog

    Hacking IE Security Zones

    • 10 Comments
    Warning : This entry contains information about editing the registry. Editing the registry could mess up your machine. Also , the changes described here will cause some web sites (and possibly even some local applications) to stop working correctly. That...
  • Peter Torr's Blog

    Using referenced assemblies in VSTO

    • 2 Comments
    OK, a quick one to finish up. When you add a reference to a "private" (non-GACed) assembly to a VSTO project, you'll need to grant it trust if it needs more than basic Execution permission. But where to grant trust? Some background information for...
  • Peter Torr's Blog

    Francis Francis! X5 and ESE pods

    • 22 Comments
    Warning: this entry has nothing to do with code. As I blogged earlier (I think!) I have a rather nice espresso machine at home. You can pick one up for yourself at Whole Latte Love (that pun makes my dear friend wince :-) ) but it's a bit big...
  • Peter Torr's Blog

    Not calling your parent constructor

    • 4 Comments
    Earlier today, JArnold wrote a blog entry that looked at an instance-based constructor hack that is similar (in an opposite kind of way) to my earlier post on class constructors . Whilst JArnold's blog is 100% correct, there's an important distinction...
  • Peter Torr's Blog

    Beware of AutoSave and DocumentBeforeSave

    • 9 Comments
    One of the cool things about Word is that it auto-saves your work so that if the machine dies or the app crashes you can get most of it back again. One of the other cool things about Word is that you can customise the built-in dialogs -- such as the Save...
  • Peter Torr's Blog

    Calling class constructors twice

    • 5 Comments
    Yesterday I blogged about a bug that you could exploit in JScript .NET, and the other day I made a comment on Eric's blog about compiler-enforced rules versus runtime-enforced rules. Here's a quick story about one such rule that we fixed before the CLR...
Page 1 of 1 (19 items)