Browse by Tags

Tagged Content List
  • Blog Post: Code Repurposing and Untrustworthy Data

    This is just a generic launching place for four other blog entries, since I seem to send them to people on a regular basis and sending one URL is easier than four :-) Code repurposing · http://weblogs.asp.net/ptorr/archive/2003/10/16/56270.aspx · http://weblogs.asp.net...
  • Blog Post: A useful regfile for VSTO

    Here's a quick post with a regfile you can use to help you test your VSTO projects. Cut and paste the text below into a text file (be careful of line wrapping) and save it with a reg extension. Then open up regedit (as a member of the Administrators group) and select File -> Import... from the...
  • Blog Post: VBA Take Two: Responding to some comments

    The other day, Karl Levinson added a comment to my previous entry about the Outlook OM. He raises some interesting points, so I thought I'd reply here. (Karl, please don't take any of this personally; I hear the same arguments from people all the time, and it's something I believe very strongly in -...
  • Blog Post: Why does Outlook have an OM?

    This one could be controversial ;-) In a recent comment, Edd James (note to Edd: that link gives a 403) asks why Outlook and Excel " need this ability to run scripts/macros [?]" First I want to clear up a common misconception about Outlook: Despite what the endless ill-informed posters on...
  • Blog Post: Follow up to "Don't trust that data"

    Eric makes some good points in a comment to my last post . Nevertheless, the forces of evil within me compel me to respond anyway. (You should have blogged it, Eric ;-) ). Eric's main point is that the employee doesn't need to use formulas in order to fool the expense report system -- he can...
  • Blog Post: Don't trust that data!

    A while ago I wrote a couple of blog entries on code repurposing and some mitigations , and one of the main causes of that problem is that developers inherently trust data. The text box caption says Name , so it's always gonna contain the user's name, right? Nobody is ever going to put a SQL query or...
  • Blog Post: Balancing Security and Usability

    I'm often tempted to write about viruses and what I think the next "innovation" might be, but then I get scared that I might get put in jail (or deported) should any of my ideas ever see the light of day. (Not that I think the virus writers need any help coming up with new ideas, but you know what I...
  • Blog Post: Andrew Whitechapel's blog

    Laugh-a-minute Andrew Whitechapel has started a blog at http://blogs.officezealot.com/whitechapel/ Andrew (like the other Andrew ) hails from the UK, and even though he likes the Pet Shop Boys he promises to try very hard not to mention them. He should, nevertheless, have some great info on managed...
  • Blog Post: Don't use ApplicationClass (unless you have to)

    A comment on Mike Howard's blog exhibits a common problem that I see time and time again: developers are creating instances of Word.ApplicationClass or Excel.ApplicationClass in their projects. Even though it's the wrong thing to do, I don't blame them for doing that. I blame IntelliSense. ...
  • Blog Post: Beware of AutoSave and DocumentBeforeSave

    One of the cool things about Word is that it auto-saves your work so that if the machine dies or the app crashes you can get most of it back again. One of the other cool things about Word is that you can customise the built-in dialogs -- such as the Save As dialog -- to save yourself some development...
  • Blog Post: Word Shortcuts

    Ever wanted to move some text around in a Word document, but didn't want to go through the hassles of copy and paste? Just select the text, hit F2 , move the cursor to where you want the text to be, and hit Enter . Using Shift+F2 will copy the text instead of moving it. If you want...
  • Blog Post: You can use Excel templates with VSTO 1.0

    If you've tried out VSTO (and you should :-) ) then you may have noticed that Word has both Document and Template projects whilst Excel has only a Workbook project. If you were thinking that the reason was because Excel was naughty but Word was nice, you'd be half right. And if you were thinking it had...
  • Blog Post: Hacked up using dotWord

    I'm posting this with a hacked-up version of WordBlogX that has been trivially modified to talk to the .Text web service instead. Hopefully it will all go well, in which case I can continue using Word to write my posts, and sooner or later Rob will figure out how to do his custom action in setup and...
  • Blog Post: What does "Save As..." mean, anyway?

    I'm in the middle of writing another blog entry about saving (note to self: add a link later) which made me want to write briefly about something related that bothers me quite regularly. Professionally, that is, not personally ;-) A lot of applications (like Microsoft Office Word, for example,...
  • Blog Post: Cross-application coding and other questions

    Here's some questions for any of you that do (or perhaps would like to do) Office development. They are more targeted at non-professional developers using VBA (how many of them read my blog?) but even if you're a seasoned pro and you feel like answering, more power to you (and me! Ha!). Your answers...
  • Blog Post: OfficeZealot Blogs

    The guys over at OfficeZealot have started blogging... hopefully they'll get some interesting discussions going about Office development and how we can make it better in Office 12 and beyond. Chris' blog Charles' blog John's blog
  • Blog Post: VSTO Security Model

    I somehow (?) came across a blog where a customer wonders how VSTO tightens up security. That's an interesting story. As many of you will know, Office already has a security model for VBA and COM Add-Ins that is based on two types of evidence (digital signatures and "installed" code) and...
  • Blog Post: PDC Session on Office Development with VS "Whidbey"

    If you're going to the PDC in LA this year and you're interested in Office development, you should add Reza Chitsaz's session to your calendar (TLS346). He has some great content and some really cool demos showing the new stuff that will be coming out in the future. And we only just released VSTO 1.0...
  • Blog Post: Mitigating Code Repurposing Attacks

    As I mentioned in a previous blog , there are some pretty creative (and destructive) things people can do with your code if you're not careful. Just as a kitchen knife can be used to cut cheese or to kill someone, so your code can be used to increase productivity or wreak digital havoc. It's not all...
  • Blog Post: Part ][ is coming...

    So the other day I wrote an entry about code repurposing, and how it was the end of the world. Hopefully this weekend I will finish off the other side of the story, where I will talk about some of the mitigation strategies you can use to protect your users from these kinds of problems.
  • Blog Post: Code Repurposing

    [Ed: I've now posted a follow up entry to this blog that talks about some strategies you can use to mitigate the kinds of problems outlined in this blog entry] <sigh> Code repurposing really blows. And it sucks. It sucks and it blows. And not necessarily in that order! This blog could be...
  • Blog Post: Another debugging tip

    I wrote about a few debugging tips for VSTO the other day. Something else just came up this morning that I should add. Does this scenario sound familiar? You decide to create a new VS project You click through all the default dialogs, ignoring the silly default name (you'll change it later)...
  • Blog Post: More VSTO Press

    VSTO has been picked by a few more places; you can pick your favourite link from Google News results or just go straight to the Australian version :-) Now if this would somehow make it to Slashdot , I could retire happy. I would have written an entry last night had my laptop keyboard not died on...
  • Blog Post: Old Fashioned Security

    The other day I decided to write one of my very good friends a letter. Not one of those new-fangled electronic letters - no - but a real honest-to-goodness pen-and-paper it-costs-real-money-to-send ye-olde-fashioned hand-written letter. Given that sending a real letter is something of a special occasion...
  • Blog Post: Successfully debugging VSTO projects

    It seems that everyone I know who is writing a blog has a long list of things they want to talk about, and the list grows faster than they can write entries. This is fundamentally different from the way newsgroup postings work, where it's very much a reactionary thing (someone posts a question and then...
Page 1 of 2 (37 items) 12