Browse by Tags

Tagged Content List
  • Blog Post: Back to VBA

    Today I needed to write a fairly simple piece of code to manipulate some Excel documents, and I chose to do it in VBA. That might sound like heresy for someone who used to work on Visual Studio Tools for Office, but since I switched teams I feel no obligation to use that stuff any more ;-) Just...
  • Blog Post: Dr. Strongname, or: How I Learned to Stop Worrying and Love the URL

    One of the problems with the Trustworthy Computing initiative is that many of our products have become harder to use as a result, either due to configuration changes or documentation changes. For example, Windows Server 2003 now ships with pretty much everything turned off by default, but customers that...
  • Blog Post: Show me the money!

    A member of the VSTO team just came to my office and asked, "Is it bad to trust all Office documents on the Local Intranet?" That's a good question, and after answering it for him I thought it was also worth blogging about (plus I'm hanging around the office waiting until I have to leave to take...
  • Blog Post: It's OK to tell people what they already know

    I like it when people send me e-mail with security questions. I like it because it implies two things: 1) The person is thinking about the security implications of their code, and has recognised a possible problem; and 2) The person realises that they need to seek help to get the right answer...
  • Blog Post: Code Repurposing and Untrustworthy Data

    This is just a generic launching place for four other blog entries, since I seem to send them to people on a regular basis and sending one URL is easier than four :-) Code repurposing · http://weblogs.asp.net/ptorr/archive/2003/10/16/56270.aspx · http://weblogs.asp.net...
  • Blog Post: When is the Local Intranet not the Local Intranet?

    When it's in another zone, of course. One of the recommendations we give for setting policy on VSTO projects is to sign your assembly (either with an Authenticode certificate or a strongname) and then trust that key only for a specific computer (eg, your deployment server) or for a specific Zone...
  • Blog Post: A useful regfile for VSTO

    Here's a quick post with a regfile you can use to help you test your VSTO projects. Cut and paste the text below into a text file (be careful of line wrapping) and save it with a reg extension. Then open up regedit (as a member of the Administrators group) and select File -> Import... from the...
  • Blog Post: Why does Outlook have an OM?

    This one could be controversial ;-) In a recent comment, Edd James (note to Edd: that link gives a 403) asks why Outlook and Excel " need this ability to run scripts/macros [?]" First I want to clear up a common misconception about Outlook: Despite what the endless ill-informed posters on...
  • Blog Post: Top 5 List

    Julie is looking for input on a Top 5 Good / Bad Things about VSTO list over on her blog. If you have any others to add, surf on over and help her out ;-)
  • Blog Post: Follow up to "Don't trust that data"

    Eric makes some good points in a comment to my last post . Nevertheless, the forces of evil within me compel me to respond anyway. (You should have blogged it, Eric ;-) ). Eric's main point is that the employee doesn't need to use formulas in order to fool the expense report system -- he can...
  • Blog Post: Don't trust that data!

    A while ago I wrote a couple of blog entries on code repurposing and some mitigations , and one of the main causes of that problem is that developers inherently trust data. The text box caption says Name , so it's always gonna contain the user's name, right? Nobody is ever going to put a SQL query or...
  • Blog Post: Another VSTO Blogger

    Eric Carter has started blogging! That makes two out of our three Erics on the VSTO team blogging. Eric Carter works on building the next-generation programming model for VSTO 2 and doing an amazing array of other really cool things. And if you happen to spill salsa all over your sweatshirt...
  • Blog Post: Evidence is important, even if it grants no permissions

    In a comment to my old VSTO security blog entry, Enrico Sabbadin asks why we can't just remove the Zone evidence from an assembly before creating the AppDomain. Good question, and Siew Moi bugged me about blogging this a long time ago as well, so I guess now is as good a time as any (it's a blogging...
  • Blog Post: Balancing Security and Usability

    I'm often tempted to write about viruses and what I think the next "innovation" might be, but then I get scared that I might get put in jail (or deported) should any of my ideas ever see the light of day. (Not that I think the virus writers need any help coming up with new ideas, but you know what I...
  • Blog Post: The Amazing Disappearing Templates Act

    As reported in the VSTO Newsgroup (can't...find...link) and on Julie's blog , if you try and access ThisApplication.Templates.Count from VSTO, you end up with only one (Normal.dot) instead of the n (where n > 1) entries you were expecting. I finally got off my lazy body part and did a quick...
  • Blog Post: Andrew Whitechapel's blog

    Laugh-a-minute Andrew Whitechapel has started a blog at http://blogs.officezealot.com/whitechapel/ Andrew (like the other Andrew ) hails from the UK, and even though he likes the Pet Shop Boys he promises to try very hard not to mention them. He should, nevertheless, have some great info on managed...
  • Blog Post: New VSTO 2 blog

    A new blog for the VSTO 2.0 product has been started at http://weblogs.asp.net/vsto2 I was too busy working this weekend to blog, but I have some things in the pipe. Maybe I'll get around to doing them this week. In the words of Ahnold, I need a vacation .
  • Blog Post: Why you can't catch some exceptions

    If you've been using .NET (or any previous exception-based languages like JScript or C++) for a while then you are probably used to doing something like this: try { someObject . MethodThatMightFail () } catch ( ex ) { print...
  • Blog Post: Where VSTO creates the project folder

    Julie wrote to me with a problem about where VSTO creates its DLLs and how they get trusted. Hopefully this will help ;-) The other day I blogged about how referenced assemblies are copied around, but there's another piece to the puzzle. If you use the New Project wizard to create a VSTO project...
  • Blog Post: MyDoom and VSTO

    I've blogged a lot about the VSTO security model , and many customers have been frustrated / confused by the tight security policy we use. Why on earth would we not trust code just because it's on the local machine? Well, one of our main scenarios for the VSTO model (and one that I demo-ed at TechEd...
  • Blog Post: Using referenced assemblies in VSTO

    OK, a quick one to finish up. When you add a reference to a "private" (non-GACed) assembly to a VSTO project, you'll need to grant it trust if it needs more than basic Execution permission. But where to grant trust? Some background information for folks who aren't aware of how assemblies are loaded...
  • Blog Post: Beware of AutoSave and DocumentBeforeSave

    One of the cool things about Word is that it auto-saves your work so that if the machine dies or the app crashes you can get most of it back again. One of the other cool things about Word is that you can customise the built-in dialogs -- such as the Save As dialog -- to save yourself some development...
  • Blog Post: Clinick's Clinic is back!

    My "old" boss (he hates it when I say that <g>) Andrew Clinick has started blogging . He'll be talking about VSTO 2, scripting, and other stuff. Hopefully he'll adopt dotWord and update it to VSTO 2.0 :-)
  • Blog Post: SD Times mentions VSTO security

    There's an article about VSTO at SD Times . One of the things they point out is that VSTO is the first Microsoft developer product that really enforces a strong security policy , and that this is the way of the future (think Longhorn). The author also likes the network-based deployment model, although...
  • Blog Post: Always making the wrong decision

    Paul Stubbs and I both work on the Visual Studio Tools for Office team at Microsoft. Other bloggers from VSTO include Eric Lippert and the User Education team, but Paul and I work closely together on the same sub-team, doing stuff I can't really talk about yet. <sigh>. Paul and I get along very...
Page 1 of 2 (35 items) 12