Brian Johnson's Startup Developer Blog

February, 2005


    VS Editor Zoom

    In case you haven't seen this, it's an awesome add-in project that you'll want to try out. I found it via the vs2005news's WebLog. This add-in creates a zoom control toolbar that lets you specify the how much you want to magnify the text in Visual Studio. There's a project for Visual Studio 2003 and one for the 2005 December CTP in the project workspace. Check it out here:
    VS Editor Zoom: Workspace Home
    Just like Words zoom control, adjusting the value of this control will increase or decrease the font size in the Visual Studio Editor.
    To use this add-in, you'll need to build it. If you're not interested in debugging the project, I would unzip the project, then rebuild all. In the Solution Explorer window, right click on the setup project (ZoomAddinSetup) and click Rebuild. You'll find Debug and Release folders in the ZoomAddinSetup folder. Close Visual Studio and run the Setup.exe file in the Release folder. When you open Visual Studio again, look for a little toolbar that contains the control. Drag that onto your toolbar area for easy access.

    This looks like an especially cool add-in for people doing demos. You can work with a normal font and then you can zoom in on just the code you want the audience to see. Very nice. Get more information at the IDE team's Powertoys Page on GDN.

    Michael Howard on Safer CRT

    Mike Howard posted a little item on Safer CRT and the relationship between DevDiv (Developer Division) and SBU (Security Business Unit). He promises more posts on security features in Whidby. I get to work with both groups on a regular basis and it's nice to see the great stuff that can come from this sort of cross-group collaboration. The post is here:
    Security Stuff in Whidbey - The Safer CRT
    There has always been a very strong relationship with our team and the developer division (aka DevDiv), in part because they take some of our ideas and turn them into solutions that can be used by our developer customers. And I want to take an opportunity over the next few days to outline some of the excellent security stuff added to Whidbey, most of which you will see when beta 2 ships.

    One of my favorites is a more up-to-date C runtime library, dubbed the Safer CRT. Let's face it, the CRT of 20 or so years ago has turned out to be a little, well, challenging to use from a security perspective. When David and I wrote Writing Secure Code we wrote an appendix describing "issues" with certain functions in Windows and the CRT. The CRT library folks, under the watchful eye of Martyn Lovell, decided to fix the "Appendix A Problem" and they did so with the Safer CRT.

    Troubleshooting Visual C++ Issues

    Yesterday, I attended a meeting where MSDN Product Manager Justin Grant went over some of the pain points that customers are having when they visit MSDN. One of these points had to do with searching for the right answer when troubleshooting a problem. I think the issue is that the documentation and papers we post on MSDN aren't really oriented toward troubleshooting issues for the most part.

    What we do have though, is a great product support site that's dedicated to troubleshooting issues.
    Microsoft Visual C++ .NET 2003 Support
    With that in mind I'm going to add a troubleshooting link to the home page Visual C++ Developer Center and I'll also take a look at adding something like a top knowledge base articles control to the home page. Does a KB control sound like something useful on the site? Post a response to this thread and let me know.

    April Reagan is Blogging

    April Reagan is a box PM for the Visual C++ team and she's one of my favorite people over in building 41. She's got a blog now and in her first post she explains, among other things, what a box PM is. Check out her blog here (rss). Here's a link to her first post, be sure to stop by and say hi!
    Introduction: A Day in the Life of a Box PM
    A box program manager is basically a project manager without any direct reports (unless, of course you are a box PM lead). In other words, I drive the team from a peer stance. Minding the product cycle and keeping feature teams in check and on schedule is only one small part of the job. Box PMs are ultimately on the hook for everything that ships in the "box." This PM must pick up (or at least prioritize and delegate) all of the loose ends that don't neatly fit into a feature/component area - setup, help, samples, end-to-end product scenarios, customer programs, legal, servicing and external issues, just to name a few.

    Visual C++ Developer Center

    We made some tweaks to the Visual C++ Developer Center today. We added the top five threads from three different newsgroups to the home page. This will make it easy to see what people are talking about around Visual C++ in the newsgroups. For now, I've added the following groups:
    This is sort of an experiment. Add a reply to this thread to let me know if you find it useful or if it causes any difficuties in reading the page.

    Win32 to .NET API Map

    If you're doing managed development and you're searching for the .NET equivalent of your favorite Win32 functions, then this is the place to look. I think I reviewed this paper last year:
    Microsoft Win32 to Microsoft .NET Framework API Map
    This article identifies the Microsoft .NET Framework version 1.0 or 1.1 APIs that provide similar functionality to Microsoft Win32 functions. One or more relevant .NET Framework APIs are shown for each Win32 function listed. The intended audience for this article is experienced Win32 developers who are creating applications or libraries based on the Microsoft .NET Framework, but anyone looking for a managed counterpart for a Win32 function could find this document useful.

    Thanks to Steve for the head's up.

    Update: I thought this was updated, but I made a mistake on the year. It's still a great resource. :)


    AWStats Exploits on Apache/Linux

    It looks like a vulnerability in the AWStats tool that runs on Apache is causing some troubles for people who aren't patched to the latest version. I woundn't mention it normally as this runs on Linux, but I've seen at least one person who's blog server was attacked and I want to make sure that people running Apache servers patch themselves against this. (There's a warning you should read on the AWStats site.) I've seen a couple of bizarre redirects the last couple of days and I suspect this might have something to do with it. Here's a link to some Sans coverage of this exploit.

    Security Updates for February

    The Windows Security Updates for February have been posted. Here's a link to the page:
    Windows Security Updates Summary for February 2005
    The security updates for February 2005 include several high-priority updates for Microsoft Windows that also affect Microsoft SharePoint, Microsoft Internet Explorer, and Microsoft Media Player technologies. If you have any of the software listed on this page installed on your computer, you should install the updates from Windows Update.
    Here's a link to the Microsoft Security Bulletin Summary on TechNet. Also note that there are two Webcasts planned for information around the February bulletins:
    Information about Microsoft's February Security Bulletins (Level 100)
    Wednesday, February 09, 2005 11:00 AM-1:00 PM (GMT-08:00) Pacific Time (US & Canada).
    We are extending this webcast by one hour this month to allow additional time to answer customer questions about the details and deployment of the updates.

    Supplemental Technical Information about Detection and Deployment of Microsoft's February Security Updates (Level 200)
    Thursday, February 17, 2005 11:00 AM 12:00PM (GMT-08:00) Pacific Time (US & Canada)

    Reminder: Digital Blackbelt Series

    The first webast in this series is about to begin.
    MSDN Webcast: Digital Blackbelt Series: The Software Security Crisis: Selling Management on the Need to Invest in Secure Software Development (Level 100)

    Friday, February 4, 200511:00 A.M.12:00 P.M. Pacific Time, United States and Canada (UTC-8)
    Tune in for an introduction to the Digital Blackbelt Series. Learn about the evolving "Secure Culture" at Microsoft Corporation and how your company can save money by spending defensively.
    Here's the page with all the information about the series.

    Protect Against Exploit Code Related to Security Bulletin MS05-009

    Microsoft posted information tonight to help customers with a Windows and MSN Messenger issue related to MS05-009. Key to protecting yourself is making sure that you've installed the MS05-009 update. Get the details here:
    Protect Against Exploit Code Related to Security Bulletin MS05-009

    Microsoft is aware of exploit code available on the Internet that seeks to exploit an issue addressed this week by the update released with Microsoft Security Bulletin MS05-009. Microsoft is not currently aware of any active attack utilizing this code or any customer impact. We will continue to actively monitor the situation and provide updated customer information and guidance as necessary.

    Our investigation of this exploit code has verified that it does not affect users who have installed the MS05-009 update for both Microsoft Windows and MSN Messenger. Microsoft continues to recommend customers apply the MS05-009 updates to the affected products by enabling Automatic Updates in Windows as well as installing the updated version of MSN Messenger.
Page 1 of 3 (22 items) 123