Blog posts page 15 of 44

Language Integrated Query: An introduction talk tomorrow

I’m just finishing up the slides, notes and writing code samples for my LINQ presentation at the Guernsey Software Developer Forum tomorrow evening.

Hopefully the broader scope of this presentation will mean a few new faces — the previous talks on Subversion and web application security might have been a little specific for a such a small audience (Guernsey is around 70,000 people on an island 9 miles long).

What being open means to Apple & Microsoft

Former Apple engineer Jens Alfke believes Apple’s external image has been polished until featureless. The restrictive staff blogging policies, the veil of secrecy around future plans and a carefully orchestrated three-person spokes-team of Jobs, Schiller and Ive lead to a very impersonal closed business.

It certainly wasn’t always this way. The original Mac team appeared in Rolling Stone magazine with credit in about boxes, a practice that was continued at NeXT but abolished by Mac OS X Beta. Jobs makes regular comparisons between engineers and artists and touted individual thinking in the Think Different campaign and artists like recognition with signatures on art and credits on film.

What’s in your laptop bag?

Since my new laptop arrived I’ve been fine tuning my accessories in search of the developer-on-the-move setup. Here is my current contents complete with shameless Amazon Affiliate product links where applicable ;-)

My parents bought me the Brenthaven Pro 15–17 Backpack for Christmas. It has a great number of sections and compartments yet can still be thinly packed with the padding contributing to a comfortable wear. The only negatives are that the finish seems a little rough in places and that the rigid laptop protection area seems to be designed to hold a laptop almost twice as thick as a MacBook Pro despite claims of being ‘Designed for a 15.4″ MacBook and 17″ MacBook Pro’.

Mac freebies for Christmas

Spaces is new in Leopard bringing virtual desktops to the masses. Leopard gives you a number of ways to switch between spaces including a menu-item drop down and configurable keyboard shortcuts.

To move a window to another space you drag it to the edge of the screen and wait a moment but curiously you can’t use this great technique without a window to switch!

Thoughts on awareness of security vulnerabilities & full disclosure

HTML, SQL and XSS injection vulnerabilities aren’t new but they are still largely ignored by developers.

My first encounter with these issues was in 1999 whilst writing an extranet e-commerce web site. Back then the ASP fix consisted of Server.HtmlEncode for all output and a Replace("'", """")Replace("'", """") for strings heading to SQL (other types headed there via CInt/CLong/CDate and I wasn’t aware of parametrized queries).

One week with a MacBook Pro 17″

It has been one week since I picked up my new MacBook Pro 17″ to replace my aging first-generation 15″ model.

My initial concern was that the size and weight would be unwieldy after 4 years of lugging around a 15″ MacBook Pro and a prior to that a Titanium PowerBook G4. The actual problem was that my trusty Samsonite Trunk & Co. backpack could not accommodate it and that I’d have to hope Santa would deliver something a little bigger. Being properly kitted up might reveal if the dimensions and weight are uncomfortable so expect an update once I’ve travelled with the beast.

5 signs your ASP.NET application may be vulnerable to HTML injection

If you don’t encode data when using any of the following methods to output to HTML your application could be compromised by unexpected HTML turning up in the page and modifying everything from formatting though to capturing and interfering with form data via remote scripts (XSS). Such vulnerabilities are incredibly dangerous.

Using MonoRail or Microsoft’s MVC does not make you automatically immune — use {! }{! } in MonoRail’s Brail engine and the HtmlHelpers in Microsoft’s MVC to ensure correct encoding.