# Monday, 12 March 2007

Jesper is The Guy on security and since UAC is generally represented as a security feature, I'm interested in just about anything he has to say on the topic. So imagine my eyebrows headed for the ceiling when I read:

UAC does not, nor is it intended to, stop malware.

But my eyebrows came back down pretty quickly. There's a difference between stopping malware and reducing the effect of malware people happen to launch. UAC is intended, Jesper says, to "enable more users to run as a standard user." After all, most devs are admins on their own box, because otherwise they can't accomplish all kinds of day-to-day developer tasks. And then they accidentally write applications that only work if you're an administrator. And most folks react to that by making everyone an administrator. And that leaves you in a nasty place if you did happen to launch some malware. He goes on to say:

...we ideally end up in a situation where most people do not run as administrators and, hopefully, start questioning some of the elevation prompts they do get. The fewer they get, the more likely they are to consider them carefully before allowing them, or so the theory goes. By extension, yes, there may be less malware, but it all depends on (a) whether users keep UAC on, (b) which is dependent on whether ISVs will write software that works with it, and (c) users stop considering prompts to be fast-clicking exercises and actually consider whether an elevation request is legitimate or not.

That last one I am seeing no signs of. A UAC prompt comes up, people just click it as quick as they can. Sigh. Let's hope that changes over time. One last quote from Jesper:

The fact that UAC does not mitigate all security problems, or that it does not possess a property that many of us, myself included, would dearly like to have - first-order protection against malware - does not mean it is not a security technology.

The more we understand the point of UAC, the more likely we are to think a little during that black-screen-pause while the prompt is coming up. If you don't think what you just did deserves a UAC prompt, why are you going to consent?


Monday, 12 March 2007 22:48:33 (Eastern Standard Time, UTC-05:00)  #    Comments [0]
# Sunday, 11 March 2007

Ali Parker writes about the Women in Technology event that will be held once again at Tech Ed in Orlando this year. Let her know your thoughts on what the event should be, and on how to reach out to young girls and inspire them to consider changing the world through technology. I know I'll be attending no matter how they structure the event or when it's held. It's fun to be in the majority once in a while. BTW, men are always welcome ... you don't need to pass some screener with some talk of having a daughter or the like, just come on in and join us.


Sunday, 11 March 2007 22:39:41 (Eastern Standard Time, UTC-05:00)  #    Comments [0]
# Saturday, 10 March 2007

At the risk of turning this into a jobs blog, I just have to point you to another opening. How would you like to apprentice to Eric Sink at Source Gear? He's looking for a developer to do marketing. He would rather you didn't have a lot of marketing background, and he'll pay you as he would pay a senior developer. You have to move to Illinois, and be willing to travel every month or so, and I bet you'll have a terrific time. Application instructions are in the blog posting.


Saturday, 10 March 2007 09:26:23 (Eastern Standard Time, UTC-05:00)  #    Comments [0]
# Friday, 09 March 2007

One of the things that's fairly hard to do with Team Systems out of the box is to search work items. You know there was something about the Pending flag in some work item or another, but now you just can't seem to find it. You could create a query but that seems like overkill, right? Well, Noah Code has a little addin for you that makes searching work items a lot more convenient. It adds a toolbar with a search box, and you're all set. If you want, you can tweak what fields it searches.


Friday, 09 March 2007 09:06:45 (Eastern Standard Time, UTC-05:00)  #    Comments [0]
# Thursday, 08 March 2007

Microsoft wants to hire a Program Manager for COM+, DCOM, RPC, the WCF/COM Integration, System.EnterpriseServices, and whole lot more. It's true. If you love COM and think you can do this job, start at this blog entry from Clemens but don't follow his link over to the jobs page -- it seems to be broken. This link worked better for me.


Thursday, 08 March 2007 09:03:29 (Eastern Standard Time, UTC-05:00)  #    Comments [0]
# Wednesday, 07 March 2007

I know I mentioned earlier about Code Camp (March 31st, downtown Toronto). The sessions are now set and there will be five tracks with five talks each. Topics range widely - SharePoint development, fundamentals of generics, game programming with XNA, workflow, even a robotics / mobility mashup! Plenty of veteran and new speakers; it promises to be a great day. My talk is scheduled early so I can relax and watch everyone else after I'm done. In keeping with my Code Camp tradition this will not be a C++ talk - I'll be covering Vista programming for non C++ people.


MVP | RD | Speaking | Vista
Wednesday, 07 March 2007 08:54:02 (Eastern Standard Time, UTC-05:00)  #    Comments [0]
# Tuesday, 06 March 2007

Hey, this is great, my Tech Ed talk was accepted this year. This is the earliest I've known I'll be speaking at Tech Ed USA. (I know, I already knew I was headed there for the pre-con, but now I have a breakout.)

C++/CLI and Vista: a natural fit

Vista brings a host of new features that developers can use to create beautiful, powerful, and intuitive applications. Some of these features are easy to access from managed code while others are more of a challenge. These features are generally easy to access from native code. By using C++/CLI, a developer can call either native or managed APIs with maximum ease. This session will demonstrate a variety of different Vista features to illustrate the strengths of C++/CLI.

This should be a level 300 talk and I'm really looking forward to it!


Tuesday, 06 March 2007 08:45:39 (Eastern Standard Time, UTC-05:00)  #    Comments [5]
# Monday, 05 March 2007

A lot of the Vista PR focuses on what it's like to use Vista. Let's say you're deciding whether to make your application run well on Vista. What's in it for you? Is it just about "10% of my customers are on Vista already, so I'd better support them" or is there more? Vista actually offers you goodies as a developer, above and beyond the .NET Framework 3.0. In this latest Channel 9 video, Michael Wallent talks about shiny new WPF applications, but also about reliability, restart and recovery, why your application will perform better on Vista, and much more. I love watching people care about their work, especially when there's so obviously a huge pool of technical knowledge behind what they're saying. This is a great video. and not just because of the turn the conversation takes at about 18 minutes.


Monday, 05 March 2007 08:39:58 (Eastern Standard Time, UTC-05:00)  #    Comments [0]