# Thursday, March 15, 2007

Recently I ordered a DVD of The Rise and Fall of the Great Lakes from the National Film Board of Canada. Now don't get me wrong, the place is a national treasure, and I'm delighted to be able to buy films I fondly remember from my childhood. I also trust them with my credit card number. But this privacy "reassurance" didn't really reassure me:

A quick IM conversation with someone who speaks far better French than me told me that this makes way more sense in French, but serves as a tremendous example of why machine translation can only take you so far. Trust me, my "experiment Internet" is already sedentary enough.


Thursday, March 15, 2007 10:42:03 AM (Eastern Standard Time, UTC-05:00)  #    
# Wednesday, March 14, 2007

Yikes! How can an API call be banned? Well, these functions from the C Runtime Library (CRT) will trigger warnings from the compiler in Visual C++ 2005 and beyond. I've blogged about this before, and linked to an older paper about it too. Now Michael Howard has an updated article that lists all the "banned" CRT calls and suggests what to use instead. He also clarifies the role of the StrSafe functions and compares them to the _s versions of the insecure CRT functions. Definitely recommended reading if you're maintaining an older code base and worry about it a little.


Wednesday, March 14, 2007 10:33:16 AM (Eastern Standard Time, UTC-05:00)  #    
# Tuesday, March 13, 2007

First, this Information Week article says "there's a greater call for IT professionals in the New York and New Jersey area than there is in Northern California". Then they say something really strange: "When it comes to programmers, the C and C++ languages were the most popular with 18,290 job postings, while Microsoft's .Net drew 14,807." Wow. Ignoring the fact you can do C++ on .NET, that's still quite a dramatic ratio. It's partly because the jobs include other operating systems, like Linux, and C++ is The cross-platform language. But I know (because people email me asking to help them find staff) that C++ programmers are getting hard to find. Who'da thunkit?




Tuesday, March 13, 2007 10:53:35 PM (Eastern Standard Time, UTC-05:00)  #    
# Monday, March 12, 2007

Jesper is The Guy on security and since UAC is generally represented as a security feature, I'm interested in just about anything he has to say on the topic. So imagine my eyebrows headed for the ceiling when I read:

UAC does not, nor is it intended to, stop malware.

But my eyebrows came back down pretty quickly. There's a difference between stopping malware and reducing the effect of malware people happen to launch. UAC is intended, Jesper says, to "enable more users to run as a standard user." After all, most devs are admins on their own box, because otherwise they can't accomplish all kinds of day-to-day developer tasks. And then they accidentally write applications that only work if you're an administrator. And most folks react to that by making everyone an administrator. And that leaves you in a nasty place if you did happen to launch some malware. He goes on to say:

...we ideally end up in a situation where most people do not run as administrators and, hopefully, start questioning some of the elevation prompts they do get. The fewer they get, the more likely they are to consider them carefully before allowing them, or so the theory goes. By extension, yes, there may be less malware, but it all depends on (a) whether users keep UAC on, (b) which is dependent on whether ISVs will write software that works with it, and (c) users stop considering prompts to be fast-clicking exercises and actually consider whether an elevation request is legitimate or not.

That last one I am seeing no signs of. A UAC prompt comes up, people just click it as quick as they can. Sigh. Let's hope that changes over time. One last quote from Jesper:

The fact that UAC does not mitigate all security problems, or that it does not possess a property that many of us, myself included, would dearly like to have - first-order protection against malware - does not mean it is not a security technology.

The more we understand the point of UAC, the more likely we are to think a little during that black-screen-pause while the prompt is coming up. If you don't think what you just did deserves a UAC prompt, why are you going to consent?


Monday, March 12, 2007 10:48:33 PM (Eastern Standard Time, UTC-05:00)  #    
# Sunday, March 11, 2007

Ali Parker writes about the Women in Technology event that will be held once again at Tech Ed in Orlando this year. Let her know your thoughts on what the event should be, and on how to reach out to young girls and inspire them to consider changing the world through technology. I know I'll be attending no matter how they structure the event or when it's held. It's fun to be in the majority once in a while. BTW, men are always welcome ... you don't need to pass some screener with some talk of having a daughter or the like, just come on in and join us.


Sunday, March 11, 2007 10:39:41 PM (Eastern Standard Time, UTC-05:00)  #    
# Saturday, March 10, 2007

At the risk of turning this into a jobs blog, I just have to point you to another opening. How would you like to apprentice to Eric Sink at Source Gear? He's looking for a developer to do marketing. He would rather you didn't have a lot of marketing background, and he'll pay you as he would pay a senior developer. You have to move to Illinois, and be willing to travel every month or so, and I bet you'll have a terrific time. Application instructions are in the blog posting.


Saturday, March 10, 2007 9:26:23 AM (Eastern Standard Time, UTC-05:00)  #    
# Friday, March 09, 2007

One of the things that's fairly hard to do with Team Systems out of the box is to search work items. You know there was something about the Pending flag in some work item or another, but now you just can't seem to find it. You could create a query but that seems like overkill, right? Well, Noah Code has a little addin for you that makes searching work items a lot more convenient. It adds a toolbar with a search box, and you're all set. If you want, you can tweak what fields it searches.


Friday, March 09, 2007 9:06:45 AM (Eastern Standard Time, UTC-05:00)  #    
# Thursday, March 08, 2007

Microsoft wants to hire a Program Manager for COM+, DCOM, RPC, the WCF/COM Integration, System.EnterpriseServices, and whole lot more. It's true. If you love COM and think you can do this job, start at this blog entry from Clemens but don't follow his link over to the jobs page -- it seems to be broken. This link worked better for me.


Thursday, March 08, 2007 9:03:29 AM (Eastern Standard Time, UTC-05:00)  #    
# Wednesday, March 07, 2007

I know I mentioned earlier about Code Camp (March 31st, downtown Toronto). The sessions are now set and there will be five tracks with five talks each. Topics range widely - SharePoint development, fundamentals of generics, game programming with XNA, workflow, even a robotics / mobility mashup! Plenty of veteran and new speakers; it promises to be a great day. My talk is scheduled early so I can relax and watch everyone else after I'm done. In keeping with my Code Camp tradition this will not be a C++ talk - I'll be covering Vista programming for non C++ people.


MVP | RD | Speaking | Vista
Wednesday, March 07, 2007 8:54:02 AM (Eastern Standard Time, UTC-05:00)  #