Thursday, March 22, 2007
The Visual C++ team has an update for you about their Orcas plans around MFC and the Common Controls in Vista. There are a lot of new APIs in Vista compared to XP, but just as important there are new styles (like the style that makes a button a CommandLink) and messages (like the message to a button that tells it to draw itself with a security shield.) Right now to work with these new "thingies" (my technical term for them) you need to send Windows messages. In Orcas there will be design time support for all this and more. Even the new Common File Dialogs will be yours as if by magic.
Looking forward to it!
Wednesday, March 21, 2007
I have such a good time when I do .NET Rocks with Carl and Richard! I'm sitting around chatting with my buds, doing a little shop talk, sharing horror stories -- the time flies by. I hope one or two of you enjoy listening to it, too. Some things I heard myself say that sound pretty funny now:
- you're out of feet, i'm taking over
- it's the speed of light -- we're screwed
That first one is the CLR talking to people who messed up constantly on memory management. The second is of course the concurrency story. Along the way we talked about Vista (a lot) and covered plenty of ground. Why not give it a listen?
Tuesday, March 20, 2007
Kathy Sierra has some characterizations of applications we'll all recognize. There's the one who knows how you like things, the one who bosses you around, the one you are barely putting up with till something better comes along .... and be sure and read the comments where a few more archetypes appear.
Saturday, March 17, 2007
It's a strange thing about debugging under Vista that the one thing you really don't want to do is press F5. It's rather a long story as to why, but it's a good habit to go and find your executable and double-click it. And if you develop that habit, you may find that getting Visual Studio to build you a release or a debug version is not that simple. (Pressing F5 builds a debug version, and Ctrl-F5 builds a release version, before launching the application.) For many people, the dropdown that shows what configuration you're building has disappeared from the toolbar where it belongs. And even if you're brave enough to wade into the Customize dialog and put it back, it's disabled:
To get things back the way they once were, bring up Tools, Options, and go to the General section under Projects and Solutions. Find "Show advanced build configurations" and check it.
Presto! Debug is back!
Not what I'd call discoverable, so spread the word.
Friday, March 16, 2007
It's interesting when we measure new things using old rules. A number of people have observed that Vista machines doing nothing seem to be using a lot of memory to achieve that nothingness. Words like "bloat" get bandied around. Empty memory is seen as more virtuous than filled memory. I'm not going to link to all the "Vista is using all my memory it sucks" complaints. Instead, I'm going to point you to Jeff Atwood, who explains the whole thing quite nicely and concludes:
The question shouldn't be "Why does Vista use all my memory?", but "Why the heck did previous versions of Windows use my memory so ineffectively?"
Thursday, March 15, 2007
Recently I ordered a DVD of The Rise and Fall of the Great Lakes from the National Film Board of Canada. Now don't get me wrong, the place is a national treasure, and I'm delighted to be able to buy films I fondly remember from my childhood. I also trust them with my credit card number. But this privacy "reassurance" didn't really reassure me:
A quick IM conversation with someone who speaks far better French than me told me that this makes way more sense in French, but serves as a tremendous example of why machine translation can only take you so far. Trust me, my "experiment Internet" is already sedentary enough.
Wednesday, March 14, 2007
Yikes! How can an API call be banned? Well, these functions from the C Runtime Library (CRT) will trigger warnings from the compiler in Visual C++ 2005 and beyond. I've blogged about this before, and linked to an older paper about it too. Now Michael Howard has an updated article that lists all the "banned" CRT calls and suggests what to use instead. He also clarifies the role of the StrSafe functions and compares them to the _s versions of the insecure CRT functions. Definitely recommended reading if you're maintaining an older code base and worry about it a little.
Tuesday, March 13, 2007
First, this Information Week article says "there's a greater call for IT professionals in the New York and New Jersey area than there is in Northern California". Then they say something really strange: "When it comes to programmers, the C and C++ languages were the most popular with 18,290 job postings, while Microsoft's .Net drew 14,807." Wow. Ignoring the fact you can do C++ on .NET, that's still quite a dramatic ratio. It's partly because the jobs include other operating systems, like Linux, and C++ is The cross-platform language. But I know (because people email me asking to help them find staff) that C++ programmers are getting hard to find. Who'da thunkit?
Monday, March 12, 2007
Jesper is The Guy on security and since UAC is generally represented as a security feature, I'm interested in just about anything he has to say on the topic. So imagine my eyebrows headed for the ceiling when I read:
UAC does not, nor is it intended to, stop malware.
But my eyebrows came back down pretty quickly. There's a difference between stopping malware and reducing the effect of malware people happen to launch. UAC is intended, Jesper says, to "enable more users to run as a standard user." After all, most devs are admins on their own box, because otherwise they can't accomplish all kinds of day-to-day developer tasks. And then they accidentally write applications that only work if you're an administrator. And most folks react to that by making everyone an administrator. And that leaves you in a nasty place if you did happen to launch some malware. He goes on to say:
...we ideally end up in a situation where most people do not run as administrators and, hopefully, start questioning some of the elevation prompts they do get. The fewer they get, the more likely they are to consider them carefully before allowing them, or so the theory goes. By extension, yes, there may be less malware, but it all depends on (a) whether users keep UAC on, (b) which is dependent on whether ISVs will write software that works with it, and (c) users stop considering prompts to be fast-clicking exercises and actually consider whether an elevation request is legitimate or not.
That last one I am seeing no signs of. A UAC prompt comes up, people just click it as quick as they can. Sigh. Let's hope that changes over time. One last quote from Jesper:
The fact that UAC does not mitigate all security problems, or that it does not possess a property that many of us, myself included, would dearly like to have - first-order protection against malware - does not mean it is not a security technology.
The more we understand the point of UAC, the more likely we are to think a little during that black-screen-pause while the prompt is coming up. If you don't think what you just did deserves a UAC prompt, why are you going to consent?
© Copyright 2023 Kate Gregory
Theme design by Bryan Bell
newtelligence dasBlog 2.3.9074.18820
| Page rendered at Saturday, December 09, 2023 10:52:14 AM (Eastern Standard Time, UTC-05:00)
On this page....
Pluralsight Free Trial