Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

Bass Bass I need better writers.
  • Heartbleed

    , evildictait​or wrote

    The security of a product has nothing to do with whether it is open or closed source. It has everything to do with whether you use secure programming practices when you write and test your code.

    Also heartbleed is, whilst quite serious and needing to be urgently patched, not any more or less serious than a whole ton of other bugs that come out in any given year.

    Remember the YAML deserialization bug which was RCE against a fairly large fraction of the Internet? Or the web.config padding oracle that was RCE versus most IIS installs? Or how about the MS-0867 bug, which was RCE against basically any Windows machine at the time.

    You could have used any of those bugs to take SSL private keys and userdata from a webserver, and considerably more.

    And that's before we even go into vulnerabilities that are functionally equivalent to Heartbleed, but without the same level of media-fueled hysteria - like the Debian random bug, Apple's goto fail and CVE-2011-4315 which is identical in behavior to the heartbleed vulnerability but affecting just nginx instead of all of OpenSSL.

    RCE in a web server? Bleh. Web servers will be web servers. I think a lot of hysteria comes from the fact that the bug is in an SSL library, who's entire purpose to some extent is to provide security. Security hole in a security library? That's scandalous. Especially when compounded with all the latent hysteria over the months from you know what.

    If we can't have a bug free SSL implementation, what can we trust? Also that it has a cool name and even its own hipster-approved logo and Bootstrap web site. Who can get excited over something named CVE-034984785474-3-3083e78wehhd7sce in some government database?

    Although to be fair, maybe people should start getting excited over things like these. Heartbleed (aka. CVE-2014-0160... :) ) was one of the best marketed security vulnerabilities ever. There is a lot of the security community could learn from that.

  • C#/XAML vs. WinJS/HTML

    , contextfree` wrote

    WinJS and phonegap aren't mutually exclusive, you can use them together. They talk about this in the Build WinJS sessions.

    Part of their strategy to make WinJS relevant. And it's possible that people will use hybrid approaches, but it's also possible they'll just ignore WinJS entirely because well you don't need it at all.

  • C#/XAML vs. WinJS/HTML

    , exoteric wrote

    *snip*

    Have you considered that the aim here is neither to facilitate cross-platform development nor to make an implicit statement about the suitability of Javascript as a development language for large scale programs - but rather to empower developers with Javascript skills to develop for Windows?

    TypeScript was also invented to facilitate large scale application development for the Web - but is also being used for Windows application development.

    Yeah but um, writing JS apps hard coded to Windows only makes sense if ignore Android and iOS, which trust me nobody outside of Channel9 is doing. JavaScript developers can always use PhoneGap, Titanium or any other more mature and highly cross-platform framework and not waste time writing code that can only work one relatively obscure part of the market. It lets you write a mobile app once and without changing a single line of code run it on EVERY COMPUTING DEVICE EVER (PS: including Windows 8).

    WinJS is not a special snowflake when it comes to writing Windows apps in JavaScript. There are popular alternatives. And they work on Android and iOS. The same code you write for your Windows Store app, will also work for your Google Play app and iTunes Store app. Line for line. Let that sink in.

    Let that sink in.

    Nobody had any real incentive to use WinJS for this reason. Which is of course why Microsoft open sourced it - they had no real other choice except allow it to languish in obscurity. Now, WinJS being open source is no guarantee that it will be successful. Because well... YOU CAN STILL USE PHONEGAP. 

    [Tangent: PhoneGap apps are not technically web apps. They are native applications. A PhoneGap application is compiled into native binary that simply calls into JavaScript.. Thus, they are capable of doing anything a native application for that platform can do. Of course, there is also a broad common API that maps pretty much anything you need to the platform's specific API for doing it. I understand that Windows has a special "JS executable" format for the store, but it's possible and likely that PhoneGap apps submitted for the Windows store would show up as C++ applications.]

    Now that WinJS is open, it is possible that some community will form around WinJS and they'll port it to other platforms and even allow some subset to run entirely in a web browser. But still.. well... you can still use PhoneGap. It already does this.

    There is nothing all that magical Microsoft is providing in WinJS, and even if they had something, they'd still have to overcome a ton of developer experience and inertia around PhoneGap and friends.

    But there is at least some hope now that WinJS will be competitive.

    Notice the date. I have a pretty good track record of calling these things in advance. Maybe working for Gartner is my calling.

    TLDR: Single-platform JS is stupid and virtually nobody does it. Look up PhoneGap.

  • The Future of the Start Screen

    Watched the video. Saw widgets. I remember some version of Windows had these on your desktop, guess it didn't make it into Metro?

    Anyway they can be super useful. I have like four different widgets on my Android start screen, and I use them often (esp. the e-mail one).

  • Microsoft should open-source Windows XP

    , evildictait​or wrote

    *snip*

    Feature-complete for ReactOS would be having fully implemented for all possible Windows-XP functions and fully app-compat tested the system against all apps - an astronomic goal that frankly won't ever be reached.

    That said, the biggest problem it has is interest from the open source community - which is seriously lacking - rather than lack of features. If a quarter as many people used ReactOS as use Ubuntu, it would overnight be transformed into a more stable and complete project.

    And if Windows XP was open-sourced and got a hundred developers jumping ship from Linux to maintain and improve the Windows XP codebase (and unrealistically lofty goal) - they still wouldn't be able to ship updates to it (unless you're also asking Microsoft to yield Windows Update keys, which gives everyone in possession of it remote unauthenticated kernel mode RCE against 20% of the Internet) and that's still a drop in the ocean compared to the number of security people who would be looking through Windows XP source code to find 0days rather than looking through it to improve it.

    tl;dr is that open sourcing Windows XP would be counterproductive for Windows, uninteresting to actual open-source fans and cripplingly dangerous to the few people stupid enough to still be running Windows XP now that Microsoft has washed its hands of keeping it secure.

    Yeah because we have a FOSS operating system that has billions of dollars of investment in it. You know, Linux. These alternative OSes are cool and all, but I don't have much faith in them. Microsoft is this huge company that has a metric f**kton of engineering effort at its disposal. And farting out a NT system even to the level of Windows XP was a massive multi-year effort. It's not like making a pong clone, that's for sure.

    Open sourcing Windows XP would be the most massive thing that ever happened in the history of open source. There would be entire companies and a massive ecosystem growing around it overnight. It's the biggest and most influential consumer OS ever, I believe.

    Microsoft owns Windows XP ultimately it's their decision what they want to do with it. But it will not happen because it makes no f**king sense for Microsoft. They might as well firebomb their Redmond campus while they are it. Well I would not say it will never happen, because in the distant future the world might be a lot different. But not in the immediate or near or any way predictable future.

  • node.js tools for Visual Studio

    , CaRDiaK wrote

    This is cool. The only thing I'm missing right now is syntax highlighting for JADE.

    Using this a lot at my current gig and at the moment I have jump between Sublime and WebStorm if I'm doing one off files or projects. Other than that I can live in VS. 

    And this makes me happy :) 



    Why stop at syntax highlighting? This is Visual Studio. It should do full on autocompletion and refactoring. :)

    But yeah it's quite nice. It's frustratingly close to being one of the better node.js development environments.

  • node.js tools for Visual Studio

    In a similar vein, there is also Python tools for Visual Studio:

    https://pytools.codeplex.com/

    This kind of stuff makes Visual Studio a much more useful IDE then it would be otherwise. Good job.

  • Xamarin and MSDN

    Please. $1000 is not a lot of money. Hiring a developer to actually code stuff is something like two orders of magnitude more. I find it mildly obnoxious that people who have no problem spending thousands of dollars on MSDN can't somehow spend a fraction of that amount on product that increases the scope of their products to hundreds of millions of additional devices. Especially considering that the company asking for that money actually needs it (Microsoft could do just fine giving out Visual Studio).

  • Microsoft should open-source Windows XP

    , evildictait​or wrote

    *snip*

    Have you tried running a recent build of ReactOS? It works pretty well. It's certainly not bug-free (but then neither is XP), but it'll run most things that ran on Windows XP out-of-the-box.

    It still has the same general disclaimer on the website since I've last used it:

    ReactOS 0.3.16 is still in alpha stage, meaning it is not feature-complete and is recommended only for evaluation and testing purposes.

    The bolding is theirs, but rather convenient.

  • Microsoft should open-source Windows XP

    , evildictait​or wrote

    And as ReactOS has shown, an open-sauce clone of Windows 2000 gathers basically zero interest from the open source community or from users at large, so it seems a little bit odd to assume that open saucing XP would magically change that.

    The difference is Windows XP is actually usable.