Channel 9 - Entries tagged with Tools

TWC9: 100MM licenses, Blue at build, VS2012.3 Go Live CTP, and more

Brian Keller, Dan Fernandez, Greg Duncan — Fri, 10 May 2013 22:20:00 GMT

This week on Channel 9, Brian and Dan discuss the week's top developer news, including;

[00:10] 100 million licenses, 250 million Store app downloads, 400 million active Outlook accounts
[00:56] Build will release a public preview of “Windows Blue”
[01:36] Visual Studio 2012.3 (Update 3) “go-live” CTP is now available (Brian Harry),http://go.microsoft.com/fwlink/?LinkId=290979, http://support.microsoft.com/kb/2835600
[02:46] Announcing availability of ISOs for Visual Studio Updates (Eric Knox), ISO Recorder
[04:12] TFS 2012.2 Power Tools update available (Brian Harry)
[05:09] Publish Individual Files to your Server in Visual Studio 2012.2 (Rick Strahl)
[06:18] Announcing TechEd Achievements (D. Begley, Karsten Januszewski)
[07:18] .NET Crash Dump and Live Process Inspection (Lee Culver)
[08:42] Windows Store app Development snack: Compress your images! (Robert MacLean )
[09:41] Channel 9 Highlight: Inside Code Digger (Nikolai Tillmann, Peli de Halleux)

Picks of the Week!

Dan's Pick of the Week:[11:10] Creative Coding Videos
Brian's Pick of the Week:[12:03] Unit Test Generator under the bonnet (hood) … aka vsarUnitTestFx (Willy-P. Schaub)

Production Note: Yep, no bumpers... Golnaz wasn't available, leaving Brain and Dan on their own, and well... enough said.

Where’s My Car?

atkulp — Thu, 04 Aug 2011 19:48:37 GMT

Most people are all too familiar with forgetting where they parked their car. Whether or not you’re one of these people, read on to learn about writing a location-aware Windows Phone app that can map, route, take pictures, and save state between invocations.

Introduction

Working with mobile phones gives you access to a completely different form factor, as well as a completely different set of functionality compared to web and desktop development environments. This project demonstrates GPS, camera, isolated storage, map display, web services, and advanced map features. Use it as a starting point for another project, or just learn from the techniques shown here.

You don’t need a Windows Phone to learn from this sample, but GPS simulation is only available in the emulator for the 7.1 beta developer tools, and interacting with the camera on the emulator is no fun at all, so it’s definitely a limited debugging/testing experience. You need to be a registered phone developer in order to debug on a physical phone, but the price ($99) is definitely reasonable if you end up releasing even a single paid app.

Go to create.msdn.com, then click Download the free tools to download the Windows Phone Developer Tools (or use the direct download link provided above this Introduction section). This code is written for the Windows Phone Developer Tools 7.0, but has also been tested with Windows Phone SDK 7.1 Beta 2. Either way, it’s is a mostly online install, and it’s pretty big so expect it to take some time. Even if you don’t have any development tools, this will give you Visual Studio Express, Blend, and XNA Game Studio. If you have the full-version tools already, it will add new templates.

Project Basics

Upon launching the app, there’s not much to see. You can touch the car icon in the Map region in order to set your car’s parking location. To make things easier, you can also touch the camera icon to take a picture of your parking spot or nearby landmark to make it easier to find later. The data is saved between runs so you don’t need to leave it running.

The application takes advantage of a small set of pages:

MainPage: Summary screen to see the map and photo in the same place. Essentially, this uses two Image controls and a Map control. The upper region shows a small map if you’ve set your parking spot. It also caches a small version of the map in case you can’t get a GPS or data connection when you need to find your car.
MapSet: Allows the user to set their car’s position on a map. It starts out centered on the current location and the user can swipe around to place their car.
MapPage: A larger map with panning/zooming support. This is the one you see after locking in the parking spot. You can jump to your current position, the car’s position, or generate a route between them.
Media: A large view of the photo taken of the parking spot.
SettingsPage: Choice of imperial (miles) or metric (kilometers) for distance measurements, and map style (aerial or street). These are all data-bound to simplify managing the values.

It also uses a few IValueConverter classes to take data from my view model and make it look right in the UI:

DistanceConverter

Take a double value (assumed in meters), converts to miles if necessary, and appends the unit (km/mi). Notice that the code references the WheresTheCarSettings object. This is used to determine the measurement mode/unit. This should probably be passed in as a parameter, since this limits the portability for other projects, but I’ll leave that as an exercise for the reader!

public object Convert(object value, Type targetType, object parameter, CultureInfo culture)
{
    if (value == null ) return "";

    double val = Double.Parse(value.ToString());
	string unit;
    if( WheresTheCarSettings.Instance.MeasurementMode == MeasurementMode.Imperial)
    {
        unit = "miles";
        val = (val*3.2808399)/5280.0;
    }
    else
    {
        unit = "km";
        val /= 1000.0;
    }

    return string.Format("{0:0.00} {1}", val, unit);
}

ImageConverter

Takes an image path, checks for it in isolated storage, otherwise assumes it’s in the application XAP file, and then returns an BitmapImage for display. This is a pretty handy converter since the Source can’t be set to isolated storage otherwise. The Cache is very important since accessing isolated storage is more expensive than RAM access. Also, notice that the Dictionary object is holding WeakReference instances pointing to the image. This allows the garbage collector to trim the cache if memory gets tight. Be sure to always use the IsAlive property so you know if the object’s been released.

public static Dictionary Cache { get; private set; }

static ImageConverter()
{
    Cache = new Dictionary();
}

#region IValueConverter Members

public object Convert(object value, Type targetType, object parameter, CultureInfo culture)
{
    if (value != null && !string.IsNullOrEmpty(value.ToString()))
    {
        string fn = value.ToString();

        if (Cache.ContainsKey(fn))
            if (Cache[fn].IsAlive)
                return Cache[fn].Target;
            else
                Cache.Remove(fn);

        try
        {
            BitmapImage bs = null;
            using (var myStore = IsolatedStorageFile.GetUserStoreForApplication())
            {
                if (myStore.FileExists(fn))
                {
                    using (var photoStream = myStore.OpenFile(fn, FileMode.Open))
                    {
                        bs = new BitmapImage();
                        bs.SetSource(photoStream);
                    }
                }
                else
                    bs = (new BitmapImage(new Uri(fn, UriKind.Relative)));

                if( parameter == null || parameter.ToString() != "no-cache")
                    Cache.Add(fn, new WeakReference(bs));
                return bs;
            }
        }
        catch
        {
            // Errors will be handled silently
        }
    }

	// If all else fails...
	return null;
}

ValueToVisibilityConverter

Returns Visibility.Collapsed or Visibility.Visible depending on whether a GeoCoordinate value is non-null and valid. This converter performs the simple action of making an element invisible if no coordinate is set. Very simple, but it makes for much more elegant code.

public object Convert(object value, Type targetType, object parameter, CultureInfo culture)
{
    var geo = value as GeoCoordinate;
	return (Utility.IsCoordNullOrUnknown(geo)) ? Visibility.Collapsed : Visibility.Visible;
}

Location

On Windows Phone, you determine your geographic location by using the GeoCoordinateWatcher class. When you instantiate it, you can specify an accuracy of Default or High. High accuracy comes at the cost of battery life. You can also set your movement threshold. The higher the threshold, the less often you’ll get position events. Call Start to wait for the sensor to turn on, or TryStart for asynchronous usage.

The GeoCoordinateWatcher raises an event for status changes such as starting or no data (StatusChanged), and an event to indicate a location change (PositionChanged). Locations are reported as GeoCoordinate objects, and include latitude, longitude, speed, bearing, and more. All distance measurements are in meters.

Note that like any GPS, the phone won’t be able to get a lock in underground parking, or even in many multilevel parking ramps. There’s not much you can do about this, but hopefully the photo comes in handy then!

Maps

Displaying a map on a Windows Phone application is really easy. The controls that come with the toolkit include a Map control. Simply drop this control onto a page and you are just about ready to go. The only other required step is to register as a developer on Bing. You can find out more information about the steps to follow to obtain your key and register your application here. This gets you a credential key that you plug into the MAP_CREDENTIALS property of the RouteHelper class of the supplied code. Note that without this, you won’t even be able to view maps, let alone generate routes. By doing this, you will get a map centered on Latitude = 0, and Longitude = 0. This puts you in the Atlantic Ocean west of South Africa. Without doing anything else you can pan and zoom the map.

Unfortunately, due to a bug in the current build of the controls, you can’t create the Map control in XAML on multiple pages of the same app. The maps in Where’s My Car are created in the code-behind. A little ugly, but it works. Hopefully this will be resolved in Mango. In XAML, it’s as easy as a one line control declaration to add a map:

You can set properties to hide the Bing logo (LogoVisibility="Collapsed"), to hide the copyright (CopyrightVisibility="Collapsed"), to set an explicit zoom level (ZoomLevel="15") and much more. You might notice that I set the zoom bar to be visible in the emulator, but not on the phone. Without having a touchscreen laptop, I wouldn’t be able to zoom the map in the emulator otherwise. My code-based map creation looks this this:

return new Map
{

    CredentialsProvider = new ApplicationIdCredentialsProvider(MapHelper.MAP_CREDENTIALS),
    ZoomLevel = 15,
    Mode = s.UseAerialMode ? (MapMode) new AerialMode() : new RoadMode(),
    ZoomBarVisibility = (Environment.DeviceType == DeviceType.Emulator) ? Visibility.Visible : Visibility.Collapsed,
    CopyrightVisibility = Visibility.Collapsed,
    LogoVisibility = Visibility.Collapsed,
    Margin = new Thickness(0),
};

Another important part of working with a navigation-based map is to be able to set pushpins to indicate the locations of things (in this case, you and your car). The built-in pushpin visualization is fine, but not very special. Changing the look-and-feel is as simple as modifying the template for the Pushpin control. Here, we change it to use a bitmap image:

When you declare a Pushpin, just set its Template property, and add it as a child of the Map control. A Pushpin control knows where to place itself by its Location property. Note that if the location is null, the pushpin will just lurk in the upper-left corner. Make sure that you hide it when the location isn’t set. I do this with the ValueToVisibilityConverter covered above. To use it, just set the Visibility property to the same Location property while using my ValueToVisibilityConverter to handle the conversion.

Routing

The Map control has no ability to perform routing, but it supports adding child controls. I’ve already discussed the Pushpin control as a child. The other important child control is MapLayer. MapLayer acts as a container for other controls. By setting the Location properties of the nested items (in latitude/longitude), everything is displayed at the right location, regardless of panning or zooming the map (no scaling is done however).

In order to obtain the routing data, the user must first set their parking location point. The other point is the current phone location. The actual routing happens using the Bing web service. Generate a service reference pointing to the definition (WSDL):

http://dev.virtualearth.net/webservices/v1/routeservice/routeservice.svc?wsdl

Then, creating the request entails setting the Credentials property, and optionally setting RouteOptions. For walking directions, set Mode to TravelMode.Walking (though this still uses roads). The Waypoints collection property holds Waypoint objects containing a label along with a Location object with Altitude/Latitude/Longitude properties. For the best performance, I use the CalculateRouteAsync call to get off the UI thread as quickly as possible.

In the response, you get the travel distance and a collection of points that make up the route. Create a MapPolyLine instance, and then based on the Waypoints collection create and add GeoCoordinate objects to the Locations collection. The MapPolyLine object then gets added to a MapLayer object for rendering along with the map. The final step is to use the Result.Summary.BoundingRectangle property to center and size the map in order to show the whole route in one view.

Taking and Storing Pictures

Taking pictures is pretty easy. The built-in camera can be triggered using a CameraCaptureTask object. Just call the Show method and the camera will appear. It’s up to the user to actually take the picture. Note that there is no way to automatically take the photo, and there is at the moment no preview feature. This will change in Mango, but for now it works well enough for our needs.

An important thing to keep in mind is that showing the camera task causes your app to be tombstoned (deactivated). This means that you need to save any relevant state before triggering it. After the user either takes the photo or cancels it, the app is reactivated. The Completed event of the CameraCaptureTask fires, so be sure to subscribe to the event in the constructor of the page. The Completed event includes a PhotoResult event class. From this you can check the TaskResult property to see if there is actually a photo ready, and use the ChosenPhoto property to get a stream containing the photo data. You can get the stream to process or write to storage. Here we will open isolated storage and open the “parking.jpg” file, then call the SaveJpeg method of the WriteableBitmap class.

For the sake of efficiency, I prefer to resize the image to a maximum of 1024 width or 768 height, rather than loading a minimum 5MP image each time. The resize is very quick, and results in much less data transfer from isolated storage to memory.

Settings

Settings are kept track of in a custom class, WheresTheCarSettings. This class has INotifyPropertyChanged properties and Load/Save methods to keep things together. Saving is done with a data contract rather than raw serialization. This is an amazingly easy way to load and save an object, and it’s very resilient against changes. The INotifyPropertyChanged interface is used so disconnected parts of an application (between objects or objects and UI) can be notified of changes to a given object. This happens because the PropertyChanged event fires whenever a property’s value changes, thus giving related code a chance to react.

#region MeasurementMode (INotifyPropertyChanged Property)
private MeasurementMode _measurementMode;
[DataMember]
public MeasurementMode MeasurementMode
{
	get { return _measurementMode; }
	set
	{
		_measurementMode = value;
		RaisePropertyChanged("MeasurementMode");
	}
}
#endregion

Next Steps

The application is fully functional as-is. It’s been in the Marketplace for a few months now. There are a number of complaints about not being able to get a GPS lock, or the route not being optimized for walking. These are true and valid complaints, but it’s difficult to do much about them. This is where good alerts and status indicators are important! Also, it could be useful to add a screen to see the walking route in a step-by-step view (already available in the route response). Integrating parking meter information might also be useful, though I’ve already implemented that in a different application—coming soon!

Conclusion

Being able to work with the location and camera enables some great scenarios that aren’t really available in other form factors. Get started by downloading the Windows Phone Developer Tools to see just how easy it is.

About the Author

Arian Kulp is a software developer living in Western Oregon. He creates samples, screencasts, demos, labs, and articles, speaks at programming events, and enjoys hiking and other outdoor adventures with his family.

Silverlight 4 Tools for Visual Studio 2010 Launch: New Designer Capabilities (Silverlight TV 27)

John Papa — Mon, 17 May 2010 17:00:00 GMT

Mark Wilson-Thomas joins John to announce the launch of the Silverlight 4 Tools for Visual Studio 2010! Mark shows off several impressive, new features in the Visual Studio 2010 designer that work for both Silverlight and WPF development. Some key new features that are covered include:

New interactive design surface
Working with Styles and Resources
Go To Value Definition lets you directly locate nested styles
Using the new "Data Can" to pinpoint data hookups
Moving stuff around in complex Grid panels using the new right click "goodies"

You can learn more about the new features from the Cider Designer blog, too.

Relevant links:

Using the Code Analysis Tool (CAT.NET 2.0) to Identify Security Vulnerabilities

Jossie — Thu, 25 Feb 2010 08:18:00 GMT

Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new version of CAT.NET (Code Analysis Tool for .NET) version 2.0. It is a static analysis tool that uses the Phoenix Compiler and its data flow graph.

Anil walks us through the dataflow rules and how it uses the source sink analysis to determine if there is a vulnerability or not. He also explains how the configuration analysis works and walks through the rules where insecure conditions exist. The demo of the tool shows how the vulnerabilities are detected and how to interpret the results.

To learn more about this application, stay up to date on the latest news by following the Security Tools Team blog.

Watch related webcast
Download: CAT.NET 2.0

Interview Tech-Ed 2009 Berlin: Steve Teixeira talks about Parallel Computing with VS 2010 and why you should take care

Oliver Scheffert — Wed, 16 Dec 2009 09:15:00 GMT

"I have been in the role of the Program Manager for the Developer Track at Tech-Ed 2009 in Berlin this year and decided to run some interviews with some of the speakers in my track. I am talking with Steve Teixeira about Parallel Computing and what new VS 2010 Tools we have for you to win the challenge of building Software utilizing the power of Multicore Systems. If you ask yourself why should I care? If so, this is the right content for you!

Enjoy!"

Christian Binder

http://blogs.msdn.com/cbinder

Interview Tech-Ed 2009 Berlin: Brian Keller talks about the new VS 2010 Testing Tools

Oliver Scheffert — Wed, 16 Dec 2009 08:13:00 GMT

"I have been in the role of the Program Manager for the Developer Track at Tech-Ed 2009 in Berlin this year and decided to run some interviews with some of the speakers in my track. I was talking with Brian Keller about the brand new VS2010 Testing Toolset, which is really a major area of invest for the VS 2010 release. Honestly with the VS 2008 we had not too much tooling in this area, but this is changing now If you want to know what is coming check this out.

Enjoy!"

Christian Binder

http://blogs.msdn.com/cbinder

Technical Preview for CAT.NET 2.0

Jossie — Fri, 11 Dec 2009 19:32:00 GMT

Maqbool Malik and Anil Revuru (RV), from Microsoft Information Security, talk about the newly designed version of CAT.NET which will be part of the Assessment & Protection (A&P) suite.

CAT.NET is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL Injection, CSRF, XSS among others, within managed code. This version is currently a technical preview which works on the command line only though for its release it will be integrated with Visual Studio's UI under the Code Analysis tab. In this interview you can learn all the new features as well as details on how to provide feedback on the tool.

The CTP (Community Technology Preview) for this tool is available in Microsoft Connect – Information Security Tools.

Learn more about this tool by reading examples on how to run it by following the Security Tools Team blog.

Using the Web Protection Library (WPL) - CTP Version

Jossie — Wed, 25 Nov 2009 00:00:00 GMT

Anil Revuru (RV), from Microsoft Information Security, walks us through the expansion of what used to be the Anti-XSS Library. This enhanced version of the library will introduce mitigation to other attacks like:

SQL Injection
Cross-Site Request Forgery (CSRF)
Setting Enforcement like SSL & HTTP_ONLY cookies
Security Runtime Engine for SQL Injection & XSS
Among others

The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools.

Read CTP announcement and follow the Security Tools Team blog.

Using Web Application Configuration Analyzer (WACA) - CTP Version

Jossie — Tue, 24 Nov 2009 23:58:00 GMT

Anil Revuru (RV), from Microsoft Information Security, walks us through a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment & Protection (A&P) Suite video.

WACA is designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings. It is helpful for verifying your configuration while unit testing and ensuring there are no issues when the application is in production.

The CTP (Community Technology Preview) for this tool is available in Microsoft Connect – Information Security Tools.

Read CTP announcement and follow the Security Tools Team blog.

Web Application Configuration Analyzer (WACA)

Jossie — Fri, 20 Nov 2009 22:21:00 GMT

Anil Revuru (RV), from Microsoft Information Security, introduces a configuration verification tool that will be part of a suite of tools that will help you assess your code as well as protect it. For more info watch the Assessment & Protection (A&P) Suite video.

WACA is designed to scan your development environment against best practices for .NET security configuration, IIS settings, SQL Server Security best practices and some Windows permission settings. It is helpful for verifying your configuration while unit testing and ensuring there are no issues when the application is in production.

The CTP (Community Technology Preview) for this tool is available in Microsoft Connect – Information Security Tools.

Read CTP announcement and follow the Security Tools Team blog.

Assessment and Protection Suite

Jossie — Thu, 12 Nov 2009 17:21:00 GMT

Anil Revuru (RV) and Mark Curphey, from Microsoft Information Security, introduce what would be in the future a suite of tools that will help you assess your code as well as protect it. This is called the Assessment & Protection (A&P) Suite and it includes the following tools:

Web Protection Library (WPL) – which includes Anti-XSS, SRE, mitigation of SQL Injection, CSRF among others
CAT.NET
Web Application Configuration Analyzer (WACA)
and room for more future add-ons

The CTP (Community Technology Preview) for these tools are available in Microsoft Connect – Information Security Tools. These are currently individual as they shift to one-install.

Read CTP announcement and follow the Security Tools Team blog.

Enhanced Web Protection Library

Jossie — Thu, 12 Nov 2009 17:21:00 GMT

Anil Revuru (RV), from Microsoft Information Security, introduces the expansion of what used to be the Anti-XSS Library. But web vulnerabilities are not only around Cross-Site Scripting (XSS) attacks. This enhanced version of the library will introduce mitigation to other attacks like:

SQL Injection
Cross-Site Request Forgery (CSRF)
Setting Enforcement like SSL & HTTP_ONLY cookies
Security Runtime Engine for SQL Injection & XSS
Among others

The CTP (Community Technology Preview) is available in Microsoft Connect – Information Security Tools.

Read CTP announcement and follow the Security Tools Team blog.

Microsoft Security Development Lifecycle (SDL) and Software Security Today

Charles — Fri, 06 Nov 2009 21:49:00 GMT

The Microsoft Security Development Lifecycle (SDL) team recently released two new security tools, BinScope Binary Analyzer and MiniFuzz File Fuzzer, to help you write more secure code. Jeremy Dallman, Michael Howard, and Ivan Medvedev created these tools so we decided to pay them a visit to chat about what these tools do and why they matter. Of course, it's been way too long since Michael Howard has preached to us from his security soapbox so we just had to get him talking about the general state of software security today and where it's going!

For the Microsoft SDL team, SDL is as much a lifestyle as it is a software development lifecycle. Developers, thrive securely so that others may securely thrive. Oh yeah, brothers and sisters. I'm sensing the need for a security soapbox show on 9. We need more preaching. There's still far too many developers writing insecure code. "Reverend" Howard, are you game, sir?

Get BinScope and MiniFuzz on SDL Tool Repository. Please use them!!!

Stay updated on the SDL at:

http://www.microsoft.com/sdl

http://blogs.msdn.com/sdl

Anti-XSS Library v3.1: Find, Fix, and Verify Errors

Jossie — Wed, 23 Sep 2009 17:20:00 GMT

Anil Revuru (RV) from Microsoft Information Security, gives a demonstration of the new features on the Anti-XSS Library v3.1 including HTML Sanitization which provides new methods to the Anti-XSS class to strip malicious characters or scripts off of HTML and returns safe HTML.

He talks about:

What is Cross-Site Scripting Attack (XSS)
How to detect Cross Site Scripting Vulnerabilities
Introduction of Anti-XSS Library
What’s new in Anti-XSS Library 3.1
Anti-XSS 3.1 demo
Security Runtime Engine (SRE)
SRE Demo

To learn more about this application and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

Overview of the Anti-XSS Library
Download: Microsoft Anti-Cross Site Scripting Library v3.1

Connected Information Security Framework: Core Components

Jossie — Wed, 23 Sep 2009 17:19:00 GMT

Marius Grigoriu and Vineet Batta, from Microsoft Information Security, talk about the technical components for the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker.

Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range.

They explain the core pieces CISF consists of like: Business Intelligent, Portal, Notification, and others that help build information security applications cheaper, faster, and better

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog

To see an overview of what CISF is watch the video: CISF: Build Custom Security Solutions

CISF CTP download

CISF: Build Custom Security Solutions

Jossie — Fri, 18 Sep 2009 03:31:00 GMT

Mark Curphey and Marius Grigoriu, from Microsoft Information Security, talk about the release of the first version of Connected Information Security Framework (CISF). A software development framework comprising of API’s and reusable components that is designed to create bespoke or custom information security and risk management solutions like Risk Tracker.

Microsoft’s IT Information Security Tools Team designs and develops CISF to “engineer the security delta” meaning as a way to rapidly meet business requirements and create functionality that doesn’t exist or is not yet available in their product range.

They explain benefits found on this framework including:

Building information security applications cheaper, faster, and better
Migrate applications efficiently and effectively to their products when they become available

To learn more about this framework and stay up to date on the latest news, read the following blogs from Information Security and previous posts from the Security Tools Team blog.

CISF CTP download

Inside Windows 7: RADAR - Windows Automatic Memory Leak Detection

Charles — Tue, 15 Sep 2009 15:29:00 GMT

RADAR is a memory leak detection technology built into Windows 7 and integrated with Watson (error reporting) and AutoBug (automatic bug filing). It allows Microsoft product teams and third parties to discover and fix memory leaks early in the product cycle and after release. Since RADAR runs on customer machines, leaks can be caught during public betas, after release, and by third parties, thus ridding the entire ecosystem of memory leaks. RADAR-shipped components are highly optimized to have no appreciable performance impact.

Meet RADAR developers Stephan Doll, Baskar Sridharan, Anthony Lorelli‎ and Keshava Subramanya. They dig into the architecture, design and implementation of this great technology. RADAR helps make Windows more reliable and stable by automatically pinpointing memory leaks in code that are then packaged up in bug reports that land in the hands of developers responsible for the memory leaking code. This means quicker to market solutions and knowledge gain that will prevent the same bugs from cropping up again: developers learn what went wrong and why so wthey won't make the same mistakes again. You'll learn about the most common mistakes made and you should use this to prevent memory leaks in your own native code.

Tune in. Learn.

Anti-XSS 3.0 Released

Jossie — Wed, 15 Jul 2009 16:12:00 GMT

Vineet Batta and Anil Revuru (RV), from Microsoft Information Security, talk about the release of the new version of the Anti-XSS library, which is designed to encode output to help developers protect their ASP.NET web-based applications from cross-site scripting attacks.

They explain the new features and benefits found on version 3.0, including:

Extended white list
Better performance
MSDN Style Help documentation
Marked Anti-XSS Output
Security Runtime Engine (SRE)

To learn more about this library read the following blogs from the Security Tools Team blog and previous posts.

Threat Modeling LOB Applications with TAM 3.0

Jossie — Mon, 06 Jul 2009 22:38:00 GMT

Andrew Law, from Microsoft Information Security, walks us through the creation of a threat model for a line-of-business application using the Threat Analysis & Modeling tool version 3.0. This screencast includes the definition and purpose of a threat model as well as its alignment with the SDL-LOB.

Threat Model ownership is discussed as well as the use of the central repository, common task list and how to leverage them to automatically generate threats.

Learn more on the Threat Modeling site & Information Security Tools blog.

SQL Detect

Jossie — Mon, 06 Jul 2009 19:41:00 GMT

SQL Detect is a SQL injection filter in real-time mode. When a request happens in the application the tool applies different heuristics to the data and tries to identify the attack. After the request is validated it proceeds.

Maqbool Malik, from Microsoft Information Security, describes how this is one of the tools to be included in the to-be-released Security Runtime Engine (SRE).

To learn more about their tools, read the Information Security Tools blog.

Architecture Behind CAT.NET

Jossie — Mon, 29 Jun 2009 22:24:00 GMT

Ben Livshits, from Microsoft Research, talks about the architecture behind CAT.NET, which is a static analysis tool on Visual Studio that helps find vulnerabilities like SQL Injection, CSRF, XSS among others, within managed code.

Ben’s knowledge on static and dynamic dataflow analysis made him a key contributor on the creation of CAT.NET. He walks us through different examples of how the data analysis happens depending on complexity and explains how precision varies.

Learn more about Microsoft Information Security Tools.

www.msinfosec.com

Threat Analysis & Modeling Tool - TAM 3.0

Jossie — Mon, 29 Jun 2009 20:43:00 GMT

Anil Revuru (RV), from Information Security Tools, provides an overview of the new version of TAM (Threat Analysis & Modeling), an asset-centric tool which uses an objective methodology to analyze applications for threats and define mitigation plans for them. TAM aligns to the SDL-LOB as part of the Design phase.

RV describes the new features in this version, including the online repository for the attack countermeasures, automated use cases creation, composite threats, among others.

Learn more:

Tool Shed Tooltip #7: VSTO from Episode 1

Russell Fustino — Thu, 18 Jun 2009 15:59:00 GMT

It makes sense if users in your organization are using Office 2007 or 2003 to consider building your application on top of one of the many office products. Learn how in this video.

What is it?
Visual Studio Tools for Office is the premiere development tool for building Office Business Applications.

Download Site: included with VS 2008 Pro at msdn.microsoft.com/vstudio

Example Problem(s) it solves:
You want to automate a task in Excel for budget info that stores info to a DB and creates an email or Power Point from it automatically
Enhance Word s ribbon with your own companies customized set of tools.

Installation Notes: You need to have office 2007 installed on your development machine. Trial is available.

This clip is Russ' Tool Shed Tooltip #7, the seventh and final of the clips from Episode One of the TV Show, Russ' Tool Shed presents... It's All About The Tools hosted by Russ Fustino and Co-Host Stan Schultes. Download code, ppt and demo script from http://code.msdn.com/toolshed for all episodes. Also, use the links on http://channel9.msdn.com/toolshed to download tools. Finally, check out some more great videos on the Developer Evangelist East site: http://channel9.msdn.com/dpeeast

Tool Shed Tooltip #6: WPF Styling from Episode 1

Russell Fustino — Wed, 17 Jun 2009 14:19:00 GMT

Check this one out. WPF Application Styling (without any code!). Yikes! See the World premier demo of this great third party tool from Infrgistics. In my opinion, this was the coolest demo in Episode 1. See Microsoft MVP Jason Beres in action as the guest presenter for this awesome demo!

What is it?
No-code, no-visual designer way to style WPF applications.

Download Site:
Styling CTP: http://www.infragistics.com/wpfstyling
Free WPF Datagrid: http://www.infragistics.com/downloads/

Example Problem(s) it solves:
Brings hi-fidelity, professional styling to WPF applications for teams that do not have visual designers on staff
Makes your WPF applications sizzle!

Installation Notes:
Download and install NetAdvantage Win Client: http://www.infragistics.com/downloads/default.aspx

Download CTP from early adopter website: http://www.infragistics.com/wpfstyling

Usage Notes: Currently in CTP.

This clip is Russ' Tool Shed Tooltip #6, the sixth of the clips from Episode One of the TV Show, Russ' Tool Shed presents... It's All About The Tools hosted by Russ Fustino and Co-Host Stan Schultes. Download code, ppt and demo script from http://code.msdn.com/toolshed for all episodes. Also, use the links on http://channel9.msdn.com/toolshed to download tools. Finally, check out some more great videos on the Developer Evangelist East site: http://channel9.msdn.com/dpeeast

Tool Shed Tooltip #5: Windows Live SkyDrive from Episode 1

Russell Fustino — Tue, 16 Jun 2009 14:16:00 GMT

Need extra storage? How about 25 gig in the sky? Use this free hard drive in the sky to share your code, documents, powerpoints, photos and videos.

What is it?
Password-protected online file storage. Always available where you need it.

Download Site: http://skydrive.live.com

Example Problem(s) it solves:
Store files for yourself
Share files with friends
Share files with the world

Installation Notes: Live ID required

Usage Notes: 25 Gig storage – free!

This clip is Russ' Tool Shed Tooltip #5, the fifth of the clips from Episode One of the TV Show, Russ' Tool Shed presents... It's All About The Tools hosted by Russ Fustino and Co-Host Stan Schultes. Download code, ppt and demo script from http://code.msdn.com/toolshed for all episodes. Also, use the links on http://channel9.msdn.com/toolshed to download tools. Finally, check out some more great videos on the Developer Evangelist East site: http://channel9.msdn.com/dpeeast