Entries:
Comments:
Posts:

Loading User Information from Channel 9

Something went wrong getting user information from Channel 9

Latest Achievement:

Loading User Information from MSDN

Something went wrong getting user information from MSDN

Visual Studio Achievements

Latest Achievement:

Loading Visual Studio Achievements

Something went wrong getting the Visual Studio Achievements

Discussions

blowdart blowdart Peek-a-boo
  • Cortana sounds better than E3 speakers.

    I saw people on twitter complaining about the accents of the e3 speakers. Which was pathetic.

  • Grrr. MSDN subscription downgraded from VS Ultimate to VS Professional - What will I lose?

    Unit testing is in Pro

  • Windows to support SSH natively

    I could see tunneling an RDP session

    Why would you want to? RDP is natively encrypted, and if you want identification of the server it can use TLS.

  • How to repair an Access database

    Let's not go swapping serial numbers for commercial software thanks. Thread locked.

  • Use of a managed hosts file to block malware - debate?

    , evildictait​or wrote

    *snip*

    There will never be a delay, because the network cost of performing a UDP roundtrip to an upstream DNS server will always dwarf any local in-memory lookup through the hosts file.The "performance cost" is a red-herring made-up excuse by the person Noel was talking to because Noel called them out on their BS that using a "hosts file" is somehow "wrong".

    You could argue if you used an address other than 0.0.0.0 that there's a cost in trying to reach the IP. People used to use localhost.

  • IIS and SQL on the same server or VM -

    , MurliKoushik wrote

    But nowadays, I think that with the security built into current platforms such as WS 2012 and 2012 R2 and surely the upcoming Threshold/Win10 release, this problem is diminishing in importance when viewed from a security angle.  This is even more so if the IIS layer is internal facing rather than internet-facing.

    Time to put on my security hat.

    So, I wouldn't be so trusting. You're right when you say that security in the OS level has increased, but as more and more developers right web sites the security of web applications has, well, decreased. Most attacks now target the applications, not the infrastructure, and if you look at how many SQL injection attacks happen successfully ever year we, as an industry, aren't fixing even the most basic problems well. This is both a matter of education and framework design (use an ORM people, please).

    And just because it's an internal app doesn't make it any less attackable. Permera, google, et al have been the subject of attacks where malware has ran within the corporate network, attacking internal applications and stealing data and secrets simply because people assume that internal is safe. It's not. Internal networks should be treated as hostile.

    Personally I'd keep them apart for easier scale up and scale out more than security.

  • Is the corporate LAN dying or Google just wants to make a point of avoiding MS

    A cloud provider's security team dwarfs many IT departments.

    Yes, but they're looking after the cloud machines, not the customer apps running on them.

    This is one mistake that rankles at me. "Move to the cloud and we'll be more security" - nope, if the app you're moving has XSS, SQL injection or any of the other myriad points of failure those will still exist. For example cloud DoS support is normally about keeping the cloud infrastructure up, not your actual app.

  • This is how important POSIX "experience" is

    You know I close threads once they descend into personal bickering.

    Guess what, I do the same when they start off as personal bickering too.

  • VS2015-​Community RC

    Side by side. VS has always been side by side.

  • Best of //build/

    , vesuvius wrote

    Sven, blowdart and the rest work on commercially sensitive work

    Most of my stuff is open source. But it's security related, so I'm always tight lipped anyway.

    But the main reason I don't talk much about it here is people have taken it as official MS statements and used that to justify positions or arguments with MS. Same reason I stopped blogging.