MS from the Inside and the Developer Community from the Outside

My good friend, Eileen Rumwell, has started blogging.  Her blog is something I plan to keep watching especially since in the short time it has been up she has already thrown out some great insights.  The really cool thing is that having come from a marketing background, Eileen has been thrust among developers for quite a few years now.  Working at Microsoft she has great insight and maybe more importantly she also has insight into how we developers outside MS work and think about our role.

Eileen’s latest post starts off talking about her dogs and quickly points out that developers seem to think that security is not their problem.  I have seen this attitude quite a bit, but typically I get to beat it out of those who exhibit it to me since I am often cleaning up after a problem or onsite to beat it out of them.

Ignorance and apathy are both alive and well in the development community.  It isn’t the people who are motivated and willing to drag themselves to the user group meetings that are the problem it is those that are likely too lazy to even read a blog about their chosen profession let alone one about something tangential to it.  If we hold our breath long enough the world will evolve and security will be baked in to everything that matters, but that is still a long way off if a majority of those building the future think that this whole security thing is a fad.  Lets vote them off the island.

Cross Site Scripting protection made easy (er)

Microsoft has just released their new Anti-XSS library which helps developers do the right thing more often without as much effort as before.

If you are interested in this (and trust me, you are) your first stop is to go to the tutorial and see how it is done.  As you will see it isn’t stupid simple, but an improvement.

Once you get confortable then go to the official page and download the library and make it part of all your web projects.

Preventing Software Piracy

Chad Hower is a smart guy and I came across his post on protecting the software you write from pirates right at a time that we were revisting the question ourselves.

On the whole I agree with Chad, while he comes off as against anti-piracy in the beginning of the post, in the end you realize that he is just advocating for a measured response.  I couldn’t agree more.

This is very much the whole, “In order to save the village we had to destroy it lesson” where you get very diminishing returns if you go too far off the deep end in trying to make your code pirate proof.