My fellow Microsoft Regional Director, Jonathan Goodyear recently wrote a very full and detailed description of what the Microsoft Regional Director program really is, that should help anyone who still thinks I am a MS employee.
I hope this helps clarify things a bit, though I do expect to still have to go through this once a week for those that don’t read this blog 
All posts by phynds
MS from the Inside and the Developer Community from the Outside
My good friend, Eileen Rumwell, has started blogging. Her blog is something I plan to keep watching especially since in the short time it has been up she has already thrown out some great insights. The really cool thing is that having come from a marketing background, Eileen has been thrust among developers for quite a few years now. Working at Microsoft she has great insight and maybe more importantly she also has insight into how we developers outside MS work and think about our role.
Eileen’s latest post starts off talking about her dogs and quickly points out that developers seem to think that security is not their problem. I have seen this attitude quite a bit, but typically I get to beat it out of those who exhibit it to me since I am often cleaning up after a problem or onsite to beat it out of them.
Ignorance and apathy are both alive and well in the development community. It isn’t the people who are motivated and willing to drag themselves to the user group meetings that are the problem it is those that are likely too lazy to even read a blog about their chosen profession let alone one about something tangential to it. If we hold our breath long enough the world will evolve and security will be baked in to everything that matters, but that is still a long way off if a majority of those building the future think that this whole security thing is a fad. Lets vote them off the island.
It usually isn’t what we expect that gets us…
Time magazine’s cover story is about how people are scared of very, very unlikely things such as bird flu which hasn’t killed anyone in the US while the regular flu kills tens of thousands each year.
Security is the same way. I often see organizations worrying about “Carlos the mad hacker” when their own IT staff might be the real threat.
Cross Site Scripting protection made easy (er)
Microsoft has just released their new Anti-XSS library which helps developers do the right thing more often without as much effort as before.
If you are interested in this (and trust me, you are) your first stop is to go to the tutorial and see how it is done. As you will see it isn’t stupid simple, but an improvement.
Once you get confortable then go to the official page and download the library and make it part of all your web projects.
Preventing Software Piracy
Chad Hower is a smart guy and I came across his post on protecting the software you write from pirates right at a time that we were revisting the question ourselves.
On the whole I agree with Chad, while he comes off as against anti-piracy in the beginning of the post, in the end you realize that he is just advocating for a measured response. I couldn’t agree more.
This is very much the whole, “In order to save the village we had to destroy it lesson” where you get very diminishing returns if you go too far off the deep end in trying to make your code pirate proof.
Data Destruction
I have commented before on this issue and a recent blog post forwarded to me has dredged up the topic again.
If you want to get rid of a drive after retiring a server or getting indicted then most of the things you can think to do to that drive will not remove the data. You can rewrite the drive over and over, you can shatter the platters with a hammer and as we see in the link above you can even roast the drive and it is still possible to get at some of the data if not all of it.
For my money the only way to go is acid bath. If you don’t remove the surfaces of the platters then someone will figure out how to get the data.
Code Camp 6 in Waltham, MA
Code Camp 6 is tomorrow at the MS office in Waltham and this is the first one since the original world premier Code Camp that I am going to miss.
With Thom Robbins moving on to Redmond and the rush of business that everyone seems to be seeing, this 6th edition didn’t come together nearly as early as previous editions.
I apologize for not making it, but since it is slimmed down to a single day this time and I specifically have a conflict tomorrow, I won’t be there.
I expect we will do a better job for Code Camp 7 and provide much more advanced warning and I will do my best to defend the date
FUD
Sometimes the Fear, Uncertainty and Doubt (FUD) argument is very well disguised. In an article the Chief Scientist at McAfee is decrying some of the new features that MS is putting into Vista to try and stop virus infection and the spread of spyware. This is terribly self serving as in my opinion his argument is that you can’t sell people better doors for their house because then they not only won’t need my security system, but the doors will keep the police out when a criminal arrives.
Everyone is entitled to their opinion and the comments under the article show that alot of people who read this opinion, share mine.
Disabling Vista’s UAC feature
As Vista nears launch there are some things you will want to know. Will it support your hardware? Where are the secret buttons that make it usable?
Today’s post helps answer that second one.
By all reports UAC (User Account Control) can drive even the most security minded user insane with death of a thousand dialogs.
While I don’t recommend just shutting off any feature that is designed to increase security in the OS (as UAC is), still we have to get work done and it might help you navigate so that you can reenable it once your system is as you like it.
Having said that, Steven Smith of ASPAlliance.com pointed me at this article that shows several ways to shut UAC off.
Mandatory Integrity Control in Vista
Steve Riley had a good long post on his blog about Mandatory Integrity Control as it is implemented in Vista that drew even longer comments.
Great concept, as you will see from several of the comments, this isn’t the first implementation, but I expect it will be the first to get nearly universal distribution
The big concern is whether the bugs will be worked out for release. I am betting yes, though I expect a Service Pack will come someday to bring the real value of this home.