http://localhost:3000 Technology executive and thought leader with expertise in scaling businesses, building high-performing teams, and driving innovation in the tech industry. en-us Fri, 06 Mar 2026 20:23:04 GMT http://localhost:3000/blog/browser-competition-2-0 http://localhost:3000/blog/browser-competition-2-0 With the recent announcement from Microsoft that they will adopt Chromium for future development of their Edge browser, I think things are going to get interesting and not in the usual bad way that usually means. Here is a link to the post by Joe Belfiore for reference. In decades past we have seen... Fri, 07 Dec 2018 16:16:30 GMT contact@patrickhynds.com (Patrick Hynds) development events open-source browser microsoft chromium edge http://localhost:3000/blog/becoming-homo-adaptus http://localhost:3000/blog/becoming-homo-adaptus It has become apparent to me that the world has reached an inflection point. It used to be that when you were in school you had to figure out what you wanted to be when you grow up and work very hard to acquire skills that would determine your success in that chosen profession. I have often... Sat, 14 Apr 2018 00:50:42 GMT contact@patrickhynds.com (Patrick Hynds) entrepreneurism time-management career world adaptus homo inflection http://localhost:3000/blog/time-management-multi-tasking-and-recent-studies http://localhost:3000/blog/time-management-multi-tasking-and-recent-studies If you are like me, you have been in a constant struggle that finds you striving to get more done in less time.  Eventually you get to the point that you have to let things go from your to do list (que Frozen soundtrack here).  To top it off there has been a recent backlash... Sun, 28 Dec 2014 17:06:21 GMT contact@patrickhynds.com (Patrick Hynds) time-management less productivity tablet multi tasking studies http://localhost:3000/blog/windows-permissions-and-ownership-for-admins http://localhost:3000/blog/windows-permissions-and-ownership-for-admins A conversation that comes up often concerns what rights a Windows Administrator (domain or local) has to folders and files. The common assumption is that being an Administrator is the backstage pass, but while it is somewhat true, the details are a bit more complex. Windows did not get to survive... Sun, 20 Apr 2014 19:43:37 GMT contact@patrickhynds.com (Patrick Hynds) network security windows ownership administrator permissions rights http://localhost:3000/blog/open-mind-infinite-potential http://localhost:3000/blog/open-mind-infinite-potential As I have been running various organizations I have detected a key trend that I think delivers a critical insight. I find that people who are open to have their perspective changed are able to adapt to our changing technology world much better than those that are not open to changing their mind.... Fri, 07 Feb 2014 19:46:13 GMT contact@patrickhynds.com (Patrick Hynds) management personal software-dev cloud their changing open http://localhost:3000/blog/thoughts-on-voting http://localhost:3000/blog/thoughts-on-voting As the Presidential elections draw closer here in the US, I have been having conversations with a number of people who do not vote and in many cases have no intention of voting. I found this attitude baffling at first, but have grown to understand that it comes from a lack of understanding of the... Tue, 04 Sep 2012 19:46:45 GMT contact@patrickhynds.com (Patrick Hynds) personal voting attitude presidential elections closer conversations http://localhost:3000/blog/teched-bof-session http://localhost:3000/blog/teched-bof-session The details of my session at TechEd in Orlando are posted  here . Hope to see you there! Sat, 05 May 2012 19:47:43 GMT contact@patrickhynds.com (Patrick Hynds) events speaking teched session orlando posted http://localhost:3000/blog/boston-code-camp-coming-up http://localhost:3000/blog/boston-code-camp-coming-up There is still time to sign up for the upcoming Boston Code Camp! Go to here for details. Hope to see you there! Tue, 18 Oct 2011 19:49:44 GMT contact@patrickhynds.com (Patrick Hynds) events boston code camp upcoming http://localhost:3000/blog/user-security http://localhost:3000/blog/user-security A friend of mine forwarded me a link to a provocative paper by Microsoft Research that called into question whether the security advice provided to users for their online activities is useful based on a risk-reward calculation. The link and the PDF document can be found here . At first glance I... Tue, 12 Jul 2011 20:24:02 GMT contact@patrickhynds.com (Patrick Hynds) security user-group best-practice microsoft browser course hacker http://localhost:3000/blog/sd-times-here-i-come http://localhost:3000/blog/sd-times-here-i-come I am happy to announce that very soon I will be providing a monthly article in the SD Times on Microsoft Technology. With this regular writing task to spur me on I expect (and hope) to be doing alot more blogging as well… Tue, 24 May 2011 01:23:44 GMT contact@patrickhynds.com (Patrick Hynds) development microsoft happy announce providing monthly technology http://localhost:3000/blog/disciplined-entrepreneurism http://localhost:3000/blog/disciplined-entrepreneurism Recently I have had two of my most senior employees come to me seperately and suggest new products for the company to build. I encourage this of course, but find I have to help them understand some things about what I call Disciplined Entrepreneurism. Ultimately when you decide to build a product... Sun, 27 Feb 2011 20:36:29 GMT contact@patrickhynds.com (Patrick Hynds) entrepreneurism software-dev wp7 course facebook iphone windows http://localhost:3000/blog/juggling-tasks http://localhost:3000/blog/juggling-tasks While I resisted Twitter for a long time, not too long ago I started following selected individuals on Twitter including Richard Campbell (richcampbell on twitter). I plan to start using Twitter myself hopefully to communicate things of value, but for now I am using it as a comsumer. This morning... Sun, 20 Feb 2011 19:12:50 GMT contact@patrickhynds.com (Patrick Hynds) management security twitter juggling richard tasks resisted http://localhost:3000/blog/ibm-cloud-data-center-in-china-epic-blunder http://localhost:3000/blog/ibm-cloud-data-center-in-china-epic-blunder IBM has decided to build the mother of all Cloud Computing data centers in of all places, China. I will advise all that will listen that this is a fantastic blunder since China is the absolute worst choice for such a resource. I do not want any of my corporate code and data or the data from... Fri, 18 Feb 2011 03:00:04 GMT contact@patrickhynds.com (Patrick Hynds) cloud ibm microsoft azure amazon security china http://localhost:3000/blog/look-at-azure-now-again http://localhost:3000/blog/look-at-azure-now-again If you looked into playing with Azure in the past, but did not jump in then it is time to take another look. Microsoft has added options over the last year that really remove objections to trying it out. If you have an MSDN subscription then you pretty much get a free playground in Azure that is... Tue, 15 Feb 2011 16:46:09 GMT contact@patrickhynds.com (Patrick Hynds) development software-dev web-hosting azure microsoft windows playing http://localhost:3000/blog/to-egypt-and-all-my-friends-there http://localhost:3000/blog/to-egypt-and-all-my-friends-there I have talked to many of you over the course of the past week and have been cautious due to the fact that I was concerned for your safety. A failed rebellion is a painful thing especially when it is not known who will lead the aftermath. Now that I see the resolve in my friends there I know that... Fri, 28 Jan 2011 16:09:35 GMT contact@patrickhynds.com (Patrick Hynds) personal course friends rebellion egypt talked cautious http://localhost:3000/blog/good-advice-setup-edition http://localhost:3000/blog/good-advice-setup-edition My friend and collegue Adam Cogan is a big proponent of documenting best practices. In fact his company, SSW puts all kinds of lists of these best practices up on their website. Recently Adam chimed in on a list we are both on with a link to the best practices (Rules) around setup and I realized... Thu, 30 Dec 2010 15:09:52 GMT contact@patrickhynds.com (Patrick Hynds) software-dev best-practice sql practices setup advice edition http://localhost:3000/blog/sql-myths-must-read http://localhost:3000/blog/sql-myths-must-read Paul Randall has a compiled document with all his blog posts on SQL Myths that I think is a must read if you consider SQL Server part of your core competence. It is probably not very interesting to pure devs, but I would still suggest you take a scan of this so you can avoid making assumptions that... Tue, 21 Dec 2010 04:13:08 GMT contact@patrickhynds.com (Patrick Hynds) network software-dev sql-server myths randall compiled document http://localhost:3000/blog/crisis-management http://localhost:3000/blog/crisis-management We have a saying in the various companies with which I associate and it is “Any fool can manage success, but it takes talent to manage a crisis”. The leader, project manager, team leader, or whatever you call the person in charge has to not be wishful. This sounds easy, but in my experience it is... Fri, 17 Dec 2010 22:15:08 GMT contact@patrickhynds.com (Patrick Hynds) management software-dev team-lead deployment leader crisis wishful http://localhost:3000/blog/new-security-podcast-coming-soon http://localhost:3000/blog/new-security-podcast-coming-soon Michele Bustamante and I have started recording the first episodes of our new security focused podcast LockDown. While the website is up, it has place holder content describing Carl Franklin of .Net Rocks fame as our first guest (that was the original plan). However as usual Carl was flying around... Thu, 16 Dec 2010 17:37:11 GMT contact@patrickhynds.com (Patrick Hynds) development lockdown-podcast security speaking dotnet soon michele http://localhost:3000/blog/windows-identity-framework-training-kit-available http://localhost:3000/blog/windows-identity-framework-training-kit-available The Microsoft Identity story has matured quite a bit in the last couple of years and now would be a good time to get up to speed if you have been waiting for the train to get some speed. Vittorio Bertocci has pulled together the training he has been delivering around the world into a training kit... Tue, 06 Jul 2010 03:09:18 GMT contact@patrickhynds.com (Patrick Hynds) security time-management entity-framework training windows microsoft cloud http://localhost:3000/blog/in-wielding-power-apple-has-hurt-itself http://localhost:3000/blog/in-wielding-power-apple-has-hurt-itself I have noticed a very interesting reaction recently to the way Apple has been throwing their weight around controlling who and what can be put in the appstore. Until a month or so ago there was a legion of companies and developers in my own circle, figuring out how they would enter the market and... Wed, 02 Jun 2010 15:56:03 GMT contact@patrickhynds.com (Patrick Hynds) software-dev apple iphone ipad adobe rest business http://localhost:3000/blog/advice-for-small-org-backup-on-a-budget http://localhost:3000/blog/advice-for-small-org-backup-on-a-budget I was recently asked how to cost effectively do backup and Disaster Recovery (DR) for a 50 or so person organization. Here is what I have found to be a pretty good way to go that won’t break the bank. For an organization this size I use Backup Assist (http://www.backupassist.com). It leverages... Mon, 08 Feb 2010 02:29:29 GMT contact@patrickhynds.com (Patrick Hynds) network disaster-recovery windows exchange sql office less http://localhost:3000/blog/very-sophisticated-hack-get-used-to-it http://localhost:3000/blog/very-sophisticated-hack-get-used-to-it The latest security threat as outlined here has hit over 100,000 people already and if you read through the details of how organized the attack is you will understand why it has been so successful. The problem is that while we have to protect ourselves from every threat, the bad guys only have to... Fri, 11 Dec 2009 04:04:30 GMT contact@patrickhynds.com (Patrick Hynds) security vulnerability threat hack sophisticated outlined people http://localhost:3000/blog/dangerous-interventions http://localhost:3000/blog/dangerous-interventions It seems that everytime the government gets involved in high tech, things go wrong. Today I found out that there is a looming intervention that I think could potentially screw up one of the biggest successes in US based high tech, namely processor technology. If you get time soon check out the... Thu, 10 Dec 2009 03:54:36 GMT contact@patrickhynds.com (Patrick Hynds) software-dev dangerous interventions everytime government involved looming http://localhost:3000/blog/the-greatest-strength http://localhost:3000/blog/the-greatest-strength Lately I have been helping customers find talented developers. As the topic of many books, courses, web sites and numerous other sources (many of which I have read or used) it is a problem that I find keenly interesting. There are of couse many, many ways to look at it, but I think I have found the... Fri, 04 Dec 2009 03:42:33 GMT contact@patrickhynds.com (Patrick Hynds) management hiring strength greatest lately helping customers http://localhost:3000/blog/php-and-mysql-vs-asp-net-and-sql-server http://localhost:3000/blog/php-and-mysql-vs-asp-net-and-sql-server Over the last year I have gotten an education on PHP and MySQL web sites to go along with my existing expertise with ASP.Net and SQL Server. It turns out that I purchased a web site a little over a year ago that supports gamers who play World of Warcraft (a game I have played for years). The site... Wed, 02 Dec 2009 04:25:14 GMT contact@patrickhynds.com (Patrick Hynds) development sql-server mysql dotnet asp-net iis education http://localhost:3000/blog/usability-is-king http://localhost:3000/blog/usability-is-king I have been working on commercial products for a long time and repeatedly have seen companies compete with similar solutions. Often one is the technology leader and innovates while the other plays catch up and only survives by clever marketing. Sometimes the laggard can become the market leader,... Sun, 29 Nov 2009 02:34:27 GMT contact@patrickhynds.com (Patrick Hynds) software-dev leader market king usability products commercial http://localhost:3000/blog/pdc-notes http://localhost:3000/blog/pdc-notes I just got back from the Microsoft PDC in LA and have been thinking about what I saw there. It turns out that I have come to a couple of conclusions that I will surely post more about in the future, but for now here is the overview. First there were several Windows Azure announcements that have... Mon, 23 Nov 2009 01:36:45 GMT contact@patrickhynds.com (Patrick Hynds) development events azure microsoft windows cloud sql http://localhost:3000/blog/contracts-101 http://localhost:3000/blog/contracts-101 For many, many years I have been writing and reviewing contracts between my company and clients. As a result I have some insights into how things can be made to work more simply. First up, this is not legal advice, just me sharing some experiences. You should always run your contracts by your... Mon, 16 Nov 2009 16:15:39 GMT contact@patrickhynds.com (Patrick Hynds) contacts management software-dev business rails contracts clients http://localhost:3000/blog/pdc-bof-session-on-security http://localhost:3000/blog/pdc-bof-session-on-security I am packing tonight to head to the PDC in Los Angeles and wanted to tell anyone else who will be attending that I am hosting a Birds of a Feather session at lunchtime on Thursday on security hype . The thesis is that we are seeing a steady stream of over hyped security “issues” that tend to remind... Sat, 14 Nov 2009 03:51:22 GMT contact@patrickhynds.com (Patrick Hynds) events security speaking session packing angeles attending http://localhost:3000/blog/bugs-are-in-the-eyes-of-the-beholder http://localhost:3000/blog/bugs-are-in-the-eyes-of-the-beholder As I work to build commercial software products I am regularly forced to remember that bug is a relative term. That sounds like a weasely way to explain away a fault in your software, but it really does turn out to be true especially when you have been on the ISV side of the conversation. Back in... Thu, 12 Nov 2009 21:02:29 GMT contact@patrickhynds.com (Patrick Hynds) development management software-dev windows microsoft business product http://localhost:3000/blog/hints-that-silverlight-is-hitting-mainstream http://localhost:3000/blog/hints-that-silverlight-is-hitting-mainstream A friend of mine pointed out that now Dolly Parton is leveraging SilverLight and IE8 Web Slices on the site for her new album. I think this is an interesting signpost that SilverLight is rapidly approaching widespread acceptance. Check it out the web slice at the Add on Gallery . Thu, 12 Nov 2009 01:50:43 GMT contact@patrickhynds.com (Patrick Hynds) development silverlight hints hitting mainstream pointed dolly http://localhost:3000/blog/change-of-venue http://localhost:3000/blog/change-of-venue Most of you know me from Criticalsites or NTP Software since those are the two companies with which I have been associated for over a decade now. This post is to tell you all that while I am still doing work with both of these companies they are now my clients rather than my employers.... Wed, 11 Nov 2009 04:30:13 GMT contact@patrickhynds.com (Patrick Hynds) personal speaking training security business criticalsites software http://localhost:3000/blog/countdown-to-pdc http://localhost:3000/blog/countdown-to-pdc I am getting ready to go to the PDC this year and I got to thinking that devs need to dig in now more than ever to stay up to date on the latest and greatest tools available to get their jobs done. I spent this last week teaching a class on SQL Server 2008 at Blended Solutions in Manchester, New... Fri, 06 Nov 2009 03:51:16 GMT contact@patrickhynds.com (Patrick Hynds) events sql-server microsoft countdown ready greatest tools http://localhost:3000/blog/product-key-rules http://localhost:3000/blog/product-key-rules Lately I have been working on developing a new product key system and realized that one of the core rules of the road is not documented anywhere I can find (which is crazy in this day and age when everything is supposed to have already been said). The rule is pretty simple once you think of it. You... Mon, 28 Sep 2009 21:43:27 GMT contact@patrickhynds.com (Patrick Hynds) software-dev license rules product simple lately developing http://localhost:3000/blog/atl-security-vulnerability http://localhost:3000/blog/atl-security-vulnerability Microsoft has just announced that there are security flaws in the Active Template Library (ATL). While many developers will think that this only applies to C programmers and while to some extent they are correct I think it is important to take a lesson from this issue. Micheal Howard has posted a... Wed, 29 Jul 2009 00:31:09 GMT contact@patrickhynds.com (Patrick Hynds) security software-dev vulnerability microsoft developers programmers announced http://localhost:3000/blog/silverlight-version-3-released http://localhost:3000/blog/silverlight-version-3-released Microsoft has always done well with version 3 goes the well worn saying. And so I have high expectations for SilverLight 3 which has just released. Being more involved with Security, Business Processes and Enterprise System Development I have not delved as deeply into SilverLight 1 and 2 as I had... Fri, 17 Jul 2009 15:39:42 GMT contact@patrickhynds.com (Patrick Hynds) development microsoft security business enterprise deployment browser http://localhost:3000/blog/effort-vs-reward http://localhost:3000/blog/effort-vs-reward I am currently reading the book “Outliers, the Story of Success” by Malcolm Gladwell and while I am very interested in the entire book so far I was very struck by a specific passage about half way through dealing with job satisfaction. The quote is, “three things – autonomy, complexity and a... Sun, 17 May 2009 16:32:42 GMT contact@patrickhynds.com (Patrick Hynds) management performance license autonomy reward complexity success http://localhost:3000/blog/marketing-lesson-from-ms http://localhost:3000/blog/marketing-lesson-from-ms Over the years Microsoft has pitched alot of product and while I have always liked the technology (MS Bob, et. al. aside of course) they have not always been the most marketing savvy company when it comes to media. Over the weekend I what promises to be the best leverage of new media by Microsoft... Mon, 11 May 2009 14:00:53 GMT contact@patrickhynds.com (Patrick Hynds) web-hosting microsoft course marketing media lesson pitched http://localhost:3000/blog/my-net-rocks-show-on-why-project-fail http://localhost:3000/blog/my-net-rocks-show-on-why-project-fail My favorite interviewers Carl Franklin and Richard Campbell invited me to appear again on .Net Rocks recently. We talked at length about the circumstances that we often see that cause technical projects in particular to fail. Initial feedback has been quite positive so if you happen to listen to it... Wed, 22 Apr 2009 19:06:07 GMT contact@patrickhynds.com (Patrick Hynds) development software-dev dotnet rocks fail particular project http://localhost:3000/blog/who-decides-the-roadmap-for-commercial-software http://localhost:3000/blog/who-decides-the-roadmap-for-commercial-software Most of the people I know feel uniquely qualified to say how a particular commercial software product should work based on their experiences of using it. It doesn’t matter which product you pick, it is always the same. The problem with this is that it is almost impossible for an individual to be... Mon, 13 Apr 2009 15:27:35 GMT contact@patrickhynds.com (Patrick Hynds) management software-dev course community product commercial their http://localhost:3000/blog/virus-prevention-advice-and-policy http://localhost:3000/blog/virus-prevention-advice-and-policy I sent the following email out to our entire company today and afterwards thought it would be interesting to post if for no other reason than to compare notes with others who grapple with these same issues (i.e. everyone). If you have a company of any size at all I would highly recommend sending... Fri, 03 Apr 2009 21:23:30 GMT contact@patrickhynds.com (Patrick Hynds) management security virus spam business malware less http://localhost:3000/blog/stealing-jobs-from-offshoring-to-robots http://localhost:3000/blog/stealing-jobs-from-offshoring-to-robots I noticed an article on Wired about robots stealing jobs and got to thinking about outsourcing, this down economy and all the conversations I have had (calm and otherwise) about jobs moving offshore. Ultimately I don’t see any reasonable way to stop jobs from following a well established lifecycle... Thu, 02 Apr 2009 13:55:40 GMT contact@patrickhynds.com (Patrick Hynds) development edge course teams stealing robots offshore http://localhost:3000/blog/has-the-open-cloud-manifesto-jumped-the-gun http://localhost:3000/blog/has-the-open-cloud-manifesto-jumped-the-gun In my business we deal with companies that are by their very nature risk averse and hence I only play with the newest tech for our internal projects, the occasional customer emergency and in my free time. Even so I have watched Microsoft’s Azure pretty closely and while I am confident that... Wed, 01 Apr 2009 14:41:31 GMT contact@patrickhynds.com (Patrick Hynds) development web-hosting cloud-computing azure business microsoft testing http://localhost:3000/blog/nh-code-camp-presentations http://localhost:3000/blog/nh-code-camp-presentations I promised to upload my presentations from last month’s New Hampshire Code Camp so here they are… I delivered the keynote address for the event covering how to survive as a developer in this depressed economy. NH Code Camp Feb 2009 Keynote.ppt (592.5 KB) I also got to debut a new session on How to... Fri, 27 Mar 2009 19:28:54 GMT contact@patrickhynds.com (Patrick Hynds) management software-dev speaking presentations keynote session code http://localhost:3000/blog/a-suggestion-for-replacing-uac http://localhost:3000/blog/a-suggestion-for-replacing-uac I am here at the PDC in Los Angeles this week and have heard quite a bit of grumblings about UAC. The MS employees on stage and elsewhere are basically saying that UAC is a necessary evil so that clients do not become vulnerable due to unauthorized software install (and other admin level actions).... Tue, 28 Oct 2008 16:43:09 GMT contact@patrickhynds.com (Patrick Hynds) security malware windows productivity install suggestion software http://localhost:3000/blog/code-optimization-when-speed-is-not-the-only-goal http://localhost:3000/blog/code-optimization-when-speed-is-not-the-only-goal I have worked on many software development projects, both commercial and line of business and every single time I talk about optimization to a developer they always jump to the same conclusion. They think I mean speed of execution. I grant that the majority of the time when people talk about... Thu, 18 Sep 2008 21:44:44 GMT contact@patrickhynds.com (Patrick Hynds) development software-dev optimization business agile security less http://localhost:3000/blog/technical-consulting http://localhost:3000/blog/technical-consulting Life changes pretty fast sometimes when you aren’t watching. I woke up today and realized that much more of my work is involved in keeping projects on the straight and narrow and much less is spent making database fields show up in the right place and with the right user access set. For that reason... Wed, 17 Sep 2008 19:02:16 GMT contact@patrickhynds.com (Patrick Hynds) time-management business less database cloud podcast security http://localhost:3000/blog/edc-2008-session-on-index-optimization-and-performance-tuning http://localhost:3000/blog/edc-2008-session-on-index-optimization-and-performance-tuning I have recently finished my last presentation here in Cairo at the EDC 2008 and wanted to start getting my presentations uploaded for all those who were asking about them. To make things run faster I am uploading them each in their own post especially since the AJAX example hasn’t been packaged... Mon, 14 Apr 2008 15:19:04 GMT contact@patrickhynds.com (Patrick Hynds) sql-server optimization performance ajax microsoft 2008 session http://localhost:3000/blog/security-mindset http://localhost:3000/blog/security-mindset I have often thought about the mindset required to be good at the security game. I hang out with Duane Laflotte alot and he has the whole hacker mindset which lends itself nicely to security even when you aren’t trolling on the dark side. But it was an article that got picked up on Slashdot today... Fri, 21 Mar 2008 13:31:30 GMT contact@patrickhynds.com (Patrick Hynds) security hacker training mindset required duane laflotte http://localhost:3000/blog/edc-session-topics http://localhost:3000/blog/edc-session-topics As I said a couple of days ago, I am speaking again in Cairo in a few weeks at the EDC. I have arrived on the topics that I am presenting. While these are still subject to change it looks like: A session on AJAX A session on Commercial Software Dev (vs. Business development) A session on Indexing... Wed, 12 Mar 2008 20:55:48 GMT contact@patrickhynds.com (Patrick Hynds) development speaking sql-server ajax business optimization session http://localhost:3000/blog/technology-reinvented-or-recycled http://localhost:3000/blog/technology-reinvented-or-recycled Every few years I find that there are pieces (sometimes big ones) that I have not played with or encounted on a customer project and it tends to freak me out a bit. We have now arrived at that point in the cycle yet again! Expression, SilverLight, WPF and the like are all technologies that you will... Tue, 11 Mar 2008 14:47:45 GMT contact@patrickhynds.com (Patrick Hynds) development software-dev technology reinvented recycled pieces played http://localhost:3000/blog/egypt-developers-conference-edc http://localhost:3000/blog/egypt-developers-conference-edc I have finally confirmed the final dates for the Egypt Developers Conference which is held every year in Cairo. This year it is in Mid April and again I will be speaking. I really look forward to this event and for a short time I was afraid that the dates would move to a week where I couldn’t... Mon, 10 Mar 2008 13:40:53 GMT contact@patrickhynds.com (Patrick Hynds) development events speaking conference business egypt developers http://localhost:3000/blog/back-to-blogging http://localhost:3000/blog/back-to-blogging A very good friend of mine reminded me that I have this blog that I have been neglecting and I must say that he is right. It is easy to fall out of a habit even one so important and I think in my case it has been that I always want to write really interesting things. The problem is that really... Mon, 10 Mar 2008 13:36:32 GMT contact@patrickhynds.com (Patrick Hynds) personal security write interesting blogging reminded neglecting http://localhost:3000/blog/best-marketing-for-a-technology-ever http://localhost:3000/blog/best-marketing-for-a-technology-ever Someone in my office just forwarded me a link to a video that has Scott Guthrie talking about ASP.Net.  Not very unexpected, but the video turns out to be set inside Halo thanks to the crew a Red vs. Blue and it fabulous. I don’t know what site it was originally hosted on, but if you remotely... Fri, 25 May 2007 19:39:30 GMT contact@patrickhynds.com (Patrick Hynds) development dotnet asp-net office video scott guthrie http://localhost:3000/blog/big-boost-for-asp-net-scalability http://localhost:3000/blog/big-boost-for-asp-net-scalability StrangeLoop has finally announced their AppScaler device! Richard Campbell told me about his involvement in StrangeLoop a while ago and I have been dying to tell people about it, but until now it has been confidential. Basically the AppScaler takes a web farms major headaches and lifts them into... Tue, 22 May 2007 00:24:28 GMT contact@patrickhynds.com (Patrick Hynds) development management network software-dev web-hosting dotnet asp-net http://localhost:3000/blog/being-hacked-might-get-even-more-expensive http://localhost:3000/blog/being-hacked-might-get-even-more-expensive Most companies pay lip service to security, but the emphasis is just not there.  There is bluster and maybe even a few conversions soon after an embarrassing security breach, but all too often a scapegoat is found, fired and then it is back to business as usual. The missing element is real... Tue, 27 Feb 2007 16:30:06 GMT contact@patrickhynds.com (Patrick Hynds) security business hacked companies expensive service emphasis http://localhost:3000/blog/default-router-passwords http://localhost:3000/blog/default-router-passwords ZDNet recently had an article about new attacks that allow systems to be exposed to the worst kind of attacks just by visiting a web page with a bit of Javascript.  The root of the problem is actually not changing the default passwords on those ubiquitous home routers from linksys and netgear... Fri, 16 Feb 2007 16:28:06 GMT contact@patrickhynds.com (Patrick Hynds) security javascript exploit spam less default attacks http://localhost:3000/blog/tagged http://localhost:3000/blog/tagged New games all the time, this one is Blog Tag.  Don Sorcinelli tagged me via his blog and so now I am to write a blog entry that reveals things about me that you wouldn’t be likely to know and then tag others.  I will do the first part to the letter, but will only tag a single individual... Mon, 08 Jan 2007 02:55:50 GMT contact@patrickhynds.com (Patrick Hynds) personal tagged games sorcinelli write entry reveals http://localhost:3000/blog/interesting-ways-to-increase-security-incrementally http://localhost:3000/blog/interesting-ways-to-increase-security-incrementally Forbes.com has a story about the use of typing patterns to identify whether a user is the actual user or a hacker. I like the idea, though I fear it won’t catch on.  Defense in depth, adding an edge is important, but the key element from this article comes at the very end where they say that... Wed, 03 Jan 2007 22:25:57 GMT contact@patrickhynds.com (Patrick Hynds) security hacker edge catch interesting increase incrementally http://localhost:3000/blog/what-is-a-microsoft-regional-director http://localhost:3000/blog/what-is-a-microsoft-regional-director My fellow Microsoft Regional Director, Jonathan Goodyear recently wrote a very full and detailed description of what the Microsoft Regional Director program really is , that should help anyone who still thinks I am a MS employee. I hope this helps clarify things a bit, though I do expect to still... Tue, 19 Dec 2006 14:38:13 GMT contact@patrickhynds.com (Patrick Hynds) development microsoft regional director fellow jonathan goodyear http://localhost:3000/blog/ms-from-the-inside-and-the-developer-community-from-the-outside http://localhost:3000/blog/ms-from-the-inside-and-the-developer-community-from-the-outside My good friend, Eileen Rumwell, has started blogging .  Her blog is something I plan to keep watching especially since in the short time it has been up she has already thrown out some great insights.  The really cool thing is that having come from a marketing background, Eileen has been... Wed, 29 Nov 2006 21:58:37 GMT contact@patrickhynds.com (Patrick Hynds) development security user-group community microsoft eileen outside http://localhost:3000/blog/it-usually-isn-t-what-we-expect-that-gets-us http://localhost:3000/blog/it-usually-isn-t-what-we-expect-that-gets-us Time magazine’s cover story is about how people are scared of very, very unlikely things such as bird flu which hasn’t killed anyone in the US while the regular flu kills tens of thousands each year. Security is the same way.  I often see organizations worrying about “Carlos the mad hacker”... Sun, 26 Nov 2006 18:55:19 GMT contact@patrickhynds.com (Patrick Hynds) security hacker expect magazine cover story people http://localhost:3000/blog/cross-site-scripting-protection-made-easy-er http://localhost:3000/blog/cross-site-scripting-protection-made-easy-er Microsoft has just released their new Anti-XSS library which helps developers do the right thing more often without as much effort as before. If you are interested in this (and trust me, you are) your first stop is to go to the tutorial and see how it is done.  As you will see it isn’t stupid... Fri, 24 Nov 2006 00:03:23 GMT contact@patrickhynds.com (Patrick Hynds) development security microsoft tutorial easy library cross http://localhost:3000/blog/preventing-software-piracy http://localhost:3000/blog/preventing-software-piracy Chad Hower is a smart guy and I came across his post on protecting the software you write from pirates right at a time that we were revisting the question ourselves. On the whole I agree with Chad, while he comes off as against anti-piracy in the beginning of the post, in the end you realize that... Mon, 06 Nov 2006 19:07:28 GMT contact@patrickhynds.com (Patrick Hynds) security software-dev piracy whole agree preventing hower http://localhost:3000/blog/data-destruction http://localhost:3000/blog/data-destruction I have commented before on this issue and a recent blog post forwarded to me has dredged up the topic again. If you want to get rid of a drive after retiring a server or getting indicted then most of the things you can think to do to that drive will not remove the data.  You can rewrite the... Mon, 23 Oct 2006 23:42:52 GMT contact@patrickhynds.com (Patrick Hynds) security data remove destruction commented before issue http://localhost:3000/blog/code-camp-6-in-waltham-ma http://localhost:3000/blog/code-camp-6-in-waltham-ma Code Camp 6 is tomorrow at the MS office in Waltham and this is the first one since the original world premier Code Camp that I am going to miss. With Thom Robbins moving on to Redmond and the rush of business that everyone seems to be seeing, this 6th edition didn’t come together nearly as early... Fri, 20 Oct 2006 18:25:37 GMT contact@patrickhynds.com (Patrick Hynds) development events office business waltham code camp http://localhost:3000/blog/fud http://localhost:3000/blog/fud Sometimes the Fear, Uncertainty and Doubt (FUD) argument is very well disguised.  In an article the Chief Scientist at McAfee is decrying some of the new features that MS is putting into Vista to try and stop virus infection and the spread of spyware.  This is terribly self serving as in... Wed, 18 Oct 2006 18:08:42 GMT contact@patrickhynds.com (Patrick Hynds) security virus argument uncertainty doubt disguised chief http://localhost:3000/blog/disabling-vista-s-uac-feature http://localhost:3000/blog/disabling-vista-s-uac-feature As Vista nears launch there are some things you will want to know.  Will it support your hardware?  Where are the secret buttons that make it usable? Today’s post helps answer that second one. By all reports UAC (User Account Control) can drive even the most security minded user insane... Thu, 12 Oct 2006 21:21:19 GMT contact@patrickhynds.com (Patrick Hynds) security vista feature disabling nears launch support http://localhost:3000/blog/mandatory-integrity-control-in-vista http://localhost:3000/blog/mandatory-integrity-control-in-vista Steve Riley had a good long post on his blog about Mandatory Integrity Control as it is implemented in Vista that drew even longer comments. Great concept, as you will see from several of the comments, this isn’t the first implementation, but I expect it will be the first to get nearly universal... Wed, 11 Oct 2006 19:43:48 GMT contact@patrickhynds.com (Patrick Hynds) security mandatory integrity control vista comments expect http://localhost:3000/blog/do-you-believe-everything-you-read http://localhost:3000/blog/do-you-believe-everything-you-read My prolific friend Phil forwarded me a story about Chinese hackers trying to do in the US Commerce Department . There are a couple of interesting points in this story: 1. Why would you need to take Internet access away from users?  Aren’t they behind firewalls?  Were the hackers luring... Tue, 10 Oct 2006 20:58:57 GMT contact@patrickhynds.com (Patrick Hynds) security story hackers believe commerce department prolific http://localhost:3000/blog/specifications http://localhost:3000/blog/specifications Having been involved in many software projects, some commercial, some consulting, some disasterous, I have noticed some trends that I would like to share. If you are commissioning (read paying or betting your job) a development project, you have to avoid being wishful.  If you just trust that... Thu, 05 Oct 2006 13:42:37 GMT contact@patrickhynds.com (Patrick Hynds) management software-dev less commercial consulting project avoid http://localhost:3000/blog/command-prompts-and-other-security-nightmares http://localhost:3000/blog/command-prompts-and-other-security-nightmares The topic of the AT command and the command prompt came up on an internal list I am on with Microsoft the jist of which was, “How do I securely turn this junk off”. The answer is that to some degree the command prompt and especially when coupled with the Task Scheduler is a security hole that... Tue, 03 Oct 2006 20:07:10 GMT contact@patrickhynds.com (Patrick Hynds) network security microsoft tcp windows command prompt http://localhost:3000/blog/phishing-getting-worse http://localhost:3000/blog/phishing-getting-worse If you want to keep track of how prevelent phishing attacks are from month to month (and I do) then you should check AntiPhishing.org .  The site is pretty meager in most regards, but the front page has a bar chart that is pretty staggering when you realize that they are only measuring people... Mon, 02 Oct 2006 21:11:19 GMT contact@patrickhynds.com (Patrick Hynds) security phishing pretty people track prevelent attacks http://localhost:3000/blog/considering-compliance-implications http://localhost:3000/blog/considering-compliance-implications There are many varying opinions on almost everything, but Compliance is one of those topics like economics, everyone has a different opinion it seems. I was reading an article by one of the Systems Engineers at Network Appliance entitled, “ Six Tips for Archive and Compliance Planning ” and while I... Fri, 22 Sep 2006 15:19:34 GMT contact@patrickhynds.com (Patrick Hynds) network security encryption compliance systems considering implications http://localhost:3000/blog/patch-or-die http://localhost:3000/blog/patch-or-die It seems that even though we all know we need to patch our system, we are now having to do it faster and faster to avoid the vulnerable time between patch availability and exploit.  In an article on ZDNet there are details of how the latest exploit is being used, but soon you should see a post... Wed, 20 Sep 2006 14:49:16 GMT contact@patrickhynds.com (Patrick Hynds) security exploit availability hacker patch faster system http://localhost:3000/blog/net-best-practices-source http://localhost:3000/blog/net-best-practices-source I have been casting about for .Net Best Practices and came across Adam Cogan’s lists of how to do pretty much everything.  The funny thing is that I have known Adam for years and was aware that he had compiled quite alot of information on his site, but until I started to dig through it I... Wed, 06 Sep 2006 13:33:09 GMT contact@patrickhynds.com (Patrick Hynds) development best-practice dotnet practices source casting across http://localhost:3000/blog/hardware-hacking http://localhost:3000/blog/hardware-hacking I am sure it is reported elsewhere, but I found an article on a proof of concept virus that targets AMD processors on a magazine site in Australia.  The article dismisses the threat of such an item and pretty much holds it up as just a curiosity in the fight against hackers, but I see it... Tue, 29 Aug 2006 19:23:44 GMT contact@patrickhynds.com (Patrick Hynds) security hacking virus amd hardware threat reported http://localhost:3000/blog/one-of-those-must-have-urls http://localhost:3000/blog/one-of-those-must-have-urls I know it is simple and probably not an amazing tool, but I am finding www.dnsreport.com  to be amazingly helpful in some troubleshooting I have had to do recently. Sometimes the most important thing is to just have the right tool… Tue, 01 Aug 2006 16:04:53 GMT contact@patrickhynds.com (Patrick Hynds) urls simple amazing dnsreport helpful troubleshooting recently http://localhost:3000/blog/microsoft-in-12-step-program http://localhost:3000/blog/microsoft-in-12-step-program Microsoft has released a 12 step plan to help its image and communicate their intent to prevent the kinds of lawsuits like the one going on with the EU. While I think the plan will work on a number of levels, I am disappointed that it had to happen this way.  I am not of the belief that... Tue, 25 Jul 2006 00:50:31 GMT contact@patrickhynds.com (Patrick Hynds) events microsoft less step program released image http://localhost:3000/blog/vs2005-licensing-explained-finally http://localhost:3000/blog/vs2005-licensing-explained-finally I normally don’t post twice in one day, but this blog post by Rob Caron was VERY helpful in understanding VS2005 licensing and the relationship between the products.  I expect it will help alot of people grasp it since I get asked this question a fairly often in my roaming. Thanks Rob and... Fri, 14 Jul 2006 18:15:26 GMT contact@patrickhynds.com (Patrick Hynds) development vs2005 licensing explained finally normally twice http://localhost:3000/blog/asp-net-2-0-information-disclosure-bug http://localhost:3000/blog/asp-net-2-0-information-disclosure-bug I was just thinking about one of the bugs listed in the latest hotfix from MS  and realized that while aspx and config files are not at risk since they are mapped to aspnet, the express database if stored in App_Data probably is. We don’t typically use SQL Express, but my bet is that this is... Fri, 14 Jul 2006 17:36:04 GMT contact@patrickhynds.com (Patrick Hynds) development security express dotnet asp-net aspnet database http://localhost:3000/blog/mining-for-malware http://localhost:3000/blog/mining-for-malware When I see an article like this one in eweek , I always wonder about how the people doing this cool thing will make enough money (or any money) so they can continue to do these cool things. Basically they are using the Google Search APIs to ferret out sites on the Internet that are hosting... Thu, 13 Jul 2006 15:43:09 GMT contact@patrickhynds.com (Patrick Hynds) security open-source malware google community money people http://localhost:3000/blog/performance-tuning-and-version-1-0 http://localhost:3000/blog/performance-tuning-and-version-1-0 When you are working on commercial software or even just industrial strength business software you have to balance things.  Time to market is everything and while you must have usable, quality code, you have to get it done.   One of the things that is hardest to balance is... Tue, 20 Jun 2006 00:35:53 GMT contact@patrickhynds.com (Patrick Hynds) management software-dev performance business tuning balance version http://localhost:3000/blog/mega-user-group-panel-tonight http://localhost:3000/blog/mega-user-group-panel-tonight Tonight at TechEd in Boston there is the Panel discussion.  This is an event by pretty much all the user groups in the area and I will be one of the panelists.  The room (251 at the Convention Center, not the Hynes) is open at 6:00 PM with the meeting starting at 6:50 PM.  The room... Mon, 12 Jun 2006 13:23:17 GMT contact@patrickhynds.com (Patrick Hynds) events speaking user-group meeting panel mega teched http://localhost:3000/blog/rc1-of-the-threat-analysis-modeling-v2-0-is-out http://localhost:3000/blog/rc1-of-the-threat-analysis-modeling-v2-0-is-out If you are into threat modeling (and you should be) then you should check out the latest version of the product formerly code named “Torpedo”.  I think this is the first product to make real strides (bad pun intended) toward making threat modeling more approachable for the average developer.... Thu, 25 May 2006 19:21:29 GMT contact@patrickhynds.com (Patrick Hynds) development security threat-model microsoft modeling product analysis http://localhost:3000/blog/membership-provider-db-install-scripts http://localhost:3000/blog/membership-provider-db-install-scripts At Code Camp 5 in Waltham this past Sunday I was delivering my session entitled “All you need to know about Membership”, when I learned that I didn’t know everything I need to know about membership. Someone asked if the scripts were available that aspnet_regsql.exe uses to create the membership... Tue, 09 May 2006 00:06:51 GMT contact@patrickhynds.com (Patrick Hynds) development events security speaking dotnet asp-net aspnet http://localhost:3000/blog/vb6-on-vista http://localhost:3000/blog/vb6-on-vista MS has committed, at some level, to support VB6 on Vista.  In an article from February there are some details, but we now know that if you have a VB6 application that you cannot live without, you will probably be OK for years to come. This is both good news and bad news.  While I feel the... Wed, 03 May 2006 18:20:39 GMT contact@patrickhynds.com (Patrick Hynds) development security sql vista support committed level http://localhost:3000/blog/crlf-injection-and-a-bad-premise http://localhost:3000/blog/crlf-injection-and-a-bad-premise A friend of ours, Phil, sent Duane and I a link to an article about web attacks (Phil does this alot).  He commented that he hadn’t heard of CRLF Injection before and while I had heard of it, I realized that I wasn’t comfortable explaining it on the spot with examples so I read the link .... Thu, 27 Apr 2006 20:52:34 GMT contact@patrickhynds.com (Patrick Hynds) security sql meta injection heard crlf premise http://localhost:3000/blog/asp-net-application-pool-gotcha http://localhost:3000/blog/asp-net-application-pool-gotcha Sharing a web server between development teams is always fun (not).  We had a problem surface today (or resurface) where if a developer creates a web application on IIS that uses .Net 1.1 for example (not an uncommon occurance) and some other developer creates a web application on that same... Thu, 20 Apr 2006 14:42:27 GMT contact@patrickhynds.com (Patrick Hynds) development web-hosting dotnet asp-net iis teams application http://localhost:3000/blog/membership-provider-source-code http://localhost:3000/blog/membership-provider-source-code Scott Guthrie pointed me at a link to the source code for the ASP.Net 2.0 providers including the Membership and Role Management providers.  While I think the Profiles, Web Parts and Site Navigation providers are important and cool, I expect to do much more with the Membership provider. ... Fri, 14 Apr 2006 17:39:52 GMT contact@patrickhynds.com (Patrick Hynds) development security dotnet asp-net management membership providers http://localhost:3000/blog/file-system-permissions-on-copy-or-move http://localhost:3000/blog/file-system-permissions-on-copy-or-move I was recently asked by a very technical and very sharp friend of mine about the symantics of permissions on copy. I figured if he needed some guidance on how this works then there must be a ton of other developers who could use a refresher so here goes: There are alot of reasons that a developer... Wed, 12 Apr 2006 07:38:26 GMT contact@patrickhynds.com (Patrick Hynds) development network security windows permissions file copy http://localhost:3000/blog/community-credit http://localhost:3000/blog/community-credit Like the Code Camps another good idea is coming out of the Microsoft Developer Evangelists.  This time it is a web site with an interesting concept.  If you go to http://www.community-credit.com/DevCommunity.aspx you will see it in action and also be able to see the people who are working... Wed, 05 Apr 2006 20:22:51 GMT contact@patrickhynds.com (Patrick Hynds) development community microsoft credit people camps developer http://localhost:3000/blog/mini-code-camp-security-edition-slides http://localhost:3000/blog/mini-code-camp-security-edition-slides As promised, but fashionably late as always, here are the slides from this Saturday’s Mini Code Camp Security Edition. I want to thank everyone that attended and the feedback has been great (no death treats so far)! Membership.ppt (752 KB) Security Best Practices.ppt (579 KB) Check Duane’s blog at... Mon, 27 Mar 2006 19:58:01 GMT contact@patrickhynds.com (Patrick Hynds) events security speaking best-practice slides edition mini http://localhost:3000/blog/security-etiquette-in-email-for-today-s-internet http://localhost:3000/blog/security-etiquette-in-email-for-today-s-internet In dealing with our teams of developers and engineers I find myself preaching some basic rules that make life easier for me when I try to deal with the legion of emails I get every day.  I thought to document them and in doing so realized that they have a decidedly security slant to them (big... Wed, 22 Mar 2006 16:42:47 GMT contact@patrickhynds.com (Patrick Hynds) security teams spam outlook message etiquette email http://localhost:3000/blog/ted-neward-has-a-new-site http://localhost:3000/blog/ted-neward-has-a-new-site Ted Neward just launched his new site at http://www.tedneward.com .  Check it out, Ted is one of the most interesting and intelligent people I know.  If you ever need to cross the .Net platform with Java then he is the guy to take a lesson from. Sun, 05 Mar 2006 22:44:07 GMT contact@patrickhynds.com (Patrick Hynds) development dotnet java neward launched check interesting http://localhost:3000/blog/more-on-the-clickonce-security-question http://localhost:3000/blog/more-on-the-clickonce-security-question Microsoft has chimed in on the questions about ClickOnce security raised by Dominick Baier  and basically is asserting that this is a non-issue . I am not buying.  I think that using the excuse that older technologies do something a certain way undermines the principle of secure by... Wed, 01 Mar 2006 02:10:41 GMT contact@patrickhynds.com (Patrick Hynds) development security microsoft clickonce question chimed raised http://localhost:3000/blog/must-see-tv http://localhost:3000/blog/must-see-tv If you are at all into security or even if you just think technology is cool then you have to watch the latest episode of the The Code Room .  In this latest episode you will see our own Duane Laflotte, our resident top hacker as part of the team of evil doers that hack a casino in vegas. I... Mon, 27 Feb 2006 19:24:29 GMT contact@patrickhynds.com (Patrick Hynds) development security hacker episode technology watch duane http://localhost:3000/blog/when-you-need-a-custom-membership-provider http://localhost:3000/blog/when-you-need-a-custom-membership-provider When I was in Cairo for the MDC a few weeks ago, I gave several talks that touched on the new membership controls in ASP.Net 2.0.  One question that came up repeatedly was how far can you stretch the provider before you have to write a custom membership provider.  The answer turns out to... Fri, 24 Feb 2006 16:02:41 GMT contact@patrickhynds.com (Patrick Hynds) development security dotnet asp-net database aspnet proprietary http://localhost:3000/blog/net-2-0-clickonce-security-concerns http://localhost:3000/blog/net-2-0-clickonce-security-concerns Dominick Baier of DevelopMentor, wrote on Saturday about a pretty dramatic change in the way ClickOnce security is configured by default in the RTM version of .Net 2.0.  This is a must read if you plan to use ClickOnce and haven’t already revamped the default security settings.  If you... Tue, 21 Feb 2006 04:22:36 GMT contact@patrickhynds.com (Patrick Hynds) development security dotnet microsoft clickonce default concerns http://localhost:3000/blog/suing-over-security http://localhost:3000/blog/suing-over-security A recent court case was brought to my attention in which a user whose personal and financial information was stolen tried to sue the company for not using encryption on the data.  The article covering it is explains how the data was stolen and the ruling of the courts. The question raised is... Thu, 16 Feb 2006 02:29:49 GMT contact@patrickhynds.com (Patrick Hynds) security best-practice encryption stolen ruling suing court http://localhost:3000/blog/cyberstorm-reaction-and-comment http://localhost:3000/blog/cyberstorm-reaction-and-comment I was asked by my publisher at Sys-Con to send him my reaction to the comments on Slashdot.org about the test this month that the U.S. Dept. of Homeland Security is doing that are being called CyberStorm.  Rather than repost I figured I should provide a link to my comments, but I can sum... Tue, 07 Feb 2006 21:46:55 GMT contact@patrickhynds.com (Patrick Hynds) security cyberstorm reaction comments publisher slashdot homeland http://localhost:3000/blog/code-camp-security-edition-mini http://localhost:3000/blog/code-camp-security-edition-mini Duane and I are doing a mini (one day) Code Camp in Waltham in late March focused on security . We already have a pretty good list signed up so if you really want to come, register today. We are running it on Saturday, March 25th starting first thing in the morning.  See you there. Wed, 01 Feb 2006 15:59:07 GMT contact@patrickhynds.com (Patrick Hynds) events security speaking march code camp mini http://localhost:3000/blog/creating-presentations http://localhost:3000/blog/creating-presentations I recently did something I do quite often, namely created a series of PowerPoints for a presentation.  I try to use graphics where appropriate or more accurately, pictures consisting of drawn boxes with arrows and other lines. I find that in some ways my presentations are better for lack of... Thu, 26 Jan 2006 02:43:56 GMT contact@patrickhynds.com (Patrick Hynds) speaking training presentations graphics creating recently namely http://localhost:3000/blog/languages-with-purpose http://localhost:3000/blog/languages-with-purpose A number of the Microsoft Regional Directors and I have been posting back and forth all day about the C# vs. VB.Net issue, but not in the way that contentious bone usually plays out. Rocky Lhotka not only started the thread, but he also was the first to bring it into public space with his post and... Wed, 18 Jan 2006 02:41:58 GMT contact@patrickhynds.com (Patrick Hynds) development dotnet csharp microsoft purpose rocky languages http://localhost:3000/blog/ad-security-feature-you-should-know-about http://localhost:3000/blog/ad-security-feature-you-should-know-about As the title of this site states, it is a real battle to keep up with the technology and an even bigger challenge to have a life along with that effort.  On a fairly regular basis now I realize this when a standard feature of a widely available tool or technology is virtually unknown and... Fri, 13 Jan 2006 03:47:37 GMT contact@patrickhynds.com (Patrick Hynds) network security feature technology title states battle http://localhost:3000/blog/new-cannot-miss-tech-show-premieres http://localhost:3000/blog/new-cannot-miss-tech-show-premieres Carl Franklin has done it again by teaming up with Scott Hanselman to bring us the podcast called HanselMinutes.  HanselMinutes is a deep technology podcast that I find very compelling as well as informative.  The combination of personalities (both of whom I am very happy to know well) is... Wed, 11 Jan 2006 19:20:42 GMT contact@patrickhynds.com (Patrick Hynds) development podcast dotnet outlook hanselminutes miss tech http://localhost:3000/blog/spyware-is-coming-from-all-directions http://localhost:3000/blog/spyware-is-coming-from-all-directions Mark Russinovich has posted another excellent article on Spyware , this time pointing out the anti-spyware program as spyware strategem. If you hoped that Spyware would just go out of fashion sometime this year, you are deluded.  The advent of better Rootkits, bogus anti-spyware programs (like... Wed, 04 Jan 2006 19:28:56 GMT contact@patrickhynds.com (Patrick Hynds) security spyware pointing directions russinovich posted excellent http://localhost:3000/blog/predictions-for-2006 http://localhost:3000/blog/predictions-for-2006 I was asked by Sys-Con to make my predictions for 2006 and while I am loath to do this kind of thing, I did venture some.  We will see whether they turn out correct or not in about 12 months. Tue, 27 Dec 2005 16:17:02 GMT contact@patrickhynds.com (Patrick Hynds) security predictions 2006 loath venture whether correct http://localhost:3000/blog/bruce-backa-online http://localhost:3000/blog/bruce-backa-online My old friend and mentor, Bruce Backa is finally blogging and this is a MUST SEE!  If you want to learn lessons of business and technology the hard way then by all means ignore this, otherwise put this on your RSS reader and don’t miss a post.  I work with Bruce and I still plan to read... Thu, 22 Dec 2005 03:20:31 GMT contact@patrickhynds.com (Patrick Hynds) events mentor business bruce backa online finally http://localhost:3000/blog/fast-tips-for-vs-2005 http://localhost:3000/blog/fast-tips-for-vs-2005 About a month ago I signed up for a newsletter called FastTips by Microsoft.  My old friend, Thom Robbins had a big hand in creating this and actually has done many of the demos I have watched (very well I might add).  I often get asked where people should go to get up to speed faster and... Mon, 19 Dec 2005 15:14:29 GMT contact@patrickhynds.com (Patrick Hynds) development microsoft fast tips 2005 newsletter signed http://localhost:3000/blog/boston-launch-of-vs-2005-and-sql-2005 http://localhost:3000/blog/boston-launch-of-vs-2005-and-sql-2005 Microsoft held the Boston Launch event at the new Convention Center on Thursday and by all accounts it was very successful.  Duane Laflotte and I delivered the Web Development session to a pretty packed room.  Overall the event surpassed the 3,000 mark and everyone I talked to seemed very... Sat, 17 Dec 2005 16:11:58 GMT contact@patrickhynds.com (Patrick Hynds) events speaking web-development sql microsoft boston launch http://localhost:3000/blog/erik-kurilla-might-be-portrayed-by-bruce-willis http://localhost:3000/blog/erik-kurilla-might-be-portrayed-by-bruce-willis In a personal topic post (which are fairly rare here I am proud to say) a while ago I reported that a classmate of mine from West Point, Erik Kurilla was wounded in Iraq and gave some details.  I had to post a follow up especially given the news that Erik may end up being portrayed by... Wed, 14 Dec 2005 04:16:40 GMT contact@patrickhynds.com (Patrick Hynds) personal kurilla portrayed erik bruce willis fairly http://localhost:3000/blog/using-the-web-for-fun-and-profit http://localhost:3000/blog/using-the-web-for-fun-and-profit I was recently in a discussion with some friends about Web 2.0 and what that all meant along with recently finishing a search for a hosting company for our dedicated servers.  The two conversations actually led me to do alot of research and to alot of conclusions about the “next big thing” and... Mon, 12 Dec 2005 02:39:25 GMT contact@patrickhynds.com (Patrick Hynds) web-hosting dotnet security integration business optimization recently http://localhost:3000/blog/using-basic-auth-correctly http://localhost:3000/blog/using-basic-auth-correctly I am amazed that web developers often don’t know IIS configuration as well as they should given it is the platform all their code must run against.  The most pressing misconception concerns Basic Authentication.  When you configure a web site to support Basic Authentication... Thu, 08 Dec 2005 04:47:02 GMT contact@patrickhynds.com (Patrick Hynds) security web-developer authentication iis ssl against support http://localhost:3000/blog/bluetooth-needs-a-better-implementation http://localhost:3000/blog/bluetooth-needs-a-better-implementation I was browsing through the list of wireless vulnerabilities on the Wireless Vulnerabilities & Exploits site (our buddy Phil C pointed it out to me) and I was reminded why I always turn Bluetooth off on my devices or avoid them altogether. Maybe it is just that “B” is so early on, but there do... Tue, 06 Dec 2005 02:41:24 GMT contact@patrickhynds.com (Patrick Hynds) security exchange bluetooth wireless vulnerabilities exploits devices http://localhost:3000/blog/digital-contracts http://localhost:3000/blog/digital-contracts A friend of mine who is doing business with us posed an interesting question about the digital nature of our contracts.  He said that with paper contracts you have the original that can be examined for changes and modifications.  You can’t white out a term or condition or add a few zeros... Mon, 05 Dec 2005 02:42:02 GMT contact@patrickhynds.com (Patrick Hynds) security business contracts digital changes document signature http://localhost:3000/blog/total-destruction-and-a-bit-about-cyanide http://localhost:3000/blog/total-destruction-and-a-bit-about-cyanide I try to read the blog of Dave Hitz, one of the founders of Network Appliance, and while I don’t link all the time I found one of his entries pretty on topic. Like my title above, Dave stole the most provocative words from his post to stir interest.  His post is titled, “ Beware of Cyanide Gas... Mon, 21 Nov 2005 23:52:24 GMT contact@patrickhynds.com (Patrick Hynds) security cyanide total destruction founders network appliance http://localhost:3000/blog/physical-defense http://localhost:3000/blog/physical-defense I had a conversation with a friend of mine recently about the physical protection of his home.  I have a bit of a reputation as a gun enthusiast that is somewhat earned.  What surprised my friend and got him to urge me to post this entry is that my advice was a surprise to him and... Thu, 10 Nov 2005 19:33:39 GMT contact@patrickhynds.com (Patrick Hynds) personal security less physical defense conversation recently http://localhost:3000/blog/sony-writes-a-rootkit http://localhost:3000/blog/sony-writes-a-rootkit Mark Russinovich is a brilliant guy and likely not so popular with the people at Sony these days.  Mark was testing out some root kit detection and removal software and discovered that in their exuberance to implement Digital Rights Management Sony has created a very ham handed solution that... Thu, 03 Nov 2005 19:47:12 GMT contact@patrickhynds.com (Patrick Hynds) development security testing management sony rootkit writes http://localhost:3000/blog/issues-with-generating-accounts-and-passwords http://localhost:3000/blog/issues-with-generating-accounts-and-passwords A friend of mine has a system that will require them to generage a large number of username and passwords for their users and they want to use usernames that make sense to the users.  That is a common request, but he is concerned that a saavy user could deduce the username of others based on... Mon, 31 Oct 2005 20:31:58 GMT contact@patrickhynds.com (Patrick Hynds) development security windows hacking vulnerability passwords username http://localhost:3000/blog/your-name-in-lights http://localhost:3000/blog/your-name-in-lights Thom Robbins of MS is introducing a really cool competition called the “Launch 2005 Screencast Contest”.  The concept is that you get a free 30 day copy of Camtasia and record one or more demos with audio.  The entries will be screened and the winners in the major launch cities will win... Tue, 25 Oct 2005 18:03:02 GMT contact@patrickhynds.com (Patrick Hynds) development events launch your name contest lights http://localhost:3000/blog/rootkits-are-everywhere http://localhost:3000/blog/rootkits-are-everywhere In the media and likely on your network!  I am suprised (pleasantly) to see so much attention being paid to a lurking menace.  Jon Box recently posted about it on his blog and called for a few of us to comment (which I did). The fact of the matter is that Rootkits are like the devil,... Mon, 17 Oct 2005 22:03:20 GMT contact@patrickhynds.com (Patrick Hynds) rootkits media network posted everywhere suprised pleasantly http://localhost:3000/blog/prime-example-of-xss http://localhost:3000/blog/prime-example-of-xss My nephew, John Hynds, also happens to be a security consultant (big surprise) and he pointed me at a recent what we think it a perfect example of a Cross Site Scripting (XSS) exploit as carried out against MySpace.com . We find that most people have trouble understanding Cross Site Scripting as an... Fri, 14 Oct 2005 20:22:32 GMT contact@patrickhynds.com (Patrick Hynds) security exploit sql less example cross scripting http://localhost:3000/blog/teched-hong-kong-wrap-up http://localhost:3000/blog/teched-hong-kong-wrap-up I have been out of it for about a week due to travel to present 7 sessions at TechEd Hong Kong , but now I am back.  It was a great event and as usual was characterized by very high energy keynotes! The highlight for Bruce Backa and I in our presentations was our last session on Server Control... Thu, 13 Oct 2005 15:37:59 GMT contact@patrickhynds.com (Patrick Hynds) development speaking dotnet asp-net ajax microsoft teched http://localhost:3000/blog/security-tool-moves-to-closed-source http://localhost:3000/blog/security-tool-moves-to-closed-source The vulnerability scanner called Nessus will no longer be available under a GPL license starting with the next version (version 3.0). The announcement pointed to the fact that the community has done very little to help the product evolve, but many competitors have exploited the loophole of... Fri, 07 Oct 2005 22:24:51 GMT contact@patrickhynds.com (Patrick Hynds) security vulnerability-scan gpl license community version tool http://localhost:3000/blog/my-demo-on-msdn http://localhost:3000/blog/my-demo-on-msdn Microsoft’s Channel 9 web site is putting up demos like mine on Looking at Server Controls with ASP.Net 2.0 (with an AJAX demo)  and I must say it is a cool idea.  They are like video blog posts.  Duane Laflotte also posted like 3 of them on subjects Exploring the Crypto API in .Net... Fri, 30 Sep 2005 16:18:21 GMT contact@patrickhynds.com (Patrick Hynds) security speaking dotnet asp-net microsoft ajax crypto http://localhost:3000/blog/credit-company-standard-friend-of-foe http://localhost:3000/blog/credit-company-standard-friend-of-foe The three major credit companies are banding together to put all our eggs in one basket.  On many levels this kind of uniformity makes sense as it likely means more resources are being put on the problem, the consumers of the credit information are less likely to make mistakes associated with... Tue, 27 Sep 2005 21:10:20 GMT contact@patrickhynds.com (Patrick Hynds) security less community credit three means company http://localhost:3000/blog/code-camp-4-is-upon-us http://localhost:3000/blog/code-camp-4-is-upon-us New England is where the whole Code Camp phenomenon began and than God that I am not doing 12 sessions in 2 days the way I did for the first one! But I am doing 3 sessions this weekend at the 4th Code Camp themed “Developers Gone Wild”. Thom Robbins has the details posted as well as a link to... Fri, 23 Sep 2005 03:18:28 GMT contact@patrickhynds.com (Patrick Hynds) events speaking sessions code camp upon england http://localhost:3000/blog/obscurity-adds-to-defense http://localhost:3000/blog/obscurity-adds-to-defense Many security experts who I hold in the highest esteem are ticking me off! I hear it all over that, “you should never use obscurity as security” and while I agree if you put the word “only” in front of obscurity, but otherwise you are often teaching the wrong lesson. When I was in the Infantry, we... Wed, 21 Sep 2005 03:33:47 GMT contact@patrickhynds.com (Patrick Hynds) security obscurity defense adds front lesson experts http://localhost:3000/blog/no-photographs-please http://localhost:3000/blog/no-photographs-please While I was at PDC I attended a slew of NDA briefings from Microsoft.  During one of them a flash went off and some people got understandably upset that someone might post a picture of a product being shown under strict privacy.  It turned out that nothing untoward occurred and no picture... Mon, 19 Sep 2005 18:10:45 GMT contact@patrickhynds.com (Patrick Hynds) security microsoft picture photographs please attended briefings http://localhost:3000/blog/pdc-last-day http://localhost:3000/blog/pdc-last-day As I got caught up on the activities here at the PDC in Los Angeles, I fell off the wagon of posting about what has gone on.  Overall it was a good event, but there weren’t a ton of surprises.  As I write this I am listening to Michael Howard explain the updated threat modeling thinking... Fri, 16 Sep 2005 16:13:49 GMT contact@patrickhynds.com (Patrick Hynds) events security threat-model enterprise modeling activities caught http://localhost:3000/blog/pdc-opening-keynote http://localhost:3000/blog/pdc-opening-keynote I am writing this from Bill Gates’ keynote at PDC in Los Angeles.  User experience is definitely the message of the day.  Windows Vista is a clear indication of the MS belief that if you build a better interface then they will come (or stay as the case may be). Atlas, which will allow MS... Tue, 13 Sep 2005 16:29:02 GMT contact@patrickhynds.com (Patrick Hynds) events security windows phishing google office xml http://localhost:3000/blog/see-you-at-pdc http://localhost:3000/blog/see-you-at-pdc I am off to Microsoft’s Professional Developer’s Conference (PDC) this weekend.  I expect that I will see many of the people who read this at the event in Los Angeles.  While there I will be involved in quite a few activities including speaking at the So Cal .Net User Group’s PDC... Fri, 09 Sep 2005 20:26:53 GMT contact@patrickhynds.com (Patrick Hynds) events speaking user-group dotnet conference microsoft professional http://localhost:3000/blog/hackers-terrorists-same-strategy http://localhost:3000/blog/hackers-terrorists-same-strategy I had a very interesting discussion that manifested itself as Duane Laflotte and I delivered our popular Hacker vs. Hacker session.  I showed a technique that crashes the hacker’s computer when they try to brute force a web site (not for the faint of heart) and the very popular and legitimate... Thu, 08 Sep 2005 03:26:24 GMT contact@patrickhynds.com (Patrick Hynds) security hacker strategy popular terrorists interesting discussion http://localhost:3000/blog/where-is-the-sacrifice http://localhost:3000/blog/where-is-the-sacrifice In the wake of Hurricane Katrina, I am renewed in my frustration that the US government hasn’t called on the population to buckle down and conserve energy.  In light of the Hurricane relief effort it would be, “Save energy and put the money toward relief causes”.  During WWII the... Thu, 01 Sep 2005 14:33:01 GMT contact@patrickhynds.com (Patrick Hynds) personal energy hurricane relief government population conserve http://localhost:3000/blog/trading-cpu-for-money http://localhost:3000/blog/trading-cpu-for-money The deeper I dig into each generation of tools (VS 2005 at the moment) the more I see the trade off of CPU for developer time.  It used to be that the programmer would go to extremes to maximize the performance of their code and that the tools were written in much the same way.  Over the... Tue, 30 Aug 2005 17:56:29 GMT contact@patrickhynds.com (Patrick Hynds) development performance exchange productivity tools trading money http://localhost:3000/blog/sony-outflanks-hackers http://localhost:3000/blog/sony-outflanks-hackers For a week or so… Sony is now providing an update to their PSP game system that provides a web browser most likely because hackers have been finding ways to enable web browsing on their own.  It is a smart move, but it certainly won’t stop users from reverse engineering every single aspect of... Tue, 30 Aug 2005 00:32:44 GMT contact@patrickhynds.com (Patrick Hynds) security browser leadership hackers their sony providing http://localhost:3000/blog/code-camp-4 http://localhost:3000/blog/code-camp-4 In New England we are holding our fourth Code Camp in late September (24th and 25th) in the Waltham, MA offices of Microsoft.  This is where it all began and the fourth will likely be bigger than those before it. I wanted to not only remind people of the date, but also tell about a... Wed, 24 Aug 2005 19:30:47 GMT contact@patrickhynds.com (Patrick Hynds) events speaking best-practice microsoft meeting community office http://localhost:3000/blog/wounded-in-iraq http://localhost:3000/blog/wounded-in-iraq A classmate of mine from West Point, LTC Erik Kurilla, was wounded (shot 3 times it seems) while serving as a combat commander in Iraq.  While I rarely (almost never) bring personal stuff into my blog and as you will see I will weave this a bit toward my favorite subject of security, but I... Mon, 22 Aug 2005 02:50:17 GMT contact@patrickhynds.com (Patrick Hynds) personal security wounded kurilla combat iraq commander http://localhost:3000/blog/phishing-exposed http://localhost:3000/blog/phishing-exposed I know there is alot of information about Phishing attacks (attempts to trick users into logging into fake sites with credentials for things like ebay or paypal), but I am seeing more and more sophisticated attacks and felt that I had to raise the warning again.  In our company and those... Wed, 17 Aug 2005 14:09:09 GMT contact@patrickhynds.com (Patrick Hynds) security phishing logging virus outlook browser paypal http://localhost:3000/blog/shared-hosting-pro-and-con http://localhost:3000/blog/shared-hosting-pro-and-con I have started to encounter more and more instances where companies want to get out of the business of hosting websites themselves and since the price of outsourced web hosting has dropped the use of shared and dedicated server hosting has accelerated.  There are many security as well as... Tue, 16 Aug 2005 14:37:04 GMT contact@patrickhynds.com (Patrick Hynds) security web-hosting business course server shared price http://localhost:3000/blog/military-strategy-applied-to-security http://localhost:3000/blog/military-strategy-applied-to-security It is no secret to anyone who knows me or has heard me speak on the subject of security that I have learned quite a bit of my way of thinking about computer and Internet security while serving in the military and while attending the United States Military Academy (West Point).  I tend to think... Wed, 10 Aug 2005 21:30:05 GMT contact@patrickhynds.com (Patrick Hynds) security strategy hacker military applied secret heard http://localhost:3000/blog/quarantine-vpn http://localhost:3000/blog/quarantine-vpn Windows 2003 Server Pack 1 has a new capability that you might want to look into called Quarantine VPN. With this technique you can validate that all clients that connect to your VPN meet specific requirements before they actually get access to network resources.  Microsoft has been doing this... Mon, 08 Aug 2005 14:57:56 GMT contact@patrickhynds.com (Patrick Hynds) network security vpn windows microsoft quarantine capability http://localhost:3000/blog/change-in-blog http://localhost:3000/blog/change-in-blog As you might have noticed I am reworking my blog (bit of a face lift and some bug fixes), but I am also changing the URL.  I registered www.PatrickHynds.com and while I am leaving the blog accessible from the old address I am changing the redirects so let me know if it causes trouble. Lets... Fri, 05 Aug 2005 14:50:33 GMT contact@patrickhynds.com (Patrick Hynds) changing change noticed reworking fixes registered patrickhynds http://localhost:3000/blog/least-privilege-for-network-administrators http://localhost:3000/blog/least-privilege-for-network-administrators The concept of Least Privilege is applied to developers and software testers all the time to advocate that the application be developed and tested using the lowest privileged account possible to get the job done.   For our purposes (network administration), I am referring to using... Thu, 04 Aug 2005 16:41:36 GMT contact@patrickhynds.com (Patrick Hynds) network security least-privilege windows administrators developers administration http://localhost:3000/blog/who-knows-the-password http://localhost:3000/blog/who-knows-the-password I have spent alot of time recently talking about passwords and I think the reason that I can’t seem to get off the subject is that there is so much that has to change about the way passwords are actually handled by companies.  Most recently I had a discussion that caused me to poll several... Tue, 26 Jul 2005 20:45:42 GMT contact@patrickhynds.com (Patrick Hynds) security best-practice cisco less passwords recently change http://localhost:3000/blog/security-sector-in-consolidation http://localhost:3000/blog/security-sector-in-consolidation I am seeing the signs that the Security business is going through a consolidation as some of the bigger names buy up smaller firms to cover their bases.  Most recently, VeriSign bought iDefense for $40 Million .  I don’t think this is THE consolidation as there are many, many more... Fri, 15 Jul 2005 15:30:29 GMT contact@patrickhynds.com (Patrick Hynds) security business consolidation sector signs through bigger http://localhost:3000/blog/tsunami-relief-auction-part-2 http://localhost:3000/blog/tsunami-relief-auction-part-2 For those of you that haven’t heard, I am participating in yet another Ebay auction to raise money for Tsunami relief.  I know the media has moved on, but many people are still in trouble and need help.  If you want to be a puppeteer for an hour with me or some of the biggest speakers at... Thu, 16 Jun 2005 02:00:02 GMT contact@patrickhynds.com (Patrick Hynds) events security tsunami relief auction haven heard http://localhost:3000/blog/teched-2005-groktalks http://localhost:3000/blog/teched-2005-groktalks For those of you going to TechEd this year, I hope we see you at the RD GrokTalks.  I would define them here, but Scott Hanselman has already put it so well than I imagine I am best off linking to his post here . Let me know what you think of the idea. Tue, 31 May 2005 16:27:28 GMT contact@patrickhynds.com (Patrick Hynds) events speaking teched groktalks 2005 define scott http://localhost:3000/blog/password-security-awareness-and-the-mmorpg http://localhost:3000/blog/password-security-awareness-and-the-mmorpg Just recently I talked about online password security and I referred to the way most sites on the Internet handle passwords as the Ugly in my “the Good, the Bad and the Ugly” slide.  Most sites I visit not only allow me to put in a woefully weak password, but don’t allow me to set a strong one... Mon, 30 May 2005 19:53:59 GMT contact@patrickhynds.com (Patrick Hynds) security dotnet password allow online awareness mmorpg http://localhost:3000/blog/preventing-sql-injection-is-not-enough http://localhost:3000/blog/preventing-sql-injection-is-not-enough A customer said today that they are using stored procedures so unless I knew of any other SQL Injection risks then they thought that was enough.  The truth is that the answer is that this is true in most people’s minds.  The problem is that this common mindset is exactly the kind of thing... Fri, 27 May 2005 20:24:52 GMT contact@patrickhynds.com (Patrick Hynds) security sql hacker browser injection their stored http://localhost:3000/blog/organized-crime-s-link-to-spyware http://localhost:3000/blog/organized-crime-s-link-to-spyware The stereotype of the malware and spyware author is the lone disgruntled hacker who has squandered their talent on rage and hate.  Sounds like the perfect villian for a melodrama.  It turns out that the truth is much worse.  The driving force behind most of this software is actually... Thu, 26 May 2005 14:11:14 GMT contact@patrickhynds.com (Patrick Hynds) security malware hacker hacking spyware organized crime http://localhost:3000/blog/comments-on-writing-down-passwords http://localhost:3000/blog/comments-on-writing-down-passwords I just read an article which quotes Jesper Johansson as saying that we should reverse the long held truism that users should not write their passwords down for their own reference.  Jesper is a well respected (though often contreversial) Security Heavyweight who has worked for Microsoft for... Tue, 24 May 2005 16:03:15 GMT contact@patrickhynds.com (Patrick Hynds) security microsoft less training passwords their jesper http://localhost:3000/blog/teched-attendees-gone-wild http://localhost:3000/blog/teched-attendees-gone-wild As we start to ramp up for TechEd US things are already getting weird.  I shouldn’t be surprised, but two guys that I know well and expect most of the people who read this also know of created a video redolent with inside jokes .  Scott Hanselman and Rory Blythe star in this very short... Mon, 14 Mar 2005 16:36:25 GMT contact@patrickhynds.com (Patrick Hynds) events teched video gone wild attendees weird http://localhost:3000/blog/don-t-be-a-softer-alternative http://localhost:3000/blog/don-t-be-a-softer-alternative A recent article about terrorists being behind continued attacks on our energy companies in an attempt to disrupt the power grid made me realize that this should serve as a wake up call for the rest of us.  If you are running a business related web site in the US or one of its allies you have... Sat, 12 Mar 2005 03:58:27 GMT contact@patrickhynds.com (Patrick Hynds) security rest business hacker hacking softer alternative http://localhost:3000/blog/nick-landry-activenick-starts-blogging-on-mobility http://localhost:3000/blog/nick-landry-activenick-starts-blogging-on-mobility If you have ever seen him speak then I don’t have to go any further than the title.  His handle of ActiveNick fits him on so many levels and his blog is no exception.  He has posted very regularly and I expect great things from him with lots of cool and insightful things on mobility and... Fri, 11 Mar 2005 04:23:18 GMT contact@patrickhynds.com (Patrick Hynds) dotnet activenick mobility landry blogging speak title http://localhost:3000/blog/new-version-of-device-lock-available http://localhost:3000/blog/new-version-of-device-lock-available For those of you that don’t know, a big concern in companies vulnerable to corporate espionage (almost everybody) is employees walking away with a USB drive full of confidential data.  Device Lock has solved this problem for several of our clients and they have just released a new version. If... Mon, 28 Feb 2005 17:51:47 GMT contact@patrickhynds.com (Patrick Hynds) security version device lock available concern companies http://localhost:3000/blog/fear-and-loathing http://localhost:3000/blog/fear-and-loathing In case some of you have noticed recently there was an article on zdnet (not my favorite publication anyways) that quoted James Gosling, Sun’s CTO, stating that “ Microsoft’s decision to support C and C++ in the common language runtime in .Net one of the “biggest and most offensive mistakes that... Mon, 07 Feb 2005 20:53:38 GMT contact@patrickhynds.com (Patrick Hynds) security dotnet microsoft fear loathing noticed recently http://localhost:3000/blog/strangest-and-coolest-thing http://localhost:3000/blog/strangest-and-coolest-thing My good buddy, Stephen Forte , had a zany and brilliant idea (we are used to both from him, just not at the same time)! The concept is that about 20 of us that do the book and speaker thing have offered up consulting time to be auctioned off on eBay with all proceeds going to Tsunami... Fri, 21 Jan 2005 15:58:49 GMT contact@patrickhynds.com (Patrick Hynds) events stephen strangest coolest buddy forte brilliant http://localhost:3000/blog/msdn-events-winter-schedule http://localhost:3000/blog/msdn-events-winter-schedule MSDN puts on local events and it is that time again.  I just checked out the registration site and have decided to go to the Bedford, NH event this Thursday.  I have the added advantage that Joe Stagner runs these events in my area, but I know that other sections of the country also have... Tue, 11 Jan 2005 15:36:51 GMT contact@patrickhynds.com (Patrick Hynds) events msdn winter schedule local checked registration http://localhost:3000/blog/test-your-browser-then-secure-it http://localhost:3000/blog/test-your-browser-then-secure-it If you use Internet Explorer then you should pay close attention to this… An exploit to security holes in Internet Explorer (even if you have XP SP2 installed) has been posted by a group called GreyHats.  They are not happy that MS has not fixed the exploits since they were made known in... Mon, 10 Jan 2005 18:24:07 GMT contact@patrickhynds.com (Patrick Hynds) security browser exploit internet explorer test your http://localhost:3000/blog/google-search-as-a-virus-vector http://localhost:3000/blog/google-search-as-a-virus-vector It seems to hold true that any tool can have a good and a bad use.  In a recent attacks, Google was used as a support mechanism for spreading a virus and defacing web sites . While there isn’t anyone who can guarentee that a particular package or product won’t be vulnerable, it does pay to... Thu, 23 Dec 2004 14:09:47 GMT contact@patrickhynds.com (Patrick Hynds) security google virus search vector attacks support http://localhost:3000/blog/beta-beware http://localhost:3000/blog/beta-beware A recent article  about a security flaw in the new Google Desktop Beta should serve as another reminder that you should never use beta software on production machines.  The rule for me has always gone that if I would be upset by a total rebuild of the box, then only tested and finished... Mon, 20 Dec 2004 22:37:39 GMT contact@patrickhynds.com (Patrick Hynds) security google beta software beware desktop serve http://localhost:3000/blog/member-management-component-prototype-available http://localhost:3000/blog/member-management-component-prototype-available MS has made available a preview of the Member Management Component that you can use to build into .Net 1.1 sample applications.  It isn’t exactly what will be released with VS.Net 2005, but it gives you something to play with so you can get used to the new model. Be advised that it seems that... Tue, 14 Dec 2004 19:01:51 GMT contact@patrickhynds.com (Patrick Hynds) security management dotnet member component available applications http://localhost:3000/blog/password-ownership http://localhost:3000/blog/password-ownership Who owns the passwords that you or your users use to access your network or application? If you don’t know, then you have a problem.  Your users hopefully memorize their passwords, but therein lies the rub.  If an accountant has gone to the trouble of memorizing a complex password then... Tue, 07 Dec 2004 04:01:44 GMT contact@patrickhynds.com (Patrick Hynds) security hacker password users ownership access network http://localhost:3000/blog/sql-injection-still-huge-threat http://localhost:3000/blog/sql-injection-still-huge-threat A recent article about how Petco not only was found to be vulnerable to a SQL Injection attack, but also got fined for the false claims this realization cast on their privacy policy just goes to show that no matter how much we talk about it, SQL Injection remains a huge risk. But the stakes have... Mon, 29 Nov 2004 16:46:05 GMT contact@patrickhynds.com (Patrick Hynds) security sql injection huge threat petco vulnerable http://localhost:3000/blog/c-sharp-group-of-greater-boston-event http://localhost:3000/blog/c-sharp-group-of-greater-boston-event On December 7th the C Sharp Group of Greater Boston will host a potluck dinner with two focused discussion groups at the Waltham, MA Microsoft Office.   Robert Hurlbut will lead  the discussion on  development strategies during the first hour. This topic includes test driven... Thu, 18 Nov 2004 20:04:40 GMT contact@patrickhynds.com (Patrick Hynds) events test-driven dotnet asp-net microsoft office discussion http://localhost:3000/blog/dell-paying-attention-to-security http://localhost:3000/blog/dell-paying-attention-to-security Dell has launched a website designed to help small businesses deal with all the security challenges.  The site seems good, but the performance was so bad at one point that I can’t decide whether that means it is a resounding success or a dismal failure. It is very much aimed at selling more... Fri, 12 Nov 2004 15:59:57 GMT contact@patrickhynds.com (Patrick Hynds) security performance dell paying attention launched website http://localhost:3000/blog/code-camp-franklin-style http://localhost:3000/blog/code-camp-franklin-style Carl Franklin and the New England office of Microsoft are putting on another edition of the Code Camp event.  This time it is a mini-Code Camp with Carl doing the one man band thing all about VB.Net. If you can make it to the MS Waltham office on January 23rd then you should. ... Wed, 10 Nov 2004 19:51:23 GMT contact@patrickhynds.com (Patrick Hynds) events office dotnet microsoft franklin code camp http://localhost:3000/blog/clusters-without-lm-hash http://localhost:3000/blog/clusters-without-lm-hash A common bit of advice bandied about lately (by Jesper Johansson of MS, me, and others in and out of MS) is to turn off LM Hashes on your Windows systems and networks.  This is great advice, but there is a proviso.  Some things depend on LM Hashes to work.  Most of them are not an... Tue, 02 Nov 2004 21:34:21 GMT contact@patrickhynds.com (Patrick Hynds) security windows advice hashes clusters without common http://localhost:3000/blog/very-interesting-contest http://localhost:3000/blog/very-interesting-contest Thom Robbins of MS New England fame has come up with another very interesting event!  Right on the heels of a very successful Code Camp 2 this past weekend he has announced a development contest where you can win a Mobile Device. Check out the details on Thom’s Blog . Should be interesting to... Wed, 20 Oct 2004 18:28:11 GMT contact@patrickhynds.com (Patrick Hynds) mobile interesting contest robbins england event heels http://localhost:3000/blog/situational-awareness http://localhost:3000/blog/situational-awareness Often we don’t know we are in danger until we get clobbered. We have all had that feeling in the pit of our stomachs after something heavy falls where we were standing a few minutes ago. In the middle ages ignorance of disease killed many and the same is true of most in the modern world of computer... Wed, 29 Sep 2004 20:54:10 GMT contact@patrickhynds.com (Patrick Hynds) security situational awareness danger clobbered stomachs heavy http://localhost:3000/blog/but-wait-there-s-more http://localhost:3000/blog/but-wait-there-s-more Now there is an even more dangerous exploit for jpg files.  Details can be found here . I have seen an example of this exploit in action.  In the demo I got from our security team, displaying the custom crafted jpg image caused the workstation to reboot. If you didn’t take the last... Fri, 24 Sep 2004 16:28:38 GMT contact@patrickhynds.com (Patrick Hynds) security exploit wait dangerous files example action http://localhost:3000/blog/ms-is-looking-to-solve-the-backup-problem http://localhost:3000/blog/ms-is-looking-to-solve-the-backup-problem Backup is a fairly antique part of IT nowadays.  The trend over the last year or so seemed to be real time backup to SANs at huge cost in terms of infrastructure.  Now Microsoft has announced that they are going to put forth an offering that will not only bring this solution down to... Thu, 23 Sep 2004 14:36:47 GMT contact@patrickhynds.com (Patrick Hynds) network microsoft backup solve problem fairly antique http://localhost:3000/blog/jpeg-are-now-dangerous http://localhost:3000/blog/jpeg-are-now-dangerous Now I have heard it all!  Terrorists, Hurricanes and now JPEGs can be used to attack your computer! To see what I am ranting about check out the article . Wed, 15 Sep 2004 01:03:57 GMT contact@patrickhynds.com (Patrick Hynds) security jpeg dangerous heard terrorists hurricanes attack http://localhost:3000/blog/cyber-terrorism-on-the-horizon http://localhost:3000/blog/cyber-terrorism-on-the-horizon I just finished reading an upcoming article from Forbes Magazine  (unfortunately you will have to register to read it before the September 20th pub date) about the belief that terrorists are turning to hacking as their next major vehicle to do damage. In the article they point out things like,... Wed, 08 Sep 2004 20:11:23 GMT contact@patrickhynds.com (Patrick Hynds) security hacking cyber terrorism horizon finished reading http://localhost:3000/blog/security-after-the-sdlc http://localhost:3000/blog/security-after-the-sdlc The Software Development Life Cycle (SDLC) is a well established and well thought out concept.  There are books and experts and cool slides galore that talk about it and how security should fit into it.  The problem that I see is that the process as most people think about it isn’t... Tue, 07 Sep 2004 19:33:05 GMT contact@patrickhynds.com (Patrick Hynds) security application sdlc process software development cycle http://localhost:3000/blog/demos-from-teched-hong-kong-sessions http://localhost:3000/blog/demos-from-teched-hong-kong-sessions As promised I am posting all the demos from TechEd Hong Kong last week.  DEV370: Developing Applications Under Windows XP Service Pack 2     DEV370 XPSP2.zip (369.75 KB)     Special thanks to Jon Box and Dan Fox of Quilogy  for developing and presenting this session... Fri, 03 Sep 2004 15:00:04 GMT contact@patrickhynds.com (Patrick Hynds) events speaking windows-forms dotnet asp-net aspnet performance http://localhost:3000/blog/don-kiely-has-something-to-say http://localhost:3000/blog/don-kiely-has-something-to-say I am listening to the Don Kiely interview on Dot Net Rocks  and thought that it was worth pointing the security minded toward.  I have known Don for a while from conferences out and about, but hadn’t realized how much he has delved into the Least Priviledge issue until listening to Carl... Thu, 02 Sep 2004 14:09:38 GMT contact@patrickhynds.com (Patrick Hynds) security dotnet kiely listening least priviledge issue http://localhost:3000/blog/authdiag-1-0-is-available-in-its-final-form http://localhost:3000/blog/authdiag-1-0-is-available-in-its-final-form If you haven’t used it yet then you should get to know this tool.  If you have then you should be happy to know that the final 1.0 version of AuthDiag is now available at http://download.microsoft.com/download/6/c/9/6c96682c-8449-4112-a089-3b98c0035d0c/AuthDiag.msi When you are using Windows... Wed, 01 Sep 2004 21:04:29 GMT contact@patrickhynds.com (Patrick Hynds) security access-control microsoft windows authentication amd intel http://localhost:3000/blog/back-from-teched-hong-kong http://localhost:3000/blog/back-from-teched-hong-kong And it was a great event!  For those that attended, I will be posting the demo code before the end of the week so stay tuned! Tue, 31 Aug 2004 21:20:25 GMT contact@patrickhynds.com (Patrick Hynds) speaking hong kong teched event attended posting http://localhost:3000/blog/too-good-to-be-true http://localhost:3000/blog/too-good-to-be-true I was talking to an old friend at the recent Mobility Day held at the Microsoft Office near Boston and he brought up an incident that I have seen happen to others.  I realized though that it isn’t something talked about often so it seemed like perfect blog fodder. He told me of working with a... Fri, 20 Aug 2004 13:43:53 GMT contact@patrickhynds.com (Patrick Hynds) security open-source code-review microsoft office proprietary true http://localhost:3000/blog/physical-security-not-a-high-enough-priority http://localhost:3000/blog/physical-security-not-a-high-enough-priority We regularly do network and application reviews for customers to make sure they know where the security problems are hiding.  I kind of expect to find servers unpatched, applications accepting unvalidated user input and the raft of standard security faux pas on both the network administrator... Tue, 10 Aug 2004 21:14:15 GMT contact@patrickhynds.com (Patrick Hynds) security sql-server windows hacking vulnerability virus physical http://localhost:3000/blog/teched-style-cabana-comes-to-new-england http://localhost:3000/blog/teched-style-cabana-comes-to-new-england Thom Robbins has worked with Chris Pels (and myself as lazy consultant) to create an event that I expect to become as popular as the Code Camps!  They are called Cabanas (all the best ideas are stolen anyways) and the first will be held in the Microsoft office in Waltham (outside... Tue, 03 Aug 2004 14:13:48 GMT contact@patrickhynds.com (Patrick Hynds) speaking microsoft office teched style cabana england http://localhost:3000/blog/chance-to-win-a-tablet-pc http://localhost:3000/blog/chance-to-win-a-tablet-pc Carl Franklin is giving away a Tablet PC to someone who fills out his survey.  Go to http://www.franklins.net/dnrforms/tabletcontest.aspx  to enter. Thu, 29 Jul 2004 03:48:11 GMT contact@patrickhynds.com (Patrick Hynds) tablet dotnet chance franklin fills survey dnrforms http://localhost:3000/blog/microsoft-has-released-a-tool-that-removes-the-trojan-used-by-download-ject http://localhost:3000/blog/microsoft-has-released-a-tool-that-removes-the-trojan-used-by-download-ject In case you need a way to clean up after getting hit by the Download.Ject exploit… Download.Ject malware removal tool released Microsoft has learned of a Trojan program that is downloaded by the Download.Ject malware, also known as Scob, to client machines from infected IIS servers. When a user... Wed, 14 Jul 2004 12:37:54 GMT contact@patrickhynds.com (Patrick Hynds) security microsoft malware iis exploit javascript monitoring http://localhost:3000/blog/regex-as-a-way-to-better-data-validation http://localhost:3000/blog/regex-as-a-way-to-better-data-validation Someone recently sent me a link to an MSDN article about 10 must have tools .  While looking it over I saw The Regulator listed and started thinking about validation of client data. Everyone has by now heard that you must validate your data from a client before you act on it, but what does... Fri, 09 Jul 2004 18:41:07 GMT contact@patrickhynds.com (Patrick Hynds) security dotnet regex sql hacker course microsoft http://localhost:3000/blog/fix-available-for-download-ject-attack http://localhost:3000/blog/fix-available-for-download-ject-attack Microsoft has released a Knowledge Base article, 870669 , that describes how to implement a change manually that will disable the browser’s capability to leverage the ADODB.Stream object. This could be a painful fix for many organizations as you may be using that object for certain file based... Fri, 02 Jul 2004 17:27:18 GMT contact@patrickhynds.com (Patrick Hynds) security microsoft browser exploit object change available http://localhost:3000/blog/new-net-user-group-has-its-first-meeting-tomorrow-night http://localhost:3000/blog/new-net-user-group-has-its-first-meeting-tomorrow-night The Downtown Boston .Net User group is having it’s first meeting tomorrow night.  In a coordinated effort with the Boston .Net User group that regularly meets outside Boston in the Microsoft Office in Waltham, MA, Sam Gentile is hosting a downtown version for those that find it hard to escape... Wed, 30 Jun 2004 18:45:20 GMT contact@patrickhynds.com (Patrick Hynds) events user-group meeting dotnet microsoft office clr http://localhost:3000/blog/intrusion-detection http://localhost:3000/blog/intrusion-detection I have recently been asked by a deeply knowledgable friend of mine, Malek  Kemmou , about the latest in Intrusion Detection software.  I realized that if he was curious, then this might be a topic worthy of a few words…   The bad news is that there is not much out there really... Mon, 28 Jun 2004 16:07:10 GMT contact@patrickhynds.com (Patrick Hynds) security intrusion-detection dotnet logging spam iis software http://localhost:3000/blog/firewall-or-die http://localhost:3000/blog/firewall-or-die There was a time when I believed that I could keep a server secure enough that I could get away with not putting it behind a firewall.  This used to entail just having a security plan and minimizing the attack surface.  Then it got harder and harder to keep up.  I held out for as... Wed, 23 Jun 2004 03:54:53 GMT contact@patrickhynds.com (Patrick Hynds) firewall security harder believed server secure behind http://localhost:3000/blog/my-new-york-city-net-user-group-presentation http://localhost:3000/blog/my-new-york-city-net-user-group-presentation went well, except for the 7 hour drive to get there that should have been 3.5!  OK, back to the intent which is technology entry…  I spoke on Sharepoint Programming and the crowd was varied (never heard of SharePoint to SharePoint guru), but engaged.  Single Sign On was the big thing... Fri, 18 Jun 2004 03:47:57 GMT contact@patrickhynds.com (Patrick Hynds) speaking user-group single-sign sharepoint dotnet meeting office http://localhost:3000/blog/aspnet-wp-exe-net-1-0-and-a-domain-controller http://localhost:3000/blog/aspnet-wp-exe-net-1-0-and-a-domain-controller Jeopardy Answer:  What are 3 things that don’t go together easily! If you feel the need to host ASP.Net on a windows domain controller and can’t bring yourself to upgrade to version 1.1 then at least read this KB article . The crux of the problem is that domain controllers on IIS 5.0 servers... Thu, 17 Jun 2004 03:10:39 GMT contact@patrickhynds.com (Patrick Hynds) security dotnet asp-net aspnet windows iis domain http://localhost:3000/blog/start-with-the-administrator-account http://localhost:3000/blog/start-with-the-administrator-account Alot of sources say that you should rename your administrator account on your windows systems and windows network.  While I agree with this wholeheartedly, you need to take the war to the hacker. First, renaming the administrator account to admin or adm or something equally obvious when seen... Wed, 16 Jun 2004 03:06:35 GMT contact@patrickhynds.com (Patrick Hynds) network security sql-server windows hacker rest remote http://localhost:3000/blog/wse-1-0-revisited http://localhost:3000/blog/wse-1-0-revisited More than a year ago, I spent a day or two wading through WSE 1.0 (hence the title) to prepare a nice demo for a talk on GXA that Andrew Brust and I did at CeBit held in NYC.  In my travels, I reviewed Tim Ewald’s white paper called “ Programming with Web Services Enhancements 1.0 ” and soon... Fri, 11 Jun 2004 01:49:11 GMT contact@patrickhynds.com (Patrick Hynds) security dotnet asp-net microsoft revisited spent wading http://localhost:3000/blog/blogging-enters-the-battle http://localhost:3000/blog/blogging-enters-the-battle I have been considering starting to blog for a long time.  There were false starts and pronouncements that I would begin that were left unfulfilled.  As I write this first entry I realize that I picked the correct name for this journal – Tech Siege .  The reason is that since before... Fri, 11 Jun 2004 01:13:46 GMT contact@patrickhynds.com (Patrick Hynds) security realize blogging enters battle considering starting