MSDN Flash - Volume 12, Number 14: June 30, 2008
Volume 12, Number 14: June 30, 2008
Top News
Find Daily Code Gallery Updates
See a daily summary of new code samples provided by Microsoft and the developer community.
MSDN Magazine: Get Your Hands on Our Code
MSDN Magazine recently launched its own virtual labs project where you can try out the code presented by a number of our authors without having to install the test environment yourself. Give it a spin.
New Security Tool Defends Against SQL Injection Vulnerabilities
The Microsoft Source Code Analyzer for SQL Injection tool is a static code analysis tool that helps you find SQL injection vulnerabilities in active server pages (ASP) code.
From the Editor
Online communities have become an outstanding resource for developers. We found that a lot of very talented, highly motivated developers and IT professionals are talking online and sharing information about our tools - what they liked, and ways to make things even better. So we started supplying the feed. Check out the Microsoft Technical Communities and experience the forums, social bookmarking, and wikis designed to help you connect and get things done. It's about community. Make it yours.
Ramp Up Draws a Crowd at Tech·Ed
Ramp Up, a free, online, community-based program, had its re-launch at Tech·Ed North America during the first week of June. At lunch sessions and throughout the week in the booth, Ramp Up drew a large crowd interested in learning more about the program. Much of the interest was directed at the brand-new Visual Studio 2008 track. This track contains a diverse array of content, including e-learning, white papers, and - most popularly - hands-on labs. Graduates from any track of the program receive discounts on certification and e-learning. Lastly, attendees value the access to the Ramp Up forum, in which members can ask and answer questions about the program or its content. Visit Ramp Up and see for yourself what the buzz is all about!
Virtual Tech·Ed Is Now Tech·Ed Online
Tech·Ed Online is now the global information portal for all Tech·Ed events, providing technical training and resources from Tech·Ed 2008 North America. Tech·Ed Online offers live keynote simulcast, top breakout session recordings, onsite Tech·Talks, video interviews with speakers and technology experts, Tech·Ed bloggers, stage events like Speaker Idol and panel discussions, women in technology highlights, podcasts, and featured speaker spotlights.
Tell Us How We're Doing
In December, we made changes to the MSDN Flash personalization experience and layout based on reader input. Take this short survey (five questions) and help us continue to improve your experience.
Thanks for reading,
Editor
MSDN Flash
A Note from Your Student Developer Team
Popfly wows us once again this summer. The first extension of the Popfly group was Popfly Game Creator, which enables you to create arcade-style games on the Popfly Framework. Whether this piques your interest in Silverlight coding or supports your drag-and-drop lifestyle, passing along the URL of a game you created builds street cred with your friends.
On the heels of Popfly Game Creator comes news that you can now share Popfly games as Facebook applications. Suzanne Hansen from the Popfly team gives us the lowdown on How to Share a Popfly Game on Facebook. The Popfly crew has created some excellent videos and articles to get you started.
How to Workwith Popfly Game Creator
Build a space shooter game
Video montage of Popfly games
Overview of the design area
Editing an actor's appearance
Need a work distraction? Build and share your game through Facebook applications, blogs, and Vista Sidebar gadgets.
Security and Safety
Is your code secure? How about the workstation you use for development? Here are some articles from our Microsoft security experts to ensure you are a safer and more secure developer.
Validating ASP.NET Query Strings
The query string is a potential vehicle for attacks on pages with security holes. The QueryString module presented in this column requires no coding in source pages and automatically checks the posted query string against a given schema saved in a separate XML file. This means there's zero impact on existing code, while offering one more built-in barrier against attackers.
Secure Your Developer Workstation
This how-to security article helps you improve your development workstation security. Developers often have computers running software such as IIS, Microsoft SQL Server, or the Microsoft SQL Server Desktop Engine (MSDE). Get quick tips to help you improve the security of your developer workstation, along with tips about how to keep it secure. It also helps you avoid common problems that you are likely to encounter when you secure your workstation.
Top Ten Security Tips for Developers
From buffer overruns to building secure SQL statements, these tips will help fill gaps or reinforce good practices.
Facebook Feature of the Week: Expression Web, June 30th
Your Featured Content
Update Your Selected Topics
Ensure that the content most relevant to you is presented in this section.
Five Things the Boss Should Know About Microsoft's LINQ
CIO - June 16, 2008
This database-meets-software-development technology could easily save your development staff time and avoid complexity.
Windows HPC Server 2008 Technical Overview
Get a detailed overview of Windows HPC Server 2008.
Microsoft Virtualization ISV Web Seminar Series
July 21 - 24, 9:30 A.M. Pacific Time
Don't miss this Web seminar series that will introduce you to the benefits of virtualization for ISVs. API sets available with Microsoft Virtualization products will be covered, along with the benefits of using virtualization as a distribution mechanism for ISV products. Focusing on the new Windows Server Virtualization (Hyper-V) and Virtual Server, the series will cover the how and why for custom development on these new technologies.
Windows Server 2008: Build Secure and Innovative Applications
Download the newest podcasts and learn how to leverage new technologies with Internet Information Services (IIS) 7.0 and how to use Active Directory Federation Services (ADFS) to provide more-secure external access to Web applications. You can also tune in to webcasts and take part in virtual labs to see how Windows Server 2008 can help you deploy, monitor, and administer today's complex applications.
Microsoft .NET 3.5: Explore the Possibilities with WCF and WF
See how, together or separately, Windows Workflow Foundation (WF) and Windows Communication Foundation (WCF) work with the Microsoft .NET Framework 3.5 to provide a platform that can help you build powerful, flexible, and extensible applications that employ the latest service-oriented and workflow capabilities.
IT Pros Wanted
If you are involved with administering networks or databases, building software applications, or developing for the Web, we want to hear from you. Get involved in the product development process and help us to better understand your needs by signing up to participate in one of our usability research studies. Send an e-mail and include "MSDN" in the subject line to participate and receive more information about the Microsoft user research program.
Ramp Up Launches New Visual Studio 2008 Track
Ramp Up, a free, online, community-based program, has added a brand-new Visual Studio 2008 track. Graduates of any Ramp Up track can receive half off on certification and e-learning. The easy-to-access content (provided by subject-matter gurus) is delivered in a variety of forms that guide in learning the important skills. Ramp Up members have access to forums to ask and answer questions about the program or technology.
Introduction to Visual Studio Team Foundation Server
July 11, 10:00 A.M. – 11:00 A.M. Pacific Time, Live Meeting
Visual Studio Team System 2008 Team Foundation Server is an integrated collaboration server for Visual Studio Team System. It combines team portal, version control, work item tracking, build management, process guidance, and business intelligence into a unified server. To register, please e-mail VS08EAST@microsoft.com.
Integrating Visual Studio Team Foundation Server and Enterprise Project Management
August 15, 10:00 A.M. – 11:00 A.M. Pacific Time, Live Meeting
Project Managers and Development teams may be the "Odd Couple" of the 21st century, working together but having different approaches and perspectives. Integrating Project Server and Team Foundation Server helps them work better together. To register, e-mail VS08EAST@microsoft.com.
Government Resources
Have You Heard About "Visual Studio Myth Week"?
Watch four short video clips debunking common misconceptions about Visual Studio Team System in a not-so-serious manner.
On-Demand Developer Webcasts
Missed a webcast that you wanted to attend? Check out our on-demand webcasts.
Screencasts
Marc Schweigert, public sector developer evangelist, is releasing via his blog a series of screencasts on Silverlight 2.0 and other developer technologies.
Environmental Protection Agency (EPA) Improves Data Visualization with MappingTechnology
For years, EPA provided a Web-based data access tool that combined facility-level environmental information with online maps. However, the technology in use provided only static maps with limited interactivity. EPA recently replaced its outdated technology with Microsoft Virtual Earth technology, which offers high-resolution satellite and aerial imagery, dramatically faster response times, and easy integration with environmental data sets.
Hillsborough County, Florida Develops Comprehensive, Efficient System with NewTechnologies
Hillsborough County needed new IT applications to support its court-clerks' systems, so it turned to Catapult Systems for help. To validate the proposed application architecture, county and partner representatives visited a Microsoft technology center and left not only with a more efficient solution but also greater confidence in its long-term viability. The new solution also will provide richer functionality without additional time or budget.
City of Camden, New Jersey Embraces Information Management Solution to ImproveOperational Efficiencies
In compliance with a legislated 24-month turnaround plan, the city of Camden, New Jersey was directed to upgrade its information technology environment. City officials worked with Microsoft and Infusion Development as strategic partners and created the concept for the Camden Success Project. Its two major components, the Contact Camden and the Mayor's Digital Dashboard systems, help ensure quality service for residents, as well as accountability and enhanced collaboration across city departments. Tracking key performance indicators by department has enabled city officials to make more-informed management decisions and to encourage proactive rather than reactive efforts on behalf of Camden residents.
Are you curious about Live Mesh and why you should care as a developer?
Read Marc Schweigert's developer-focused blog to gain more information about this and other topics of interest.
.NET Framework KB Articles
SecurityException when using Microsoft Enterprise Libraries
RSS Feeds
.NET Framework 2.0 | .NET Framework 1.1
Visual Studio 2008, Visual Studio 2005, and Visual Studio .NET KB Articles
'getaddrinfo' could not be located in the dynamic link library WS2_32
RSS Feeds
Visual Studio 2008 | Visual Studio 2005 | Visual Studio 2005 Team Edition | Visual Studio .NET 2003 | Visual Studio .NET 2002
SQL Server and Data Access KB Articles
FIX: The performance of a query in SQL Server 2005 Service Pack 2 Cumulative Update 6 is slow
FIX: The compilation time of some queries is very long in an x64-based version of SQL Server 2005
RSS Feeds
SQL Server 2005 | SQL Server 2000 | SQL Server 2000 Analysis Services
ASP.NET and ASP KB Articles
Microsoft Security Advisory: Rise in SQL injection attacks exploiting unverified user data input
RSS Feeds
ASP.NET 2.0 | ASP.NET 1.0 | ASP 4.0
Team Development, Source Control, and Testing KB Articles
RSS Feeds
Visual Studio 2005 Team Edition | Visual SourceSafe 2005
Evaluation Center
Try Microsoft Office SharePoint Server 2007
Microsoft Office SharePoint Server 2007 can help improve organizational effectiveness by providing comprehensive content management and enterprise search, accelerating shared business processes, and facilitating information-sharing across boundaries for better business insight. It also provides IT professionals and developers with the platform and tools they need for server administration, application extensibility, and interoperability.
Download Microsoft Office Communications Server 2007
Microsoft's unified communications platform enables developers to efficiently build secure, productivity-enhancing applications on top of an extensible software foundation.
More Evaluation Center Resources...
Web Resources
MSDN Magazine: Bitmaps and Pixel Bits
Charles Petzold takes an inside look at the flexible bitmap pixel formats offered by the retained-mode graphics features of Windows Presentation Foundation.
MSDN Magazine: Adaptable Apps for Windows Mobile
We show you the techniques for building adaptable applications that can make the best use of different screens and capabilities on Windows Mobile devices.
HealthVault Be Well Fund Winners Announced
The Microsoft HealthVault Be Well Fund is designed to assist academic and research health organizations in the creation of innovative online health applications for patients.
Windows HPC Server 2008 Debuts in Top 25 of the World's Top 500 Largest Supercomputers (PDF)
Ranked at 23, the NCSA cluster performed at 68.5 TFlops and 77.7% efficiency. Watch the video.
Windows HPC Server 2008: Using MS-MPI
Find out more about the new high-performance Message Passing Interface (MPI) stack included in Microsoft HPC Pack 2008.
Overview of SOA Programming Model and Runtime System for Windows HPC Server 2008
This white paper provides a technical overview of SOA applications and the Windows HPC Server 2008 functions that support the SOA model.
Security for Developers
Visit the New SDL (Security Development Lifecycle) Web Site
SDL Threat Modeling: Past, Present and Future
Application Security Development Lifecycle 5A: Is Threat Modeling Right For You?
Securing Cross-Site XMLHttpRequest
Blue Hat Security Videos
• Cesar Cerrudo on Token Kidnapping in Windows
• Manuel Caballero & Fukami on Scripts, Cross-Domain Attacks, and Flash/Silverlight Security
• Alex "kuza55" K. on Client-Side Issues with Browsers, Plug-ins, and Web Applications
• Dan Kaminsky on Security Threat Research
• SoWhat from Nevis Labs on Fuzzing Anti-Virus Products
• Billy Rios on What the Phishers Are Up To
• Bryan Sullivan on Being a Microsoft Security Grunt
Channel 9 Security Videos RSS Feed
Training
Take the Latest Visual Studio 2008 E-learning Collection for Free
Clinic 6262: Introducing Windows Workflow Foundation using .NET Framework 3.5 & Visual Studio 2008
This two-hour clinic will provide a starting point to learn about workflow engine functionality, overall architecture, and workflow enabled applications. Like what you see in the clinic? Subscribe to the full Collection 6462: Visual Studio 2008: Windows Workflow Foundation.
Case Studies
HPC Center North at Umeå University Sets New Benchmark Record with Windows HPC Server 2008
SIMULIA Delivers Simulation Solutions Faster with Windows HPC Server 2008
CINECA, a Leading Supercomputing Center in Italy, Eases Use and Improves Access with Windows Cluster
Daresbury Lab in UK Seeks to Expand User Base with Windows HPC for Breakthrough Science
University of Washington Researchers Move from Linux to Windows for Performance Gains, New Capabilities
Partner News
Free Trial: Kentico E-commerce for ASP.NET
A full-featured on-line store with shopping cart and order management, PayPal and Authorize.NET support. Highly customizable using Visual Studio 2005/2008.
Received MSDN Flash from a Friend?
The MSDN Flash is full of pointers to in-depth technical information that we encourage subscribers to forward to friends and co-workers. If you've received this issue from someone via e-mail and would like to receive the free MSDN Flash newsletter biweekly, all you have to do is register.