I have posted my presentations and demos from Code Camp II on my new site (more info to come on that after WinDev) and it will be posted to the Code Camp II site: http://www.msdncodecamp.com/.

I am in Quincy, MA (not Boston *) for WinDev this week. After getting in at 2:00 am on Saturday morning from the Applied XML DevCon (which was excellent - kudos to Chris, Sarah, and Becky), I spent a day with the family, and then headed over here Sunday afternoon. I spent the rest of the afternoon and evening with my older boys (12...

My first topic at Code Camp II was a chalk talk on Developing as a Non-Admin. We discussed some reasons to develop as non-admin and I showed some of my own methods and tools that I use every day to "live the lifestyle". I believe I had a some converts and a few said they would give it a try. In my last talk on Secure Windows Forms,...

Code Camp II is now over. I had a lot of fun giving presentations (4 presenations and one chalk talk). There were plenty of interesting questions and very good feedback on the talks. I enjoyed seeing and meeting other speakers: Jason Bock, Don Demsak, Scott Watermasysk, Kent Tegels, Sam Gentile, Patrick Hynds, Duane LaFlotte,...

In light of the recent posts on the ASP.NET security vulnerability, take a look at this great example by Anil on the best practices for writing ASP.NET privileged code. It is not enough to only implement the quick fixes. Now is also a good time to review your code for proper Defense in Depth techniques.

I received my copy of Keith Brown's The .NET Developer's Guide to Windows Security on Friday and have been reading and enjoying it most of this weekend (in between finishing my slides and demos for Code Camp II next weekend). I must emphasize again -- get this book! I had read most of this online, but there is something (at...

As most people in security know (and many outside of security as well), when Bruce Schneier talks, even if what he says is painful to hear sometimes, you listen. Catch his blog and RSS 1.0 full content feed. [Thanks to Larry Osterman for finding this.]

Tonight is Cabana Night in Boston -- an opportunity to get answers to some of those nagging .NET questions you may have. If you are in the area, and are planning on attending, you can register here if you haven't done so. I will be fielding questions on Security along with Patrick Hynds and Duane LaFlotte. It should be a good night. The...

As pointed to by Don Kiely, there are a couple of excellent posts by recent converts to the non-admin devloping "lifestyle": Larry Osterman's WebLog: Running Non Admin Boneman's Blog: Running as Non-administrator It's great to see more and more developers give this a try, along with creative ways to get around some of the inconveniences that...

Prompted by Dinis Cruz's question on my CLR Hosting in Whidbey/2.0 post, I checked if it is now easier to create Partial-trust ASP.NET web sites in 2.0. Fortunately, it appears that it is. By default, ASP.NET sites run and are built as "Full Trust" sites. This means a web application has full access to the machine's resources. That may be OK if...

This past week, I had the opportunity to attend a couple of user group meetings, both of which featured Jeff Prosise as the speaker. Both meetings were sponsored by INETA. Jeff spoke to the Wednesday Boston .NET User Group meeting on Power ASP.NET 2.0 Programming. Christopher Bowen and Girish Bharadwaj give excellent...

Jesper Johansson has started a new article series on The Great Debates: Pass Phrases vs. Passwords Part 1 of 3, continuing the debate on which method of secure authentication to use. For a different spin, I recently heard about PassFaces. Last week, I attended the New England Information Security Group meeting in Waltham, MA...

Jason Haley is setting up a Blogger Dinner on the Saturday evening of Code Camp II.  Date:  Saturday, October 16, 2004Time:  9:00pm - 11:00pm (or whenever they throw us out)Place: Lobby Bar in Westin, Waltham, MA (its the big hotel you see on the highway exit 27 on 128) I’ll be there, along with Scott...

I spent quite a bit of time last weekend finishing my work this past summer for my WIN-DEV talk on "Hosting Applications in Secure AppDomains". I had only a smattering of second-hand information on CLR Hosting in Whidbey at the time, but I now have more information on the new hosting interfaces, and I will be spending some time...

I have a couple more events I will be involved in the next two months: 1.  Speaking at the Connecticut Microsoft.NET Developer SIG in Hartford, CT on September 21. This group is led by S.B. Chatterjee. I will be speaking on the same topic I did at the Downtown Boston .NET User Group on Code Access Security in .NET. 2.  I will be at...