I’ve been getting hit with a lot of comment spam once again. Strangely enough, I haven’t received comment spam for a while. This is partly due to a little trigger that I have running onmy .Text database that helps check the content before it’s committed to the database. It essentially runs through a few rule checks including the processes of scanning for known words found in typical spam. The trigger isn’t perfect, but it’s effective. Every so often, I need to update the list of words based on the spam I’m receiving. I haven’t had to do that for a while – until now.

Why is spam picking up once again? Maybe there are new “spam” words that my trigger isn’t catching. Frankly, with this new round of spam, I’m getting tired of updating my spam rules. It’s time to hop off the blogging engine that I’ve been using since Day 1. It’s also important to note that this particular blogging engine, hasn’t updated it’s underlying source code since January 2003. It has since rolled into Community Server.

I tried Community Server back in the day, before it was easy to convert the .Text content into CS friendly content. There just wasn’t the ease nor the time to convert all the content back than. Blogging engines have matured and (I’m assuming) their spamming protection has matured as well. The time has come to finally update my blogging engine. The question I have is which engine to I want to “upgrade” to?

I’m struggling with a couple of things. One, now that I’m working for the man, should I jump on over to http://blogs.msdn.com? I’ve seriously considered it. For one thing, my traffic would jump by gazillion fold from ~20 readers to, well, a gazillion. However, moving over to http://blogs.msdn.com would take the control out of my hands. And as we all know, people with Type ‘A’ personalities like to maintain control. Nothing crazy mind you, just the ability to… i don’t know… scan your log files 10 times a day to see who’s linking, reading and searching on your blog. Ok… I don’t scan them 10 times a day… maybe 10 times every few months (I don’t want you to think I’m obsessive).

As I’m sitting here at the Deeper in .NET event in Milwaukee, Scott Hanselman is presenting a session on dasBlog and a behind-the-scenes look on how it works.I’vechecked into dasBlogon a couple of occasions and havealways been intrigued by it. First, it’s built on top of .NET (huge plus), but so is Community Server.dasBlog is file driven vs. database driven. Not a big deal, but it sure is nice to have to have to worry about a database when you don’t have to. dasBlog is stillan open source project found onGotDotNet.com whereas Community Server isnow a product. True, there’s a free version available but it’s stilla commercial product. Being a developer, I like to dig into code to see howother bit-twiddler’s work.

I’m still on the fence. Do Imove to http://blogs.msdn.com and lose all control or upgrade my site to an evolving blogging (and really cool) engine such as dasBlog? I’m sure you (my 20 readers) will find out soon enough.Any help in the decision making process is appreciated.

Microsoft partners’s IMG and Magenic Technologiesare teaming up to deliver a free professional developer seminar around Windows Forms 2.0 development on April 27th in Downers Grove, IL. Magenic heavy-weights Keith Franklin, Raj Das and Keenan Newton will be presenting topics on What’s New in WinForms 2.0, Building Data-bound WinForm applications and ClickOnce.

Register at http://www.imginc.com/devcares.

AprilDevCares

April 27th, 2006, 1PM – 5PM

Microsoft Corporation

3025 Highland Parkway, Suite 300

Downers Grove, IL. 60515

What’s New in WinForms 2.0
We begin our focus on WinForms development by looking at some of the new features found in WinForms 2.0. This session will take a look at some of the new UI controls that allow developers to create complex and professional looking Windows Forms applications. We’ll also spend some time showcasing the new design features found in Visual Studio 2005.

Building Data-bound Microsoft Windows Forms Applications
Working with data in your applications is a common task among developers. With WinForms 2.0 the abilities to work with your data has been greatly enhanced over previous versions of the framework. This session will focus on the new data capabilities and ehnahcements while pointing out new features such as the DataGridView control and new tools such as the enhanced DataSet designer. We’ll also explore additional data related features including asynchronous data access.

Deploying Application with ClickOnce
ClickOnce is a new application deployment technology that makes deploying a Windows Forms based application as easy as deploying a web application. This session will begin by introducing key concepts about ClickOnce, including how it figures within the range of deployment options that you now have available for .NET applications. We will than discuss the architecture behind ClickOnce and the security decisions that are involved in deploying your applications through the ClickOnce technology. We’ll than finish up the discussion by talking about the programmatic features of the ClickOnce API.

Tags: DevCares, Chicago, Developer

I would like to thank everyone who came out for the Microsoft/Compuware Application Level Security Best Practices workshop. We kick things off by discussing the common application vulnerabilites that developers need to be aware of and how Compuware’s DevPartner SecurityChecker product can help you analyze and combat those vulnerabilities.

As promised, here is the slide deckfrom the event as well as a few resources to point out to help you on your quest of becoming a secuirty conscious developer.

Slide deck: WritingSecureCode.zip

Resources:

• Microsoft Security Developer Center
• Application Threat Modeling
• Microsoft Developer Security Resource Kit
• Book: Writing Secure Code, Second Edition

Tools:

• Microsoft Threat Analysis & Modeling v2.0 BETA2
• Microsoft Anti-Cross Site Scripting Library V1.0

Blogs:

• Michael Howard’s Blog
• Microsoft’s ACE Team
• Dan Seller’s Blog

I would like to thank all of those who attended my webcast on Team Foundation Version Control on April 18th. We had a great turnout and a lot of great questions. As promised, here are the slides. Also, I’ve included the resources called out (and some that weren’t) during the presentation to find out more information on Team System and Team Foundation Server. Keep an eye on this blog or subscribe to MSDN Flash to find out about upcoming developer events and webcasts we’re planning.

Slide deck: TFSVersionControl.zip

Resources:

• Visual StudioTeam System Developer Center
• Visual Studio Team System Developer Center – Team Foundation Server
• TeamSystemRocks.com

Whitepapers:

• Team Foundation Server: At Work
• Using Source Code Control in Team Foundation
• Choosing Between Microsoft Visual Studio Team System and Microsoft Visual SourceSafe

Blogs:

• Team Foundation Team Blog
• Buck Hodges Blog
• Rob Caron’s Blog

If you haven’t guessed it by now, teaching developers how to build secure applications is an important message in 2006. This message isn’t just being hollered from the mountain tops of Redmond, but companies such as SPI Dynamics and Compuware are waving the same flag – Developer Security is Important! We have a number of great events coming to the Chicago area, all around teaching developers how to build security conscious applications. These are very important events. So much so, that I’m willing to throw some skin in the game.
If you attend at least 2 of the following events, I will purchase you (1) MS Press book of your choice.* To win, you must contact me with the secret phrase: I promise to be a security conscious developer. Proof of your attendance at the events is required as well. These upcoming events include…
On April 11th, SPI Dynamics is brining their Free Web Application Hacking Workshop to Chicago. At this workshop, you will learn how to incorporate security early into the software development lifecycle. You’ll also learn about advanced hacking techniques such as SQL Injection, Blind SQL Injection and Session Hijacking and how to thwart these attacks. To register for this event, visit
On April 19th, Compuware (in conjunction with Microsoft) will be in Downers Grove, IL to host their Application Level Security Best Practices Workshop. This event will begin with a discussion around Microsoft’s Security Development Lifecycle (SDL) process. Followed by a discussion around common coding practices that lead to insecure web applications and how a tool such as Compuware’s Security Checker can be utilized to identify problem areas within your code while offering solutions to resolving them.
On May 23rd, Microsoft is hosting an all day Security Summit. This day will be jammed packed with security discussions for the IT Pro and Developer crowds. The day begins with a keynote from Mike Nash who is Corporate Vice President of Microsoft’s Security Technology Unit. He will be detailing Microsoft’s Security Strategy and Vision. The keynote will than be followed by a number of break out sessions with topics such as Secure Messaging, Network Access Protection, Creating Reliable and Robust Applications with Visual Studio 2005 and SQL Server 2005 and Application Development Principles and Best Practices.
As you can see, there’s a lot of talk going on around the secured development landscape. The next step is to provide some actions – building secure applications. Attend these events and you will walk away a more security conscious developer with another book to add to your collection.
* The MS Press book must be in print and available for order.