Thushan Fernando Uncut

The moment most of us have been waiting for, Visual Studio 2010 Service Pack 1 is finally out (right now for MSDN Subscribers), read what the changes are in VS2010 Service Pack 1 (or TFS 2010 SP1 Changes) and grab it from MSDN – once the links become public will update this post.

File Name: mu_visual_studio_2010_sp1_x86_x64_dvd_651704.iso [MSDN Download Link]
Size: 1.56Gb
SHA1: 61C2088850185EDE8E18001D1EF3E6D12DAA5692
ISO/CRC: C77C2A14
Date Published (UTC): 3/8/2011 9:13:36 AM
Last Updated (UTC): 3/8/2011 10:20:52 AM

There’s also the TFS Project Server Integration Feature Pack that’s been released.

Support for Silverlight 4 and Razor, SQL CE4, IIS Express and 64bit IntelliTrace are amongst the finer things in SP1. For C++ folks, the support for Intel AVX and AMD Bulldozer instruction sets are going to be interesting

Some notable bugfixes:

• HTML Designer cannot be used as expected for designing web pages.

Enjoy!

I’m a little late on this one, but Microsoft has released Windows Phone Developer Tools January 2011 update recently. From their own list

The Windows Phone Developer Tools January 2011 Update includes:

• Windows Phone Emulator Update – Exposes copy/paste functionality in the Windows Phone 7 emulator. For more information, see How to: Test Copy and Paste in Windows Phone Emulator. End users can use the copy and paste functionality only after receiving the corresponding update to the Windows Phone 7 operating system.

• Windows Phone Developer Resources Update – Fixes a text selection bug in pivot and panorama controls. In applications that have pivot or panorama controls that contain text boxes, users can unintentionally change panes when trying to copy text. To prevent this problem, open your application, recompile it, and then resubmit it to the Windows Phone Marketplace.

• Windows Phone Capability Detection Tool – Detects the phone capabilities used by your application. When you submit your application to Windows Phone Marketplace , Microsoft performs a code analysis to detect the phone capabilities required by your application and then replaces the list of capabilities in the application manifest with the result of this detection process. This tool performs the same detection process and allows you to test your application using the same list of phone capabilities generated during the certification process. For more information, see How to: Use the Capability Detection Tool.
• Windows Phone Connect Tool – Allows you to connect your phone to a PC when Zune® software is not running and debug applications that use media APIs. For more information, see How to: Use the Connect Tool.
• Updated Bing Maps Silverlight Control – Includes improvements to gesture performance when using Bing™ Maps Silverlight® Control.

WPDT Fix includes:

• Windows Phone Developer Tools Fix allowing deployment of XAP files over 64 MB in size to physical phone devices for testing and debugging.

The BingMap updates were quite welcome too! There are two bits to this update, first grab the Windows Phone 7 January Patch, then install the Visual Studio 2010 tooling update.

Today also marked the release of Internet Explorer 9 Release Candidate which brings a nice bunch of (much needed) updates to IE9 and standards in general with a cool smooth UI.  Ars has a great write up on IE9 RC too which will be far better than what I can write up.

Windows 7 x86 | x64 for the lazy few!

Here’s a quick tip if you want to browse the files in your GAC easily without messing about with commands all the time. Map the folder  containing the assemblies with the Subst command.

To do that, bring up a console window (Windows Key + R or Start > Run), then:

subst G: C:\windows\Assembly

This will map the Global Assembly Cache folder to your G drive in Windows Explorer. You can also peek around and see how the GAC works.

The folders you’ll find in the mapped drive include – on a 64bit system *:

• GAC – Non-native assemblies used by .NET 1.x
• GAC_32 – Non-native 32bit assemblies
• *GAC_64 – Non-native 64bit assemblies visible only on 64bit Windows.
• GAC_MSIL – Non-native MSIL (AnyCPU) assemblies.
• NativeImages_v* – Native assemblies for the framework version and the architecture (Eg. NativeImages_v4.0.30319_64 is for the .NET 4.0 64bit native Assemblies)
• temp / tmp – Temporary directories (duh!)

To remove the binding, use the Subst command with the -D option.

subst G: /D

That’s it! Have a safe & happy New Year!

source: Break.com – People are Lucky (some NSFW content)

Here’s something you wouldn’t see every day. Bill Gates introducing the world to DirectX in 1995.

httpv://www.youtube.com/watch?v=_JokM_fExpI

Don’t interrupt him! My how things have changed.

I’ve been busy hacking away the past month or so with Windows Phone 7 and Android. They’re both very different when it comes to the out of box developer experience – with Microsoft tools being supremo right now. Thought I’d contribute some resources when it comes to (on this post) writing Windows Phone 7 Applications. I’ll try and keep this up to date with new things I find.

Feel free to comment with other great resources.

Last Updated: 16th November, 2010

Books/eBooks

• Nick Randolph’s excellent book on Windows Phone Development – Professional Windows Phone 7 Application Development.
• Charles Petzold‘s gift from the WP7 team – Programming Windows Phone 7 (free ebook!)

Online Resources

Developer

• Windows Phone 7 Developer Tools RTW – You’d have already installed this anyway!
• Second release of Sliverlight for Windows Phone Toolkit – Several new controls and tweaks/fixes!
• 31 Days of Windows Phone 7 – Excellent guide to up skill on Windows Phone 7 gradually covering a lot of the core things you’ll be using by Jeff Blankenburg.
• Windows Phone 7 Jumpstart – Videos from Channel 9 to get you going!
• Windows Phone 7 MSDN How-To Index – Excellent list of articles published on MSDN about Windows Phone 7.
• Patterns & Practices for Windows Phone 7 – Release Candidate is out as of writing, useful information for all developers.
• Windows Phone 7 Developer Tips & Tricks – Tim Heuer’s _very_ useful list of tips and tricks you should keep in mind.
• Windows Phone 7 Developer Tips from Kevin Marshall – Extensive list of suggestions and tips for working on WP7 applications!
• 30 Windows Phone Development Tutorials – Aggregate of tutorials covering writing full twitter clients to moving from iPhone to WP7.
• Building High Performance Silverlight Applications on Windows Phone 7 – Great blog post with video links and a white paper from the Silverlight Team.
• Windows Phone 7 Tutorials from Kirupa – Excellent easy to follow tutorials on WP7 development!
• Windows Phone Geek – All things aggregating on WP7!

Developer Frameworks/Tools

• ComponentOne XAP Optimiser – XAP optimiser & obfuscation for Silverlight but usable for Windows Phone too!
• MVVM Light Toolkit – Implementation of MVVM for WP7.
• Caliburn Micro – Lightweight version of Caliburn to help implement a variety of UI Patterns.
• Ninja Database Light / Pro – Persist objects (with AES optionally) to Isolated Storage. Used to be free but now commercial.
• Windows Phone Profiler – First profiler for WP7, watch the Channel 9 video!
• NEW (16/11/2010): Runtime Intelligence for Windows Phone – “A commercial-grade SKU of Dotfuscator specifically targeting Windows Phone 7 including patented renaming, control flow, string encryption, and metadata removal obfuscation transforms.” (source: Windows Team Blog)

Developer Components/Controls

• HighPerformance ProgressBar for Windows Phone – Use the PerformanceProgressBar instead of the stock when you’re wanting an indeterminate progress indicator!
• Telerik RadControls for Windows Phone – A set of components to add to the standard controls available.
• Resco MobileLight Toolkit – Another UI toolkit for Windows Phone 7, a  bit pricey but might be worth it – haven’t evaluated!

Designer/UX

• Design Resources for Windows Phone – Icons and Design Templates you can download.
• UI Design and Interaction Guide for Windows Phone 7 – (PDF) July 2010 (2.0) edition that covers quite exhaustively, the user-interface and Metro theme in WP7.
• Application Bar Icon Pack – 64 Application Bar Icons you can reuse for your application (they’re also in C:\Program Files (x86)\Microsoft SDKs\Windows Phone\v7.0\Icons). See the complimentary How to: Add an Application Bar to Your Application on MSDN (via Windows Phone Developer Blog)
• ClarityConsulting’s blog on Windows Phone 7
• David Crow’s Windows Phone 7 Resources index.

Hardware

• Windows Phone Devices – Microsoft’s US-centric list of all Windows Phone 7 devices available.

There are somethings on the internet that make you realise anything’s possible. This is one of those moments, the lengths agents will goto to get your business.

Have a great weekend.

As mentioned earlier, the ASP.NET Session Security flaw has been keeping all .NET developers and Microsoft on the ball about possible exploits with their applications. Microsoft have updated their security advisory CVE-2010-333 with more information about the severity of the flaw – its taking Exchange and Sharepoint down with it too.

See Microsoft Security Bulletin MS10-070 for affected products and download the update fix for your setup

For ease of downloading, some configurations for you:

• Windows 7 64bit - .NET 4.0 | .NET 3.5.1
• Windows 2008 R2 – .NET 4.0 | .NET 3.5.1

No words can describe what you’re about to see, its not your usual Gymkhana either (it never is), this has a slight tilt to it.

Pure skillz and lots of money/sponsors – see the priors on the road!?!

If you like those, you’ll like the other Ken Block videos

If the Linux CVE-2010-3081: 64bit Linux Kernel Root Exploit didn’t get you, then this little birdy might. It seems the implementation of the AES encryption algorithm which protects the integrity of the Session Cookies in ASP.NET has a weakness which could enable an attacker to hijack sessions – Which bank? The idea behind the use of AES is to ensure that the crypt’d data hasn’t been tampered with – and hence decryptable, but unfortunately the flawed implementation of the use of AES and how it handles errors gives out some much needed clues for an attacker to pursue.

From TheThreatPost article:

In this case, ASP.NET’s implementation of AES has a bug in the way that it deals with errors when the encrypted data in a cookie has been modified. If the ciphertext has been changed, the vulnerable application will generate an error, which will give an attacker some information about the way that the application’s decryption process works. More errors means more data. And looking at enough of those errors can give the attacker enough data to make the number of bytes that he needs to guess to find the encryption key small enough that it’s actually possible.

There is a Microsoft Security Advisory (2416728) which gives some workarounds until a proper fix is made available. What’s really concerning is this little tidbitt from Thai Duong about Using their tool the Padding Oracle Exploit Tool or POET:

“It’s worth noting that the attack is 100 [per cent] reliable, [that is], one can be sure that once they run the attack, they can exploit the target. It’s just a matter of time. If the attacker is lucky, then he can own any ASP.NET website in seconds. The average time for the attack to complete is 30 minutes. The longest time it ever takes is less than 50 minutes.”

What’s really interesting is seeing the video of the exploit in action on dotnetnuke (don’t close your eyes). ScottGu has blogged about this exploit which goes into far more detail than I can, but if you’re keen there’s a nice document on using the Padding Oracle exploit and includes discussions regarding the JSF View state, cracking CAPTCHA schemes as well as some juicy details on CBC-R.