Archive

Archive for the ‘Developer’ Category

Microsoft releases VS2010 SP1 & TFS 2010 SP1

March 9th, 2011 1 comment

The moment most of us have been waiting for, Visual Studio 2010 Service Pack 1 is finally out (right now for MSDN Subscribers), read what the changes are in VS2010 Service Pack 1 (or TFS 2010 SP1 Changes) and grab it from MSDN – once the links become public will update this post.

File Name: mu_visual_studio_2010_sp1_x86_x64_dvd_651704.iso [MSDN Download Link]
Size: 1.56Gb
SHA1: 61C2088850185EDE8E18001D1EF3E6D12DAA5692
ISO/CRC: C77C2A14
Date Published (UTC): 3/8/2011 9:13:36 AM
Last Updated (UTC): 3/8/2011 10:20:52 AM

There’s also the TFS Project Server Integration Feature Pack that’s been released.

Support for Silverlight 4 and Razor, SQL CE4, IIS Express and 64bit IntelliTrace are amongst the finer things in SP1. For C++ folks, the support for Intel AVX and AMD Bulldozer instruction sets are going to be interesting 😀

Some notable bugfixes:

Enjoy!

{lang: 'en-GB'}
Share

Microsoft releases new WP7 Tools & IE9 RC!

February 11th, 2011 No comments

I’m a little late on this one, but Microsoft has released Windows Phone Developer Tools January 2011 update recently. From their own list

The Windows Phone Developer Tools January 2011 Update includes:

  • Windows Phone Emulator Update – Exposes copy/paste functionality in the Windows Phone 7 emulator. For more information, see How to: Test Copy and Paste in Windows Phone Emulator. End users can use the copy and paste functionality only after receiving the corresponding update to the Windows Phone 7 operating system.
  • Windows Phone Developer Resources Update – Fixes a text selection bug in pivot and panorama controls. In applications that have pivot or panorama controls that contain text boxes, users can unintentionally change panes when trying to copy text. To prevent this problem, open your application, recompile it, and then resubmit it to the Windows Phone Marketplace.
  • Windows Phone Capability Detection Tool – Detects the phone capabilities used by your application. When you submit your application to Windows Phone Marketplace , Microsoft performs a code analysis to detect the phone capabilities required by your application and then replaces the list of capabilities in the application manifest with the result of this detection process. This tool performs the same detection process and allows you to test your application using the same list of phone capabilities generated during the certification process. For more information, see How to: Use the Capability Detection Tool.
  • Windows Phone Connect Tool – Allows you to connect your phone to a PC when Zune® software is not running and debug applications that use media APIs. For more information, see How to: Use the Connect Tool.
  • Updated Bing Maps Silverlight Control – Includes improvements to gesture performance when using Bing™ Maps Silverlight® Control.

WPDT Fix includes:

  • Windows Phone Developer Tools Fix allowing deployment of XAP files over 64 MB in size to physical phone devices for testing and debugging.

The BingMap updates were quite welcome too! There are two bits to this update, first grab the Windows Phone 7 January Patch, then install the Visual Studio 2010 tooling update.

Today also marked the release of Internet Explorer 9 Release Candidate which brings a nice bunch of (much needed) updates to IE9 and standards in general with a cool smooth UI.  Ars has a great write up on IE9 RC too which will be far better than what I can write up.

Windows 7 x86 | x64 for the lazy few!

{lang: 'en-GB'}
Share

QuickTip: Mapping your GAC folder in Windows with Subst

December 30th, 2010 1 comment

Here’s a quick tip if you want to browse the files in your GAC easily without messing about with commands all the time. Map the folder  containing the assemblies with the Subst command.

To do that, bring up a console window (Windows Key + R or Start > Run), then:

subst G: C:\windows\Assembly

This will map the Global Assembly Cache folder to your G drive in Windows Explorer. You can also peek around and see how the GAC works.

The folders you’ll find in the mapped drive include – on a 64bit system *:

  • GAC – Non-native assemblies used by .NET 1.x
  • GAC_32 – Non-native 32bit assemblies
  • *GAC_64 – Non-native 64bit assemblies visible only on 64bit Windows.
  • GAC_MSIL – Non-native MSIL (AnyCPU) assemblies.
  • NativeImages_v* – Native assemblies for the framework version and the architecture (Eg. NativeImages_v4.0.30319_64 is for the .NET 4.0 64bit native Assemblies)
  • temp / tmp – Temporary directories (duh!)

To remove the binding, use the Subst command with the -D option.

subst G: /D

That’s it! Have a safe & happy New Year!

{lang: 'en-GB'}
Share

DOOM: Bill Gates introduces DirectX in 1995.

November 17th, 2010 No comments

Here’s something you wouldn’t see every day. Bill Gates introducing the world to DirectX in 1995.

httpv://www.youtube.com/watch?v=_JokM_fExpI

Don’t interrupt him! My how things have changed.

{lang: 'en-GB'}
Share

Windows Phone 7 Resources

November 15th, 2010 1 comment

I’ve been busy hacking away the past month or so with Windows Phone 7 and Android. They’re both very different when it comes to the out of box developer experience – with Microsoft tools being supremo right now. Thought I’d contribute some resources when it comes to (on this post) writing Windows Phone 7 Applications. I’ll try and keep this up to date with new things I find.

Feel free to comment with other great resources.

Last Updated: 16th November, 2010

Books/eBooks

Online Resources

Developer

Developer Frameworks/Tools

Developer Components/Controls

Designer/UX

Hardware

{lang: 'en-GB'}
Share

Microsoft updates ASP.NET Flaw CVE-2010-333 with fix

September 29th, 2010 No comments

As mentioned earlier, the ASP.NET Session Security flaw has been keeping all .NET developers and Microsoft on the ball about possible exploits with their applications. Microsoft have updated their security advisory CVE-2010-333 with more information about the severity of the flaw – its taking Exchange and Sharepoint down with it too.

See Microsoft Security Bulletin MS10-070 for affected products and download the update fix for your setup 🙂

For ease of downloading, some configurations for you:

{lang: 'en-GB'}
Share

ASP.NET Session Cookie Crypto Attack Exploiting

September 20th, 2010 No comments

If the Linux CVE-2010-3081: 64bit Linux Kernel Root Exploit didn’t get you, then this little birdy might. It seems the implementation of the AES encryption algorithm which protects the integrity of the Session Cookies in ASP.NET has a weakness which could enable an attacker to hijack sessions – Which bank? The idea behind the use of AES is to ensure that the crypt’d data hasn’t been tampered with – and hence decryptable, but unfortunately the flawed implementation of the use of AES and how it handles errors gives out some much needed clues for an attacker to pursue.

From TheThreatPost article:

In this case, ASP.NET’s implementation of AES has a bug in the way that it deals with errors when the encrypted data in a cookie has been modified. If the ciphertext has been changed, the vulnerable application will generate an error, which will give an attacker some information about the way that the application’s decryption process works. More errors means more data. And looking at enough of those errors can give the attacker enough data to make the number of bytes that he needs to guess to find the encryption key small enough that it’s actually possible.

There is a Microsoft Security Advisory (2416728) which gives some workarounds until a proper fix is made available. What’s really concerning is this little tidbitt from Thai Duong about Using their tool the Padding Oracle Exploit Tool or POET:

“It’s worth noting that the attack is 100 [per cent] reliable, [that is], one can be sure that once they run the attack, they can exploit the target. It’s just a matter of time. If the attacker is lucky, then he can own any ASP.NET website in seconds. The average time for the attack to complete is 30 minutes. The longest time it ever takes is less than 50 minutes.”

What’s really interesting is seeing the video of the exploit in action on dotnetnuke (don’t close your eyes). ScottGu has blogged about this exploit which goes into far more detail than I can, but if you’re keen there’s a nice document on using the Padding Oracle exploit and includes discussions regarding the JSF View state, cracking CAPTCHA schemes as well as some juicy details on CBC-R.

{lang: 'en-GB'}
Share

CVE-2010-3081: 64bit Linux Kernel Root Exploit

September 20th, 2010 1 comment

Well its been a heavy week on the security front, first up is a Linux root exploit for 64bit Machines.

A vulnerability in the 32-bit compatibility layer for 64-bit systems was reported. It is caused by insecure allocation of user space memory when translating system call inputs to 64-bit. A stack pointer underflow can occur when using the “compat_alloc_user_space” method with an arbitrary length input.

What does that mean? Essentially, some sanity checks in the compat_alloc_user_space function to check the length and ensure that the pointer to the block of memory is within the user-space of the process is valid was missing. The fix has already been committed but if you are running any x64 versions of Linux, make sure you update your Kernel – especially now that the exploit code is publicly available!

Read up on the exploit by Jeff Arnold from Ksplice and use this very useful CVE-2010-3081 high-profile exploit detection tool to determine if you’re boxens are already compromised.

Of particular note from his article is the breadth of exploitable distributions – see the references below for vendor specific information:

This vulnerability was introduced into the Linux kernel in April 2008, and so essentially every distribution is affected, including RHEL, CentOS, Debian, Ubuntu, Parallels Virtuozzo Containers, OpenVZ, CloudLinux, and SuSE, among others. A few vendors have released kernels that fix the vulnerability if you reboot, but other vendors, including Red Hat, are still working on releasing an updated kernel.

After downloading and running the tool under a non-sudo account, you should cheerfully get the following output.

thushan@dingo:~/tmp$ ./diagnose-2010-3081
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
(see http://www.ksplice.com/uptrack/cve-2010-3081)

$$$ Kernel release: 2.6.32-23-server
!!! Not a RHEL kernel, will skip LSM method
$$$ Backdoor in LSM (1/3): not available.
$$$ Backdoor in timer_list_fops (2/3): checking...not present.
$$$ Backdoor in IDT (3/3): checking...not present.

Your system is free from the backdoors that would be left in memory by the published exploit for CVE-2010-3081.
thushan@dingo:~/tmp$

If not, its time to put those security drills into action!

References

{lang: 'en-GB'}
Share

Windows Phone 7 Developer Tools Released!

September 17th, 2010 No comments

The moment we’ve all been waiting for, the final release of the Windows Phone 7 SDK has been released! What are you waiting for, go download it and try out some cool things!

No Visual Studio installed? Not an issue, it comes with the Express edition of VS2010 and Expression Blend 4 for Windows Phone as well as XNA and Silverlight tools for Windows Phone and an emulator – all for free too!

For more information, see ScottGu’s great post about it!

{lang: 'en-GB'}
Share

OpenIndiana Announced, the fork to Oracle’s OpenSolaris!

September 15th, 2010 No comments

OpenIndianaEarlier today, we had the announcement for OpenIndiana. Aimed to be the de-facto OpenSolaris Distribution that tries to be binary and package compatible with Solaris 11 & Solaris 11 Express. Its apart Illumos Community with 20 core developers providing (eventually) a stable branch with 100% free & open source distribution.

Not only that, you can also download a ready baked OpenIndiana distribution (based on ou_147) or if you’re like me and still using OpenSolaris DEV snv_134, you can upgrade via the IPS management tools. Having said that though, I’m not going to rush and upgrade my zeus box anytime soon as it will take time to settle in, but you can take the baked ISO’s for a spin in a VM 🙂 I have found a few references to OpenSolaris still there and there is currently no xVM Xen (dom0) support nor lx (Linux) branded zones. Not to worry, keep an eye out on the roadmap and release schedule for what they’re going to deliver.

You can get a copy of the OpenIndiana announcement presentation slides as well or follow @openIndiana on twitter. Otherwise, see the Getting Involved guide on the OpenIndiana Wiki and join in!

In a way, its good to know that the beloved OpenSolaris will still live – thanks to the community, but at the same time, how long that community will be turned on by developing and maintaining it will be interesting – though other forks of OpenSolaris are backing it (via Illumos) – like Nexenta and Schillix which has just released a version based on Ilumos. All in all, WATCH THIS PROJECT!

{lang: 'en-GB'}
Share