Monday, January 29, 2007

Paint.NET 3.0

Paint.NET is free image editing and photo manipulation software . It supports layers, unlimited undo, special effects, and a wide variety of useful and powerful tools. Paint.NET is written in C#, the Source Code is available.

Sunday, January 28, 2007

Windows Vista - beneficial features

Some reasons to use Windows Vista (by Chris Sells). No all are obvious at first glance and easy to detect. That make this list invaluable.

Saturday, January 27, 2007

WEF: Leaders get a taste of Web 2.0

At the World Economic Forum (WEF) in Davos (Switzerland) 2,400 leaders in business, politics and science do chat about the Future and Past in different areas.

They use accurate mediums to publish informations - a blog. Every participant - including Microsoft chairman Bill Gates - has been asked to post at least once, according to this article.

This afternoon, I followed the discussion about Web 2.0 with Leaders from Microsoft, Flickr, Nike, Fortune and more. The topic aimed less about technique and more about participation, community, sharing, individualization of content and services.... order your individual, unique styled Nike-Shoes... Customize your desktop and web... just be a part of it.

Web 2.0 is everywhere. And Web 3.0 is already on its way....

Update 2007 (WEF): Beyond Web 2.0 -- From Content to Collective Knowledge?

While social networks and community-oriented interactive sites, known as Web 2.0, continue to gain pace, the advent of Web 3.0 is already taking shape. In this Update, panellists (WEF) will discuss how a fundamental, technology-enabled "semantic Web" could develop over the coming four to five years, driven by hyper personalization coupled with advances in meta tagging and search, revolutionizing the way the knowledge is shared.

Hope, I will find the according WEF potcast.

WEF - Please don't mix it with Wresting Entertainement Federation :-)

Thursday, January 25, 2007

Tuesday, January 23, 2007

Anti-Cross Site Scripting Library

Cross-site scripting (XSS) attacks exploit vulnerabilities in Web-based applications that fail to properly validate and/or encode input that is embedded in response data. Malicious users can then inject client-side script into response data causing the unsuspecting user's browser to execute the script code. The script code will appear to have originated from a trusted-site and may be able to bypass browser protection mechanisms such as security zones.

ASP.NET developers may wish to use the Microsoft Anti-Cross Site Scripting Library to encode output. This library differs from other encoding libraries in that it uses the principle of inclusions and provides a high degree of protection against XSS attacks.

Learn more about the Anti-Cross Site Scripting Library
Download the Anti-Cross Site Scripting Library
Follow the tutorials

Monday, January 22, 2007

WPF/E Future - Textbox and other Controls

There are a lot of gadget-examples with WPF/E! Nice - but not more. Flash V. 1.0 :-)

WPF/E does not even contain a Textbox control at the moment. It is in a really early stage. So don't be disappointed. According to this thread, Microsoft is working on adding basic control (TextBox, Checkbox, ...) in the next CTP. Then we're getting closer to business needs.

"We'll also be providing "WPF/E" integration with .NET managed code next year" announced Scott Guthrie, which will bring WPF/E even one level higher (more c#, less javascript).

In the meantime, Tony Lombardo from Infragistics did realize a cool combo (WPF/E and MS AJAX) - a "WPF/E Textbox". Take a look. An enthralling technical chat about WPF and WPF/E to gain insights:

Sunday, January 21, 2007

AJAX XML-Script Tutorial (Future CTP Feature)

An excellent XML-Script Tutorial (Part 1 - 4) by Alessandro Gallo (Garbin) you will find on DotNetSlackers. XML-Script is a part of the Future CTP. This package does contain material additional to the AJAX Core Framework and could be included in further Core Releases.

The Future CTP is not official documented, so this kind of Tutorial from the community are really worthwhile.

Thursday, January 18, 2007

WebApp Offline? Dojo Offline Toolkit!

"I had been prototyping and playing with some ideas around bringing true offline access to Web applications in a simple, generic way" annouced Brad Neuberg in this eweek article.

Sounds great. One big step further in Web-Development, if he will reach his goal. I will stay tuned.

Here some relevant links to get more details:

Wednesday, January 17, 2007

Windows Live Search Box

Search boxes powered by Windows Live are designed for website owners and bloggers who want to quickly add customized search capability to their site. The search box enables visitors to search your site, the Web, or any other locations you define by macros ... Get your own one here:

Task Scheduler Library for .NET

For a project, we had to build a Web-UI to manage and run different scheduled tasks. Program the whole Scheduling-Management by ourself... hmmm, no way, there must be a solution.... why not just use the existing Windows Task Scheduler?

The Windows Task Scheduler is accessible thru a COM interface, but the .NET Framework does not offer any native wrapper for it. :-(

Dennis Austin built an excellent .NET wrapper for the Scheduler, including Source Code, MSDN Style Help and Demo Client. Wow, R-E-S-P-E-C-T !

I was able to build an ASP.NET 2.0 Application to list, add, edit and remove tasks to the scheduler - in no time! Thanks, Dennis - your my programmer of the Week

Sunday, January 14, 2007

Media File Converter

Any video converter is a free media file converter. For example, you can convert video files to MPEG-4 movie format for the iPod.

Wednesday, January 10, 2007

AJAX Security Concerns

Recently, I read a well done article about security concerns, and recommendations for securing Web application development, especially AJAX applications.

Since Ajax Web applications exist on both the client and the server, they include the following security issues:
  • Create a larger attack surface with many more inputs to secure
  • Expose internal functions of the Web application server
  • Allow a client-side script to access third-party resources with no builtin security mechanisms

AJAX implementations require a trust relationship between the client and server — a relationship that can be exploited by an attacker...

The JavaScript in the Ajax engine traps the user commands and makes function calls in clear text to the server. Browser requests and Ajax engine requests look identical. The server is incapable of discerning a request made by JavaScript and a request made in response to a user action. This fact means it is very difficult for an individual to prove that they did not do a certain action.

It also means that JavaScript can make a request for a resource using Ajax that occurs in the background without the user’s knowledge. The browser will automatically add the necessary authentication or state-keeping information such as cookies to the request. JavaScript code can then access the response to this hidden request and then send more requests. This expansion of JavaScript functionality increases the possible damage of a Cross-Site Scripting (XSS) attack.

Read the whole, excellent Article "AJAX Security Dangers" by Bill Hoffmann.

Sunday, January 07, 2007

AJAX Architecture (Big Picture)

Based on Shawn Burke's excellent presentation, I tried to put two overview pictures about the different components of Microsoft AJAX (RC1) and their relationship. - Big pictures are one of the things I really miss within Microsoft's documentation. A picture can often tell more than pages of continuous text.

Microsoft AJAX is based on a client part (called the Microsoft AJAX Library), a complex JavaScript Framework, which brings the power of a base class library out to the browser programmers. The server part (called the ASP.NET AJAX Extension) is a .NET Assembly, bringing smooth AJAX communication and updates to the ASP.NET Framework. These two parts are also referred as AJAX Core.

Based on AJAX Core, we get the ASP.NET AJAX Toolkit, an Add-On to create AJAX Controls and AJAX Extenders. The Toolkit is set-up as "Shared Source" bringing Microsoft and the Community together - working on fancy, attractive Controls for everybody.

The ASP.NET AJAX Value-Add CTP's (called Future CTP's as well) are additional libraries, containing features and functionality, which could be included in further releases of the AJAX Core. CTP's are targeting eary adopters and development, interested in using upcoming codes, and ready to give (optional) feedback to the Microsoft Team.

Thursday, January 04, 2007

Visual Studio 2005 on Windows Vista Issue List

Running Software Development on Windows Vista? - Here you will find two important articles from Microsoft:

Visual Studio 2005 on Windows Vista Issue List

Microsoft SQL Server 2005 on Microsoft Windows Vista

Wednesday, January 03, 2007

"Sys is undefined" in MS AJAX RC 1 on VISTA

Today, I'm working on an article about Microsoft AJAX Control Toolkit, which is based on AJAX Core (AJAX Extensions on the serverside, AJAX Library including the clientside Javascript Framework).

So I downloaded the latest AJAX Control Toolkit Bits from Codeplex and installed the VS-Templates as well.

But, no sample code was working on my machine (VISTA, VS.NET 2005 SP1, IE7 and FF2)!

I've got always the following Script-Error: "Sys is undefined" (Sys is one of the major "classes" of the MS AJAX Library). It seems, that the browser is not able to detect the Script-Library, where this object is located.

I've checked the references to the AjaxToolkit.dll, did all the config mentioned in this thread ( - no success.

If you google for "Sys is undefined" "AJAX" you will find loads of post about this problems. Seems to exist since ages...

At least, when I'm running the sample on a Windows XP (with IE7), everything work as expected. --> expected means correct!! :-)