February 2005 Entries
I was a bit skeptical about trying the newest SP1 version of Sharepoint Services.
To be honest, I hated Sharepoint and thought it was useless for anyone but Office Documentcentric organizations that couldn't get their management act together.
Even with Version 2, I saw the product as “lacking” in all the demos I saw. The problem was, that I was jaded from an install of version 1.0 and hadn't gotten over how awful it was and refused to install it.
So, OK, I was wrong. I admit it.
I had a question come up about how to maintain some shared resources for our intranet and didn't have the time to write something to handle it from scratch. I am after all, in the Document Management business and get a bit of an I can do better than that attitude when it comes to managing huge volumes of documents. However, when I actually USED the integration with Office 2003, and looked at the potential with Infopath and the XML Webparts, I had to quickly change my opinion.
For a free (relatively since it comes with a server license) system, this codebase is truly phenomenal as a fully supported addon from the folks up in Redmond.
I haven't been as impressed with anything lately as I am with WSS. So much so that I am dedicating a great deal of my time to seeing just how far I can extend it by inserting some of my already written webservices code to do the proprietary extensions that I will need for it to truly be the product I want.
As a dogfood kind of developer, I really don't think I can talk much about any product with any authority unless I am actually using it, so in that light, I have decided that my own site must be based around WSS.
I got it installed last night and it's still very crude, but I am working on it feverishly to get as much mileage as I can from it.
Sure it may have some shortcomings when it comes to CSS, XHTML Snobbery and Theming, but it more than makes up for that in the ease of which it integrates with Office 2003, not just Outlook and Word Integration, I mean this integrates with Project Server, Infopath, MapPoint and a bunch of other things I didn't expect.
So as I explore the system and find useful techniques, they will be made available. After the server crashed that I had my cobbled together .Text Code Repository site on, I wanted to think of an easier way to do the repository and WSS fit the bill perfectly. Shared Documents for the actual code and articles, Picture Libraries for Sceeenshots, and Discussion groups for talking about the code, there just isn't anything easier to install and use that is completely integrated right now. I surely don't want to try and do something in php for this because after all, I'm a DotNet developer/architect at the core. While I dabble in many other areas, that is where my bread is buttered.
So I am pleased to announce I am opening my WSS Site today and will be using it as my base for the forseeable future.
I am contemplating moving the blog there do, but haven't quite decided on that yet. While I am sure that it would be relatively easy to move this over and add a few page handlers to make the transition transparent, it's not in my initial plans. I have to decide whether or not to jump blog engines fairly soon, since the new .Text (Community Server::Blog) is now in RC stage and I don't know if I want to jump over to this version or not.
I have contemplated the change to one of the other engines, but they all have similar shortcomings. I surely don't want to have to buy a commercial version of Community Server when I can make a couple web parts, a few webservices and have a much richer application in the long run.
One thing I would love to see get integration with WSS that isn't there yet is OneNote. When it integrates with OneNote, for me there will be no question that WSS will become my webengine of choice for most future projects.
I hate being an allarmist and spreading news of spammer's acctions, but I almost fell for this email I received...
Dear eBay Community Member,
It has come to our attention that your eBay Billing Information records are out of date.
That requires you to update the Billing Information If you could please take 5-10 minutes out of your online experience and update your
billing records, you will not run into any future problems with eBay's online service.
However, failure to update your records will result in soon account termination. Once you have updated your account records, your eBay
session will not be interrupted and will continue as normal. Failure to update will result in cancellation of service, Terms of Service
(TOS) violations or future billing problems.
To update and login to your eBay account, click on the link below:
<link sanitized...>http://cgi4.ebay.com/ws/>Thank you for using eBay!
**This is no-reply message. Please do not reply to this email, as you will receive no response**
What is actually behind the link is a redirect to someone POSING as Ebay, but using EBay's server to do the redirect. It looks like this:
http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh href=http://cgi4.ebay.com/ws/eBayISAPI.dll?MfcISAPICommand=RedirectToDomain&DomainUrl=http%3A%2F%2F%32%31%31%2E%31%37%32%2E%39%36%2E%37%2FUpdateCenter%2FLogin%2F%3FMfcISAPISession%3DAAJbaQqzeHAAeMWZlHhlWXS2AlBXVShqAhQRfhgTDrferHCURstpAisNRqAhQRfhgTDrferHCURstpAisNRpAisNRqAhQRfhgTDrferHCUQRfqzeHAAeMWZlHhlWXh
That is a redirect to a bogus site (In Pusan, Korea) that will snag your login detail and use it for some dubious purpose. If you get one of these from ANY apparently legitimate source you really need to pay attention before clicking on it! The site it takes you to looks identical to the real ebay site (because they stole all the code from ebay...) but is using an IP address not actually an ebay.com address.
Stuff like this is totally criminal, an american idiot receiving the info is most likely getting a visit from the FBI really soon. But they just might sucker enough unsuspecting people into this trap that it is worth noting how devious and disasterous the effect can be. The big problem here is how do you convince a cable company in Pusan, South Korea to raid this persons house and pull out his fingernails with pliers? I would expect to see other less western friendly countries harboring cyber criminals.
Note that this is NOT an HTTPS site during your login and the other DEAD GIVEAWAY is that it will still accept a Microsoft Passport which they STOPPED ACCEPTING IN JANUARY. I knew that I had just updated my Ebay account last month and the email looked nearly identical to this one. The idiot who made this left the “title“ tag in the link and when it came up not looking anything like Ebay, most cautious people will get it, but I seriously doubt the average joe computer user would.
Trustworthy computing indeed, we have to monitor everything we click nowadays.
Pay attention to ANYTHING asking you to update an account's information, even if it appears to be the real thing.
Go ahead and try login in with a fake user/password, it will let you just fine and then proceed to ask you for all your unfilled in security information. I really hope that criminals like this bozo burn in hell for eternity for making my life a little bit more miserable as a programmer and having to assure customers that stuff like this won't happen on our site when it obviously is happening on Ebay.
Ebay better get their act together and install the security hotfix that covers this cross-site scripting vulnerability! You would think that after nearly a year they could have thought of a way to stop this type of attack from happening. I mean they could at least use a different scheme to block ISAPI from doing redirects like this. Shame on the bad guy, but bigger shame on the IT department at Ebay.
Redirects like this bother me when they point to an IP address, and so does Google's Cache, Why doesn't Google's cache point to cache.google.com or something similar?
In the vein of an idea presented by Don Box...
I propose...
There is only only One Computer and its all connected by Google.
This is a very scary thought indeed, but it seem more and more that Google is invading us and everyone who hates Microsoft has put on the blinders and welcomed it with open arms.
This idea, while interesting is so terrifyingly 1984ish that it's hard to believe. Not to mention the complete irony and hypocracy of these people. While they bash Microsoft for attempting world domination, they heap praises on Google for doing the same thing in a very sneaky and covert way.
While gooling is nice for finding web links, I don't think I want it controlling my desktop, reading my email and suggesting everything that I buy. As Google continues to pervade every inch of computing, and while search is a pretty important aspect of computing, don't loose your mind when it comes to the power data mining everything going over the internet will wield.
I am almost at a point that I want to write a tool to remove google ads from sites I visit.
I wish Microsoft was really serious about this...
As a result, IT providers, including Microsoft, must work to make different applications and systems "do what they do best," while consenting to observe a "common contract" that allows disparate systems to better communicate and exchange data with one another, Gates said in the statement.
I have enormous respect for Mr. Gates and his achievements, but he has said this at least a hundred times in the past. I like most of Microsoft's products and pay them a small fortune every year for the priviledge of using their software.
If he continues to bash Open Source, then this statement is just not serious. We are looking at a huge push now for developers to start “interopping” with Office apps. That too is nothing new, they have been trying to get developers to use it as a programming base all the way back to DDE under Windows 3.1.
Interop at Microsoft still means, “it works with other Microsoft products.” With the exception of XML and a few other APIs there is nothing that leads you to really believe what is being said in this article.
Case in point: Ink
Are there any OPEN Standards that can be used with Ink? No, they are all closed, if you want to save in ink, you have to use the closed toolset provided with the Tablet SDK. Not that there is really anything wrong with this, but if the specification for the storage of Ink were an Open Standard, then there would be a hell of a lot more innovation in the TabletPC and you would problably see some things coming out on “other platforms” that support Ink that can be moved freely from a Tablet PC to a Palm, to a Mac, to a Linux Box and allow them all to access the Ink as Ink. This would make the Tablet actually flourish as a platform of convenience instead of being stuck in the realm of vertical and curiosity markets.
Hell, you can't even transfer Ink between OneNote and Journal, two of Microsoft's own products. Transferring as an image doesn't count, that's a lame excuse for not supporting Interop standards and opening up the protocols in a way that any competent developer can understand and write a file that is Standard Ink, or even just copy it to the Clipboard for that matter.
As we become a world completely dependent on our machines to participate in society, the standards just have to be open for everyone to be able to communicate.
Imagine if the UN only supported speaking in English and they told you that they would not allow you to learn to speak in English, but instead they might provide you with a translator; that is effectively the attitude Microsoft has to most of their data formats. Not only does Microsoft not tell you how to speak English, they will probably Sue you if you try and figure out how to do it on your own. Use their APIs (translators) or piss off. You are not allowed to create a file that is completely and utterly compatible with say, Microsoft Word.
Until Microsoft opens these data storage formats up as Open Standards for the world to use, I just do not believe they have any real desire to Interop with anything they don't own. They have made areally SMALL start by offering the Office XML Reference Schemas, but this doesn't tell you how to save a .DOC file.
There is absolutely NO REASON for them to keep this closed as proprietary information, it will not prevent one single sale of Word, in fact it would probably do just the opposite, increase the sales of Word as a more innovative and feature rich word processor that saves it's files in a completely open way. But that is a story is for another day.
What I would really love to see is for Microsoft to open all or at least most of their Data Structures (Including NTFS) so that anyone could access them, then we would truly have an opportunity for Interop to take place. Until that happens, and while they continue to push DRM into all their products so they can sue you under the DMCA for reverse-engineering then I just don't believe Microsoft has any desire to do interop unless it is done through their APIs.
Lately I have written some scathing criticism of Microsoft and I should explain myself. I truly like Microsoft, I want to use their programs because some of them are simply the best products ever written in their niche. Open Source or not, I really don't care, When I want a spreadsheet, I use Excel because it is far superior to anything else. Even if their was and Open Source alternative that was worthy, I would still use Excel because I like it, not because I have to use it. I really believe Microsoft should just shut up about the evils of Open Source and just accept that it is there and it's not going away.
If they did this and just spent more time creating innovative products the masses would still buy them simply because they are better products, not because they are cheaper or more cost effective, simply because they work better.
This is actually how Microsoft got where it is today, they wrote the bulk of the software that worked most effectively together. If they are so worried about the competition, then they should just shut up and make a better mousetrap. Then tell us why their mousetrap is better in terms of using it, not in terms of it being superior because the other product was created by amateurs.
I really don't care who writes the software I use, if it works better, I will use it, if it costs more, then so be it because in the long run it will save me time and frustration. But on the other hand, if it just doesn't work the way I want/need it to work, then I will reject it as unsuitable for my needs and look elsewhere.
Microsoft does indeed make some great stuff, but it doesn't mean you have to worship the products or their creators.
I caught this Information Week pointer from /. and just had to read the coverage because I think it's an interesting viewpoint. I don't program because I think it's a good job... In fact it's a lousy job most of the time. I think this idea applies to anyone who wants to write software, not just Open Source developers. If you read some of the comments there, most of them completely miss the point.
I program because I love it, I program because it deeply interests me to figure something out, I program because I must. I seriously can't imagine doing anything else. Anyone who wants to pull all-nighters because something is bothering them about a technique instead of because they need to beat a deadline is a real coder.
I've been a “professional developer” for about 12 years, before that, I still did a lot of programming, but I was not focusing on it as my career, I was doing other types of engineering and business stuff. I found that it tended to distract me from doing what I really liked doing most, coding and architecting software.
When I decided to focus on software development, I knew I was doing it because I loved doing it, not because it made me wealthy (it has despite that attitude...) or because I thought I could climb the corporate ladder by showing off my skills, (that happened by itself too...)
How about you? Are you programming because you really like doing it, or are you writing code because you thinks its a good career move? Are you motivated because you want to be the "richest man in the world" or because you want to participate in some piece of engineering that just might change the world?
If you are a software developer for any reason other than the fact that you just love to do it, then you should seek a career path somewhere else. It will certainly be more fulfilling for you. I am sure this applies to just about any career, but I think it especially applies to writing software, whether it be Open Source or not.
After seeing industry stalwarts AT&T sold to SBC and IBM dumping its PC Division to the Chinese, is there doubt there may be a similar fate in Microsoft's future?
Not that something like this will happen anytime soon, it just goes to show that all the bellyaching people did over AT&T being the evil big monster didn't really have anything to do with its demise.
AT&T crumbled because it chose not to change its core business. Instead of embracing VoIP years ago when Cisco first came up with the idea, getting out of the Voice market and into Internet Services like it should have, they rapidly eroded by not changing with the technology they had a lot do do with inventing.
AT&T, Bell Labs and Lucent made contributions to the Fiber backbone that powers most of the Internet, similarly Microsoft has IMO made the single most important contribution to the PC Industry, deciding that a reasonable environment for standards programming was important to make the industry thrive. With the API for Windows, Microsoft contributed the single environment that drove the industry for nearly the past 20 years.
.NET has the potential to be that same core in the future and with it's sibling, Project Mono it has a chance to stay in the game, but for how long? If change comes at a glacial pace as it is starting to with Longhorn, then they may not be able to hold on to the deathgrip they currently have in the industry.
Hopefully, Microsoft will refocus it's base and start really being the innovative leader it has been in the past instead of trying to just shut out the other guy with evil tactics like weilding Patents like weapons of mass destruction.
Personally, I don't think Linux has a chance in hell of becoming the market leader, I would look at Apple taking that crown before I would Redhat or Novell. We are most likely going to see a completely new OS coming in the next 5 years that changes everything and Microsoft won't know what hit them, unless of course that OS comes from Microsoft. It really could, but it's definately NOT going to be Longhorn.
I don't think that the market will actually start to shift all that much in the next 5 years, but it should at least become apparent that something else is out there and it will start to gain a following. Nothing is out today that has enough potential in polished form to present itself as the new torch-bearer.
So who is going to write it? Is it you? If so, let me in on your secret :) For Today, I'd just be happy to replace my Shell with one that offers a little more ease of use. That certainly isn't Linux. Programmers are smart enough to figure out a better way to do installations and conflict resolution than they currently offer.
First off, let me state, I really like the Enterprise Library. In fact I put off development of one of my new applications specifically to build it around the EntLib. Great job by the EntLib team getting this out the door!
The concept behind it is fantastic, It's implementation is pretty good too.
I would like to see some people come out with a few articles on how to use these libraries, there are alot of missing pieces in the documentation.
For this to really be accepted and used effectively, further docs are going to be needed.
Specifically, I have already setup a new application to use the Configuration, Cryptography, Data Acces and Security Application Blocks. The Enterprise Library Configuration tool makes this a real snap and saves HUGE amount of time doing tedious and boring things in the initial setup.
Maybe I missed something, but in the Security Application Block, I don't see any straight forward way of doing dynamic rules. Role Based Security is an essential part of all my applications and I have been using it for years. I set up Users, Roles, Profiles and Rules for the Roles already. Changing the way I used to do it with Database lookups for all the dynamic information stored for each user was really easy until it came to Rules.
A Rule is essentially a way to restrict an event(printing, editing, etc.) based on the user's Role, but a Rule will allow for multiple roles to be able to do certain task while restricting others. Plain enough right?
Well, I used to put all my rules in the database with everything else, and apparently the Rule Provider doesn't support this. It doesn't make all that much sense to me to have Rules confined to your App.config. I don't want to go in and edit secutiyconfiguration.config whenever I need to change some permissions.
Fortunately, these are just text, so you can just stick them in the database, but to load them is going to require you to write your own methods to go retrieve them and create a .
When I get this extension written I will probably post something about it here, but this seems like it should have already have been in the core functionality along with Authentication, Roles and Profiles.
Basically I made this Table:
CREATE TABLE [dbo].[AuthorizationRules] (
[RuleID] [int] IDENTITY (1, 1) NOT NULL ,
[Name] [nvarchar] (254) COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL ,
[Expression] [ntext] COLLATE SQL_Latin1_General_CP1_CI_AS NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]
GO
ALTER TABLE [dbo].[AuthorizationRules] ADD
CONSTRAINT [PK_AuthorizationRules] PRIMARY KEY CLUSTERED
(
[RuleID]
) ON [PRIMARY]
GO
then populate the equivalent of this:
<rule name="Rule.CanEditCode" expression="NOT I:? AND (R:Developer OR R:Administrator)" />
into the table.
When My App does it's authorization, I load all the rules into an ArrayList of Strings that I can test when needed in a form or action.
Expect to see me doing more writeups on how I am using the EntLib as I discover more useful ways to use and extend it. Please send me your comments on how you are doing the same.
Blogroll Me!
Blog Search Engine
Copyright © 2003-2004 H. Steele Price, IV -
All opinions are my own, not necessarily those of my employer, your mother, or any government agency.