Monthly Archives: April 2007

Microsoft Silverlight Streaming – Home

Wow – more good news in the wake of the announcement that SilverLight was “born”.

On the SilverLight Live site you can get 4GB of hosting space for free – so if you want to try your hand in SilverLight head on over and start tapping those keys.

Cheers and happy coding!!! 

Link to Microsoft Silverlight Streaming – Home

Microsoft for Partner Roadshow Plus: Coming soon to a city near you!

Here’s some great news for the Perth MSFT Partners – the roadshow is here. 5 more sleeps and it’s rock and roll.

I’d suggest you hurry up and register if you haven’t already!!!


Dear Partner,

The Microsoft for Partner Roadshow Plus kicks off in Perth in just six days! If you haven’t already registered for one of the cities on the Roadshow tour, then make sure you register today.

A Microsoft for Partner Roadshow Premiere

For the very first time, Microsoft Australia is introducing interactive and instructor-led technical training sessions at the Microsoft for Partner Roadshow. So, in addition to the valuable business update and product roadmap information you will get at no charge, you can also choose to attend two of the very affordable technical training sessions.

For just $129 per person, you get six hours of hands-on lab training, delivered by Microsoft Technical Specialists. At this price, you can’t afford NOT to miss it!

Secure your spot and register today!

Don’t forget: Partner Briefings in Hobart and Darwin

The Partner Briefing sessions have been designed exclusively for our Partners in Hobart and Darwin, and will provide the latest product updates, complimentary technical training, and the opportunity to chat with the Microsoft team and experts.

Register for the Partner Briefing session today!

Kind regards,
The Microsoft Australia Partner Team

Please note: The Microsoft for Partner Roadshow Plus Registration Web site takes credit card only, so make sure you have your credit card details handy.

MVPS HOSTS File update [04-30-07]

Blocking Unwanted Parasites with a Hosts File (135 kb) (563 kb)
Note: the “text” version makes a good reference for determining possible

How To: Download and Extract the HOSTS file

HOSTS File – Frequently Asked Questions

Sign up for HOSTS file update notices

Visit the Hosts News blog

News: Web is dangerous

VoIP is scary, if you rememeber. Now, there’s something else that is scary: WWW, the World-Wide Web. And thanks to Tim O’Reilly and his invention of Web 2.0, it’s scarier than ever.

As in: there’s much more to FUD about. Here’s a perfect example: Web 2.0 Threats and Risks for Financial Services (by Shreeraj Shah). It’s full of dung, as pretty much any other FUD. But being targeted at the financial industry (people with your money) it excels at that. Let’s analyse:

The financial industry estimates that 95% of information exists in non-RSS formats and could become a key strategic advantage if it can be converted into RSS format.

RSS is just a way of delivering dynamic content (not quite a format), and not much of financial information really can use RSS. Market news (think of Reuters and Bloomberg services) and that is pretty much all. And the model is simple: authenticate and deliver content securely. RSS has no security implications here. And where the figure of 95% came from?

Ajax, Flash (RIA) and Web Services deployment is critical for Web 2.0 applications. Financial services are putting these technologies in place; most without adequate threat assessment exercises.

Of all corporations, financial industry is one of the most conservative. Every technology that is used undergoes rigorous assessment. And adequate (to the organisation’s risk management and regulatory requirements) security is one of the top priorities there. The process of the evaluation may not be the most efficient, but that’s a different issue – nothing to do with Web. Besides, Flash belongs more to entertainment industry: it’s neither critical nor required by financial institutions for business-critical applications.

In the last few months, several cross-site scripting attacks have been observed, where malicious JavaScript code from a particular Web site gets executed on the victim’s browser thereby compromising information on the victim’s system. Poorly written Ajax routines can be exploited in financial systems. Ajax uses DOM manipulation and JavaScript to leverage a browser’s interface. It is possible to exploit document.write and eval() calls to execute malicious code in the current browser context. This can lead to identity theft by compromising cookies. Browser session exploitation is becoming popular with worms and viruses too. Infected sessions in financial services can be a major threat. The attacker is only required to craft a malicious link to coax unsuspecting users to visit a certain page from their Web browsers. This vulnerability existed in traditional applications as well but AJAX has added a new dimension to it.

AJAX doesn’t add any new dimension to the XSS attacks: both the attack techniques and the ways to prevent cross-site scripting haven’t changed.

One of the key elements of Web 2.0 application is its flexibility to talk with several data sources from a single application or page. This is a great feature but from a security perspective, it can be deadly.

And may be not. The decision to use multiple data sources is driven by functional requirements. And it can be well-secured.

Web 2.0 based financial applications use Ajax routines to do a lot of work on the client-side, such as client-side validation for data types, content-checking, date fields, etc. Normally client-side checks must be backed up by server-side checks as well. Most developers fail to do so; their reasoning being the assumption that validation is taken care of in Ajax routines.

At this point, an example is necessary. Abstract applications and developers aren’t good enough. In the past couple of years the developers actually have learnt server-side data validation and more often use it than not. And the risk is of stupid developer, not of AJAX – if anything, AJAX is raising the bar for developers.

Web Services are picking up in the financial services sector and are becoming part of trading and banking applications. Service-oriented architecture is a key component of Web 2.0 applications. WSDL (Web Services Definition Language) is an interface to Web services. This file provides sensitive information about technologies, exposed methods, invocation patterns, etc. that can aid in defining exploitation methods. Unnecessary functions or methods kept open can spell potential disaster for Web services. Web Services must follow WS-security standards to counter the threat of information leakage from the WSDL file. WSDL enumeration helps attacker to build an exploit. Web Services WSDL file access to unauthorized users can lead to private data access.

Mr. Shah seriously suggests that security though obscurity is essential. That’s rubbish.

A lot more analysis needs to be done before financial applications can be integrated with their core businesses using Web 2.0.

If we need analysis, that must be nothing like Mr. Shah’s.

MIX 07 & Ray Ozzie

Si eres como yo y no pudiste ir a Las Vegas y asistir a Mix puedes ve el Keynote de Ray Ozzie (Microsoft CSA) en:


También puedes ver toda la otra información relacionada a Mix en:

XNA Pong from SnowJoy

Snowjoy has released his First XNA Endeavour “XPong”, included in the post is the Binaries, Source, and Creators Package for the project.

In this project SnowJoy makes a complete game package, including menus, game states and different input functions (Game Pad, Keyboard and the WiiRemote). One of the features that I like is the Clock, when the system is on one of the menus the system will display the time in the background. It does this by having the hours as one sides score and the minutes as the other.

Well worth the Download.

Cross Post from

Bear Gulch in FSX

My good friend and fellow FS developer Bill Womack has posted new images of his fourth-coming update of Bear Gulch scenery that will accompany the RealAir Simulations Scout FSX package.  The images are courtesy of the talented screen shot "grabber" Nick Churchill.  The images look great, so be sure to have a look!

While checking those out, be sure to take a look at Bill’s post introducing Dillingham Field in Hawaii – simply stunning!

SimHQ celebrating 10 years

SimHQ, a site that covers the entire spectrum of simulation software from air, land, & sea combat, and driving genres, is celebrating ten years of community service starting this week.  One of their contributors, John "Spoons" Sponauer, has written a nice commentary called "Ten years of SimHQ" telling his perspective of those ten years.  He includes a couple of screens showing how the site has changed over time (and he mentions that the site is due for a redesign this year).

On each Monday from now until the end of the year, they will¬†present what they call SimHQ DejaNews.¬† I’m sure it will bring back many memories of yesteryear in the world of simulation.¬† This week, they talk about a review done on Jane’s F-15, MiG Alley previews, and news related to Rendition and VooDoo2 video cards – boy, those were the days!!¬† Be sure to check it out before the day is over!

XNA SimpleGUI update

It was only yesterday when I introduced Cryovat’s Blog and SimpleGUI Project, now for the second day we have another update and some more information on the project. Hopefully we will also get a sample this week.

Cross Post from

WSUS 3.0 verfuegbar

Was lange w√§hrt, wird meistens gut…oder?

Seit heute (30.04.2007) sind die Microsoft Windows Server Update Services 3.0 nach langer Betaphase verf√ľgbar. Erfreulicherweise stehen auf der Downloadseite sowohl eine 64-Bit- als auch eine 32-Bit-Version bereit. Ebenfalls stehen einige Whitepaper und HowTo’s zur Verf√ľgung.

Bitte wie immer unbedingt vor der Installation in einer produktiven Umgebung Release Notes etc sorgf√§ltig lesen und testen, testen, testen…

Viele Gr√ľ√üe

Dieter Rauscher
MVP ISA Server

Breaking VOIP Barriers

You have to check out this cute VOIP demo brought to you by the Microsoft people that are bringing you Office Communications Server 2007.

The cool factor in this is very high as is the quality of the TTS.

As always, enjoy and let me know what you think of it.

Jasper : the friendly Entity framework non ghost


Just as some bloggers harp over the delays in the entity framework, talking about object spaces, etc, the ADO.NET team released today Jasper.


Jasper leverages the power of dynamic languages and the concept of convention over configuration to provide a programming surface for data that enables rapid development of data-bound applications. While most other rapid data access frameworks are only capable of working against simple databases, Jasper can scale to almost any database, regardless of size or complexity. This is possible because Jasper takes advantage of the ADO.NET Entity Framework’s significant investments in mapping and conceptual data modeling.



How sweet it is J


Silverlight SDK 1.1 Alpha available now.

The goodies from MIX are now starting to pour into Microsoft’s servers…. Silverlight SDK being just one

PowerPoint Games – Anthony’s Projects

Yup, Anthony Barfield is our new PowerPoint Games contributor. I have published 3 of his PowerPoint Games including Pixels Neon. Anthony has a high standard for quality and game play aspects. He has created many quality works which include his Pixels series. He is also the first PowerPoint Heaven contributor to utilize PowerPoint 2007 on his recent works.

To download the game, visit PowerPoint Heaven at:

Take note that Pixels Neon requires PowerPoint 2007. If you are using PowerPoint 2003 and below, you will not be able to run the game. Alternately, you can download the free PowerPoint Viewer 2007.

Un fond d’écran DreamScene

Hop, un petit fond d’√©cran anim√© pour DreamScene…

Source et téléchargement.

Don’t forget…

Tomorrow is the inaugural meeting of the UK Windows Management User Group, right after the UK MMS event finishes. I know that the UK MMS event is full but I'd love to see you at our user group meeting so if you plan on attending please let me know…(read more

Dell PowerEdge 2850 Hardware issues

Dell we have a problem.

It has come to my attention that ALL DELL PE2850’s have a hardware issue. It seems the dudes at Dell really messed up some firmware updates. If you are not running BIOS A06 and BMC 1.68 or higher download Dell’s Server Update Utility 5.1.1. ( or later (I have only tested 5.1.1 though). Get 5.2 here

So what happens if you are running the bad version? CPU IERR EO7F0 on every CPU in the machine at the same time. And then you get the famous Dell amber flashing light. Every OS locks up without processors, no really they do. If you call Dell Support (which I have done), you get greeted by a tech that says “Hi, welcome to Dell support. Please update your firmware and BIOS.”. DOH!


Cincinnati SharePoint User Group Meeting May 14

The website doesn’t have much but will get you time and directions. The planned schedule is

<6:00 – 6:30  Social Time and Food

6:30 – 7:15  Presentation: “Why Utilize SharePoint in the Enterprise”

7:30 – 8:15  Presentation: “Upgrading to SharePoint 2007″

It will be hosted at Max Train in Mason, Ohio.

I would say hope to see you there but I will be out of town for this one. L

Shane ‚Äď SharePoint Help

Annexe : Winform et Xna

Il est tout √† fait possible d’interconnecter un affichage “Xna” √† un affichage Winform. Deux choix s’offrent au d√©veloppeur : soit amener les fonctionnalit√©s Winform dans un programme Xna, soit int√©grer du Xna dans une application Winform. Cette annexe aborda ces deux cas au travers d’exemples simples.

Fonctionnalités Winform dans un programme Xna

La fen√™tre dans laquelle s’ex√©cute un programme Xna correspond √† un objet de type GameWindow.L’√©quipe Xna ne s’est pas amus√© √† “red√©vellopper la roue” ; chaque fen√™tre sous Windows est identifi√© par un handle qui l’identifie de mani√®re unique parmi toutes les fen√™tres affich√©es par le syst√®me d’exploitation. L’astuce consiste donc ici √† charger un objet Form (Winform) √† partir du handle de l’objet GameWindow.

A ce stade l’acc√®s aux fonctionnalit√©s Winforms est un jeu d’enfant. Nous allons cr√©er une application affichant un carr√©. Elle donnera √† l’utilisateur la possibilit√© de modifier la couleur du cube par l’interm√©diaire d’une combobox et sa taille via un slider. Un bouton permettra de tout r√©initialiser.

Fonctionnalités Xna dans un programme Winform


L’association Winform Xna est un cas exceptionnel qui r√©pond √† un ensemble de probl√©matiques particuli√®res : besoin de profiter de la maturit√© ou de rapidit√© d’impl√©mentation de Winform

BUG in VS 2003 with MSSCCI 1.2 Provider in TFS

Dear All,

I’d like to share with you a problem on VS 2003 ONLY and not in VS 2005.

The bug as follows; if you install MSSCCI 1.2 Provider for TFS in VS 2003,you can’t switch to VSS as a source control.

This problem will affect you because you can’t open any project binded to VSS as a source control;it takes TFS as a default source control even if you change it from the TOOL-> Source Control Menu in VS 2003.

NOTE : This problem ONLY exist in VS 2003 and i tried in VS 2005 and its working fine.

I submitted this to VS Product Team as a bug;for now;to solve the problem;you have these options :

1) Either to change in the registry of your machine (I DONT RECOMMEND THAT).
2) Use Third party tools “SCP Selector” , here is the download url :

Hope this is useful :)

Moustafa arafa

Recent Comments