Hello, I'm Jason
I live with my family in the rolling hills of Northeastern Pennsylvania. I'm a web developer by trade, but have broad experience in various business areas. Want to know more about me?
I was checking my website stats earlier today and noticed that Oracle was sending traffic to my site. Apparently, my site is listed in their documentation at [http://www.oracle.com/technology/products/jdev/htdocs/10.1.3.0.3/readme.html]http://www.oracle.com/technology/products/jdev/htdocs/10.1.3.0.3/readme.html). According to their site, I’m using technology that’s far too advanced for their [jdeveloper web service data control]http://www.oracle.com/technology/products/jdev/htdocs/10.1.3.0.3/readme.html#url2).Read More
Last night at our .NET Valley event, we discussed security. The conversation started with an open ended question by Microsoft TechNet Presenter, Mike Murphy, asking “How do you know if you’ve been hacked?” Many of the IT Professionals gave their answer and then one of the developers there gave the answer “Besides event logs, I’m not sure.” This was a great answer. Reason is, most developers aren’t sure how to detect hackers. I won’t go into things you can look for here, but rather point out that developers know what to do to prevent hacking. The problem that we all agreed on last night is that everyone needs to be on the same page. Meaning, developers have to chat with dba’s, network admins have to discuss upgrades with developers, etc. Probably the biggest gap is that non-IT employees have to understand why IT spends money on security and the implications it can have on the business. Since 9/11, many companies have implemented disaster recovery plans which is great. However, many of these plans don’t include disasters such as the backup jobs becoming corrupt (see DotNetValley.com for more info on this one) or data being leaked (Veteran Affair incident last week). Even more common than these two incidents are things such as using impersonation to impersonate the account Administrator, requiring applications have Full Trust in .NET, leaving the sa username enabled on a SQL box with a blank password, and using weak password on “face” applications (ie: websites, web services, etc). As developers, we need to ensure that our methodology or development process includes full testing for security because in many of these cases, an intrusion detection system (IDS) cannot recognize these issues.
<ramble end="true" />
I’m not sure who came up with this idea but apparently Microsoft is working with a few other companies such as Lenovo and Intel to create a Pay as You Go service for PCs. This new service is called FlexGo. There are a few ways that FlexGo would work. What do you think about this type of service?Read More
Little did I realize yesterday that when I posted the blog entry about the Microsoft Word exploit that this exploit does in fact affect other applications. In our organization one of our departments utilizes an application that uses Word for reporting capabilities. Since it merges data from a Pervasive SQL database, the easiest way for them to setup the reporting capabilities was by creating a macro library. However, the library needs access to things such as a network share, folder structures, and file permissions. So, these users needed Word’s macro security set to low. If we force all users to use MS Word in safe mode, these macros will not run. I wonder what other apps are affected? I didn’t try running safe mode yet with Microsoft Small Business Accounting, but I wonder if the Word reporting works in safe mode with SBA? SBA uses smart documents.Read More
One of the items on my list of things to do was to create a vsi file for easy installation of a custom snippet library we had created. Since I never had to create a VSI file before and I remember that some ASPInsiders questioned the VSI file back around Beta 1 because there were some issues, I really wasn’t sure how easy it would be to create one. Then I found a great tutorial on MSDN called How to: Package Community Components to Use the Visual Studio Content Installer. It’s definitely a great resource to build VSI’s.Read More
Microsoft Word was found to have a vulnerability by allowing remote execution of code. Although a patch is on the horizon, Microsoft is recommending that you run Microsoft Word in safe mode and disable Outlook from using Microsoft Word as the email editor. For more information, click on the link above.Read More
Can you believe it? Another name change at Microsoft. Office 2007, which will most likely be called Office 2007 among IT professionals no matter what, has been changed to “The 2007 Microsoft Office System.” The full reasoning, which actually makes sense (especially points number 2 and 3), can be found here.Read More
I wish I could go to this year’s TechEd 2006 in Boston, but I’ll be on vacation. Besides a pre-TechEd User Group Leaders Summit, this year’s TechEd will also host the New England Mega User Group Meeting. This meeting will feature What’s Hot and What’s …Read More