Hello, I'm   Jason

Scott Guthrie pointed out some good tips to resolve an issue that occurs with images stored in CSS. Russ Helfand, who works on his team and has done some cool things such as an AJAX wiki and the CSS adapter kit, has a really cool solution by caching the images by using a handler.

I just finished reading a post by Julie Lerman about “Fake AJAX” better known as FAJAX and couldn’t stop laughing. I know exactly what she means. If I counted the number of times users have asked me why does my page go blank when I click a button…

I came across a blog entry by Rich Strahl about adding stylesheets to ASP.NET 2.0 web pages. The way Rick explained it is that he’d recommend a contentplaceholder in the header section of a MasterPage and to set the properties there. That’s just fine and dandy if the content you’d like to set is in a MasterPage to Page setup. However, you can easily set the header information programmatically in 2.0 by accessing the new Header class. Here is an example of how to do this:

1
2
3
4
5
6
7
8
9
10
11
12
13
Dim KeywordsHtmlMeta as new HtmlMeta  
  
KeywordsHtmlMeta.Name = "Keywords"  
KeywordsHtmlMeta.Content = "ASP.NET, Blog, Jason, Gaylord"  
Page.Header.Controls.Add(KeywordsHtmlMeta)  
  
Dim CSSHtmlLink as new HtmlLink  
  
CSSHtmlLink.href="~/style.css"  
CSSHtmlLink.Attributes.Add("rel", "Stylesheet")  
CSSHtmlLink.Attributes.Add("type", "text/css")  
CSSHtmlLink.Attributes.Add("media", "all")  
Page.Header.Controls.Add(CSSHtmlLink)

If you’re looking for a good resource for SharePoint 2007, be sure to check out the official blog on MSDN. This week, they released beta 2 of SharePoint and includes links and installation gotchas on the site.

I was checking my website stats earlier today and noticed that Oracle was sending traffic to my site. Apparently, my site is listed in their documentation at [http://www.oracle.com/technology/products/jdev/htdocs/10.1.3.0.3/readme.html]http://www.oracle.com/technology/products/jdev/htdocs/10.1.3.0.3/readme.html). According to their site, I’m using technology that’s far too advanced for their [jdeveloper web service data control]http://www.oracle.com/technology/products/jdev/htdocs/10.1.3.0.3/readme.html#url2).

Last night at our .NET Valley event, we discussed security. The conversation started with an open ended question by Microsoft TechNet Presenter, Mike Murphy, asking “How do you know if you’ve been hacked?” Many of the IT Professionals gave their answer and then one of the developers there gave the answer “Besides event logs, I’m not sure.” This was a great answer. Reason is, most developers aren’t sure how to detect hackers. I won’t go into things you can look for here, but rather point out that developers know what to do to prevent hacking. The problem that we all agreed on last night is that everyone needs to be on the same page. Meaning, developers have to chat with dba’s, network admins have to discuss upgrades with developers, etc. Probably the biggest gap is that non-IT employees have to understand why IT spends money on security and the implications it can have on the business. Since 9/11, many companies have implemented disaster recovery plans which is great. However, many of these plans don’t include disasters such as the backup jobs becoming corrupt (see DotNetValley.com for more info on this one) or data being leaked (Veteran Affair incident last week). Even more common than these two incidents are things such as using impersonation to impersonate the account Administrator, requiring applications have Full Trust in .NET, leaving the sa username enabled on a SQL box with a blank password, and using weak password on “face” applications (ie: websites, web services, etc). As developers, we need to ensure that our methodology or development process includes full testing for security because in many of these cases, an intrusion detection system (IDS) cannot recognize these issues. <ramble end="true" />

I’m not sure who came up with this idea but apparently Microsoft is working with a few other companies such as Lenovo and Intel to create a Pay as You Go service for PCs. This new service is called FlexGo. There are a few ways that FlexGo would work. What do you think about this type of service?

Little did I realize yesterday that when I posted the blog entry about the Microsoft Word exploit that this exploit does in fact affect other applications. In our organization one of our departments utilizes an application that uses Word for reporting capabilities. Since it merges data from a Pervasive SQL database, the easiest way for them to setup the reporting capabilities was by creating a macro library. However, the library needs access to things such as a network share, folder structures, and file permissions. So, these users needed Word’s macro security set to low. If we force all users to use MS Word in safe mode, these macros will not run. I wonder what other apps are affected? I didn’t try running safe mode yet with Microsoft Small Business Accounting, but I wonder if the Word reporting works in safe mode with SBA? SBA uses smart documents.

One of the items on my list of things to do was to create a vsi file for easy installation of a custom snippet library we had created. Since I never had to create a VSI file before and I remember that some ASPInsiders questioned the VSI file back around Beta 1 because there were some issues, I really wasn’t sure how easy it would be to create one. Then I found a great tutorial on MSDN called How to: Package Community Components to Use the Visual Studio Content Installer. It’s definitely a great resource to build VSI’s.

Microsoft Word was found to have a vulnerability by allowing remote execution of code. Although a patch is on the horizon, Microsoft is recommending that you run Microsoft Word in safe mode and disable Outlook from using Microsoft Word as the email editor. For more information, click on the link above.