Gridding .NET

Website trackback HttpModule

I' ve written a HttpHandler to create aggregated trackbacks for websites all in one page.
See the code at
http://www.xpertdotnet.com/code/dmtzHandler.cs.txt
http://www.xpertdotnet.com/code/dmtzLogger.cs.txt

SQL SERVER 2005 runs MS 1.7 Terabyte SAP in production

read all about it at http://www.microsoft.com/presspass/features/2004/sep04/09-30SQLServer05.asp

Security should also mean "easily securable"

If implementation of security has one major flaw is that it is difficult to install and configure.
Alas, Windows can be made VERY secure, just there are so many knobs to turn
that it is almost easier to learn voodoo or black magic.
Threfore most people don't bother, leaving Windows in it's default shipping configuration.
Alright, some install antivirus and personal firewalls.
What does securable mean? One just needs to look at how many castles were build in the middle age.
The castle was built on a rock or hill, so the attackers had to put in a maximum effort to get close.
If they wanted to enter though the main gate, they had to cross a slim bridge, where they would be easily intercepted.
The defenders really needed to closed the main entrance, perhaps lift the bridge and they were safe for a while.

Secure by design, secure by default, secure by deployment and even a fourth: secure by defendibility.
So to needs to be an OS, easily defendable by applying all the clever criteria, but also by making it more defendable.

a better RSS (and possible killer app solution)

Lately I've been following all the controversy about changes at weblogs.asp.net and the discussions generated by scoble's comments about RSS
and comments in the blogosphere.
I am working on a download manager and BITS - the technology behind automatic updates.
I thought about current RSS readers and came up with a possible solution:

Blogging software
should expose each post as xml file (so could even be used in conjunction with p2p)
should use a good naming convention for posts not to clash with other sites (eg domain name + delimiter + author + delimiter + unique post ID)
should publish RSS feed as slim list of posts with title and link only

RSS Reader (with BITS)
downloads RSS feed file on a schedule and saves it locally with timestamp appended in file name
downloads each link of feed (xml file) and saves it in a local folder(with a unique name), if xml file does not exist in folder
RSS reader loads these locally saved xml files and displays it

Benefits:
content is downloaded once saving lots of bandwidth
load on RSS publishers would be mitigated by BITS (and possibly with help of p2p)

patents pending, obviously, lol :-)

The evil of wrong Windows base configurations

After reading one the few good articles of the TheRegister http://www.theregister.co.uk/2004/09/02/winxpsp2_security_review/
I have to wholehartedly agree with the article since I like to fiddle with my local policy settings on all machines I run. Its one the
most underused and least understood tecnologies in the Windows world.

Basically it allows following things:

setting account/password options (password strength, account lockout)
disable legacy components(like LAN manager authentication - LM & NTLM used on 9X Windows)
Hardware access
IPSEC filters
auditing
disabling configuration of network, IE, scheduling and other stuff
disabling command prompt and disallow lists of executables
disallow installation of programs
set ACLs
lockdown WMI
harden TCP/IP
and more stuff

I use the Windows Security Scoring Tool from http://www.cisecurity.org to build secure baselines for standalone and networked PCs and even servers sometimes. I' re read somewhere that even Dell ships some workstations with
such a baseline switched on. The CIS tool contains excellent templates which are recommended by organizations like NIST, NSA, DISA, SANS, and CIS