The Circus Comes to Town

MSDN happened to Cincinnati this week. The latest MSDN event blew through on Tuesday bringing with it a wealth of knowledge and gifts. Heck, that’s why we go to these things, right? Well, that and the half-day of work 😉 This event was not as well attended as the last event that centered on .NET 3.5 and the latest release of Visual Studio. It was probably the topic, writing secure web apps, because we’re all writing secure web apps (ehem…cough…cough). Good to see everyone’s on board for this. After you write your next web app please share the URL with me. Seriously.

This half-day session started with a $10 gift card intended for use at the Mason Regal Cinema concession stand. The last event provided a $10 card to Regal, specifically. This time MS passed out $10 visa gift cards for use wherever. So I pocketed the card looking to spend it on my wife or daughters for paybacks way more valuable than a buttered large popcorn. Can you say “butterfly kisses”? Amazing how much love a webkinz can create. I walk into the theater to quickly join LÛCRUM‘s Jeff Morris in the upper level – just out of reach of the t-shirts being strewn about by the presenter (more on that later). We settled into our seats for a warm and uplifting discussion of the new developer features in IIS7.

“ if it works it’s a demo, and if it fails, it’s an experiment ”

From the high-level blow through of the IIS7 feature set, I would have to say this is the release we’ve been waiting for. The integrated pipeline that lets you turn modules on and off, elimination of the metabase, configuration by config file, the ability to tweak for performance, and one great Inet Manager console make me believe we may have reached the holy grail. Yet, for some reason, I left thinking to myself, “hasn’t this been done before?” After the session broke, I wandered into the corridor and pulled a small feather off they guy’s sweater in front of me.

At the break I bumped into Joe Mirus and Kishore Subramanyam of Children’s Hospital, as well as DU IT’s Dale Unroe. Jeff and I found Suresh Devanan, a fellow LÛCRUM-ite and all around good guy, and we exchanged a few words. I saw Joe Wirtley floating around, too. After the break, we all headed back in for the next session.

Mike Benkovich kept us fairly engaged during his presentations. I have to admit, it must be pretty difficult keeping everyone’s attention in such a large facility. But then again, what better place to spend a half-day away from the office than in a comfy, reclining theater chair. Mike posed the question, “VB or C#.” Much to my surprise the audience split nearly 50/50. I know at LÛCRUM it’s pretty much all C# all the time. It’s a good thing that semicolons can be qualified in VB. Think apostrophe.

Mike then headed down the path of demo^H^H^H^Hexperimenting hosting WCF in a Windows Activation Service. Let’s just say after a re-boot of the VM everything worked fine. This led Mike to tell the interesting 3M story that ends with, “if it works it’s a demo, and if it fails, it’s an experiment.” By the time the event is over we will have performed a number of experiments. In the end, it was rather interesting watching Mike do all this without an intervening web server. Pretty cool. Check out the IIS News site or Mike’s blog for more and detailed information.

Okay, another break, and Suresh introduces me to Subashini (Suba), a C# developer at Harvest INFO, a small development shop in Mason. We return from break to a video of Bill Gates’ last day at work. Hilarious. And then we dive into the day’s final topic: hacking…er…building secure websites. No objections here. Unfortunately, not too common sense:

  • Know your threats
  • Engage in threat modeling
  • Design with security in mind (as it’s awful difficult to bolt on later)
  • Apply proven principles
  • Follow secure coding techniques

You can find detailed explanation of all the exploits at or on the DVD distributed at the event. Mike had been asking questions and distributing shirts all throughout his presentations. At one point a woman answered the question, “How do you thwart SQL injection?” She responded, “Parameterized queries!” Mike said, “Good answer. Didn’t you get a shirt already?” She responded, “Yes.” Mike says, “Okay, anyone else?” So being the smart a** that I am, I yelled out, “Parameterized Queries!” I got the shirt. Except that it didn’t reach me because I was too high up. Thankfully, the woman who was hit by the shirt was willing to give it up to me. After I kicked her in the shins a couple of times.

Hey, that reminds me, the other reason we come to these things are for the give-aways! Attendees each walked away with the $10 gift card, a Vista security book, a DVD with all the MSDN event materials (including “working” example apps of all the exploits). Some of us walked away with shirts. New Horizons gave away a Zune, and MAX gave away a training class. And we all got a half-day off of work. Not a bad take for the price of admission ($0).

Here’s to the next event. Maybe I’ll see you at DevCares on Friday. Will you be there?


~ by Andy on February 6, 2008.

One Response to “The Circus Comes to Town”

  1. […] deep dive after Tuesday’s MSDN Event covering application security. The MSDN Event was a little less than stellar, and we found out why at DevCares. Uber presenter (and ex-LÛCRUM-ite) Bill Steele had a family […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: