Windows Live Writer

This is my first post on blog spot using windows live write. There is no special content in this post. I wanted to check if all plug-ins will work as they are supposed to work.

• Image

One	Two
Three	Four

• Map

• Code

using System;
internal class MySampleClass
{
    void MySampleClass()
    {
        //Do nothing;
    }
}

Let’s see how all these things reflects back to my blog spot blog.

Linked In - Sophisticated version of Monster job

I’m using linked-in from past one year now and initially I felt it is a nice networking tool for people looking to connect with people with similar appetite towards technology. Suppose, if I’m looking out for a mentor, it is actually tough to achieve this using linked in. What best you can do is this, message your friends and ask them if they know anybody who can mentor you and keep doing this till you get a nice mentor. Another point that I notice nowadays is that, I get random messages from people asking for recommendations. Few days back I got one message asking me to recommend him. Surprisingly, I never worked with that guy and my knowledge about his work is ZERO. I don’t know why people do these things. Linked in is becoming a place full of false recommendations which is very sad. I always make a point that I never make any false recommendations. I think it is bad for the industry. I feel it is becoming sophisticated version of monster job or naukri.

//Currently Watching - Biography Leonardo Da Vinci
//Cheers!!

SQL Server - Size of Index Table for Each Index

I'm a regular reader of Pinal's SQL Authority blog. Few days back, he posted a puzzle to find index size of each index on table. I was able to solve the puzzle and my solution was one of the two solutions selected by Pinal.

Check it out from here

//Cheers!
//Currently listening to - Thirteen by Danzing

System.Transaction.IsolationLevel

A little amusing observation,
IsolationLevel enumeration defined in the System.Transactions namespace looks something like this:
public enum IsolationLevel
{
Unspecified,
ReadUncommitted,
RepeatableRead,
ReadCommitted,
Serializable,
Chaos,
Snapshot
}
By definition, chaos means -"a state of extreme confusion and disporder. " Initially I was not able to understand what is the whole purpose of having this option (that too with a funny name)
After doing some reading (on MSDN) and talking (with peer devs), this is what I understood.

Chaos Isolation Level - Behaves the same way as Read Uncommited, with additional features as stated below:

• It permits viewing uncommitted changes by other transactions
• It checks any other uncompleted update transactions with higher restrictive isolation levels to ensure not to raise any conflics i.e. any oending changes from more highly isolated transactions cannot be overwritten
• Rollback is not supported in this isolation level

If you want to perform read operations over once per transaction, then go for the Chaos isolation level

Chaos isolation level is present in SSIS as well. Select the task or container on which you want to set the isolation level. Then go to the properties and set the property named IsolationLevel to Chaos.

//Cheers!
//Currently listening to: Put your hands up (Radio Edit) by Wet Fingers

Visual Studio 2010 Beta 2

From last few weeks I'm using VS 2010 for my daily coding work. Apart from lot of feature add-ons, this time VS got a new look. Check out these captures;

• Visual Studio 2010 Beta 2 - Splash Screen

• New Startup Screen

VS 2010 Rocks!!!
Scott Gu is running a series on VS 2010 and .Net 4.0 new features. Do check them out at his blog
Cheers!

Simplest way to prevent Phishing Attack on IE 8

Phishing attacks are becoming common these days. Recently there was a massive phishing attack reported on Hotmail. There are few easy ways by which we can prevent phishing attacks.

I use IE 8 as my default browser and it provides a nice feature known as Smart Screen Filter which helps us in identifying phishing attacks. There is also a online publication provided by Microsoft that helps in identifying phishing attacks.

I follow a simple funda while browsing web sites, whenever I require entering important information like user name, password or financial information, I look at the IE 8's address bar and identify the actual domain name of the URL. IE 8 highlight the domain name by marking it black in color while rest of the url remains grey. This helps a lot. Screen shot of Windows Live login screen is shown below.

Happy Surfing!

Library Design - Documenting Exceptions

I’m sure most of you might already know but I thought of sharing this. If we are coding for a class library then we should always try to explicitly provide exception type that our code (method) will throw. If we provide exception values in XML Comments then those exceptions will appear in intellisense while we are using that library method. This will be handy for developers using our library. I remember this is also mentioned somewhere in framework design guidelines.

• Method definition: Explicit exception details provided

• Method Usage: Intellisense contains list of exceptions

Cheers!
Currently Playing : PROTOTYPE

Functional Programming

Few days back while reading about F# I got hold of a nice old article on Functional Programming. Check it out here

I'm on my F# journey from past few weeks. Let us see how far this goes.

SQL Server 2008 - Policy Based Management

Few days back I posted an article on MSDN related to SQL Server 2008 Policy Based Management. Check it our if you are interested in Server 2008 new features.

New definition to C#

If anyone asksus , what is C#, what will be our answer? All of us will say, C# is an Object Oriented Language targeting .NET run time. Today this definition of C# is only 10% correct or you can say 10% complete. Surprised! read ahead.

Few days back, I was listening to Anders Hejlsberg's PDC 2008 presentation on C# 4.0. There he formulated a new definition for C#.

C# is a multi-paradigm language that covers functional, imperative, generic, object oriented and component oriented disciplines.

C# 2.0 introduced some concepts of functional languages like anonymous methods and then came LINQ. F#, a pure functional language, makes extensive use of anonymous methods to achieve its goal. C# 4.0 will introduce new features that makes it interoperable with domain specific languages targeting .Net run time.

Some important links:

• Wiki - C#
• Visual Studio 2010 - First Look
• Download - .Net 4.0 and Visual Studio 2010 CTP (Virtual PC)

Currently Listening - Feel the Rush by Shaggy
~eNjOy CoDiNg~

Places where I'm blogging

Connected Information Security Group blog. This is now closed as our team name is changed.
http//blogs.msdn.com/cisg/

Our team got a new name, Information Security Tools, hence a new blog site,
http://blogs.msdn.com/securitytools/

My good old blogspot account where I started blogging few years back.
http://fun-with-blackhawk.blogspot.com/

I'll use security tools blog for topics related to my work and application security and for all other things I'll use my blogspot account.

Cheers!

Safer Source Control Settings in Visual Studio 2008

There is a section for Source Control settings under Visual Studio IDE options where we can set check in and checkout behavior. Two important settings are:

* Save: Check out automatically (default)
* Editing: Check out automatically (default)

As per my experience these defaults are not good/ safe. These settings could result in:

* Checking out files without knowledge, as even a single click or key press will automatically checkout the files.
* Checking out files in share mode by default is again not a good option as it lets multiple users to work on same file simultaneously. If we require then we can do this for files where want to have this kind of flexibility but giving this as default is not good.

I suggest, we all should change these settings on our boxes to:

* Save: Prompt for checkout
* Editing: Prompt for exclusive checkouts


~vIsUaL sTuDiO rOcKs~
Currently Watching - Man Vs. Wild on Discovery

Where is Gaurav?

Hello! everyone,

It’s been a long time since I blogged last time. Past year was very busy @ work as well as personal stuff. I got into Microsoft and got married the same year. No, marriage is in no way related with getting a job @ Microsoft (I can see you people laughing). Here at Microsoft I’m part of Information Security Team with specific attention on development of tools which facilitates a secure computing environment.

Last year I worked on applications built entirely on different technologies. I was part of one huge project using SQL Server 2008 and Integration services. Best thing about working at Microsoft is you get to work on top end technologies, that too, months ahead of their market release. I was working on SQL Server 2008 for more than 6 months when SQL Server 08 officially released. Working on SQL Server 2008 was not just using another new version of database by migrating all 2005 databases to 2008. It was all about using new features like Partitioning, Compression, Query Logging etc. Our SSIS package was so fast that it processed 20 GB of data in 4 hours. Amazing and our applications database is one of the biggest application databases on SQL 2005 and SQL 2008. Crazy stuff. All this was part of information security domain.

Next on my plate was a small project. I was asked to create some custom templates for Visual Studio. This was not that complex project but its impact was huge. Technology used, Visual Studio 2008, SSRS, pre XML, SSAS and MDX queries. It took me some time to get hold of MDX stuff but this was again fun.

Next comes a web based application with security issues all over. My task, act as a superman, get hold of all those bugs, fix them, release the application and wait for the results. From past three years in my career I rarely gave importance to security of the application that I’m developing. As far as I can see, code reviews were always centred around design patterns and multi layer architecture. No one talked about security. One reason might be the type of applications that I was working on in those days. But things are entirely different here in Microsoft. Here we have a group known as ACE which certifies that our application is 100% secure before we go into production. Without their certification application cannot be deployed into production. Great stuff. I worked on all kind of security bugs, XSS, SQL Injection, One Click Attack, cross site script forgery etc. I am also an ACE certified application developer now. This was great learning experience.

Apart from these things I also worked on some initiatives which were highly appreciated. One of them and closest to my heart is Build and Deployment tool built using Windows Workflow Foundation. This is an amazing concept which will now be available with VSTT 2010.

Currently I’m working with ILM, Identity Lifecycle Management, product team to develop customized solution for internal customers. Besides this, my time goes by in playing with Windows Communication Foundation, SQL Server 2008 and Application Security. Few weeks back I did some good stuff on SQL Server policy based management and after one internal demo I’ll post it . Till then.....


~enjoy cOdInG~