Back to VBA

Today I needed to write a fairly simple piece of code to manipulate some Excel documents, and I chose to do it in VBA. That might sound like heresy for someone who used to work on Visual Studio Tools for Office, but since I switched teams I feel no obligation to use that stuff any…


Dr. Strongname, or: How I Learned to Stop Worrying and Love the URL

One of the problems with the Trustworthy Computing initiative is that many of our products have become harder to use as a result, either due to configuration changes or documentation changes. For example, Windows Server 2003 now ships with pretty much everything turned off by default, but customers that just want to “plug it in…


Show me the money!

A member of the VSTO team just came to my office and asked, “Is it bad to trust all Office documents on the Local Intranet?” That’s a good question, and after answering it for him I thought it was also worth blogging about (plus I’m hanging around the office waiting until I have to leave…


It’s OK to tell people what they already know

I like it when people send me e-mail with security questions. I like it because it implies two things: 1) The person is thinking about the security implications of their code, and has recognised a possible problem; and 2) The person realises that they need to seek help to get the right answer, rather than…


Code Repurposing and Untrustworthy Data

This is just a generic launching place for four other blog entries, since I seem to send them to people on a regular basis and sending one URL is easier than four 🙂 Code repurposing · · Untrustworthy data · ·


When is the Local Intranet not the Local Intranet?

When it’s in another zone, of course. One of the recommendations we give for setting policy on VSTO projects is to sign your assembly (either with an Authenticode certificate or a strongname) and then trust that key only for a specific computer (eg, your deployment server) or for a specific Zone (typically My Computer or…


A useful regfile for VSTO

Here’s a quick post with a regfile you can use to help you test your VSTO projects. Cut and paste the text below into a text file (be careful of line wrapping) and save it with a reg extension. Then open up regedit (as a member of the Administrators group) and select File -> Import……


Why does Outlook have an OM?

This one could be controversial 😉 In a recent comment, Edd James (note to Edd: that link gives a 403) asks why Outlook and Excel “need this ability to run scripts/macros[?]” First I want to clear up a common misconception about Outlook: Despite what the endless ill-informed posters on Slashdot might claim, no recent version…


Top 5 List

Julie is looking for input on a Top 5 Good / Bad Things about VSTO list over on her blog. If you have any others to add, surf on over and help her out 😉


Follow up to “Don’t trust that data”

Eric makes some good points in a comment to my last post. Nevertheless, the forces of evil within me compel me to respond anyway. (You should have blogged it, Eric 😉 ). Eric’s main point is that the employee doesn’t need to use formulas in order to fool the expense report system — he can…