CLR Inside Out: Digging into IDisposable

My third MSDN magazine article, Digging into IDisposable, appeared in this month’s issue in the CLR Inside Out Column.  It’s a bit of a departure from my usual security fare; this time looking at how to best handle writing class libraries that must manage resources. Also in this month’s issue, Kenny Kerr provides a good introduction to…


Introduction to the Orcas Add-In Model

One of the features the CLR team is adding in Orcas is that we’re providing a new model to help enable your application to host Add-Ins.  I’ve got a special interest in this set of features, as I always try to make my hobby applications pluggable for some reason, and I tend to end up…


Happy Holidays!

In an effort to escape Seattle’s … interesting … weather patterns of the last few months, I’ve taken off to New York for the holidays.  (And unlike last year’s 19 degree temperature drop, this year it’s actually going to be warmer in the Northeast.  Go figure.) So, until January, Happy Holidays!  -Shawn


SecureString Redux

A few times over the last couple of days discussion about a tool on the Internet which can attach to your process and dump out the contents of your SecureStrings has come up.  If this tool can exist, then what benefit does SecureString really provide? The fact that this tool can exist is not a…


Quickly Testing Code Under Different Cultures

Earlier this week, a situation came up where we needed to make sure a new feature worked when it was used with a non-English culture.  Normally we’d run some tests on a Japanese machine, but one wasn’t readily available at the time.  Instead, I put together a quick tool that our tester could use to…


[WeddingPermission(SecurityAction.Demand, Unrestricted=true)]

Having just checked in my last few bug fixes and the Orcas feature I’ve been working on, it’s time to take off on a vacation. But not just any vacation … Tomorrow I head back to New York for my wedding on August 12th.  (Here’s hoping that it cools down before I get there.  Big church – air conditioning +…


$20 on Double Zero, $20 on LUA please

I spent last weekend in Vegas, and on Saturday night / Sunday morning decided to recreate those college bar crawls with a bit of a casino crawl.  Starting a Caesar’s we bounced up the strip hitting every casino on the way with one rule: start with $40 … double it or lose it, and move on to the…


Test Signing in Action: IronPython Beta 7

The IronPython team just announced their v1.0 beta 7 release, which is especially interesting to me because they’ve enabled IronPython to be signed with a test key signature. Beta 7 has four configurations, the standard Release and Debug along with Signed versions of both. If you choose a Signed version, the build will look for…


Adding a UAC Manifest to Managed Code

The UAC feature of Vista is one of my favorite new features — it really makes running as a non-admin much less painful than it has been in the past.  One of the requirements that UAC puts on developers is that we must mark our applications with manifests which declare if the application would like…


FxCop Transparency Rules

The FxCop team has just announced the availability of RC 1 of FxCop 1.35.  Notable in this release is the introduction of the first three rules around security transparency.  Namely, you’ll see: SecurityTransparentAssembliesShouldNotContainSecurityCriticalCode – fires when an assembly which is marked transparent contains any code which is marked critical. SecurityTransparentCodeShouldNotAssert – fires when a block…