Brian H. Madsen - .Net Powered by Caffeine

Wife turned 40 (no, she doesn't look a day over 30!)

One of life's milestones was reached by my wife yesterday - she turned 40 and she decided to publish 40 life lessons and i figured to put it up here as well because, dang, she's far smarter and wiser than i am.

1. If you want joy in your life, seek it.
2. There is a lesson to be learned in everything.
3. Separate your whites from your colours.
4. White vinager is a brilliant softner and deodoriser in your wash.
5. A little often of everything makes a difference.
6. It's not selfish to say no.
7. Anyone that would deny you the ability to say no - stay away from.
8. If it looks like bullshit, smells like bullshit, it probably is bullshit.
9. There is no space for emotional blackmail and manipulation in a healthy autonomous relationships.
10. Your baggage is no excuse for bad behaviour.
11. Any parent that speaks ill of their children should be treated with caution.
12. The more you talk about your housework, the less you are actually doing.
13. Sheep poo is the answer to every gardening issue.
14. Cadbury fruit & nut plus loud music can get you through anything.
15. A good cup of tea can make you feel better.
16. You can never tell your children enough how much you love them, no matter how old they are.
17. You can't bullshit a 4yr old.
18. Tell your kids the truth and see them as individuals.
19. The truth is not ugly.
20. Emotions are not a weakness.
21. It's okay to not like someone. You don't have to be friends with everyone.
22. You are never too old for facebook.
23. Johnson baby wipes are a housewifes best friend.
24. Take your vitamins.
25. Fresh air never hurt anyone.
26. If you do nothing else, pluck your eyebrows neatly.
27. B-grade movies are cool.
28. You can not always judge a person from what they say, you must also look at what they do.
29. If it's like beating your head against a brick wall, walk away.
30. Sometimes it's best to say nothing.
31. Finish what you start and no it doesn't all have get done in one day.
32. If the laundry is dry, put it away that evening.
33. Puppies chew, cat's spew.
34. Dead rats in the wall cavity smell for a week.
35. Don't leave plastic in the sun if you want it to stay nice.
36. Good skin is basically nutrition plus genetics and no sun.
37. Sorbolene is brilliant with skin issues.
38. Old fashioned remedies are solid.
39. Camomile kills fungus.
40. You must learn not to blindly accept another persons perception of you and know yourself for who you actually are.

We had a cozy evening and albeit i ended up baking the wrong chocolate cake she had a good time.

Happy birthday sweetie!

Sharepoint 2010 split back-to-back woes

Been trying to get a PoC up and running (and completed of course) for a split back-to-back SharePoint 2010 setup with a "web front end" placed in a DMZ without domain trust.

Basically we have a SP 2010 application server/farm sitting internally (together with AD, SQL Server, Reporting Server et al) and want to join a SP 2010 server from within a DMZ.

Been trying to find out how this could be done and everything points to us having to use SQL Authentication when running the psconfig tool on the DMZ box.

It works, connects, authenticates and a ton of queries are of course fired across to the database - seeing authenticated calls in Profiler.

However, when running the following command:

psconfig -cmd configdb -connect -server xxx.xxx.xxx.xx -database "SharePoint_Config" -dbuser someuser -dbpassword somepassword -passphrase somepassphrase

I get the returne error:

PS C:\Windows\system32> psconfig -cmd configdb -connect -server xxx.xxx.xxx.xx -database "SharePoint_Config" -dbuser someuser -dbpassword somepassword -passphrase somepassphrase

SharePoint Products Configuration Wizard version 14.0.4762.1000. Copyright (C) Microsoft Corporation 2010. All rights reserved.

Performing configuration task 1 of 3

Initializing SharePoint Products configuration...

Successfully initialized the SharePoint Products configuration.

Performing configuration task 2 of 3

Connecting to the configuration database...

Failed to connect to the configuration database.

An exception of type System.ArgumentNullException was thrown. Additional exception information: Value cannot be null.

Parameter name: service

Total number of configuration settings run: 2

Total number of successful configuration settings: 1

Total number of unsuccessful configuration settings: 1

Successfully stopped the configuration of SharePoint Products.

Configuration of SharePoint Products failed. Configuration must be performed before you use SharePoint Products. For further details, see the diagnostic log located at C:\Program Files\Common Files\Microsoft Shared\Web Serve

r Extensions\14\LOGS\PSCDiagnostics_6_4_2010_12_0_24_805_767248449.log and the application event log.

At first we thought it was a firewall issue - but as i said, we're seeing the sql user connecting and sending across a tone of queries which all work. So, it doesn't appear to be the configuration database (also checked the database, no login failures et al).

Then we started looking through the log file and see some interesting stuff that i'm not entirely sure is relevant. But first, i should mention that the the Admin content database is called "SharePoint_Admin_Content" and that's also what's listen in the "Manage Content Databases" in the internal farm's Central Administration.

Here's the drop from the log file: 

06/04/2010 12:00:49 9 INF    Creating connection string for config db SharePoint_Config server xxx.xxx.xxx.xx

06/04/2010 12:00:49 9 INF    Creating connection string for admin content db SharePoint_AdminContent_9ddd2a49-a366-41b2-a70e-47f19b8ce0b8 server xxx.xxx.xxx.xx

06/04/2010 12:00:49 9 INF    Using sql auth for sql connection string

06/04/2010 12:00:49 9 INF    Openning configdb so that I can join it at server xxx.xxx.xxx.xx database SharePoint_Config in farm mode

06/04/2010 12:00:49 1 INF    Now, waiting for the task configdb to quit execution

06/04/2010 12:00:49 9 INF    Now joining to farm at server xxx.xxx.xxx.xx database SharePoint_Config

06/04/2010 12:01:34 9 ERR    Task configdb has failed with an unknown exception 

06/04/2010 12:01:34 9 ERR    Exception: System.ArgumentNullException: Value cannot be null.

Parameter name: service

 at Microsoft.SharePoint.Administration.SPServiceInstance..ctor(String name, SPServer server, SPService service)

 at Microsoft.SharePoint.Administration.SPFarm.Join()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()

 at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

06/04/2010 12:01:34 9 INF    Entering function Common.BuildExceptionMessage

06/04/2010 12:01:34 9 INF    Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF     Resource id to be retrieved is ExceptionInfo for language English (United States)

06/04/2010 12:01:34 9 INF     Resource retrieved id ExceptionInfo is An exception of type {0} was thrown. Additional exception information: {1}

06/04/2010 12:01:34 9 INF    Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF    Leaving function Common.BuildExceptionMessage

06/04/2010 12:01:34 9 INF    Entering function Common.BuildExceptionInformation

06/04/2010 12:01:34 9 INF    Entering function Common.BuildExceptionMessage

06/04/2010 12:01:34 9 INF     Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF     Resource id to be retrieved is ExceptionInfo for language English (United States)

06/04/2010 12:01:34 9 INF     Resource retrieved id ExceptionInfo is An exception of type {0} was thrown. Additional exception information: {1}

06/04/2010 12:01:34 9 INF     Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF    Leaving function Common.BuildExceptionMessage

06/04/2010 12:01:34 9 INF    Leaving function Common.BuildExceptionInformation

06/04/2010 12:01:34 9 ERR    An exception of type System.ArgumentNullException was thrown. Additional exception information: Value cannot be null.

Parameter name: service

System.ArgumentNullException: Value cannot be null.

Parameter name: service

 at Microsoft.SharePoint.Administration.SPServiceInstance..ctor(String name, SPServer server, SPService service)

 at Microsoft.SharePoint.Administration.SPFarm.Join()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()

 at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

06/04/2010 12:01:34 9 INF    Entering function Common.BuildExceptionInformation

06/04/2010 12:01:34 9 INF    Entering function Common.BuildExceptionMessage

06/04/2010 12:01:34 9 INF     Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF     Resource id to be retrieved is ExceptionInfo for language English (United States)

06/04/2010 12:01:34 9 INF     Resource retrieved id ExceptionInfo is An exception of type {0} was thrown. Additional exception information: {1}

06/04/2010 12:01:34 9 INF     Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF    Leaving function Common.BuildExceptionMessage

06/04/2010 12:01:34 9 INF    Leaving function Common.BuildExceptionInformation

06/04/2010 12:01:34 9 INF    Entering function get CommandCollection.this[string key]

06/04/2010 12:01:34 9 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF     Found value in collection for key global

06/04/2010 12:01:34 9 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF    Found command global in collection

06/04/2010 12:01:34 9 INF    Leaving function get CommandCollection.this[string key]

06/04/2010 12:01:34 9 INF    Entering function get CommandCollection.this[string key]

06/04/2010 12:01:34 9 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF     Found value in collection for key initialize

06/04/2010 12:01:34 9 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF    Found command initialize in collection

06/04/2010 12:01:34 9 INF    Leaving function get CommandCollection.this[string key]

06/04/2010 12:01:34 9 INF    Entering function Command.this[string key]

06/04/2010 12:01:34 9 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF     Found value in collection for key SINGLESERVER

06/04/2010 12:01:34 9 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF    Found parameter SINGLESERVER in collection

06/04/2010 12:01:34 9 INF    Leaving function Command.this[string key]

06/04/2010 12:01:34 9 INF    Entering function Command.this[string key]

06/04/2010 12:01:34 9 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF     Found value in collection for key upgradesessionid

06/04/2010 12:01:34 9 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF    Found parameter upgradesessionid in collection

06/04/2010 12:01:34 9 INF    Leaving function Command.this[string key]

06/04/2010 12:01:34 9 INF    Entering function TaskBase.OnTaskStop

06/04/2010 12:01:34 9 INF    Creating the OnTaskStop event for task configdb

06/04/2010 12:01:34 9 ERR    Task configdb has failed

06/04/2010 12:01:34 9 INF    friendlyMessage for task configdb is An exception of type System.ArgumentNullException was thrown. Additional exception information: Value cannot be null.

Parameter name: service

06/04/2010 12:01:34 9 INF    debugMessage for task configdb is An exception of type System.ArgumentNullException was thrown. Additional exception information: Value cannot be null.

Parameter name: service

System.ArgumentNullException: Value cannot be null.

Parameter name: service

 at Microsoft.SharePoint.Administration.SPServiceInstance..ctor(String name, SPServer server, SPService service)

 at Microsoft.SharePoint.Administration.SPFarm.Join()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()

 at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

06/04/2010 12:01:34 9 INF    Entering function TaskBase.FireTaskStateChanged

06/04/2010 12:01:34 9 INF     Firing the OnTaskStateChanged event for task configdb

06/04/2010 12:01:34 9 INF     Entering function TaskDriver.TaskStateEventHandler

06/04/2010 12:01:34 9 INF     Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF      Resource id to be retrieved is ConfigurationDatabaseTaskDisplayName for language English (United States)

06/04/2010 12:01:34 9 INF      Resource retrieved id ConfigurationDatabaseTaskDisplayName is configuration database

06/04/2010 12:01:34 9 INF     Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF     Received an TaskStateEventHandler event. task:configdb TaskBase.State:stopped

06/04/2010 12:01:34 9 INF     Entering function TasksQueue.IncrementTaskFailed

06/04/2010 12:01:34 9 INF      Incremented the number of tasks failed to 1

06/04/2010 12:01:34 9 INF     Leaving function TasksQueue.IncrementTaskFailed

06/04/2010 12:01:34 9 INF     Task configdb has stopped and failed. Total failed is now 1

06/04/2010 12:01:34 9 INF     Leaving function TaskDriver.TaskStateEventHandler

06/04/2010 12:01:34 9 INF     Entering function CommandLine.TaskStateEventHandler

06/04/2010 12:01:34 9 INF     Received an TaskStateEventHandler event. task:configdb TaskBase.State:stopped

06/04/2010 12:01:34 9 INF     Task configdb has stopped and failed. Total failed is now 1

06/04/2010 12:01:34 9 INF     Entering function Command.this[string key]

06/04/2010 12:01:34 9 INF      Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF      Found value in collection for key disconnect

06/04/2010 12:01:34 9 INF      Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF      Found parameter disconnect in collection

06/04/2010 12:01:34 9 INF     Leaving function Command.this[string key]

06/04/2010 12:01:34 9 INF     Entering function Command.this[string key]

06/04/2010 12:01:34 9 INF      Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF      Found value in collection for key connect

06/04/2010 12:01:34 9 INF      Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF      Found parameter connect in collection

06/04/2010 12:01:34 9 INF     Leaving function Command.this[string key]

06/04/2010 12:01:34 9 INF     Entering function Command.this[string key]

06/04/2010 12:01:34 9 INF      Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF      Found value in collection for key create

06/04/2010 12:01:34 9 INF      Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 9 INF      Found parameter create in collection

06/04/2010 12:01:34 9 INF     Leaving function Command.this[string key]

06/04/2010 12:01:34 9 INF     Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF      Resource id to be retrieved is ConfigurationDatabaseTaskConnectFailConfigDisplayLabel for language English (United States)

06/04/2010 12:01:34 9 INF      Resource retrieved id ConfigurationDatabaseTaskConnectFailConfigDisplayLabel is Failed to connect to the configuration database.

06/04/2010 12:01:34 9 INF     Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 9 INF     Last message from task configdb is An exception of type System.ArgumentNullException was thrown. Additional exception information: Value cannot be null.

Parameter name: service

06/04/2010 12:01:34 9 INF     Leaving function CommandLine.TaskStateEventHandler

06/04/2010 12:01:34 9 INF    Leaving function TaskBase.FireTaskStateChanged

06/04/2010 12:01:34 9 INF    Leaving function TaskBase.OnTaskStop

06/04/2010 12:01:34 9 INF   Leaving function TaskThread.ExecuteTask

06/04/2010 12:01:34 1 INF   Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 1 INF    Resource id to be retrieved is ConfigurationDatabaseTaskDisplayName for language English (United States)

06/04/2010 12:01:34 1 INF    Resource retrieved id ConfigurationDatabaseTaskDisplayName is configuration database

06/04/2010 12:01:34 1 INF   Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 1 ERR   Task configuration database failed, so stopping execution of the engine

06/04/2010 12:01:34 1 INF   Entering function Command.this[string key]

06/04/2010 12:01:34 1 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 1 INF    Found value in collection for key disconnect

06/04/2010 12:01:34 1 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 1 INF    Found parameter disconnect in collection

06/04/2010 12:01:34 1 INF   Leaving function Command.this[string key]

06/04/2010 12:01:34 1 INF   Entering function Command.this[string key]

06/04/2010 12:01:34 1 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 1 INF    Found value in collection for key connect

06/04/2010 12:01:34 1 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 1 INF    Found parameter connect in collection

06/04/2010 12:01:34 1 INF   Leaving function Command.this[string key]

06/04/2010 12:01:34 1 INF   Entering function Command.this[string key]

06/04/2010 12:01:34 1 INF    Entering function CommandCollectionBase.Get

06/04/2010 12:01:34 1 INF    Found value in collection for key create

06/04/2010 12:01:34 1 INF    Leaving function CommandCollectionBase.Get

06/04/2010 12:01:34 1 INF    Found parameter create in collection

06/04/2010 12:01:34 1 INF   Leaving function Command.this[string key]

06/04/2010 12:01:34 1 INF   Entering function StringResourceManager.GetResourceString

06/04/2010 12:01:34 1 INF    Resource id to be retrieved is ConfigurationDatabaseTaskConnectFailConfigDisplayLabel for language English (United States)

06/04/2010 12:01:34 1 INF    Resource retrieved id ConfigurationDatabaseTaskConnectFailConfigDisplayLabel is Failed to connect to the configuration database.

06/04/2010 12:01:34 1 INF   Leaving function StringResourceManager.GetResourceString

06/04/2010 12:01:34 1 ERR   Failed to connect to the configuration database.

An exception of type System.ArgumentNullException was thrown. Additional exception information: Value cannot be null.

Parameter name: service

System.ArgumentNullException: Value cannot be null.

Parameter name: service

 at Microsoft.SharePoint.Administration.SPServiceInstance..ctor(String name, SPServer server, SPService service)

 at Microsoft.SharePoint.Administration.SPFarm.Join()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.CreateOrConnectConfigDb()

 at Microsoft.SharePoint.PostSetupConfiguration.ConfigurationDatabaseTask.Run()

 at Microsoft.SharePoint.PostSetupConfiguration.TaskThread.ExecuteTask()

Now i'm not sure where it's getting "SharePoint_AdminContent_9ddd2a49-a366-41b2-a70e-47f19b8ce0b8" from as that database doesn't exist and has never existed. the SharePoint admin content database is called "SharePoint_AdminContent".

I'm also seeing the DMZ server show up in "Manage Servers In Farm" with a message saying "Not Configured".

so what am i missing here...

this is a clean install - i blew away the first SharePoint install after i got the first set of problems.

Environment is:

Windows Server 2008 R2
SharePoint 2010
SQL Server 2008 R2

Ideas?

LIDNUG: Scott Guthrie Talks Shop V - May 13, 10am PDT

Yeps folks - it's that time of the quarter again - Scott Guthrie is returning to LIDNUG for his quarterly Q&A session, Scott Guthrie Talks Shop.

Considering how many HUGE releases there's been since he last appeared on LIDNUG, i'd dare say that this is going to be a whopping great event.

Come along and spend some time together with The Gu and ask him all the questions that you've really been wanting to ask!

Venue: Live Meeting
Date: May 13, 10AM PDT
Register here: http://bit.ly/9LPzH7 (you'll need a LinkedIn account)

Follow us on twitter: http://www.twitter.com/lidnug
Follow us on Facebook: http://www.facebook.com/lidnug

And why not join LIDNUG and participate in our discussions: http://bit.ly/8dt6VF

Developing for the web - HTML5 vs RIA plugin

I'm interested to see what the thoughts are for people on web development, where it's heading and the valid replacement of Flash, Silverlight, Pivot and JavaFX by HTML5.

To start the discussion from one end (and to advocate at least one perspective, playing devils advocate here), then i don't think HTML5 will replace the RIA plug-ins.

I know that one of the aims of HTML5 is to eliminate the need for those plug-ins in the browser today.

Do you believe it'll fully eliminate the need for those plugins? Personally my opinion is that it wont. The capabilities offered via those plugins far exceeds the capabilities offered by HTML5 to date (remember, HTML5 is still beta/draft etc).

Now it is obvious that HTML has had an upgrade pending since the last release and this is definitely a step in the right direction.

What's your take on it?

Securing your application. Part 2 - Securing your data

We've just had a look at how to secure your connection in Part 1 so obviously everything is now all *** dorey on that end.

Some of the other areas that you naturally have to look at is the environment/infrastructure/network and your data itself. It's not much use to encrypt and secure the data that you're transferring if the actual data itself isn't protected.

What i hear you say? my IT guys got that under control..firewalls up the wazzooo...everything's patched and service packed!

Of course that's not really enough and we know this - we just sometimes choose to leave that in the hands of those other people - network engineers.

If we look at SQL Server 2008 then there's a lot of new capabilities available to us for data security.

SQL Server 2008 Encryption Capabilities

• in-built cryptography hierachy for the creation of assymetric, symmetric keys as well as certificates
• Transparent Data Encryption (using database encryption keys - DEK)
• Signing of code modules (using keys or certificates)

Creating certificates

 It's not that  complex to create a certificates (btw, all SQL Server certificates comply wit hthe IETF X.509v3 certificate standards) on SQL Server 2008., it's as simple as using T-SQL.

Self-signed certificate

CREATE CERTIFICATE name ENCRYPTION BY PASSWORD = 'strong password goes here' WITH SUBJECT = 'subject goes here' EXPIRY_DATE = 'expiry date goes here'

Certificate from a signed executable file

CREATE CERTIFICATE name FROM EXECUTABLE FILE = 'file path goes here.dll'

Certificate from a file

CREATE CERTIFICATE name FROM FILE = 'file path goes here.cer' WITH PRIVATE KEY (FILE = 'file path goes here.pvk', DECRYPTION BY PASSWORD = 'strong password goes here')

Using Transparent Data Encryption

TDE is a real-time, physical I/O encryption/decryption of both the database file and the log file - this is done by using the database encryption key (DEK).

The DEK is stored in the boot record and is a symmetric key which is also secured by a certificate.

It's important to note that TDE does not encrypt the transfer of data (eg. it encrypts the data itself, but not the connection/network communication) and that you should always back up the certificate and private key for it.

The simple steps of using TDE are:

• Create master key
• Create certificate protected by said master key
• Create database encryption key and protect it with the certificate we created earlier
• Set ENCRYPTION to ON for the database

This is again done with T-SQL:

USE master; GO
CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'strong password goes here'; GO
CREATE CERTIFICATE name WITH SUBJECT = 'subject for the certificate goes here'; GO
USE database_name; GO
CREATE DATABASE ENCRYPTION KEY WITH ALGORITHM = algorithm_choice_here ENCRYPTION BY SERVER CERTIFICATE name_from_certificate_we_just_created; GO
ALTER DATABASE database_name SET ENCRYPTION ON GO

There's several types of algorithms you can use to create the database encryption key:

• AES_128
• AES_192
• AES_256
• TRIPLE_DES_3KEY

 -----------------------------------------------------------------------------------------

Securing your application. Part 1 - Securing your connection
Securing your application. Part 2 - Securing your data
Securing your application. Part 3 - Securing your code (coming)

Securing your application. Part 1 - Securing your connection

I guess this is one of my pet hates/loves - too often i come across applications that makes it's database connection strings freely available to anybody who knows where to look.

As a junior developer, the main focus is generally just to secure the connection string and leave it at that - the IT guys knows what they're doing. But, untold amount of data is being transfered across domains, networks or even in the public, without any thought for how that data is secured.

I'm sure many that's worked in the finance industry (banking anyone) is aware of how important it is to secure that data...we're dealing with money here, so it's an obvious fact that it needs to be safe.

So, how do we do it? or do we care? i mean, the famous last words of any application exposed to the public is "it wouldn't happen to me, right?".

Where do we start? 

Encrypting web.config connectionstrings

The obvious first choice would be to take whatever details you're storing in your config files and make it unavailable - check (web.config isn't readable from the web....or is it?).

naturally we don't want to encrypt everything - so lets just do those that are important for now.

Connectionstrings, encrypt:

aspnet_regiis -pe "connectionStrings" -app "/AppName" -prov "RsaProtectedConfigurationProvider"

ConnectionString, decrypt:

aspnet_regiis -pd "connectionStrings" -app "/AppName"

Now we've encrypted the connectionstring - data is safe..nah, of course not - this only encrypts that section of the web.config with a machine-level key. data is still being transfered between servers in plain text.

Next is a simple way to ensure that your data is being encrypted - get hold of a SSL and use the SQLClient connectionstring object's feature called Encrypt. this ensures that all data sent between the client and server are encrypted.

What other methods do you use/know that can make your application connections more secure?

There's many ways to skin a cat - but you have to start somewhere..

-----------------------------------------------------------------------------------------

Securing your application. Part 1 - Securing your connection
Securing your application. Part 2 - Securing your data
Securing your application. Part 3 - Securing your code (coming)

Geeky Family Counselling, Boyfriend 5.0 upgrade to Husband 1.0

I had this sent to me yesterday and thought you might like to have a bit of a giggle!
--------------------------------------------------------------------------------

INSTALLING A HUSBAND
Dear Tech Support,

Last year I upgraded from Boyfriend 5.0 to Husband 1.0 and noticed a distinct slow down in overall system performance, particularly in the flower and jewellery applications, which operated flawlessly under Boyfriend 5.0.

In addition, Husband 1.0 uninstalled many other valuable programs, such as
Romance 9.5 and Personal Attention 6.5, and then installed undesirable programs such as

- NBA 5.0,
- NFL 3.0 and
- Golf Clubs 4.1.

Conversation 8.0 no longer runs, and Housecleaning 2.6 simply crashes the system.
Please note that I have tried running Nagging 5.3 to fix these problems, but to no avail.

What can I do?

Signed,
Desperate.
--------------------------------------------------------------------------------

DEAR DESPER ATE,
First, keep in mind, Boyfriend 5.0 is an Entertainment Package, while
Husband 1.0 is an operating system.

Please enter command: ithoughtyoulovedme.html, try to download Tears 6.2, and do not forget to install the Guilt 3.0 update.

If those applications work as designed, Husband 1.0 should then automatically run the applications Jewelry 2.0 and Flowers 3.5.

However, remember, overuse of the above application can cause Husband 1.0 to default to Grumpy Silence 2.5, Happy Hour 7.0, or Beer 6.1.

Please note that Beer 6.1 is a very bad program that will download the Snoring Loudly Beta.

Whatever you do, DO NOT under any circumstances install Mother-In-Law 1.0 (it runs a virus in the background that will eventually seize control of all your system resources.)

In addition, please do not attempt to reinstall the Boyfriend 5.0-program. This is an unsupported application and will crash Husband 1.0.

In summary, Husband 1.0 is a great program, but it does have limited memory and cannot learn new applications quickly.. You might consider buying additional software to improve memory and performance. We recommend:

- Cooking 3.0 and
- Hot Lingerie 7.7.

Good Luck!
Tech Support

LIDNUG: Scott Guthrie Talks Shop IV recording now live

After yet another fantastic session with Scott Guthrie last week, we’ve uploaded the recording from the session.

The man just simply doesn’t stop amazing me – his depth of knowledge is phenomenal, to put it mildly.

Naturally the upcoming releases of Visual Studio 2010, ASP.Net 4, .Net 4, Silverlight 4 etc were the most prominent topics for questions put Scott’s way.

To download the recording, go to our unofficial web site – www.lidnug.org/presentations.aspx

While you’re there, why not download Joe Albahari’s session recording – What’s new in C# 4.0 – this was probably one of the best technical sessions we’ve had yet.

The Rangers shipped Visual Studio 2010 TFS Upgrade Guide

Finally!!! I got a TFS 2008 setup (multi-server environment) here and we’re in the process of tackling the (historically that is) dreaded TFS upgrade…so it simply just couldn’t  come at a better time!

Pure Gold: Visual Studio 2010 TFS Upgrade

Visual Studio 2010 TFS Upgrade Guide
Welcome to the Team Foundation Server (TFS) 2010 Upgrade Guide. This guide covers scenarios which may be encountered during and after the upgrade process. It provides examples of most common and potential issues. It covers scenarios related to general Upgrade Process, Work Item Templates, Reports, and Enterprise TFS Management (ETM). Although this guide refers to TFS 2008 scenarios, almost all the concepts apply also to TFS 2005.

Visual Studio ALM Rangers
This guidance is created by the Rangers who have the mission to provide out of band solutions for missing features or guidance. This content was created with support from Microsoft Product Group, Microsoft Most Valued Professionals (MVPs) and technical specialists from technology communities around the globe, giving you a real-world view from the field, where the technology has been tested and used.

What is in the package?
A single document with the following contents:
1 Introduction
2 Upgrade Process
3 Scenarios
3.1 Upgrading Projects from Multiple TFS 2008 servers into one TFS 2010 server
3.2 Upgrading severs when SQL Mirroring is enabled
3.3 Recovering system if upgrade fails midway
3.4 Updating Team Project Portal for an existing Team project
3.5 Splitting Team Project Collection into Multiple Collections
3.6 When I move a Team Project Collection, how do I move the reports?
3.7 Bringing Workgroup Machine inside Domain
4 Frequently Asked Questions
4.1 Can I use a TFS2008 Process Template to create team projects in TFS 2010
4.2 How can I enable Agile Workbooks in upgraded Projects
4.2.1 Enabling the Product Backlog Workbook
4.2.2 Enabling the Iteration Backlog Workbook
4.3 How can I enable Test Case Management in upgraded project
4.4 How can I enable Branch Visualization in upgrade projects
4.5 How can I enable Lab Management in upgrade projects
4.6 What is WIT Admin Tool
4.7 What happens to my custom reports created in TFS2008 post upgrade?
4.8 Will my old TFS2008 reports work post upgrade?
4.9 Can I add a new Database to my existing TFS 2010 farm?
4.10 Error bringing cloned Team Project Collection online
4.11 Move Team Project Collection Database from one Database server to another Database Server
4.12 How to enable the TFS reports if the WSS server is upgraded to MOSS server?
4.13 How to Move Team Projects from one Team Project Collection to another
5 References

LIDNUG: What’s new in C# 4.0 with O’Reilly author and MVP, Joe Albahari

The Linked .Net Users Group is putting on a huge range of “shows” in the next couple of months – starting with an absolute kick-ass presentation by Joe Albahari (www.albahari.com) the author of C# 3.0 in a Nutshell and the upcoming of C# 4.0 in a Nutshell, plus not to forget he’s the creator of one of the best LINQ tools out there – LINQPad.

yes, i know that it’s on Australia Day here, but it’s at 7AM – not quite drunk yet and what better way to kick off the day with some supreme geekdom!

About the event:

Title	What’s new in C# 4.0
Venue	Live Meeting
Date	January 26, 3PM PST
Cost	FREE (duh!)
Presenter	Joe Albahari (http://www.albahari.com) Joe Albahari, author of C# 3.0 in a Nutshell, is a software architect and developer with 17 years' experience in the health, education and telecommunication industries. He is currently a Systems Architect at Technosis in Australia. Joe has a keen interest in LINQ, and is author of LINQPad - the code snippet IDE for interactively querying databases in LINQ. He specializes in integrating LINQ into corporate multi-tier applications and creating extensions to maximize query composability. Joe is also a C# MVP.
About the event:	C# 4.0 introduces some of the most controversial new language features to date - including optional parameters, named arguments and (horror) dynamic typing! In this presentation, Joe will demonstrate C# 4.0's new features in a practical context, exploring potential uses, benefits, traps and best practices. You'll see a novel design pattern that may change your opinion on dynamic programming, and also how C# 4.0 simplifies interop with Office, COM and dynamic languages such as Python. Register for the event: http://events.linkedin.com/LIDNUG-Whats-new-C-4-0-Joe-Albahari/pub/208474

MSDN AU Book club, Big algorithms made easy with F# (presented by Joel Pobar)

Microsoft Australia is really kicking off this year – seeing more and more this year – and it’s only January!!!!

Now, the fellas are going all out and throwing the MSDN Australia team in gear by launching the MSDN Australia Book Club – this event is organised by Andrew Coates.

First up is Joel Pobar who’s going to run through his awesome presentation “Big Algorithms made easy with Microsoft F#”.

Here’s some more information if you’re interested:

http://blogs.msdn.com/chlong/pages/msdn-book-club.aspx

Want to be first with the MSDN AU news? Why not join the MSDN AU LinkedIn Group and get the scoops straight away!

Visual Studio tips and tricks – the work goes on

One of my great friends, Zain Naboulsi, has taken up the gauntlet and is continuing Sara Ford’s work with the Visual Studio Tips and Tricks series.

Find the first 9-10 tips here:

http://blogs.msdn.com/zainnab/archive/tags/Tips+and+Tricks/default.aspx

It’s good to see Zain pump out the T&T’s as fast as he is, with VS2010 coming (hopefully) just around the corner.

LIDNUG: A lap around Telerik Developer Tools for Web Developers

First event for LIDNUG in 2010 – Telerik is sending their very best: Todd Anglin.

A fellow MVP and also Telerik Chief Evangelist, Todd Anglin’s known for his huge contributions to the community as well as his book “Introducing Silverlight 1.1” which was released in June 2009.

As usual, this is a Live Meeting event and will be recorded.

About the event:

Title:	A lap around Telerik Developer Tools for Web Developers
Venue:	Live Meeting
Date:	January 7, 11:00AM PST
Cost:	FREE (duh!)
Presenter:	Todd Anglin (http://blogs.telerik.com/ToddAnglin/Posts.aspx)
	Todd Anglin is an active .NET community member, President of the North Houston .NET User Group, an O’Reilly author, Microsoft MVP and Telerik's Chief Evangelist. At Telerik, Todd is responsible for educating Telerik's global community of developers and helping ensure Telerik's products serve the needs of .NET developers around the world. In the general .NET community, Todd is an active author and speaker, focusing primarily on ASP.NET and Silverlight.
About the event:	As pragmatic developers, we want to find ways to minimize the time we spend writing “standard” code so we can maximize the time we spend writing code that makes our businesses money. Telerik offers many tools and components designed to enable just that: maximum developer productivity. Come join Telerik Chief Evangelist and Microsoft MVP Todd Anglin for a quick lap around the various tools and components Telerik now makes to maximize the speed of web development. Everything from advanced server controls for ASP.NET AJAX to modern UI extensions for ASP.NET MVC to related tools like OpenAccess ORM and Telerik Reporting will be covered. Come figure out how these tools can be used together for great results in your next project. Two Telerik Premium Collection licenses will be given away to randomly selected attendees of this session.
Register for the event:	http://events.linkedin.com/LIDNUG-Lap-Around-Telerik-Developer/pub/147370

Developing with Windows 7 with Visual Studio 2010

WinCast on 12/15 @ 11:30am Pacific with Yochay Kiriaty

Title: Developing with Windows 7 with Visual Studio 2010 -- An Overview

Abstract: Yochay Kiriaty is Microsoft's premier Technical Evangelist on Windows 7. Come join the fun as he provides insight into how to leverage this exciting new platform with our latest tools. Learn about JumpLists, Thumbnails, and much more!

Here’s the link for the LiveMeeting session: https://www.livemeeting.com/cc/microsoft/join?id=3B784D&role=attend&pw=PN6.%3CQ%5Drb

Yochay’s blog: http://windowsteamblog.com/blogs/developers/default.aspx

MSDN Subscribers will get full version of Team Foundation Server

Previously when you had a premium MSDN subscription, you’d get access to Team Foundation Server Workgroup edition (5 cals) which was perfect for small development teams. The full version had to be purchased as a seperate product – that’s no longer needed.

With the release of Visual Studio 2010 the MSDN team is expanding the content of the subscription to include a full blown version of Team Foundation Server 2010!

What this means is that you can get up and running now with Visual Studio 2010 Beta 2 and Team Foundation Server 2010 now and you’re covered for licensing with your MSDN subscription.

It’s obvious that we’re seeing big changes lately – perhaps some of it could be credited to Joerg Lindner? I’d like to think so.

See the details for the Ultimate MSDN offer for developers.

LIDNUG: Phil Haack in the hot chair, open Q&A on ASP.Net MVC – Dec 14 10:30AM PST

Ever wondered what ASP.Net MVC is all about? Well, you now hat the chance to ask all the questions of Phil Haack when he takes a seat in the hot chair for a full Q&A on ASP.Net MVC at the Linked .Net Users Group (LIDNUG).

More and more applications are utilising the extremely flexible/powerful MVC framework and with the latest release of Project Orchard (Open Source ASP.Net MVC CMS) on CodePlex it’s now even easier to get going with ASP.Net MVC. ASP.Net MVC 2 has also just been released to Beta.

About the event:

Title: Phil Haack in the hot chair – open Q&A on ASP.Net MVC
Venue: Live Meeting
Date: December 14, 10:30AM PST
Cost: FREE

Register here: http://events.linkedin.com/LIDNUG-Phil-Haack-hot-chair-Q-ASP-Net/pub/144220

About Phil Haack:

Phil is a self-professed geek, Open Source supporter (running the Subtext project) and a Senior Program Manager at Microsoft on the ASP.Net team working on the ASP.Net MVC framework.

He’s an internationally acclaimed author (Amazon), speaker and technology evangelist.

Moreover, he’s a family man…

Phil Haack’s blog: www.hacked.com
Phil Haack on twitter: www.twitter.com/haacked

ASP.Net MVC: www.asp.net/mvc

You don’t want to miss out on this event….

Spam that social media….

We all know, and expect, to see ads when we hit the movies for that latest blockbuster – the “pre-show” as it’s called, is of course advertisement and you know, and again expect, it to be around 15-20 minutes long – it’s a long running tradition and we’re generally ok with it. does it stop us from hitting the movies on a friday/saturday evening with your partner? no, most likely it wont.

We also know that web sites, blogs, forums et al contain adverts – in most cases they’re non-intrusive – in some they actually block you from entering the site proper before you either have to find a “skip this crap” link or watch it all to the end – does it stop us from visiting our favourite web sites/blogs? no, most likely it wont.

Then there’s of course the emails – we know, and still expect, to get hit with ads at some stage – either solicited or unsolicited. Some more than others. does it stop us from using email? no, most likely it wont.

Now, since this phenomenon took hold – well, say sometime last week – social media…that’s your MySpace, Facebook, LinkedIn, Twitter et al – ads are becoming more and more frequent – we still know, and still expect, there to be ads. does it stop us from using it? no, most likely it wont. However, the “owners” of these social media fads needs to spend an enormous amount of time/resources in battling spammers.

Yeps, we all have a love/hate relationship with them – in some cases the spammers are becoming more and more ingenious and are using phishing techniques to try to get hold of your account details, contact lists, friends lists et al – undermining the general “trust” your nearest contacts has in you – and i say you because more and more often, you can identify yourself with both your RL identity and your online identity. Hell, i have gaming friends that, even though knowing my real name, still calls me by my gamer tag.

So, since the connection between your identities are closely connected in many cases, hijacking your Facebook account is pretty much close to identity fraud.

We know the dangers – it’s nothing new…don’t click on links from people you don’t know/trust (insert caveat here)…don’t open that email attachment from that nice gentleman in Nigeria…those free pills and porn access links probably shouldn’t be investigated further while you wait for that download to finish.

Yet it’s still happening – very, very often at that…sometimes with malicious intent…sometimes to make a statement…but mostly, it’s done with a financial incentive in mind.

Of course, having the most secure password isn’t going to help us out much if we’re silly enough to hand it out to every person/site who asks.

Twitter is seeing a LOT of phishing and spamming going on these days – even direct messages from people you don’t follow (that’s supposedly a prerequisite). the most common one is the “mention” type spam.

Basically a list of followers are scraped using an account on Twitter – and then it just goes through that list and tweet to you and voila, since your Twitter client, in most cases, has the “mention” tweets, you’ll be seeing it.

So, we expect the ads, and in some cases the spam – are we going to stop using social media anytime soon, even knowing the dangers involved both from a “trust” and “identity” perspective?

no, most likely not….

LIDNUG: Scott Guthrie Talks Shop 3 recorded session now available

Yeps folks!! the recording from todays open Q&A with Scott Guthrie is now available for download.

Scott answered questions across the board, both about current releases, upcoming releases and specific platform/product features.

Needless to say, Scott’s a fountain of knowledge!

Download the recorded session here: http://www.lidnug.org/presentations.aspx

LIDNUG: Scott Guthrie Talks Shop III, Monday 23 Nov 11:30AM PST

Didn’t attend PDC – want to hear what the biggest announcements was straight from The Gu himself?

Well, now you have a chance – The Linked .Net Users Group (LIDNUG) is holding an open Q&A session with Scott Guthrie on Monday the 23rd of November, at 10:30AM 11:30AM PST (UTC-8).

Hell, even if you attended PDC 09 and was right in the middle of things, you know as well as i do that you can’t be everywhere at once and here’s your chance to ask Scott the questions you really wanted to at PDC 09.

To register for this free event, use your LinkedIn account and click here:

• http://events.linkedin.com/LIDNUG-Scott-Guthrie-Talks-Shop/pub/144324
• We will also be taking questions directly from Twitter – just twitter:
  • @ScottGu #LidnugLiveQ your question here

Want to keep up with all the other LIDNUG events coming up, including Phil Haack on Dec 14, simply subscribe to our Live calendar here:

• http://bit.ly/lidnughtmlcalendar

Look forward to seeing you there!

Note: Apologies for the mishap with the time – my computer had inadvertedly applied daylight savings change, which we no longer do here in WA. Correct time is 11:30AM PST.

Zune going global – Microsoft shows some love to Australia!!

What can i say – i’ve been harping on about this “outage” ever since I got my hands on my first Zune!

And now Microsoft is showing some Love for us down under – because the Zune is coming to Australia.

In total, 18 countries will see the Zune hit the markets – and this also means the addition of the highly valued subscription service from Zune Marketplace.

http://www.techau.tv/blog/zune-coming-to-australia-17-other-countries/

Naturally, i’m a big fan of the Zune Player, as well as my Zune device.

To date, i have 65,000+ plays in the Zune Player and as i’m an avid music lover (all types of music) i’ll be on the Zune Marketplace as soon as it’s available for me.

The latest version of the Zune Player (software?) had a ton of new additional features, including the Zune Mini Player…

and the QuickPlay feature as well – where you can set up “DJs” for easy music list creation.

Now, again i’m waiting – we don’t have a timeframe for this…but…would it be too much to hope for something this Christmas?

don’t know – nobody’s spilling the beans (obviously) but i now know what i have to pester my highly beloved and cherished goddess of a wife for this Christmas!