Took the trip out to Livonia today to attend a Microsoft MSDN/TS2 Event. The 1/2 day conference was a pre-event for the upcoming Hero’s Happen Here event, taking place around the country starting in February and making its way to Michigan in March. Below are the highlights of both sessions, as I bounced between the two covering a few seperate subjects of interest.
Firstly, highlights of Vista, now a year old, presentor took a survey of those using it and those happy, most were, those not were told their performance issues were probably due to faulty video drivers, seemingly taking the easy way out. SP1 then came up, still not disclosing a release date, but here are some highlights:
- Improved multi-monitor / graphic card compatibility
- Increased compatibility with print drivers
- improved sleep/resume functionality
- Improved win explorer / IE performance
- Improved network transfer performance
- Network boot support for x64 PCs
- Flash memory support for exFAT
- est. download size to exceed 1GB! and requires 7-12GB available HD space (most reclaimed)
I’m happy to see several of the SP1 items appear to address items we’ve experienced first hand, guessing we weren’t the only ones..
Next up was Windows 2008 or w2k8 – whereas they touched briefly on the new server core, server manager, policy based QoS and new Windows deployment services. I’ve seen a few sessions on w2k8 now, and while nothing too revolutionary there do seem to be a few very nice management features, such as read-only domain controllers, stronger virtualization (server, application & management) and of course IIS7.
SQl 2008 also got a brief mention, a few highlights:
- Enhanced Mirroring
- Failover clustering
- Fast Recovery
- Recource Governer
- Enhanced Partioning
- Transparent Encryption
Still no word on encryption/compression of backups – guess they’ll SQL let the ISV market survive a bit longer.
I then bounced over to the MSDN track, taking in yet another IIS 7 session. The presenter did close with a brief asp.net security primer, which i think I’ve seen before, but its probably worth repeating. The five demonstrated “hacks” were:
- Cross-site Scripting or XSS
- Fix: Microsoft Anti Cross Scripting Library
- SQL injection
- Fix: Use type-safe sql params
- Restrict permissions of d users (i.e. no xp_cmdshell)
- Sanitize data input
- Do not disclose error information
- Cross site request forgery
- Fix: viewStateUserkey = Session.sessionID
- Integer overflow: 2147483547 (max int value +1)
- in C# use ‘checked’ keyword when validating INT values
- in VB this is already done for you
- Insecure direct object reference
TS2 track also discussed (briefly) system center manager, Microsoft home server & data protection manager 2007, but nothing of substance, mostly marketing slides.
That pretty much covers the highlights from my perspective.