TS2/MSDN Highlights – Livonia, MI

Took the trip out to Livonia today to attend a Microsoft MSDN/TS2 Event.  The 1/2 day conference was a pre-event for the upcoming Hero’s Happen Here event, taking place around the country starting in February and making its way to Michigan in March. Below are the highlights of both sessions, as I bounced between the two covering a few seperate subjects of interest.

 Firstly, highlights of Vista, now a year old, presentor took a survey of those using it and those happy, most were, those not were told their performance issues were probably due to faulty video drivers, seemingly taking the easy way out.    SP1 then came up, still not disclosing a release date, but here are some highlights:

  • Improved multi-monitor / graphic card compatibility
  • Increased compatibility with print drivers
  • improved sleep/resume functionality
  • Improved win explorer / IE performance
  • Improved network transfer performance
  • Network boot support for x64 PCs
  • Flash memory support for exFAT
  • est. download size to exceed 1GB! and requires 7-12GB available HD space (most reclaimed)

I’m happy to see several of the SP1 items appear to address items we’ve experienced first hand, guessing we weren’t the only ones..

Next up was Windows 2008 or w2k8 – whereas they touched briefly on the new server core, server manager, policy based QoS and new Windows deployment services.  I’ve seen a few sessions on w2k8 now, and while nothing too revolutionary there do seem to be a few very nice management features, such as read-only domain controllers, stronger virtualization (server, application & management) and of course IIS7.

SQl 2008 also got a brief mention, a few highlights:

  • Enhanced Mirroring
  • Failover clustering
  • Fast Recovery
  • Recource Governer
  • Enhanced Partioning
  • Transparent Encryption

Still no word on encryption/compression of backups – guess they’ll SQL let the ISV market survive a bit longer.

I then bounced over to the MSDN track, taking in yet another IIS 7 session.  The presenter did close with a brief asp.net security primer, which i think I’ve seen before, but its probably worth repeating.  The five demonstrated “hacks” were:

  1. Cross-site Scripting or XSS
    • Fix: Microsoft Anti Cross Scripting Library
  2. SQL injection
    • Fix: Use type-safe sql params
    • Restrict permissions of d users (i.e. no xp_cmdshell)
    • Sanitize data input
    • Do not disclose error information
  3. Cross site request forgery
    • Fix: viewStateUserkey = Session.sessionID
  4. Integer overflow:  2147483547 (max int value +1)
    • in C# use ‘checked’ keyword when validating INT values
    • in VB this is already done for you
  5. Insecure direct object reference

TS2 track also discussed (briefly) system center manager, Microsoft home server & data protection manager 2007, but nothing of substance, mostly marketing slides. 

That pretty much covers the highlights from my perspective.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s