From MSDN maven (ooh – that sounds old, but she’s not!) Sara Williams, this new feature of MSDN just went live:

At the MSDN Product Feedback Center, you can submit bugs and suggestions.  You can search through other people’s submitted bugs and suggestions.  You can vote for your favorites.  You can share workarounds.  And, you can see feedback and details directly from folks on our product teams.   Oh, and you can get notified when the status of an issue you’re interested in changes. 

Get going with what are probably the most useful parts of WSE2 to the average developer: WS-Security and WS-SecurityPolicy with this webcast from Michele Leroux Bustamante.

A few things to note with the ACL functions in Whidbey,err .NET 2.0.

– If you are using ACL for creating files, you can’t combine it’s use with the file.writeall shortcut. YOu need to use filestreaming. That’s a bummer. (Maybe a temporary one?)

– Pay attention to the complexity and combination of possibilities. FOr example, you can create a filesecurity object that denies deletion of the file. However if that user has certain permissions on that machine, they can just modify the security settings of the file in Windows Explorer and do whatever they want with the it. 

I think it would be interesting to create various objectsecurity objects and persist them (maybe just in a class) so that it would be really easy to apply combinations that you already created. 

Also you need to consider flexibiltiy in assigning these to a particular account or account group. YOu probably won’t want to get stuck hardcoding those accounts in your app.

So my little birdie also told me not to miss ACL’s in the whidbey BCL. Brad Abrams wrote about this in January.

System.Security.AccessControl is namespace with many classes is in it for dealing with ACL and not having to be a security expert to figure out how. The really pleasing classes are the FileSecurity class and DirectorySecurity class. You can create these objects, set up all of the acl that you would like and then pass them in to system.io objects as you create them. So imagine creating a new file on the client machine and setting it’s ACL at that time.

The info on the Longhorn SDK site is not up to date with what is in the May bits so I can’t provide a link that shows the reference info on these classes. But you can see the basics of the namespace online. 

SYSTEM.IO.COMPRESSION

A little birdy pointed it out to me today.

I googled it to see what had been written about it so far and found that I had actually missed some previous other blogger’s similar happy response upon their own discovery of this groovy little namespace. I must have flown past it in Craig Andera’s blog almost 2 months ago!

It seems like that sometimes, doesn’t it! Well, here finally is the Smart Client Developer Center on MSDN. It took Microsoft a long time to come to this definition of Smart Client and it looks like they’re stickin’ with it! See if you can define Smart Client before going to look at their definition. If you are close then they are getting the message out properly now.

Scott Watermasysk writes about the using statement in VB.NET Whidbey pointing out that “using … end using” will also immediately dispose of the resource you created with “using”.

Brand spanking new concept to me – since I have not even used enough C# to know that it already exists there (which I figured out *after* I read Scott’s post).

This makes me realize that I need to understand dispose a lot better than I do because outside of explicitly closing ado.net connections (in cases where they are not implicilty called – as in a datadapter.fill), I don’t really call Dispose outside of my infrequent work with unmanaged resources.

So google this: “when to call dispose .net” and you will find all kinds of msdn articles (this one is for interop though which is not so novel), interesting posts by Paul Wilson, Patrick Steele (who basically constructed the using construct all by himself in vb.net!) and others, articles on Code Project and more.

Rich Turner from the Indigo team is here with his arms waving and feet stomping to attempt to stop the spread of the malformed idea that the push of SO means the death of OO.

OO is *absolutely* relevant, useful, valuable, important, vital and positively NOT deprecated and obsolete. I don’t know where this message came from, but it is NOT true. 

He points out the problems with OO and explains that SO complements OO.

Read more here

Clemens Vasters on secure deployment…

and from the recent past

Kathleen Dollard on the .NET Security Beta Cert TEst

Keith Brown does his part to try to help…”a .net developers guide to Windows Security”