Ow boy last night we had country drinks so today I really needed a caffeine fix, our Hotel which is 
located on the Ramblas a spitting distance from placa Relal, unfortunately doesn't have good coffee. I am not saying they have it at starbucks but it is a hell of a lot better. Notice Wim in the left bottom, he did not looked as well also. William is MIA, TechEd is taking it's toll.
9:00 Put your BIG ideas onto Tiny devices using .Net
Normally I don't like English humor but Rob Miles is a funny guy, in Dutch we would call him a "Droogkloot". For a 200 session he has a lot of code which is a bit hard to follow when you are
half a sleep. Luckily he has got a lot of cool micro.framework demos where he uses a lot of funny hardware to wake you up. Or at least to detect that a delegate is falling a sleep.
Rob left us with a great tip http://dreamdifferentcontest.com, it's a contest by Microsoft and win a lot of money in prices.
General session: Green computing through Sharing: reducing both Cost AND Carbon
I had a little trouble with the general session, general sessions mean no other sessions are given.
So I decided to make the best of my time and go and do some Hands On Labs. The first was with the .Net Micro Frame work, the had even hooked up a circuit board, how neat is that :D I also did some other labs on MVC.Net and had a look at some WPF stuff. Actually William was doing all the WPF/Silverlight stuff, hopefully we get a nice Aviva session on it. (won't we William ;-) )
13:30 How to review your code and test for security bugs
Michael Howard gave us a run around how he and others at Microsoft do code reviews and hunt down security bugs.He mentioned that at Microsoft since they have improved their software development process by adhering to their Security Development Lifecycle (SDL), they reduced their bug rate significantly.
One of the artifacts of their improvements in their development process has been the threat model tool Threat Model Tool go check it out. To review lot's of lines of code you'll need to prioritize you analysis. Here's a metrics sheet with heuristics to help you prioritize.
- More review
- Old code
- On by default
- Elevated †
- Anonymous access †
- Listening on network †
- Planetary access †
- UDP
- C/C++/ASM
- A ‘history’
- Complex
- Handles PII etc
- Big functions
- Hard to maintain
- Lots of churn
- Less review
- New code
- Off by default
- Least privilege
- Authenticated access
- Not listening
- Local subnet or machine
- TCP
- Managed code
- Clean ‘history’
- Simple or well understood
- Does not handle PII etc
- Little functions
- Easy to maintain
- Stable code
One of things I got out of this presentation was Fuzz testing, putting all kinds of junk into your data streams at random intervals. The aim to this is to see if you've properly coded your entrypoints into the application as they are the most vulnerable to exploit.
15:45 Web 2.0 + WCF
Nice presentation on making RESTfull applications and to point out some of the pragmatic ways on leveraging WCF technology to build web 2.0 services for your application.
17:30 Team Foundation Server: Lessons Learned Through Dogfooding
Really cool presentation, mainly because you get a glimpse into the development kitchen of Microsoft as how they have used Team Foundation Server to make there development process better.