Windows Presentation Foundation (formerly codenamed "Avalon") is the real highlight of .NET Framework 3.0.  Everybody wants to build those cool, slick UIs and leverage some of the wonders of the powerful Vista presentation framework.

Also, every developer who has that creative spark in him/her, wants to learn the nuances of using a designer tool such as Expression Blend and create UIs that wow their peers and friends.

Now, when it sounds like a lot of fun - know also that WPF is not a toy and is a really powerful API with full support for 2D and 3D vector graphics.  Just like any other programming framework, it requires an investment of time and effort to learn the framework and master it.

One really cool way of doing this would be to keep a tab on www.revoluxions.com - an initiative by Dax Pandhi and Andrew Eick. These two whizkids are doing a (hopefully very long) series of short WPF video tutorials, that quickly get you onto a concept or two.  Then they give you enough time to hone your skills with the newly learnt concept before you dive into the next one. Also, since they are short 15-min videos, they are easy to download, not too time-consuming to watch and even easier to digest.

Way to go guys!  And keep the good work coming.

Just been a whole lot of time since I posted here.  Mostly been busy.  Had been to a vacation to Dubai and then attending the rocking Windows Vista launch at Mumbai and then at Seattle for an internal Microsoft conference.

Seattle was fun.  Got to go the Redmond campus.  The holy grail.  The pilgrimage.  Clicked a lot of pictures here and there. 

Bought a copy of Flight Simulator X Deluxe Edition.  Have been long wanting to play Flight Simulator.  Aircrafts simply thrill me and the closest to get it to flying is using Microsoft Flight Simulator.  So far, tried flying a plane, managed to take off and then spin around and crash.  Flying with keyboard or mouse is real hard.  I wish it was easier - but it is fun to learn it.  After all, flying in real must be hard too.

Seattle struck me as a different city compared to other places in the US that I have been.  For one, the atmosphere had some class to it.  Seattle Downtown looked very classy and beautiful.  There were a couple of streets that didn't look as good, but the central part of it has these tall-rise buildings that look really nice when lit up.   Mt. Rainer is a nice, huge, fat mountain with a snow cap a couple of hours away from Seattle.  The mountain looks great when taking off from the Seattle Tacoma airport.

The visit to campus was shortlived and I hope to get to see more of it in the coming years.  Will surely need many more trips to go see the entire campus.

Dubai pictures available at http://pandurangvn.spaces.live.com

There are a series of 5 webcasts from Microsoft with two of the best counter-hacker guys, discussing AJAX security and how to protect your AJAX applications.

This is a must for anybody doing serious AJAX development.

The announcement came on Joe On .NET and is linked below:

Upcoming AJAX Security Webcasts

On the other hand, the ASP.NET team has released a nifty little library called the Microsoft Anti-Cross Site Scripting Library.  Useful for encoding all input other than those specified as OK.  You can learn more about it and download it from http://www.asp.net/downloads/teamprojects/default.aspx?tabid=62#antixss

Video: Microsoft Home

Video: "Athens" - Microsoft & HP's PC of the future

Microsoft started off CES with a Bill Gates pre-keynote address.  BillG started saying that this is probably the last time he gets to go on the CES stage and talk about technology!  :(  I don't buy that completely though :)

However, the address was very exciting with some of the stuff that was never demo'ed before.

There was Windows DreamScene - something quite amazing spectacular and something that was a hush-hush thing at Microsoft for a while now.  Of course, it is another UI glitz, with playing videos now being able to be set as the desktop background.  I got to install a small internal BETA today and it works great.  Sure looks exciting and I think the Vista Ultimate Edition users will love the feature (that'll ship as a Vista Ultimate Extra).

If you haven't seen DreamScene, you should watch the CES keynote.

One of the biggest announcements yesterday was Windows Home Server.  Windows Home Server is the vision of having a server in every home that takes care of backend infrastructure for the digital home.  In many ways, a "home server" makes perfect sense to orchestrate all the digital devices that make up today's homes.  Hook up your Media Center PC, your laptop, your personal computer, your XBox, your Windows Mobile phone and everything to the backend server and let it manage backups, synchronization, and a lot more for you.  That's the message.  However, to learn more, you can also check out the Center for Digital Amnesia Awareness Web Site. :)

In the meanwhile, Bill Gates has also written this must-read article titled "A Robot In Every Home".  When you read the paper, you realize the real parallel universe between the "origin of the PC" days and today's world.  I played around with Microsoft Robotics Studio v1.0 yesterday and created my first robot in a simulated environment that I could control with a small controller-like Window (called the Direction Dialog).  That was pure thrill!

Exciting times ahead, and with this company - that's a statement that'll always be true!

Security on the web has taken a new dimension with AJAX-driven websites.  AJAX-driven websites are more susceptible to cross-site scripting (XSS) attacks and offer easier means of call and logic discovery.

I had covered these in sessions titled "Building Secure Next Generation Web Applicaitons" during the recent Security Yatra and also during some MSDN Days organized in a few SIs in India. 

Some of the really startling attacks I discovered while preparing the content for the demo included the MySpace worm.  The complete details are available at http://namb.la/popular/

Not only did the worm bypass all of Myspace.com's rules, but surprised the author of the malicious code himself by affecting a million users in under 20 hours!

I just also received an email that talks about a very interesting vulnerability in PDF and Adobe Reader that makes it possible to perform serious XSS attacks.  That was quite startling because the avenues are increased not just to AJAX-sites but common technology such as Adobe PDF and OpenOffice.  The article is available at http://www.eweek.com/article2/0,1895,2079201,00.asp?kc=EWEWEMNL010107EP26A

The actual attack instructions are also available here.  But let me warn you not to try this with any site.  Don't mess around - it is a dangerous world out there.

And for all your developers there, if that didn't shake you and say "Take security seriously", I don't know what will.

"Like almost everyone who uses e-mail, I receive a ton of spam every day. Much of it offers to help me get out of debt or get rich quick. It would be funny if it weren't so irritating."

- Bill Gates, "Why I Hate Spam", Wall Street Journal 2003

Years later, spam still continues to be a meaningless giant that torments the Internet.  I had blogged about spam once in an early post in 2004.  What has changed since then has been technology that is striving to provide better email filters.  Fighting the source of the spam is something that several organizations are trying to work on and has not quite been successful.

As a computer program, what do you do when you think a particular email is spam?  Obviously, the program cannot take the decision to delete it.  It can move it to a folder and hope for the user to check it and then delete it.  This is important because you would otherwise lose valid emails that are identified wrongly as spam.

The solution seems to be in identifying spam spot-on without making a mistake.  The industry has some ground to cover in that direction. No spam filter today is 100% accurate.   So the solution is not workable.  What else can be done?   Several things:

a.  Users should realize that spam affects everybody and is a global problem.  I have heard many people come up to me and say "Hotmail has more spam" or "I stopped using Yahoo because of spam", etc.   Realize this - no email service provider is free of spam.  If you don't get as much spam at your yahoo id as you do at your hotmail id, it is only because you either registered at too many places on the Internet with your hotmail id, or because you had your hotmail id for a longer time.   Eventually spam will hit your other id as well.

b.  Create longer email ids - most spam generators try combinations of letters and so an English word or a common name is more likely to be spammed rather than an uncommon email alias.  So, for instance, a pandurang@... would attract more spam than a pandurang.nayak@... (unlikely that a right combination of names will be auto-generated).  

c.  Never give our your email id OR ALIAS at any website that you don't trust.  I do this as a rule for the past two years now and has worked in reducing a lot of spam.  Most websites out there sell out your email ids.  Worse, the auto-spam software takes an alias and then sends an email by appending @hotmail.com, @gmail.com, @yahoo.com, etc. to the same alias.  And guess what?  In most cases that'll probably work as well.   Most current email clients, both online and offline, do not automatically display images - which used to be a way the spamming site tracked that you recieved the email and hence realized that they'd hit a valid email id. 

d. My Hotmail and Yahoo ids which recieved a lot of spam, actually have seen a decline.  Also worked with the fact that I let Hotmail "expire", without checking it for a long while and then when I recreated my ID after a month or two, I saw a substantial decline in spam.   I know this is probably not possible in all cases, but if you "gave up" an account due to spam, you can probably re-login and re-activate it and be surprised about how much lesser spam you'll get.   Most spam software assumes the email is a valid one, unless they get a "bounce" on the email.  And many software will continue to spam you even if there is a "bounce".

e.  Never encourage spam - there are too many times that people themselves spam others.  I am not talking about email forwards with jokes and other stuff.  I am talking about chain mails that say things like "Don't add xxxxx as a friend in Yahoo! messenger.  It is a dangerous virus that will delete everything on your hard disk."  Give me a break.  Such virus is not feasible unless a complete idiot is using the computer.  But then, there will be a zillion fowards of this email and lo! you have more spam added to the world.

f.  Report spam.  This is one of the best ways to fight spam.  When you see an email that was spam, tell your email service provider that this was spam.  Click that button saying "This is spam" and report it.  Over time, this is what will help eradicate most spam originators.  But when you do so, be honest.  Don't mark a newsletter that you signed up for, but never read, as spam.  That is not spam.  If you really don't want that newsletter, unsubscribe.

g.  Be wise.  I see so many people giving out email IDs on websites, blogs, forums, social networking sites, etc. freely.  It is fine to do so when you know that the email id will not be revealed.  But if the email id is just going to be posted on to the website, you are inviting spam.  Several spammers automatically crawl websites looking for email ids.

So till we have a permanent, efficient, universal solution to spam - it is us who have to fight it.  Spam is just like fighting a dangerous disease. If we don't do our bit, it can be too late when we realize our folly.

Don Box and Chris Anderson present you a holiday season song which you can hear here. 

The lyrics (reproduced from here):

Vista, we shipped it,
Vista, we shipped it,
Vista, we shipped it,
Better late than not.
Vista, you'll love it,
Vista, you'll love it,
Vista, you'll love it,
It's the best we've got!

Yes we've got Indigo
And it will even glow
When you've got Avalon
Spicing up the show!

Sure there's no WinFS
But we got RSS
And search and indexing
will help sort out the rest!

U-SER-A-COUNT-CON-TROL
UAC means I'm no admin
UAC means You're no admin
UAC means She's no admin
UAC means He's no admin

Vista's why... we're happy again

Happy Christmas and New Year to all readers of ThinkingMS too!!

The master of books on Windows programming does it again.  This time it is Windows Programming using the Windows Presentation Foundation (WPF).  If you plan to be a serious WPF developer, this is a must read.

What I like best about the book is the title.  Applications = Code + Markup.  Charles Petzold starts off in the book saying that the new breed of Windows applications are still code.  In a way, it is saying, don't get all scared about XAML and think that the entire WinForms programming model has been thrown out of the window.  You continue learning to program Windows in pretty much the same way as the previous generation.  Only that it gets exciting because there are new ways of doing things, aka declarative coding. 

Needless to say (if you have read CP before), the book can be read pretty much like an interesting novel that you can't drop before it is finished. I have run through the first 4 chapters in one day (didn't just read - wrote code as well) and plan to finish the book by the end of this year (which actually is 5 days away)!

Meanwhile, if you are just starting on .NET, or want to get deeper, you might also want to read .NET Book Zero - a free book available on Charles Petzold's site - www.charlespetzold.com

His blog also has announced the next book he's working on - "Windows 3D". Check out this post.