It's almost a life I don't write a post and now I do it to test the Amazon Widgets :S

Anyway…I’ve just ordered my Kindle Graphite, you can also get yours at:

Let’s be clear I like Internet Explorer.

I use IE8 and I have to hear jokes and all kind of comments because of it. Before I joined Microsoft I was arguing for a while until get tired of the conversation, moment where I ended always with a “yeah … it is”. Things like “but IE is not compatible with CSS standards” were very common to hear.  No, please don’t go again into that, it’s clear there is still lot of improvements that can be done for standard compliance. In any case, IE8 is 100% compliant with CSS Level 2 Revision 1.

But after I joined Microsoft the comments were getting worse and stimulating for the conversation, ridiculous things like “but you use it because Microsoft does not allow other browsers to be installed”, not worthy to say that is far away from reality.

Now that there has been the famous attack to Google using an exploit of IE some comments have reached insanity levels.

If you want full information about the exploit and the solution go to The Microsoft Security Response Center (MSRC). I just want to stand up that “to date, the only successful attacks reported have been against Internet Explorer 6” (which is a 9 years old browser). Users with XP (more than 8 years old OS) were more prone to suffer this exploit because XP does not take profit of Address Space Layout Randomization (ASLR), Vista and other later versions are more effective blocking the exploit because they take profit of the improved security protection offered by ASLR.

So, we have that people using a 9 years old browser on an 8 years old OS were the biggest victims. I’m not going to comment about this, just take a look to this video and think about it yourself  … security, hacking attacks, technology … all evolves and, don’t be fool, ALL of us are also responsible for our self-protection.

Whether you like it or not Internet Explorer is one the safest browsers of the market. You can do the comparison by:

1. Technologies applied: DEP, ASLR, Virtual Store, Mandatory Integrity Control, Today IE8 is the only one making use of all these technologies. I have to mention too the Cross Site Scripting filter and the Private Browsing, also known as porn mode but pretty useful and recommended when you browse from airports, Internet points and any other kind of shared computer.

2. Phishing protection: “The average phishing URL catch rate for browsers”

3. Average time to block phishing: “how long on average must a user wait until a requested phishing URL is added to the block list?”

Worthy to mention that “phishing sites have an average life expectancy of only 52 hours” mmm…sigh… Thanks Safari 4 to protect me against phishing sites that no longer exist.

Source: NSS Labs Browser Security – Phishing Q3 2009

“but Everybody recognizes a phishing site”. According to Gartner Group “theft through phishing activities costs U.S. banks and credit card issuers an estimated $2.8 billion annually”

4. Vulnerabilities:

“but regardless phishing Firefox is the safest browser”

Source: http://secunia.com/gfx/Secunia2008Report.pdf

I couldn’t find the 2009 report so I went manually product per product drilling by version in the Secunia site to get overall vulnerabilities.

As you can see Firefox 3.0.x has had more vulnerabilities in 19 months than IE 7.x in more than 3 years and almost the same than IE6 in more than 8 years. I’m not going to comment about Firefox 1.0.x, which had 209 known vulnerabilities since 11/9/2004 and has a current share of 0.03%.

Vulnerabilities Source: http://secunia.com/advisories

Release date Source: http://www.wikipedia.org

Market Share Source: Market Share Browsers.

“but …” Before you mention that Safari and Chrome have less vulnerabilities, please review again the Market Share and Release Date and remember that massive attacks are like business: You always try to maximize benefits, if with one product (exploit) you can reach 60% of market you don’t put all your efforts trying to get 5%.

I’m not going to enter into specific features of IE8 that facilitates the administrator’s work in corporations like: the possibility to manage and configure nearly 1.500 built-in group policies, the IEAK for customization, distribution of updates and patches via Window Server Update Services…

So, yes I’m very proud to say I’m a IE8 user … “but browser %replace with your browser% it’s faster” … Yeah…it is

When you work with TFS there are certain situations that will happen first or later like somebody going on holidays without doing checkin, a project that was created wrong, etc. those situations require you might need delete a project, delete a workspace, undo other changes…most of them can be accomplished using TF.exe. That’s the reason why I always say to TFS users that “TF.exe /?” is your friend.

I post some of them here as a kind of reminder for myself. As I will not be using TFS very often from now, I’m afraid my brain will deallocate the syntax to allocate other knowledge pretty soon.

Delete a project:

TFSDeleteProject /server:SERVER_NAME “PROJECT_NAME”

View checked out files for a specific project/user:

tf status “SERVER_PATH” /user:USER_NAME /recursive

View checked out files for all users:

tf status “SERVER_PATH” /user:* /recursive

View workspaces in a computer:

tf workspaces /computer:COMPUTER_NAME /owner:*

Undo others code:

tf undo /workspace:WORKSPACE_NAME “ITEM_PATH” /s:URL

Baseless merge:

tf merge /baseless “FROM” “TO” /version:T /recursive

When you develop applications that use databases you usually need to work with several database servers. i.e. Your local computer and a test server. If you are the only developer and have only one application that’s not a big problem, but if you are in a team  is quite annoying when someone messes up the connection strings to point to different servers depending on the task he wants to accomplish.

A common approach I’ve seen to deal with this issue is to modify the host file, so you can point to the right server without having to change all your connection strings. Unfortunately this does not work when the server you want to target is a SQL Express version or any other SQL Server with a named instance.

A better approach is to use SQL Server Aliases, with them you can indicate the name that is going to be used to access a SQL Server, no matter whether this server is your localhost or a remote server. To do that you only need to open the SQL Server Configuration Manager, expand the node of the SQL Native Client Configuration and go to the alias section as shown in the image below.

Right click on the node, select New Alias and introduce the name of the alias and the connection details of the target server. The image below shows how we have configured our local version of SQL Express to be accessed with the name “TestDBServer”.

When you introduce the connection details, be sure to verify they match with what is set in the protocols configuration of the target server.

That’s all, the new alias is set at machine level, so all the applications residing in the computer where the alias is configured can make use of it.

I hope this helps.

We have been using TFS at Payvision for many years, but these days I've been playing again with Team Foundation Server 2008 ... let's say for fun. I wanted to install from scratch TFS 2008 single server installation, on top of Windows Server 2008 and SQL Server 2008 SP1 and, configure it to be accessed via SSL, since I got lot of fun I decided to write down all the things I needed to do to have all up and running, basically because I doubt I will be able to remember all if I need to do it again. So, here is the list with the steps:

- Step 1: Get the latest version of the installation guide and read it before start installing.

- Step 2: Read the installation guide.

- Step 3: I really mean it, RTFM.

- Step 4: Follow all the steps described in the guide to create accounts, open ports, install prerequisites...

- Step 5: If you followed all the steps, you are now probably wondering why after do the "Integrated Installation of Team Foundation Server and Service Pack 1" the installer stills complaining about not having a supported SQL Server version for TFS. If this is the case, follow this workaround. If it is not the case, it means you didn't follow the recommendation of check for updates after install SQL Server and the SQL Server 2008 SP1 is not installed yet.

- Step 6: After complete the installation of TFS. Install the Team Explorer and check all works as expected: Create a project, bug, work items, check in, check out, reports, team site ...

- Step 7: Not a real step but I always suggest to install it in the same server: the TFS Administration Tool and the Team Foundation Power Tools. They became good friends of mine long time ago.

- Step 8: What? Really? So, when you open Team Explorer you see a red cross in the Reports, but the reports are working when you access them directly and in addition it does not happen on all computers...don't panic, it is something with an easy solution, you need to be sure Visual Studio SP1 is installed after Team Explorer.

- Step 9: After SP1 is installed you can already access the reports from Team Explorer, you can open the Reports but ... the Event Viewer shows a nice error saying that "OLE DB error: OLE DB or ODBC error: Cannot open database "TfsWarehouse" requested by the login. The login failed.; 42000.". You need to assign the role TfsWarehouseDataReader to the user Network Service, I found the solution here and also the solution to problem 8, sorry step 8, it was pity I didn't see problem 9 before problem 8 it would have saved me some time.

- Step 10: We also use scrum so I installed the template made by Conchango Scrum for Team System. Yeah you know why I add this point here, it doesn't work by default with SQL Server 2008, but we have the solution here thanks to Stuart Preston.

- Step 11: Great all is working now.  It's time to break it again,  it's time to configure the FQDN and SSL. To do it, you should check this guide from the Team Foundation Server global support team, probably one of the best docs I read about it, but we are not going to follow it exactly so I give hints on what/why I did different. Some are quite evident others no.

- Step 12: Before you configure the SharePoint Central Admin to have SSL required in IIS, it is important that you Configure Alternate Access Mappings in SharePoint. If you do the way around the mappings will be changed and you will not be able to open SharePoint 3.0 Central Administration.

- Step 13: When you do the step to configure the connections with TfsAdminUtil be sure to use the full url for the option /ReportServer because there is a bug that configures a wrong URL, therefore instead of   "/ReportServer:https://www.site.com:port/ReportServer" you should do "/ReportServer:https://www.site.com:port/ReportServer/ReportService.asmx". Sigh, this one really drove me crazy I wasted more time trying to figure out why all was failing than all the other steps together. So, I highly suggest you run "TfsAdminUtil ConfigureConnections /view" to get the list of urls, double check they are configured as expected and you can access them with your web browser.

- Step 14: When you configure the Report Server with "Reporting Services Configuration Manager", instead of just adding the SSL configuration I removed also the standard http one. Even if I was able to access the report site via SSL the internal links were still pointing to the HTTP version and as I said before, I just wanted to have all via SSL.

- Step 15: You need to give permissions to the machine keys in order the user network service can access the certificate we use for SSL encryption. To do it go to \ProgramData\Microsoft\Crypto\RSA, add the user NETWORK SERVICE, and assign the permissions read and write. Be very careful with this step you don't want to mess up anything here.

- Step 16: All seems to be done now, check all works as expected: Create a project, bug, work items, check in, check out, reports, team site ... and yes all looks good...but we are not done yet, "Team Project Administration" of the Conchango template still does not work, when I try to access the page it gives me a 403 error...sigh...but I found a non related post with my error that gave me the hint to solve it. To make it work I just needed to update the registry key with the new SSL url for TFS.

- Step 17: Have fun with your fresh installation of TFS.

This is pretty much all the (extra) steps you need to know for the errors you might face during the installation. I hope this post can safe some of your time if you do something similar.