URL's, URI's and URN's

I just came upon an interesting post, URL Dogma, Ian Griffiths wrote at the start of his blog. It is about the design and implementation of stable, user-friendly web page addresses. He references a couple of good articles that state goals and describes problems achieving them with ASP on IIS. One reference is URL as UI by the esteemed Jacob Nielsen in 1999, where he interestingly predicted the demise of domain names within a few years!

The essay 'Cool URIs don't change' at W3.ORG Style is an iteresting dialog.

An article at Wikipedia, URI(Uniform Resource Identifier), explains the definition of URI and its relation to URL. URI's provide unique naming functionality as well as locator functionality.

Some newer posts on Non-Admin development

Not exactly new, but one Nigel Watling, a Microsoft Technical Evangelist, has posted a well stated essay on the privilege options for developers. He carefully lists and analyzes the options, discussing in detail the tools and techniques I have mentioned in numerous earlier posts. It is well layed out. I came to it from a posting by Robert Hurlbut on his blog. He has a number of good security related postings.

He discusses my preferred approach "Logging in as LUA and escalating privileges when required" in some detail and mentions at least one security hole I have ignored - the possibility of messages being sent from some process window to the window running with elevated or admin privileges. He makes reference to the various techniques and pitfalls, but does not detail them.

Interestingly he preferred choice would be FUS (FastUserSwitching), but of course it is not available in most work environs. I don't like it. I frequently want to have Internet browsing windows open on the same desktop where I am developing.

Notes from Pluralsight folks

Joe Hummel is doing another webcast series at Microsoft (Tuesdays at noon Chicago time).
It is

So checking out the Pluralsight blogs here are a few refs of some note:

Craig Andera mentions "Speaking of blogging things so I can remember them…"
and talks about working as a consultant versus teaching.

It looks like Keith did not update his password manager from the version I have.

New Security Links

After some time off, Microsoft security expert Jesper Johansson has posted a new article, How to Shoot Yourself in the Foot with Security, Part 1 -- by Jesper M. Johansson. It discusses issues surrounding the CIFS/SMB (SimpleMessageBlock) protocol defenses against man-in-the-middle attacks.

And, it looks like Keith Brown has posted a new version of his Password Manager program. I need to check it out.

more .NET links

Travis who? got attention at Wintellect's Devscovery.
He has some interesting posts at his 'Paraesthesia.com' site:
http://www.paraesthesia.com/blog/comments.php?id=597_0_1_0_C

Your Clipboard is Not Safe!

Joe Stagner has posted an illuminating talk in video form along with sample code which demonstrates how easy it is for javascript code to capture the contents of the Windows Clipboard. Of course this could be a serious risk if you use the clipboard to paste in long, complex secure passwords. I will have to check the code for Keith's password manager tool to see about adding a clear clipboard function after pasting. Or the Windows API direct typing.