I've been experimenting with a package called MythTV. Installing it was a complete pain in the arse (dependencies to resolve all over the place, and some fun and games getting the database component to work at all), but once installed I was pretty impressed. It neatly downloaded listings for my funky brand of cable TV, and offers them in an easy to use format. Watching TV is good - the TV card streams to disk, I watch the stream - meaning I can pause, rewind, forward wind (when I'm behind the actual broadcast). Recording is currently not quite as good - ALSA support for my soundcard (an Intel onboard thing) isn't very good, and Myth complains of a lack of buffers when recording; this has led to some recordings having out-of-synch sound. On the upside, it does record what I want, when I want it - so as soon as I get sound figured out properly, all will be well. It really does make TV bearable to be able to just pick from a menu of things to watch, rather than trying to be around at the right time for shows. I like TV when it's on-demand!
Yesterday, I went to Paul Mur's MSN Developer Seminar on writing secure code. About 30 people showed up; interestingly, there weren't many people from the larger consulting/development groups in town. Apparently, TSG is ahead of the curve in adopting .NET - and unusual in that we actually worry about security (catty comment: check out IDP Group for an example of our competition!). The first half of the seminar should have been titled "C++ sucks" - it covered Buffer Overruns, Arithmetic Overflows, as well as the usual range of Cross-Site Scripting, Canonicalization issues (ie. don't trust filenames!), SQL Injection, and similar. Paul had good examples for everything, including some examples that I loved showing buffer overruns in action - complete with heap dumps of the results. Very good stuff. The second half of the seminar focussed on security in .NET. Security controls are a lot more fine-grained than I thought - and you can really lock down a .NET system if you want to. That's a good thing, and I definitely learned a few tricks about how to help TSG's systems (such as sandboxing assemblies that need IO access, and restricting permissions accordingly). I was also impressed by the Forms-Based Authentication stuff - .NET makes it really easy to partition off parts of a site into admin areas, member areas and similar, without forcing Active Directory on you for authentication. The end of the seminar was a real treat - some tips'n'tricks to make Visual Studio life easier, and a contest to find the bugs in some code. I won the contest, and am now the proud owner of Writing Secure Code (2nd Edition), a book I was planning to buy with my next paycheque. So I was paid to attend the seminar, and saved $50 on the book. Sweet. :-)
Mood: happy
Music: None
No comments:
Post a Comment