It was my great pleasure to be at the face to face OpenAjax Alliance meetings for the first time last month. Thanks to the nice people at IBM for hosting them. I really enjoyed the discussions with Alex from Dojo , Gideon from OpenSpot and many others. There were also great demos of OpenAjax-based interoperability. It was also the occasion for me to visit New-York where I hadn't been in more than fifteen years. After the initial shock of not recognizing the skyline from the plane, which affected me more than I expected, I just realized how much I love the atmosphere of a city where people actually walk. It reminded me in a way of Paris, where I lived most of my life. Here are some pictures... Atlas in New-York A walk in the park. The weather...(read more)

Someone had posted a comment on my blog asking how I get my VPC images down to a reasonable size, so I figured I'd share it here. It's not the most fun process, but it does manage to get a VPC image down from about 5+ gigs, to about 1.5 or so. To start, make sure you do not have undo disks turned on. Create a backup copy of your VPC image, you'll need this later, and it's good to have in case anything goes wrong. In the Add/Remove Components in the control panel, remove any software (applications and Windows components) that you don't need Clear the DLL cache at the command prompt, type " sfc /cachesize=1 " reboot the computer at the command prompt, type " sfc /purgecache " Delete all $something$ files from the %windir% directory except $hf_mig$....(read more)

Every day a few folks send be pages of code and ask be to make it work for them (No Kidding) Joshua Folkets is a developer that I had dialog with in the past and this we we sent me code for me to USE rather han fix. What a treat – he just sent to me and said “I thought I’d send you this in case you find someone who might use it.” Here is a screen shot….. And here is a link to the code (use at your own risk) ….. http://www.joeon.net/downloads/SliderGrid.zip Joshua – You ROCK ! Read More......(read more)

A couple of days ago eWeek posted a panic attack here http://www.eweek.com/article2/0,1895,2110554,00.asp?kc=EWEWEMNL040307EP37A that sensationalized a paper that Fortify published here: http://www.fortifysoftware.com/advisory.jsp I posted a link to the article yesterday – sort of tung in cheek, but decided to wait until I could refer to more information because folks might not intuit my point. So let me offer this subtle hint: THERE IS NOTHING NEW HERE ! Security companies market themselves by generating press about their research – fair enough. Tech Media Companies like eWeek naturally sensationalize to keep their readership flowing (the National Enquirer model of Journalism). Now, it’s not like I don’t take developer security seriously. I...(read more)

Scott has a great post on how ASP.NET Ajax has built-in mitigations already in place for JSON hijacking attacks: http://weblogs.asp.net/scottgu/archive/2007/04/04/json-hijacking-and-how-asp-net-ajax-1-0-mitigates-these-attacks.aspx Read More......(read more)

Recently some reports have been issued by security researchers describing ways hackers can use the JSON wire format used by most popular AJAX frameworks to try and exploit cross domain scripts within browsers. Specifically, these attacks use HTTP GET requests invoked via an HTML