Thursday, July 12, 2007

Vista Sidebar Gadget Development, Windows Performance Tweaks and Outlook SPAM Management

Sidebar Gadget Security: Inspect Your Gadget


Review a Gadget for Security Bugs

As a first order analysis, the following should be carefully reviewed to make sure they are not introducing security bugs.

* Verify that all innerHtml constructs render only trusted or sanitized data.
You can use the innerText property to add untrusted data into the DOM safely.
* Verify that all document.write method calls render only trusted or sanitized data.
Again, use the innerText property to add untrusted data into the DOM safely.
* Verify that all calls into the Gadget object model or ActiveX controls instantiated in the Gadget pass validated data. As an example, be careful when calling System.Sidebar.Execute.
* Verify that all calls to eval() pass validated data.
* Verify that all ActiveX controls used by the Gadget are secure (no buffer overruns, integer overruns, and such).

Lawrence James

A further link: Guidance on how to develop secure Vista Sidebar Gadgets



Simple Tweaks to Improve the Performance of your Windows PC

Here are four simple tweaks for your PC that will help improve your overall computing and internet browsing experience.

Step 1: Change the IE Concurrent Download Limit - Internet Explorer's default settings only enable you to download up to two downloads at the same time. Optimizing the download settings enables you to download up to 16 files concurrently from the same server.

Method - Open registry editor and navigate to the following key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings

Right click the right pane and select New->DWORD Value. Type MaxConnectionsPer1_0Server and give it a value of 16. Add another DWORD using the same process - call it MaxConnectionsPerServer with the same value - 16.

Step 2: Disable Windows Indexing Service - The indexing feature consumes system resources, and may adversely affect your system's performance. By disabling the indexing feature, you free up disk space on your computer and may improve its performance.

Method - Goto Control Panel -> Administrative Tools -> Services. Find the Indexing Service, right click and select "Disable".

Step 3: Resize your Internet Explorer Cache - The default cache settings of IE are configured to hold a large number of cached temporary Internet files. However, storing many small files on your hard disk consumes valuable disk space and can cause disk fragmentation. Reduce the maximum size of IE cache to 128MB for optimal performance.

Method - Start Internet Explorer, Select Tools -> Internet Options ->General. Under Temporary Internet Files click the Settings button and type the amount of disk space to use.

Step 4: Windows Menu Display Speed - Menus are displayed on your computer according to Windows' default settings. By optimizing these settings, you speed up your computer's ability to display (and hide) these menus.

Method - Goto Start -> Control Panel -> System. Click the Advanced tab, and under Performance, click the Settings button. Clear the Fade or slide menus into view check box, and then click OK.

Amit Agarwal


Postmarking: helping the fight against SPAM

Postmarking is a new part of the Outlook 2007 junk e-mail feature; it complements the existing feature set to reduce the amount of spam in your inbox.

One of the great advantages of e-mail is that it is easy and cheap to send. Unfortunately, this is the very same reason that makes it so useful to spammers as it enables them to send huge amounts of email in bulk.

Think of Postmarking as computational “postage” imposed when sending email. This is a small burden for an individual user, but is a very large burden for spammers. Spammers rely on being able to send thousands of mails per hour, and in order to be able to send spam with postmarking turned on, they would have to invest a very large amount of money to expand their computational power.

Postmarking generation is only present in Outlook 2007 and postmark validation is present in Outlook 2007, Windows Live Mail , Exchange 2007, and Windows Mail in Vista.

Alessio Roic

Labels: , , , , , , ,


Thursday, August 10, 2006

How fast are you?

Our children will never appreciate the handshake of a 300 baud modem. The thought of transferring anything at 1200 baud is unthinkable even if we invoke the sacred z-modem. Now-a-days you are more likely to talk about megabits per second (a data rate) instead of baud (a symbol rate).

I find it amazing how our data communications have increased in such a short time. We used to drool over a T-1 connection (1.544Mbit/s). Since only businesses could afford such luxuries, people would plan weekend gaming sessions at their work place or stay late to download and surf in ways that the average home user could only dream possible. Now, your cable connection is likely faster than a T-1. Comcast advertises 6Mbit/s standard with 8Mbit/s for some extra money and is currently testing 16Mbit/s in Richmond, VA. The near future promises even better (28Mbit/s)!

What is your speed? Online testing services such as http://www.testmy.net/ and http://www.broadbandspeedchecker.co.uk/ can help you see if you are up to snuff. Your internal networking equipment can cause slowdowns so by-pass your router, hubs and other gear by plugging your computer directly into your cable or dsl modem when speed checking. You may need to power cycle the modem after connecting directly. http://broadbandreports.com/ (aka DSL Reports) is a fantastic resource when troubleshooting or investigating network speeds.

Your system software can influence speed. Tools like SG TCP Optimizer can greatly improve your Internet connection by adjusting network settings you may not even know exist.

See also It's the latency, stupid for more understanding of speed issues. Read about hacking the Linksys router and Linksys Blue Box Router HOWTO.

Labels: , , ,