Banned Crypto and the SDL – Read it , outlined some bullets below:

• Dont use MD4, MD5 and SHA-1, you should use SHA-256, SHA-384 or SHA-512
• Dont use DES, 3DES, you should use AES (in CBC mode)
• Dont use RC4, use RSA and Elliptical Curve.
• Only use the following random generators:
  • CryptGenRandom (Win32)
  • BCryptGenRandom (Win32)
  • System.Security.Cryptography.RNGCryptoServiceProvider (.Net)

Gareth

• AWS Start-Up Challenge For 2009 – Amazon has kicked off the third annual AWS Start-Up Challenge now.
  • Start-ups in the United States, the United Kingdom, Germany, and Israel are encouraged to apply for a chance to win $50,000 in cash, $50,000 in AWS credits, mentoring sessions from AWS technical experts, and AWS Premium Support Gold for one year.
• How to use a CTE in a view. If you dont know what a CTE is check it out here, definitely check out its recursive capabilities here.
• Microsoft Research “Gazelle” fires experimental salvo at Google.
• PCI DSS Legitimizes Conflicts of Interest
• Geneva identity grows up with rebranding roll on Active Directory Federation Services (ADFS), Windows Identity Foundation & Windows CardSpace.
• Managed Extensibility Framework (MEF) Preview 6: V1 Feature Complete Silverlight Support and Much More!
  • Not only is this the feature complete build for MEF V1.0 (which will ship with .NET Framework 4) but it also has the first drop of MEF for Silverlight!
• Google releases remote screen viewer NeatX.
  • “The good old X Window system can be used over the network, but it has issues with network latency and bandwidth. Neatx remedies some of these issues,” Google engineers wrote on the company’s open source blog.

Interestingly for me also is that while this concept applies to both Microsoft .Net runtimes and Mono they do behave differently, well they have different GC collection algorithms at any rate and there are implications for that. I may cover that as a separate topic in a later blog as well (more Blog promises… everyone tells me not to do that )

Gareth

• Amazon Adds CloudWatch Monitoring, Other Services
• Amazon to ‘Open Source’ their cloud API’s
  • This will be a very telling move if it gains acceptance. It will open up the way for a number of people to standardize to, but I am more than a little skeptical
• Credit Card Council Looks Into Cloud Security
  • You knew it had to be coming – and now it has!
• Bulk Loading/Export from Clouds
  • This shows how the systems are starting to mature. It has always been a fear how to get large data sets to and from cloud systems. Specifically I imagine there will be data analysis cloud applications that may end up processing terabytes (or more) of data. Getting that information there was a problem until now.
• Cloud Electronic Socket for $100
  • This is key, this moves backup from significant chunky machines (PC’s) to a small appliance no larger than an electrical adapter. Very nice, and I hope successful.
  • Socket appliance backs up to cloud storage
• Tibco enters the cloud space using Silver on Amazon
• Microsoft and Sun talk interoperability

Hopefully this helps anyone looking for help performing some semi-automated test.

Gareth