Noticias

UAC and Windows 7. Microsoft listens.

Not so long ago, kriptópolis published an article about a security vulnerability in Windows 7 UAC default configuration (in Spanish) which allowed every malware program to change UAC configuration without warning the user about it, to the point where it could be completely deactivated, and therefore endanger the whole system.

Initially on the Engineering Windows 7 blog said that:

Microsoft’s position that the reports about UAC do not constitute a vulnerability is because the reports have not shown a way for malware to get onto the machine in the first place without express consent

which, to tell you the truth, sounded more like a sad excuse than a real explanation

Luckly, in a late, but wise, movement, and after getting a lot of negative feedbacks, it seems they've changed their minds and have decided to, indeed, consider it a vulnerability:

we are going to deliver two changes to the Release Candidate that we’ll all see. First, the UAC control panel will run in a high integrity process, which requires elevation. That was already in the works before this discussion and doing this prevents all the mechanics around SendKeys and the like from working. Second, changing the level of the UAC will also prompt for confirmation.

These are excelent news. On one side because they're fixing the security vulnerability exposed by the previous working mode, and on the other because is refreshing to find Microsoft people finally answering and taking into account comments from their users.

Test Driven Development (update)

See, I've been reading Joel Spolsky blog for about two years now, and I've always considered all his opinions to be more than valuable. I could say every time he speaks, I nod :P

So, if you write an article criticizing Test+Driven+Development, which is one of the methodologies with most buzz nowadays, you expect a lot of people to just disagree or think you're nuts... after all, test driven development is cool, isn't it?.

That being said, when Joel and Jeff Atwood refer to the topics you have mentioned and basically confirm what you've already said... well, I must say I feel flattered. Mostly because these two have a big impact in the internet, secondly because I usually agree with what they say a hundred percent, and thirdly because ... it's cool to be right... or at least having popular people agree with you.

About what they say (is a transcript from one of their podcasts), well, what can I say? Just a little thing, in the end Jeff says:

...because what matters is what you deliver to the customer, and how happy the customer is with what you've delivered. There's many, many ways to get there.

Well, that's right but, what does it have to do with what we are talking? Every methodology is design having in mind that objective, everyone wants to deliver an exceptional product to the client; well actually everyone wants to make money out of delivering that exceptional product. So, of course there's many ways, what we are talking about is choosing the best way to do it, that's what methodologies provide, a way to do things, an structure for how to work.

In the end, methodologies are just part of the equation. Other parts include common sense to adapt to each situation, the appropriate set of tools and mainly, the people who work on the project. In that way, I'm not saying making unitary tests is bad, quite the contrary, is doing them for everything what is bad. Why? Because we're failing to use our common sense to tell us what should be tested and what doesn't need to.

And that's basically the problem with Test Driven Development, since tests drive the development you have to make them for everything that needs to be developed, otherwise they will not drive...

stackframe.net up and running

After a long time (longer than I thought), and after a lot of work putting everithing where it should be, stackframe.net is finally up and running.

Among other new things, it features a new design (basically a different theme with some modifications :D), an update to Drupal 6 and a multilanguage system which allows me to publish content in both spanish and english.

There are a lot of other things that have improved, as the table of contents, the voting things and some other minor things.

Almost all content from TheAlphasite are available and the few of them that aren't will be ported in a couple of days. Currently I'm setting redirections from the old articles to the new ones and in few days the site will be completely operative.

I've been publishing in TheAlphasite for 2 years now, better or worst, and now I want to keep doing exactly the same in a new website, but extending the content to reach both languages (and belive me, it takes a lot of time to translate everything). I hope you enjoy the new site, that you have fun, and that it may be of help for some of you.

Don't forget to update your feed readers to the new urls for the new site:

Stackframe en spanish: http://feeds.feedburner.com/stackframenet

Stackframe en english: http://feeds.feedburner.com/stackframeennet