Tools vendor JetBrains has released ReSharper 3.0, the latest version of its refactoring plug-in for Visual Studio.

This edition introduces support for a number of additional languages, including Visual Basic.NET, XML and XAML. It also features a cross-language capability for projects written in both C# and Visual Basic.

JetBrains says it has also deepened the product’s code analysis capabilities. Beyond spotting errors and issuing warnings, ReSharper 3.0 will provide developers with on-the-fly suggestions for improving code.

XAML features include XML editing in XAML code and real-time error, syntax and semantic analysis.

One new feature in the area of productivity enhancements is a Unit Test Explorer for conducting and debugging multiple unit tests.

JetBrains is offering ReSharper in three editions. Resharper 3.0, a full-featured version; a C# Edition that omits the VB.NET support; and a VB.NET package that leaves out the C# functionality.
 

Microsoft has released another community technology preview of Sandcastle, a tool for creating documentation for .NET projects.

New in the June rev is a presentation layer named "VSORCAS," an apparent play off the former codename of the upcoming Visual Studio 2008.

VSORCAS is aimed at improving the experience of navigating through and searching documentation, according to Microsoft.

"This new documentation presentation layer targets developer audience who need to find information quickly and easily in our documentation that grows significantly with every Visual Studio/.NET Framework release," read a statement on the Microsoft Sandcastle blog.

VSORCAS' features are set to include a persistent language filter, which will automatically show the related files, examples and other information related to a programming language of a user's choosing.

There are other filters as well, including the ability to filter based according to a type's supported frameworks and based on member types, according to a posting on the blog.

VSORCAS also seeks to improve the visual experience of reading documentation by communicating more data in a smaller amount of screen real estate.

The CTP is available for download here.

You can read more about the planned features here.

 

Adobe released beta versions today of its Apollo application runtime to allow developers to build rich Internet applications that run on the desktop and its Flex 3 technology aimed at building RIAs for the Web.

The beta version of the Adobe Integrated Runtime (AIR), formerly called Apollo, is a cross-operating system runtime to allow developers to use HTML, Asynchronous JavaScript and XML (AJAX), Adobe Flash or Adobe Flex to build RIAs for the desktop. Adobe is part of a growing group of vendors, including Google Inc., that has announced plans to take RIAs back to the desktop. They were originally aimed at infusing the rich, interactive features of a desktop application to the Web.

"This is the first major public release of the AIR runtime," said Mike Downey, Adobe's group manager for evangelism of platform technologies. "This one is very close to having all the features enabled in it. We've focused on a variety of feature areas and very heavily on improvements to the HTML engine."

In addition, this release will be major for AJAX developers, he said, noting that the alpha code released in March "was fairly incomplete if you were doing a purely AJAX implementation." Developers building AIR applications now can use any AJAX framework, he added.

Additional new features in the Adobe Air beta include an embedded SQLite open-source local database, support for PDF and deeper integration with Flex, Adobe said. Users will be able to view and interact with PDF documents within Adobe Air applications similar to how they interact with a PDF in the browser, the company added.

Meanwhile, eBay Inc. is scheduled to unveil today an Adobe AIR application project called San Dimas, which can deliver notifications and updates in real time to eBay users' desktops without them having to open a browser.

A final version of AIR is slated to ship before the end of the year.

Adobe also announced the beta release of its Adobe Flex 3 software, its free open-source tool for building RIAs. The beta versions of the Flex Builder 3 and the Flex 3 SDK will be available for download today.

This beta marks the first significant release of code for the open-source Flex project, beginning with the availability of daily code updates and a public bug database. This version of the Flex standards-based language and programming model, slated to ship by the end of the year, will be available under the Mozilla Public License used by the Mozilla Foundation and by Sun Microsystems Inc. for its OpenSolaris operating system.

The dual-release dates for AIR and Flex 3 were no coincidence, said Dave Gruber, group product marketing manager for Flex. Flex 3 will now include support for applications built with AIR so developers can create RIAs that run in the browser and on the desktop, he added.

This version of Flex will include several new features designed to make it easier for developers to work with data, including added memory and performance profiling tools so developers can analyze and improve the performance of applications running in the browser or in AIR.

In addition, with Flex 3, a developer only has to download the Flex framework once; all future uses of Flex will use a version cached in the Flash player. "This makes the size of the application dramatically smaller ... making the initial response very quick for Flex applications," Gruber added.

 

ASP.Net comes in with a set of validation controls that automatically validate the data entered by a user. Though this validation controls are very powerful and easy to use, they have a small draw back in the sense that they require the entire page to be valid before it's submitted back to the server. There is no direct way to validate only a particular section of the page. This article will explain some circumstances where validating a particular section of page will be required and how to accomplish it.

Why validating a particular section of page is needed?

While validation controls is a great tool for validating user input before data is being submitted there are some situations where we might either want the data to be submitted without validation or we want to validate only particular fields in the form.

A typical example for when we may want the data to be passed through without validation is when a page has both submit and cancels server buttons. When the user clicks the submit button the data has to be validated whereas when the user clicks the cancel post back has to happen without any validation.

An example for when we may want to validate only particular fields of a page is a form which is divided into multiple sections with a submit button in each section. When a submit button for a particular section is clicked validation for other sections should not happen.

Solution

The solution for by passing validation on server button click is fairly easy. All we have to do is set the CausesValidation property of the button control to false. Once the CausesValidation property is set to false no validation will happen both on the client side and server side.

The syntax for doing it in the design time is

<asp:button id="cmdCancel" runat="server" Text="Cancel" CausesValidation="False"></asp:button>

This can also be done in runtime using the following code

cmdCancel.CausesValidation = false;

The solution for validating only particular fields requires few lines of JavaScript code and understanding of the Client side API provided by the validation controls. Following table lists the functions and variables provided by the client side API

Name	Description
Page_IsValid	A Boolean variable which indicates whether the page is valid.
Page_Validators	Array of all of the validators in the current page.
Page_ValidationActive	A Boolean variable which indicates whether validation should be performed. Setting this variable to False will to turn off validation.
Isvalid	This is a property of the client validator indicating whether it is valid.
ValidatorEnable(val, enable)	Enables or disables the client validator passed as argument.

 

ON THE SCENE - During an invitation-only demonstration at TechEd, small device developer EmbeddedFusion demonstrated a prototype programmable small device - actually a circuit board with a 2x3 color LCD display - that is capable of being programmed using Microsoft's .NET Micro Framework.

It's a managed code system with which developers can rapidly build programs for embedded devices, and embedded device drivers.

Within the first 20 minutes of programming the card using C# in Visual Studio 2005 (after re-installing the EmbeddedFusion SDK), we were able to construct a simple application that...[drum roll]...blinked an LED on and off.

From a technical perspective, this is more difficult than it seems under the hood. As we learned, embedded devices employ signals on pinouts that are time-specific, while .NET functions are asynchronously sequential.

In other words, they tend to run one after the other, the way things typically do on a PC. So there's already a bit of incompatibility: An event scheme has to be worked up when you connect the programmable device to the PC via a USB cable, in which you have to force the PC to run on a clock.

The skeleton code for doing this is part of the EmbeddedFusion SDK for .NET Micro Framework. We then embellished that skeleton code with test code that samples the inputs every second (or, by our count, every 1000 microseconds), and that pushes a pin - in the digital sense - every second to flip on and off the LED.

A much more complex sample involves the built-in two-axis accelerometer, and was demonstrated for us. There, a test .NET Micro application was pushed via USB cable into the embedded prototype card, which triggers it to run a ball-in-a-maze game.

On the surface, it looks like a fairly low-order game...that is, until you pick up the card itself and move it around. The active accelerometers scoot the ball around, just like a real steel ball inside one of those cheap plastic mazes you get in a happy meal.
 

ORLANDO -- Microsoft on Monday released the first community technology preview of SQL Server 2008, the official name for what was initially codenamed "Katmai." The announcement was made here at the Microsoft TechEd Conference in Orlando.

Katmai is set to ship in 2008 and the company is making it a central plank of its push into the business intelligence space. But Redmond is also building a number of developer-specific capabilities into the next-gen server release: The ADO.NET Entity Framework (EF) and the Language Integrated Query (LINQ).

Developers can use the Entity Framework to program against data defined in a conceptual way, instead of having to work with information organized in tables and columns. "With the Entity Framework, we’re essentially programming at the conceptual level rather than at a logical level or a physical level," Francois Ajenstat, director of product management, SQL Server previously told RDN.

LINQ enables developers to tap various sources from within VB.NET and C#. The LINQ to Entities specification will ship as part of the Entity Framework, and, like the EF, will be supported by Visual Studio tools.

Other improvements slated for SQL Server 2008 include added support for various data types, including spatial and unstructured data.

In related SQL Server news, Microsoft on Monday also announced it had acquired technology from Dundas Data Visualization Inc., for the creation of charting in SQL Server Reporting Services.

 

Microsoft this week released a preview of a new software development kit for use with the Open XML standards native to Office 2007.

The company said the SDK is meant to streamline development chores for coders creating Office Business Applications (OBAs). It contains instructional articles and sample code regarding a number of tasks, including programmatic document creation; tweaking document properties; and working with custom XML within documents. The release coincided with the start of Microsoft’s Tech Ed conference in Orlando, Fla.

Brian Jones, an Office program manager, discussed the SDK’s high points in a blog post. "The goal in this first CTP was to provide some additional structure on top of what was already provided by System.IO.Packaging in .Net 3.0," Jones wrote. "Now instead of just generic parts and relationships, you actually have each part from the Open XML spec available as a strongly typed part. The API also provides package level validation so you’ll know you’re creating all the necessary content type declarations and relationship type references."

 

Microsoft is readying a beta of a new SKU of its next generation of Visual Studio, intended for those who want to embed it into their own tools.

The company will offer what it calls Visual Studio Shell, a scaled-down version of its flagship developer tool suite. Microsoft launched Visual Studio Shell at its TechEd conference in Orlando.

Visual Studio Shell is intended to allow developers to build Visual Studio functionality atop their own vertical tools, as well as integrating various languages such as Fortran, Cobol, Ruby and PHP. Microsoft will release a beta version this summer. When it ships with Orcas, now officially dubbed Visual Studio 2008, Visual Studio Shell will be free.

 

In a surprise to absolutely no one, the official name of the next edition of Microsoft's flagship integrated development environment (IDE) will be Visual Studio 2008, Microsoft announced this week at its Tech Ed 2007 show in Orlando, Fla.

A second beta of the product -- previously codenamed "Orcas" -- is expected later this summer. RDN Senior Editor Kathleen Richards recently took a detailed look at which planned features are in and out of Visual Studio 2008.

Microsoft also announced at Tech Ed that Visual Studio 2008 will include the Visual Studio Shell, a stripped-down version of the core IDE that is "intended to let developers integrate their products directly into Visual Studio and then ship them as if they were their own products," says Joe Marini, group product manager for Microsoft's VSIP program.

 

Saying that an Internet Information Server exploit is due to a feature, not a flaw, Microsoft has published exploit code for the flaw but no workaround or patch.

The exploit, which was discovered on Dec. 15, 2006, and made public at the end of May, works against IIS 5.x. By design, versions 5.x allow bypass of basic authentication by using the "hit highlight" feature. The hit-highlighting feature can be used by an unauthorized user to grab documents to which he or she has no privileges.

At the very least, this leaves IIS 5.x users vulnerable to data interception. And while the exploit hasn't been used to take over systems to date, that could well change, according to Swa Frantzen of the Internet Storm Center.

The ability to execute code is "unexplored, but hinted about," Frantzen wrote in a blog post on SANS' Internet Storm Center security alert site.

The ISC has tracked public exploits that apparently focus on leaking protected information.

According to Microsoft, which has written up the issue in its Knowledge Base article 328832, hit-highlighting with Webhits.dll only relies on the Microsoft Windows NT ACL (Access Control List) configuration on 5.x versions.

Microsoft "strongly [recommends] that all users upgrade to IIS (Internet Information Services) version 6.0 running on Microsoft Windows Server 2003. IIS 6.0 significantly increases Web infrastructure security," the company wrote in its KB article.

Microsoft is currently shipping IIS 6.0 of the Internet Information Services Server for Windows Server 2003. Microsoft is up to IIS 7.0 for Windows Vista and IIS 5.1 for Windows XP Professional.

What are the security issues with Microsoft's "Surface"? Click here to read more.

Yet, in spite of urging upgrading in order to gain improved security, Microsoft is treating the bug as a nonissue, providing no workaround nor indications that it will patch versions 5.0 and 5.1. "This behavior is by design," the KB article asserts.

Rather than supply a patch or workaround, Microsoft published six steps to reproduce the exploit—a response that is "a bit atypical," according to Frantzen. "Microsoft is telling the world how to exploit their products being used by their customers. Not that the worst of those interested in it did not already know, but the one thing we need from Microsoft is not the exploit, but the patch or at least a decent work-around," Frantzen wrote.

The only defensive information Microsoft gives is to urge users to upgrade to 6.0—an upgrade that's neither free nor easy, Frantzen pointed out. He provided these possible workarounds:

• If you don't use the Web hits functionality, a simple workaround would be to remove the script mapping for .htw files. Without a script mapping, IIS should treat the file as static content.
• Try to use application-level firewalls (filters). If you have the infrastructure it can be a temporary measure till you can upgrade IIS, solving the actual problem.
• URLScan, a URL filter by Microsoft can be used to stop access to .htw files and is reported by some SANS-ISC readers as being effective.
• Manage rights on the confidential files or directories themselves.
• Upgrade to Apache or another Web server, with or without a (cross) upgrade of the OS.
• Scramble an upgrade to Windows 2003, potentially on more potent hardware.

Frantzen advised IIS 5.x users that failing to find "null.htw" in a document root directory doesn't mean much—the exploit doesn't need the file.

Microsoft hadn't delivered a statement by the time this story posted.