Friday, December 21, 2007

Project Hoshimi, Round 1, Rank 1

Project Hoshimi is a Programing Battle in Imagine Cup 2008. One has to programmatically control a set of nanobots to accomplish a set of given objectives. There are different types of bots, all controlled and synchronized by a single AI bot.

Round 1, the qualifying round for Hoshimi,  has started and I was participating on it for the last 3-4 days. Yesterday morning, I finally managed to optimize our strategy and managed to score 2700, which places us right at the top. Here is the leader board screen-shot :

Hoshimi_Round1

Our team CU_CSE is right at top with 8 other teams. Till now around 150 teams have taken part. I hope that 2700 is the maximum that we one can score in this round ... but let's see if somebody can beat that.

Imagine Cup 2008

What is Imagine Cup?

Like the last five years, this year too, Microsoft has organized the world’s premier student technology competition, Imagine Cup 2008 (IC_2008). Through Imagine Cup, Microsoft is encouraging young people to apply their technological skills, artistic abilities and creativity to make a difference in the technological world around us. This one of the largest global student events. Last year, in IC_2007, more than 100,000 students around the globe, took part in the competition.

This year too, IC_2008 has started. Anybody over the minimum age of 16 years and currently pursuing a educational course in any recognized school, college or university is eligible for participation.

Imagine Cup 2008 Events

IC08_Logo_small

This year's theme is : "Imagine a world where technology enables a sustainable environment". Based on this theme, students have nine different categories of competition each testing a pupils abilities in different categories :

The prize money are quite attractive and added to it is the exposure that students get. I am not sure about it, but most probably Microsoft offers job opportunities to the finalists. In any case, the competitions are too fun to miss. Most of them are online, so no need to move from the comforts of our home or maybe, just a few more hours at college. The charm of getting a team together and working along with a deadline in mind is just awesome.

Please participate ....

I urge all my fellow students to take part in this event. Do not worry about your skill level, you never know how your opponent is. The first time I tried my hands at a competition, I had no idea of others, but I slowly gathered confidence. The worst that can happen is that you lose, but even that offers a evaluation platform. At least one gets to know his/her position globally.

Microsoft Campus Unit Inauguration

On Dec 7th 2007, Friday, the Microsoft Campus Unit was inaugurated in the University College of Science and Technology (Rajabazar Science College) under the University of Calcutta. The venue was on the N.R.Sen Fluid Mechanics Hall. Many professors were present in the inauguration function :

  • Dr. D.D. Sinha (Head of the Dept, CSE)
  • Dr. S. Sen Sharma (Sr. Prof, CSE)
  • Mr. K.N. Dey (Sr. Prof, CSE)
  • Mr. S.K. Setua (Prof, CSE)
  • Dr. N. Chaki (Prof, CSE)
  • Dr. S. Chowdhury (Prof, CSE)

Mr. Mohammed Reza (Academic Advisor, Microsoft India) officially inaugurated the club and gave a talk on the functions and goals of the club. He discussed a lot about the opportunities and benefits that the students will get through this club. He answered many queries raised by the students on Microsoft.

The very informative two and half hour long session came to an end with Mr. Reza distributing five DVDs of Microsoft Visual Studio 2008 Team Suite (Beta 2) to five lucky draw winners.

More than 150 students attended the inauguration and were signed up for the Microsoft Campus Unit. A group called KolkataNetStudent has been created for this purpose and all interested students are requested to join it.

Monday, December 17, 2007

Microsoft Download Center Beta

While trying to download .NET 3.5 Power Toys, I suddenly had a very obtrusive pop up window thrown at my face, saying that I had been "randomly chosen" to experience the Beta version of Microsoft Download Center. I accepted the offer immediately and was soon taken to a page that checked whether my browser would support all the features of this preview. I keep my browser updated, and had the Silverlight plugin installed so I passed the tests easily. Below is the screen-shot of this test page ...

MS 02

The ball in the mid-right part of the page is a visual treat, rendered with silverlight. You got to see to believe the capabilities of Silverlight, but my CPU usage shoots up to around 30% for this alone.

Upon hitting the continue button, I was taken to the actual Beta page, which looked great but took a lot of time to load. Around a minute only to load the page. I am sure this would not be there in the final version. Here is the screen-shot of the beta page ...

Microsoft Download Center

The top banner displaying IE 7, is actually a slide show with 3 different pictures. I am sure, there are some other improvements too, but visually it is a treat to watch. Of course there are a few glitches, but I guess they would be taken care of in the release version.

Sunday, December 09, 2007

Visual Studio 2008 Express

Story so far ...

I tried to get into Win32 development for a long time, but I got my first experience with the Visual Studio 2005 Express editions. The most attractive part of the Express Editions was that they were free. Although advanced features were missing from it, I soon found out the tools provided were quite sufficient for my small requirements. I would rather jump into managed code development with a set of proper and legal tools rather than try out the same with the pirated versions where I had to always remain in fear. There was a version of MSDN for Express Editions too and it provided me with the much needed documentation.

So although I have become a Microsoft Student Partner now and enjoy a MSDN premium subscription that comes with it, the Express Editions still are very near to my heart. I distribute them to my friends and have a copy of it installed on a Virtual PC, in case I need to troubleshoot an application for my friend.

Visual Studio 2008 Express

The newest of the Express Editions is VS 2008 which sports a lot of improvements both in the Windows and the Web development areas. The WPF additions prove to be great. The WPF designer is like a boon for all those people interested in cool GUIs. It is very similar to the forms designer as per using it is concerned. Editing XAML and being able to see it instantly in the split view is cool too.

SQL Server Compact Edition is now a part of the C# and VB Express editions and allows us to create a data-driven application on the client side which can harness the power of SQL Server with much lower resource usage.

Multi targeting is another area that I love. You can target your code for older .NET platforms too, for running on PCs that do not have .NET 3.5 installed. I always use this feature when I do not need any new .NET 3.0 or 3.5 things link LINQ.

Web Developer Express 2008

The Web Developer Express 2008 has also improved. The Web page designer is been reworked. It now has a better support for CSS editing and development of AJAX based web sites is a breeze with it. I am told that it has improved its XHTML Standards compliance, but I am not competent enough to have a say in this regard. The javascript intellisense and debugging features were much needed which helps in writing complex javascript effects, menus and of course AJAX based sites.

... and this is what I think

Installing VS 2008 Express Edition over VS 2005 Express is an easy task. Moreover you can continue using it along with VS 2005 too. I currently have both in my virtual PC. Although no major glitches have surfaced so far to shy away for VS 2008, I hold on to VS 2005 just to be on the safe side. You can download Visual Studio 2008 Express free from the official MS sites. There are five different web installs :

and one single Express Edition ISO downloadable for offline installation. I recommend the ISO as you can burn it for later and distribute it too.

Saturday, December 08, 2007

Microsoft Security Summit 2007

I attended the Microsoft Security Summit 2007 that was held in Kolkata on Dec 6th 2007. The venue was Taj Bengal. The session was primarily meant for developers. Registrations started from 0900 and by 0945, the summit started in full throttle.

Platform Security

The first session, "Microsoft Platform Security – An Overview" was delivered by a Microsoft ACE team member Mr. Prasad Nelabhotla. The discussion centered around the different forms of attacks that were prevalent on the Windows platform, starting from the cross site scripting attacks and how to defend against potentially harmful user inputs. Input validation at all stages was suggested as the primary means of defense. The "blacklisting" vs "white listing" approaches were addressed.

Typical problems of unmanaged code like buffer overflow was discussed and how managed code like .NET manages to address some of them were discussed. We learnt that the protection mechanisms should be built into all the different layers of our application and not just the outermost layer which interacts directly with the client. Ideally the developers should assume that all the layers before them are insecure and proceed to build maximum security features into their layer. Microsoft SD3 philosophy was discussed; Security by Design, Security by Default and Security by Deployment.

Developers were introduced to Threat Modeling which takes into account the different types of threats relevant to a particular scenario and the paths of them. It further marks the threats into different criterion based on the STRIDE classification. The DREAD method of evaluation of threats were discussed which attaches weights to threats by the five parameters : Damage potential, Exploitablity, Affected users and Discoverability. The importance of Logging and Auditing was stressed upon for analyzing the different threats.

Application Platform Security

The second session was on "Application Platform Security" and was delivered by the same person from the Microsoft ACE team, Mr. Prasad Nelabhotla. In this session the security features related to a .NET application was discussed. The features of .NET like Type Safe Expressions, Assembly Isolation, Authorized memory Access only were discussed and how they make the platform secure was brought out. The security features provided by Windows were talked about and how .NET security complemented it was shown.

The Code Access Security (CAS) was a major topic and how the platform grants security privileges to the assemblies were discussed in detail. The CAS policies and permission sets were demonstrated. The different levels of security available were talked about.

Encryption of data transmitted through a non secure channel was discussed and a brief overview of the .NET platform built in cryptography library was given. We were introduced to the different types of symmetric and asymmetric encryption algorithms supported by the System.Security.Cryptography namespace. Usage of DPAPI was advised for storage of sensitive information.

Data Platform Security

The next session was on Data Platform Security, conducted by L. Srividya, Architect and Evangelist, Microsoft India. She talked about various forms of attack on data platform, resulting in loss, corruption or leak of Databases which might prove devastation to the company. Cross site scripting and SQL injection were the chief topics.

Importance of backups and checking their restorability and status was discussed. The issue of physical security and software security were talked about. The kind of error message to display to the end user was also a good point. Messages like "Incorrect Password" could mean that the user name was correct and this should be replaced with "username and password did not match" type of messages.

The fact that hackers these days are professionals were stressed upon, so any loophole could be exploited. Even the amount of time available to developers are far less than what hackers have at their disposition. So best effort of secure the Database must be used. So every critical patches must be applied as quickly as possible, even if it means getting the server offline for a couple of hours. Some example of attacks were cited and their impact on the company were shown as an example.

The best practices turned out to be validation of user input, encrypting data through a unreliable channel, encrypting the database. The programs should be given as low privilege as possible. We do not need to give all our programs the SA privilege. The default username-password pairs like "scott-tiger" should be changed. The impact of a security breach from the inside was also discussed with the remedy that the number of most privileged users should be very low in number.

Web Platform Security

This fourth and final session was conducted by Vimal Rajyaguru, another member of the ACE team. He discusses the various threats imminent on the web today and how ASP.NET provides counter measures against them. ASP.NET and IIS were used to demonstrated some of the typical attacks like the cross site scripting, one click attack, and how their remedy through ASP.NET inbuilt features.

Various add-on packages like Anti XSS library were discussed. View state protection, HMAC message authentication, forms authentication were discussed. A comparative study of IIS across various versions were done along with the new features.

Conclusion

The one day long summit, although targeted for developers, was very informative for computer science students like myself. I am quite interested in cryptography and the practical usage of them were quite interesting. The various security threats were an eye opener and importance of security in application was well conveyed. Threat modeling was a completely new thing to me. Not being a web developer I could not understand most of the ASP.NET discussions but Vimal made it interesting enough with his hands on demonstrations.

The goodies were great. Each of the attendees got a copy of the book "The Security Development Lifecycle" by Mchael Howard and Steve Lipner from the MS Press. We also got two DVDs, "Microsoft Developers Security Resource Kit" for VS 2005 and a Visual Studio Team Suite Beta 2 editions usable up to March 2008.