Larry Osterman's WebLog
Just another Developer Network site
The Shell used to get all the cool APIs :)
After I posted my article on the SHAutoComplete, I mentioned it to one of my co-workers. His...
Author: Larry Osterman [MSFT] Date: 11/05/2007
Adding AutoComplete to your edit controls
For whatever reason, most of the toy applications I tend to write seem to end up being dialog based...
Author: Larry Osterman [MSFT] Date: 11/01/2007
What happens when audio rendering fails?
Skywing sent me an email earlier today asking me essentially "Why doesn't Windows do a better job of...
Author: Larry Osterman [MSFT] Date: 10/31/2007
Why do people think that Windows is "easy"?
Every once in a while, someone sends me mail (or a pointer to a blog post) and asks "Why can't you...
Author: Larry Osterman [MSFT] Date: 10/29/2007
"Memory Leak" when using the Vista Audio API notification routines
We recently got an internal report from someone using the internal audio notification APIs that they...
Author: Larry Osterman [MSFT] Date: 10/24/2007
Every threat model diagram should tell a story.
Adam Shostack has another threat modeling post up on the SDL blog entitled "Threat Modeling Self...
Author: Larry Osterman [MSFT] Date: 10/22/2007
The evolution of a data structure - the WAVEFORMAT.
In the beginning, there was a need to be able to describe the format contained in a stream of audio...
Author: Larry Osterman [MSFT] Date: 10/18/2007
Larry and the "Ping of Death"
Also known as "Larry mounts a DDOS attack against every single machine running Windows NT" Or: No...
Author: Larry Osterman [MSFT] Date: 10/16/2007
Sorry about not posting...
Work got a bit insane last week (work fell on me like a ton of bricks), then on Thursday I left to...
Author: Larry Osterman [MSFT] Date: 10/15/2007
Must my service name have the name of the executable in which it's contained?
It must be psychic debugging week 'round here. I received the following email on an internal mailing...
Author: Larry Osterman [MSFT] Date: 10/05/2007
The Windows command line is just a string...
Yesterday, Richard Gemmell left the following comment on my blog (I've trimmed to the critical...
Author: Larry Osterman [MSFT] Date: 10/03/2007
Some final thoughts on Threat Modeling...
I want to wrap up the threat modeling posts with a summary and some comments on the entire process....
Author: Larry Osterman [MSFT] Date: 10/01/2007
What's wrong with this code, part 21 - A Psychic Debugging Example - The answers.
So for the past couple of posts, I've been walking through a psychic debugging experience I had over...
Author: Larry Osterman [MSFT] Date: 09/26/2007
What's wrong with this code, Part 21 - A psychic debugging example: The missing piece
As I mentioned yesterday, one of the other developers in my group had hit a sticky problem, and he...
Author: Larry Osterman [MSFT] Date: 09/25/2007
What's wrong with this code, part 21, a psychic debugging example
Over the weekend, one of the developers in my group sent me some mail - he was seeing one of the...
Author: Larry Osterman [MSFT] Date: 09/24/2007
Threat Modeling Again, Threat Modeling Rules of Thumb
I wrote this piece up for our group as we entered the most recent round of threat models. I've...
Author: Larry Osterman [MSFT] Date: 09/21/2007
Threat Modeling Again, Threat modeling and the fIrefoxurl issue.
Yesterday I presented my version of the diagrams for Firefox's command line handler and the...
Author: Larry Osterman [MSFT] Date: 09/19/2007
Threat Modeling Again, Threat Modeling in Practice
I've been writing a LOT about threat modeling recently but one of the things I haven't talked about...
Author: Larry Osterman [MSFT] Date: 09/18/2007
Threat Modeling Again, Presenting the PlaySound Threat Model
It's been a long path, but we're finally at the point where I can finally present the threat model...
Author: Larry Osterman [MSFT] Date: 09/17/2007
Threat Modeling Again, Pulling the threat model together
So I've been writing a LOT of posts about the threat modeling process and how one goes about doing...
Author: Larry Osterman [MSFT] Date: 09/14/2007
Threat Modeling Again, Analyzing the threats to PlaySound
In my last post, I enumerated a bewildering array of threats that the PlaySound API is subject to,...
Author: Larry Osterman [MSFT] Date: 09/13/2007
Got Tetris?
I just wanted to take a quick break from threat modeling to point to a video that Valorie passed on...
Author: Larry Osterman [MSFT] Date: 09/12/2007
Threat Modeling Again, Threat Modeling PlaySound
Finally it's time to think about threat modeling the PlaySound API. Let's go back to the DFD that I...
Author: Larry Osterman [MSFT] Date: 09/11/2007
Threat Modeling Again, STRIDE per Element
As I mentioned the other day, we had three huge big realizations as we've been doing more and more...
Author: Larry Osterman [MSFT] Date: 09/10/2007
Threat Modeling Again, What does STRIDE have to do with threat modeling?
In my last couple of posts, I've talked about the STRIDE categories. As I mentioned, STRIDE provides...
Author: Larry Osterman [MSFT] Date: 09/07/2007
Threat Modeling Again, STRIDE Mitigations
I described the 6 STRIDE categories the other day. In that post, I mentioned that there are "well...
Author: Larry Osterman [MSFT] Date: 09/05/2007
Threat Modeling again. Drawing the diagram.
In my last post, I listed off some of the elements that make up a threat model. Now that we have a...
Author: Larry Osterman [MSFT] Date: 08/31/2007
Windows Vista Sound causes Network Throughput slowdowns.
AKA: How I spent last week :). On Tuesday Morning last week, I got an email from...
Author: Larry Osterman [MSFT] Date: 08/28/2007
Applet Best Practices
The first and most important thing that a person considering writing applet needs to do is to stop...
Author: Larry Osterman [MSFT] Date: 08/23/2007
Applet Mitigations
As I've mentioned, applets can be a plague on your system. The annoying thing is that it's possible...
Author: Larry Osterman [MSFT] Date: 08/16/2007
So why are applets so bad, anyway?
There's a simple answer to that question. As I mentioned in the first post in this series, "It's my...
Author: Larry Osterman [MSFT] Date: 08/15/2007
Why do people write applets?
Since I spend so much time railing about applets, I also tend to look at applets to see what they do...
Author: Larry Osterman [MSFT] Date: 08/14/2007
Where does the time go? Daniel's play premiers on Friday!
A while ago, I'd mentioned that Daniel was cast as Orin Scridlow in SCT's summer season production...
Author: Larry Osterman [MSFT] Date: 08/01/2007
Live search thinks I'm who?
Live search added face recognition to their image search the other day (which is way cool). Someone...
Author: Larry Osterman [MSFT] Date: 07/31/2007
Actually, the Internet IS a series of tubes...
Alaska's Senior Senator Ted Stevens was widely disparaged for a speech he gave back in June of 2006...
Author: Larry Osterman [MSFT] Date: 07/30/2007
Playsound is failing on Vista! What's wrong?
Recently BillP, the author of the antispyware application WinPatrol asked on the MSDN forums about a...
Author: Larry Osterman [MSFT] Date: 07/24/2007
My mother will be happy, her grandson's going to be a Dentist!
Well, he's going to be playing a dentist on stage :). Tuesday Evening, Daniel was cast as Orin...
Author: Larry Osterman [MSFT] Date: 07/05/2007