Josh Wieder

Do you know who Tess Ferrandez is? If not, you are missing out on the author of what I consider the most lucid series of articles on the topic of debugging .NET. Check out her series of demos on how to fixxit all things .NET . The most useful post I have seen so far is her piece on how to capture dumps on 32 bit process within 64 bit systems  (without needing to DL procdump). +1 nerd points to Ms Ferrandez for making my job of learning all things Windows a bit less painful.

I am a data center guy. Layer 7 is the bees knees and all, but work doesnt really feel like work unless you can get electrocuted, yknow? So please watch the video above as Microsoft explains one of their first POC's for their DC cubes and share in the excitement with me. 2009 was a big year for modular data centers, and so the above video of Patrick Yantz (former Microsoft DSS Smarty Pants, c/o Hanselminutes on 9) is a bit on the older side. The industry as a whole hasn't caught up with this technology yet; we are still at the very beginning of the curve here. There is a lot of Business Nerd reasons for this - my intuition tells me that adoption will be in bursts driven largely by regulation not necessarily *preventing* the building of new DC's but slowing it down and uneasiness about long term demand paying off capitol outlays with whole DC buildouts - for the time being its still a very elite market, as most Normal folks will still simply lease and muscle DC providers

Windows Server 8 set loose in the Cloud

Phil Zimmerman of PGP Encryption fame is launching a new project, Silent Circle -  The idea is an application suite complete with encrypted VOIP, email and IM. Exciting stuff! Lets hope it works out better than Hushmail !

Latest Update from Basement Dweller News: A great primer on random number generation from a few smart cookies at Intel, by way of IEEE: http://spectrum.ieee.org/computing/hardware/behind-intels-new-randomnumber-generator/0 On a very related note, let's keep our eyes on systemic issues with encryption keys in the wild: http://eprint.iacr.org/2012/064.pdf I have yet to formalize an opinion as to the validity of any systemic key issues intrinsic to RSA (because I was a "D" math student I have to wait for the grown-ups to weigh in on these Deep Thoughts. I would like to see larger keys in use standardized and don't see any good reason not to) A compelling critique of the survey, urging for additional data before judgment is reached: http://dankaminsky.com/2012/02/14/ronwhit/

So its been about 5 months since the IETF released the RFC 6455 proposal for websockets: http://tools.ietf.org/html/rfc6455 The websocket API is a protocol that allows for the bidirectional transfer of http/https data. This breaks down to a single initial handshake and then autonomous communication from both the server and client concurrently. With it comes a significant performance improvement (as only one handshake is needed, and client-side implementation gets much simpler) and a number of practical applications - I always think chat clients, but the applications are endless for web driven applications that require real time data transfer (HTML5 games that don't suck!) Its no secret that websockets will not work with a standard IIS7 implementation. Http.sys is a greedy bugger, and gobbles up all connections listening on port 80. Even with WCF, there is no formally recognized workaround besides "wait for 8" and the native websocket/SOAP functionality that it

I saw a lot of misinformation about this on the inter-tubes recently, some of it intentional misleading of customers, some of it unintentional, so it might be remedial for a lot of readers but posting a clarification here because its worth it to help clear up the confusion. Here are some facts that should help people when first making the leap to securing multiple server environments: Servers are domain and private key specific. They are not machine specific. You are welcome to generate multiple SSL certificates for the same domain to host on separate servers. Think for a bit, this *has* to be true. When everyone goes to https://google.com, are they hitting the same web server or SSL caching server? Of course not.* The most common scenario where this would be valuable is with a load balanced web cluster, but I recently came across this in a deployment with web and mail component where the mail admin neglected to give their MTA a unique FQDN *and* the organization is using SSL/TLS f