88 senior officials implicated

The Committee of Oversight and Government Reform has released its initial findings after investigating the use of parallel email accounts by officials in Bush's White House.…

It's here! Late last week a box of books arrived at my door with the first pressing of "the book." Yes, we have a baseball team worth of developers on the cover (I'm the fourth one over), and they're the right ones for the team. I'd really like to thank Tom Rizzo for getting the ball rolling and John Holliday for picking up the lead author role, as well as Jim Minatel and Ami Sullivan at Wrox for pulling the team together and guiding the process. When you're a member of a team like this, you wonder how it's all going to play out and I'm glad to say that not only am I pleased to have my name on it, but that I'll be refering to it constantly in my development and willl happily use the examples in my courses.

I wrote two chapters -- the first two. Chapter One is an introduction to SharePoint and describes how it fits in with the rest of the Microsoft stack. It's as much for network administrators and architects as developers, and puts SharePoint in the context of all Enterprise services. By doing so, it shows what capabilities SharePoint is intended to have, and what capabilities are provided elsewhere. I hope it makes clear the logical services SharePoint provides to an organization, it is not intended to be a developer-specific chapter.

Chapter Two then transitions from SharePoint architecture into the developer side by moving from the abstract architecture of Chapter One into the physical architecture of the MOSS farm. From there it drops into the setup and configuration of both the server and the development machine, leaving it up to you to decide whether these roles will happen on one machine or two. I prefer to see development take place off the server. Yes, remote debugging is a hassle to set up, but in SharePoint the experience is not entirely different from local development, and it keeps a lot of junk off your servers. The book content is a good start and as new tools, utilities and techniques appear I expect to write more in future posts. I'll continue to keep my post on building a development machine up-to-date, but the book is where you'll find the step-by-step to actually do it.

Of the other chapters, I do have my favourites. I had the pleasure of meeting John Holliday at the MVP Summit earlier this year and have to say that in addition to being a fine person, he's written some of the best pieces on Document Management, Records Management, Web Content Management (WCM) and Forms Server you will find anywhere (chapters 11 to 14). Want to build Content Types either programmatically or with XML-defined features? Want to learn how to add validation to a Content Type feature? Want to extend STSADM.EXE so you can administer that same policy from the command line rather than a recompile? Read John's chapter on Document Management. And all of his chapters are that thorough. Consider me thoroughly impressed. To check it out for yourself, you can read the opening of chapter 11 online.

Jeff Julian's chapter 6 provides a sample collaborative solution for an HR department. It's brief, but unlike most technical writing it tells the story in practical terms. That's cool. The truth is that most SharePoint solutions involve more configuration than code, and to see a real-life demonstration of this is a nice change. Brendon's chapter on Profiles and Personalization is the best explication and code I've seen on the topic. And then there's the chapter on Workflow by John and Tom. This is a trove of great workflow diagrams, explanation and code. I recently taught MOSS workflow and I wish I had all this then. They use WebForms rather than InfoPath forms so it’s not a pure MOSS solution, but being the more difficult of the two scenarios, it was the right decision to make.

Is there anything wrong with the book? In the past few days of reading, I see no significant omissions or issues. I’ll post fixes for my own errata online as items crop up, and one day perhaps a second edition will serve to clean up the edges. There is also a public P2P Forum to discuss the content and I know a few of us watch it to see that questions get answered. So far, the occasional typo and one duplicated table (pp 57 and 109) are about as you would expect for 694 pages of content. Any place I might change something, it’s just an editorial difference of opinion. Of what's there, it's pretty solid.

You're wondering, "What do you really mean by no significant omissions or issues?" I'll be transparent and you'll see what I mean. Chapter 7 on Blog and Wiki sites is more configuration than development, but it was an odd choice to include a feature rather than an extensibility point in the first place. So it’s a bonus, and for anyone interested in the topic then there’s a great CodePlex site where these features are being extended. In the appendix on Visual Studio Extensions for WSS (VSeWSS), it could be pointed out that there are alternative project templates out there (particularly for web parts, which should not be installed to the GAC if you can help it). However, it’s a complete, well-written section that greatly expands on my brief description on p 35.

What else? It’s actually funny (well, to me) that 21 full pages are filled with a BDC definition file, this being Microsoft’s way to connect to external data sources with “no-code”. It drives the point home that while there’s no code, these are not trivial files.

Final biased verdict? This is an excellent MOSS developer book. For intermediate coverage of WSS and MOSS for developers, this is it. There are others which cover WSS in more detail, but ignore MOSS. There are others which dig deeper on specific MOSS features (e.g. WCM) but skip WSS. There are others intended for administrators or end-users but not developers. But for developers who want the full spectrum of topics, a desktop reference and a load of sample code, go ahead and compare the lot. I think you’ll find Professional SharePoint 2007 Development a great choice. Disagree? Tell me. Agree? Tell everyone!

Resources 

[Browse the Table of Contents]

[Read Chapter One - Application Platforms and a Chapter Eleven - Content Management excerpt]

[Get the Sample Code]

[Discuss Professional SharePoint 2007 Development on the WROX P2P Forum]

[Buy Professional SharePoint 2007 Development on Amazon]

(InfoWorld) - Online criminals have launched a widespread Web attack that has turned tens of thousands of legitimate Web sites into weapons, security vendors said Monday.

The attack began late last week, and by Monday morning, more than 10,000 Web sites had been compromised, according to security firms Trend Micro and Websense.

Although attackers have hit targets around the world lately, more than 80 percent of the infections are on Italian Web sites, said David Perry, global director of education with Trend Micro. "Almost all of the Web sites we saw this weekend were in Italy; We were referring to it as 'Italian Job 3,' in-house," he said referring to the Michael Caine heist film that was remade in 2003.

Most of the infected Web sites are legitimate, Perry added. "These aren't porn sites, they aren't gambling sites; they are hotels, fish-and-tackle sites, tourist information," he said.

Even local Italian government Web sites have been infected, and most of the affected sites are hosted by one of Italy's largest Web service providers, Trend Micro said.

Infected Web sites contain a short piece of HTML "iFrame" code that redirects the victim's Web browser to a server that attempts to infect the victim's computer using a tool called "MPack."

MPack can launch a variety of different attacks against the victim's PC, depending on which browser and operating system is running. It exploits a number of well-known bugs that have already been patched, meaning it is dangerous to people who are not running an updated version of their browser, Perry said. "If they have a browser that hasn't been patched, their machine is going to be compromised."

The malware can be used to attack Internet Explorer, Firefox, and even the Opera browser.

MPack installs a keylogger and a Trojan downloader program on compromised PCs so that the attackers can monitor the victim's activity and run other unauthorized programs on the computer. "They can turn your computer into anything they want," Perry said.

The U.S. FBI is investigating the matter, according to Perry. "This is an absolutely criminal activity," he said. "They're attaching keyloggers to many thousands of people's computers without their consent"

While the technique these criminals are using to infect PCs isn't new, "an attack on this scale is notable for both its ambition and the coordination involved in pulling something like this off," said Chris Boyd, a researcher at FaceTime Communications. "Users should ensure they're fully patched as the hackers are relying on you running exploitable systems to gain entry into your PC."

AP - Yahoo Inc. Chairman Terry Semel stepped down as chief executive in a surprise move Monday, ending his increasingly ineffectual pursuit of online search leader Google Inc. — a losing battle that had demoralized Yahoo's shareholders and employees.