I’m on vacation, but still checking my email. Many thanks to Mickey Williams who pointed out to me that my referral log had been hacked. I’m not sure hacked was quite the right word for it – I was breaking the first rule of Secure Code – Trust User Input at Your Own Peril. The referral HTTP header is a form of user input, and I was happily echoing it back out to the site without any sort of check whatsoever. I guess I should consider myself lucky that I ended up with a page full of porn links rather than something more serious. Obviously, I’ve taken the page down. When I get back from vacation, I’ll check the server log to see when this started happening. Anyone else blindly storing and echoing referrals should keep an eye on their log.

I asked a while ago about canonical weblog names. At the time, I wanted unify the entries in my referral log that pointed back to the same weblog. Now, I want to also eliminate bogus entries as well. Is pingback/trackback the answer?

With the launch of VS.NET 2003, there’s a bunch of new architecture information from Microsoft. A whole new Pattern Repository site is up, featuring patterns for web presentation, deployment, distributed systems and performance and reliability. All of the patterns have communities – check out the Community Resources for Architecture and Design on GotDotNet, including areas on Enterprise Architecture, Application Architecture, Systems Architecture and Patterns and Templates. Tools like a TDL Policy Editor and new Enterprise Templates are also available.

I’ve updated my SharePoint RSS Feed Generator to version 0.2. Primary new feature: RSS feeds for individual lists. As I mentioned in my last post, I’m on vacation next week, so v0.3 will be a while. Current top features being considered for v0.3 are an OPML feed and modifying the WSS UI to include links to RSS feeds (both web feeds and list feeds).

I’ve also been working on a tool to help me explore the Windows SharePoint database. Any interest in that?

100′s of unread blog entries, 100′s of new emails, no new posts on DevHawk.net. It’s almost like I’ve been offline at a team meeting in Vegas for three days. Actually, it’s exactly like that. Next week will be more of the same, as I’m on vacation (taking my son Patrick to meet his Great-Grandmother). So today is my big chance to get caught up on everything.

As was reported on Sells Bros., Windows XP Media Center Edition (MCE) is available to MSDN Universal subscribers for download. I had an older PC lying around, so I thought I’d give it a whirl. So far, pretty cool. But, of course, it doesn’t matter if you can’t write code for it. 😄 Luckily, I found the Media Center Extensibility Guide as well as information about programming the remote control. According to the remote control article, any XP Pro machine should support the remote control. So even if you don’t have MCE, you can still buy the remote control and use it (I got mine from NewEgg.com). Only bummer – remote control messages are mapped to a variety of windows messages – WM_INPUT, WM_APPCOMMAND, WM_KEYDOWN, etc. No convenient CLR Windows Forms mapping, even though MCE ships with the .NET Framework.

Update – the remote control does, in fact, work with XP Pro. Tried it out w/ WMP to mute, change volume, move to next track, etc.