What is the best way to reach a live Microsoft developer on the phone who can answer technical questions about standardized OpenXML formats?
I have a paid MSDN support contract. I wanted to use one of my phone tickets but only production-related questions are eligible. For various reasons, I'm not interested in online support.
If this is the wrong place to ask this question, I'd appreciate a pointer in the right direction. I've been on the phone with Microsoft already and frankly I rely on StackOverflow more than Microsoft support.
Phone support is almost always paid for. One of the only ways you're going to get free phone support is find a Microsoft-employee-friend to give you a QuickAssist card.
Other than that, forums are the way to go.
The Office Open XML File Format Implementation forum is the place to ask your questions. Forewarning though - the responses can sometimes be incredibly slow as some of the folks manning the thread are not actually experts on Open XML but instead just try to read the ECMA spec to answer your questions. If you push hard enough, you may just have some luck though. (You'll see me on there as both "otaku" and "terlo").
The other place to ask questions that is "sponsored" by Microsoft is OpenXMLDeveloper.org. The forums you'd probably be interested in are at http://openxmldeveloper.org/discussions/formats/default.aspx. They don't seem to be regularly viewed by Microsoft though, but sometimes. There are other folks who try to answer questions though and do a decent job. (You'll see me on there as "tendoors").
Finally, Stackoverflow.com has some decent folks following OPENXML and OPENXML-SDK tags. You can try in all 3 locations if you like :)
I'd suggest you ask your question here, and in the Open XML Developer forum.
The msdn forums don't offer much knowledge of Open XML.
The Open XML Developer forums (http://openxmldeveloper.org/discussions/formats/default.aspx) employ people to answer your questions so you're somewhat guaranteed a response, however YMMV.
Here, you might just be surprised what people know.
Related
First
No I am not asking you to teach me hacking, I am just curious about this file and its content.
My journey
When I dived into the new HTML5 Boilerplate I came accross the humans.txt. I googled for it and I came at this site http://humanstxt.org/.
Immediately my attention went to this picture:
Do I read this correctly? Hackers.txt?
So I resumed my journey in google and stopped at this articles
When I started reading this I had the feeling that its about the difference between Hackers and Crackers. Later I got the feeling that I'm might be wrong and that this place is that this hackers.txt file is a sort of guestbook for hackers?
Also other examples about hackers.txt files I found here
Some files contain code, others have just hurtfull information.
Now I'm realy confused, guestbook, hack tutorials or just history?
Question
What is the use of this hackers.txt file?
The way I see things:
robots.txt contains information and instructions for robots (so it should be read/used by web crawlers, spiders and other kind of bots)
humans.txt contains useful information to be consumed by humans, according to http://humanstxt.org/
hackers.txt should be targeted towards hackers, so it should contain any information the site owner might want to transmit to a hacker, as Ze'ev pointed out. I don't think this should be a place for hackers to write anything, but rather to get information from the site owner (perhaps on how to report vulnerabilities, as others suggested).
Commonly known as Eduardo Vela, Eduardo A. Vela Nava (or sirdarckcat on Github and Twitter) has been a Security Engineer at Google since 2010. (He currently has the role of Product Security Response Team Lead).
As other security experts before him, he pondered the issue of effectively communicating the details of a site's vulnerability reward program to white hat hackers/pen-testers.
One specific such person is Chema Alonso (also on Twitter).
He is well-known enough to warrant a Spanish Wikipedia entry
Between 2005 and 2011 Alonso was awarded the Microsoft Most Valuable Professional Award for Enterprise Security 6 years in a row. That should tell you something about his "skillz".
On February 3rd 2011 Alonso wrote about his frustrations regarding the topic of communication between the administrators and/or developers of a site and hackers.
He proposes a similar initiative as humans.txt but for hackers. As he mentions this hackers.txt initiative in his blog-post.
In April 2011 The humanstxt.org website got a new design which includes the image which mentions the hackers.txt file.
At this point, I must sadly submit to conjecture, but... consider:
The team behind humans.txt are all from Spain (mostly Barcelona)
At this point Alonso is already quite well known in the Spanish developer community
Would it be such a far stretch to imagine that they got to know of each other's efforts?
On May 14th 2014 Vela, already working at Google, commented on a blog-post by Alonso. It is most likely that they had further contact in a professional setting. Whether or not thay extively shared their idea's regarding anything related to hackers.txt is unknown.
On July 6th 2017 Vela posted a question to this extent on twitter:
How about we create a /hackers.txt that says whether something is in scope or not of a vulnerability reward program and where to report it?
Subsequently, an empty git repository was created for hackerstxt.org on github
and an email thread was opened at Google Groups to discuss this idea further.
On August 13 2017, Edwin Foudil (or EdOverflow on Github and Twitter) created a git repository for security.txt on Github and responded to the mailing list:
I have published a similar project to the one being discussed in this group (https://github.com/EdOverflow/security-txt) and would love to get some of your feedback and ideas.
The project is the equivalent of robots.txt, but for defining a security policy. Companies can add a security.txt to their website and define clear guidelines of what security researchers must do when they discover a security issue. security.txt also allows bug bounty programs to add their scope there. security.txt uses a similar syntax to robots.txt, which should make it easier for machines to parse.
He was, in part, inspired by an open-source project he was working on at the time called GratiPay. GratiPay had a SECURITY.txt file since 2013.
His inspiration also drew from the SECURITY.md files that more and more open-source projects were adding to their repositories.
On September 10th 2017, Foudil submitted a first draft for security.txt to the Internet Engineering Task Force.
On September 14th 2017 Alonso wrote a blog post with the title (translated from Spanish) "Security.TXT an IETF draft for my Hackers.TXT".
Beyond the title, Alonso does not allude to the fact that his 2011 idea was the origin of the draft but he does state his approval of the effort.
On February 3rd 2018, the mail group was informed to concede to security.txt and Vela tweeted that Google had already implemented one.
Further information
Details and a nifty tool to generate your own security.txt can be found at
https://securitytxt.org/
Adoptation
Even though the RFC is still in draft, the standard is already being adopted quite well by major players on the web.
Besides the security.txt at Google, there is also one on the website of:
1password
BBC
bit.ly - http://bit.ly/security.txt (can't be linked because StackOverflow blacklist the use of common link shorteners in posts)
CERT NZ
DailyMotion
Dropbox
Facebook
Github
haveibeenpwned
NodeJs
NPM
Open SSL
Shopify
(Feel free to add more from well-known sites, if you find 'm)
As with humans.txt, there also seems to be a hackers.txt site at http://www.hackerstxt.org/. I'm not sure if someone has set the site up as a joke or not, but it links to a blog post on someone's Blogger site.
The post rambles on a bit (I put it through Google Translate) about the poster's history as a 'hacker'. Anyway, towards the end the writer says:
therefore believe we should promote an initiative type hackers.txt , in which managers leave us a message to potential "aliens who are good" that makes it clear they will do managers receive a report of a vulnerability in your site. I've been circling this , the truth is that it is difficult to finish shaping, because perhaps some "alien who is not so good" , type Brainiac , take a free hand to brush a site, or the "good board administrator" , decide to change your mind and Liem, but I think we should be able to do something, I dunno, maybe having Jon Jonz , or perhaps thinking about how to write that file hackers.txt . How do you see it? Greetings Evil!
So I assume that the poster wants to start a sort of hackers.txt standard in the vein of humans.txt, but hasn't finished it off, or hasn't gotten it into the English speaking world.
Digging around, the Blogger site seems to be owned by a guy called Chema Alonso, who must be fairly reputable in the world of Spanish programmers as he has about 35k Twitter followers (https://twitter.com/chemaalonso). He seems to work for a company called ElevenPaths (http://elevenpaths.com/), which says that it's driving "radical innovation in security product development". A quick Whois check shows that the hackerstxt.org domain is registered by someone in Madrid, so I would assume it's Alonso.
The .txt file over at http://www.textfiles.com/news/hackers.txt, which has been refered to by some of the other answers in this thread, doesn't seem to have anything to do with the hackers.txt reference over at http://humanstxt.org/, and neither do most other search results for 'hackers.txt'.
It's possibly a joke, but If humans.txt is for humans to read then maybe hackers.txt is a warning for hackers.
Like the notice you get when you SSH into some more public terminals. "You are being watched... we will get you if you do anything bad..." That sort of thing.
If a hacker did compromise the site, the might notice the file, read it, realise you mean business and be scared away!
Interesting idea.
As this question is somewhat open, I think you are also expecting some assumptions, I write here (not in a comment) my opinion, but if it should be there, I'm sorry.
I think that the idea lying behind humans.txt (which I heard of before) is to make a new habit, new style or something like that. In fact, you can put a contact page, where all these data from humans.txt can be put. I think that hackers.txt could be also something like new style.
I suppose that hackers.txt was much earlier, maybe for 20 years, when www servers and popular web knowledge was poor, when using localhost Apache+PHP+MySQL was making you "a hacker", and if someone could access the file other than index.html (and linked pages from this), reading hackers.txt was some kind of prize, or maybe some kind of filter to show some information to "those who behold" (like this one perhaps).
I think hackers.txt should contain notes on how the site owner would like for data to be used... E.g. "I don't mind if you scrape the movie listings, but please don't hot link out images in your app"
So a few months ago I was browsing Google blogs for some filler content in my RSS reader. I don't recall any of the my searches but I did come across this unique website which interviewed all kinds of developers and their trades (some from Greasemonkey/firefox, artists, etc). The website interviewed them about their professions and then a detailed questionnaire about their tools, workflow and other task-solving methods. I've been trying to replicate my searches and prying my mind of what I was looking for or keywords that were used in the site but I have had no such luck. The website seemed pretty high-profile so I was wondering if any of you stackoverflowians might be visitors to this site or know what I am referring to.
Thanks if you can help!
Was it usesthis.com ? Sounds like it.
Web Programming HTML has several versions, however there is little reason for the novice to learn anything but the latest edition. Once you have mastered the basics of html, you may want to venture into some other web coding languages.
I am part of a growing software project with at least 200 active developer in 10 locations. I would like to set up an on-line chat forum for developers because I think it would help to coordinate efforts. We have an email mailing list but I feel like some questions or announcements are too informal to send to everyone while mentioning it in a chat forum might be a useful community resource.
I have never participated in a software project that used an on-line chat forum so I would like to hear about peoples experiences. I am particularly interested in technical issues: Use of IRC vs. alternative platforms; how to manage access, eg. for developers only, allowing users to participate; the value of requiring certain announcements to be made on the chat forum eg who is resolving broken builds etc.
If I pitch the idea to the community I would like to have some good arguments why it would be a good idea and some prospective of its usefulness in other software projects.
The features you MOST want for such informal discussions are:
persistance (I have't used IRC in >decade, does it persist chats that you missed?)
Searcheability
Classification (tagging) to help sort through the stuff.
Considering those 3, I'd strongly suggest some sort of discussion software (microblog, Wiki, forum) with RSS feed.
It's a great platform for informal discussions. It's flexible, users can self-organize and its extensible. We have tied CI build results and SCM commits. Further, given the availability of multiple consumption streams (web, terminal) anyone can join with little notice.
I think the previous poster is over-stating the importance of the contents of this conversation and who the heck wants to maintain discussion software? Blergh.
I wonder if anyone knows about WAFL (Write Anywhere File Layout), or a link to the topic of interest (not wikipedia), or a good bibliography online because I am investigating about operating systems, thanks to all.
The wikipedia page has links to a PDF from Network Appliance on the system as well as the patent link. If that's not going to satisfy you then you need to be more specific as to what kind of information you want.
The NetApp website has an extensive library of papers about WAFL and their file servers.
If you're interested in technical aspects of what WAFL is and how it works, the technical report linked from the Wikipedia article is a very good starting point. This article was originally published at the 1994 USENIX Conference, so it's 15 years old. Some things have changed---and a lot of features have been added---but it still provides a good description of the key innovations in WAFL.
p.s. FWIW, they stopped calling themselves "Network Appliance" a couple years ago and officially changed their name to "NetApp."
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
I'm currently trying to build a personal website to create a presence on the web for myself. My plan is to include content such as my resume, any projects that I have done on my own and links to open source projects that I have contributed to, and so on. However, I'm not sure which approach would be better from a perspective of "advertising" myself, since that what this site does, especially since I am a software developer.
Should I use an out-of-the-box system and extend it as needed, with available modules and custom modules where needed or should I custom build a site and all of its features as I need them? Does a custom site look better in the eyes of a potential employer who might visit my site?
I've toyed with this idea in the past but I don't think it's really a good idea for a number of reasons. Firstly, there are a number of places that can take care of most of this without you needing to do the work or maintenance. Just signing up for a linkedIn account for example will allow you to get most of your needs catered for in this regard. You can create your resume there and bio information etc and make it publicly viewable. The other issue with your "own site" is that if you don't update it often, the information gets stale, and worse yet, people have no reason to go back because "nothing has changed" - and that's not much of an advert for you is it?
Now that I've said all that, I'll make another recommendation. Why not start a blog instead?! If you've got decent experience, why not share that. I'd be willing to bet that this will be the best advert for your skills because:
It's always updated (if you post often)
It's not like you're looking for work doing it - but your (future) employer, or their developers will check it out anyway to get a better insight into your character.
Putting something on your resume doesn't mean you can do it. I'm not saying that you'd lie about your skills :-), but there's no argument about your ability when you're writing articles about the stuff, getting comments and feedback, and better yet, learning EVEN MORE about your passions.
Best of all - you can run your blog from your chosen domain and also point to your resume that is stored in linkedIn. Just an idea...
That's my two pennys worth on that - hope it helps you come to a decision!
If you are a web-specific developer I would go with a custom site, but if you focus more on desktop applications or backend technologies, I think an out of the box system would be fine.
A nice looking, default, off the shelf, complete website could be more impressive than a poorly done, broken, tacked together, incomplete website. Perhaps start with something "off the shelf" but nice looking, keep it simple, professional, and then eventually add more custom functionality, style and content. Potential employers may like to see that you are capable of reusing tried and trued solutions instead of trying to create everything from scratch without a good reason. Or you could spend time combining great components into something even better than the sum of the parts, as Jeff Atwood talks about extensively in the Stack Overflow podcasts. Stack Overflow is a good example of writing lots of custom code, but combining that with some of the best Web 2.0 technologies/widgets/etc. into something coherent, instead of trying to prove that they could implement x/y/z from scratch.
(On the other hand, it's really fun to build your own login system, blog, or photo gallery. If you really enjoy it and you want to learn a lot or create something new and different, then go for it!)
Here's what I did (or am currently doing). First, use an out of the box solution to begin with. In my case, I used BlogEngine.NET, which was open source and easy to set up. This allows me to put content on my site as fast as possible. Now, I can continue to use BlogEngine.NET, and skin my site to give it more personality or I can start rolling out my own solution. However, I haven't found a requirement yet that would give me a reason to waste time building my own solution. Odds are you probably won't either.
I don't think it matters if your site is blatantly using a framework or other "generic" solution. The real question is "is it done well, with taste?" If you are using an out of the box solution, you should take the time and pay attention to details when customizing it as if you were creating it from scratch.
Alternatively, if you're looking for a great learning experience and something to spend a lot of your free time on -- write it yourself. But know that you are re-inventing the wheel, and embrace it.
edit
A recent post from 37Signals, Gearheads don't get it, really sums up a good point about not focusing on the technical details, but "content and community".
Reinventing the wheel is not such a great idea when you are building a personal site. Building your own CMS is fun, and to some degree is something to brag about, but not so much features you won't have the time to build and all the security holes that you won't have the time to fix.
It's much better to pick a good, well-established engine, build a custom theme, and contribute a module or two to it: you'll be writing code that you can show off as a code sample and at the same time creating something useful.
Knowing your way around an open source CMS is a good skill in just about any job: when your boss says - hey, we need a three pager site for client/product/person X in 10 hours, you can say - no problem.
For a simpler portfolio site, Wordpress might meet your needs.
You can set up 'static' Wordpress pages for contact information, various portfolios, a resume, etc. This would also give you a blog if you want to do this.
Wordpress does give you the flexibility to "hide" the blogging part of it and use it basically as a simpler CMS. For example, your root URL of example.com could point to a WP static page, while example.com/blog would be the actual blog pages.
If you self-host Wordpress on your own domain (which I really would recommend instead of going through wordpress.com), it should be trivial to set up a few subdomains for extra content. For example, downloads.example.com could host the actual downloads for projects you've developed linked from the Wordpress portfolio pages. Similarly, if you're doing a lot of web work, a subdomain like lab.example.com or samples.example.com could then host various static (or dynamic) pages where you show off sandboxed pages that are not under the control of Wordpress.
Keep in mind though that you'll want to make your page look good. A sloppy looking site can scare away potential clients, even if you are not looking to do any web work for them.
Putting your resume up online somewhere helps, I get a lot of recruitment emails from people who happened on my resume via googling. However I agree with ColinYounger in that you'll probably get more bang for your buck from LinkedIn.
My advice is this - if you want to take the time out to LEARN a CMS or something, to better yourself, then why not make your first project in one be your homepage?
Maybe enlighten us as to the "features" you want to have on a personal homepage? Outside of a link to an HTML resume and perhaps some links to things you like, not sure exactly what the features of a homepage would be...
It really depends on:
a) what services you provide
b) what your skill level is when it comes to web design/development
If you are primarily a web applications developer then running an off the shelf product or using blatantly using DreamWeaver to develop it may not be so smart -- or maybe your clients aren't adept enough to notice?
Likewise if you're primarily a web designer then it is probably a good idea to design your own website.
Just as a side question and following up on my 'ego trip' comment: why would you take anything on the web to be 'true'? IME printed submissions, while not necessarily accurate, tend to be slightly less, erm... exaggerated than web submissions.
Do those responding\viewing ever hire? I wouldn't google for a candidate. I might ego surf for a respondent, but would ignore CVs.
Rounding back to the OP, I would suggest that you need to SHOW what you're good at - participate in Open Source projects and POST on their forums, link to projects you can post details of and generally try to show what a Good Employee you could be. Just telling me that you're good at [insert latest trend here] means diddly.
I have come to see that the best way to advertise yourself is to put quality content out there. If you write about the technology that you have experience in, maybe create a few tutorials, and if you do all that often enough, that shows some authority in your chosen field of work.
This alone is one of the best advertisements. However, you also want to show passion. And online, that can be shown through how meticulously your site is done (it doesn't have to be a super great UI or something), but it should be neat, clean, and professional. It doesn't matter if its out of the box, or custom designed.
Either way, you will have to work hard to make it look good.