It is fantastic to see that Mono is keeping up with the CLR / .Net evolution. They just reached the feature complete state for their C# 4.0 compiler, as reported by Marak Safar from the Mono compiler team.

Optional parameters, named arguments, dynamic binding and of course covariance and contravariance. I’m especially excited about the last one as it will help a lot with complex generics-based frameworks. That said, dynamic binding remains the most general purpose feature in this version.

Great news from the ReSharper team. They are just weeks away from releasing a preview for VS2010 Beta 1 sometime in June. Their blog article also shows you screenshots of ReSharper integrated with the new windowing system in VS2010.

This is great news for enthusiast and early adopters!

Finally Office 2007 has built-in support for OpenDocument making it interoperable with Open Office and other tools that use this OASIS standard. Together with Microsoft’s own creation Office Open Xml, an ECMA standard, this package becomes a very compelling option for editing, storing, printing and converting documents in both of these standards.

Another important tidbit is that PDF/XPS support is finally in the box, and there is no reason to dig around the web to find the right add-ins anymore.

In short, time to drop by Windows Update.

The latest nightly builds of Chromium now includes a fix for the sandboxing issues experienced on Windows 7 x64 Beta, and the –no-sandbox hack is no longer needed and security and stability is restored. I’m certain this fix will make it into the developer, beta and release channels soon.

A just noticed that Windows 7 has added support for moving windows between monitors.

Use Win+Shift with Left or Right arrow key to move the current window around. You can also do some fun positioning when combining the Windows key with the arrow keys.

Much appreciated improvements!

The latest version of Live Mesh doesn’t disable Aero anymore, and throws in better conflict handling as a bonus.

Live Mesh has become a critical part of my computer setup, and this is the final piece that completes my Windows 7 installation --  and everything is working great!

You can get the updated build at mesh.com or simply trough the built-in updater if you were tough enough to survive without Aero.

Interesting point by Magnus Akselvoll.

Perhaps two of the most malware-facing application are the ones that don’t quite work. Enough said.

If you you’ve tried to install Google Chrome v1.0 on Windows 7 x64 Beta 1 you have seen a number of warnings about compatibility, and Chrome crashes whenever you load a page. There are some problems with the Chrome sandboxing model and Windows 7 x64, so if you run Chrome with the parameter –no-sandbox everything should work fine.

Happy testing :)

Security researchers have proven a successful collision attack against MD5-signed X.509 certificates. This would enable an attacker to create their own X.509 certificate with same digital signature as the original certificate. This certificate can then be used to sign additional certificates and provide whatever details they please, all trusted by existing security infrastructures. This will work great phishing and man-in-the-middle attacks.

This was performed using a cluster of 200 PlayStation 3’s and is reproducible with a couple of days of computing.

The risks inherent when using the MD5 hash algorithm have been known for quite some time and the recommendation is to move to the SHA family. Most certificates should as such be signed with SHA-1 instead of MD5, but history has proven that there are always old installations and old configurations around.

The following public Certificate Authorities are still using MD5 signing:

• RapidSSL
• FreeSSL
• TrustCenter
• RSA Data Security
• Thawte
• verisign.co.jp

The security researchers sampled 30.000 certificates, whereof 9.000 were using MD5 and 97% of those were issued by RapidSSL.

It’s time to review the algorithm used on your certificates; hopefully it is using SHA. This is easily verifiable if you look at the certificate properties. This is not a problem with EV certificates as they do not support the MD5 algorithm.

Microsoft recently issued this security advisory.

The WebKit engine was recently enhanced with the HttpOnly Cookie feature originally introduced in Internet Explorer. This is a security feature that restricts access to certain cookies making them only available for HTTP requests and not from JavaScript running within the browser; a feature originally developed to help with XSS attacks.

The next versions of Safari and Google Chrome will most likely include these updated bits completing the browser lineup as Internet Explorer, FireFox and Opera already have this feature implemented.

Nice to see innovation being accepted and implemented across the board.

The Early Access Program for ReSharper v4.5 just started and nightly builds are available for download. Keep in mind that these are not official beta releases, but automated builds straight from the development branch. The current release has a few very useful features as well as performance and memory optimizations.

Solution-wide analysis has been updated with unused code detection that will highlight unneeded code segments throughout your solution. If you have a layered architecture with multiple solutions you will have to up a new solution that includes all your projects for this to work correctly. If you are doing some Christmas cleaning you may want take these new bits for a spin. It also features a much more flexible naming standard configuration.

Download here.

If you had any issues with .Net FX 3.5 SP1, or if you are holding it back for some reason, it’s time to head over to KB959209 and get this patch.

It contains a set of fixed for both the .Net 2.0 and the .Net 3.0 bits that were patched as a part of this release. There is also a list of fixes incase you have been noticing some strange behavior lately.

The .Net Fx 3.5 Service Pack 1 contained quite a few interesting optimizations, and is well worth the install.

It looks like Google decided to fast track a version 1 release, probably hoping it will be an acceptable deployment for enterprise and computer manufacturers.

It is still lacking a few important features like client certificate support, but it’s fast and stable. If you are heavy user of Google web applications and want the extra features or simply looking for new browser alternative head on over to Google to give it a spin. If you just want to test it you can simply leave the ‘make it my default browser’ setting unchecked, it’s easy to change that once you become a true believer.

A update to the Windows Live Essentials package has been released. This includes Live Messenger, Live Mail, Live Writer, Live Photo Gallery and more. Make sure you uncheck any checkboxes for things you don’t want, and be mindful of the last settings page with home page and search engine settings.

This appears to be a release candidate build, and we should expect a final release very soon.

Get your bits at download.live.com.