Search Results

Search found 1216 results on 49 pages for 'jeff hellman'.

Page 1/49 | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

  • How to exploit Diffie-hellman to perform a man in the middle attack

    - by jfisk
    Im doing a project where Alice and Bob send each other messages using the Diffie-Hellman key-exchange. What is throwing me for a loop is how to incorporate the certificate they are using in this so i can obtain their secret messages. From what I understand about MIM attakcs, the MIM acts as an imposter as seen on this diagram: Below are the details for my project. I understand that they both have g and p agreed upon before communicating, but how would I be able to implement this with they both having a certificate to verify their signatures? Alice prepares ?signA(NA, Bob), pkA, certA? where signA is the digital signature algorithm used by Alice, “Bob” is Bob’s name, pkA is the public-key of Alice which equals gx mod p encoded according to X.509 for a fixed g, p as specified in the Diffie-Hellman key- exchange and certA is the certificate of Alice that contains Alice’s public-key that verifies the signature; Finally, NA is a nonce (random string) that is 8 bytes long. Bob checks Alice's signature, and response with ?signB{NA,NB,Alice},pkB,certB?. Alice gets the message she checks her nonce NA and calculates the joint key based on pkA, pkB according to the Diffie-Hellman key exchange. Then Alice submits the message ?signA{NA,NB,Bob},EK(MA),certA? to Bob and Bobrespondswith?SignB{NA,NB,Alice},EK(MB),certB?. where MA and MB are their corresponding secret messages.

    Read the article

  • Diffie-Hellman -- Primitive root mod n -- cryptography question.

    - by somewhat confused
    In the below snippet, please explain starting with the first "for" loop what is happening and why. Why is 0 added, why is 1 added in the second loop. What is going on in the "if" statement under bigi. Finally explain the modPow method. Thank you in advance for meaningful replies. public static boolean isPrimitive(BigInteger m, BigInteger n) { BigInteger bigi, vectorint; Vector<BigInteger> v = new Vector<BigInteger>(m.intValue()); int i; for (i=0;i<m.intValue();i++) v.add(new BigInteger("0")); for (i=1;i<m.intValue();i++) { bigi = new BigInteger("" + i); if (m.gcd(bigi).intValue() == 1) v.setElementAt(new BigInteger("1"), n.modPow(bigi,m).intValue()); } for (i=0;i<m.intValue();i++) { bigi = new BigInteger("" + i); if (m.gcd(bigi).intValue() == 1) { vectorint = v.elementAt(bigi.intValue()); if ( vectorint.intValue() == 0) i = m.intValue() + 1; } } if (i == m.intValue() + 2) return false; else return true; }

    Read the article

  • Démonstration de l'IntelliTrace de Visual Studio 2010 par Jeff Beehler, chef de produit chez Microso

    Mise à jour du 14.04.2010 par Katleen Démonstration de l'IntelliTrace de Visual Studio 2010 par Jeff Beehler, chef de produit chez Microsoft Jeff BEEHLER, chef de produit monde pour Visual Studio depuis plus de sept ans, nous a fait une démonstration de l'outil de traitement des bugs lors de son passage au siège parisien de Microsoft France. IntelliTrace, une « machine à remonter le temps pour les développeurs et les testeurs », transforme les bogues non reproductibles en souvenirs du passé : cet outil enregistre toute l'historique de l'exécution de l'application et permet la reproduction du bogue signalé. Le testeur peut ainsi résoudre un problème dès sa première apparition. A...

    Read the article

  • How does the elliptic-curve version of Diffie-Hellman cryptography work?

    - by cmaduro
    Does the Elliptic curve diffie hellman calculation look any different from the standard one defined here: /* * The basic Diffie-Hellman Key Agreement Equation * * The client initiates * A = g^a mod p * * Sends (g p A) to the server * * The server calculates B * B = g^b mod p * * Sends B back to client * * The client calculates K * K = B^a mod p * * The server calucaltes K * K = A^b mod p * */ Or is it just a specific way of selecting g, a, p and b? How are g,a,p and b selected anyway?

    Read the article

  • CLSF & CLK 2013 Trip Report by Jeff Liu

    - by jamesmorris
    This is a contributed post from Jeff Liu, lead XFS developer for the Oracle mainline Linux kernel team. Recently, I attended both the China Linux Storage and Filesystem workshop (CLSF), and the China Linux Kernel conference (CLK), which were held in Shanghai. Here are the highlights for both events. CLSF - 17th October XFS update (led by Jeff Liu) XFS keeps rapid progress with a lot of changes, especially focused on the infrastructure/performance improvements as well as  new feature development.  This can be reflected with a sample statistics among XFS/Ext4+JBD2/Btrfs via: # git diff --stat --minimal -C -M v3.7..v3.12-rc4 -- fs/xfs|fs/ext4+fs/jbd2|fs/btrfs XFS: 141 files changed, 27598 insertions(+), 19113 deletions(-) Ext4+JBD2: 39 files changed, 10487 insertions(+), 5454 deletions(-) Btrfs: 70 files changed, 19875 insertions(+), 8130 deletions(-) What made up those changes in XFS? Self-describing metadata(CRC32c). This is a new feature and it contributed about 70% code changes, it can be enabled via `mkfs.xfs -m crc=1 /dev/xxx` for v5 superblock. Transaction log space reservation improvements. With this change, we can calculate the log space reservation at mount time rather than runtime to reduce the the CPU overhead. User namespace support. So both XFS and USERNS can be enabled on kernel configuration begin from Linux 3.10. Thanks Dwight Engen's efforts for this thing. Split project/group quota inodes. Originally, project quota can not be enabled with group quota at the same time because they were share the same quota file inode, now it works but only for v5 super block. i.e, CRC enabled. CONFIG_XFS_WARN, an new lightweight runtime debugger which can be deployed in production environment. Readahead log object recovery, this change can speed up the log replay progress significantly. Speculative preallocation inode tracking, clearing and throttling. The main purpose is to deal with inodes with post-EOF space due to speculative preallocation, support improved quota management to free up a significant amount of unwritten space when at or near EDQUOT. It support backgroup scanning which occurs on a longish interval(5 mins by default, tunable), and on-demand scanning/trimming via ioctl(2). Bitter arguments ensued from this session, especially for the comparison between Ext4 and Btrfs in different areas, I have to spent a whole morning of the 1st day answering those questions. We basically agreed on XFS is the best choice in Linux nowadays because: Stable, XFS has a good record in stability in the past 10 years. Fengguang Wu who lead the 0-day kernel test project also said that he has observed less error than other filesystems in the past 1+ years, I own it to the XFS upstream code reviewer, they always performing serious code review as well as testing. Good performance for large/small files, XFS does not works very well for small files has already been an old story for years. Best choice (maybe) for distributed PB filesystems. e.g, Ceph recommends delopy OSD daemon on XFS because Ext4 has limited xattr size. Best choice for large storage (>16TB). Ext4 does not support a single file more than around 15.95TB. Scalability, any objection to XFS is best in this point? :) XFS is better to deal with transaction concurrency than Ext4, why? The maximum size of the log in XFS is 2038MB compare to 128MB in Ext4. Misc. Ext4 is widely used and it has been proved fast/stable in various loads and scenarios, XFS just need more customers, and Btrfs is still on the road to be a manhood. Ceph Introduction (Led by Li Wang) This a hot topic.  Li gave us a nice introduction about the design as well as their current works. Actually, Ceph client has been included in Linux kernel since 2.6.34 and supported by Openstack since Folsom but it seems that it has not yet been widely deployment in production environment. Their major work is focus on the inline data support to separate the metadata and data storage, reduce the file access time, i.e, a file access need communication twice, fetch the metadata from MDS and then get data from OSD, and also, the small file access is limited by the network latency. The solution is, for the small files they would like to store the data at metadata so that when accessing a small file, the metadata server can push both metadata and data to the client at the same time. In this way, they can reduce the overhead of calculating the data offset and save the communication to OSD. For this feature, they have only run some small scale testing but really saw noticeable improvements. Test environment: Intel 2 CPU 12 Core, 64GB RAM, Ubuntu 12.04, Ceph 0.56.6 with 200GB SATA disk, 15 OSD, 1 MDS, 1 MON. The sequence read performance for 1K size files improved about 50%. I have asked Li and Zheng Yan (the core developer of Ceph, who also worked on Btrfs) whether Ceph is really stable and can be deployed at production environment for large scale PB level storage, but they can not give a positive answer, looks Ceph even does not spread over Dreamhost (subject to confirmation). From Li, they only deployed Ceph for a small scale storage(32 nodes) although they'd like to try 6000 nodes in the future. Improve Linux swap for Flash storage (led by Shaohua Li) Because of high density, low power and low price, flash storage (SSD) is a good candidate to partially replace DRAM. A quick answer for this is using SSD as swap. But Linux swap is designed for slow hard disk storage, so there are a lot of challenges to efficiently use SSD for swap. SWAPOUT swap_map scan swap_map is the in-memory data structure to track swap disk usage, but it is a slow linear scan. It will become a bottleneck while finding many adjacent pages in the use of SSD. Shaohua Li have changed it to a cluster(128K) list, resulting in O(1) algorithm. However, this apporoach needs restrictive cluster alignment and only enabled for SSD. IO pattern In most cases, the swap io is in interleaved pattern because of mutiple reclaimers or a free cluster is shared by all reclaimers. Even though block layer can merge interleaved IO to some extent, but we cannot count on it completely. Hence the per-cpu cluster is added base on the previous change, it can help reclaimer do sequential IO and the block layer will be easier to merge IO. TLB flush: If we're reclaiming one active page, we should first move the page from active lru list to inactive lru list, and then reclaim the page from inactive lru to swap it out. During the process, we need to clear PTE twice: first is 'A'(ACCESS) bit, second is 'P'(PRESENT) bit. Processors need to send lots of ipi which make the TLB flush really expensive. Some works have been done to improve this, including rework smp_call_functiom_many() or remove the first TLB flush in x86, but there still have some arguments here and only parts of works have been pushed to mainline. SWAPIN: Page fault does iodepth=1 sync io, but it's a little waste if only issue a page size's IO. The obvious solution is doing swap readahead. But the current in-kernel swap readahead is arbitary(always 8 pages), and it always doesn't perform well for both random and sequential access workload. Shaohua introduced a new flag for madvise(MADV_WILLNEED) to do swap prefetch, so the changes happen in userspace API and leave the in-kernel readahead unchanged(but I think some improvement can also be done here). SWAP discard As we know, discard is important for SSD write throughout, but the current swap discard implementation is synchronous. He changed it to async discard which allow discard and write run in the same time. Meanwhile, the unit of discard is also optimized to cluster. Misc: lock contention For many concurrent swapout and swapin , the lock contention such as anon_vma or swap_lock is high, so he changed the swap_lock to a per-swap lock. But there still have some lock contention in very high speed SSD because of swapcache address_space lock. Zproject (led by Bob Liu) Bob gave us a very nice introduction about the current memory compression status. Now there are 3 projects(zswap/zram/zcache) which all aim at smooth swap IO storm and promote performance, but they all have their own pros and cons. ZSWAP It is implemented based on frontswap API and it uses a dynamic allocater named Zbud to allocate free pages. Zbud means pairs of zpages are "buddied" and it can only store at most two compressed pages in one page frame, so the max compress ratio is 50%. Each page frame is lru-linked and can do shink in memory pressure. If the compressed memory pool reach its limitation, shink or reclaim happens. It decompress the page frame into two new allocated pages and then write them to real swap device, but it can fail when allocating the two pages. ZRAM Acts as a compressed ramdisk and used as swap device, and it use zsmalloc as its allocator which has high density but may have fragmentation issues. Besides, page reclaim is hard since it will need more pages to uncompress and free just one page. ZRAM is preferred by embedded system which may not have any real swap device. Now both ZRAM and ZSWAP are in driver/staging tree, and in the mm community there are some disscussions of merging ZRAM into ZSWAP or viceversa, but no agreement yet. ZCACHE Handles file page compression but it is removed out of staging recently. From industry (led by Tang Jie, LSI) An LSI engineer introduced several new produces to us. The first is raid5/6 cards that it use full stripe writes to improve performance. The 2nd one he introduced is SandForce flash controller, who can understand data file types (data entropy) to reduce write amplification (WA) for nearly all writes. It's called DuraWrite and typical WA is 0.5. What's more, if enable its Dynamic Logical Capacity function module, the controller can do data compression which is transparent to upper layer. LSI testing shows that with this virtual capacity enables 1x TB drive can support up to 2x TB capacity, but the application must monitor free flash space to maintain optimal performance and to guard against free flash space exhaustion. He said the most useful application is for datebase. Another thing I think it's worth to mention is that a NV-DRAM memory in NMR/Raptor which is directly exposed to host system. Applications can directly access the NV-DRAM via a memory address - using standard system call mmap(). He said that it is very useful for database logging now. This kind of NVM produces are beginning to appear in recent years, and it is said that Samsung is building a research center in China for related produces. IMHO, NVM will bring an effect to current os layer especially on file system, e.g. its journaling may need to redesign to fully utilize these nonvolatile memory. OCFS2 (led by Canquan Shen) Without a doubt, HuaWei is the biggest contributor to OCFS2 in the past two years. They have posted 46 upstream patches and 39 patches have been merged. Their current project is based on 32/64 nodes cluster, but they also tried 128 nodes at the experimental stage. The major work they are working is to support ATS (atomic test and set), it can be works with DLM at the same time. Looks this idea is inspired by the vmware VMFS locking, i.e, http://blogs.vmware.com/vsphere/2012/05/vmfs-locking-uncovered.html CLK - 18th October 2013 Improving Linux Development with Better Tools (Andi Kleen) This talk focused on how to find/solve bugs along with the Linux complexity growing. Generally, we can do this with the following kind of tools: Static code checkers tools. e.g, sparse, smatch, coccinelle, clang checker, checkpatch, gcc -W/LTO, stanse. This can help check a lot of things, simple mistakes, complex problems, but the challenges are: some are very slow, false positives, may need a concentrated effort to get false positives down. Especially, no static checker I found can follow indirect calls (“OO in C”, common in kernel): struct foo_ops { int (*do_foo)(struct foo *obj); } foo->do_foo(foo); Dynamic runtime checkers, e.g, thread checkers, kmemcheck, lockdep. Ideally all kernel code would come with a test suite, then someone could run all the dynamic checkers. Fuzzers/test suites. e.g, Trinity is a great tool, it finds many bugs, but needs manual model for each syscall. Modern fuzzers around using automatic feedback, but notfor kernel yet: http://taviso.decsystem.org/making_software_dumber.pdf Debuggers/Tracers to understand code, e.g, ftrace, can dump on events/oops/custom triggers, but still too much overhead in many cases to run always during debug. Tools to read/understand source, e.g, grep/cscope work great for many cases, but do not understand indirect pointers (OO in C model used in kernel), give us all “do_foo” instances: struct foo_ops { int (*do_foo)(struct foo *obj); } = { .do_foo = my_foo }; foo>do_foo(foo); That would be great to have a cscope like tool that understands this based on types/initializers XFS: The High Performance Enterprise File System (Jeff Liu) [slides] I gave a talk for introducing the disk layout, unique features, as well as the recent changes.   The slides include some charts to reflect the performances between XFS/Btrfs/Ext4 for small files. About a dozen users raised their hands when I asking who has experienced with XFS. I remembered that when I asked the same question in LinuxCon/Japan, only 3 people raised their hands, but they are Chris Mason, Ric Wheeler, and another attendee. The attendee questions were mainly focused on stability, and comparison with other file systems. Linux Containers (Feng Gao) The speaker introduced us that the purpose for those kind of namespaces, include mount/UTS/IPC/Network/Pid/User, as well as the system API/ABI. For the userspace tools, He mainly focus on the Libvirt LXC rather than us(LXC). Libvirt LXC is another userspace container management tool, implemented as one type of libvirt driver, it can manage containers, create namespace, create private filesystem layout for container, Create devices for container and setup resources controller via cgroup. In this talk, Feng also mentioned another two possible new namespaces in the future, the 1st is the audit, but not sure if it should be assigned to user namespace or not. Another is about syslog, but the question is do we really need it? In-memory Compression (Bob Liu) Same as CLSF, a nice introduction that I have already mentioned above. Misc There were some other talks related to ACPI based memory hotplug, smart wake-affinity in scheduler etc., but my head is not big enough to record all those things. -- Jeff Liu

    Read the article

  • The 2012 Gartner-FEI CFO Technology Survey -- Reviewed by Jeff Henley, Oracle Chairman

    - by Di Seghposs
    Jeff Henley and Oracle Business Analytics VP Rich Clayton break down the findings of the 2012 Gartner-FEI CFO Technology Survey.  The survey produced by Gartner gathers CFOs perceptions about technology, trends and planned improvements to operations.  Financial executives and IT professionals can use these findings to align spending and organizational priorities and understand how technology should support corporate performance.    Listen to the webcast with Jeff Henley and Rich Clayton - Watch Now » Download the full report for all the details -   Read the Report »        Key Findings ·        Despite slow economic growth, CFOs expect conservative, steady IT spending. ·        The CFOs role in IT investment has increased again in 2012. ·        The 45% of IT leaders that report to the CFO are more than report to any other executive, and represent an increase of 3%. ·        Business analytics needs technology improvement. ·        CFOs are focused on business analytics and business applications more than on technology. ·        Information, social, cloud and mobile technology trends are on CFOs' radar. ·        Focusing on corporate performance management (CPM) projects, 63% of CFOs plan to upgrade business intelligence (BI), analytics and performance management in 2012. ·        Despite advancements in strategy management technologies, CFOs still focus on lagging key performance indicators (KPIs) only. ·        A pace-layered strategy for applications is needed (92% of CFOs believe IT doesn't provide transformation/differentiation). ·        New applications in financial governance rank high on improving compliance and efficiency.

    Read the article

  • diffie-hellman ssh keyxchange

    - by Chuck
    Hi, I've set out to make a primitive SSH client in C#; you might remember me from posts such as http://stackoverflow.com/questions/2872279/c-primitive-ssh-connection-lowlevel hehe. Anyway, things are great up until the time when I initiate a DH key exchange. I've compared the traffic when I establish a ssh connection (from openssh client to openssh server), to the traffic when my client connects to the same openssh server. OpenSSH client - OpenSSH server (S for server, C for client): S: SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2\r (saying hello) C: SSH-2.0-OpenSSH_5.2\r (introducing myself) C: Key Exchange Init (0x14 = 20) S: Key Exchange Init C: Diffie-Hellman GEX Request (0x22 = 34) (with DH GEX min, number of bits and max) S: Diffie-Hellman Key Exchange Reply (with P, G, etc.) C: Diffie-Hellman GEX Init S: Diffie-Hellman GEX Reply My client - OpenSSH server: S: SSH-2.0-OpenSSH_5.1p1 Debian-6ubuntu2\r (saying hello) C: SSH-2.0-Some_Name\r (introducing myself) C: Key Exchange Init (0x14 = 20) S: Key Exchange Init C: Diffie-Hellman GEX Request (0x22 = 34) (with DH GEX min, number of bits and max) and then a bogus TCP packet as reply (probably the server connection has been terminated after/upon GEX Request. I have yet to use AES128 (which I think is the encryption chosen, but I'm not sure how to verify this...), and I'm still sending in a non-compressed format, looking to get the P, G etc. values to make the DH calculations. So where I'm stranded is: RFC 4419 page 3 http://www.ietf.org/rfc/rfc4419.txt I've send SSH_MSG_KEY_DH_GEX_REQUEST, but the server does not respond SSH_MSG_KEX_DH_GEX_GROUP. Can anyone give me a little advice on what I'm not understanding here? Does the server not understand my GEX request (due to it expecting encryption, or?)? Any help is very much appreciated, thanks :)

    Read the article

  • User Experience Highlights in PeopleSoft and PeopleTools: Direct from Jeff Robbins

    - by mvaughan
    By Kathy Miedema, Oracle Applications User Experience  This is the fifth in a series of blog posts on the user experience (UX) highlights in various Oracle product families. The last posted interview was with Nadia Bendjedou, Senior Director, Product Strategy on upcoming Oracle E-Business Suite user experience highlights. You’ll see themes around productivity and efficiency, and get an early look at the latest mobile offerings coming through these product lines. Today’s post is on the user experience in PeopleSoft and PeopleTools. To learn more about what’s ahead, attend PeopleSoft or PeopleTools OpenWorld presentations.This interview is with Jeff Robbins, Senior Director, PeopleSoft Development. Jeff Robbins Q: How would you describe the vision you have for the user experience of PeopleSoft?A: Intuitive – Specifically, customers use PeopleSoft to help their employees do their day-to-day work, and the UI (user interface) has been helpful and assistive in that effort. If it’s not obvious what they need to do a task, then the UI isn’t working. So the application needs to make it simple for users to find information they need, complete a task, do all the things they are responsible for, and it really helps when the UI just makes sense. Productive – PeopleSoft is a tool used to support people to do their work, and a lot of users are measured by how much work they’re able to get done per hour, per day, etc. The UI needs to help them be as productive as possible, and can’t make them waste time or energy. The UI needs to reflect the type of work necessary for a task -- if it's data entry, the UI needs to assist the user to get information into the system. For analysts, the UI needs help users assess or analyze information in a particular way. Innovative – The concept of the UI being innovative is something we’ve been working on for years. It’s not just that we want to be seen as innovative, the fact is that companies are asking their employees to do more than they’ve ever asked before. More often companies want to roll out processes as employee or manager self-service, where an employee is responsible to review and maintain their own data. So we’ve had to reinvent, and ask,  “How can we modify the ways an employee interacts with our applications so that they can be more productive and efficient – even with tasks that are entirely unfamiliar?”  Our focus on innovation has forced us to design new ways for users to interact with the entire application.Q: How are the UX features you have delivered so far resonating with customers?  A: Resonating very well. We’re hearing tremendous responses from users, managers, decision-makers -- who are very happy with the improved user experience. Many of the individual features resonate well. Some have really hit home, others are better than they used to be but show us that there’s still room for improvement.A couple innovations really stand out; features that have a significant effect on how users interact with PeopleSoft.First, the deployment of PeopleSoft in a way that’s more like a consumer website with the PeopleSoft Home page and Dashboards.  This new approach is very web-centric, where users feel they’re coming to a website rather than logging into an enterprise application.  There’s lots of information from all around the organization collected in a way that feels very familiar to users. In order to do your job, you can come to this web site rather than having to learn how to log into an application and figure out a complicated menu. Companies can host these really rich web sites for employees that are home pages for accessing critical tasks and information. The UI elements of incorporating search into the whole navigation process is another hit. Rather than having to log in and choose a task from a menu, users come to the web site and begin a task by simply searching for data: themselves, another employee, a customer record, whatever.  The search results include the data along with a set of actions the user might take, completely eliminating the need to hunt through a complicated system menu. Search-centric navigation is really sitting well with customers who are trying to deploy an intuitive set of systems. Q: Are any UX highlights more popular than you expected them to be?  A: We introduced a feature called Pivot Grid in the last release, which is a combination of an interactive grid, like an Excel Pivot Table, along with a dynamic visual chart that automatically graphs the data. I wasn’t certain at first how extensively this would be used. It looked like an innovative tool, but it wasn’t clear how it would be incorporated in business process applications. The fact is that everyone who sees Pivot Grids is thrilled with that kind of interactivity.  It reflects the amount of analytical thinking customers are asking employees to do. Employees can’t just enter data any more. They must interact with it, analyze it, and make decisions. Pivot Grids fit into this way of working. Q: What can you tell us about PeopleSoft’s mobile offerings?A: A lot of customers are finding that mobile is the chief priority in their organization.  They tell us they want their employees to be able to access company information from their mobile devices.  Of course, not everyone has the same requirements, so we’re working to make sure we can help our customers accomplish what they’re trying to do.  We’ve already delivered a number of mobile features.  For instance, PeopleSoft home pages, dashboards and workcenters all work well on an iPad, straight out of the box.  We’ve delivered a number of key functions and tasks for mobile workers – those who are responsible for using a mobile device to manage inventory, for example.  Customers tell us they also need a holistic strategy, one that allows their employees to access nearly every task from a mobile device.  While we don’t expect users to do extensive data entry from their smartphone, it makes sense that they have access to company information and systems while away from their desk.  That’s where our strategy is going now.  We plan to unveil a number of new mobile offerings at OpenWorld.  Some will be available then, some shortly after. Q: What else are you working on now that you think is going to be exciting to customers at Oracle OpenWorld?A: Our next release -- the big thing is PeopleSoft 9.2, and we’ll be talking about the huge amount of work that’s gone into the next versions. A new toolset, 8.53, will be coming, and there’s a lot to talk about there, and the next generation of PeopleSoft 9.2.  We have a ton of new stuff coming.Q: What do you want PeopleSoft customers to know? A: We have been focusing on the user experience in PeopleSoft as a very high priority for the last 4 years, and it’s had interesting effects. One thing is that the application is better, more usable.  We’ve made visible improvements. Another aspect is that in customers’ minds, the PeopleSoft brand is being reinvigorated. Customers invested in PeopleSoft years ago, and then they weren’t sure where PeopleSoft was going.  This investment in the UI and overall user experience keeps PeopleSoft current, innovative and fresh.  Customers  are able to take advantage of a lot of new features, even on the older applications, simply by upgrading their PeopleTools. The interest in that ability has been tremendous. Knowing they have a lot of these features available -- right now, that’s pretty huge. There’s been a tremendous amount of positive response, just on the fact that we’re focusing on the user experience. Editor’s note: For more on PeopleSoft and PeopleTools user experience highlights, visit the Usable Apps web site.To find out more about these enhancements at Openworld, be sure to check out these sessions: GEN8928     General Session: PeopleSoft Update and Product RoadmapCON9183     PeopleSoft PeopleTools Technology Roadmap CON8932     New Functional PeopleSoft PeopleTools Capabilities for the Line-of-Business UserCON9196     PeopleSoft PeopleTools Roadmap: Mobile ApplicationsCON9186     Case Study: Delivering a Groundbreaking User Interface with PeopleSoft PeopleTools

    Read the article

  • Exceptional DBA 2011 Jeff Moden on why you should enter in 2012

    - by RedAndTheCommunity
    My "reign" as the Red Gate Exceptional DBA is almost over and I was asked to say a few words about this wonderful award. Having been one of those folks that shied away from entering the contest during the first 3 years of the award, I thought I'd spend the time encouraging DBAs of all types to enter. Winning this award has some obvious benefits. You win a trip to PASS including money towards your flight, paid hotel stay, and, of course, paid admission. You win a wonderful bundle of software from Red Gate to make your job as a DBA a whole lot easier. You also win some pretty incredible notoriety for your resume. After all, it's not everyone who wins a worldwide contest. To date, there are only 4 of us in the world who have won this award. You could be number 5! For me, all of that pales in comparison to what I found out during the entry process. I'm very confident in my skills, but I'm also humble. It was suggested to me that I enter the contest when it first started. I just couldn't bring myself to nominate myself. When the 2011 nomination period opened up, several people again suggested that I enter, so I swallowed hard and asked several co-workers to have a look at the online nomination form and, if they thought me worthy, to write a nomination for me. I won't bore you with the details, but what they wrote about me was one of the most incredible rewards that I could ever have hoped to receive. I had no idea of the impact that I'd made on my co-workers. Even if I hadn't made it to the top 5 for the award, I had already won something very near and dear that no one can ever top. "Even if I hadn't made it to the top 5 for the award, I had already won something very near and dear that no one can ever top." There's only one named winner and 4 "runners up" in this competition every year but don't let that discourage you. Enter this competition. Even if you work in the proverbial "Mom'n'Pop" shop, get your boss and the people you work with directly to nominate you. Even if you don't make it to the top 5, you might just find out that you're more of a winner than you think. If you're too proud to ask them, then take the time to nominate yourself instead of shying away like I did for the first 3 years. You work hard as a DBA and, as David Poole once said, if you're the first person that people ask for help rather than one of the last, then you're probably an Exceptional DBA. It's time to stand up and be counted! Win or lose, the entry process can be a huge reward in itself. It was for me. Thank you, Red Gate, for giving me such a wonderful opportunity. Thanks for listening folks and for all that you do as DBAs. As 'Red Green' says, "We're all in this together and I'm pullin' for ya". --Jeff Moden Red Gate Exceptional DBA 2011

    Read the article

  • Exceptional DBA 2011 Jeff Moden on why you should enter in 2012

    - by Red and the Community
    My "reign" as the Red Gate Exceptional DBA is almost over and I was asked to say a few words about this wonderful award. Having been one of those folks that shied away from entering the contest during the first 3 years of the award, I thought I’d spend the time encouraging DBAs of all types to enter. Winning this award has some obvious benefits. You win a trip to PASS including money towards your flight, paid hotel stay, and, of course, paid admission. You win a wonderful bundle of software from Red Gate to make your job as a DBA a whole lot easier. You also win some pretty incredible notoriety for your resume. After all, it’s not everyone who wins a worldwide contest. To date, there are only 4 of us in the world who have won this award. You could be number 5! For me, all of that pales in comparison to what I found out during the entry process. I’m very confident in my skills, but I’m also humble. It was suggested to me that I enter the contest when it first started. I just couldn’t bring myself to nominate myself. When the 2011 nomination period opened up, several people again suggested that I enter, so I swallowed hard and asked several co-workers to have a look at the online nomination form and, if they thought me worthy, to write a nomination for me. I won’t bore you with the details, but what they wrote about me was one of the most incredible rewards that I could ever have hoped to receive. I had no idea of the impact that I’d made on my co-workers. Even if I hadn’t made it to the top 5 for the award, I had already won something very near and dear that no one can ever top. “Even if I hadn’t made it to the top 5 for the award, I had already won something very near and dear that no one can ever top.” There’s only one named winner and 4 "runners up" in this competition every year but don’t let that discourage you. Enter this competition. Even if you work in the proverbial "Mom’n'Pop" shop, get your boss and the people you work with directly to nominate you. Even if you don’t make it to the top 5, you might just find out that you’re more of a winner than you think. If you’re too proud to ask them, then take the time to nominate yourself instead of shying away like I did for the first 3 years. You work hard as a DBA and, as David Poole once said, if you’re the first person that people ask for help rather than one of the last, then you’re probably an Exceptional DBA. It’s time to stand up and be counted! Win or lose, the entry process can be a huge reward in itself. It was for me. Thank you, Red Gate, for giving me such a wonderful opportunity. Thanks for listening folks and for all that you do as DBAs. As ‘Red Green’ says, "We’re all in this together and I’m pullin’ for ya". –Jeff Moden Red Gate Exceptional DBA 2011

    Read the article

  • Exceptional DBA 2011 Jeff Moden on why you should enter in 2012

    - by RedAndTheCommunity
    My "reign" as the Red Gate Exceptional DBA is almost over and I was asked to say a few words about this wonderful award. Having been one of those folks that shied away from entering the contest during the first 3 years of the award, I thought I'd spend the time encouraging DBAs of all types to enter. Winning this award has some obvious benefits. You win a trip to PASS including money towards your flight, paid hotel stay, and, of course, paid admission. You win a wonderful bundle of software from Red Gate to make your job as a DBA a whole lot easier. You also win some pretty incredible notoriety for your resume. After all, it's not everyone who wins a worldwide contest. To date, there are only 4 of us in the world who have won this award. You could be number 5! For me, all of that pales in comparison to what I found out during the entry process. I'm very confident in my skills, but I'm also humble. It was suggested to me that I enter the contest when it first started. I just couldn't bring myself to nominate myself. When the 2011 nomination period opened up, several people again suggested that I enter, so I swallowed hard and asked several co-workers to have a look at the online nomination form and, if they thought me worthy, to write a nomination for me. I won't bore you with the details, but what they wrote about me was one of the most incredible rewards that I could ever have hoped to receive. I had no idea of the impact that I'd made on my co-workers. Even if I hadn't made it to the top 5 for the award, I had already won something very near and dear that no one can ever top. "Even if I hadn't made it to the top 5 for the award, I had already won something very near and dear that no one can ever top." There's only one named winner and 4 "runners up" in this competition every year but don't let that discourage you. Enter this competition. Even if you work in the proverbial "Mom'n'Pop" shop, get your boss and the people you work with directly to nominate you. Even if you don't make it to the top 5, you might just find out that you're more of a winner than you think. If you're too proud to ask them, then take the time to nominate yourself instead of shying away like I did for the first 3 years. You work hard as a DBA and, as David Poole once said, if you're the first person that people ask for help rather than one of the last, then you're probably an Exceptional DBA. It's time to stand up and be counted! Win or lose, the entry process can be a huge reward in itself. It was for me. Thank you, Red Gate, for giving me such a wonderful opportunity. Thanks for listening folks and for all that you do as DBAs. As 'Red Green' says, "We're all in this together and I'm pullin' for ya". --Jeff Moden Red Gate Exceptional DBA 2011

    Read the article

  • Elliptic Curve Diffie-Hellman

    - by cmaduro
    Does the Elliptic curve diffie hellman calculation look any different from the standard one defined here: /* * The basic Diffie-Hellman Key Agreement Equation * * The client initiates * A = g^a mod p * * Sends (g p A) to the server * * The server calculates B * B = g^b mod p * * Sends B back to client * * The client calculates K * K = B^a mod p * * The server calucaltes K * K = A^b mod p * */ Or is it just a specific way of selecting g, a, p and b? How are g,a,p and b selected anyway?

    Read the article

  • Diffie-Hellman in Silverlight

    - by cmaduro
    I am trying to devise a security scheme for encrypting the application level data between a silverlight client, and a php webservice that I created. Since I am dealing with a public website the information I am pulling from the service is public, but the information I'm submitting to the webservice is not public. There is also a back end to the website for administration, so naturally all application data being pushed and pulled from the webservice to the silverlight administration back end must also be encrypted. Silverlight does not support asymmetric encryption, which would work for the public website. Symmetric encryption would only work on the back end because users do not log in to the public website, so no password based keys could be derived. Still symmetric encryption would be great, but I cannot securely save the private key in the silverlight client. Because it would either have to be hardcoded or read from some kind of config file. None of that is considered secure. So... plan B. My final alternative would be then to implement the Diffie-Hellman algorithm, which supports symmetric encryption by means of key agreement. However Diffie-Hellman is vulnerable to man-in-the-middle attacks. In other words, there is no guarantee that either side is sure of each others identity, making it possible for communication to be intercepted and altered without the receiving party knowing about it. It is thus recommended to use a private shared key to encrypt the key agreement handshaking, so that the identity of either party is confirmed. This brings me back to my initial problem that resulted in me needing to use Diffie-Hellman, how can I use a private key in a silverlight client without hardcoding it either in the code or an xml file. I'm all out of love on this one... is there any answer to this?

    Read the article

  • Pohlig–Hellman algorithm for computing discrete logarithms

    - by drelihan
    Hi Folks, I'm working on coding the Pohlig-Hellman Algorithm but I am having problem understand the steps in the algorithm based on the definition of the algorithm. Going by the Wiki of the algorithm: http://en.wikipedia.org/wiki/Pohlig%E2%80%93Hellman_algorithm I know the first part 1) is to calculate the prime factor of p-1 - which is fine. Howeever, I am not sure what I need to do in steps 2) and 3). Can someone help with explaining this in plain english (i) - or pseudocode. I want to code the solution myself obviously but I cannot make any more progress unless i understand the algorithm. Note: I have done a lot of searching for this and I read S. Pohlig and M. Hellman (1978). "An Improved Algorithm for Computing Logarithms over GF(p) and its Cryptographic Significance but its still not really making sense to me. Thanks in advance

    Read the article

  • Looking for more details about "Group varint encoding/decoding" presented in Jeff's slides

    - by Mickey Shine
    I noticed that in Jeff's slides "Challenges in Building Large-Scale Information Retrieval Systems", which can also be downloaded here: http://research.google.com/people/jeff/WSDM09-keynote.pdf, a method of integers compression called "group varint encoding" was mentioned. It was said much faster than 7 bits per byte integer encoding (2X more). I am very interested in this and looking for an implementation of this, or any more details that could help me implement this by myself. I am not a pro and new to this, and any help is welcome!

    Read the article

  • RSA encrypted Diffie-Hellman handshake

    - by cmaduro
    Would a RSA encrypted Diffie-Hellman handshake enable secure communication? I'm encrypting communication from a silverlight client to a php webservice. The silverlight client initiates they key agreement by sending the RSA public key encrypted DH parameters to the webservice. Only the webservice has the private key, so a MITM attack is not possible. The webservice sends plain text answer back to the client, and a key is agreed upon. This key is then used to encrypt communication between the webservice and silverlight client with AES, which is also encrypted with the RSA public key. Does anyone see a flaw?

    Read the article

  • How To Generate Parameter Set for the Diffie-Hellman Key Agreement Algorithm in Android

    - by sebby_zml
    Hello everyone, I am working on mobile/server security related project. I am now stuck in generating a Diffie-Hellman key agreement part. It works fine in server side program but it is not working in mobile side. Thus, I assume that it is not compactible with Android. I used the following class to get the parameters. It returns a comma-separated string of 3 values. The first number is the prime modulus P. The second number is the base generator G. The third number is bit size of the random exponent L. My question is is there anything wrong with the code or it is not compactible for android?What kind of changes should I do? Your suggestion and guidance would be very much help for me. Thanks a lot in advance. public static String genDhParams() { try { // Create the parameter generator for a 1024-bit DH key pair AlgorithmParameterGenerator paramGen = AlgorithmParameterGenerator.getInstance("DH"); paramGen.init(1024); // Generate the parameters AlgorithmParameters params = paramGen.generateParameters(); DHParameterSpec dhSpec = (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class); // Return the three values in a string return ""+dhSpec.getP()+","+dhSpec.getG()+","+dhSpec.getL(); } catch (NoSuchAlgorithmException e) { } catch (InvalidParameterSpecException e) { } return null; } Regards, Sebby

    Read the article

  • Google Rules for Retail

    - by David Dorf
    In the book What Would Google Do?, Jeff Jarvis outlines ten "Google Rules" that define how Google acts.  These rules help define how Web 2.0 businesses operate today and into the future.  While there's a chapter in the book on applying these rules to the retail industry, it wasn't very in-depth.  So I've decided to more directly apply the rules to retail, along with some notable examples of success.  The table below shows Jeff's Google Rule, some Industry Examples, and New Retailer Rules that I created. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} table.MsoTableGrid {mso-style-name:"Table Grid"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-priority:59; mso-style-unhide:no; border:solid black 1.0pt; mso-border-themecolor:text1; mso-border-alt:solid black .5pt; mso-border-themecolor:text1; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-border-insideh:.5pt solid black; mso-border-insideh-themecolor:text1; mso-border-insidev:.5pt solid black; mso-border-insidev-themecolor:text1; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} Google Rule Industry Examples New Retailer Rule New Relationship Your worst customer is your friend; you best customer is your partner Newegg.com lets manufacturers respond to customer comments that are critical of the product, and their EggXpert site lets customers help other customers. Listen to what your customers are saying about you.  Convert the critics to fans and the fans to influencers. New Architecture Join a network; be a platform Tesco and BestBuy released APIs for their product catalogs so third-parties could create new applications. Become a destination for information. New Publicness Life is public, so is business Zappos and WholeFoods founders are prolific tweeters/bloggers, sharing their opinions and connecting to customers.  It's not always pretty, but it's genuine. Be transparent.  Share both your successes and failures with your customers. New Society Elegant organization Wet Seal helps their customers assemble outfits and show them off to each other.  Barnes & Noble has a community site that includes a bookclub. Communities of your customers already exist, so help them organize better. New Economy Mass market is dead; long live the mass of niches lululemon found a niche for yoga inspired athletic wear.  Threadless uses crowd-sourcing to design short-runs of T-shirts. Serve small markets with niche products. New Business Reality Decide what business you're in When Lowes realized catering to women brought the men along, their sales increased. Customers want experiences to go with the products they buy. New Attitude Trust the people and listen In 2008 Starbucks launched MyStartbucksIdea to solicit ideas from their customers. Use social networks as additional data points for making better merchandising decisions. New Ethic Be honest and transparent; don't be evil Target is giving away reusable shopping bags for Earth Day.  Kohl's has outfitted 67 stores with solar arrays. Being green earns customers' respect and lowers costs too. New Speed Life is live H&M and Zara keep up with fashion trends. Be prepared to pounce on you customers' fickle interests. New Imperatives Encourage, enable and protect innovation 1-800-Flowers was the first do sales in Facebook and an early adopter of mobile commerce.  The Sears Personal Shopper mobile app finds products based on a photo. Give your staff permission to fail so innovation won't be stifled. Jeff will be a keynote speaker at Crosstalk, our upcoming annual user conference, so I'm looking forward to hearing more of his perspective on retail and the new economy.

    Read the article

  • Selection of parameters in Diffie-Hellman

    - by allenzzzxd
    Hello, maybe it's not so proper to ask this question here... anyway, I'm trying to use the gmp library for the implementation of DH, but the problem here I got is: Once, when I was doing the tests to observe the output, although big values of prime and the private keys were selected: p was about more than 300 digits long in decimal a, b were about 100 digits long finally I got a shared secret key which was extremely small, perhaps smaller than 10^8 in decimal... This problem didn't show up many times, in fact, during all the observation, it appeared just once...but still, this was not so good at all. So I wonder if there are some methods which can avoid this... Thanx a lot

    Read the article

  • Security review of an authenticated Diffie Hellman variant

    - by mtraut
    EDIT I'm still hoping for some advice on this, i tried to clarify my intentions... When i came upon device pairing in my mobile communication framework i studied a lot of papers on this topic and and also got some input from previous questions here. But, i didn't find a ready to implement protocol solution - so i invented a derivate and as i'm no crypto geek i'm not sure about the security caveats of the final solution: The main questions are Is SHA256 sufficient as a commit function? Is the addition of the shared secret as an authentication info in the commit string safe? What is the overall security of the 1024 bit group DH I assume at most 2^-24 bit probability of succesful MITM attack (because of 24 bit challenge). Is this plausible? What may be the most promising attack (besides ripping the device out off my numb, cold hands) This is the algorithm sketch For first time pairing, a solution proposed in "Key agreement in peer-to-peer wireless networks" (DH-SC) is implemented. I based it on a commitment derived from: A fix "UUID" for the communicating entity/role (128 bit, sent at protocol start, before commitment) The public DH key (192 bit private key, based on the 1024 bit Oakley group) A 24 bit random challenge Commit is computed using SHA256 c = sha256( UUID || DH pub || Chall) Both parties exchange this commitment, open and transfer the plain content of the above values. The 24 bit random is displayed to the user for manual authentication DH session key (128 bytes, see above) is computed When the user opts for persistent pairing, the session key is stored with the remote UUID as a shared secret Next time devices connect, commit is computed by additionally hashing the previous DH session key before the random challenge. For sure it is not transfered when opening. c = sha256( UUID || DH pub || DH sess || Chall) Now the user is not bothered authenticating when the local party can derive the same commitment using his own, stored previous DH session key. After succesful connection the new DH session key becomes the new shared secret. As this does not exactly fit the protocols i found so far (and as such their security proofs), i'd be very interested to get an opinion from some more crypto enabled guys here. BTW. i did read about the "EKE" protocol, but i'm not sure what the extra security level is.

    Read the article

  • Learning to Grow

    - by jack.flynn
    A Conversation with Ted Simpson of HEUG A great place to revisit Oracle OpenWorld year round is OracleWebVideo on YouTube. Oracle Magazine Senior Editor Jeff Erickson sat down with Ted Simpson at last year's Oracle OpenWorld to find out how the Higher Education Users Group (HEUG) is helping hundreds of member institutions and thousands of individuals across the globe meet the technological challenges in colleges and universities. Simpson joined HEUG back when it was a PeopleSoft special interest group. Now that higher education institutions have expanded into IT infrastructures the size of global corporations or small municipalities, his user group has also been challenged by growth.

    Read the article

  • New Rules of Retail

    - by David Dorf
    I've been on vacation and preparing for Crosstalk, so its been a while since I've posted. I've seen the agenda, and I can assure you Crosstalk will be lots of fun. In addition to hearing from lots of retailers, we'll also be doing a little bowling and racing on the track. I'll be around for the sessions, the ORUG meetings, and our Customer Advisory Board so please be sure to say hello. I also just completed a white paper based on a previous blog posting which in turn was based on learnings from reading What Would Google Do? For each of Jarvis' ten rules, I discuss the concept in the context of retail and provide real-world examples. No mention of products or sales pitches at all. You can download the paper here. It will put you in the right frame of mind for hearing Jeff Jarvis speak at Crosstalk. For those that can't make it, I'll post some highlights afterwards.

    Read the article

  • Le département américain de la défense adopte agile et la méthode Scrum, sous les conseils de Jeff Sutherland, inventeur de Scrum

    Le département américain de la défense adopte agile et la méthode Scrum Sous les conseils de Jeff Sutherland inventeur de ScrumAgile séduit de plus en plus de professionnels de l'IT, après son adoption par Microsoft c'est au tour du puissant département américain de la défense (DoD), qui passera d'un modèle en cascade à un modèle agile basé sur la méthode Scrum, sous les conseils avisés du docteur Jeff Sutherland, inventeur de la méthode et actuel PDG de Scrum Inc.A l'origine de cette initiative,...

    Read the article

1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >