Search Results

Search found 5683 results on 228 pages for 'zend pdf'.

Page 124/228 | < Previous Page | 120 121 122 123 124 125 126 127 128 129 130 131  | Next Page >

  • Running Firefox in the Windows service mode

    - by Leonid
    I'm writing a server running as a Windows service that by request invokes Firefox to generate a pdf snapshot of a webpage. I know it is a bad idea to run a GUI program in service mode, but the server nature of my program restricts from running it in the user mode. Running a user-level 'proxy' also is not an option, since there might be no interactive user logged-in on the machine with the server running. In my experiments Firefox successfully produced pdf when the service was running under a user account that was already logged-in. Obviously it didn't work in other cases: for Local System and user accounts that weren't logged-in. Under LocalSystem with 'Allow service to interact with desktop' option enabled I could see the Firefox started that reports that it's unable to find a printer. Since it wouldn't be practical to require an opened user session for the pdf server to run, is there any workaround for this except running the whole thing from a virtual machine?

    Read the article

  • C#.NET Problem with locking of page after writing stream to window.

    - by godlikeskills
    The code below works fine, the problem is the 1st two lines are appearing on screen. It basically loads the PDF but I can't see the btnAcceptProposal change name or become enabled. Tried a Thread for the load but it broke. Anyone got any ideas - it's a web application protected void btnPDFProposal_Click(object sender, EventArgs e) { btnAcceptProposal.Enabled = true; btnAcceptProposal.Text = "sss"; byte[] p = Order.Proposal; Response.AppendHeader("content-disposition", "attachment; filename=Proposal.pdf"); Response.ContentType = "Application/pdf"; Response.Clear(); Response.BinaryWrite(p); Response.End(); }

    Read the article

  • ByteArrayOutputStream to PrintWriter (Java Servlet)

    - by Thomas
    Writing generated PDF (ByteArrayOutputStream) in a Servlet to PrintWriter. I am desperately looking for a way to write a generated PDF file to the response PrintWriter. Since a Filter up the hierarchy chain has already called response.getWriter() I can't get response.getOutputStream(). I do have a ByteArrayOutputStream where I generated the PDF into. Now all I need is a way to output the content of this ByteArrayOutputStream to the PrintWriter. If anyone could give me a helping hand would be very much appreciated!

    Read the article

  • QuickPdf - Memory leak

    - by Lonzo
    I have a method containing code to create a pdf doc using the QuickPdf library. Inside the method, I instantiate a QuickPdf object, create the pdf doc and save it to a file. I then call this method for each file to be generated. Now my problem is that the pdf docs' sizes are increasing with each call to the method even though the contents are basically the same . I am suspecting a memory leak but I cant see where exactly, since the QuickPdf object is being created and disposed each time on each call.

    Read the article

  • PHP 5.3.1 Undefined Symbol: OnUpdateLong error on Apache Startup

    - by docgnome
    I'm running Ubuntu 8.04 on this server. I had PHP 5.2 installed via the package manager. I removed it to install PHP 5.3.1 by hand. I built the packages like so ./configure --prefix=/opt/php --with-mysql --with-curl=/usr/bin --with-apxs2=/usr/bin/apxs2 make make install This installed PHP 5.3.1 in /opt/php/ $ php -v PHP 5.3.1 (cli) (built: Dec 7 2009 10:51:14) Copyright (c) 1997-2009 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2009 Zend Technologies However, when I try to start Apache I get this. # /etc/init.d/apache2 restart * Restarting web server apache2 apache2: Syntax error on line 185 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/php5.load: Cannot load /usr/lib/apache2/modules/libphp5.so into server: /usr/lib/apache2/modules/libphp5.so: undefined symbol: OnUpdateLong [fail] Any ideas what's causing this error? All the references I can see have to do with building php5 packages for php4 or the like. PHP4 has never been installed on this machine.

    Read the article

  • Safari corrupting downloads?

    - by Kaji
    First off, a bit of background: I had to do an erase and install about 2-3 weeks ago, so this is a fresh, up-to-date installation of Snow Leopard we're dealing with. That said, I decided recently to branch out from simply programming PHP in a text editor and explore some of the other technologies I keep hearing about, and picked up Drupal, Joomla, and the Zend Framework from their respective official sites. Latest complete, stable builds for all 3. Drupal and Joomla downloaded without a problem, but when I put them in my /~username/Sites folder, XAMPP pretends they're not there, even if I restart Apache or the laptop itself. Zend's archive won't open at all. Is Safari corrupting the downloads, or are there other issues in play that can be investigated?

    Read the article

  • Trouble installing php memcache extension

    - by 2020vert
    I'm trying to install memcache on MAMP but I get the warning below, and when I continue it seems to complete properly. I add the line extension=memcache.so to the php.ini and restart MAMP but phpinfo() doesn't list the memcache extension. $ ./pecl install memcache downloading memcache-2.2.5.tgz ... Starting to download memcache-2.2.5.tgz (35,981 bytes) ..........done: 35,981 bytes 11 source files, building WARNING: php_bin /Applications/MAMP/bin/php5/bin/php appears to have a suffix 5/bin/php, but config variable php_suffix does not match running: phpize Configuring for: PHP Api Version: 20041225 Zend Module Api No: 20060613 Zend Extension Api No: 220060519 Enable memcache session handler support? [yes] : yes ... Build process completed successfully Installing '/Applications/MAMP/bin/php5/lib/php/extensions/no-debug-non-zts-20060613/memcache.so' install ok: channel://pecl.php.net/memcache-2.2.5 configuration option "php_ini" is not set to php.ini location You should add "extension=memcache.so" to php.ini

    Read the article

  • Trouble installing php memcache extension

    - by user35346
    I'm trying to install memcache on MAMP but I get the warning below, and when I continue it seems to complete properly. I add the line extension=memcache.so to the php.ini and restart MAMP but phpinfo() doesn't list the memcache extension. $ ./pecl install memcache downloading memcache-2.2.5.tgz ... Starting to download memcache-2.2.5.tgz (35,981 bytes) ..........done: 35,981 bytes 11 source files, building WARNING: php_bin /Applications/MAMP/bin/php5/bin/php appears to have a suffix 5/bin/php, but config variable php_suffix does not match running: phpize Configuring for: PHP Api Version: 20041225 Zend Module Api No: 20060613 Zend Extension Api No: 220060519 Enable memcache session handler support? [yes] : yes ... Build process completed successfully Installing '/Applications/MAMP/bin/php5/lib/php/extensions/no-debug-non-zts-20060613/memcache.so' install ok: channel://pecl.php.net/memcache-2.2.5 configuration option "php_ini" is not set to php.ini location You should add "extension=memcache.so" to php.ini

    Read the article

  • How to install pecl uploadprogress on Debian Lenny

    - by kidrobot
    I am getting this output/error for # pecl install uploadprogress downloading uploadprogress-1.0.1.tgz ... Starting to download uploadprogress-1.0.1.tgz (8,536 bytes) .....done: 8,536 bytes 4 source files, building running: phpize Configuring for: PHP Api Version: 20041225 Zend Module Api No: 20060613 Zend Extension Api No: 220060519 building in /var/tmp/pear-build-root/uploadprogress-1.0.1 running: /tmp/pear/temp/uploadprogress/configure checking for grep that handles long lines and -e... /bin/grep checking for egrep... /bin/grep -E checking for a sed that does not truncate output... /bin/sed checking for gcc... no checking for cc... no checking for cl.exe... no configure: error: no acceptable C compiler found in $PATH See `config.log' for more details. ERROR: `/tmp/pear/temp/uploadprogress/configure' failed php-pear is installed. I'm stumped.

    Read the article

  • php5-fpm.sock file doesn't exist

    - by Caballero
    I've just compiled and installed PHP-FPM 5.5.5 following this tutorial. I have ignored the apache setup section, because I'm running nginx. Everything seems to be fine: php -v PHP 5.5.5 (cli) (built: Oct 18 2013 21:56:02) Copyright (c) 1997-2013 The PHP Group Zend Engine v2.5.0, Copyright (c) 1998-2013 Zend Technologies Problem is, I need to link it to my nginx conf via a socket, but /var/run/php5-fpm.sock file doesn't exist. How do I create it? The file /etc/php5/fpm/pool.d/www.conf does include the line listen = /var/run/php5-fpm.sock It is possible (though I'm not sure) that it's a leftover of an older php version 5.5.3 which was installed and removed via apt-get. I'm running Ubuntu 13.10 (Saucy Salamander)

    Read the article

  • Cannot install Pecl (Imagick) extension on Centos server - autoconf missing

    - by Stevo
    I'm trying to install the pecl extension Imagick on a centos server, but I'm getting an error about autoconf. Autoconf is installed, as is make and gcc. but it's complaining about the path: [root@server ~]# pecl install imagick downloading imagick-3.0.1.tgz ... Starting to download imagick-3.0.1.tgz (93,920 bytes) .....................done: 93,920 bytes 13 source files, building running: phpize Configuring for: PHP Api Version: 20090626 Zend Module Api No: 20090626 Zend Extension Api No: 220090626 /usr/bin/phpize: /var/tmp/imagick/build/shtool: /bin/sh: bad interpreter: Permission denied Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF environment variable. Then, rerun this script. ERROR: `phpize' failed What should I do?

    Read the article

  • Updating PHP on a Plesk managed Server

    - by mblaettermann
    I just updated PHP and MySQl on my VPS with the current Versions from Atomic Repo. Everything worked out fine so far. From console I get the new PHP 5.3: [root@server phpMyAdmin]# php -v PHP 5.3.16 (cli) (built: Aug 20 2012 11:18:05) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.3.0, Copyright (c) 1998-2012 Zend Technologies with the ionCube PHP Loader v4.0.5, Copyright (c) 2002-2011, by ionCube Ltd. But through Apache I still get the old version (5.1.6). The server is running some old version of crappy Plesk Panel. That gives me the option to choose between Apache Modul, fCGI and CGI-BIN. Any hints, how to update apache, so it will use the new PHP Version? EDIT: I just needed to restart httpd (/etc/init.d/httpd restart)

    Read the article

  • PID:4 using Port 80

    - by CyberOPS
    I was trying to install Zend Server CE on my computer but when I got to the point were I need to choose the port for my Web Server it says: "Web Server Port: 80 Occupied". So I decided to check what is using Port 80 with CMD by typing: "netstat -o -n -a | findstr 0.0:80": TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 I check for PID:4 in Task Manager's Processes and Services. Seems PID 4 is "System". So, what I want to know is how can I stop "System" (PID:4) from using Port 80? INFO: I am using: Windows 7 64bit; Zend Server CE 5.5.0

    Read the article

  • Setting up a server with only subdomains, any connection to top level goes to main server on another IP?

    - by Anagio
    I'm developing a web app where users will have their own sub-domain to login to and use the application. I'm running wordpress for the main website to manage the public / front end. Our application is developed in zend framework. The zf project is currently in a subfolder on the main server. I'd like to place the zend framework project onto another server (different IP) and keep it separate from the the wordpress front end www.domain.com site. The zf application server will run nginx. I'm not sure how to setup a server to run strictly sub domains. Setting up the virtual hosts in the configuration file is no problem. To give the users username.domain.com. But what about the main default configuration file? How would that be configured since the top level domain is technically another server (wordpress) on another IP?

    Read the article

  • Apache timeouts and error log

    - by BlackFire27
    I have an error whenever I run my code for a certain time. I use a lot of loops and sql connections. I basically, put and take out links from my database. The problem is that there is some error thrown that I cant see, whenever I execute a long sql operation .. Note that the fault isnt the code. The code runs well, whenever there are a few links involved. But when there are over 200 links.. an error is thrown that I cants see. I tried to trace the error in a few places: C:\Program Files\Zend\ZendServer\logs\php_error.log C:\Program Files\Zend\phpMyAdmin\config.inc.php Edit Viewer in win xp I am running XP: Windows xp php version: 5.3.9-ZS5.6.0. Apache/2.2.21 Apacher version: (Win32) mod_ssl/2.2.21 OpenSSL/0.9.8o I cant trace the error at all, and why it happens. All I can suspect of, is that there is a server timeout..

    Read the article

  • php amqp error while running make

    - by Dmitriy Apollonin
    I'm trying to install php amqp according to this answer http://stackoverflow.com/a/9997263/2271028 but at the make command i see following: /bin/bash /var/www/rabbitmq-c/amqp-1.4.0/libtool --mode=compile cc -I. -I/var/www/rabbitmq-c/amqp-1.4.0 -DPHP_ATOM_INC -I/var/www/rabbitmq-c/amqp-1.4.0/include -I/var/www/rabbitmq-c/amqp-1.4.0/main -I/var/www/rabbitmq-c/amqp-1.4.0 -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /var/www/rabbitmq-c/amqp-1.4.0/amqp.c -o amqp.lo libtool: compile: cc -I. -I/var/www/rabbitmq-c/amqp-1.4.0 -DPHP_ATOM_INC -I/var/www/rabbitmq-c/amqp-1.4.0/include -I/var/www/rabbitmq-c/amqp-1.4.0/main -I/var/www/rabbitmq-c/amqp-1.4.0 -I/usr/include/php5 -I/usr/include/php5/main -I/usr/include/php5/TSRM -I/usr/include/php5/Zend -I/usr/include/php5/ext -I/usr/include/php5/ext/date/lib -DHAVE_CONFIG_H -g -O2 -c /var/www/rabbitmq-c/amqp-1.4.0/amqp.c -fPIC -DPIC -o .libs/amqp.o In file included from /var/www/rabbitmq-c/amqp-1.4.0/amqp.c:46:0: /var/www/rabbitmq-c/amqp-1.4.0/php_amqp.h:303:2: error: unknown type name 'amqp_socket_t' /var/www/rabbitmq-c/amqp-1.4.0/amqp.c: In function 'amqp_error': /var/www/rabbitmq-c/amqp-1.4.0/amqp.c:616:4: warning: format '%s' expects argument of type 'char *', but argument 4 has type 'int' [-Wformat] make: *** [amqp.lo] Error 1 I see that there is some trouble with make, but can not resolve this problem. Any ideas? Thanks.

    Read the article

  • Which tools you use for development in your company?…Please be exact [closed]

    - by predrag.music
    If you are a professional php/(my/postgre/?)sql/? developer and working in a professional team ... I would like to know which tools you use for development in your company. I do not care which tool is better or worse, but "which tools you use", if it is not a TOP SECRET :) For example, these are just some of the tools i/we use (first those used most (in general)): Pen, paper lots of cofee, cola ... let me think ... mmmm ... yeah more cofee :) All kinds of books (a lots of books) OS: Win / MacOS X Server: Hosted (CentOS )/ At work Mac OS X Dev server: XAMPP / MAMP / LAMP Editor: Notepad++ IDE: Netbeans / Zend Studio / Eclipse Version Control System: Mercurial / SVN FTP: Filezilla mostly / ... Passwords: KeePass js / ajax: jQuery / pure js / jQuery UI Framework:CI / Zend / pure php Database: MySQL / Other ORM: Framework layer db (Not an ORM I know but...) / Doctrine (2) / no ORM Debugging: Xdebug (PHP) / firebug (ajax/js/html/css/...) / framework profiler (stuff) / ... (x) Dreaming: About... Thinking: Not about chaos in ? direction .... n Anything else that comes to mind n+1 Zilion other stuff i know but i can't remember ... 8 some other stuff i (don't) remember i forgot, give up, delete, lost, said to myself never again, i haven't had time stuff, have on computer stuff but can't find or don't even know i have it on my computer at least 2-3 or more times, stuff I said to myself i'll check later and never checked again for all sort of "perfectly justified" reasons (time, memory, wife :), whatever,...), ... what is the reason i'm asking this?:) 8 and beyond looking forward to see a lot of answers ?

    Read the article

  • Need help deciding if Joomla! experience as a good metric for hiring a particular prospective employee.

    - by Stephen
    My company has been looking to hire a PHP developer. Some of the requirements for the job include: an understanding of design patterns, particularly MVC. some knowledge of PHP 5.3's new features. experience working with a PHP framework (it doesn't matter which one). I interviewed a man today who's primary work experience involved working with Joomla!. As an employee, he will be required to work on existing and new web applications that use Zend Framework, CakePHP and/or CodeIgniter. It is my opinion that we shouldn't dismiss hiring a developer just because he has not used the same technologies that he'll be using on the job. So, I'd like to know about the kind of coding experience working with Joomla! can provide. I've never bothered to take more than a brief look (if that) at the Joomla! package, so I'm hoping to lean on the knowledge of my peers. Would you consider Joomla! to contain a professional code-base? Is the package well organized, and/or OO in general, or is it more like WordPress where logic and presentation are commingled? When working with Joomla!, is the developer encouraged to use best practices? In your opinion, would experience working with Joomla! garner the skills needed to get up to speed with Zend or CakePHP quickly, or will there be a steep learning curve ahead of the developer? I'm not saying that Joomla! is a bad technology, or even that it is lower on the totem pole when compared to the frameworks I've mentioned. Maybe it's awesome, I dunno. I simply have no idea!

    Read the article

  • It's raining development VirtualBox images again!

    - by pieter.humphrey
                                                The cloud has burst.. forecast is looking like large amounts of VirtualBox images are coming down from OTN.   Are you finding the install for Database, WebLogic, SOA or WebCenter to be complicated when your goal is simply to setup a development sandbox?  Sick of giving your credit card info to cloud vendors, only to be stuck in a walled garden where you can't connect to your own internal systems?   Are you new to Java and just wanted something technical to sink your teeth into?  Or maybe you just want to put some stuff on that new terabyte drive you got? ;) Have no fear.  VirtualBox 4.0 is here.  We've have several development (read: don't use in production) images that were designed for use for in-person events, but we're posting them for your enjoyment.  Some of the images have step by step hands on labs baked into them too!  So get a freeware download manager like BitComet, install VirtualBox, an MD5 checksum utility (if you are on windows) and get wet!   del.icio.us Tags: java,development,java ee,java fx,virtualBox,virtualization,database,soa,weblogic,jdeveloper,eclipse,netbeans,sql developer,times ten,zend,php,SOA,SOA Suite,BPM,BAM,B2B,hudson,maven,subversion,Eclipse,Solaris,OTN Technorati Tags: java,development,java ee,java fx,virtualBox,virtualization,database,soa,weblogic,jdeveloper,eclipse,netbeans,sql developer,times ten,zend,php,SOA,SOA Suite,BPM,BAM,B2B,hudson,maven,subversion,Eclipse,Solaris,OTN

    Read the article

  • OOP for unit testing : The good, the bad and the ugly

    - by Jeff
    I have recently read Miško Hevery's pdf guide to writing testable code in which its stated that you should limit your classes instanciations in your constructors. I understand that its what you should do because it allow you to easily mock you objects that are send as parameters to your class. But when it comes to writing actual code, i often end up with things like that (exemple is in PHP using Zend Framework but I think it's self explanatory) : class Some_class { private $_data; private $_options; private $_locale; public function __construct($data, $options = null) { $this->_data = $data; if ($options != null) { $this->_options = $options; } $this->_init(); } private function _init() { if(isset($this->_options['locale'])) { $locale = $this->_options['locale']; if ($locale instanceof Zend_Locale) { $this->_locale = $locale; } elseif (Zend_Locale::isLocale($locale)) { $this->_locale = new Zend_Locale($locale); } else { $this->_locale = new Zend_Locale(); } } } } Acording to my understanding of Miško Hevery's guide, i shouldn't instanciate the Zend_Local in my class but push it through the constructor (Which can be done through the options array in my example). I am wondering what would be the best practice to get the most flexibility for unittesing this code and aswell, if I want to move away from Zend Framework. Thanks in advance

    Read the article

  • Launching php script through comman line - keeping terminal window open after execution

    - by somethis
    Oh, my girlfriend really likes it when I launch php scripts! There's something special about them, she says ... Thus, I coded this script to run throught the CLI (Command Line Interface) - so it's running locally, not on a web server. It launches just fine through right click open run in terminal but closes right after execution. **Is there a way to keep the terminal window open? Of course I can launch it through a terminal window - which would stay open - but I'm looking for a one click action. With bash scripts I use $SHELL but that didn't work (see code below). So far, the only thing I came up with is sleep(10); which gives me 10 seconds for my girl to check the output. I'd rather close the terminal window manually, though. #!/usr/bin/php -q <?php echo "Hello World \n"; # wait before closing terminal window sleep(10); # the following line doesn't work $SHELL; ?> (PHP 5.4.6-1ubuntu1.2 (cli) (built: Mar 11 2013 14:57:54) Copyright (c) 1997-2012 The PHP Group Zend Engine v2.4.0, Copyright (c) 1998-2012 Zend Technologies )

    Read the article

  • Toorcon14

    - by danx
    Toorcon 2012 Information Security Conference San Diego, CA, http://www.toorcon.org/ Dan Anderson, October 2012 It's almost Halloween, and we all know what that means—yes, of course, it's time for another Toorcon Conference! Toorcon is an annual conference for people interested in computer security. This includes the whole range of hackers, computer hobbyists, professionals, security consultants, press, law enforcement, prosecutors, FBI, etc. We're at Toorcon 14—see earlier blogs for some of the previous Toorcon's I've attended (back to 2003). This year's "con" was held at the Westin on Broadway in downtown San Diego, California. The following are not necessarily my views—I'm just the messenger—although I could have misquoted or misparaphrased the speakers. Also, I only reviewed some of the talks, below, which I attended and interested me. MalAndroid—the Crux of Android Infections, Aditya K. Sood Programming Weird Machines with ELF Metadata, Rebecca "bx" Shapiro Privacy at the Handset: New FCC Rules?, Valkyrie Hacking Measured Boot and UEFI, Dan Griffin You Can't Buy Security: Building the Open Source InfoSec Program, Boris Sverdlik What Journalists Want: The Investigative Reporters' Perspective on Hacking, Dave Maas & Jason Leopold Accessibility and Security, Anna Shubina Stop Patching, for Stronger PCI Compliance, Adam Brand McAfee Secure & Trustmarks — a Hacker's Best Friend, Jay James & Shane MacDougall MalAndroid—the Crux of Android Infections Aditya K. Sood, IOActive, Michigan State PhD candidate Aditya talked about Android smartphone malware. There's a lot of old Android software out there—over 50% Gingerbread (2.3.x)—and most have unpatched vulnerabilities. Of 9 Android vulnerabilities, 8 have known exploits (such as the old Gingerbread Global Object Table exploit). Android protection includes sandboxing, security scanner, app permissions, and screened Android app market. The Android permission checker has fine-grain resource control, policy enforcement. Android static analysis also includes a static analysis app checker (bouncer), and a vulnerablity checker. What security problems does Android have? User-centric security, which depends on the user to grant permission and make smart decisions. But users don't care or think about malware (the're not aware, not paranoid). All they want is functionality, extensibility, mobility Android had no "proper" encryption before Android 3.0 No built-in protection against social engineering and web tricks Alternative Android app markets are unsafe. Simply visiting some markets can infect Android Aditya classified Android Malware types as: Type A—Apps. These interact with the Android app framework. For example, a fake Netflix app. Or Android Gold Dream (game), which uploads user files stealthy manner to a remote location. Type K—Kernel. Exploits underlying Linux libraries or kernel Type H—Hybrid. These use multiple layers (app framework, libraries, kernel). These are most commonly used by Android botnets, which are popular with Chinese botnet authors What are the threats from Android malware? These incude leak info (contacts), banking fraud, corporate network attacks, malware advertising, malware "Hackivism" (the promotion of social causes. For example, promiting specific leaders of the Tunisian or Iranian revolutions. Android malware is frequently "masquerated". That is, repackaged inside a legit app with malware. To avoid detection, the hidden malware is not unwrapped until runtime. The malware payload can be hidden in, for example, PNG files. Less common are Android bootkits—there's not many around. What they do is hijack the Android init framework—alteering system programs and daemons, then deletes itself. For example, the DKF Bootkit (China). Android App Problems: no code signing! all self-signed native code execution permission sandbox — all or none alternate market places no robust Android malware detection at network level delayed patch process Programming Weird Machines with ELF Metadata Rebecca "bx" Shapiro, Dartmouth College, NH https://github.com/bx/elf-bf-tools @bxsays on twitter Definitions. "ELF" is an executable file format used in linking and loading executables (on UNIX/Linux-class machines). "Weird machine" uses undocumented computation sources (I think of them as unintended virtual machines). Some examples of "weird machines" are those that: return to weird location, does SQL injection, corrupts the heap. Bx then talked about using ELF metadata as (an uintended) "weird machine". Some ELF background: A compiler takes source code and generates a ELF object file (hello.o). A static linker makes an ELF executable from the object file. A runtime linker and loader takes ELF executable and loads and relocates it in memory. The ELF file has symbols to relocate functions and variables. ELF has two relocation tables—one at link time and another one at loading time: .rela.dyn (link time) and .dynsym (dynamic table). GOT: Global Offset Table of addresses for dynamically-linked functions. PLT: Procedure Linkage Tables—works with GOT. The memory layout of a process (not the ELF file) is, in order: program (+ heap), dynamic libraries, libc, ld.so, stack (which includes the dynamic table loaded into memory) For ELF, the "weird machine" is found and exploited in the loader. ELF can be crafted for executing viruses, by tricking runtime into executing interpreted "code" in the ELF symbol table. One can inject parasitic "code" without modifying the actual ELF code portions. Think of the ELF symbol table as an "assembly language" interpreter. It has these elements: instructions: Add, move, jump if not 0 (jnz) Think of symbol table entries as "registers" symbol table value is "contents" immediate values are constants direct values are addresses (e.g., 0xdeadbeef) move instruction: is a relocation table entry add instruction: relocation table "addend" entry jnz instruction: takes multiple relocation table entries The ELF weird machine exploits the loader by relocating relocation table entries. The loader will go on forever until told to stop. It stores state on stack at "end" and uses IFUNC table entries (containing function pointer address). The ELF weird machine, called "Brainfu*k" (BF) has: 8 instructions: pointer inc, dec, inc indirect, dec indirect, jump forward, jump backward, print. Three registers - 3 registers Bx showed example BF source code that implemented a Turing machine printing "hello, world". More interesting was the next demo, where bx modified ping. Ping runs suid as root, but quickly drops privilege. BF modified the loader to disable the library function call dropping privilege, so it remained as root. Then BF modified the ping -t argument to execute the -t filename as root. It's best to show what this modified ping does with an example: $ whoami bx $ ping localhost -t backdoor.sh # executes backdoor $ whoami root $ The modified code increased from 285948 bytes to 290209 bytes. A BF tool compiles "executable" by modifying the symbol table in an existing ELF executable. The tool modifies .dynsym and .rela.dyn table, but not code or data. Privacy at the Handset: New FCC Rules? "Valkyrie" (Christie Dudley, Santa Clara Law JD candidate) Valkyrie talked about mobile handset privacy. Some background: Senator Franken (also a comedian) became alarmed about CarrierIQ, where the carriers track their customers. Franken asked the FCC to find out what obligations carriers think they have to protect privacy. The carriers' response was that they are doing just fine with self-regulation—no worries! Carriers need to collect data, such as missed calls, to maintain network quality. But carriers also sell data for marketing. Verizon sells customer data and enables this with a narrow privacy policy (only 1 month to opt out, with difficulties). The data sold is not individually identifiable and is aggregated. But Verizon recommends, as an aggregation workaround to "recollate" data to other databases to identify customers indirectly. The FCC has regulated telephone privacy since 1934 and mobile network privacy since 2007. Also, the carriers say mobile phone privacy is a FTC responsibility (not FCC). FTC is trying to improve mobile app privacy, but FTC has no authority over carrier / customer relationships. As a side note, Apple iPhones are unique as carriers have extra control over iPhones they don't have with other smartphones. As a result iPhones may be more regulated. Who are the consumer advocates? Everyone knows EFF, but EPIC (Electrnic Privacy Info Center), although more obsecure, is more relevant. What to do? Carriers must be accountable. Opt-in and opt-out at any time. Carriers need incentive to grant users control for those who want it, by holding them liable and responsible for breeches on their clock. Location information should be added current CPNI privacy protection, and require "Pen/trap" judicial order to obtain (and would still be a lower standard than 4th Amendment). Politics are on a pro-privacy swing now, with many senators and the Whitehouse. There will probably be new regulation soon, and enforcement will be a problem, but consumers will still have some benefit. Hacking Measured Boot and UEFI Dan Griffin, JWSecure, Inc., Seattle, @JWSdan Dan talked about hacking measured UEFI boot. First some terms: UEFI is a boot technology that is replacing BIOS (has whitelisting and blacklisting). UEFI protects devices against rootkits. TPM - hardware security device to store hashs and hardware-protected keys "secure boot" can control at firmware level what boot images can boot "measured boot" OS feature that tracks hashes (from BIOS, boot loader, krnel, early drivers). "remote attestation" allows remote validation and control based on policy on a remote attestation server. Microsoft pushing TPM (Windows 8 required), but Google is not. Intel TianoCore is the only open source for UEFI. Dan has Measured Boot Tool at http://mbt.codeplex.com/ with a demo where you can also view TPM data. TPM support already on enterprise-class machines. UEFI Weaknesses. UEFI toolkits are evolving rapidly, but UEFI has weaknesses: assume user is an ally trust TPM implicitly, and attached to computer hibernate file is unprotected (disk encryption protects against this) protection migrating from hardware to firmware delays in patching and whitelist updates will UEFI really be adopted by the mainstream (smartphone hardware support, bank support, apathetic consumer support) You Can't Buy Security: Building the Open Source InfoSec Program Boris Sverdlik, ISDPodcast.com co-host Boris talked about problems typical with current security audits. "IT Security" is an oxymoron—IT exists to enable buiness, uptime, utilization, reporting, but don't care about security—IT has conflict of interest. There's no Magic Bullet ("blinky box"), no one-size-fits-all solution (e.g., Intrusion Detection Systems (IDSs)). Regulations don't make you secure. The cloud is not secure (because of shared data and admin access). Defense and pen testing is not sexy. Auditors are not solution (security not a checklist)—what's needed is experience and adaptability—need soft skills. Step 1: First thing is to Google and learn the company end-to-end before you start. Get to know the management team (not IT team), meet as many people as you can. Don't use arbitrary values such as CISSP scores. Quantitive risk assessment is a myth (e.g. AV*EF-SLE). Learn different Business Units, legal/regulatory obligations, learn the business and where the money is made, verify company is protected from script kiddies (easy), learn sensitive information (IP, internal use only), and start with low-hanging fruit (customer service reps and social engineering). Step 2: Policies. Keep policies short and relevant. Generic SANS "security" boilerplate policies don't make sense and are not followed. Focus on acceptable use, data usage, communications, physical security. Step 3: Implementation: keep it simple stupid. Open source, although useful, is not free (implementation cost). Access controls with authentication & authorization for local and remote access. MS Windows has it, otherwise use OpenLDAP, OpenIAM, etc. Application security Everyone tries to reinvent the wheel—use existing static analysis tools. Review high-risk apps and major revisions. Don't run different risk level apps on same system. Assume host/client compromised and use app-level security control. Network security VLAN != segregated because there's too many workarounds. Use explicit firwall rules, active and passive network monitoring (snort is free), disallow end user access to production environment, have a proxy instead of direct Internet access. Also, SSL certificates are not good two-factor auth and SSL does not mean "safe." Operational Controls Have change, patch, asset, & vulnerability management (OSSI is free). For change management, always review code before pushing to production For logging, have centralized security logging for business-critical systems, separate security logging from administrative/IT logging, and lock down log (as it has everything). Monitor with OSSIM (open source). Use intrusion detection, but not just to fulfill a checkbox: build rules from a whitelist perspective (snort). OSSEC has 95% of what you need. Vulnerability management is a QA function when done right: OpenVas and Seccubus are free. Security awareness The reality is users will always click everything. Build real awareness, not compliance driven checkbox, and have it integrated into the culture. Pen test by crowd sourcing—test with logging COSSP http://www.cossp.org/ - Comprehensive Open Source Security Project What Journalists Want: The Investigative Reporters' Perspective on Hacking Dave Maas, San Diego CityBeat Jason Leopold, Truthout.org The difference between hackers and investigative journalists: For hackers, the motivation varies, but method is same, technological specialties. For investigative journalists, it's about one thing—The Story, and they need broad info-gathering skills. J-School in 60 Seconds: Generic formula: Person or issue of pubic interest, new info, or angle. Generic criteria: proximity, prominence, timeliness, human interest, oddity, or consequence. Media awareness of hackers and trends: journalists becoming extremely aware of hackers with congressional debates (privacy, data breaches), demand for data-mining Journalists, use of coding and web development for Journalists, and Journalists busted for hacking (Murdock). Info gathering by investigative journalists include Public records laws. Federal Freedom of Information Act (FOIA) is good, but slow. California Public Records Act is a lot stronger. FOIA takes forever because of foot-dragging—it helps to be specific. Often need to sue (especially FBI). CPRA is faster, and requests can be vague. Dumps and leaks (a la Wikileaks) Journalists want: leads, protecting ourselves, our sources, and adapting tools for news gathering (Google hacking). Anonomity is important to whistleblowers. They want no digital footprint left behind (e.g., email, web log). They don't trust encryption, want to feel safe and secure. Whistleblower laws are very weak—there's no upside for whistleblowers—they have to be very passionate to do it. Accessibility and Security or: How I Learned to Stop Worrying and Love the Halting Problem Anna Shubina, Dartmouth College Anna talked about how accessibility and security are related. Accessibility of digital content (not real world accessibility). mostly refers to blind users and screenreaders, for our purpose. Accessibility is about parsing documents, as are many security issues. "Rich" executable content causes accessibility to fail, and often causes security to fail. For example MS Word has executable format—it's not a document exchange format—more dangerous than PDF or HTML. Accessibility is often the first and maybe only sanity check with parsing. They have no choice because someone may want to read what you write. Google, for example, is very particular about web browser you use and are bad at supporting other browsers. Uses JavaScript instead of links, often requiring mouseover to display content. PDF is a security nightmare. Executible format, embedded flash, JavaScript, etc. 15 million lines of code. Google Chrome doesn't handle PDF correctly, causing several security bugs. PDF has an accessibility checker and PDF tagging, to help with accessibility. But no PDF checker checks for incorrect tags, untagged content, or validates lists or tables. None check executable content at all. The "Halting Problem" is: can one decide whether a program will ever stop? The answer, in general, is no (Rice's theorem). The same holds true for accessibility checkers. Language-theoretic Security says complicated data formats are hard to parse and cannot be solved due to the Halting Problem. W3C Web Accessibility Guidelines: "Perceivable, Operable, Understandable, Robust" Not much help though, except for "Robust", but here's some gems: * all information should be parsable (paraphrasing) * if not parsable, cannot be converted to alternate formats * maximize compatibility in new document formats Executible webpages are bad for security and accessibility. They say it's for a better web experience. But is it necessary to stuff web pages with JavaScript for a better experience? A good example is The Drudge Report—it has hand-written HTML with no JavaScript, yet drives a lot of web traffic due to good content. A bad example is Google News—hidden scrollbars, guessing user input. Solutions: Accessibility and security problems come from same source Expose "better user experience" myth Keep your corner of Internet parsable Remember "Halting Problem"—recognize false solutions (checking and verifying tools) Stop Patching, for Stronger PCI Compliance Adam Brand, protiviti @adamrbrand, http://www.picfun.com/ Adam talked about PCI compliance for retail sales. Take an example: for PCI compliance, 50% of Brian's time (a IT guy), 960 hours/year was spent patching POSs in 850 restaurants. Often applying some patches make no sense (like fixing a browser vulnerability on a server). "Scanner worship" is overuse of vulnerability scanners—it gives a warm and fuzzy and it's simple (red or green results—fix reds). Scanners give a false sense of security. In reality, breeches from missing patches are uncommon—more common problems are: default passwords, cleartext authentication, misconfiguration (firewall ports open). Patching Myths: Myth 1: install within 30 days of patch release (but PCI §6.1 allows a "risk-based approach" instead). Myth 2: vendor decides what's critical (also PCI §6.1). But §6.2 requires user ranking of vulnerabilities instead. Myth 3: scan and rescan until it passes. But PCI §11.2.1b says this applies only to high-risk vulnerabilities. Adam says good recommendations come from NIST 800-40. Instead use sane patching and focus on what's really important. From NIST 800-40: Proactive: Use a proactive vulnerability management process: use change control, configuration management, monitor file integrity. Monitor: start with NVD and other vulnerability alerts, not scanner results. Evaluate: public-facing system? workstation? internal server? (risk rank) Decide:on action and timeline Test: pre-test patches (stability, functionality, rollback) for change control Install: notify, change control, tickets McAfee Secure & Trustmarks — a Hacker's Best Friend Jay James, Shane MacDougall, Tactical Intelligence Inc., Canada "McAfee Secure Trustmark" is a website seal marketed by McAfee. A website gets this badge if they pass their remote scanning. The problem is a removal of trustmarks act as flags that you're vulnerable. Easy to view status change by viewing McAfee list on website or on Google. "Secure TrustGuard" is similar to McAfee. Jay and Shane wrote Perl scripts to gather sites from McAfee and search engines. If their certification image changes to a 1x1 pixel image, then they are longer certified. Their scripts take deltas of scans to see what changed daily. The bottom line is change in TrustGuard status is a flag for hackers to attack your site. Entire idea of seals is silly—you're raising a flag saying if you're vulnerable.

    Read the article

  • How to create item in SharePoint2010 document library using SharePoint Web service

    - by ybbest
    Today, I’d like to show you how to create item in SharePoint2010 document library using SharePoint Web service. Originally, I thought I could use the WebSvcLists(list.asmx) that provides methods for working with lists and list data. However, after a bit Googling , I realize that I need to use the WebSvcCopy (copy.asmx).Here are the code used private const string siteUrl = "http://ybbest"; private static void Main(string[] args) { using (CopyWSProxyWrapper copyWSProxyWrapper = new CopyWSProxyWrapper(siteUrl)) { copyWSProxyWrapper.UploadFile("TestDoc2.pdf", new[] {string.Format("{0}/Shared Documents/TestDoc2.pdf", siteUrl)}, Resource.TestDoc, GetFieldInfos().ToArray()); } } private static List<FieldInformation> GetFieldInfos() { var fieldInfos = new List<FieldInformation>(); //The InternalName , DisplayName and FieldType are both required to make it work fieldInfos.Add(new FieldInformation { InternalName = "Title", Value = "TestDoc2.pdf", DisplayName = "Title", Type = FieldType.Text }); return fieldInfos; } Here is the code for the proxy wrapper. public class CopyWSProxyWrapper : IDisposable { private readonly string siteUrl; public CopyWSProxyWrapper(string siteUrl) { this.siteUrl = siteUrl; } private readonly CopySoapClient proxy = new CopySoapClient(); public void UploadFile(string testdoc2Pdf, string[] destinationUrls, byte[] testDoc, FieldInformation[] fieldInformations) { using (CopySoapClient proxy = new CopySoapClient()) { proxy.Endpoint.Address = new EndpointAddress(String.Format("{0}/_vti_bin/copy.asmx", siteUrl)); proxy.ClientCredentials.Windows.ClientCredential = CredentialCache.DefaultNetworkCredentials; proxy.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation; CopyResult[] copyResults = null; try { proxy.CopyIntoItems(testdoc2Pdf, destinationUrls, fieldInformations, testDoc, out copyResults); } catch (Exception e) { System.Console.WriteLine(e); } if (copyResults != null) System.Console.WriteLine(copyResults[0].ErrorMessage); System.Console.ReadLine(); } } public void Dispose() { proxy.Close(); } } You can download the source code here . ******Update********** It seems to be a bug that , you can not set the contentType when create a document item using Copy.asmx. In sp2007 the field type was Choice, however, in sp2010 it is actually Computed. I have tried using the Computed field type with no luck. I have also tried sending the ContentTypeId and this does not work.You might have to write your own web services to handle this.You can check my previous blog on how to get started with you own custom WCF in SP2010 here. References: SharePoint 2010 Web Services SharePoint2007 Web Services SharePoint MSDN Forum

    Read the article

  • Commercial Software Development – my presentation for DDD Scotland now available for download

    - by Liam Westley
    Thanks to everyone who voted me onto the DDD Scotland agenda, and for the fantastic audience some of whom you can see in Craig Murphy's photos of the event, http://www.flickr.com/photos/craigmurphy/4592461745/in/set-72157624025673156 http://www.flickr.com/photos/craigmurphy/4592467645/in/set-72157624025673156 I hope those who came enjoyed the session had a good time, and for them or those who were on one of the other tracks, or who couldn’t squeeze in; I’ve uploaded the presentation for you to download.  I created a more simple, and smaller, PowerPoint without all the fancy animations and video clips, which is available as a compressed ZIP file,   http://www.tigernews.co.uk/blog-twickers/dddscot/commercialsoftwaredev.zip I also printed the presentation with speaker notes (which contain most of the information I was talking about) using PDFCreator, which is available as an Adobe Acrobat PDF here,   http://www.tigernews.co.uk/blog-twickers/dddscot/commercialsoftwaredev.pdf ... and if PowerPoint presentations don't do it for you, also thanks to Craig Murphy, you can watch a video of the presentation that I gave at DDD8 in Microsoft TVP, Reading,  http://vimeo.com/9216563

    Read the article

  • Thanks to .Net Developers Network in Bristol - Hyper-V for Developers slides not available for downl

    - by Liam Westley
    Thanks to the guys at .Net Developers Network (http://www.dotnetdevnet.com) for inviting me down to Bristol to present on Hyper-V for Developers.  There were some great questions and genuine interest, especially surprising for a topic that often has a soporific effect on developers. You can download the original PowerPoint file or the PDF complete with speaker notes from here, http://www.tigernews.co.uk/blog-twickers/dotnetdevnet/HyperV4Devs-PPT.zip http://www.tigernews.co.uk/blog-twickers/dotnetdevnet/HyperV4Devs-PDF.zip I should be back for DDD SouthWest (http://www.dddsouthwest.com).  You can get voting from Monday 29th March 2010, and for a change my proposed topic is not about virtualisation! Finally, apologies to Guy Smith-Ferrier for dragging him away from the Bristol Girl Geek Dinners (http://bristolgirlgeekdinners.com) crew so I could catch my train back to London.

    Read the article

< Previous Page | 120 121 122 123 124 125 126 127 128 129 130 131  | Next Page >