Search Results

Search found 449 results on 18 pages for 'austin powers'.

Page 13/18 | < Previous Page | 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • .html extension or no for SEO purposes

    - by Scott Schluer
    I know this question has been asked before on Stack Overflow, but what I have not been able to find in the posts I've read are concrete references as to WHY one is better than the other (something I can take to my boss). So I'm working on an MVC 3 application that is basically a rewrite of the existing production application (web forms) using MVC. The current site uses a URL rewriter to rewrite "friendly" urls with HTML extensions to their ASPX counterpart. i.e. http://www.site.com/products/18554-widget.html gets rewritten to http://www.site.com/products.aspx?id=18554 We're moving away from this with the MVC site, but the powers that be still want the HTML extension on the URLs. As a developer, that just feels wrong on an MVC site. I've written a quick and dirty HttpModule that will perform a 301 redirect from the .html URL to the same URL without the .html extension and it works fine, but I need to convince management that removing the .html extension is not going to hurt SEO. I'd prefer to have this sort of friendly URL: http://www.site.com/products/18554-widget Can anyone provide information to back up my position or am I actually trying to do something that WOULD hurt SEO, in which case can you provide references on that?

    Read the article

  • Maximum 5 minute battery life with Ubuntu 11.10 on HP laptop

    - by JamesG
    I apologise if this question is too similar to the numerous others already asked, but it seems that my difference in battery life is significantly more noticeable than others that have been reported. I recently installed Ubuntu 11.10 on my HP Pavilion dv6 laptop (which I purchased brand new just under one year ago). When running Windows 7 on this laptop, I have been able to get up to two and a half to three hours of battery life with wireless disabled and when running only Microsoft Word. However, when running Ubuntu, I am unable to use the laptop if it is not plugged in. Upon unplugging the fully-charged machine from the power cord, if I have wireless enabled, I immediately receive a notification that the battery levels are critically low and that shutdown is imminent. Even if I replace the power plug, the laptop shuts down within thirty seconds. If I disable wireless capability, I am able to run the laptop for an absolute maximum of five minutes on battery powers before receiving the same message. I have tried running with Jupiter on Power Saver mode, but to no noticeable effect. Ignoring the fact that I can't use my laptop without being attached to a power source, I really do enjoy using Ubuntu, and hence would greatly appreciate any help that can be offered.

    Read the article

  • Weekend Project: Build a Fireball Launcher

    - by Jason Fitzpatrick
    What’s more fun than playing with fire? Shooting it from your hands. Put on your robe and wizard hat, make a stop at the hardware store, and spend the weekend trying to convince your friends you’ve acquired supernatural powers. Over at MAKE Magazine, Joel Johnson explains the impetus for his project: A stalwart of close-quarter magicians for years, the electronic flash gun is a simple device: a battery-powered, hand-held ignitor that uses a “glo-plug” to light a bit of flash paper and cotton, shooting a fireball a few feet into the air. You can buy one from most magic shops for around $50, but if you build one on your own, you’ll not only save a few bucks, you’ll also learn how easy it is to add fire effects to almost any electronics project. (And what gadget couldn’t stand a little more spurting flame?) The parts list is minimal but the end effect is pretty fantastic. Hit up the link below for the full build guide, plenty of warnings, and a weekend project that’s sure to impress. How to Own Your Own Website (Even If You Can’t Build One) Pt 3 How to Sync Your Media Across Your Entire House with XBMC How to Own Your Own Website (Even If You Can’t Build One) Pt 2

    Read the article

  • Should I use a separate 'admin' user as my "root sudo" or grant sudo to my 'app' user?

    - by AJB
    I'm still wrapping my brain around the Ubuntu 'nullify root' user management philosophy (and Linux in general) and I'm wondering if I should 'replace' my root user with a user called 'admin' (which basically has all the powers of the root, when using sudo) and create another user called 'app' that will be the primary user for my app. Here's the context: I'll be running a LNMP stack on Ubuntu 12.04 Server LTS. There will be only one app running on the server. The 'app' user needs to have SUPER privileges for MySQL. PHP will need to be able to exec() shell commands. The 'app' user will need to be able to transfer files via SFTP. And I'm thinking this would be the best approach: nullify 'root' user create a user called 'admin' that will be a full sudoer of root, this will be the new "root" user of NGINX, PHP, and MySQL (and all system software) grant SUPER privileges to 'app' in MySQL Grant SFTP privileges to only the 'app' user. As I'm new to this, and the information I've found in researching it tends to be of a more general nature, I'm wondering if this is a solid approach, or if it's unorthodox in a way that would cause issues down the road. Thanks in advance for any help.

    Read the article

  • Is my graphics card in use or not?

    - by Lindhe94
    I have a Samsung Series 7 NP730U3E which is running Ubuntu Gnome 13.10. This computer have an Intel Core i5 3337U an AMD Radeon HD 8570M on the inside. Ubuntu 13.10 is said to have driver support for this graphics card, but I am not sure whether or not this is the case. When I check System Settings Details it says "Graphics: Intel® Ivybridge Mobile" and lspci | grep VGA returns VGA compatible controller: Intel Corporation 3rd Gen Core processor Graphics Controller (rev 09). But lshw -c video returns *-display description: Display controller product: Mars [Radeon HD 8730M] vendor: Advanced Micro Devices, Inc. [AMD/ATI] physical id: 0 bus info: pci@0000:01:00.0 version: 00 width: 64 bits clock: 33MHz capabilities: pm pciexpress msi bus_master cap_list rom configuration: driver=radeon latency=0 resources: irq:47 memory:e0000000-efffffff memory:f7e00000-f7e3ffff ioport:e000(size=256) memory:f7e40000-f7e5ffff *-display description: VGA compatible controller product: 3rd Gen Core processor Graphics Controller vendor: Intel Corporation physical id: 2 bus info: pci@0000:00:02.0 version: 09 width: 64 bits clock: 33MHz capabilities: msi pm vga_controller bus_master cap_list rom configuration: driver=i915 latency=0 resources: irq:46 memory:f7800000-f7bfffff memory:d0000000-dfffffff ioport:f000(size=64) What is the case? Is my graphics card is use, or do my laptop have undiscovered powers yet to yield?

    Read the article

  • What makes Ubuntu awesome [closed]

    - by Shagun
    My question may sound stupid or inappropriate for this site in which case I apologize before hand. This thing has bothered me for quiet some time so please correct me if there is anything inappropriate: I have been using Ubuntu for past 1 year and I know how awesome it is and in what terms is it better than windows.But around 2 weeks ago some of my friends asked me to show them something on Ubuntu or tell something about Ubuntu that makes people prefer it over windows. I tried to convince them by telling things like its open-source, that most of the super-computers run on Linux, that its unaffected by virus and other stuff but they seemed unconvinced. Maybe what they we looking for was some mind-boggling feature which only Ubuntu (Linux) has. Since that day I have been thinking but yet don't have anything that will show them the true powers of Linux. Please suggest your response to such a situation as it troubles me that I am not able to explain them one thing that I myself believe in. Thank you. PS : I am not looking for a theoretical answer but would like to hear of one such application which it and only it provides.

    Read the article

  • More details on America's Cup use of Oracle Data Mining

    - by charlie.berger
    BMW Oracle Racing's America's Cup: A Victory for Database Technology BMW Oracle Racing's victory in the 33rd America's Cup yacht race in February showcased the crew's extraordinary sailing expertise. But to hear them talk, the real stars weren't actually human. "The story of this race is in the technology," says Ian Burns, design coordinator for BMW Oracle Racing. Gathering and Mining Sailing DataFrom the drag-resistant hull to its 23-story wing sail, the BMW Oracle USA trimaran is a technological marvel. But to learn to sail it well, the crew needed to review enormous amounts of reliable data every time they took the boat for a test run. Burns and his team collected performance data from 250 sensors throughout the trimaran at the rate of 10 times per second. An hour of sailing alone generates 90 million data points.BMW Oracle Racing turned to Oracle Data Mining in Oracle Database 11g to extract maximum value from the data. Burns and his team reviewed and shared raw data with crew members daily using a Web application built in Oracle Application Express (Oracle APEX). "Someone would say, 'Wouldn't it be great if we could look at some new combination of numbers?' We could quickly build an Oracle Application Express application and share the information during the same meeting," says Burns. Analyzing Wind and Other Environmental ConditionsBurns then streamed the data to the Oracle Austin Data Center, where a dedicated team tackled deeper analysis. Because the data was collected in an Oracle Database, the Data Center team could dive straight into the analytics problems without having to do any extract, transform, and load processes or data conversion. And the many advanced data mining algorithms in Oracle Data Mining allowed the analytics team to build vital performance analytics. For example, the technology team could remove masking elements such as environmental conditions to give accurate data on the best mast rotation for certain wind conditions. Without the data mining, Burns says the boat wouldn't have run as fast. "The design of the boat was important, but once you've got it designed, the whole race is down to how the guys can use it," he says. "With Oracle database technology we could compare the incremental improvements in our performance from the first day of sailing to the very last day. With data mining we could check data against the things we saw, and we could find things that weren't otherwise easily observable and findable."

    Read the article

  • Get to Know a Candidate (12 of 25): Andre Barnett&ndash;Reform Party

    - by Brian Lanham
    DISCLAIMER: This is not a post about “Romney” or “Obama”. This is not a post for whom I am voting. Information sourced for Wikipedia. Barnett is an American politician and entrepreneur. He is the founder of the information technology (IT) company WiseDome Inc.  Barnett was born in Zanesville, Ohio in 1976. He attended Austin Peay State University and Western Governors University.  A former member of the United States Armed Forces, Barnett served in Sarajevo before being wounded in a helicopter accident.  Following his military service, Barnett became a fitness model in New York. In 2001, he founded WiseDome Incorporated, an IT company that provides information technology and data recovery services. Reform Party of the United States of America (RPUSA), generally known as the Reform Party USA or the Reform Party, is a political party in the United States, founded in 1995 by Ross Perot. Perot said Americans were disillusioned with the state of politics—as being corrupt and unable to deal with vital issues—and desired a viable alternative to the Republican and Democratic Parties. The party has nominated different candidates over the years, such as founder Ross Perot, Pat Buchanan, and Ralph Nader. The party's most significant victory came when Jesse Ventura was elected governor of Minnesota in 1998. Since then, the party has been torn by infighting and disagreements, which it seeks to overcome. The Reform Party platform includes the following: * Maintaining a balanced budget, ensured by passing a Balanced Budget Amendment and changing budgeting practices, and paying down the federal debt * Campaign finance reform, including strict limits on campaign contributions and the outlawing of the Political action committee * Enforcement of existing immigration laws and opposition to illegal immigration * Opposition to free trade agreements like the North American Free Trade Agreement and Central America Free Trade Agreement, and a call for withdrawal from the World Trade Organization * Term limits on U.S. Representatives and Senators * Direct election of the United States President by popular vote * Federal elections held on weekends A noticeable absence from the Reform Party platform has been social issues, including abortion and gay rights. Reform Party representatives had long stated beliefs that their party could bring together people from both sides of these issues, which they consider divisive, to address what they considered to be more vital concerns as expressed in their platform. The idea was to form a large coalition of moderates; that intention was overridden in 2001 by the Buchanan takeover which rewrote the RPUSA Constitution to specifically include platform planks opposed to any form of abortion. The Buchananists, in turn, were overridden by the 2002 Convention which specifically reverted the Constitution to its 1996 version and the party's original stated goals. Barnett has Ballot Access in: FL Learn more about Andre Barnett and Reform Party on Wikipedia.

    Read the article

  • MySQL Connect Keynotes and Presentations Available Online

    - by Bertrand Matthelié
    72 1024x768 Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Following the tremendous success of MySQL Connect, you can now watch some of the keynotes online: The State of the Dolphin – by Oracle Chief Corporate Architect Edward Screven and MySQL Vice President of Engineering Tomas Ulin 72 1024x768 Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Cambria","serif";} MySQL Perspectives – featuring power users of MySQL who share their experiences and perspectives: Jeremy Cole, DBA Team Manager, Twitter Daniel Austin, Chief Architect, PayPal Ash Kanagat, IT Director; and Shivinder Singh, Database Architect, Verizon Wireless You can also access slides from a number of MySQL Connect presentations in the Content Catalog. Missing ones will be added shortly (provided the speakers consented to it). Enjoy!

    Read the article

  • PHP sorting issue with simpleXML

    - by tugbucket
    test.xml: <?xml version="1.0"?> <props> <prop> <state statename="Mississippi"> <info> <code>a1</code> <location>Jackson</location> </info> <info> <code>d2</code> <location>Gulfport</location> </info> <info> <code>g6</code> <location>Hattiesburg</location> </info> </state> <state statename="Texas"> <info> <code>i9</code> <location>Dallas</location> </info> <info> <code>a7</code> <location>Austin</location> </info> </state> <state statename="Maryland"> <info> <code>s5</code> <location>Mount Laurel</location> </info> <info> <code>f0</code> <location>Baltimore</location> </info> <info> <code>h4</code> <location>Annapolis</location> </info> </state> </prop> </props> test.php // start the sortCities function sortCities($a, $b){ return strcmp($a->location, $b->location); } // start the sortStates function sortStates($t1, $t2) { return strcmp($t1['statename'], $t2['statename']); } $props = simplexml_load_file('test.xml'); foreach ($props->prop as $prop) { $sortedStates = array(); foreach($prop->state as $states) { $sortedStates[] = $states; } usort($sortedStates, "sortStates"); // finish the sortStates /* --- */ echo '<pre>'."\n"; print_r($sortedStates); echo '</pre>'."\n"; /* --- */ foreach ($prop->children() as $stateattr) { // this doesn't do it //foreach($sortedStates as $hotel => @attributes){ // blargh! if(isset($stateattr->info)) { $statearr = $stateattr->attributes(); echo '<optgroup label="'.$statearr['statename'].'">'."\n"; $options = array(); foreach($stateattr->info as $info) { $options[] = $info; } usort($options, "sortCities"); // finish the sortCities foreach($options as $stateattr => $info){ echo '<option value="'.$info->code.'">'.$info->location.'</option>'."\n"; } echo '</optgroup>'."\n"; } else { //empty nodes don't do squat } } } ?> This is the array that: print_r($sortedStates); prints out: Array ( [0] => SimpleXMLElement Object ( [@attributes] => Array ( [statename] => Maryland ) [info] => Array ( [0] => SimpleXMLElement Object ( [code] => s5 [location] => Mount Laurel ) [1] => SimpleXMLElement Object ( [code] => f0 [location] => Baltimore ) [2] => SimpleXMLElement Object ( [code] => h4 [location] => Annapolis ) ) ) [1] => SimpleXMLElement Object ( [@attributes] => Array ( [statename] => Mississippi ) [info] => Array ( [0] => SimpleXMLElement Object ( [code] => a1 [location] => Jackson ) [1] => SimpleXMLElement Object ( [code] => d2 [location] => Gulfport ) [2] => SimpleXMLElement Object ( [code] => g6 [location] => Hattiesburg ) ) ) [2] => SimpleXMLElement Object ( [@attributes] => Array ( [statename] => Texas ) [info] => Array ( [0] => SimpleXMLElement Object ( [code] => i9 [location] => Dallas ) [1] => SimpleXMLElement Object ( [code] => a7 [location] => Austin ) ) ) ) this: // start the sortCities function sortCities($a, $b){ return strcmp($a->location, $b->location); } plus this part of code: $options = array(); foreach($stateattr->info as $info) { $options[] = $info; } usort($options, "sortCities"); // finish the sortCities foreach($options as $stateattr => $info){ echo '<option value="'.$info->code.'">'.$info->location.'</option>'."\n"; } is doing a fine job of sorting by the 'location' node within each optgroup. You can see that in the array I can make it sort by the attribute 'statename'. What I am having trouble with is echoing out and combining the two functions in order to have it auto sort both the states and the cities within and forming the needed optgroups. I tried copying the lines for the cities and changing the names called several ways to no avail.

    Read the article

  • Pain Comes Instantly

    - by user701213
    When I look back at recent blog entries – many of which are not all that current (more on where my available writing time is going later) – I am struck by how many of them focus on public policy or legislative issues instead of, say, the latest nefarious cyberattack or exploit (or everyone’s favorite new pastime: coining terms for the Coming Cyberpocalypse: “digital Pearl Harbor” is so 1941). Speaking of which, I personally hope evil hackers from Malefactoria will someday hack into my bathroom scale – which in a future time will be connected to the Internet because, gosh, wouldn’t it be great to have absolutely everything in your life Internet-enabled? – and recalibrate it so I’m 10 pounds thinner. The horror. In part, my focus on public policy is due to an admitted limitation of my skill set. I enjoy reading technical articles about exploits and cybersecurity trends, but writing a blog entry on those topics would take more research than I have time for and, quite honestly, doesn’t play to my strengths. The first rule of writing is “write what you know.” The bigger contributing factor to my recent paucity of blog entries is that more and more of my waking hours are spent engaging in “thrust and parry” activity involving emerging regulations of some sort or other. I’ve opined in earlier blogs about what constitutes good and reasonable public policy so nobody can accuse me of being reflexively anti-regulation. That said, you have so many cycles in the day, and most of us would rather spend it slaying actual dragons than participating in focus groups on whether dragons are really a problem, whether lassoing them (with organic, sustainable and recyclable lassos) is preferable to slaying them – after all, dragons are people, too - and whether we need lasso compliance auditors to make sure lassos are being used correctly and humanely. (A point that seems to evade many rule makers: slaying dragons actually accomplishes something, whereas talking about “approved dragon slaying procedures and requirements” wastes the time of those who are competent to dispatch actual dragons and who were doing so very well without the input of “dragon-slaying theorists.”) Unfortunately for so many of us who would just get on with doing our day jobs, cybersecurity is rapidly devolving into the “focus groups on dragon dispatching” realm, which actual dragons slayers have little choice but to participate in. The general trend in cybersecurity is that powers-that-be – which encompasses groups other than just legislators – are often increasingly concerned and therefore feel they need to Do Something About Cybersecurity. Many seem to believe that if only we had the right amount of regulation and oversight, there would be no data breaches: a breach simply must mean Someone Is At Fault and Needs Supervision. (Leaving aside the fact that we have lots of home invasions despite a) guard dogs b) liberal carry permits c) alarm systems d) etc.) Also note that many well-managed and security-aware organizations, like the US Department of Defense, still get hacked. More specifically, many powers-that-be feel they must direct industry in a multiplicity of ways, up to and including how we actually build and deploy information technology systems. The more prescriptive the requirement, the more regulators or overseers a) can be seen to be doing something b) feel as if they are doing something regardless of whether they are actually doing something useful or cost effective. Note: an unfortunate concomitant of Doing Something is that often the cure is worse than the ailment. That is, doing what overseers want creates unfortunate byproducts that they either didn’t foresee or worse, don’t care about. After all, the logic goes, we Did Something. Prescriptive practice in the IT industry is problematic for a number of reasons. For a start, prescriptive guidance is really only appropriate if: • It is cost effective• It is “current” (meaning, the guidance doesn’t require the use of the technical equivalent of buggy whips long after horse-drawn transportation has become passé)*• It is practical (that is, pragmatic, proven and effective in the real world, not theoretical and unproven)• It solves the right problem With the above in mind, heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged. A little background on PCI before I get too wound up. In 2008, the Payment Card Industry (PCI) Security Standards Council (SSC) introduced the Payment Application Data Security Standard (PA-DSS). That standard requires vendors of payment applications to ensure that their products implement specific requirements and undergo security assessment procedures. In order to have an application listed as a Validated Payment Application (VPA) and available for use by merchants, software vendors are required to execute the PCI Payment Application Vendor Release Agreement (VRA). (Are you still with me through all the acronyms?) Beginning in August 2010, the VRA imposed new obligations on vendors that are extraordinary and extraordinarily bad, short-sighted and unworkable. Specifically, PCI requires vendors to disclose (dare we say “tell all?”) to PCI any known security vulnerabilities and associated security breaches involving VPAs. ASAP. Think about the impact of that. PCI is asking a vendor to disclose to them: • Specific details of security vulnerabilities • Including exploit information or technical details of the vulnerability • Whether or not there is any mitigation available (as in a patch) PCI, in turn, has the right to blab about any and all of the above – specifically, to distribute all the gory details of what is disclosed - to the PCI SSC, qualified security assessors (QSAs), and any affiliate or agent or adviser of those entities, who are in turn permitted to share it with their respective affiliates, agents, employees, contractors, merchants, processors, service providers and other business partners. This assorted crew can’t be more than, oh, hundreds of thousands of entities. Does anybody believe that several hundred thousand people can keep a secret? Or that several hundred thousand people are all equally trustworthy? Or that not one of the people getting all that information would blab vulnerability details to a bad guy, even by accident? Or be a bad guy who uses the information to break into systems? (Wait, was that the Easter Bunny that just hopped by? Bringing world peace, no doubt.) Sarcasm aside, common sense tells us that telling lots of people a secret is guaranteed to “unsecret” the secret. Notably, being provided details of a vulnerability (without a patch) is of little or no use to companies running the affected application. Few users have the technological sophistication to create a workaround, and even if they do, most workarounds break some other functionality in the application or surrounding environment. Also, given the differences among corporate implementations of any application, it is highly unlikely that a single workaround is going to work for all corporate users. So until a patch is developed by the vendor, users remain at risk of exploit: even more so if the details of vulnerability have been widely shared. Sharing that information widely before a patch is available therefore does not help users, and instead helps only those wanting to exploit known security bugs. There’s a shocker for you. Furthermore, we already know that insider information about security vulnerabilities inevitably leaks, which is why most vendors closely hold such information and limit dissemination until a patch is available (and frequently limit dissemination of technical details even with the release of a patch). That’s the industry norm, not that PCI seems to realize or acknowledge that. Why would anybody release a bunch of highly technical exploit information to a cast of thousands, whose only “vetting” is that they are members of a PCI consortium? Oracle has had personal experience with this problem, which is one reason why information on security vulnerabilities at Oracle is “need to know” (we use our own row level access control to limit access to security bugs in our bug database, and thus less than 1% of development has access to this information), and we don’t provide some customers with more information than others or with vulnerability information and/or patches earlier than others. Failure to remember “insider information always leaks” creates problems in the general case, and has created problems for us specifically. A number of years ago, one of the UK intelligence agencies had information about a non-public security vulnerability in an Oracle product that they circulated among other UK and Commonwealth defense and intelligence entities. Nobody, it should be pointed out, bothered to report the problem to Oracle, even though only Oracle could produce a patch. The vulnerability was finally reported to Oracle by (drum roll) a US-based commercial company, to whom the information had leaked. (Note: every time I tell this story, the MI-whatever agency that created the problem gets a bit shirty with us. I know they meant well and have improved their vulnerability handling/sharing processes but, dudes, next time you find an Oracle vulnerability, try reporting it to us first before blabbing to lots of people who can’t actually fix the problem. Thank you!) Getting back to PCI: clearly, these new disclosure obligations increase the risk of exploitation of a vulnerability in a VPA and thus, of misappropriation of payment card data and customer information that a VPA processes, stores or transmits. It stands to reason that VRA’s current requirement for the widespread distribution of security vulnerability exploit details -- at any time, but particularly before a vendor can issue a patch or a workaround -- is very poor public policy. It effectively publicizes information of great value to potential attackers while not providing compensating benefits - actually, any benefits - to payment card merchants or consumers. In fact, it magnifies the risk to payment card merchants and consumers. The risk is most prominent in the time before a patch has been released, since customers often have little option but to continue using an application or system despite the risks. However, the risk is not limited to the time before a patch is issued: customers often need days, or weeks, to apply patches to systems, based upon the complexity of the issue and dependence on surrounding programs. Rather than decreasing the available window of exploit, this requirement increases the available window of exploit, both as to time available to exploit a vulnerability and the ease with which it can be exploited. Also, why would hackers focus on finding new vulnerabilities to exploit if they can get “EZHack” handed to them in such a manner: a) a vulnerability b) in a payment application c) with exploit code: the “Hacking Trifecta!“ It’s fair to say that this is probably the exact opposite of what PCI – or any of us – would want. Established industry practice concerning vulnerability handling avoids the risks created by the VRA’s vulnerability disclosure requirements. Specifically, the norm is not to release information about a security bug until the associated patch (or a pretty darn good workaround) has been issued. Once a patch is available, the notice to the user community is a high-level communication discussing the product at issue, the level of risk associated with the vulnerability, and how to apply the patch. The notices do not include either the specific customers affected by the vulnerability or forensic reports with maps of the exploit (both of which are required by the current VRA). In this way, customers have the tools they need to prioritize patching and to help prevent an attack, and the information released does not increase the risk of exploit. Furthermore, many vendors already use industry standards for vulnerability description: Common Vulnerability Enumeration (CVE) and Common Vulnerability Scoring System (CVSS). CVE helps ensure that customers know which particular issues a patch addresses and CVSS helps customers determine how severe a vulnerability is on a relative scale. Industry already provides the tools customers need to know what the patch contains and how bad the problem is that the patch remediates. So, what’s a poor vendor to do? Oracle is reaching out to other vendors subject to PCI and attempting to enlist then in a broad effort to engage PCI in rethinking (that is, eradicating) these requirements. I would therefore urge all who care about this issue, but especially those in the vendor community whose applications are subject to PCI and who may not have know they were being asked to tell-all to PCI and put their customers at risk, to do one of the following: • Contact PCI with your concerns• Contact Oracle (we are looking for vendors to sign our statement of concern)• And make sure you tell your customers that you have to rat them out to PCI if there is a breach involving the payment application I like to be charitable and say “PCI meant well” but in as important a public policy issue as what you disclose about vulnerabilities, to whom and when, meaning well isn’t enough. We need to do well. PCI, as regards this particular issue, has not done well, and has compounded the error by thus far being nonresponsive to those of us who have labored mightily to try to explain why they might want to rethink telling the entire planet about security problems with no solutions. By Way of Explanation… Non-related to PCI whatsoever, and the explanation for why I have not been blogging a lot recently, I have been working on Other Writing Venues with my sister Diane (who has also worked in the tech sector, inflicting upgrades on unsuspecting and largely ungrateful end users). I am pleased to note that we have recently (self-)published the first in the Miss Information Technology Murder Mystery series, Outsourcing Murder. The genre might best be described as “chick lit meets geek scene.” Our sisterly nom de plume is Maddi Davidson and (shameless plug follows): you can order the paper version of the book on Amazon, or the Kindle or Nook versions on www.amazon.com or www.bn.com, respectively. From our book jacket: Emma Jones, a 20-something IT consultant, is working on an outsourcing project at Tahiti Tacos, a restaurant chain offering Polynexican cuisine: refried poi, anyone? Emma despises her boss Padmanabh, a brilliant but arrogant partner in GD Consulting. When Emma discovers His-Royal-Padness’s body (verdict: death by cricket bat), she becomes a suspect.With her overprotective family and her best friend Stacey providing endless support and advice, Emma stumbles her way through an investigation of Padmanabh’s murder, bolstered by fusion food feeding frenzies, endless cups of frou-frou coffee and serious surfing sessions. While Stacey knows a PI who owes her a favor, landlady Magda urges Emma to tart up her underwear drawer before the next cute cop with a search warrant arrives. Emma’s mother offers to fix her up with a PhD student at Berkeley and showers her with self-defense gizmos while her old lover Keoni beckons from Hawai’i. And everyone, even Shaun the barista, knows a good lawyer. Book 2, Denial of Service, is coming out this summer. * Given the rate of change in technology, today’s “thou shalts” are easily next year’s “buggy whip guidance.”

    Read the article

  • Why allow concatenation of string literals?

    - by Caspin
    I recently got bit by a subtle bug. char ** int2str = { "zero", // 0 "one", // 1 "two" // 2 "three",// 3 nullptr }; assert( values[1] == "one"_s ); // passes assert( values[2] == "two"_s ); // fails If you have godlike code review powers you'll notice I forgot the , after "two". After the considerable effort to find that bug I've got to ask why would anyone ever want this behavior? I can see how this might be useful for macro magic, but then why is this a "feature" in a modern language like python? Have you ever used string literal concatenation in production code?

    Read the article

  • Can I get the "value" of an arbitrary statement in JavaScript (like eval does, but without eval)

    - by tlrobinson
    In JavaScript is there a way to get the "value" of a statement in the same way that function() { return eval("if (true) { 1 }"); } returns "1"; function() { return if (true) { 1 } } and all similar permutations I've tried are not valid syntax. Is eval just blessed with special powers to determine the "last" value of a statement in an expression? Use case is a REPL that evaluates arbitrary expressions and returns the result. eval works, but I want to wrap it in function.

    Read the article

  • Decoding bitmaps in Android with the right size

    - by hgpc
    I decode bitmaps from the SD card using BitmapFactory.decodeFile. Sometimes the bitmaps are bigger than what the application needs or that the heap allows, so I use BitmapFactory.Options.inSampleSize to request a subsampled (smaller) bitmap. The problem is that the platform does not enforce the exact value of inSampleSize, and I sometimes end up with a bitmap either too small, or still too big for the available memory. From http://developer.android.com/reference/android/graphics/BitmapFactory.Options.html#inSampleSize: Note: the decoder will try to fulfill this request, but the resulting bitmap may have different dimensions that precisely what has been requested. Also, powers of 2 are often faster/easier for the decoder to honor. How should I decode bitmaps from the SD card to get a bitmap of the exact size I need while consuming as little memory as possible to decode it?

    Read the article

  • Problem with numbers

    - by StolePopov
    I am given a number N, and i must add some numbers from the array V so that they wil be equal. V is consisting of numbers that are all powers of 3: N = 17 S = 0 V = 1 3 9 27 81 .. I should add numbers from V to N and S in order to make them equal. The solution to the example above is : 17 + 1 + 9 = 27, 27, 1 and 9 are taken from V, a number from V can be taken only once, and when taken it's removed from V. I tried sorting V and then adding the biggest numbers from V to S until S has reached N, but it fails on some tests when it's like: N = 7 S = 0 V = 1 3 9 27 So the solution will be: 7 + 3 = 9 + 1 In examples like this i need to add numbers both to N and S, and also select them so they become equal. Any idea of solving this ? Thanks.

    Read the article

  • Reinforcement learning with neural networks

    - by Betamoo
    I am working on a project with RL & NN I need to determine the action vector structure which will be fed to a neural network.. I have 3 different actions (A & B & Nothing) each with different powers (e.g A100 A50 B100 B50) I wonder what is the best way to feed these actions to a NN in order to yield best results? 1- feed A/B to input 1, while action power 100/50/Nothing to input 2 2- feed A100/A50/Nothing to input 1, while B100/B50/Nothing to input 2 3- feed A100/A50 to input 1, while B100/B50 to input 2, while Nothing flag to input 3 4- Also to feed 100 & 50 or normalize them to 2 & 1 ? I need reasons why to choose one method Any suggestions are recommended Thanks

    Read the article

  • How to solve rake tasks deprecation on the rails plugin?

    - by Dida
    Because of the concept introduced in here, Rails::Plugin is nothing more than a Rails::Engine, but since it's loaded too late in the boot process, it does not have the same configuration powers as a bare Rails::Engine. Opposite to Rails::Railtie and Rails::Engine, you are not supposed to inherit from Rails::Plugin. Rails::Plugin is automatically configured to be an engine by simply placing inside vendor/plugins. Since this is done automatically, you actually cannot declare a Rails::Engine inside your Plugin, otherwise it would cause the same files to be loaded twice. This means that if you want to ship an Engine as gem it cannot be used as plugin and vice-versa. Besides this conceptual difference, the only difference between Rails::Engine and Rails::Plugin is that plugins automatically load the file "init.rb" at the plugin root during the boot process. rake tasks in the rails plugins are deprecated and it is advised to use lib/tasks instead. How to solve this? Can I just simply move the plugin's tasks to the lib/tasks?

    Read the article

  • Decoding subsampled bitmaps in Android

    - by hgpc
    I decode bitmaps from the SD card using BitmapFactory.decodeFile. Sometimes the bitmaps are bigger than what the application needs or that the heap allows, so I use BitmapFactory.Options.inSampleSize to request a subsampled (smaller) bitmap. The problem is that the platform does not enforce the exact value of inSampleSize, and I sometimes end up with a bitmap either too small, or still too big for the available memory. From http://developer.android.com/reference/android/graphics/BitmapFactory.Options.html#inSampleSize: Note: the decoder will try to fulfill this request, but the resulting bitmap may have different dimensions that precisely what has been requested. Also, powers of 2 are often faster/easier for the decoder to honor. How should I decode bitmaps from the SD card to get a bitmap of the exact size I need while consuming as little memory as possible to decode it?

    Read the article

  • Inaccurate Logarithm in Python

    - by Avihu Turzion
    I work daily with Python 2.4 at my company. I used the versatile logarithm function 'log' from the standard math library, and when I entered log(2**31, 2) it returned 31.000000000000004, which struck me as a bit odd. I did the same thing with other powers of 2, and it worked perfectly. I ran 'log10(2**31) / log10(2)' and I got a round 31.0 I tried running the same original function in Python 3.0.1, assuming that it was fixed in a more advanced version. Why does this happen? Is it possible that there are some inaccuracies in mathematical functions in Python?

    Read the article

  • UI not redrawing after display powered off on Win 7

    - by oltman
    Some portions of my application's interface are not getting refreshed after Windows 7 powers down the display. More specifically, I'm swapping out images, User Controls, and a button's content while the display is powered off and after it has been restarted, and this isn't being reflected in the UI until I minimize and restore the window or move it to one of the screen's edges. I've tried calling the Window's InvalidateVisual() method when the app was in a state where it needed to redraw, and that didn't solve the problem. I have only been able to reproduce this issue on Windows 7. Any ideas?

    Read the article

  • Ruby Thread with "watchdog"

    - by Sergio Campamá
    I'm implementing a ruby server for handling sockets being created from GPRS modules. The thing is that when the module powers down, there's no indication that the socket closed. I'm doing threads to handle multiple sockets with the same server. What I'm asking is this: Is there a way to use a timer inside a thread, reset it after every socket input, and that if it hits the timeout, closes the thread? Where can I find more information about this? EDIT: Code example that doesn't detect the socket closing require 'socket' server = TCPServer.open(41000) loop do Thread.start(server.accept) do |client| puts "Client connected" begin loop do line = client.readline open('log.txt', 'a') { |f| f.puts line.strip } end rescue puts "Client disconnected" end end end

    Read the article

  • Where I can find an engine like OFPS Open Feedback Publishing

    - by microspino
    I'd like to write a little book on personal topics together with two friends of mine, remotely located. Do you know of any FOSS content publishing system like the one from O'Reilly (OPFS)? I saw the one that powers the django book but It seems that the code It's not released yet. I accept any kind of backend technology for this project. I'd like to: edit the book on the web and let my friend do the same after authentication. anyone of us could comment other's entries.

    Read the article

  • Is ORM (Linq, Hibernate...) really that useful?

    - by Peter
    I have been playing with some LINQ ORM (LINQ directly to SQL) and I have to admit I like its expressive powers . For small utility-like apps, It also works quite fast: dropping a SQL server on some surface and you're set to linq away. For larger apps however, the DAL never was that big of an issue to me to setup, nor maintain, and more often than not, once it was set, all the programming was not happening there anyway... My, honest - I am an ORM newbie - question : what is the big advantage of ORM over writing a decent DAL by hand? (seems like a double, couldn't find it though) UPDATE : OK its a double :-) I found it myself eventually : ORM vs Handcoded Data Access Layer

    Read the article

  • Costs and Scope in developing a typical iphone application

    - by ali
    Iam new to iphone development and have been tasked to development a fairly simple iphone application. It would basically show listings of information eg accommodations, restaurants...around 8-9 different types. Drilling on one would show the details of it. These are dynamically sourced from a db (through an xml feed) that powers an existing website. Also users should have ability to save favourites and also an interactive google map showing locations of these places. Just would like to know how long would such an iphone application take to develop and what would it costs. As iam new to iphone dev, i do not know how big the scope is, any complications to anticipate, scope creep issues, and how much to charge. Want to give a reasonable estimate so that i dont overcharge.

    Read the article

  • Search Result displaying-like google php

    - by Ramesh
    i have an paragraph and user will search inside that and if the search term has 3 matches inside but all are in 3 different places ex World War II, or the Second World War[1] (often abbreviated WWII or WW2), was a global military conflict lasting from 1939 to 1945 which involved most of the world's nations, including all of the great powers, organised into two opposing military alliances: the Allies and the Axis. It was the most widespread war in history, with more than 100 million military personnel mobilised. In a state of "total war," the major participants placed their entire economic, industrial, and scientific capabilities at the service of the war effort, erasing the distinction between civilian and military resources. Marked by significant action against civilians, including the Holocaust and the only use of nuclear weapons in warfare, it was the deadliest conflict in human history,[2] with over seventy million casualties. i have to search "war" so that it should display like World War II, or the Second World War[1].....In a state of "totalwar,".... some thing like this ///

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18  | Next Page >