Search Results

Search found 11985 results on 480 pages for 'legal issues'.

Page 13/480 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • apt-get install fails due to dependency issues but apt-get -f install won't fix it

    - by user71941
    I've just installed Ubuntu 12.04 and was about to manually install Rawstudio with the packages from SourceForge repo, but I've been stuck with dependency issues and I am short on apt command lines to sort this out. Here's the report I'v got : installArchives() failed: dpkg: dependency problems prevent configuration of libgphoto2-2: libgphoto2-2 depends on libjpeg62; however: Package libjpeg62 is not installed. libgphoto2-l10n (2.4.13-1ubuntu1) breaks libgphoto2-2 (<= 2.4.10.1-4) and is installed. Version of libgphoto2-2 to be configured is 2.4.10.1-0ubuntu3~maverick. dpkg: error processing libgphoto2-2 (--configure): dependency problems - leaving unconfigured No apport report written because MaxReports is reached already dpkg: dependency problems prevent configuration of libgphoto2-2-dev: libgphoto2-2-dev depends on libgphoto2-2 (= 2.4.10.1-0ubuntu3~maverick); however: Package libgphoto2-2 is not configured yet. dpkg: error processing libgphoto2-2-dev (--configure): dependency problems - leaving unconfigured No apport report written because MaxReports is reached already Errors were encountered while processing: libgphoto2-2 libgphoto2-2-dev Error in function: SystemError: E:Sub-process /usr/bin/dpkg returned an error code (1) dpkg: dependency problems prevent configuration of libgphoto2-2: libgphoto2-2 depends on libjpeg62; however: Package libjpeg62 is not installed. libgphoto2-l10n (2.4.13-1ubuntu1) breaks libgphoto2-2 (<= 2.4.10.1-4) and is installed. Version of libgphoto2-2 to be configured is 2.4.10.1-0ubuntu3~maverick. dpkg: error processing libgphoto2-2 (--configure): dependency problems - leaving unconfigured dpkg: dependency problems prevent configuration of libgphoto2-2-dev: libgphoto2-2-dev depends on libgphoto2-2 (= 2.4.10.1-0ubuntu3~maverick); however: Package libgphoto2-2 is not configured yet. dpkg: error processing libgphoto2-2-dev (--configure): dependency problems - leaving unconfigured I've tried "apt-get -f install" but without success. What is the mahick command line that will unblock the situation ? Thanks Seb

    Read the article

  • Queued Loadtest to remove Concurrency issues using Shared Data Service in OpenScript

    - by stefan.thieme(at)oracle.com
    Queued Processing to remove Concurrency issues in Loadtest ScriptsSome scripts act on information returned by the server, e.g. act on first item in the returned list of pending tasks/actions. This may lead to concurrency issues if the virtual users simulated in a load test scenario are not synchronized in some way.As the load test cases should be carried out in a comparable and straight forward manner simply cancel a transaction in case a collision occurs is clearly not an option. In case you increase the number of virtual users this approach would lead to a high number of requests for the early steps in your transaction (e.g. login, retrieve list of action points, assign an action point to the virtual user) but later steps would be rarely visited successfully or at all, depending on the application logic.A way to tackle this problem is to enqueue the virtual users in a Shared Data Service queue. Only the first virtual user in this queue will be allowed to carry out the critical steps (retrieve list of action points, assign an action point to the virtual user) in your transaction at any one time.Once a virtual user has passed the critical path it will dequeue himself from the head of the queue and continue with his actions. This does theoretically allow virtual users to run in parallel all steps of the transaction which are not part of the critical path.In practice it has been seen this is rarely the case, though it does not allow adding more than N users to perform a transaction without causing delays due to virtual users waiting in the queue. N being the time of the total transaction divided by the sum of the time of all critical steps in this transaction.While this problem can be circumvented by allowing multiple queues to act on individual segments of the list of actions, e.g. per country filter, ends with 0..9 filter, etc.This would require additional handling of these additional queues of slots for the virtual users at the head of the queue in order to maintain the mutually exclusive access to the first element in the list returned by the server at any one time of the load test. Such an improved handling of multiple queues and/or multiple slots is above the subject of this paper.Shared Data Services Pre-RequisitesStart WebLogic Server to host Shared Data ServicesYou will have to make sure that your WebLogic server is installed and started. Shared Data Services may not work if you installed only the minimal installation package for OpenScript. If however you installed the default package including OLT and OTM, you may follow the instructions below to start and verify WebLogic installation.To start the WebLogic Server deployed underneath of Oracle Load Testing and/or Oracle Test Manager you can go to your Start menu, Oracle Application Testing Suite and select the Restart Oracle Application Testing Suite Application Service entry from the Tools submenu.To verify the service has been started you can run the Microsoft Management Console for Services by Selecting Run from the Start Menu and entering services.msc. Look for the entry that reads Oracle Application Testing Suite Application Service, once it has changed it status from Starting to Started you can proceed to verify the login. Please note that this may take several minutes, I would say up to 10 minutes depending on the strength of your CPU horse-power.Verify WebLogic Server user credentialsYou will have to make sure that your WebLogic Server is installed and started. Next open the Oracle WebLogic Server Adminstration Console on http://localhost:8088/console.It may take a while until the application is deployed and started. It may display the following until the Administration Console has been deployed on the fly.Afterwards you can login using the username oats and the password that you selected during install time for your Application Testing Suite administrative purposes.This will bring up the Home page of you WebLogic Server. You have actually verified that you are able to login with these credentials already. However if you want to check the details, navigate to Security Realms, myrealm, Users and Groups tab.Here you could add users to your WebLogic Server which could be used in the later steps. Details on the Groups required for such a custom user to work are exceeding this quick overview and have to be selected with the WebLogic Server Adminstration Guide in mind.Shared Data Services pre-requisites for Load testingOpenScript Preferences have to be set to enable Encryption and provide a default Shared Data Service Connection for Playback.These are pre-requisites you want to use for load testing with Shared Data Services.Please note that the usage of the Connection Parameters (individual directive in the script) for Shared Data Services did not playback reliably in the current version 9.20.0370 of Oracle Load Testing (OLT) and encryption of credentials still seemed to be mandatory as well.General Encryption settingsSelect OpenScript Preferences from the View menu and navigate to the General, Encryption entry in the tree on the left. Select the Encrypt script data option from the list and enter the same password that you used for securing your WebLogic Server Administration Console.Enable global shared data access credentialsSelect OpenScript Preferences from the View menu and navigate to the Playback, Shared Data entry in the tree on the left. Enable the global shared data access credentials and enter the Address, User name and Password determined for your WebLogic Server to host Shared Data Services.Please note, that you may want to replace the localhost in Address with the hosts realname in case you plan to run load tests with Loadtest Agents running on remote systems.Queued Processing of TransactionsEnable Shared Data Services Module in Script PropertiesThe Shared Data Services Module has to be enabled for each Script that wants to employ the Shared Data Service Queue functionality in OpenScript. It can be enabled under the Script menu selecting Script Properties. On the Script Properties Dialog select the Modules section and check Shared Data to enable Shared Data Service Module for your script. Checking the Shared Data Services option will effectively add a line to your script code that adds the sharedData ScriptService to your script class of IteratingVUserScript.@ScriptService oracle.oats.scripting.modules.sharedData.api.SharedDataService sharedData;Record your scriptRecord your script as usual and then add the following things for Queue handling in the Initialize code block, before the first step and after the last step of your critical path and in the Finalize code block.The java code to be added at individual locations is explained in the following sections in full detail.Create a Shared Data Queue in InitializeTo create a Shared Data Queue go to the Java view of your script and enter the following statements to the initialize() code block.info("Create queueA with life time of 120 minutes");sharedData.createQueue("queueA", 120);This will create an instantiation of the Shared Data Queue object named queueA which is maintained for upto 120 minutes.If you want to use the code for multiple scripts, make sure to use a different queue name for each one here and in the subsequent steps. You may even consider to use a dynamic queueName based on filters of your result list being concurrently accessed.Prepare a unique id for each IterationIn order to keep track of individual virtual users in our queue we need to create a unique identifier from the virtual user id and the used username right after retrieving the next record from our databank file.getDatabank("Usernames").getNextDatabankRecord();getVariables().set("usernameValue1","VU_{{@vuid}}_{{@iterationnum}}_{{db.Usernames.Username}}_{{@timestamp}}_{{@random(10000)}}");String usernameValue = getVariables().get("usernameValue1");info("Now running virtual user " + usernameValue);As you can see from the above code block, we have set the OpenScript variable usernameValue1 to VU_{{@vuid}}_{{@iterationnum}}_{{db.Usernames.Username}}_{{@timestamp}}_{{@random(10000)}} which is a concatenation of the virtual user id and the iterationnumber for general uniqueness; as well as the username from our databank, the timestamp and a random number for making it further unique and ease spotting of errors.Not all of these fields are actually required to make it really unique, but adding the queue name may also be considered to help troubleshoot multiple queues.The value is then retrieved with the getVariables.get() method call and assigned to the usernameValue String used throughout the script.Please note that moving the getDatabank("Usernames").getNextDatabankRecord(); call to the initialize block was later considered to remove concurrency of multiple virtual users running with the same userid and therefor accessing the same "My Inbox" in step 6. This will effectively give each virtual user a userid from the databank file. Make sure you have enough userids to remove this second hurdle.Enqueue and attend Queue before Critical PathTo maintain the right order of virtual users being allowed into the critical path of the transaction the following pseudo step has to be added in front of the first critical step. In the case of this example this is right in front of the step where we retrieve the list of actions from which we select the first to be assigned to us.beginStep("[0] Waiting in the Queue", 0);{info("Enqueued virtual user " + usernameValue + " at the end of queueA");sharedData.offerLast("queueA", usernameValue);info("Wait until the user is the first in queueA");String queueValue1 = null;do {// we wait for at least 0.7 seconds before we check the head of the// queue. This is the time it takes one user to move through the// critical path, i.e. pass steps [5] Enter country and [6] Assign// to meThread.sleep(700);queueValue1 = (String) sharedData.peekFirst("queueA");info("The first user in queueA is currently: '" + queueValue1 + "' " + queueValue1.getClass() + " length " + queueValue1.length() );info("The current user is '"+ usernameValue + "' " + usernameValue.getClass() + " length " + usernameValue.length() + ": indexOf " + usernameValue.indexOf(queueValue1) + " equals " + usernameValue.equals(queueValue1) );} while ( queueValue1.indexOf(usernameValue) < 0 );info("Now the user is the first in queueA");}endStep();This will enqueue the username to the tail of our Queue. It will will wait for at least 700 milliseconds, the time it takes for one user to exit the critical path and then compare the head of our queue with it's username. This last step will be repeated while the two are not equal (indexOf less than zero). If they are equal the indexOf will yield a value of zero or larger and we will perform the critical steps.Dequeue after Critical PathAfter the virtual user has left the critical path and complete its last step the following code block needs to dequeue the virtual user. In the case of our example this is right after the action has been actually assigned to the virtual user. This will allow the next virtual user to retrieve the list of actions still available and in turn let him make his selection/assignment.info("Get and remove the current user from the head of queueA");String pollValue1 = (String) sharedData.pollFirst("queueA");The current user is removed from the head of the queue. The next one will now be able to match his username against the head of the queue.Clear and Destroy Queue for FinishWhen the script has completed, it should clear and destroy the queue. This code block can be put in the finish block of your script and/or in a separate script in order to clear and remove the queue in case you have spotted an error or want to reset the queue for some reason.info("Clear queueA");sharedData.clearQueue("queueA");info("Destroy queueA");sharedData.destroyQueue("queueA");The users waiting in queueA are cleared and the queue is destroyed. If you have scripts still executing they will be caught in a loop.I found it better to maintain a separate Reset Queue script which contained only the following code in the initialize() block. I use to call this script to make sure the queue is cleared in between multiple Loadtest runs. This script could also even be added as the first in a larger scenario, which would execute it only once at very start of the Loadtest and make sure the queues do not contain any stale entries.info("Create queueA with life time of 120 minutes");sharedData.createQueue("queueA", 120);info("Clear queueA");sharedData.clearQueue("queueA");This will create a Shared Data Queue instance of queueA and clear all entries from this queue.Monitoring QueueWhile creating the scripts it was useful to monitor the contents, i.e. the current first user in the Queue. The following code block will make sure the Shared Data Queue is accessible in the initialize() block.info("Create queueA with life time of 120 minutes");sharedData.createQueue("queueA", 120);In the run() block the following code will continuously monitor the first element of the Queue and write an informational message with the current username Value to the Result window.info("Monitor the first users in queueA");String queueValue1 = null;do {queueValue1 = (String) sharedData.peekFirst("queueA");if (queueValue1 != null)info("The first user in queueA is currently: '" + queueValue1 + "' " + queueValue1.getClass() + " length " + queueValue1.length() );} while ( true );This script can be run from OpenScript parallel to a loadtest performed by the Oracle Load Test.However it is not recommend to run this in a production loadtest as the performance impact is unknown. Accessing the Queue's head with the peekFirst() method has been reported with about 2 seconds response time by both OpenScript and OTL. It is advised to log a Service Request to see if this could be lowered in future releases of Application Testing Suite, as the pollFirst() and even offerLast() writing to the tail of the Queue usually returned after an average 0.1 seconds.Debugging QueueWhile debugging the scripts the following was useful to remove single entries from its head, i.e. the current first user in the Queue. The following code block will make sure the Shared Data Queue is accessible in the initialize() block.info("Create queueA with life time of 120 minutes");sharedData.createQueue("queueA", 120);In the run() block the following code will remove the first element of the Queue and write an informational message with the current username Value to the Result window.info("Get and remove the current user from the head of queueA");String pollValue1 = (String) sharedData.pollFirst("queueA");info("The first user in queueA was currently: '" + pollValue1 + "' " + pollValue1.getClass() + " length " + pollValue1.length() );ReferencesOracle Functional Testing OpenScript User's Guide Version 9.20 [E15488-05]Chapter 17 Using the Shared Data Modulehttp://download.oracle.com/otn/nt/apptesting/oats-docs-9.21.0030.zipOracle Fusion Middleware Oracle WebLogic Server Administration Console Online Help 11g Release 1 (10.3.4) [E13952-04]Administration Console Online Help - Manage users and groupshttp://download.oracle.com/docs/cd/E17904_01/apirefs.1111/e13952/taskhelp/security/ManageUsersAndGroups.htm

    Read the article

  • Permission issues causes Unity Segmentation fault

    - by Dj Gilcrease
    I upgraded from 13.04 to 13.10 and I can boot to the unity-greeter and login just fine, but after login I just get a black screen with a cursor. I have tried following http://help.ubuntu.com/community/BinaryDriverHowto/ATI http://help.ubuntu.com/community/RadeonDriver and the manual install of the downloaded AMD drivers. All have the same affect. Also I have read Black screen after login with cursor I get a black screen after logging in ubuntu 13.04 black screen after login Ubuntu 13.10 - Black screen after login session Ubuntu 13.04 - Black screen with unresponsive cursor Upgrade to Ubuntu 13.04 Problem - Boots into Blank Black Screen All of which were no further help then the two support articles about ATI drivers So I switched back to the default drivers and went a little further into debugging, when I do ctrl+alt+F1 and login and try unity --debug > unity_start.log then ctrl+alt+F8 the screen stays black with a cursor and when I switch back ctrl+alt+F1 the contents of the log output are http://pastebin.com/rdQG4Hb0 However when I try sudo unity --debug > unity_start_root.log then ctrl+alt+F8, unity starts and the output of the log is http://pastebin.com/Yv4RD2j7 The fact that it starts as root tells be it is either a permissions issue of some required file or there is some setting that is specific to my user that is causing the SIGSEGV. So to narrow this down I activated the guest account and tried to login and got the same black screens with only a mouse cursor, so this tells me that it is not a configuration issue, but a permissions issue, so how do I narrow down which file has the wrong permissions? Also is there anything further that may help debug this issue? Ok after a few more hours of googling I found that if I add myself to the video group I can login and see the desktop, but there are lots of other permission related issues, so I am thinking something went wonky with PolicyKit during the upgrade, is there a way to reset PolicyKit settings for a user?

    Read the article

  • Demantra Post Production Support Common Issues, Troubleshooting Tips, and Maintaining Your Instance

    - by Annemarie Provisero
    ADVISOR WEBCAST: Demantra Post Production Support Common Issues, Troubleshooting Tips, and Maintaining Your Instance PRODUCT FAMILY: Manufacturing - Demantra Solutions   March 2, 2011 at 8 am PT, 9 am MT, 11 am ET You have now gone live, or are preparing to go live, on Demantra. What you need to keep the application running smoothly? This one-hour session is recommended for functional users who give direction to the Demantra application and the technical users who support the application. TOPICS WILL INCLUDE: Key troubleshooting logs Keeping the database well maintained both in backup and performance When data should be removed and/or archived out of the Demantra application A short, live demonstration (only if applicable) and question and answer period will be included. Oracle Advisor Webcasts are dedicated to building your awareness around our products and services. This session does not replace offerings from Oracle Global Support Services. Click here to register for this session ------------------------------------------------------------------------------------------------------------- The above webcast is a service of the E-Business Suite Communities in My Oracle Support. For more information on other webcasts, please reference the Oracle Advisor Webcast Schedule.Click here to visit the E-Business Communities in My Oracle Support Note that all links require access to My Oracle Support.

    Read the article

  • Troubleshooting EBS Discovery Issues - Part 2

    - by Kenneth E.
    Part 1 of “Troubleshooting EBS Discovery Issues”, which was posted on May 17th, focused on the diagnostics associated with the initial discovery of an EBS instances (e.g., Forms servers, APPL_TOPs, databases, etc.).Part 2 focuses on verifying parameters of the Change Management features, also called "Pack Diagnostics, specifically for Customization Manager, Patch Manager, Setup Manager, Automated Cloning, and User Monitoring.  As stated in the first post, there can be numerous reasons that Discovery fails - credentials, file-level permissions, patch levels - just to name a few.The Discovery Wizard can be accessed from the EBS homepage.  From the home page, click "Pack Diagnostics"Click "Create" to define the diagnostic processProvide the required inputs; Name, Module (i.e., Customization Manager, Patch Manager, Setup Manager, Automated Cloning, and User Monitoring), Show Details (typically "All"), and Category (typically check both Generic and User Specific).  Add the appropriate targets.Once the diagnostic process has completed, view the results.  Click on "Succeeded" or "Failed" in the Status column.Expand the entire tree and click on each "Succeeded/Failed" status to see the results of each test within that task.Sample output verifying o/s user name and required patches Additional sample output showing a failed testComplete descriptions of, as well as recommended corrective actions for, all of the diagnostic tests that are run in EM 12c is found in this spreadsheet.  Additional information can be found in the Application Management Pack User Guide.

    Read the article

  • Do or can robots cause considerable performance issues?

    - by Anicho
    So the question in the title is exactly what I am trying to find out. My case is: At work we are in a discussion with team members who seem to think bots will cause us problems relating to performance when running on our services website. Out setup: Lets say I have site www.mysite.co.uk this is a shop window to our online services which sit on www.mysiteonline.co.uk. When people search in google for mysite they see mysiteonline.co.uk as well as mysite.co.uk. Cases against stopping bots crawling: We don't store gb's of data publicly available on the web Most friendly bots, if they were to cause issues would have done so already In our instance the bots can't crawl the site because it requires username & password Stopping bots with robot .txt causes an issue with seo (ref.1) If it was a malicious bot, it would ignore robot.txt or meta tags anyway Ref 1. If we were to block mysiteonline.co.uk from having robots crawl this will affect seo rankings and make it inconvenient for users who actively search for mysite to find mysiteonline. Which we can prove is the case for a good portion of our users.

    Read the article

  • DNS and VPN issues

    - by Lewis
    I recently purchased a year contract for a KVM 512MB VPS running Ubuntu 11.04. I'm having some issues setting up some things on it though - two in particular that I just can't for the life of me figure out. Okay, so I'm trying to setup pptpd as my VPN for my iPhone and my Mac when I'm out on wireless networks. I'm able to login and the chap authenticates but that's as far as I get, no domains will resolve and end up loading forever, I uncommented ms-dns lines as someone had recommended to me and changed the DNS servers to Googles public ones with no luck, is there something I'm missing? (It's probably staring me in the face.) My second issue is that I have managed to setup LAMP but am having a problem with my domain, I have pointed the DNS at 123-reg to my VPS's IP and the 'www .' resolves properly, but when I try to go to the domain without the 'www .' I get the apache landing page ("The web server software is running but no content has been added, yet.") I'm pretty sure there's something I've gotta configure in Apache for the virtual host but I'm missing it. Apart from these minor set-backs I'm enjoying the low-level configuration options of having a VPS and love managing my own server. Thanks!

    Read the article

  • Issues with forwarding Iptables

    - by Ricardo Rios
    I have some issues with my redirectioning lines on iptables, it seems it does not work, any help will be appreciated iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -o eth0 -j SNAT --to 10.10.10.1 iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 10.10.10.1:8080 iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 8081 -j DNAT --to 192.168.2.51:8081 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 34551 -j DNAT --to 192.168.2.51:8081 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 8082 -j DNAT --to 192.168.2.52:8082 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 34552 -j DNAT --to 192.168.2.52:8082 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 8083 -j DNAT --to 192.168.2.53:8083 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 34553 -j DNAT --to 192.168.2.53:8083 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 8084 -j DNAT --to 192.168.2.54:8084 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 34554 -j DNAT --to 192.168.2.54:8084 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 8085 -j DNAT --to 192.168.2.55:8085 iptables -t nat -A PREROUTING -d 200.59.189.125 -p tcp --dport 34555 -j DNAT --to 192.168.2.55:80 echo Ejecutadas Reglas del Firewall

    Read the article

  • Version control for game development - issues and solutions?

    - by Cyclops
    There are a lot of Version Control systems available, including open-source ones such as Subversion, Git, and Mercurial, plus commercial ones such as Perforce. How well do they support the process of game-development? What are the issues using VCS, with regard to non-text files (binary files), large projects, etc? What are solutions to these problems, if any? For organization of Answers, let's try on a per-package basis. Update each package/Answer with your results. Also, please list some brief details in your answer, about whether your VCS is free or commercial, distributed versus centralized, etc. Update: Found a nice article comparing two of the VCS below - apparently, Git is MacGyver and Mercurial is Bond. Well, I'm glad that's settled... And the author has a nice quote at the end: It’s OK to proselytize to those who have not switched to a distributed VCS yet, but trying to convert a Git user to Mercurial (or vice-versa) is a waste of everyone’s time and energy. Especially since Git and Mercurial's real enemy is Subversion. Dang, it's a code-eat-code world out there in FOSS-land...

    Read the article

  • Kubuntu 12.04 - DNS Issues

    - by AndrewJesaitis
    Starting yesterday (6/11/12), I've been having many network problems. When requesting a page in chrome, the page hangs on "Sending request" and then will eventually timeout. I'm within a VPN that has it's own DNS server. I've tried to manually set my DNS through the Network-Manager applet and by editing /etc/network/interfaces. Having no luck I unlinked the resolv.conf file and dumped the contents of my old resolv.conf into it. Again having no luck, I deactivated the dnsmasq server in /etc/NetworkManager/NetworkManager.conf by commenting out the dns=dnsmasq. $ cat NetworkManager.conf [main] plugins=ifupdown,keyfile #dns=dnsmasq no-auto-default=D0:67:E5:EA:B6:6B, [ifupdown] managed=false $ nm-tool NetworkManager Tool State: connected (global) - Device: eth0 [Wired connection 1] ------------------------------------------- Type: Wired Driver: tg3 State: connected Default: yes HW Address: D0:67:E5:EA:B6:6B Capabilities: Carrier Detect: yes Speed: 1000 Mb/s Wired Properties Carrier: on IPv4 Settings: Address: 192.168.254.122 Prefix: 24 (255.255.255.0) Gateway: 192.168.254.2 DNS: 192.168.254.1 What is strange is that the network will work fine for a few minutes then start to timeout. A few minutes later it will work again. I'm unable to hit internal or external sites when it is timing out. When I $dig local sites, I receive no answer. I do receive an answer from google.com. At this point, I would usually blame the DNS Server, especially since when I change to Google's DNS server things work. But, I need to use our internal DNS to hit our internal sites. Nobody else is having issues and they are all using DHCP. This group includes one user who is using 11.04. At this point, I'm at a loss for what to do, so any help would be appreciated.

    Read the article

  • File permission issues after setting up an amazon ec2 instance

    - by Pardoner
    I've set up an amazon ec2 instance and I'm have some file permission issues. I've created myself a new user and added myself to the following groups: adm:x:4:me,ubuntu www-data:x:33:me,www-data ssh:x:108:me admin:x:111:me ubuntu:x:1000:www-data,me me:x:1001:me but when I cd /var/www I can't do simple commands without doing sudo first. So I chmod -R www-data:www-data /var/www to ensure that I'm in the owning group but I still have to type sudo for everything. If I sudo su www-data it works fine. Since I'm in the www-data group shouldn't I have the same privilages as www-data? One strange thing I'm noticing is that when I ls -l it list the owner but not the group names. Could this possibly be part of the issue? Is is posible for a directory to not be part of a group? drwxr-xr-x 4 www-data 4.0K Oct 24 16:39 . drwxr-xr-x 14 root 4.0K Oct 10 16:58 .. drwxrwxr-x 9 www-data 4.0K Oct 23 04:03 admin.mywebsite.com drwxrwxr-x 2 www-data 4.0K Oct 4 00:29 mywebsite.com drwxrwxr-x 9 www-data 4.0K Oct 23 04:03 staging.mywebsite.com

    Read the article

  • Lexmark E240 printing issues

    - by NoamH
    I have Lexmark E240 laser printer. I have been using it with 12.04 (32bit) for 2 years with no significant issues. Since lexmark does not support this printer on linux, I used alternatives drivers that were suggested by the community, such as HP-lasterjet, E238, generic PS, etc. They all worked fine, more or less. After upgrading to 14.04 (64bit fresh install) I tried to configure the printer as before, but now I have problems. The test page is ok, but when printing, most of the times, the first page in the document will be printed very partially and in 300% zoom. Next page might be ok. If I turn off the printer and back on, the first page might be ok, but in the next print job, it will be broken again. I used all the above printer options. Same results. I did NOT install the lexmark drivers since they are intended for 12.04 and the package manager report that it is in "bad quality" (don't know why). Does anyone has any experience with this printer in 14.04 64bit ?

    Read the article

  • Thinkpad W510 with default graphics drivers shows weird brightness issues

    - by Chantz
    Hey guys, I am currently running 10.10 - 32 bit on a new Thinkpad W510 with nVidia Quadro FX 880M graphics card. I am running with the default graphics drivers that installed with ubuntu install. My problem is that when I am logging in the screen acts normally as far as birghtness is concerned. I can increase/decrease brightness with Fn keys. But few seconds after I log in screen goes pitch dark. Hitting Fn+Home flickers the screen to all the way bright, then all the way dark. This behavior continues until I reach maximum brightness, in which case the screen stays all the way bright, for a few more seconds and then again goes dark if there is no activity & the cycle continues. Have you guys faced any of these issues? If so any pointers on how to resolve it. I am not alone, on ubuntu forum I saw another person having the same issue - link but no solution. Please help! UPDATE I followed the instructions that htorque mentions in his answer and it worked.

    Read the article

  • Non-blocking ORM issues

    - by Nikolay Fominyh
    Once I had question on SO, and found that there are no non-blocking ORMs for my favorite framework. I mean ORM with callback support for asynchronous retrieval. The ORM would be supplied with a callback or some such to "activate" when data has been received. Otherwise ORM needs to be split of in a separate thread to guarantee UI responsiveness. I want to create one, but I have some questions that blocking me from starting development: What issues we can meet when developing ORM? Does word "non-blocking" before word "ORM" will dramatically increase complexity of ORM? Why there are not much non-blocking ORMs around? Update: It looks, that I have to improve my question. We have solutions that already allows us to receive data in non-blocking way. And I believe that not all companies that use such solutions - using raw SQL. We want to create more generic solution, that we can reuse in future projects. What difficulties we can meet?

    Read the article

  • Issues in pulse audio in Ubuntu 11.10

    - by Kamal
    Good Morning All. I am a new ubuntu user. So please forgive me if this question is too basic. I have installed Ubuntu 11.10 in my machine. I have logged in as USER_A. My external audio device is a Headset and I was able to hear the audio properly. I need to join my Ubuntu machine to a window's domain (my office server). I followed the steps explained in http://www.ghacks.net/2010/04/21/join-a-ubuntu-machine-to-a-windows-domain/ and was successful in joining my ubuntu machine to the windows domain. sudo apt-get install likewise-open5 sudo domainjoin-cli join DOMAIN USER_B Now when I logged in as USER_B, there is no audio for this user in the same machine. I crossed check with my User_A account. There is no issues with the sound for User_A. Only for User_B, there is no audio. When I checked the sound settings of User_B, there is no device listed in Hardware, Input and Output. Whereas for User A, my Headset is listed in Input and Output. Can anyone please help me on this. Why there is no sound for User_B? Thank you.

    Read the article

  • issues with ASUS S301L ultrabooks

    - by Wuerze
    I just like to tell you what still is a Problem in Ubuntu 14.04 and should be solved for a nice experience of this distribution. Unfortunately I do not have any hints to tell you, because I am just a user and know not much about programming. Anyway, I hope it helps. 1) Intel open source Graphics issues (proprietary) -when attaching HDMI-cable the screen switches to the external monitor and it's fine, but there is no switching back unless restart with HDMI deattached -black screen appears for like 2 seconds as if I would change screen in the settings; frequency increases with intensity of driver use (i.e. videos or video games) 2) hotkeys (commonly recognised) -there is no possibility to adjust brightness with the hotkeys (Fn+F5 and Fn+F6) 3) touchscreen (commonly recognised) -the touchscreen is behaving like a mouse -configuring gestures for the multi touch screen seems to always end in disabling touch pad gestures 4) panel symbols -battery symbol has got a low accuracy while it determines accurately the energy left; only 5 steps of energy are shown by the symbol Thank you all for participating in the solution of these problems! I will stay tuned and edit this list if something has been solved.

    Read the article

  • Having extreme issues getting Compiz working on Ubuntu 11.10 (32-bit)

    - by Josh Hornell
    I have been working very hard the past few days to try to get Compiz configured and working correctly but I have been running into a lot of issues. I first installed the CompizConfig Settings Manager and tried different features such as the desktop cube and couldn't get any of them to work. Then I read that I may not have the right graphics card drivers installed (Nvidia GT540m). So I went into the Additional Drivers tool and it shows that 'no proprietary drivers are in use on this system', which struck me as a bit odd as when I very first installed Ubuntu it showed that my Nvidia drivers were installed an active until I downloaded and installed the updates to Ubuntu and since then it's shown empty. I then tried to install my graphics card drivers manually via this article How do I install the latest Nvidia drivers via the Additional Drivers tool?. I rebooted and had no issue although I tried to go back into the CompizConfig Settings Manager and couldn't get anything to work as well as my Additional Drivers tool still showed no drivers installed. I feel like I've tried about everything I can think of and any help would be much appreciated!

    Read the article

  • Lots of Internet browsing issues, all browsers

    - by dario_ramos
    Before the upgrade, everything was working fine. Now, however, I can connect to the Internet but a lot of stuff fails, and the weirdest thing is that it happens with Firefox, Chromium and Opera. Some of the things that fail: I can't log in to Stack Overflow, after entering user/pass it loads for a long time on Firefox and throws Error 408 (browser request timed out) on Chromium and Opera I can't log in to Hotmail, similar symptoms I can login to Facebook, but when I try to write a comment, or just post something in my wall, it stays loading for a long time, and then fails The first two issues seem to be related to secure pages, and the second one is another issue altogether, I believe. However, they all happen with all browsers, which is really weird. Talking about weird: I connect using a Huawei SmartAX MT 810 USB modem, which cost me blood and tears to get it working under Ubuntu. I ordered an ethernet modem/router with my ISP, and I'm still waiting, but this issue intrigues me anyway. Has anyone experienced this kind of problems? I Googled around, but couldn't find a similar case.

    Read the article

  • Touchpad issues on HP Pavilion dm4 (can't right click)

    - by Habstinat
    Can anyone help me with my touchpad issues? I have a HP Pavilion dm4 and it has two areas on the bottom of the touchpad to designate right and left clicks. This mostly doesn't work on Ubuntu in the fact that it recognizes any taps on either tap zone as a left click. Instead, I have it set so if I tap anywhere on the pad it makes a left click. There should be, and there are, many ways in the mouse configuration window to simulate a right click using only a touchpad. None of these work. Changing mouse orientation doesn't do anything, "dwell click" also does nothing, and, the oddest part of this problem, whenever I try to turn "Simulated Secondary Click" off (it doesn't work anyways, but just to try to toggle it), the entire theme of my desktop changes to a gray Windows '95ey look. The only way to get rid of this is to close and reopen the mouse preferences window. My computer is fairly new and the Ubuntu installation is less than a day old. I didn't do anything that I think could cause this. The problem is that I can't right click. Help, please?s that I can't right click. Help, please? Afterword: I installed two scripts from http://sansmicrosoft.blogspot.com/2010/10/pavilion-dm4-1160-erratic-touchpad.html . They didn't do anything I couldn't already do, and they did not make it possible for me to right click. :(

    Read the article

  • What would be the fastest way of storing or calculating legal move sets for chess pieces?

    - by ioSamurai
    For example if a move is attempted I could just loop through a list of legal moves and compare the x,y but I have to write logic to calculate those at least every time the piece is moved. Or, I can store in an array [,] and then check if x and y are not 0 then it is a legal move and then I save the data like this [0][1][0][0] etc etc for each row where 1 is a legal move, but I still have to populate it. I wonder what the fastest way to store and read a legal move on a piece object for calculation. I could use matrix math as well I suppose but I don't know. Basically I want to persist the rules for a given piece so I can assign a piece object a little template of all it's possible moves considering it is starting from it's current location, which should be just one table of data. But is it faster to loop or write LINQ queries or store arrays and matrices? public class Move { public int x; public int y; } public class ChessPiece : Move { private List<Move> possibleMoves { get; set; } public bool LegalMove(int x, int y){ foreach(var p in possibleMoves) { if(p.x == x && p.y == y) { return true; } } } } Anyone know?

    Read the article

  • Dell Inspiron7520 and ubntu 12.04 issues

    - by user91358
    I have a DELL Inspiron 7520 in the highest configuration: 3rd Generation Intel® Core™ i7-3612QM processor (6M Cache, up to 3.1 GHz) 15.6" Full High Definition (1080p) LED Display 8GB3 Dual Channel DDR3 SDRAM at 1600MHz 1TB 5400RPM SATA HDD + 32GB mSATA SSD w/Intel Smart Response Blu-ray Disc (BD) Combo (Reads BD and Writes to DVD/CD) AMD Radeon™ HD 7730M 2GB 6.09 lbs and I have installed Ubuntu 12.04 few days ago and I'm facing some issues: 1) sometimes the whole ntb freezes and I have to hold power button for 5 secs to shut it down. I think it is something with VGA and connected external monitor. I have read somewhere that it is already a reported bug, but what I am not sure about that it is doing sporadically. Sometimes it freezes right after I log in, sometime I ran few hours and then it freezes. I am using those proprietary drivers but I wasn't been able to install those with updates. 2) the next issue is the fan is quite noisy even when the ntb is almost Idle. (max 10% CPU usage). Can you recommend me some software which could do this power management to lower the noise? I have tried CPU frequency scaling indicator, but it seems that it has not any effects. 3) and issue no. 3: when I want to log out, restart or shutdown using the menu in upper right corner the upper and left trays disappear, but programs are still running and they won't close to complete log out or shutting down the OS. When I use the CLI command, it works fine. Thanks for any help you can provide.

    Read the article

  • Touchpad issues on HP Pavilion dm4 (can't right click)

    - by Habstinat
    Can anyone help me with my touchpad issues? I have a HP Pavilion dm4 and it has two areas on the bottom of the touchpad to designate right and left clicks. This mostly doesn't work on Ubuntu in the fact that it recognizes any taps on either tap zone as a left click. Instead, I have it set so if I tap anywhere on the pad it makes a left click. There should be, and there are, many ways in the mouse configuration window to simulate a right click using only a touchpad. None of these work. Changing mouse orientation doesn't do anything, "dwell click" also does nothing, and, the oddest part of this problem, whenever I try to turn "Simulated Secondary Click" off (it doesn't work anyways, but just to try to toggle it), the entire theme of my desktop changes to a gray Windows '95ey look. The only way to get rid of this is to close and reopen the mouse preferences window. My computer is fairly new and the Ubuntu installation is less than a day old. I didn't do anything that I think could cause this. The problem is that I can't right click. Help, please?s that I can't right click. Help, please? Afterword: I installed two scripts from http://sansmicrosoft.blogspot.com/2010/10/pavilion-dm4-1160-erratic-touchpad.html . They didn't do anything I couldn't already do, and they did not make it possible for me to right click. :(

    Read the article

  • Pixel Shader Issues :

    - by Morphex
    I have issues with a pixel shader, my issue is mostly that I get nothing draw on the screen. float4x4 MVP; // TODO: add effect parameters here. struct VertexShaderInput { float4 Position : POSITION; float4 normal : NORMAL; float2 TEXCOORD : TEXCOORD; }; struct VertexShaderOutput { float4 Position : POSITION; }; VertexShaderOutput VertexShaderFunction(VertexShaderInput input) { input.Position.w = 0; VertexShaderOutput output; output.Position = mul(input.Position, MVP); // TODO: add your vertex shader code here. return output; } float4 PixelShaderFunction(VertexShaderOutput input) : SV_TARGET { return float4(1, 0, 0, 1); } technique { pass { Profile = 11.0; VertexShader = VertexShaderFunction; PixelShader = PixelShaderFunction; } } My matrix is calculated like this : Matrix MVP = Matrix.Multiply(Matrix.Multiply(Matrix.Identity, Matrix.LookAtLH(new Vector3(-10, 10, -10), new Vector3(0), new Vector3(0, 1, -0))), Camera.Projection); VoxelEffect.Parameters["MVP"].SetValue(MVP); Visual Studio Graphics Debug shows me that my vertex shader is actually working, but not the PixelShader. I striped the Shader to the bare minimums so that I was sure the shader was correct. But why is my screen still black?

    Read the article

  • How to Specify AssemblyKeyFile Attribute in .NET Assembly and Issues

    How to specify strong key file in assembly? Answer: You can specify snk file information using following line [assembly: AssemblyKeyFile(@"c:\Key2.snk")] Where to specify an strong key file (snk file)? Answer: You have two options to specify the AssemblyKeyFile infromation. 1. In class 2. In AssemblyInfo.cs [assembly: AssemblyKeyFile(@"c:\Key2.snk")] 1. In Class you must specify above line before defining namespace of the class and after all the imports or usings Example: See Line 7 in bellow sample class using System;using System.Collections.Generic;using System.Linq;using System.Text;using System.Reflection;[assembly: AssemblyKeyFile(@"c:\Key1.snk")]namespace Csharp3Part1{ class Person { public string GetName() { return "Smith"; } }}2. In AssemblyInfo.cs You can aslo specify assembly information in AssemblyInfo.cs Example: See Line 16 in bellow sample AssemblyInfo.csusing System.Reflection;using System.Runtime.CompilerServices;using System.Runtime.InteropServices;// General Information about an assembly is controlled through the following// set of attributes. Change these attribute values to modify the information// associated with an assembly.[assembly: AssemblyTitle("Csharp3Part1")][assembly: AssemblyDescription("")][assembly: AssemblyConfiguration("")][assembly: AssemblyCompany("Deloitte")][assembly: AssemblyProduct("Csharp3Part1")][assembly: AssemblyCopyright("Copyright © Deloitte 2009")][assembly: AssemblyTrademark("")][assembly: AssemblyCulture("")][assembly: AssemblyKeyFile(@"c:\Key1.snk")]// Setting ComVisible to false makes the types in this assembly not visible// to COM components. If you need to access a type in this assembly from// COM, set the ComVisible attribute to true on that type.[assembly: ComVisible(false)]// The following GUID is for the ID of the typelib if this project is exposed to COM[assembly: Guid("4350396f-1a5c-4598-a79f-2e1f219654f3")]// Version information for an assembly consists of the following four values://// Major Version// Minor Version// Build Number// Revision//// You can specify all the values or you can default the Build and Revision Numbers// by using the '*' as shown below:// [assembly: AssemblyVersion("1.0.*")][assembly: AssemblyVersion("1.0.0.0")][assembly: AssemblyFileVersion("1.0.0.0")]Issues:You should not sepcify this in following ways. 1. In multiple classes. 2. In both class and AssemblyInfo.cs If you did wrong in either one of the above ways, Visual Studio or C#/VB.NET compilers shows following Error Duplicate 'AssemblyKeyFile' attribute and warning Use command line option '/keyfile' or appropriate project settings instead of 'AssemblyKeyFile' To avoid this, Please specity your keyfile information only one time either only in one class or in AssemblyInfo.cs file. It is suggested to specify this at AssemblyInfo.cs file You might also encounter the errors like Error: type or namespace name 'AssemblyKeyFileAttribute' and 'AssemblyKeyFile' could not be found. Solution. Please find herespan.fullpost {display:none;} span.fullpost {display:none;}

    Read the article

  • Security Issues with Single Page Apps

    - by Stephen.Walther
    Last week, I was asked to do a code review of a Single Page App built using the ASP.NET Web API, Durandal, and Knockout (good stuff!). In particular, I was asked to investigate whether there any special security issues associated with building a Single Page App which are not present in the case of a traditional server-side ASP.NET application. In this blog entry, I discuss two areas in which you need to exercise extra caution when building a Single Page App. I discuss how Single Page Apps are extra vulnerable to both Cross-Site Scripting (XSS) attacks and Cross-Site Request Forgery (CSRF) attacks. This goal of this blog post is NOT to persuade you to avoid writing Single Page Apps. I’m a big fan of Single Page Apps. Instead, the goal is to ensure that you are fully aware of some of the security issues related to Single Page Apps and ensure that you know how to guard against them. Cross-Site Scripting (XSS) Attacks According to WhiteHat Security, over 65% of public websites are open to XSS attacks. That’s bad. By taking advantage of XSS holes in a website, a hacker can steal your credit cards, passwords, or bank account information. Any website that redisplays untrusted information is open to XSS attacks. Let me give you a simple example. Imagine that you want to display the name of the current user on a page. To do this, you create the following server-side ASP.NET page located at http://MajorBank.com/SomePage.aspx: <%@Page Language="C#" %> <html> <head> <title>Some Page</title> </head> <body> Welcome <%= Request["username"] %> </body> </html> Nothing fancy here. Notice that the page displays the current username by using Request[“username”]. Using Request[“username”] displays the username regardless of whether the username is present in a cookie, a form field, or a query string variable. Unfortunately, by using Request[“username”] to redisplay untrusted information, you have now opened your website to XSS attacks. Here’s how. Imagine that an evil hacker creates the following link on another website (hackers.com): <a href="/SomePage.aspx?username=<script src=Evil.js></script>">Visit MajorBank</a> Notice that the link includes a query string variable named username and the value of the username variable is an HTML <SCRIPT> tag which points to a JavaScript file named Evil.js. When anyone clicks on the link, the <SCRIPT> tag will be injected into SomePage.aspx and the Evil.js script will be loaded and executed. What can a hacker do in the Evil.js script? Anything the hacker wants. For example, the hacker could display a popup dialog on the MajorBank.com site which asks the user to enter their password. The script could then post the password back to hackers.com and now the evil hacker has your secret password. ASP.NET Web Forms and ASP.NET MVC have two automatic safeguards against this type of attack: Request Validation and Automatic HTML Encoding. Protecting Coming In (Request Validation) In a server-side ASP.NET app, you are protected against the XSS attack described above by a feature named Request Validation. If you attempt to submit “potentially dangerous” content — such as a JavaScript <SCRIPT> tag — in a form field or query string variable then you get an exception. Unfortunately, Request Validation only applies to server-side apps. Request Validation does not help in the case of a Single Page App. In particular, the ASP.NET Web API does not pay attention to Request Validation. You can post any content you want – including <SCRIPT> tags – to an ASP.NET Web API action. For example, the following HTML page contains a form. When you submit the form, the form data is submitted to an ASP.NET Web API controller on the server using an Ajax request: <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title></title> </head> <body> <form data-bind="submit:submit"> <div> <label> User Name: <input data-bind="value:user.userName" /> </label> </div> <div> <label> Email: <input data-bind="value:user.email" /> </label> </div> <div> <input type="submit" value="Submit" /> </div> </form> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { user: { userName: ko.observable(), email: ko.observable() }, submit: function () { $.post("/api/users", ko.toJS(this.user)); } }; ko.applyBindings(viewModel); </script> </body> </html> The form above is using Knockout to bind the form fields to a view model. When you submit the form, the view model is submitted to an ASP.NET Web API action on the server. Here’s the server-side ASP.NET Web API controller and model class: public class UsersController : ApiController { public HttpResponseMessage Post(UserViewModel user) { var userName = user.UserName; return Request.CreateResponse(HttpStatusCode.OK); } } public class UserViewModel { public string UserName { get; set; } public string Email { get; set; } } If you submit the HTML form, you don’t get an error. The “potentially dangerous” content is passed to the server without any exception being thrown. In the screenshot below, you can see that I was able to post a username form field with the value “<script>alert(‘boo’)</script”. So what this means is that you do not get automatic Request Validation in the case of a Single Page App. You need to be extra careful in a Single Page App about ensuring that you do not display untrusted content because you don’t have the Request Validation safety net which you have in a traditional server-side ASP.NET app. Protecting Going Out (Automatic HTML Encoding) Server-side ASP.NET also protects you from XSS attacks when you render content. By default, all content rendered by the razor view engine is HTML encoded. For example, the following razor view displays the text “<b>Hello!</b>” instead of the text “Hello!” in bold: @{ var message = "<b>Hello!</b>"; } @message   If you don’t want to render content as HTML encoded in razor then you need to take the extra step of using the @Html.Raw() helper. In a Web Form page, if you use <%: %> instead of <%= %> then you get automatic HTML Encoding: <%@ Page Language="C#" %> <% var message = "<b>Hello!</b>"; %> <%: message %> This automatic HTML Encoding will prevent many types of XSS attacks. It prevents <script> tags from being rendered and only allows &lt;script&gt; tags to be rendered which are useless for executing JavaScript. (This automatic HTML encoding does not protect you from all forms of XSS attacks. For example, you can assign the value “javascript:alert(‘evil’)” to the Hyperlink control’s NavigateUrl property and execute the JavaScript). The situation with Knockout is more complicated. If you use the Knockout TEXT binding then you get HTML encoded content. On the other hand, if you use the HTML binding then you do not: <!-- This JavaScript DOES NOT execute --> <div data-bind="text:someProp"></div> <!-- This Javacript DOES execute --> <div data-bind="html:someProp"></div> <script src="Scripts/jquery-1.7.1.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { someProp : "<script>alert('Evil!')<" + "/script>" }; ko.applyBindings(viewModel); </script>   So, in the page above, the DIV element which uses the TEXT binding is safe from XSS attacks. According to the Knockout documentation: “Since this binding sets your text value using a text node, it’s safe to set any string value without risking HTML or script injection.” Just like server-side HTML encoding, Knockout does not protect you from all types of XSS attacks. For example, there is nothing in Knockout which prevents you from binding JavaScript to a hyperlink like this: <a data-bind="attr:{href:homePageUrl}">Go</a> <script src="Scripts/jquery-1.7.1.min.js"></script> <script src="Scripts/knockout-2.1.0.js"></script> <script> var viewModel = { homePageUrl: "javascript:alert('evil!')" }; ko.applyBindings(viewModel); </script> In the page above, the value “javascript:alert(‘evil’)” is bound to the HREF attribute using Knockout. When you click the link, the JavaScript executes. Cross-Site Request Forgery (CSRF) Attacks Cross-Site Request Forgery (CSRF) attacks rely on the fact that a session cookie does not expire until you close your browser. In particular, if you visit and login to MajorBank.com and then you navigate to Hackers.com then you will still be authenticated against MajorBank.com even after you navigate to Hackers.com. Because MajorBank.com cannot tell whether a request is coming from MajorBank.com or Hackers.com, Hackers.com can submit requests to MajorBank.com pretending to be you. For example, Hackers.com can post an HTML form from Hackers.com to MajorBank.com and change your email address at MajorBank.com. Hackers.com can post a form to MajorBank.com using your authentication cookie. After your email address has been changed, by using a password reset page at MajorBank.com, a hacker can access your bank account. To prevent CSRF attacks, you need some mechanism for detecting whether a request is coming from a page loaded from your website or whether the request is coming from some other website. The recommended way of preventing Cross-Site Request Forgery attacks is to use the “Synchronizer Token Pattern” as described here: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29_Prevention_Cheat_Sheet When using the Synchronizer Token Pattern, you include a hidden input field which contains a random token whenever you display an HTML form. When the user opens the form, you add a cookie to the user’s browser with the same random token. When the user posts the form, you verify that the hidden form token and the cookie token match. Preventing Cross-Site Request Forgery Attacks with ASP.NET MVC ASP.NET gives you a helper and an action filter which you can use to thwart Cross-Site Request Forgery attacks. For example, the following razor form for creating a product shows how you use the @Html.AntiForgeryToken() helper: @model MvcApplication2.Models.Product <h2>Create Product</h2> @using (Html.BeginForm()) { @Html.AntiForgeryToken(); <div> @Html.LabelFor( p => p.Name, "Product Name:") @Html.TextBoxFor( p => p.Name) </div> <div> @Html.LabelFor( p => p.Price, "Product Price:") @Html.TextBoxFor( p => p.Price) </div> <input type="submit" /> } The @Html.AntiForgeryToken() helper generates a random token and assigns a serialized version of the same random token to both a cookie and a hidden form field. (Actually, if you dive into the source code, the AntiForgeryToken() does something a little more complex because it takes advantage of a user’s identity when generating the token). Here’s what the hidden form field looks like: <input name=”__RequestVerificationToken” type=”hidden” value=”NqqZGAmlDHh6fPTNR_mti3nYGUDgpIkCiJHnEEL59S7FNToyyeSo7v4AfzF2i67Cv0qTB1TgmZcqiVtgdkW2NnXgEcBc-iBts0x6WAIShtM1″ /> And here’s what the cookie looks like using the Google Chrome developer toolbar: You use the [ValidateAntiForgeryToken] action filter on the controller action which is the recipient of the form post to validate that the token in the hidden form field matches the token in the cookie. If the tokens don’t match then validation fails and you can’t post the form: public ActionResult Create() { return View(); } [ValidateAntiForgeryToken] [HttpPost] public ActionResult Create(Product productToCreate) { if (ModelState.IsValid) { // save product to db return RedirectToAction("Index"); } return View(); } How does this all work? Let’s imagine that a hacker has copied the Create Product page from MajorBank.com to Hackers.com – the hacker grabs the HTML source and places it at Hackers.com. Now, imagine that the hacker trick you into submitting the Create Product form from Hackers.com to MajorBank.com. You’ll get the following exception: The Cross-Site Request Forgery attack is blocked because the anti-forgery token included in the Create Product form at Hackers.com won’t match the anti-forgery token stored in the cookie in your browser. The tokens were generated at different times for different users so the attack fails. Preventing Cross-Site Request Forgery Attacks with a Single Page App In a Single Page App, you can’t prevent Cross-Site Request Forgery attacks using the same method as a server-side ASP.NET MVC app. In a Single Page App, HTML forms are not generated on the server. Instead, in a Single Page App, forms are loaded dynamically in the browser. Phil Haack has a blog post on this topic where he discusses passing the anti-forgery token in an Ajax header instead of a hidden form field. He also describes how you can create a custom anti-forgery token attribute to compare the token in the Ajax header and the token in the cookie. See: http://haacked.com/archive/2011/10/10/preventing-csrf-with-ajax.aspx Also, take a look at Johan’s update to Phil Haack’s original post: http://johan.driessen.se/posts/Updated-Anti-XSRF-Validation-for-ASP.NET-MVC-4-RC (Other server frameworks such as Rails and Django do something similar. For example, Rails uses an X-CSRF-Token to prevent CSRF attacks which you generate on the server – see http://excid3.com/blog/rails-tip-2-include-csrf-token-with-every-ajax-request/#.UTFtgDDkvL8 ). For example, if you are creating a Durandal app, then you can use the following razor view for your one and only server-side page: @{ Layout = null; } <!DOCTYPE html> <html> <head> <title>Index</title> </head> <body> @Html.AntiForgeryToken() <div id="applicationHost"> Loading app.... </div> @Scripts.Render("~/scripts/vendor") <script type="text/javascript" src="~/App/durandal/amd/require.js" data-main="/App/main"></script> </body> </html> Notice that this page includes a call to @Html.AntiForgeryToken() to generate the anti-forgery token. Then, whenever you make an Ajax request in the Durandal app, you can retrieve the anti-forgery token from the razor view and pass the token as a header: var csrfToken = $("input[name='__RequestVerificationToken']").val(); $.ajax({ headers: { __RequestVerificationToken: csrfToken }, type: "POST", dataType: "json", contentType: 'application/json; charset=utf-8', url: "/api/products", data: JSON.stringify({ name: "Milk", price: 2.33 }), statusCode: { 200: function () { alert("Success!"); } } }); Use the following code to create an action filter which you can use to match the header and cookie tokens: using System.Linq; using System.Net.Http; using System.Web.Helpers; using System.Web.Http.Controllers; namespace MvcApplication2.Infrastructure { public class ValidateAjaxAntiForgeryToken : System.Web.Http.AuthorizeAttribute { protected override bool IsAuthorized(HttpActionContext actionContext) { var headerToken = actionContext .Request .Headers .GetValues("__RequestVerificationToken") .FirstOrDefault(); ; var cookieToken = actionContext .Request .Headers .GetCookies() .Select(c => c[AntiForgeryConfig.CookieName]) .FirstOrDefault(); // check for missing cookie or header if (cookieToken == null || headerToken == null) { return false; } // ensure that the cookie matches the header try { AntiForgery.Validate(cookieToken.Value, headerToken); } catch { return false; } return base.IsAuthorized(actionContext); } } } Notice that the action filter derives from the base AuthorizeAttribute. The ValidateAjaxAntiForgeryToken only works when the user is authenticated and it will not work for anonymous requests. Add the action filter to your ASP.NET Web API controller actions like this: [ValidateAjaxAntiForgeryToken] public HttpResponseMessage PostProduct(Product productToCreate) { // add product to db return Request.CreateResponse(HttpStatusCode.OK); } After you complete these steps, it won’t be possible for a hacker to pretend to be you at Hackers.com and submit a form to MajorBank.com. The header token used in the Ajax request won’t travel to Hackers.com. This approach works, but I am not entirely happy with it. The one thing that I don’t like about this approach is that it creates a hard dependency on using razor. Your single page in your Single Page App must be generated from a server-side razor view. A better solution would be to generate the anti-forgery token in JavaScript. Unfortunately, until all browsers support a way to generate cryptographically strong random numbers – for example, by supporting the window.crypto.getRandomValues() method — there is no good way to generate anti-forgery tokens in JavaScript. So, at least right now, the best solution for generating the tokens is the server-side solution with the (regrettable) dependency on razor. Conclusion The goal of this blog entry was to explore some ways in which you need to handle security differently in the case of a Single Page App than in the case of a traditional server app. In particular, I focused on how to prevent Cross-Site Scripting and Cross-Site Request Forgery attacks in the case of a Single Page App. I want to emphasize that I am not suggesting that Single Page Apps are inherently less secure than server-side apps. Whatever type of web application you build – regardless of whether it is a Single Page App, an ASP.NET MVC app, an ASP.NET Web Forms app, or a Rails app – you must constantly guard against security vulnerabilities.

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >