Search Results

Search found 4302 results on 173 pages for 'facebook 100000781341887'.

Page 146/173 | < Previous Page | 142 143 144 145 146 147 148 149 150 151 152 153  | Next Page >

  • Running an intern program

    - by dotneteer
    This year I am running an unpaid internship program for high school students. I work for a small company. We have ideas for a few side projects but never have time to do them. So we experiment by making them intern projects. In return, we give these interns guidance to learn, personal attentions, and opportunities with real-world projects. A few years ago, I blogged about the idea of teaching kids to write application with no more than 6 hours of training. This time, I was able to reduce the instruction time to 4 hours and immediately put them into real work projects. When they encounter problems, I combine directions, pointer to various materials on w3school, Udacity, Codecademy and UTube, as well as encouraging them to  search for solutions with search engines. Now entering the third week, I am more than encouraged and feeling accomplished. Our the most senior intern, Christopher Chen, is a recent high school graduate and is heading to UC Berkeley to study computer science after the summer. He previously only had one year of Java experience through the AP computer science course but had no web development experience. Only 12 days into his internship, he has already gain advanced css skills with deeper understanding than more than half of the “senior” developers that I have ever worked with. I put him on a project to migrate an existing website to the Orchard content management system (CMS) with which I am new as well. We were able to teach each other and quickly gain advanced Orchard skills such as creating custom theme and modules. I felt very much a relationship similar to the those between professors and graduate students. On the other hand, I quite expect that I will lose him the next summer to companies like Google, Facebook or Microsoft. As a side note, Christopher and I will do a two part Orchard presentations together at the next SoCal code camp at UC San Diego July 27-28. The first part, “creating an Orchard website on Azure in 60 minutes”, is an introductory lecture and we will discuss how to create a website using Orchard without writing code. The 2nd part, “customizing Orchard websites without limit”, is an advanced lecture and we will discuss custom theme and module development with WebMatrix and Visual Studio.

    Read the article

  • The Business case for Big Data

    - by jasonw
    The Business Case for Big Data Part 1 What's the Big Deal Okay, so a new buzz word is emerging. It's gone beyond just a buzzword now, and I think it is going to change the landscape of retail, financial services, healthcare....everything. Let me spend a moment to talk about what i'm going to talk about. Massive amounts of data are being collected every second, more than ever imaginable, and the size of this data is more than can be practically managed by today’s current strategies and technologies. There is a revolution at hand centering on this groundswell of data and it will change how we execute our businesses through greater efficiencies, new revenue discovery and even enable innovation. It is the revolution of Big Data. This is more than just a new buzzword is being tossed around technology circles.This blog series for Big Data will explain this new wave of technology and provide a roadmap for businesses to take advantage of this growing trend. Cases for Big Data There is a growing list of use cases for big data. We naturally think of Marketing as the low hanging fruit. Many projects look to analyze twitter feeds to find new ways to do marketing. I think of a great example from a TED speech that I recently saw on data visualization from Facebook from my masters studies at University of Virginia. We can see when the most likely time for breaks-ups occurs by looking at status changes and updates on users Walls. This is the intersection of Big Data, Analytics and traditional structured data. Ted Video Marketers can use this to sell more stuff. I really like the following piece on looking at twitter feeds to measure mood. The following company was bought by a hedge fund. They could predict how the S&P was going to do within three days at an 85% accuracy. Link to the article Here we see a convergence of predictive analytics and Big Data. So, we'll look at a lot of these business cases and start talking about what this means for the business. It's more than just finding ways to use Hadoop + NoSql and we'll talk about that too. How do I start in Big Data? That's what is coming next post.

    Read the article

  • HTC to launch Windows 7 phone in India

    - by samsudeen
    It is a good news for the Indian smart phone users as the wait is finally over for Windows 7 mobile.The Taiwanese  mobile giant HTC is all set to release its Windows 7 based Smartphone series in India from January. HTC HD7 & HTC Mozart , the two smart phones running on Windows 7 OS started appearing on the HTC Indian website (HTC India) from last week.Though Flip kart (Indian online e-commerce website)  has started getting pre -orders for HTC HD7 a month ago , the buzz has started from last week after the introduction of “HTC Mozart”. The complete feature comparison between both the smart phones is given below. Feature Comparison HTC Mozart HTC HD 7 Microsoft Windows 7 Microsoft Windows 7 Qualcomm Snapdragon Processor QSD 8250 1 GHz CPU Qualcomm Snapdragon Processor QSD 8250 1 GHz CPU 8MegaPixel camera with Xenon Flash 5 MP, 2592?1944 pixels, autofocus, dual-LED flash, 480 x 800 pixels, 3.7 inches 480 x 800 pixels, 4.3 inches 11.9mm thick and Weighs 130g 11.2 mm thick and Weighs 162 g Bluetooth 2.1 Bluetooth 2.1 8 GB of internal storage memory 8 GB of internal storage memory 512MB of ROM and 576 of RAM 512MB of ROM and 576 of RAM 3G HSDPA 7.2 Mbps and HSUPA 2 Mbps 3G HSDPA 7.2 Mbps; HSUPA 2 Mbps Wi-Fi 802.11 b/g/n Wi-Fi 802.11 b/g/n Micro-USB interconnector Micro-USB interconnector 3.5mm audio jack 3.5mm audio jack GPS antenna GPS antenna Standard battery Li-Po 1300 MA Standard battery, Li-Ion 1230 MA Standby 360 h (2G) up to 435 h (3G) Up to 310 h (2G) / Up to 320 h (3G) Talk time Up to 6 h 40 min (2G) and 5 h 30 min (3G) Up to 6 h 20 min (2G) / Up to 5 h 20 min (3G) Estimated Price “HTC HD 7″ is priced between  INR 27855 to 32000. though the price of “HDT Mozart” is officially not announced it is estimated to be around INR 30000. Where to Buy The Windows 7 phone is not yet available in stores directly, but most of the leading mobile stores are getting pre -orders. I have given some of the online store links below. Flip kart UniverCell This article titled,HTC to launch Windows 7 phone in India, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • SQL SERVER – Copy Data from One Table to Another Table – SQL in Sixty Seconds #031 – Video

    - by pinaldave
    Copy data from one table to another table is one of the most requested questions on forums, Facebook and Twitter. The question has come in many formats and there are places I have seen developers are using cursor instead of this direct method. Earlier I have written the similar article a few years ago - SQL SERVER – Insert Data From One Table to Another Table – INSERT INTO SELECT – SELECT INTO TABLE. The article has been very popular and I have received many interesting and constructive comments. However there were two specific comments keep on ending up on my mailbox. 1) SQL Server AdventureWorks Samples Database does not have table I used in the example 2) If there is a video tutorial of the same example. After carefully thinking I decided to build a new set of the scripts for the example which are very similar to the old one as well video tutorial of the same. There was no better place than our SQL in Sixty Second Series to cover this interesting small concept. Let me know what you think of this video. Here is the updated script. -- Method 1 : INSERT INTO SELECT USE AdventureWorks2012 GO ----Create TestTable CREATE TABLE TestTable (FirstName VARCHAR(100), LastName VARCHAR(100)) ----INSERT INTO TestTable using SELECT INSERT INTO TestTable (FirstName, LastName) SELECT FirstName, LastName FROM Person.Person WHERE EmailPromotion = 2 ----Verify that Data in TestTable SELECT FirstName, LastName FROM TestTable ----Clean Up Database DROP TABLE TestTable GO --------------------------------------------------------- --------------------------------------------------------- -- Method 2 : SELECT INTO USE AdventureWorks2012 GO ----Create new table and insert into table using SELECT INSERT SELECT FirstName, LastName INTO TestTable FROM Person.Person WHERE EmailPromotion = 2 ----Verify that Data in TestTable SELECT FirstName, LastName FROM TestTable ----Clean Up Database DROP TABLE TestTable GO Related Tips in SQL in Sixty Seconds: SQL SERVER – Insert Data From One Table to Another Table – INSERT INTO SELECT – SELECT INTO TABLE Powershell – Importing CSV File Into Database – Video SQL SERVER – 2005 – Export Data From SQL Server 2005 to Microsoft Excel Datasheet SQL SERVER – Import CSV File into Database Table Using SSIS SQL SERVER – Import CSV File Into SQL Server Using Bulk Insert – Load Comma Delimited File Into SQL Server SQL SERVER – 2005 – Generate Script with Data from Database – Database Publishing Wizard What would you like to see in the next SQL in Sixty Seconds video? Reference: Pinal Dave (http://blog.sqlauthority.com)   Filed under: Database, Pinal Dave, PostADay, SQL, SQL Authority, SQL in Sixty Seconds, SQL Query, SQL Scripts, SQL Server, SQL Server Management Studio, SQL Tips and Tricks, T SQL, Technology, Video Tagged: Excel

    Read the article

  • Save Web Articles to Read Later with Instapaper

    - by Mysticgeek
    Have you ever come across a bunch of great articles that you want to read online, but just don’t have the time? Today we take a look at an online service that allows you to read your articles later, either online, or on an iPhone, or eReader. Instapaper Instapaper is an awesome tool that allows you to save web pages so you can read them at a later time. Not only does it save an online article to read later, but also gives you several choices for where you want to read it. Sign up for a free account, and drag the “Read Later” bookmarklet to the bookmarks bar in your browser. To save a page you’ll need to be logged into your account. When you’re at a page that you can’t read right away, just click on the Read Later button in the bookmarks bar. After clicking the Read Later button, a small message is displayed indicating that the page has been saved to the Instapaper site. Save as many pages as you want, and when you’re ready to read them, go to the Instapaper site and you’ll see a list of the articles you saved. You can click on the link to go directly to the saved oage, read it as text (leaving out a bunch of images), or archive the article for later. One of the really appealing beta features is you can save the article in .mobi format for a Kindle, or ePub format for other eReaders such a the Sony Reader. Another neat feature is the “Instapaper Text” bookmarklet that lets you view an article on a graphics heavy page with only text, but doesn’t save it to your account. Before After There are also other cool features such as iPhone Apps, Kindle automatic wireless delivery, send items to Google Reader, and more. If you wish you could collect all of the neat articles you run across each day for reading later via multiple formats, Instapaper is a great tool for the job. Check Out Instapaper Similar Articles Productive Geek Tips Save Pages for Later With Reading List Extension for FirefoxGreat Geek SitesAbout the GeekHow-To Geek Changes in ProgressMake Outlook 2007 Mark Items as Read When Viewed in Reading Pane TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips DVDFab 6 Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 Classic Cinema Online offers 100’s of OnDemand Movies OutSync will Sync Photos of your Friends on Facebook and Outlook Windows 7 Easter Theme YoWindoW, a real time weather screensaver Optimize your computer the Microsoft way Stormpulse provides slick, real time weather data

    Read the article

  • Toorcon 15 (2013)

    - by danx
    The Toorcon gang (senior staff): h1kari (founder), nfiltr8, and Geo Introduction to Toorcon 15 (2013) A Tale of One Software Bypass of MS Windows 8 Secure Boot Breaching SSL, One Byte at a Time Running at 99%: Surviving an Application DoS Security Response in the Age of Mass Customized Attacks x86 Rewriting: Defeating RoP and other Shinanighans Clowntown Express: interesting bugs and running a bug bounty program Active Fingerprinting of Encrypted VPNs Making Attacks Go Backwards Mask Your Checksums—The Gorry Details Adventures with weird machines thirty years after "Reflections on Trusting Trust" Introduction to Toorcon 15 (2013) Toorcon 15 is the 15th annual security conference held in San Diego. I've attended about a third of them and blogged about previous conferences I attended here starting in 2003. As always, I've only summarized the talks I attended and interested me enough to write about them. Be aware that I may have misrepresented the speaker's remarks and that they are not my remarks or opinion, or those of my employer, so don't quote me or them. Those seeking further details may contact the speakers directly or use The Google. For some talks, I have a URL for further information. A Tale of One Software Bypass of MS Windows 8 Secure Boot Andrew Furtak and Oleksandr Bazhaniuk Yuri Bulygin, Oleksandr ("Alex") Bazhaniuk, and (not present) Andrew Furtak Yuri and Alex talked about UEFI and Bootkits and bypassing MS Windows 8 Secure Boot, with vendor recommendations. They previously gave this talk at the BlackHat 2013 conference. MS Windows 8 Secure Boot Overview UEFI (Unified Extensible Firmware Interface) is interface between hardware and OS. UEFI is processor and architecture independent. Malware can replace bootloader (bootx64.efi, bootmgfw.efi). Once replaced can modify kernel. Trivial to replace bootloader. Today many legacy bootkits—UEFI replaces them most of them. MS Windows 8 Secure Boot verifies everything you load, either through signatures or hashes. UEFI firmware relies on secure update (with signed update). You would think Secure Boot would rely on ROM (such as used for phones0, but you can't do that for PCs—PCs use writable memory with signatures DXE core verifies the UEFI boat loader(s) OS Loader (winload.efi, winresume.efi) verifies the OS kernel A chain of trust is established with a root key (Platform Key, PK), which is a cert belonging to the platform vendor. Key Exchange Keys (KEKs) verify an "authorized" database (db), and "forbidden" database (dbx). X.509 certs with SHA-1/SHA-256 hashes. Keys are stored in non-volatile (NV) flash-based NVRAM. Boot Services (BS) allow adding/deleting keys (can't be accessed once OS starts—which uses Run-Time (RT)). Root cert uses RSA-2048 public keys and PKCS#7 format signatures. SecureBoot — enable disable image signature checks SetupMode — update keys, self-signed keys, and secure boot variables CustomMode — allows updating keys Secure Boot policy settings are: always execute, never execute, allow execute on security violation, defer execute on security violation, deny execute on security violation, query user on security violation Attacking MS Windows 8 Secure Boot Secure Boot does NOT protect from physical access. Can disable from console. Each BIOS vendor implements Secure Boot differently. There are several platform and BIOS vendors. It becomes a "zoo" of implementations—which can be taken advantage of. Secure Boot is secure only when all vendors implement it correctly. Allow only UEFI firmware signed updates protect UEFI firmware from direct modification in flash memory protect FW update components program SPI controller securely protect secure boot policy settings in nvram protect runtime api disable compatibility support module which allows unsigned legacy Can corrupt the Platform Key (PK) EFI root certificate variable in SPI flash. If PK is not found, FW enters setup mode wich secure boot turned off. Can also exploit TPM in a similar manner. One is not supposed to be able to directly modify the PK in SPI flash from the OS though. But they found a bug that they can exploit from User Mode (undisclosed) and demoed the exploit. It loaded and ran their own bootkit. The exploit requires a reboot. Multiple vendors are vulnerable. They will disclose this exploit to vendors in the future. Recommendations: allow only signed updates protect UEFI fw in ROM protect EFI variable store in ROM Breaching SSL, One Byte at a Time Yoel Gluck and Angelo Prado Angelo Prado and Yoel Gluck, Salesforce.com CRIME is software that performs a "compression oracle attack." This is possible because the SSL protocol doesn't hide length, and because SSL compresses the header. CRIME requests with every possible character and measures the ciphertext length. Look for the plaintext which compresses the most and looks for the cookie one byte-at-a-time. SSL Compression uses LZ77 to reduce redundancy. Huffman coding replaces common byte sequences with shorter codes. US CERT thinks the SSL compression problem is fixed, but it isn't. They convinced CERT that it wasn't fixed and they issued a CVE. BREACH, breachattrack.com BREACH exploits the SSL response body (Accept-Encoding response, Content-Encoding). It takes advantage of the fact that the response is not compressed. BREACH uses gzip and needs fairly "stable" pages that are static for ~30 seconds. It needs attacker-supplied content (say from a web form or added to a URL parameter). BREACH listens to a session's requests and responses, then inserts extra requests and responses. Eventually, BREACH guesses a session's secret key. Can use compression to guess contents one byte at-a-time. For example, "Supersecret SupersecreX" (a wrong guess) compresses 10 bytes, and "Supersecret Supersecret" (a correct guess) compresses 11 bytes, so it can find each character by guessing every character. To start the guess, BREACH needs at least three known initial characters in the response sequence. Compression length then "leaks" information. Some roadblocks include no winners (all guesses wrong) or too many winners (multiple possibilities that compress the same). The solutions include: lookahead (guess 2 or 3 characters at-a-time instead of 1 character). Expensive rollback to last known conflict check compression ratio can brute-force first 3 "bootstrap" characters, if needed (expensive) block ciphers hide exact plain text length. Solution is to align response in advance to block size Mitigations length: use variable padding secrets: dynamic CSRF tokens per request secret: change over time separate secret to input-less servlets Future work eiter understand DEFLATE/GZIP HTTPS extensions Running at 99%: Surviving an Application DoS Ryan Huber Ryan Huber, Risk I/O Ryan first discussed various ways to do a denial of service (DoS) attack against web services. One usual method is to find a slow web page and do several wgets. Or download large files. Apache is not well suited at handling a large number of connections, but one can put something in front of it Can use Apache alternatives, such as nginx How to identify malicious hosts short, sudden web requests user-agent is obvious (curl, python) same url requested repeatedly no web page referer (not normal) hidden links. hide a link and see if a bot gets it restricted access if not your geo IP (unless the website is global) missing common headers in request regular timing first seen IP at beginning of attack count requests per hosts (usually a very large number) Use of captcha can mitigate attacks, but you'll lose a lot of genuine users. Bouncer, goo.gl/c2vyEc and www.github.com/rawdigits/Bouncer Bouncer is software written by Ryan in netflow. Bouncer has a small, unobtrusive footprint and detects DoS attempts. It closes blacklisted sockets immediately (not nice about it, no proper close connection). Aggregator collects requests and controls your web proxies. Need NTP on the front end web servers for clean data for use by bouncer. Bouncer is also useful for a popularity storm ("Slashdotting") and scraper storms. Future features: gzip collection data, documentation, consumer library, multitask, logging destroyed connections. Takeaways: DoS mitigation is easier with a complete picture Bouncer designed to make it easier to detect and defend DoS—not a complete cure Security Response in the Age of Mass Customized Attacks Peleus Uhley and Karthik Raman Peleus Uhley and Karthik Raman, Adobe ASSET, blogs.adobe.com/asset/ Peleus and Karthik talked about response to mass-customized exploits. Attackers behave much like a business. "Mass customization" refers to concept discussed in the book Future Perfect by Stan Davis of Harvard Business School. Mass customization is differentiating a product for an individual customer, but at a mass production price. For example, the same individual with a debit card receives basically the same customized ATM experience around the world. Or designing your own PC from commodity parts. Exploit kits are another example of mass customization. The kits support multiple browsers and plugins, allows new modules. Exploit kits are cheap and customizable. Organized gangs use exploit kits. A group at Berkeley looked at 77,000 malicious websites (Grier et al., "Manufacturing Compromise: The Emergence of Exploit-as-a-Service", 2012). They found 10,000 distinct binaries among them, but derived from only a dozen or so exploit kits. Characteristics of Mass Malware: potent, resilient, relatively low cost Technical characteristics: multiple OS, multipe payloads, multiple scenarios, multiple languages, obfuscation Response time for 0-day exploits has gone down from ~40 days 5 years ago to about ~10 days now. So the drive with malware is towards mass customized exploits, to avoid detection There's plenty of evicence that exploit development has Project Manager bureaucracy. They infer from the malware edicts to: support all versions of reader support all versions of windows support all versions of flash support all browsers write large complex, difficult to main code (8750 lines of JavaScript for example Exploits have "loose coupling" of multipe versions of software (adobe), OS, and browser. This allows specific attacks against specific versions of multiple pieces of software. Also allows exploits of more obscure software/OS/browsers and obscure versions. Gave examples of exploits that exploited 2, 3, 6, or 14 separate bugs. However, these complete exploits are more likely to be buggy or fragile in themselves and easier to defeat. Future research includes normalizing malware and Javascript. Conclusion: The coming trend is that mass-malware with mass zero-day attacks will result in mass customization of attacks. x86 Rewriting: Defeating RoP and other Shinanighans Richard Wartell Richard Wartell The attack vector we are addressing here is: First some malware causes a buffer overflow. The malware has no program access, but input access and buffer overflow code onto stack Later the stack became non-executable. The workaround malware used was to write a bogus return address to the stack jumping to malware Later came ASLR (Address Space Layout Randomization) to randomize memory layout and make addresses non-deterministic. The workaround malware used was to jump t existing code segments in the program that can be used in bad ways "RoP" is Return-oriented Programming attacks. RoP attacks use your own code and write return address on stack to (existing) expoitable code found in program ("gadgets"). Pinkie Pie was paid $60K last year for a RoP attack. One solution is using anti-RoP compilers that compile source code with NO return instructions. ASLR does not randomize address space, just "gadgets". IPR/ILR ("Instruction Location Randomization") randomizes each instruction with a virtual machine. Richard's goal was to randomize a binary with no source code access. He created "STIR" (Self-Transofrming Instruction Relocation). STIR disassembles binary and operates on "basic blocks" of code. The STIR disassembler is conservative in what to disassemble. Each basic block is moved to a random location in memory. Next, STIR writes new code sections with copies of "basic blocks" of code in randomized locations. The old code is copied and rewritten with jumps to new code. the original code sections in the file is marked non-executible. STIR has better entropy than ASLR in location of code. Makes brute force attacks much harder. STIR runs on MS Windows (PEM) and Linux (ELF). It eliminated 99.96% or more "gadgets" (i.e., moved the address). Overhead usually 5-10% on MS Windows, about 1.5-4% on Linux (but some code actually runs faster!). The unique thing about STIR is it requires no source access and the modified binary fully works! Current work is to rewrite code to enforce security policies. For example, don't create a *.{exe,msi,bat} file. Or don't connect to the network after reading from the disk. Clowntown Express: interesting bugs and running a bug bounty program Collin Greene Collin Greene, Facebook Collin talked about Facebook's bug bounty program. Background at FB: FB has good security frameworks, such as security teams, external audits, and cc'ing on diffs. But there's lots of "deep, dark, forgotten" parts of legacy FB code. Collin gave several examples of bountied bugs. Some bounty submissions were on software purchased from a third-party (but bounty claimers don't know and don't care). We use security questions, as does everyone else, but they are basically insecure (often easily discoverable). Collin didn't expect many bugs from the bounty program, but they ended getting 20+ good bugs in first 24 hours and good submissions continue to come in. Bug bounties bring people in with different perspectives, and are paid only for success. Bug bounty is a better use of a fixed amount of time and money versus just code review or static code analysis. The Bounty program started July 2011 and paid out $1.5 million to date. 14% of the submissions have been high priority problems that needed to be fixed immediately. The best bugs come from a small % of submitters (as with everything else)—the top paid submitters are paid 6 figures a year. Spammers like to backstab competitors. The youngest sumitter was 13. Some submitters have been hired. Bug bounties also allows to see bugs that were missed by tools or reviews, allowing improvement in the process. Bug bounties might not work for traditional software companies where the product has release cycle or is not on Internet. Active Fingerprinting of Encrypted VPNs Anna Shubina Anna Shubina, Dartmouth Institute for Security, Technology, and Society (I missed the start of her talk because another track went overtime. But I have the DVD of the talk, so I'll expand later) IPsec leaves fingerprints. Using netcat, one can easily visually distinguish various crypto chaining modes just from packet timing on a chart (example, DES-CBC versus AES-CBC) One can tell a lot about VPNs just from ping roundtrips (such as what router is used) Delayed packets are not informative about a network, especially if far away from the network More needed to explore about how TCP works in real life with respect to timing Making Attacks Go Backwards Fuzzynop FuzzyNop, Mandiant This talk is not about threat attribution (finding who), product solutions, politics, or sales pitches. But who are making these malware threats? It's not a single person or group—they have diverse skill levels. There's a lot of fat-fingered fumblers out there. Always look for low-hanging fruit first: "hiding" malware in the temp, recycle, or root directories creation of unnamed scheduled tasks obvious names of files and syscalls ("ClearEventLog") uncleared event logs. Clearing event log in itself, and time of clearing, is a red flag and good first clue to look for on a suspect system Reverse engineering is hard. Disassembler use takes practice and skill. A popular tool is IDA Pro, but it takes multiple interactive iterations to get a clean disassembly. Key loggers are used a lot in targeted attacks. They are typically custom code or built in a backdoor. A big tip-off is that non-printable characters need to be printed out (such as "[Ctrl]" "[RightShift]") or time stamp printf strings. Look for these in files. Presence is not proof they are used. Absence is not proof they are not used. Java exploits. Can parse jar file with idxparser.py and decomile Java file. Java typially used to target tech companies. Backdoors are the main persistence mechanism (provided externally) for malware. Also malware typically needs command and control. Application of Artificial Intelligence in Ad-Hoc Static Code Analysis John Ashaman John Ashaman, Security Innovation Initially John tried to analyze open source files with open source static analysis tools, but these showed thousands of false positives. Also tried using grep, but tis fails to find anything even mildly complex. So next John decided to write his own tool. His approach was to first generate a call graph then analyze the graph. However, the problem is that making a call graph is really hard. For example, one problem is "evil" coding techniques, such as passing function pointer. First the tool generated an Abstract Syntax Tree (AST) with the nodes created from method declarations and edges created from method use. Then the tool generated a control flow graph with the goal to find a path through the AST (a maze) from source to sink. The algorithm is to look at adjacent nodes to see if any are "scary" (a vulnerability), using heuristics for search order. The tool, called "Scat" (Static Code Analysis Tool), currently looks for C# vulnerabilities and some simple PHP. Later, he plans to add more PHP, then JSP and Java. For more information see his posts in Security Innovation blog and NRefactory on GitHub. Mask Your Checksums—The Gorry Details Eric (XlogicX) Davisson Eric (XlogicX) Davisson Sometimes in emailing or posting TCP/IP packets to analyze problems, you may want to mask the IP address. But to do this correctly, you need to mask the checksum too, or you'll leak information about the IP. Problem reports found in stackoverflow.com, sans.org, and pastebin.org are usually not masked, but a few companies do care. If only the IP is masked, the IP may be guessed from checksum (that is, it leaks data). Other parts of packet may leak more data about the IP. TCP and IP checksums both refer to the same data, so can get more bits of information out of using both checksums than just using one checksum. Also, one can usually determine the OS from the TTL field and ports in a packet header. If we get hundreds of possible results (16x each masked nibble that is unknown), one can do other things to narrow the results, such as look at packet contents for domain or geo information. With hundreds of results, can import as CSV format into a spreadsheet. Can corelate with geo data and see where each possibility is located. Eric then demoed a real email report with a masked IP packet attached. Was able to find the exact IP address, given the geo and university of the sender. Point is if you're going to mask a packet, do it right. Eric wouldn't usually bother, but do it correctly if at all, to not create a false impression of security. Adventures with weird machines thirty years after "Reflections on Trusting Trust" Sergey Bratus Sergey Bratus, Dartmouth College (and Julian Bangert and Rebecca Shapiro, not present) "Reflections on Trusting Trust" refers to Ken Thompson's classic 1984 paper. "You can't trust code that you did not totally create yourself." There's invisible links in the chain-of-trust, such as "well-installed microcode bugs" or in the compiler, and other planted bugs. Thompson showed how a compiler can introduce and propagate bugs in unmodified source. But suppose if there's no bugs and you trust the author, can you trust the code? Hell No! There's too many factors—it's Babylonian in nature. Why not? Well, Input is not well-defined/recognized (code's assumptions about "checked" input will be violated (bug/vunerabiliy). For example, HTML is recursive, but Regex checking is not recursive. Input well-formed but so complex there's no telling what it does For example, ELF file parsing is complex and has multiple ways of parsing. Input is seen differently by different pieces of program or toolchain Any Input is a program input executes on input handlers (drives state changes & transitions) only a well-defined execution model can be trusted (regex/DFA, PDA, CFG) Input handler either is a "recognizer" for the inputs as a well-defined language (see langsec.org) or it's a "virtual machine" for inputs to drive into pwn-age ELF ABI (UNIX/Linux executible file format) case study. Problems can arise from these steps (without planting bugs): compiler linker loader ld.so/rtld relocator DWARF (debugger info) exceptions The problem is you can't really automatically analyze code (it's the "halting problem" and undecidable). Only solution is to freeze code and sign it. But you can't freeze everything! Can't freeze ASLR or loading—must have tables and metadata. Any sufficiently complex input data is the same as VM byte code Example, ELF relocation entries + dynamic symbols == a Turing Complete Machine (TM). @bxsays created a Turing machine in Linux from relocation data (not code) in an ELF file. For more information, see Rebecca "bx" Shapiro's presentation from last year's Toorcon, "Programming Weird Machines with ELF Metadata" @bxsays did same thing with Mach-O bytecode Or a DWARF exception handling data .eh_frame + glibc == Turning Machine X86 MMU (IDT, GDT, TSS): used address translation to create a Turning Machine. Page handler reads and writes (on page fault) memory. Uses a page table, which can be used as Turning Machine byte code. Example on Github using this TM that will fly a glider across the screen Next Sergey talked about "Parser Differentials". That having one input format, but two parsers, will create confusion and opportunity for exploitation. For example, CSRs are parsed during creation by cert requestor and again by another parser at the CA. Another example is ELF—several parsers in OS tool chain, which are all different. Can have two different Program Headers (PHDRs) because ld.so parses multiple PHDRs. The second PHDR can completely transform the executable. This is described in paper in the first issue of International Journal of PoC. Conclusions trusting computers not only about bugs! Bugs are part of a problem, but no by far all of it complex data formats means bugs no "chain of trust" in Babylon! (that is, with parser differentials) we need to squeeze complexity out of data until data stops being "code equivalent" Further information See and langsec.org. USENIX WOOT 2013 (Workshop on Offensive Technologies) for "weird machines" papers and videos.

    Read the article

  • Evolution Of High Definition TV Viewing

    - by Gopinath
    The following guest post is written by Rob, who is also blogging on entertainment technology topics on iwantsky.com Gone are the days when you need to squint to be able to see the emotions on the faces of Humphrey Bogart and Ingrid Bergman as the lovers bid each other adieu in the classic film Casablanca. These days, watching an ordinary ant painstakingly carry a leaf in Animal Planet can be an exhilarating experience as you get to see not only the slightest movement but also the demarcation line between the insect’s head, thorax and abdomen. The crystal clear imagery was made possible by the sharp minds and the tinkering hands of the scientists that have designed the modern world’s HDTV. What is HDTV and what makes people so agog to have this new innovation in TV watching? HDTV stands for High Definition TV. Television viewing has indeed made a big leap. From the grainy black and whites, TV viewing had moved to colored TVs, progressed to SD TVs and now to HDTV. HDTV is the emerging trend in TV viewing as it delivers bigger and clearer pictures and better audio. Viewers can have a cinema-like TV viewing experience right in the comforts of their own home. With HDTV the viewer is allowed to have a better viewing range. With Standard (SD) TV, the viewer has to be at a distance that is from 3 to 6 times the size of the screen. HDTV allows the viewer to enjoy sharper and clearer images as it is possible to sit at a distance that is 1.5 or 3 times the size of the screen without noticing any image pixilation. Although HDTV appears to be a fairly new innovation, this system has actually existed in various forms years ago. Development of the HDTV was started in Europe as early as 1940s. However, the NTSC and the PAL/SECAM, the two analog TV standards became dominant and became popular worldwide. The analog TV was replaced by the digital TV platform in the 1990s. Even during the analog era, attempts have been made to develop HDTV. Japan has come out with MUSE system. However, due to channel bandwidth requirement concerns, the program was shelved. The entry of four organizations into the HDTV market spurred the development of a beneficial coalition. The AT&T, ATRC, MIT and Zenith HDTV combined forces. In 1993, a Grand Alliance was formed. This group is composed of researchers and HDTV manufacturers. A common standard for the broadcast system of HDTV was developed. In 1995, the system was tested and found successful. With the higher screen resolution of HDTV, viewing has never been more enjoyable. [Image courtesy: samsung] This article titled,Evolution Of High Definition TV Viewing, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • Catching people up

    - by Randy Walker
    It’s been a while since I’ve blogged.  I suppose sometimes when one’s personal life gets busy, there are some things that fall by the wayside.  So what all has happened since I last blogged? Business has been good with lots of lessons learned.  I had hoped I would have had an important announcement several months ago concerning the business I own, but that simply hasn’t materialized yet. Will keep everyone posted.  Ensuring your business has a good sales pipeline and stays ahead in the technology curve is extremely important. I eventually resigned my INETA Board of Directors position.  Never one to mince words, frankly I had several issues with how things are run at INETA.  Mostly centered around some ethical issues compounded by higher expectations and what I felt was a lack of support.  I had put my hat into the ring in order to help change things, but eventually I didn’t really see change a possibility, and so all things must come to an end. I have started writing up a new business plan for a new startup, details to be forthcoming.  It’s new name will be Linker CRM.  I have some aggressive game changing plans ahead for it.  Ping me if you’re interested in finding out more information and don’t mind signing a non-compete and confidentiality agreement. ;) My personal life, has been hectic.  A 4 year old will do that to you.  As well as being divorced and the headaches associated with that.  If you’ve been divorced, I feel your pain, if you haven’t been, I would never wish the emotional roller coaster ride on anyone.  Dating has been interesting.  It’s a lot different at age 35 than your early 20s and relationships are far more complicated. Ethan is an absolutely fantastic adorable charmer of a kid.  He’s definitely going to be a heartbreaker.  His personality is really shining through and he’s taken onto my appreciation of music (and yes I’ll admit dance too).  We watched America’s Best Dance Crew (ABDC) together for the first time, he really loved it and I think he’ll probably start his own break dancing crew eventually.  I’ve posted a few videos on Facebook for those interested.  I’m extremely proud of him, but please say a little prayer for us as we try and continue to curb some behavior issues, as well as his mother and I try to settle some differences. This year’s travel plans have already included Dallas, Seattle, and a trip to Vancouver for the 2010 Olympics (a huge thanks to the Washington State Police for the nice souvenir they gave me).  Future travel plans include a trip to Korea in the 2nd half of May, Nashville again in the summer, and hopefully New Orleans for the Microsoft TechEd 2010 Conference. Look for some new blog posts soon …

    Read the article

  • SOA’s People Problem by Bob Rhubart

    - by JuergenKress
    Are reluctant passengers slowing down your SOA train? Based on my conversations with various experts in service-oriented architecture (SOA), the consensus is that SOA tools and technology have achieved a high level of maturity. Some even use the term industrialization to describe the current state of SOA. Given that scenario, one might assume that SOA has been wildly successful for every organization that has adopted its principles. Obviously SOA could not have achieved its current level of maturity and industrialization without having reached a tipping point in the volume of success stories to drive continued adoption. But some organizations continue to struggle with SOA. The problem, according to some experts, has little to do with tools or technologies. “One of the greatest challenges to implementing SOA has nothing to do with the intrinsic complexity behind a SOA technology platform,” says Oracle ACE Luis Augusto Weir, senior Oracle solution director at HCL AXON. “The real difficulty lies in dealing with people and processes from different parts of the business and aligning them to deliver enterprisewide solutions.” What can an organization do to meet that challenge? “Staff the right people,” says Weir. “For example, the role of a SOA architect should be as much about integrating people as it is about integrating systems. Dealing with people from different departments, backgrounds, and agendas is a huge challenge. The SOA architect role requires someone that not only has a sound architectural and technological background but also has charisma and human skills, and can communicate equally well to the business and technical teams.” The SOA architect’s communication skills are instrumental in establishing service orientation as the guiding principle across the organization. “A consistent architecture comprising both business services and IT services can comprehensively redefine the role of IT at the process level,” says Danilo Schmiedel, solution architect at Opitz Consulting. That helps to shift the focus from siloes to services and get SOA on track. To that end, Oracle ACE Director Lonneke Dikmans, a managing partner at Vennster, stresses the importance of replacing individual, uncoordinated projects with a focused program that promotes communication, cooperation, and service reuse. “Having support among lead developers and architects helps, as does having sponsors that see the business case and understand the strategic value,” she says. Read the complete article here. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Technorati Tags: Bob Rhubard,OTN,Lonneke Dikmans,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • HTTP Headers: Max-Age vs Expires – Which One To Choose?

    - by Gopinath
    Caching of static content like images, scripts, styles on the client browser reduces load on the webservers and also improves end users browsing experience by loading web pages quickly. We can use HTTP headers Expires or Cache-Control:max-age to cache content on client browser and set expiry time for them. Expire header is HTTP/1.0 standard and Cache-Control:max-age is introduced in HTTP/1.1 specification to solve the issues and limitation with Expire  header. Consider the following headers.   Cache-Control: max-age=24560 Expires: Tue, 15 May 2012 06:17:00 GMT The first header instructs web browsers to cache the content for 24560 seconds relative to the time the content is downloaded and expire it after the time period elapses. The second header instructs web browser to expiry the content after 15th May 2011 06:17. Out of these two options which one to use – max-age or expires? I prefer max-age header for the following reasons As max-age  is a relative value and in most of the cases it makes sense to set relative expiry date rather than an absolute expiry date. Expire  header values are complex to set – time format should be proper, time zones should be appropriate. Even a small mistake in settings these values results in unexpected behaviour. As Expire header values are absolute, we need to  keep changing them at regular intervals. Lets say if we set 2011 June 1 as expiry date to all the image files of this blog, on 2011 June 2 we should modify the expiry date to something like 2012 Jan 1. This add burden of managing the Expire headers. Related: Amazon S3 Tips: Quickly Add/Modify HTTP Headers To All Files Recursively cc image flickr:rogue3w This article titled,HTTP Headers: Max-Age vs Expires – Which One To Choose?, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • SQLAuthority News – Virtual Launch Event for Office 2010 – Contest – Win MS Office License

    - by pinaldave
    Office products are integral products of any PC. I accept that without Office Suites, I can not survive or make enough leaving. I am blogger and use word to create my blogs. I am SQL Server Trainer  and I use PowerPoint as my presentation tool. I am SQL Server consultant and I use Excel to keep my work log. I can not see my life with Office Tools. Just like any other Microsoft Product there is strong community following Office Tools. Please count me in. The same community is hosting a Virtual Launch Event for Office 2010 on May 25 and 26th. The webcasts is FREE to attend and people can take part either online or by going to the nearest available center. The sessions will be delivered by MVPs. To register please visit: http://www.meraoffice.com. In June, limited cities will be hosting Community Launch Events for Office 2010. At the launch events, attendees will get to see Office 2010 in action and learn how to do their work better with Office 2010.  The details are available on http://office.merawindows.com. To support one of the largest community, I am announcing one contents. It is very easy to take part in the contest. You just have to answer one very simple question. Contest: Choose best option: With which Microsoft Office Product Powerpivot is associated? Options: 1) PowerPoint 2) Excel 3) Word Hint: http://search.sqlauthority.com Rules: Winner will be awarded 1 Office 2007 Home and Student. This will be freely upgradeable to Office 2010 once it releases in June. The winners will be sent emails and they will redeem their awards via microsoftstore.co.in The prizes can only be shipped to India and Indian residents are eligible. Winner will be selected by selected community leaders and MVPs at their sole discretion. Winner will be informed by email about the award. Most creative and informative comment will win the contest. Please spread the words about this contest. SQLAuthority.com will also send SQL Server book to the person who generates the most traffic to this blog post using Twitter, Facebook and other social media. This competition is also open to Indian residents only. I will measure the traffic using my wordpress.com stats plugin. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQLAuthority News, T SQL, Technology Tagged: Office

    Read the article

  • How To: LIC of India Online Policy Payments And Status Enquiries

    - by Kavitha
    Life Insurance Corporation (LIC) of India is the largest state-owned insurance company in India and also the country’s largest investor. The premium  amount for the insurance policies purchased from LIC are paid by visiting the nearest LIC office or by taking help of LIC agents. It’s a time consuming process and most of us are fed up of standing in long queues at LIC offices for paying premium amount. LIC Online Services Website The worries are not any more, no need to stand in a long queue or approach an agent for paying your LIC policies. LIC of India has an online payment and also renewal facility : http://licindia.in. To pay the policies online we have to register with LIC and login to the site using the registered username and password. Once you login, you can enter your profile information and LIC policies that are purchased on your name(register the policies that are purchased  only on your name, otherwise you land in to troubles). Once registered, managing activities of like payments, loan eligibility checking, policy maturity, etc. are very easy. For online payment of policies you can find Pay Premium Online tab which when clicked takes you to a page that lists all the policies that are due. Payments can be made using credit/debit cards and online banking systems. Almost all the Indian banks are covered as part of the online payment system. Other services that are available through the online system of LIC are : View ULIP Policies,Premium Calendar, Calculate Loan Eligibility, Revival Quote, Policy Maturity, Address Change Requests, etc. LIC Policy Status Enquiry Through Phone LIC also has a helpline/customer care  number ‘1251‘. You can call 1251 to know about  your policy status, premium due date, Loan possibility and loan amount possible, time of maturity etc. This article titled,How To: LIC of India Online Policy Payments And Status Enquiries, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • Claims-based Identity Terminology

    - by kaleidoscope
    There are several terms commonly used to describe claims-based identity, and it is important to clearly define these terms. · Identity In terms of Access Control, the term identity will be used to refer to a set of claims made by a trusted issuer about the user. · Claim You can think of a claim as a bit of identity information, such as name, email address, age, and so on. The more claims your service receives, the more you’ll know about the user who is making the request. · Security Token The user delivers a set of claims to your service piggybacked along with his or her request. In a REST Web service, these claims are carried in the Authorization header of the HTTP(S) request. Regardless of how they arrive, claims must somehow be serialized, and this is managed by security tokens. A security token is a serialized set of claims that is signed by the issuing authority. · Issuing Authority & Identity Provider An issuing authority has two main features. The first and most obvious is that it issues security tokens. The second feature is the logic that determines which claims to issue. This is based on the user’s identity, the resource to which the request applies, and possibly other contextual data such as time of day. This type of logic is often referred to as policy[1]. There are many issuing authorities, including Windows Live ID, ADFS, PingFederate from Ping Identity (a product that exposes user identities from the Java world), Facebook Connect, and more. Their job is to validate some credential from the user and issue a token with an identifier for the user's account and  possibly other identity attributes. These types of authorities are called identity providers (sometimes shortened as IdP). It’s ultimately their responsibility to answer the question, “who are you?” and ensure that the user knows his or her password, is in possession of a smart card, knows the PIN code, has a matching retinal scan, and so on. · Security Token Service (STS) A security token service (STS) is a technical term for the Web interface in an issuing authority that allows clients to request and receive a security token according to interoperable protocols that are discussed in the following section. This term comes from the WS-Trust standard, and is often used in the literature to refer to an issuing authority. STS when used from developer point of view indicates the URL to use to request a token from an issuer. For more details please refer to the link http://www.microsoft.com/windowsazure/developers/dotnetservices/ Geeta, G

    Read the article

  • Silverlight User Group of Switzerland (SLUGS)

    - by Laurent Bugnion
    Last Thursday, the Silverlight Firestarter event took place in Redmond, and was streamed live to a large audience worldwide (around 20’000 people). Approximately 30 if them were in Wallisellen near Zurich, in Microsoft Switzerland’s offices. This was not only a great occasion to learn more about the future of Silverlight and to see great demos, but also it was the very first meeting of the Silverlight User Group of Switzerland (SLUGS). Having 30 people for a first meeting was a great success, especially if we consider that it was REALLY cold that night, that it had snowed 20 cm the night before! We all had a good time, and 3 lucky winners went back home with a prize: One LG Optimus 7 Windows Phone and two copies of Silverlight 4 Unleashed. Congratulations to the winners! After the keynote (which went in a whirlwind, shortest 90 minutes ever!), we all had pizza and beverages generously sponsored by the Swiss DPE team, of which not less than 5 guys came to the event! Thanks to Stefano, Ronnie, Sascha, Big Mike and Ken for attending! We decided to have meetings every month. Stay tuned for announcements on when and where the events will take place. We are also in the process of creating various groups online where the attendees can find more information. For instance, I created a group on Flickr where the pictures taken at events will be published. The group is public, and the pictures of the first event are already online! We also have the already known page at http://www.slugs.ch/, check it out. A national group Even though the first event was in Zurich, and that 3 of the founding members live nearby, we would like to try and be a national group. That means having events sometimes in other parts of Switzerland, collaborating with other local user groups, etc. Stay tuned for more Join! We want you, we need you If you are doing Silverlight, for a living or as a hobby, if you are interested in user experience, XAML, Expression Blend and many more topics, you should consider joining! This is a great occasion to exchange experiences, to learn from Silverlight experts, to hear sessions about various topics related to Silverlight, etc. If you want to talk about a topic that is of interest to you, If you want to propose a topic of discussion Or if you just want to hang out then go to http://www.slugs.ch and register! Cheers, Laurent   Laurent Bugnion (GalaSoft) Subscribe | Twitter | Facebook | Flickr | LinkedIn

    Read the article

  • How to get over “Did I lock the door?” syndrome

    - by Boonei
    I am person who always asks myself  ”Did I lock the house door?”,  And I do ask that question when I have almost reached office. I don’t have a bad memory or I am not a “forget it all after a min person”. Infact I have a fantastic memory of things. This problem has been haunting me for a very long time. My wife used to always have a angry face after we had get down from the car. Because after we have walked for about 20 yards I would run back to the car to check if I had locked the car, you see this problem exists for all locked objects. This happens everyday all round the year. Now a days I don’t have the problem ! I did not get the solution from any doctor or any book that that talks about my inner mind. It was a practical advice given by my aunt….. When I told her that I had this problem, she smiled and said its very very easy to get around this. I was stunned. The solution she gave me was simple. After I had locked the door, should hold the lock and look at it for 5 sec and say to myself   “I have locked the door”. Believe me it works like a charm. The reason why it works is my aunt goes to explain, that your mind always thinks twice of important things that we do on our daily life and raises doubts after sometime. The only way to stop is it by looking at it, holding it and telling yourself that its ok and its done. This holds good for all the things that you generally doubt like, did I turn off the AC?, did I turn off the lights in the house when I left?. Just look at it for 5 sec, hold it tell yourself its done. You will not look back. Image credit [Håkan Dahlström]   This article titled,How to get over “Did I lock the door?” syndrome, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • Check Your LIC Policy Status Through SMS

    - by Suganya
    Most of us in India hold at least one Life Insurance Policy today. While we all know everything gets computerized these days, LIC also supports payment via internet. You can view details about how payment is made through internet here. Few years back LIC started supporting SMS’es as well. Now you really don’t need to have internet rather check your LIC policy status while on road by sending just one SMS to 56677. Now that we know LIC answers to our SMS, lets see the format in which we have to send our SMS and their meaning. The format in which the SMS has to be sent is ASKLIC <Policy No> [PREMIUM/REVIVAL/BONUS/LOAN/NOM] Send any one of the following [PREMIUM/REVIVAL/BONUS/LOAN/NOM] to get the details. For instance, If you send ASKLIC <Policy No> Premium , it would return your Installment premium under policy ASKLIC <Policy No> Revival , it would check If policy is lapsed and return revival amount payable ASKLIC <Policy No> Bonus , it would check and return the amount of Bonus invested ASKLIC <Policy No> Loan , it would check and return the amount available as Loan ASKLIC <Policy No> NOM , it would check and return the details of Nomination Also, as everyone knows there are lots of pension schemes as well available in LIC and if one is interested in getting the pension details, then the format for sending the SMS is LICPension <Policy No> [STAT /ECDUE/ANNPD/PDTHRU/AMOUNT/CHQRET] For instance, If you send LICPension <Policy No> STAT gives you the IPP Policy status details LICPension <Policy No> ECDUE gives you the existence certificate due details LICPension <Policy No> ANNPD gives you the last annuity released date LICPension <Policy No> CHQ/ECS/NEFT (PDTHRU) gives the details about annuity payment through LICPension <Policy No> AMOUNT gives details about annuity amount LICPension <Policy No> CHQRET gives details about cheque return information Just with one SMS get all your policy details and make life easier. Each SMS that you send would be charged depending on your service provider. This article titled,Check Your LIC Policy Status Through SMS, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • SQLAuthority News – Reliving TechEd with Vinod Kumar at Bangalore User Groups

    - by pinaldave
    TechEd India 2012 was held in Bangalore last March 21 to 23, 2012. Just like every year, this event is bigger, grander and inspiring. Here is my blog post reviewing the event SQLAuthority News – #TechEdIn – TechEd India 2012 Memories and Photos. For me this is family event – I get to meet my friends who are dear as my family. I like to call User Groups as family too. Family shares life’s personal happiness and experience – the same way User Group shares professional experiences and quite often UG members become just like family member. When I learned that follower user group together building up a unique event I was pretty excited to learn who is going to be speaker for the event. BDotNet.in – Bangalore .NET Usergroup BITPro.in – Bangalore ITPro Usergroup It was indeed joy when I learned that presenter will be Vinod Kumar, who is integral part of user groups and hardcore SQL Server enthusiast. Vinod Kumar is going to present on following two sessions which are both focused on internals of the Windows and SQL Server. Understanding Windows with SysInternals Tools – This session will cover various tools from usage of Memory, x86 architecture, x64, WOW mode, Page faults, Virtual Memory mapping, OOM scenario, Perf Tool, PAL tool, Logman and more. Peeling the Onion: SQL Server Internals Demystified – This session will cover advanced disk formats, SQL Server 2012 security changes, memory changes, indirect checkPoint and more. I am very excited as this time I will get opportunity to sit in front rows (as I will be reaching there to get best possible position) and learn. I am looking forward to the event and I hope you will join us as well. Event Details: Date: Saturday, April 7, 2012 (10:30am until 1:30pm) Venue: Microsoft, Domlur, Bangalore. Event Details: https://www.facebook.com/events/139444029517882/ This session is FREE for all and everybody and anybody can walk in. Community Blog Posts Here are few of the blog post written by the community on this subject. Vinod Kumar on Reliving #TechEdIn at Blr UG Manas Dash on Reliving TechEd India 2012 with Vinod Kumar Sudeepta Ganguly on SysInternals n SQLInternals with Vinod Kumar Lohith Re Live TechEd India 2012 with Vinod Kumar  Reference: Pinal Dave (http://blog.sqlauthority.com) http://www.youtube.com/watch?v=oRw-p4mahLU Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQLAuthority Author Visit, T SQL, Technology, Video

    Read the article

  • Japan Welcomes Oracle Enterprise Manager 12c

    - by Anand Akela
    Following Oracle’s grand unveiling of Oracle Enterprise Manager 12c at Oracle OpenWorld 2011 in San Francisco, Oracle Japan just completed their launch for the product. Leng Tan, Oracle VP of Products, delivered the keynote with collaboration from a number of key partners in the region. From left to right: Leng Tan, VP of Products, Oracle; Shinyashiki-san, Assistant General Manager, NEC; Fuketa-san, General Manager, HITACHI; Fujii-san, General Manager, Fujitsu; Misawa-san, VP of Alliances, Oracle Japan NEC, Hitachi and Fujitsu have been among Oracle’s most active partners in the Japan region. They have received key awards from Oracle Japan for their efforts. NEC received the partner of the year award for 2010 and 2011. Hitachi received the partner of the year award for Oracle Enterprise Manager in 2011. Fujitsu received awards in the areas of Database and Oracle Exadata in 2011. All three partners were active participants in Oracle Enterprise Manager 12c beta program. According to Hirai-san, the technical lead at the event, there were over 200 attendees. “The event was so well-attended; there was no room to stand.” Said Hirai-san. Hirai-san demonstrating Oracle Enterprise Manager 12c at the Oracle Japan launch Here’s the highlight of the presentations made by the Oracle partners during this launch. NEC has developed an Oracle Enterprise Manager Plug-in for iStorage (NEC SAN Storage product). Additionally, NEC’s WebSAM Invariant Analyzer management tool is now capable of integrating with Oracle Enterprise Manager HITACHI demonstrated monitoring capabilities for Oracle Exadata through Oracle Enterprise Manager in their JP1 system management tool Fujitsu’s Oracle Enterprise Manager 10g adapter for their SystemWalker tool has now been enhanced to work with Oracle Enterprise Manager 12c. Following a very successful launch in Japan, Oracle’s Total Cloud Control road show and additional Oracle Enterprise Manager 12c launches continue in the EMEA and Asia Pacific regions. This week Sushil Kumar, VP of Product Strategy and Business Development is scheduled to deliver the keynotes at several cities in India. Also this week, Richard Sarwal, SVP of Products, is scheduled to deliver a keynote at the DOAG conference in Nuremburg, Germany. Richard is also delivering the Oracle Enterprise Manger 12c launch event keynote in Paris on November 18th. Check out our event schedule for Oracle Enterprise Manager 12c events across the globe! For more information, please go to Oracle Enterprise Manager  web page or  follow us at :  Twitter   Facebook YouTube Linkedin

    Read the article

  • Add an Opera Style Status Bar to Firefox

    - by Asian Angel
    Anyone who has used Opera will be familiar with the information presented for the webpage that is currently loading in the browser (i.e. number of images loaded). If you would like to have that same functionality in Firefox then join us as we look at the Extended Statusbar extension. Before Here is the default setup for Firefox…not a lot of information available to indicate exactly how much of the webpage has already loaded versus what has not. For some people this is enough but what if you like more details? Extended Statusbar in Action You may be curious about the information that the Extended Statusbar extension will provide. The information includes: Percentage of the webpage loaded The number of images loaded Bytes downloaded Average download speed The load time After emptying the cache we once again reloaded the HTG homepage. The default style/mode is “Classic Style” and the “webpage load information” will be displayed within your “Status Bar” as shown here. The information available after the webpage finished loading in “Classic Style”. If you prefer “Slim Mode” this is how your “Status Bar” should look afterwards…very condensed. For those preferring the “New Style” a temporary addition will appear above your regular “Status Bar” and disappear just a few seconds after the webpage has fully loaded (unless changed in the “Settings”). Settings The “Settings” are set up in two different ways. For those who prefer to use the “Classic Style & Slim Mode” these are the options available to you. If you prefer the “New Style” then you will have a whole different set of options available. Notice that you can exclude certain webpages and set a custom style if desired. Conclusion If you have been wanting to add Opera style webpage loading information to your “Status Bar” then you should definitely give this extension a try. Links Download the Extended Statusbar extension (Mozilla Add-ons) Similar Articles Productive Geek Tips Move the Progress Bar to the Tabs in FirefoxSet the Speed Dial as the Opera Startup PageAuto-Hide Your Cluttered Firefox Status Bar ItemsSimplify Text Copying & Pasting in Firefox with AutoCopyScan Files for Viruses Before You Download With Dr.Web TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips DVDFab 6 Revo Uninstaller Pro Registry Mechanic 9 for Windows PC Tools Internet Security Suite 2010 If it were only this easy SyncToy syncs Files and Folders across Computers on a Network (or partitions on the same drive) Classic Cinema Online offers 100’s of OnDemand Movies OutSync will Sync Photos of your Friends on Facebook and Outlook Windows 7 Easter Theme YoWindoW, a real time weather screensaver

    Read the article

  • SQLAuthority News – Social Media Series – YouTube and Movies

    - by pinaldave
    Pinal Dave on Youtube! Some people might not know it, but YouTube is actually more than a place to watch funny cat videos and people singing their favorite pop songs – it’s actually a social media site.  When you are a member of YouTube you can follow people who regularly post videos, post video responses of your own, and even gain a following for your own videos.  I myself was not aware of YouTube’s potential until recently, when I started to make SQL Server in Sixty Seconds videos. YouTube is very different than other types of social media, and a big factor is that anyone can look at videos without being a member.  Unlike other social media sites, like Twitter and Facebook, you have to have an account in order to participate.  But on YouTube you are even more anonymous.  To make and post videos you need an account, but anyone who comes to the site can look at what you’ve made without signing in or leaving any trace of having seen your material.  This makes YouTube very anonymous and hard to track. However, we should not overlook the power of video on the internet.  Over the past few months I have been making SQL Server in Sixty Second videos and have come to love it.  It is very exciting to be able to talk about a subject that mostly I write about, and for many people video is far more accessible and easy to understand.   I have really enjoyed diving into something new, and would love to have more people check out these videos and give me feedback.  You can find me at www.youtube.com/user/pinaldave. I am very excited with all the possibilities on YouTube and it might just be the technology evangelist in me, but I would love for other people to discover how fun and exciting this site can be, too.  Don’t think of it as just a place to find funny videos and waste a few minutes of your time, think of it as a place to learn and interact with interesting people.  Come watch a few of my videos, while you’re there.  Remember, everything is free and there are no contracts to sign, but I hope that you get as excited as I am and join up.  We need more people creating good content on this site! Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, SQLServer, T SQL, Technology Tagged: Social Media

    Read the article

  • Simple Hack To Install iOS 5 Beta On iPhone/iPad Without Developer Account

    - by Gopinath
    Apple released iOS 5 beta couple of days ago with loads of new features(watch the keynote video) . This beta version of iOS is available to iPhone developers who pay Apple $99 per annum. What if you are not a developer or not willing to pay $99 for a developer account but desperately looking for ways to upgrade your iPhone to iOS 5? Here is a simple hack to install iOS 5 beta without having a developer account.   1. Download iOS 5 installer with the help of Google or Torrent sites 2. Manually update your iPhone with the help of iTunes. Connect your phone to computer -click on Update button with Shift (PC) or Option (Mac) key pressed — Select the downloaded iOS 5 IPSW file and let the iTunes update your iPhone. 3. After update completes you see Activation screen. 4. Triple click the home button. This will activate the Voice Over. Again triple click the home button and Emergency Call option will appear. 5. Click the Emergency Call option and while it’s opening, swipe your three fingers down to open Notification Center 6. Click on the Weather widget. The Weather application will load. 7. Click on the home button. Bam!! Your iPhone is loaded with iOS 5. Note: Upgrade iPhone to iOS 5 at your own risk. You can’t blame us if something goes wrong. I know that you are aware of the side effects in using the hacks, but just reminding you once again . via Gizmodo This article titled,Simple Hack To Install iOS 5 Beta On iPhone/iPad Without Developer Account, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • Perfect Your MySQL Database Administrators Skills

    - by Antoinette O'Sullivan
    With its proven ease-of-use, performance, and scalability, MySQL has become the leading database choice for web-based applications, used by high profile web properties including Google, Yahoo!, Facebook, YouTube, Wikipedia and thousands of mid-sized companies. Many organizations deploy both Oracle Database and MySQL side by side to serve different needs, and as a database professional you can find training courses on both topics at Oracle University! Check out the upcoming Oracle Database training courses and MySQL training courses. Even if you're only managing Oracle Databases at this point of time, getting familiar with MySQL Database will broaden your career path with growing job demand. Hone your skills as a MySQL Database Administrator by taking the MySQL for Database Administrators course which teaches you how to secure privileges, set resource limitations, access controls and describe backup and recovery basics. You also learn how to create and use stored procedures, triggers and views. You can take this 5 day course through three delivery methods: Training-on-Demand: Take this course at your own pace and at a time that suits you through this high-quality streaming video delivery. You also get to schedule time on a classroom environment to perform the hands-on exercises. Live-Virtual: Attend a live instructor led event from your own desk. 100s of events already of the calendar in many timezones. In-Class: Travel to an education center to attend this class. A sample of events is shown below:  Location  Date  Delivery Language  Budapest, Hungary  26 November 2012  Hungarian  Prague, Czech Republic  19 November 2012  Czech  Warsaw, Poland  10 December 2012  Polish  Belfast, Northern Ireland  26 November, 2012  English  London, England  26 November, 2012  English  Rome, Italy  19 November, 2012  Italian  Lisbon, Portugal  12 November, 2012  European Portugese  Porto, Portugal  21 January, 2013  European Portugese  Amsterdam, Netherlands  19 November, 2012  Dutch  Nieuwegein, Netherlands  8 April, 2013  Dutch  Barcelona, Spain  4 February, 2013  Spanish  Madrid, Spain  19 November, 2012  Spanish  Mechelen, Belgium  25 February, 2013  English  Windhof, Luxembourg  19 November, 2012  English  Johannesburg, South Africa  9 December, 2012  English  Cairo, Egypt  20 October, 2012  English  Nairobi, Kenya  26 November, 2012  English  Petaling Jaya, Malaysia  29 October, 2012  English  Auckland, New Zealand  5 November, 2012  English  Wellington, New Zealand  23 October, 2012  English  Brisbane, Australia  19 November, 2012  English  Edmonton, Canada  7 January, 2013  English  Vancouver, Canada  7 January, 2013  English  Ottawa, Canada  22 October, 2012  English  Toronto, Canada  22 October, 2012  English  Montreal, Canada  22 October, 2012  English  Mexico City, Mexico  10 December, 2012  Spanish  Sao Paulo, Brazil  10 December, 2012  Brazilian Portugese For more information on this course or any aspect of the MySQL curriculum, visit http://oracle.com/education/mysql.

    Read the article

  • ING Selecciona Oracle Fusion HCM para la Gestión del Capital Humano

    - by Noelia Gomez
    Normal 0 21 false false false ES X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-family:"Calibri","sans-serif";} La decisión de ING sobre la elección de Oracle Fusion HCM fue impulsada por su deseo continuo de fortalecer la función de RRHH para impulsar su negocio. Tras mucho tiempo como cliente de Oracle PeopleSoft HCM, evaluó el segmento de mercado de HCM antes de seleccionar Oracle Fusion HCM, con el objetivo de seguir utilizando las herramientas principales de recursos humanos y mantener su posición como uno de los principales empleadores en los Países Bajos. ING implementará Oracle Fusion HCM, en estrecha colaboración con NorthgateArinso, miembro de Oracle PartnerNetwork (Gold), que proporcionará los servicios de alojamiento y de Oracle Consulting. La firma de servicios financieros utilizará toda la suite de Oracle Fusion Global Human Resources y Oracle Talent Management incluyendo Oracle Fusion Goal, Oracle Fusion OTBI, Oracle Fusion Workforce Compensation, Oracle Fusion Benefits y Oracle Fusion Performance Management. Además, ING implementará Oracle Fusion Financials, aprovechando la plataforma unificada de Oracle Fusion Applications. “Como institución financiera líder y mejor empleador, ING considera a sus colaboradores el activo más estratégico. Continuar siendo “best-in-class” en recursos humanos, es un diferenciador competitivo para nosotros, y necesitamos una aplicación líder de HCM para complementar nuestros esfuerzos ", dijo Marijke Brunklaus, Director General de Recursos Humanos de ING Bank Países Bajos. "Siendo un antiguo usuario de Oracle PeopleSoft HCM, cuidadosamente hemos evaluado las posibles soluciones disponibles y elegimos Oracle Fusion HCM como nuestra futura plataforma. Las profundas capacidades globales y las herramientas principales de talento de Oracle Fusion HCM son una buena opción para ayudarnos a evolucionar continuamente en nuestro negocio". Puede conocer más sobre HCM Fusion : · Oracle Fusion Applications · Oracle Fusion Human Capital Management · Oracle PartnerNetwork · Oracle Consulting Services · Oracle Human Capital Management Blog · Oracle HCM on Twitter · Oracle HCM on Facebook

    Read the article

  • MVVM Light Toolkit V3 SP1 for Windows Phone 7

    - by Laurent Bugnion
    He he I start to sound like Microsoft… Anyway… I just released a service pack (SP1) for MVVM Light Toolkit V3. Why? Well mostly because I worked a bit more with the Windows Phone 7 tools that were released at MIX0, and I noticed a few things that could be better in the Windows Phone 7 template. Also, I only found out at MIX that you can actually install custom project templates for Visual Studio Express. For some reason I thought it was not possible. The best way to solve these issues is through a service pack, which consists of a few zip files. Simply follow the instructions on the “Installing Manually” page. You can go ahead and overwrite the files that were installed with V3, all the file structure and names are exactly the same. What? So what do you get in this service pack that was not already in V3? (for more info about what’s new in V3, check the What’s New page). Project and Item templates for Visual Studio 10 Express (phone edition). Unzip these files in your “My Documents” folder, and you can now create a new MVVM Light application in the WinPhone7 version of Visual Studio 2010 Express. Signed assemblies: All the assemblies are now signed, which is a requirement in certain build configurations. XML documentation files: Thanks to Matt Casto for pinging me and reminding me that I had forgotten to include them (doh). New and improved Windows Phone 7 assemblies and templates: This one deserves its own section (see below). What was wrong with the old Silverlight 3 assemblies in Windows Phone 7 projects? It was kind of weird. Functionality wise, it was working just right. However, if you noticed, the EventToCommand behavior was not visible in the Assets tab of Expression Blend, under Behaviors, where it should normally have been. The reason was that even though the Windows Phone 7 is using Silverlight 3, the System.Windows.Interactivity that Blend was expecting is the version that is normally used in Silverlight 4. Yeah, I know, it’s weird. This led me to create a specific version of these assemblies for the phone. The assemblies are located into C:\Program Files\Laurent Bugnion (GalaSoft)\Mvvm Light Toolkit\Binaries\WP7. There are 3 DLLs: GalaSoft.MvvmLight.WP7.dll with RelayCommand, Messenger and ViewModelBase GalaSoft.MvvmLight.Extras.WP7.dll with EventToCommand and DispatcherHelper System.Windows.Interactivity.dll which is the same DLL installed in the Blend SDK, and which is needed for the EventToCommand behavior to work. Happy coding! That’s all! Download and install the service pack according to the instructions on the Installation page, and create your first MVVM Light application for the phone (a blog post will follow later with more details).   Laurent Bugnion (GalaSoft) Subscribe | Twitter | Facebook | Flickr | LinkedIn

    Read the article

  • Finalists for the Microsoft Accelerator for Windows Azure

    - by ScottGu
    Today, I am pleased to announce the ten finalists for the Microsoft Accelerator for Windows Azure powered by TechStars. These startups are about to launch into a three-month program where they will develop new products and businesses using Windows Azure. The response to the program has been fantastic - we received nearly 600 applications from entrepreneurs in 69 countries around the world, spanning a host of industries including retail, travel, entertainment, banking, real estate and more.  There were so many innovative ideas and amazing teams that it really made the selection process hard.  We finally landed on 10 finalists, based on their experience, qualifications, and innovative business ideas built on the cloud. This fall’s Windows Azure class includes: Advertory – Berlin, Germany. Advertory helps local businesses increase revenue and build customer loyalty. Appetas – Seattle, WA. Appetas' mission is to make restaurants look as beautiful online as they do on the plate! BagsUp – Sydney, Australia. Find great places from people you trust. Embarke – San Diego, CA. Embarke allows developers and companies the ability to integrate with any human communication channel (Facebook, Email, Text Message, Twitter) without having to learn the specifics, write code, or spend time on any of them. Fanzo – Seattle, WA. Fanzo puts sports fans in the spotlight. Find other fans, show off your fanswagger and get rewarded for your passion. MetricsHub – Bellevue, WA. A service providing cloud monitoring with incident detection and prebuilt workflows for remedying common problems. Mobilligy – Bellevue, WA. Mobilligy revolutionizes how people pay their bills by bringing convenient, secure, and instant bill payment support to mobile devices. Realty Mogul – Los Angeles, CA. Realty Mogul is a crowdfunding platform for real estate where accredited investors pool capital and invest in properties that are acquired, managed and eventually resold by professional private real estate companies and their management teams. Staq – San Francisco, CA. Back-end as a service for APIs. Socedo – Bellevue, WA. A simple and effective web application for lead generation and relationship management on Twitter. Each startup will be hosted in Seattle and mentored by entrepreneurs and venture capitalists as well as leaders from Windows Azure and other Microsoft organizations. The teams will spend the first month ideating and refining their business concepts with input and advice from their mentors as well as Microsoft customers, followed by two months of design and development. They will present their results to investors and Microsoft partners at an event in mid-January. We are really looking forward to seeing how their businesses evolve.  These teams have demonstrated incredible energy, passion, and innovative capabilities – and they are ready to show the world what’s possible with Windows Azure. Thanks, Scott P.S. And if you are new to Twitter you can also optionally follow me: @scottgu

    Read the article

< Previous Page | 142 143 144 145 146 147 148 149 150 151 152 153  | Next Page >