Search Results

Search found 30660 results on 1227 pages for 'norton internet security'.

Page 15/1227 | < Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >

  • Using shortkeys to search the internet for a term selected in a text editor/viewer

    - by cipricus
    It seems possible (as I learned from a comment to this question made by user55822) to use a command in order to search a term on the web by using "keybinding" the way Aretha is used. What the aforementioned user says is that "you could search mouse selection anywhere by using an app like Artha, or by keybinding sh -c 'firefox "http://translate.google.com/#en/fr/$(xclip -o)"' (example given translate english into french)" A lot of things are obscure for me here. I could use Artha or keybinding (as alternative), or both? How to do that in each case? and "The command I gave you will open google translate in Firefox with your mouse selection (text highlighted) as a query. Use sh -c 'firefox "https://www.google.com/search?q=$(xclip -o)"' if you want regular Google over Google translate. And obviously, that would work everywhere" I do not know what to do with that formula. What should I do exactly? How to use it? In what application?

    Read the article

  • The Internet – Then and Now (1996 versus 2011) [Infographic]

    - by Asian Angel
    Use the link below to view the entire infographic. Keep in mind that it may take a few moments for it to load due to its large size. True Hollywood Story: Bipeds and the World Wide Web [infographic] [via TinyHacker] How to See What Web Sites Your Computer is Secretly Connecting To HTG Explains: When Do You Need to Update Your Drivers? How to Make the Kindle Fire Silk Browser *Actually* Fast!

    Read the article

  • exchange live feed with pre-recorded video for wireless internet camera to router

    - by nate
    I wasn't sure if this should be asked in Web Applications, or Network Engineering, or what... Long story short, I have a video camera with mic that is wirelessly connected to a router (NETGEAR R6200), which can then be viewed through an online service. I would like to be able to somehow exchange the live feed with a pre-recorded video, or image, preferably with pre-recorded sound (the sound of silence would be easiest). Can I place this inbetween the camera and the router, do I need to redirect the camera feed to my laptop first, and then push out the fake video/audio onto the router, without the service knowing the difference? Thanks much and I hope this is well understood!

    Read the article

  • Standby Internet connection by means of 3G Modem if Internet Fails

    - by Sarah Boss
    In my office I have 4 computers connected to the Internet with a DIR-615 Wireless N 300 router which gives Internet to all pc's via Ethernet cable. But sometimes this Internet goes off and I have to call the ISP and it takes them 2 days to repair it. I wanted to know if in such cases, can I connect my two zte 3g usb modems to this DIR-615 Wirless N300 router and get emergency Internet in my office? What other steps are required to set up this fail-safe connection?

    Read the article

  • Splitting an internet connection between multiple separate subnetworks

    - by pythonian4000
    Problem I have an internet connection that I want to split between four separate networks. My requirements are: I need to be able to monitor the amount of bandwidth and data being used by each network, and notify or control as necessary. The four networks should only be able to connect to the internet, not each other. My parents need to be able to operate it, so it needs a simple, preferably Windows-based GUI. Progress so far Server I have a mini-ITX server with six Gigabit ethernet ports - one for the ethernet internet connection, one for each of the four networks, and one for remote access to the server for administration. Bandwidth control I spent a long time researching solutions here. The majority of the control systems/software I found could control bandwidth usage via QOS, but could not monitor or control the amount of data being used. Eventually I found the SoftPerfect Bandwidth Manager, which has everything I need in terms of monitoring and control - per-interface quota management, usage statistics, a web interface for checking usage, and email notifications when quotas are exceeded. It is also Windows-based and has a simple GUI. Internet sharing This is where I am having issues. I am currently using Windows XP Pro SP2 for the server (yes, I know this is far from ideal, but it's the only spare Windows OS I currently have). I can't use the built-in Internet Connection Sharing for several reasons: The upstream internet router has an IP of 192.168.0.1 which ICS clashes with, and I cannot change the router settings. ICS can only share an internet connection with a single interface, but I have four. I have tried bridging the four network cards, but then the Bandwidth Manager cannot see the four individual interfaces - it only sees the bridge. I have tried setting up Dual DHCP DNS server (and am having issues getting DHCP offers to be received by clients), but that would still require gateway software of some sort, which I have been unable to find. My current attempt is to use OpenVPN, with a server for the internet NIC and a separate client for each of the four networks. My thought is that I could bridge the OpenVPN TAP devices to each NIC, meaning that the Bandwidth Manager would control traffic from the bridge instead of the interface. I have not made much progress here though - I've never used OpenVPN before. Questions Is there a Windows software package that does everything I need? (Unlikely, I know) Is there a Windows software package that will share internet between multiple NICs without bridging? Are either of my about attempts feasible? Would it help to have a newer/server version of Windows? Is there a non-Windows alternative that is easy to use?

    Read the article

  • Internet Dropping?!

    - by stead1984
    I have a virtual DC running DNS and Routing and Remote Access, that routes ALL workstations Internet traffic out to the Internet, this works fine but noticed that the Internet drops occasionally. I've checked with our service provider (Managed Communications) and they are adamant that it's not their fault. The Internet drops seem to affect everyone. We also have a server configured to use the same Internet service on a different network over a site-to-site VPN connection which also suffers from packet drops. I've spoken to Cisco and have done many tests with Cisco and they believe the problem is down to the ISP. I'm wondering if it's a DNS issue, as the Internet service uses OpenDNS. Any ideas?

    Read the article

  • Restrict Computer or Users from Internet but allow access to intranet and Windows Update / ePO?

    - by MoSiAc
    So this may be impossible but I've been asked to try and find something about it. So far nothing I have found is possible. I need to restrict specific machines or user accounts from regular Internet access but let them have access to the intranet portion of our network. I do not have Active Directory control, nor does anyone at my local workplace (corporate control in a different state). I have tried going through IPsec and doing this per local machine, but that system seems to have been removed from the images that are installed on these machines so that is out. So far the only other option I can think of is assigning the machines a specific ip address and removing their gateway access. This would probably work but the machines need to be able to receive updates that are being pushed to them through ePO and LanDesk. I would really like to do this on the user level because then if I need to do tech work to the machine and need internet access I can get to it but a "special" user could login and not be able to get into anything.

    Read the article

  • Developing payment gateway.

    - by kmaxat
    Hello, I have an idea of developing internet payment gateway similar to PayPal or Webmoney. Since i'm only sophomore at Computer Science, and i've only taken intermediate programming classes, i've no idea where to search for general information about this topic. I do understand that this kind of project is CLEARLY too much to handle for sophomore. Since, it's forum for Pro Webmasters, and probably some of you can point direction of study. What book/source/article would you suggest to read to understand fundamentals of internet payment? What book/source/article would you suggest to read to understand fundamentals internet security? What language is most commonly used for developing payment security of website? I appreciate any help. Thank you.

    Read the article

  • Nginx and Google Appengine Reverse Proxy Security

    - by jmq
    The scenario is that I have a Google compute node running Nginx as a reverse proxy to the google appengine. The appengine is used to service REST calls from an single page application (SPA). HTTPS is used to the Nginx front end from the Internet. Do I also need to make the traffic from the Nginx reverse proxy to the appengine secure by turning on HTTPS on the appengine? I would like to avoid the overhead of HTTPS between the proxy and the backend. My thinking was that once the traffic has arrived at Nginx encrypted, decrypted in Nginx, and then sent via the reverse proxy inside of Google's infrastructure it would be secure. Is it safe in this case to not use HTTPS?

    Read the article

  • cPanel's Web Disk - Security issues?

    - by Tim Sparks
    I'm thinking of using Web Disk (built into the later versions of cPanel) to allow a Windows or Mac computer to map a network drive that is actually a folder on our website (above the public_html folder). We currently use an antiquated local server to store information, but it is only accessible from one location - we would like to be able to access it from other locations as well. I understand that folders above public_html are not accessible via http, but I want to know how secure is the access to these folders as a network drive? There is potentially sensitive information that we need to decide whether it is appropriate to store here. The map network drive option seems to work well as it behaves as if the files are on your own computer (i.e. you can open and save files without then having to upload them - as it happens automatically). We have used Dropbox for similar purposes, but space is a issue with them, as is accountability and so we haven't used it for sensitive information. Are there any notable security concerns with using Web Disk as a secure file server?

    Read the article

  • Security vulnerability and nda's [closed]

    - by Chris
    I want to propose a situation and gain insight from the communities thoughts. A customer, call them Customer X has a contract with a vendor, Vendor Y to provide an application and services. Customer X discovers a serious authentication vulnerability in Vendor Y's software. Vendor Y and Customer X has a discussion. Vendor Y acknowledges/confirms flaw. Vendor Y confirms they will put effort to fix. Customer X requests Vendor Y to inform all customers impacted by this. Vendor agrees. Fast forward 2 months, and the flaw has not been fixed. Patches were applied to mitigate but the flaw still exists. However, no customers were informed of issue. At this point customer X contacts Vendor Y to determine the status and understand why customer's were not informed. The vendor nicely reminds the customer they are under an NDA and are still working on the issue. A few questions/discussion pieces out of this. By discussing a software flaw with a vendor, does this imply you have agreed to any type of NDA disclosure? Additionally, what rights as does Customer X have to inform other customers of this vulnerability if vendor does not appear willing to comply? I (the op) am under the impression that when this situation occurs, you are supposed to notify vendor of issue, provide them with ample time to respond and if no response you are able to do what you wish with the information. I am thinking back to the MIT/subway incident where they contacted transit authorities, transit authorities didn't respond in a timely fashion so the students disclosed the information publicly on their own. Few things to note about this: I am not the customer in above situation, also lets assume for purposes of keeping discussion inline that customer X has no intentions of disclosing information, they are merely concerned and interested in making sure other customers are aware until it is fixed so they do not expierence a major security breach. (More information can be supplied if needed to add context to question. )

    Read the article

  • About Entitlement Grants in ADF Security of JDeveloper 11.1.1.4

    - by frank.nimphius
    Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} Oracle JDeveloper 11.1.1.4 comes with a new ADF Security feature called "entitlement grants". This has nothing to do with Oracle Entitlement Server (OES) but is the ability to group resources into permission sets so they can be granted with a single grant statement. For example, as good practices when organizing your projects, you may have grouped your bounded task flows by functionality and responsibility in sub folders under the WEB-INF directory. If one of the folders holds bounded task flows that are accessible to all authenticated users, you may create an entitlement grant allAuthUserBTF and select all bounded task flows that are accessible for authenticated users as resources. You can then grant allAuthUserBTF to the authenticated-role so that with only a single grant statement all selected bounded task flows are protected. Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} <permission-sets>         <permission-set>             <name>PublicBoundedTaskFlows</name>             <member-resources>               <member-resource>                 <resource-name>                      /WEB-INF/public/home-btf.xml#home-btf                 </resource-name>                 <type-name-ref>TaskFlowResourceType</type-name-ref>                 <display-name> ... </display-name>                 <actions>view</actions>               </member-resource>               <member-resource>                 <resource-name>                         /WEB-INF/public/preferences-btf.xml#preferences-btf                </resource-name>                 <type-name-ref>TaskFlowResourceType</type-name-ref>                 <display-name>...</display-name>                 <actions>view</actions>               </member-resource>             </member-resources>           </permission-set>   </permission-sets> The grant statement for this permission set is added as shown below <grant>   <grantee>     <principals>        <principal>             <name>authenticated-role</name>             <class>oracle.security.jps.internal.core.principals.JpsAuthenticatedRoleImpl</class>         </principal>       </principals>     </grantee>     <permission-set-refs>         <permission-set-ref>            <name>PublicBoundedTaskFlows</name>         </permission-set-ref>      </permission-set-refs> </grant>

    Read the article

  • Ubuntu security with services running from /opt

    - by thejartender
    It took me a while to understand what's going on here (I think), but can someone explain to me if there are security risks with regards to my logic of what's going on here as I am trying to set up a home web server as a developer with some good Linux knowledge? Ubuntu is not like other systems, as it has restricted the root user account. You can not log in as root or su to root. This was a problem for me as I have had to install numerous applications and services to /opt as per user documentation (XAMPPfor Linux is a good example). The problem here is that this directory is owned by root:root. I notice that my admin user account does not belong to root group through the following command: groups username so my understanding is that even though the files and services that I place in /opt belong to root, executing them by means of sudo (as required) does not mean that they are run as root? I imagine that the sudo command is hidden somewhere under belonging to the root user and has a 775 permission? So the question I have is if running a service like Tomcat, Apcahe, etc exposes my system like on other systems? Obviously I need to secure these in configurations, but isn't the golden rule to never run something as root? What happens if I have multiple services running under same user/group with regards to a compromised server?

    Read the article

  • Thumbs Up or Thumbs Down – Intel Debuts Prototype Palm-Reading Tech to Replace Passwords [Poll]

    - by Asian Angel
    This week Intel debuted prototype palm-reading tech that could serve as a replacement for our current password system. Our question for you today is do you think this is the right direction to go for better security or do you feel this is a mistake? Photo courtesy of Jane Rahman. Needless to say password security breaches have been a hot topic as of late, so perhaps a whole new security model is in order. It would definitely eliminate the need to remember a large volume of passwords along with circumventing the problem of poor password creation/selection. At the same time the new technology would still be in the ‘early stages’ of development and may not work as well as people would like. Long-term refinement would definitely improve its performance, but would it really be worth pursuing versus the actual benefits? From the blog post: Intel researcher Sridhar Iyendar demonstrated the technology at Intel’s Developer Forum this week. Waving a hand in front of a “palm vein” detector on a computer, one of Iyendar’s assistants was logged into Windows 7, was able to view his bank account, and then once he moved away the computer locked Windows and went into sleeping mode. How to Get Pro Features in Windows Home Versions with Third Party Tools HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It

    Read the article

  • How-to logout from ADF Security

    - by frank.nimphius
    Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} ADF Security configures an authentication servlet, AuthenticationServlet, in the web.xml file that also provides a logout functionality. Developers can invoke the logout by a redirect performed from an action method in a managed bean as shown next  public String onLogout() {   FacesContext fctx = FacesContext.getCurrentInstance();   ExternalContext ectx = fctx.getExternalContext();   String url = ectx.getRequestContextPath() +              "/adfAuthentication?logout=true&end_url=/faces/Home.jspx";       try {     ectx.redirect(url);   } catch (IOException e) {     e.printStackTrace();   }   fctx.responseComplete();   return null; } To use this functionality in your application, change the Home.jspx reference to a public page of yours that the user is redirected to after successful logout. Note that for a successful logout, authentication should be through form based authentication. Basic authentication is known as browser sign-on and re-authenticates users after the logout redirect. Basic authentication is confusing to many developers for this reason.

    Read the article

  • How to prevent certain applications from accessing the internet?

    - by Arun Haridas
    I want to prevent certain applications from accessing the internet. When I was using windows XP I had an application (i think it was Zone alarm) which always notified me when an application tried to access the internet. I wonder if there is an application in Ubuntu which would do the same task. If it is possible, please suggest a gui application. the problem is, my internet provider allows me to connect to a single host at a time, that means no two applications can use internet at the same time. When i checked system monitor it showing me that internet is working fine still my browser cant browse.So i want to kill the other application using the internet to browse.

    Read the article

  • Windows 7 - Wireless Signal Good - Internet Often Says Limited or No Activity

    - by Anthony Trilussa Pizzo
    Hi - I have a New Dell Studio XPS latop that I hooked up in early January of 2010. The Dell Studio XPS laptop is connected to my wireless router (Belkin Wireless N). The router was purchased in Februaru of 2010 because I thought my router was bad (A D-Link router). Comcast is my ISP. Everyday, at random times, the internet will have a good signal (according to the little Win 7 icon on the taskbar) but I will receive a message saying limited or no internet access and I cannot access the internet. I have the internet setup to automatically get an IP and I did the IPCONFIG release / renew but with no success. I even had a WiFi enabled Blackberry right next to my computer and whenever the computer loses an WiFi connection, so does the Blackberry. The router isnt't bad, because the old router did the same thing - giving me limited or no internet access while working sometimes. I also tried using two other laptops in same physical position as my Dell Studio XPS laptop and they have the same problem. I am going crazy trying to figure this out as I have called the Router Company (Belkin), my ISP (Comcast), and my computer maker (Dell). Can anyone offer some suggestions and I can try them as we work through this and maybe one of the suggestion will be right one. Thanks in advance for even reading my problem. I searched for a problem similar to mine on the internet, but I have not been able to keep a steady internet connection. (Side note - I used to have an IBM thinkpad laptop and D - Link router and for years that wireless connection worked FLAWLESSLY, with the same physical set up - the laptop in my bedroom, and the router in the basement.)

    Read the article

  • Lose internet connection, yet online games continue

    - by Mike
    For the past week or so, my internet connection has been anything but stable. Restarting my modem/router always fixes the problems, but since it has occurred so often, I'm noticing confusing patterns which I was hoping someone could help answer. My internet connection kicks out about 4-5 times a day. The sure-fire way to fix it is to restart my all-in-one modem/router. Sometimes I can diagnose the problem on my laptop which resets my wireless network adapter and fixes the problem, but not always. If that doesn't fix the problem, it usually reports that the connection between the modem and internet is the problem which requires a restart of the router. The odd thing which baffles me is that my connection is supposedly lost such that no browsers can connect to sites, yet things like online games still continue to play without issue. How is this possible? I thought maybe the game was running locally on my PC but that couldn't be the answer because I was still getting messages from other players. So my real question is: How can my internet browsers (firefox, chrome, even IE) lose connection to the internet, but other applications like online games not? Am I actually losing connection or am I mistaken? Edit: I'd also like to add that netflix on my PS3 which is directly connected to the same access point will also lose connection. So internet browsers and netflix lose their internet connection while online games continue without an issue.

    Read the article

  • Use Internet Explorer 6 and 7 in Virtual Box.

    - by Sharon
    Hello. I am trying to install the vhds (virtual hard drive image) of IE6 on XP and IE 7 on XP packs available from Microsoft on Virtual Box. Virtual Box will only mount CD/DVD's and/or ISO's. How do I get it to use the Microsoft files? I need this to test web pages in IE6/IE7s. I am running Windows 7 Home Premium. Is there a way to do this, or another way that will allow me to load XP/IE6 and XP/IE7 in Virtualbox Edit: Ok I got it to work but it says XP must be updated in 3 days due to hardware changes. Microsoft said this would be activated til January 1st 2010. Is there a way to bypass that?

    Read the article

  • Can Microsoft Security Essentials Signature Update Notifications be Avoided?

    - by Goto10
    I have my Windows Automatic Updates set to "Notify me but don't automatically download or install them.". However, if I install Microsoft Security Essentials, can I have the daily virus signatures downloaded and applied without being prompted each time by Windows Update? I like to have the control of installing general Windows Updates, but prefer not to have to accept the signature definitions that I expect to have applied every day (would get a bit tedious). Using XP Home SP 3. Just wanted to check this over before deciding whether or not to go for Microsoft Security Essentials.

    Read the article

  • Norton Ghost usage, Linux? ISO? Server? MBR?

    - by overtherainbow
    Before evaluating Symantec/Norton Ghost to image partitions, I have a couple of questions about using this tool: In the product page, it only mentions Windows: Can Norton image Linux partitions as well? Can I burn an ISO to create/recover images? The ISO's I found seem only able to restore an image but not create one. Does it mean that images can only be created from within a running Windows? For Windows partitions: Does it support both regular and Server versions? Acronis doesn't image Server partitions in the regular version When restoring an image, does Norton give the option of including/excluding the MBR? Thank you.

    Read the article

  • Norton Ghost usage, Linux? ISO? Server? MBR?

    - by OverTheRainbow
    Before evaluating Symantec/Norton Ghost to image partitions, I have a couple of questions about using this tool: In the product page, it only mentions Windows: Can Norton image Linux partitions as well? Can I burn an ISO to create/recover images? The ISO's I found seem only able to restore an image but not create one. Does it mean that images can only be created from within a running Windows? For Windows partitions: Does it support both regular and Server versions? Acronis doesn't image Server partitions in the regular version When restoring an image, does Norton give the option of including/excluding the MBR? Thank you.

    Read the article

  • Career development as a Software Developer without becoming a manager.

    - by albertpascual
    I’m a developer, I like to write new exciting code everyday, my perfect day at work is a day that when I wake up, I know that I have to write some code that I haven’t done before or to use a new framework/language/platform that is unknown to me. The best days in the office is when a project is waiting for me to architect or write. In my 15 years in the development field, I had to in order to get a better salary to manage people, not just to lead developers, to actually manage people. Something that I found out when I get into a management position is that I’m not that good at managing people, and not afraid to say it. I do not enjoy that part of the job, the worse one, takes time away from what I really like. Leading developers and managing people are very different things. I do like teaching and leading developers in a project. Yet most people believe, and is true in most companies, the way to get a better salary is to be promoted to a manager position. In order to advance in your career you need to let go of the everyday writing code and become a supervisor or manager. This is the path for developers after they become senior developers. As you get older and your family grows, the only way to hit your salary requirements is to advance your career to become a manager and get that manager salary. That path is the common in most companies, the most intelligent companies out there, have learned that promoting good developers mean getting a crappy manager and losing a good resource. Now scratch everything I said, because as I previously stated, I don’t see myself going to the office everyday and just managing people until is time to go home. I like to spend hours working in some code to accomplish a task, learning new platforms and languages or patterns to existing languages. Being interrupted every 15 minutes by emails or people stopping by my office to resolve their problems, is not something I could enjoy. All the sudden riding my motorcycle to work one cold morning over the Redlands Canyon and listening to .NET Rocks podcast, Michael “Doc” Norton explaining how to take control of your development career without necessary going to the manager’s track. I know, I should not have headphones under my helmet when riding a motorcycle in California. His conversation with Carl Franklin and Richard Campbell was just confirming everything I have ever did with actually more details and assuring that there are other paths. His method was simple yet most of us, already do many of those steps, Mr. Michael “Doc” Norton believe that it pays off on the long run, that finally companies prefer to pay higher salaries to those developers, yet I would actually think that many companies do not see developers that way, this is not true for bigger companies. However I do believe the value of those developers increase and most of the time, changing companies could increase their salary instead of staying in the same one. In short without even trying to get into the shadow of Mr. Norton and without following the steps in the order; you should love to learn new technologies, and then teach them to other geeks. I personally have learn many technologies and I haven’t stop doing that, I am a professor at UCR where I teach ASP.NET and Silverlight. Mr Norton continues that after than, you want to be involve in the development community, user groups, online forums, open source projects. I personally talk to user groups, I’m very active in forums asking and answering questions as well as for those I got awarded the Microsoft MVP for ASP.NET. After you accomplish all those, you should also expose yourself for what you know and what you do not know, learning a new language will make you humble again as well as extremely happy. There is no better feeling that learning a new language or pattern in your daily job. If you love your job everyday and what you do, I really recommend you to follow Michael’s presentation that he kindly share it on the link below. His confirmation is a refreshing, knowing that my future is not behind a desk where the computer screen is on my right hand side instead of in front of me. Where I don’t have to spent the days filling up performance forms for people and the new platforms that I haven’t been using yet are just at my fingertips. Presentation here. http://www.slideshare.net/LeanDog/take-control-of-your-development-career-michael-doc-norton?from=share_email_logout3 Take Control of Your Development Career Welcome! Michael “Doc” Norton @DocOnDev http://docondev.blogspot.com/ [email protected] Recovering Post Technical I love to learn I love to teach I love to work in teams I love to write code I really love to write code What about YOU? Do you love your job? Do you love your Employer? Do you love your Boss? What do you love? What do you really love? Take Control Take Control • Get Noticed • Get Together • Get Your Mojo • Get Naked • Get Schooled Get Noticed Get Noticed Know Your Business Get Noticed Get Noticed Understand Management Get Noticed Get Noticed Do Your Existing Job Get Noticed Get Noticed Make Yourself Expendable Get Together Get Together Join a User Group Get Together Help Run a User Group Get Together Start a User Group Get Your Mojo Get Your Mojo Kata Get Your Mojo Koans Get Your Mojo Breakable Toys Get Your Mojo Open Source Get Naked Get Naked Run with Group A Get Naked Do Something Different Get Naked Own Your Mistakes Get Naked Admit You Don’t Know Get Schooled Get Schooled Choose a Mentor Get Schooled Attend Conferences Get Schooled Teach a New Subject Get Started Read These (Again) Take Control of Your Development Career Thank You! Michael “Doc” Norton @DocOnDev http://docondev.blogspot.com/ [email protected] In a short summary, I recommend any developer to check his blog and more important his presentation, I haven’t been lucky enough to watch him live, I’m looking forward the day I have the opportunity. He is giving us hope in the future of developers, when I see some of my geek friends moving to position that in short years they begin to regret, I get more unsure of my future doing what I love. I would say that now is looking at the spectrum of companies that understand and appreciate developers. There are a few there, hopefully with time code sweat shops will start disappearing and being a developer will feed a family of 4. Cheers Al tweetmeme_url = 'http://weblogs.asp.net/albertpascual/archive/2010/12/07/career-development-as-a-software-developer-without-becoming-a-manager.aspx'; tweetmeme_source = 'alpascual';

    Read the article

  • InternalsVisibleTo attribute and security vulnerability

    - by Sergey Litvinov
    I found one issue with InternalsVisibleTo attribute usage. The idea of InternalsVisibleTo attribute to allow some other assemblies to use internal classes\methods of this assembly. To make it work you need sign your assemblies. So, if other assemblies isn't specified in main assembly and if they have incorrect public key, then they can't use Internal members. But the issue in Reflection Emit type generation. For example, we have CorpLibrary1 assembly and it has such class: public class TestApi { internal virtual void DoSomething() { Console.WriteLine("Base DoSomething"); } public void DoApiTest() { // some internal logic // ... // call internal method DoSomething(); } } This assembly is marked with such attribute to allow another CorpLibrary2 to make inheritor for that TestAPI and override behaviour of DoSomething method. [assembly: InternalsVisibleTo("CorpLibrary2, PublicKey=0024000004800000940000000602000000240000525341310004000001000100434D9C5E1F9055BF7970B0C106AAA447271ECE0F8FC56F6AF3A906353F0B848A8346DC13C42A6530B4ED2E6CB8A1E56278E664E61C0D633A6F58643A7B8448CB0B15E31218FB8FE17F63906D3BF7E20B9D1A9F7B1C8CD11877C0AF079D454C21F24D5A85A8765395E5CC5252F0BE85CFEB65896EC69FCC75201E09795AAA07D0")] The issue is that I'm able to override this internal DoSomething method and break class logic. My steps to do it: Generate new assembly in runtime via AssemblyBuilder Get AssemblyName from CorpLibrary1 and copy PublikKey to new assembly Generate new assembly that will inherit TestApi class As PublicKey and name of generated assembly is the same as in InternalsVisibleTo, then we can generate new DoSomething method that will override internal method in TestAPI assembly Then we have another assembly that isn't related to this CorpLibrary1 and can't use internal members. We have such test code in it: class Program { static void Main(string[] args) { var builder = new FakeBuilder(InjectBadCode, "DoSomething", true); TestApi fakeType = builder.CreateFake(); fakeType.DoApiTest(); // it will display: // Inject bad code // Base DoSomething Console.ReadLine(); } public static void InjectBadCode() { Console.WriteLine("Inject bad code"); } } And this FakeBuilder class has such code: /// /// Builder that will generate inheritor for specified assembly and will overload specified internal virtual method /// /// Target type public class FakeBuilder { private readonly Action _callback; private readonly Type _targetType; private readonly string _targetMethodName; private readonly string _slotName; private readonly bool _callBaseMethod; public FakeBuilder(Action callback, string targetMethodName, bool callBaseMethod) { int randomId = new Random((int)DateTime.Now.Ticks).Next(); _slotName = string.Format("FakeSlot_{0}", randomId); _callback = callback; _targetType = typeof(TFakeType); _targetMethodName = targetMethodName; _callBaseMethod = callBaseMethod; } public TFakeType CreateFake() { // as CorpLibrary1 can't use code from unreferences assemblies, we need to store this Action somewhere. // And Thread is not bad place for that. It's not the best place as it won't work in multithread application, but it's just a sample LocalDataStoreSlot slot = Thread.AllocateNamedDataSlot(_slotName); Thread.SetData(slot, _callback); // then we generate new assembly with the same nameand public key as target assembly trusts by InternalsVisibleTo attribute var newTypeName = _targetType.Name + "Fake"; var targetAssembly = Assembly.GetAssembly(_targetType); AssemblyName an = new AssemblyName(); an.Name = GetFakeAssemblyName(targetAssembly); // copying public key to new generated assembly var assemblyName = targetAssembly.GetName(); an.SetPublicKey(assemblyName.GetPublicKey()); an.SetPublicKeyToken(assemblyName.GetPublicKeyToken()); AssemblyBuilder assemblyBuilder = Thread.GetDomain().DefineDynamicAssembly(an, AssemblyBuilderAccess.RunAndSave); ModuleBuilder moduleBuilder = assemblyBuilder.DefineDynamicModule(assemblyBuilder.GetName().Name, true); // create inheritor for specified type TypeBuilder typeBuilder = moduleBuilder.DefineType(newTypeName, TypeAttributes.Public | TypeAttributes.Class, _targetType); // LambdaExpression.CompileToMethod can be used only with static methods, so we need to create another method that will call our Inject method // we can do the same via ILGenerator, but expression trees are more easy to use MethodInfo methodInfo = CreateMethodInfo(moduleBuilder); MethodBuilder methodBuilder = typeBuilder.DefineMethod(_targetMethodName, MethodAttributes.Public | MethodAttributes.Virtual); ILGenerator ilGenerator = methodBuilder.GetILGenerator(); // call our static method that will call inject method ilGenerator.EmitCall(OpCodes.Call, methodInfo, null); // in case if we need, then we put call to base method if (_callBaseMethod) { var baseMethodInfo = _targetType.GetMethod(_targetMethodName, BindingFlags.NonPublic | BindingFlags.Instance); // place this to stack ilGenerator.Emit(OpCodes.Ldarg_0); // call the base method ilGenerator.EmitCall(OpCodes.Call, baseMethodInfo, new Type[0]); // return ilGenerator.Emit(OpCodes.Ret); } // generate type, create it and return to caller Type cheatType = typeBuilder.CreateType(); object type = Activator.CreateInstance(cheatType); return (TFakeType)type; } /// /// Get name of assembly from InternalsVisibleTo AssemblyName /// private static string GetFakeAssemblyName(Assembly assembly) { var internalsVisibleAttr = assembly.GetCustomAttributes(typeof(InternalsVisibleToAttribute), true).FirstOrDefault() as InternalsVisibleToAttribute; if (internalsVisibleAttr == null) { throw new InvalidOperationException("Assembly hasn't InternalVisibleTo attribute"); } var ind = internalsVisibleAttr.AssemblyName.IndexOf(","); var name = internalsVisibleAttr.AssemblyName.Substring(0, ind); return name; } /// /// Generate such code: /// ((Action)Thread.GetData(Thread.GetNamedDataSlot(_slotName))).Invoke(); /// private LambdaExpression MakeStaticExpressionMethod() { var allocateMethod = typeof(Thread).GetMethod("GetNamedDataSlot", BindingFlags.Static | BindingFlags.Public); var getDataMethod = typeof(Thread).GetMethod("GetData", BindingFlags.Static | BindingFlags.Public); var call = Expression.Call(allocateMethod, Expression.Constant(_slotName)); var getCall = Expression.Call(getDataMethod, call); var convCall = Expression.Convert(getCall, typeof(Action)); var invokExpr = Expression.Invoke(convCall); var lambda = Expression.Lambda(invokExpr); return lambda; } /// /// Generate static class with one static function that will execute Action from Thread NamedDataSlot /// private MethodInfo CreateMethodInfo(ModuleBuilder moduleBuilder) { var methodName = "_StaticTestMethod_" + _slotName; var className = "_StaticClass_" + _slotName; TypeBuilder typeBuilder = moduleBuilder.DefineType(className, TypeAttributes.Public | TypeAttributes.Class); MethodBuilder methodBuilder = typeBuilder.DefineMethod(methodName, MethodAttributes.Static | MethodAttributes.Public); LambdaExpression expression = MakeStaticExpressionMethod(); expression.CompileToMethod(methodBuilder); var type = typeBuilder.CreateType(); return type.GetMethod(methodName, BindingFlags.Static | BindingFlags.Public); } } remarks about sample: as we need to execute code from another assembly, CorpLibrary1 hasn't access to it, so we need to store this delegate somewhere. Just for testing I stored it in Thread NamedDataSlot. It won't work in multithreaded applications, but it's just a sample. I know that we use Reflection to get private\internal members of any class, but within reflection we can't override them. But this issue is allows anyone to override internal class\method if that assembly has InternalsVisibleTo attribute. I tested it on .Net 3.5\4 and it works for both of them. How does it possible to just copy PublicKey without private key and use it in runtime? The whole sample can be found there - https://github.com/sergey-litvinov/Tests_InternalsVisibleTo UPDATE1: That test code in Program and FakeBuilder classes hasn't access to key.sn file and that library isn't signed, so it hasn't public key at all. It just copying it from CorpLibrary1 by using Reflection.Emit

    Read the article

< Previous Page | 11 12 13 14 15 16 17 18 19 20 21 22  | Next Page >