Search Results

Search found 183 results on 8 pages for 'kits'.

Page 2/8 | < Previous Page | 1 2 3 4 5 6 7 8  | Next Page >

  • Remote Graphics Diagnostics with Windows RT 8.1 and Visual Studio 2013

    - by Michael B. McLaughlin
    Originally posted on: http://geekswithblogs.net/mikebmcl/archive/2013/11/12/remote-graphics-diagnostics-with-windows-rt-8.1-and-visual-studio.aspxThis blog post is a brief follow up to my What’s New in Graphics and Game Development in Visual Studio 2013 post on the MVP Award blog. While writing that post I was testing out various features to try to make sure everything worked as expected. I had some trouble getting Remote Graphics Diagnostics (a/k/a remote graphics debugging) working on my first generation Surface RT (upgraded to Windows RT 8.1). It was more strange since I could use remote debugging when doing CPU debugging; it was just graphics debugging that was causing trouble. After some discussions with the great folks who work on the graphics tools in Visual Studio, they were able to repro the problem and recommend a solution. My Surface RT needed the ARM Kits policy installed on it. Once I followed the instructions on the previous link, I could successfully use Remote Graphics Diagnostics on my Surface RT. Please note that this requires Windows RT 8.1 RTM (i.e. not Preview) and that Remote Graphics Diagnostics on ARM only works when you are using Visual Studio 2013 as it is a new feature (it should work just fine using the Express for Windows version). Also, when I installed the ARM Kits policy I needed to do two things to get it to work properly. First, when following the “How to install the Kits policy” instructions, I needed to copy the SecureBoot folder into Program Files on my Surface RT (specifically, I copied the SecureBoot folder to “C:\Program Files\Windows Kits\8.1\bin\arm\” on my Surface RT, creating any necessary directories). It may work if it’s in any system folder; I didn’t test any others after I got it working. I had initially put it in my Downloads folder and tried installing it from there. When the machine restarted it displayed a worrisome error message. I repeatedly pressed the button that would allow me to retry and eventually the machine rebooted and managed to recover itself to its previous state. Second, I needed to install it as an Administrator. The instructions say that this might be necessary. For me it was. This is a Remote Graphics Diagnostics is a great new feature in Visual Studio 2013 so I definitely encourage all of you to check it out!

    Read the article

  • Error 0x8007007e When trying to mount WinPE 5 wim in Windows 7 using Powershell

    - by BigHomie
    Using ADK for Windows 8.1, and the DISM cmdlets that come with them. I have WMF 4.0 installed. My machine is Windows 7 x64 SP1, and I'm trying to mount the wim using PS C:\Users\BigHomie> Mount-WindowsImage -ImagePath 'C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Windows Preinstallation Environment\x86\ en-us\winpe.wim' -Path C:\WinPE_x86 -index 1 And receive the following error: Mount-WindowsImage : DismInitialize failed. Error code = 0x8007007e At line:1 char:1 + Mount-WindowsImage -ImagePath 'C:\Program Files (x86)\Windows Kits\8.1\Assessmen ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ + CategoryInfo : NotSpecified: (:) [Mount-WindowsImage], COMExcep tion + FullyQualifiedErrorId : Microsoft.Dism.Commands.MountWindowsImageCommand Using dism.exe works fine. Update Forgetting I had this problem, I went to mount a wim using the Powershell ISE and actuallygot a visual error message about "C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\x86\DISM\api-ms-win-downlevel-advapi32-l4-1-0.dll" not being installed. After checking that the dll did in fact exist in the folder I called regsvr32 and received another error message Will try reinstalling as recommended.

    Read the article

  • BI Applications Test Drive: Joint Partner+Oracle Go To Market Initiatives

    - by Mike.Hallett(at)Oracle-BI&EPM
     A challenge you may be facing is how to easily show the business value of BI to a set of customers.  The key we find to achieve this is to show best in class business analytic examples specific to a business person's role and needs - e.g. "HR analytics" for HR professionals, "Spend Analytics" for procurement professionals, and so on. We have created for you, our specialised partners, the ability to run Oracle BI Applications Test Drive Workshops for your customers. These are carefully scripted to allow a customer business person (usually not IT) to navigate for themselves around a series of dashboards and analysis targetted to show how BI can help their business and drive ROI. These Oracle BI Applications Test Drive kits (in English) are now downloadable from our OMS4P/OPN portal . See it by clicking on this link:http://www.oracle.com/partners/secure/marketing/bi-apps-test-drive-519829.htmlThis kit translation into Italian, French, Spanish and German will be added to this portal soon. NOTE: These are not designed for "training" customers: they really address the need for an effective call to action for any customer you talk to who is in the early stages of exploring their options and the business benefits of a BI project, especially if they are already an Oracle applications customer (eBusiness suite, Peoplesoft, Siebel, JDE). For more demand generation kits see another blog article "Joint Partner+Oracle Go To Market Initiatives: BI Customer Event Kits"

    Read the article

  • What is the best book for the preparation of MCPD Exam 70-564 (Designing and Developing ASP.NET 3.5 Applications)?

    - by Steve Johnson
    Hi all, I have seen a couple of questions like this one and scanned through the answers but somehow the replies were not satisfactory or practical. So i wondered maybe people who have gone through it and may suggest a better approach for the preparation of this exam. Goal: My goal is actually NOT merely to pass that exam. I intend to actually master the skill. I have been into asp.net web development for approximately 1.5 years and I want to study something that really improves "Design and Development Skills" in Web Development in general and asp.net to be specific which i can put to use and build upon that. Please suggest a book that teaches professional Asp.Net design and development skills and approaches to quality development by taking through practice design scenarios and their solutions and through various case studies that involve design problems and their implemented solutions. Edit: I have found the Micorosoft training kits to be fairly interesting and helpful as these tend to increase knowledge. I have utilized a lot of things after getting a good explanation of things from the training kits. However, as far as Microsoft Training Kit for 70-564 is concerned, there are not a lot of good reviews about it. What i have read and searched on the net , the reviews on amazon and various forums, stack-exchange and experts-exchange, were more inclined to the conclusion that "Microsoft Training Kit for Exam 70-564 is not good. Its is not good as compared to other kits from Microsoft, like as compared to the training kit of Exam 70-562 or others." So i was looking for a proper book containing examples from practical world scenarios and case studies from which i can not only learn but also master the skills before wasting money of Microsoft Training Kit for Exam 70-564. Waiting for experts to provide a suitable advice.

    Read the article

  • More Collateral to drive Remarketer Activity

    - by martin.morganti(at)oracle.com
    Over the last few months we have added a range of marketing materials to the Remarketer Level pages including an extensive set of Marketing Kits to support the Solution Kits previously available. As part of the continuing program, we have just added some additional training for Remarketers at no cost. In addition to the Oracle 1-Click Technology Products Guided Learning Path which explains about the program and how to position the products, we have added Oracle Database 11g 1-Click Technology Sales Guided Learning Path. This Learning path allows Remarketers to get access to more detailed training on the Oracle 11G database and so develop their understanding of the opportunities they could be benefiting from today, by reselling the 1-click products. This is in direct response to requests to make more training available to the Remarketers, so take the opportunity to let your Remarketer customers and prospects know about this additional training and how they can Jump Start a resell business with Oracle today with No Fees, No Barriers and No Excuses.

    Read the article

  • Python Mindstorms RCX

    - by Kyle Schmidt
    I've got 30 unopened Lego Mindstorms kits that I'd love to use in my intro programming class to do some simple robotics stuff at the end of the year. We're using Python in the class, so I'd prefer there to be a way for the kids to write the programs in Python. Unfortunately, these are old kits with RCX bricks - not the newer NXT ones, so most of the projects like NXT_Python can't help me. Is there any way to make that happen?

    Read the article

  • LGPL and Dual Licensing Ajax Library

    - by Thomas Hansen
    Hi guys, I'm the previous founder of Gaiaware and Gaia Ajax Widgets and when I used to work there we had this rhetoric (which I have confirmed with some very smart FOSS people is correct) that when using a GPL Ajax library you're basically "distributing" the JavaScript which in turn makes the GPL viral clause kick in and forces people to purchase a proprietary license if they're going to build Closed Source stuff... So now I'm the the LGPL world here with Ra-Ajax which is an LGPL licensed library and I've got no intentions of creating a GPL licensed library since I believe strongly in that the LGPL is the "enabler" of the Open Web to prevail. But something interesting have happened which I think might still give me a "business model" here which is the Linking clause of the LGPL which I think goes something like this (pseudo); "If you link to an LGPL licensed thing you get no restrictions on your own derived works"... But so we started creating something we're calling Ajax Starter-Kits which effectively is a "Project Kickstarter" where you can download a finished project/solution which basically enables you to start out with some pre-done boiler plate code for problems such as Ajax DataGrids, Ajax Calendar Applications, Ajax TreeView Applications etc. And the funny thing is that our users would NOT "link" to these, they would effectively BE our users applications... So to wrap up my question. Would this force users of our LGPL licensed Ajax Starter-Kits to LGPL license their own work? Basically if it does we have a business model (and I get very happy) if not I'd just have to hope people would still like to pay us those $29 for our Starter-Kits to support the project... ;) Help rewarded with extreme gratitude...

    Read the article

  • Toorcon 15 (2013)

    - by danx
    The Toorcon gang (senior staff): h1kari (founder), nfiltr8, and Geo Introduction to Toorcon 15 (2013) A Tale of One Software Bypass of MS Windows 8 Secure Boot Breaching SSL, One Byte at a Time Running at 99%: Surviving an Application DoS Security Response in the Age of Mass Customized Attacks x86 Rewriting: Defeating RoP and other Shinanighans Clowntown Express: interesting bugs and running a bug bounty program Active Fingerprinting of Encrypted VPNs Making Attacks Go Backwards Mask Your Checksums—The Gorry Details Adventures with weird machines thirty years after "Reflections on Trusting Trust" Introduction to Toorcon 15 (2013) Toorcon 15 is the 15th annual security conference held in San Diego. I've attended about a third of them and blogged about previous conferences I attended here starting in 2003. As always, I've only summarized the talks I attended and interested me enough to write about them. Be aware that I may have misrepresented the speaker's remarks and that they are not my remarks or opinion, or those of my employer, so don't quote me or them. Those seeking further details may contact the speakers directly or use The Google. For some talks, I have a URL for further information. A Tale of One Software Bypass of MS Windows 8 Secure Boot Andrew Furtak and Oleksandr Bazhaniuk Yuri Bulygin, Oleksandr ("Alex") Bazhaniuk, and (not present) Andrew Furtak Yuri and Alex talked about UEFI and Bootkits and bypassing MS Windows 8 Secure Boot, with vendor recommendations. They previously gave this talk at the BlackHat 2013 conference. MS Windows 8 Secure Boot Overview UEFI (Unified Extensible Firmware Interface) is interface between hardware and OS. UEFI is processor and architecture independent. Malware can replace bootloader (bootx64.efi, bootmgfw.efi). Once replaced can modify kernel. Trivial to replace bootloader. Today many legacy bootkits—UEFI replaces them most of them. MS Windows 8 Secure Boot verifies everything you load, either through signatures or hashes. UEFI firmware relies on secure update (with signed update). You would think Secure Boot would rely on ROM (such as used for phones0, but you can't do that for PCs—PCs use writable memory with signatures DXE core verifies the UEFI boat loader(s) OS Loader (winload.efi, winresume.efi) verifies the OS kernel A chain of trust is established with a root key (Platform Key, PK), which is a cert belonging to the platform vendor. Key Exchange Keys (KEKs) verify an "authorized" database (db), and "forbidden" database (dbx). X.509 certs with SHA-1/SHA-256 hashes. Keys are stored in non-volatile (NV) flash-based NVRAM. Boot Services (BS) allow adding/deleting keys (can't be accessed once OS starts—which uses Run-Time (RT)). Root cert uses RSA-2048 public keys and PKCS#7 format signatures. SecureBoot — enable disable image signature checks SetupMode — update keys, self-signed keys, and secure boot variables CustomMode — allows updating keys Secure Boot policy settings are: always execute, never execute, allow execute on security violation, defer execute on security violation, deny execute on security violation, query user on security violation Attacking MS Windows 8 Secure Boot Secure Boot does NOT protect from physical access. Can disable from console. Each BIOS vendor implements Secure Boot differently. There are several platform and BIOS vendors. It becomes a "zoo" of implementations—which can be taken advantage of. Secure Boot is secure only when all vendors implement it correctly. Allow only UEFI firmware signed updates protect UEFI firmware from direct modification in flash memory protect FW update components program SPI controller securely protect secure boot policy settings in nvram protect runtime api disable compatibility support module which allows unsigned legacy Can corrupt the Platform Key (PK) EFI root certificate variable in SPI flash. If PK is not found, FW enters setup mode wich secure boot turned off. Can also exploit TPM in a similar manner. One is not supposed to be able to directly modify the PK in SPI flash from the OS though. But they found a bug that they can exploit from User Mode (undisclosed) and demoed the exploit. It loaded and ran their own bootkit. The exploit requires a reboot. Multiple vendors are vulnerable. They will disclose this exploit to vendors in the future. Recommendations: allow only signed updates protect UEFI fw in ROM protect EFI variable store in ROM Breaching SSL, One Byte at a Time Yoel Gluck and Angelo Prado Angelo Prado and Yoel Gluck, Salesforce.com CRIME is software that performs a "compression oracle attack." This is possible because the SSL protocol doesn't hide length, and because SSL compresses the header. CRIME requests with every possible character and measures the ciphertext length. Look for the plaintext which compresses the most and looks for the cookie one byte-at-a-time. SSL Compression uses LZ77 to reduce redundancy. Huffman coding replaces common byte sequences with shorter codes. US CERT thinks the SSL compression problem is fixed, but it isn't. They convinced CERT that it wasn't fixed and they issued a CVE. BREACH, breachattrack.com BREACH exploits the SSL response body (Accept-Encoding response, Content-Encoding). It takes advantage of the fact that the response is not compressed. BREACH uses gzip and needs fairly "stable" pages that are static for ~30 seconds. It needs attacker-supplied content (say from a web form or added to a URL parameter). BREACH listens to a session's requests and responses, then inserts extra requests and responses. Eventually, BREACH guesses a session's secret key. Can use compression to guess contents one byte at-a-time. For example, "Supersecret SupersecreX" (a wrong guess) compresses 10 bytes, and "Supersecret Supersecret" (a correct guess) compresses 11 bytes, so it can find each character by guessing every character. To start the guess, BREACH needs at least three known initial characters in the response sequence. Compression length then "leaks" information. Some roadblocks include no winners (all guesses wrong) or too many winners (multiple possibilities that compress the same). The solutions include: lookahead (guess 2 or 3 characters at-a-time instead of 1 character). Expensive rollback to last known conflict check compression ratio can brute-force first 3 "bootstrap" characters, if needed (expensive) block ciphers hide exact plain text length. Solution is to align response in advance to block size Mitigations length: use variable padding secrets: dynamic CSRF tokens per request secret: change over time separate secret to input-less servlets Future work eiter understand DEFLATE/GZIP HTTPS extensions Running at 99%: Surviving an Application DoS Ryan Huber Ryan Huber, Risk I/O Ryan first discussed various ways to do a denial of service (DoS) attack against web services. One usual method is to find a slow web page and do several wgets. Or download large files. Apache is not well suited at handling a large number of connections, but one can put something in front of it Can use Apache alternatives, such as nginx How to identify malicious hosts short, sudden web requests user-agent is obvious (curl, python) same url requested repeatedly no web page referer (not normal) hidden links. hide a link and see if a bot gets it restricted access if not your geo IP (unless the website is global) missing common headers in request regular timing first seen IP at beginning of attack count requests per hosts (usually a very large number) Use of captcha can mitigate attacks, but you'll lose a lot of genuine users. Bouncer, goo.gl/c2vyEc and www.github.com/rawdigits/Bouncer Bouncer is software written by Ryan in netflow. Bouncer has a small, unobtrusive footprint and detects DoS attempts. It closes blacklisted sockets immediately (not nice about it, no proper close connection). Aggregator collects requests and controls your web proxies. Need NTP on the front end web servers for clean data for use by bouncer. Bouncer is also useful for a popularity storm ("Slashdotting") and scraper storms. Future features: gzip collection data, documentation, consumer library, multitask, logging destroyed connections. Takeaways: DoS mitigation is easier with a complete picture Bouncer designed to make it easier to detect and defend DoS—not a complete cure Security Response in the Age of Mass Customized Attacks Peleus Uhley and Karthik Raman Peleus Uhley and Karthik Raman, Adobe ASSET, blogs.adobe.com/asset/ Peleus and Karthik talked about response to mass-customized exploits. Attackers behave much like a business. "Mass customization" refers to concept discussed in the book Future Perfect by Stan Davis of Harvard Business School. Mass customization is differentiating a product for an individual customer, but at a mass production price. For example, the same individual with a debit card receives basically the same customized ATM experience around the world. Or designing your own PC from commodity parts. Exploit kits are another example of mass customization. The kits support multiple browsers and plugins, allows new modules. Exploit kits are cheap and customizable. Organized gangs use exploit kits. A group at Berkeley looked at 77,000 malicious websites (Grier et al., "Manufacturing Compromise: The Emergence of Exploit-as-a-Service", 2012). They found 10,000 distinct binaries among them, but derived from only a dozen or so exploit kits. Characteristics of Mass Malware: potent, resilient, relatively low cost Technical characteristics: multiple OS, multipe payloads, multiple scenarios, multiple languages, obfuscation Response time for 0-day exploits has gone down from ~40 days 5 years ago to about ~10 days now. So the drive with malware is towards mass customized exploits, to avoid detection There's plenty of evicence that exploit development has Project Manager bureaucracy. They infer from the malware edicts to: support all versions of reader support all versions of windows support all versions of flash support all browsers write large complex, difficult to main code (8750 lines of JavaScript for example Exploits have "loose coupling" of multipe versions of software (adobe), OS, and browser. This allows specific attacks against specific versions of multiple pieces of software. Also allows exploits of more obscure software/OS/browsers and obscure versions. Gave examples of exploits that exploited 2, 3, 6, or 14 separate bugs. However, these complete exploits are more likely to be buggy or fragile in themselves and easier to defeat. Future research includes normalizing malware and Javascript. Conclusion: The coming trend is that mass-malware with mass zero-day attacks will result in mass customization of attacks. x86 Rewriting: Defeating RoP and other Shinanighans Richard Wartell Richard Wartell The attack vector we are addressing here is: First some malware causes a buffer overflow. The malware has no program access, but input access and buffer overflow code onto stack Later the stack became non-executable. The workaround malware used was to write a bogus return address to the stack jumping to malware Later came ASLR (Address Space Layout Randomization) to randomize memory layout and make addresses non-deterministic. The workaround malware used was to jump t existing code segments in the program that can be used in bad ways "RoP" is Return-oriented Programming attacks. RoP attacks use your own code and write return address on stack to (existing) expoitable code found in program ("gadgets"). Pinkie Pie was paid $60K last year for a RoP attack. One solution is using anti-RoP compilers that compile source code with NO return instructions. ASLR does not randomize address space, just "gadgets". IPR/ILR ("Instruction Location Randomization") randomizes each instruction with a virtual machine. Richard's goal was to randomize a binary with no source code access. He created "STIR" (Self-Transofrming Instruction Relocation). STIR disassembles binary and operates on "basic blocks" of code. The STIR disassembler is conservative in what to disassemble. Each basic block is moved to a random location in memory. Next, STIR writes new code sections with copies of "basic blocks" of code in randomized locations. The old code is copied and rewritten with jumps to new code. the original code sections in the file is marked non-executible. STIR has better entropy than ASLR in location of code. Makes brute force attacks much harder. STIR runs on MS Windows (PEM) and Linux (ELF). It eliminated 99.96% or more "gadgets" (i.e., moved the address). Overhead usually 5-10% on MS Windows, about 1.5-4% on Linux (but some code actually runs faster!). The unique thing about STIR is it requires no source access and the modified binary fully works! Current work is to rewrite code to enforce security policies. For example, don't create a *.{exe,msi,bat} file. Or don't connect to the network after reading from the disk. Clowntown Express: interesting bugs and running a bug bounty program Collin Greene Collin Greene, Facebook Collin talked about Facebook's bug bounty program. Background at FB: FB has good security frameworks, such as security teams, external audits, and cc'ing on diffs. But there's lots of "deep, dark, forgotten" parts of legacy FB code. Collin gave several examples of bountied bugs. Some bounty submissions were on software purchased from a third-party (but bounty claimers don't know and don't care). We use security questions, as does everyone else, but they are basically insecure (often easily discoverable). Collin didn't expect many bugs from the bounty program, but they ended getting 20+ good bugs in first 24 hours and good submissions continue to come in. Bug bounties bring people in with different perspectives, and are paid only for success. Bug bounty is a better use of a fixed amount of time and money versus just code review or static code analysis. The Bounty program started July 2011 and paid out $1.5 million to date. 14% of the submissions have been high priority problems that needed to be fixed immediately. The best bugs come from a small % of submitters (as with everything else)—the top paid submitters are paid 6 figures a year. Spammers like to backstab competitors. The youngest sumitter was 13. Some submitters have been hired. Bug bounties also allows to see bugs that were missed by tools or reviews, allowing improvement in the process. Bug bounties might not work for traditional software companies where the product has release cycle or is not on Internet. Active Fingerprinting of Encrypted VPNs Anna Shubina Anna Shubina, Dartmouth Institute for Security, Technology, and Society (I missed the start of her talk because another track went overtime. But I have the DVD of the talk, so I'll expand later) IPsec leaves fingerprints. Using netcat, one can easily visually distinguish various crypto chaining modes just from packet timing on a chart (example, DES-CBC versus AES-CBC) One can tell a lot about VPNs just from ping roundtrips (such as what router is used) Delayed packets are not informative about a network, especially if far away from the network More needed to explore about how TCP works in real life with respect to timing Making Attacks Go Backwards Fuzzynop FuzzyNop, Mandiant This talk is not about threat attribution (finding who), product solutions, politics, or sales pitches. But who are making these malware threats? It's not a single person or group—they have diverse skill levels. There's a lot of fat-fingered fumblers out there. Always look for low-hanging fruit first: "hiding" malware in the temp, recycle, or root directories creation of unnamed scheduled tasks obvious names of files and syscalls ("ClearEventLog") uncleared event logs. Clearing event log in itself, and time of clearing, is a red flag and good first clue to look for on a suspect system Reverse engineering is hard. Disassembler use takes practice and skill. A popular tool is IDA Pro, but it takes multiple interactive iterations to get a clean disassembly. Key loggers are used a lot in targeted attacks. They are typically custom code or built in a backdoor. A big tip-off is that non-printable characters need to be printed out (such as "[Ctrl]" "[RightShift]") or time stamp printf strings. Look for these in files. Presence is not proof they are used. Absence is not proof they are not used. Java exploits. Can parse jar file with idxparser.py and decomile Java file. Java typially used to target tech companies. Backdoors are the main persistence mechanism (provided externally) for malware. Also malware typically needs command and control. Application of Artificial Intelligence in Ad-Hoc Static Code Analysis John Ashaman John Ashaman, Security Innovation Initially John tried to analyze open source files with open source static analysis tools, but these showed thousands of false positives. Also tried using grep, but tis fails to find anything even mildly complex. So next John decided to write his own tool. His approach was to first generate a call graph then analyze the graph. However, the problem is that making a call graph is really hard. For example, one problem is "evil" coding techniques, such as passing function pointer. First the tool generated an Abstract Syntax Tree (AST) with the nodes created from method declarations and edges created from method use. Then the tool generated a control flow graph with the goal to find a path through the AST (a maze) from source to sink. The algorithm is to look at adjacent nodes to see if any are "scary" (a vulnerability), using heuristics for search order. The tool, called "Scat" (Static Code Analysis Tool), currently looks for C# vulnerabilities and some simple PHP. Later, he plans to add more PHP, then JSP and Java. For more information see his posts in Security Innovation blog and NRefactory on GitHub. Mask Your Checksums—The Gorry Details Eric (XlogicX) Davisson Eric (XlogicX) Davisson Sometimes in emailing or posting TCP/IP packets to analyze problems, you may want to mask the IP address. But to do this correctly, you need to mask the checksum too, or you'll leak information about the IP. Problem reports found in stackoverflow.com, sans.org, and pastebin.org are usually not masked, but a few companies do care. If only the IP is masked, the IP may be guessed from checksum (that is, it leaks data). Other parts of packet may leak more data about the IP. TCP and IP checksums both refer to the same data, so can get more bits of information out of using both checksums than just using one checksum. Also, one can usually determine the OS from the TTL field and ports in a packet header. If we get hundreds of possible results (16x each masked nibble that is unknown), one can do other things to narrow the results, such as look at packet contents for domain or geo information. With hundreds of results, can import as CSV format into a spreadsheet. Can corelate with geo data and see where each possibility is located. Eric then demoed a real email report with a masked IP packet attached. Was able to find the exact IP address, given the geo and university of the sender. Point is if you're going to mask a packet, do it right. Eric wouldn't usually bother, but do it correctly if at all, to not create a false impression of security. Adventures with weird machines thirty years after "Reflections on Trusting Trust" Sergey Bratus Sergey Bratus, Dartmouth College (and Julian Bangert and Rebecca Shapiro, not present) "Reflections on Trusting Trust" refers to Ken Thompson's classic 1984 paper. "You can't trust code that you did not totally create yourself." There's invisible links in the chain-of-trust, such as "well-installed microcode bugs" or in the compiler, and other planted bugs. Thompson showed how a compiler can introduce and propagate bugs in unmodified source. But suppose if there's no bugs and you trust the author, can you trust the code? Hell No! There's too many factors—it's Babylonian in nature. Why not? Well, Input is not well-defined/recognized (code's assumptions about "checked" input will be violated (bug/vunerabiliy). For example, HTML is recursive, but Regex checking is not recursive. Input well-formed but so complex there's no telling what it does For example, ELF file parsing is complex and has multiple ways of parsing. Input is seen differently by different pieces of program or toolchain Any Input is a program input executes on input handlers (drives state changes & transitions) only a well-defined execution model can be trusted (regex/DFA, PDA, CFG) Input handler either is a "recognizer" for the inputs as a well-defined language (see langsec.org) or it's a "virtual machine" for inputs to drive into pwn-age ELF ABI (UNIX/Linux executible file format) case study. Problems can arise from these steps (without planting bugs): compiler linker loader ld.so/rtld relocator DWARF (debugger info) exceptions The problem is you can't really automatically analyze code (it's the "halting problem" and undecidable). Only solution is to freeze code and sign it. But you can't freeze everything! Can't freeze ASLR or loading—must have tables and metadata. Any sufficiently complex input data is the same as VM byte code Example, ELF relocation entries + dynamic symbols == a Turing Complete Machine (TM). @bxsays created a Turing machine in Linux from relocation data (not code) in an ELF file. For more information, see Rebecca "bx" Shapiro's presentation from last year's Toorcon, "Programming Weird Machines with ELF Metadata" @bxsays did same thing with Mach-O bytecode Or a DWARF exception handling data .eh_frame + glibc == Turning Machine X86 MMU (IDT, GDT, TSS): used address translation to create a Turning Machine. Page handler reads and writes (on page fault) memory. Uses a page table, which can be used as Turning Machine byte code. Example on Github using this TM that will fly a glider across the screen Next Sergey talked about "Parser Differentials". That having one input format, but two parsers, will create confusion and opportunity for exploitation. For example, CSRs are parsed during creation by cert requestor and again by another parser at the CA. Another example is ELF—several parsers in OS tool chain, which are all different. Can have two different Program Headers (PHDRs) because ld.so parses multiple PHDRs. The second PHDR can completely transform the executable. This is described in paper in the first issue of International Journal of PoC. Conclusions trusting computers not only about bugs! Bugs are part of a problem, but no by far all of it complex data formats means bugs no "chain of trust" in Babylon! (that is, with parser differentials) we need to squeeze complexity out of data until data stops being "code equivalent" Further information See and langsec.org. USENIX WOOT 2013 (Workshop on Offensive Technologies) for "weird machines" papers and videos.

    Read the article

  • SOA Partner Community Workspace

    - by JuergenKress
    To share the latest information with the community we use the SOA Community Workspace (SOA Community membership required). At the workspace you can find training material, product presentations in ppt format, product roadmaps, sales kits, market kits, training calendar and many additional information. Please use this content in the spirit of our partnership, and do not share external confidential material (be aware of the OTN NDA). The workspace is organized by product categories in folders e.g. SOA or Business Process Management or Applications & Fusion Middleware. You can also use tags to navigate within the workspace. For large downloads we do recommend to map the workspace as a network drive or to use the ftp functions. Please be very careful when you use the workspace, as we granted everybody full access including to add and delete documents. Please do NOT delete any content. Each action creates e-mail alerts for subscribed users. You can unsubscribe these alerts at the admin page à navigate to the All Workspaces tab à click on the workspace à switch the subscription off. It would be great if you can continue to share your best practice and knowledge within the community. Therefore we also created the folder Presentations from Partners. SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Facebook Wiki Mix Forum Technorati Tags: Workspace,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • Ten Classic Electronic Toys and Their Modern Equivalents

    - by Jason Fitzpatrick
    Whether you’re looking to relive the toy exploits of your youth or pass your love of tinkering and electronics onto the younger generation, this list highlights ten great electronic toys of yesteryear and their modern equivalents. Courtesy of Wired’s Geek Dad, the description for the all-in-one electronics kit seen here: What is was: Arthur C. Clarke has said that any sufficiently advanced technology is indistinguishable from magic. As a kid in the midst of an increasing technological revolution, electronics were at the heart of that. Learning electronics was made easy through the Science Fair Electronic Project Kits found at Radioshack. Through the project guides, kids could construct various ‘experiments’ by attaching wires to terminal springs that make circuits. The terminal springs would wire in components such as LED segment lights, photo sensors, resistors, diodes, etc. While it was fun getting the projects to work, the manuals lacked in depth explanation as to what was happening in the circuit to produce the project’s result. Why it was awesome: First, it was a simple buy for parents. Everything you needed to get your child interested in electronics was right in the kit. You didn’t need to breadboard or solder. I remember a distinct feeling of accomplishment making a high-water alarm or a light-sensor game with the realization that the bundles of wires springing up from the kit were actually doing something! Modern equivalent: You can still pick up variations of the 100-in-1 kits, but their popular replacement seem to be Snap Circuits by Elenco. All of the components are mounted on a plastic base with a contact on either end which interconnect with each other and the plastic base that projects can be mounted to. Each component also has the electrical diagram symbol for that component drawn on it so it can help you read schematics. For that reason alone, I like these better. HTG Explains: Why You Only Have to Wipe a Disk Once to Erase It HTG Explains: Learn How Websites Are Tracking You Online Here’s How to Download Windows 8 Release Preview Right Now

    Read the article

  • NSUserDefaults with in-app Settings bundle

    - by Hema Vasudevan
    I'm in the process of building an app and would prefer to have an in-app specific Settings bundle rather than make it available in the Settings application. I'm using NSUserDefaults class to save and retrieve them but would like to have the same Settings app look and feel. I wanted to use InAppSettingsKit or the llamasettings but don't know how to use the NSUserDefaults class. Those kits tell me how to create a .plist file and use their kits. All I need is use the Settings app look and feel while at the same time use NSUserDefaults class to save and retrieve values. Please help.

    Read the article

  • Guidance and Pricing for MSDN 2010

    - by John Alexander
    Sorry for the rather lengthy post here. I get asked this all the time so I decided to post it…Visual Studio 2010 editions will be available on April 12, 2010. Product Features Professional with MSDN Essentials Professional with MSDN Premium with MSDN Ultimate with MSDN Test Professional with MSDN Debugging and Diagnostics IntelliTrace (Historical Debugger)         Static Code Analysis       Code Metrics       Profiling       Debugger   Testing Tools Unit Testing   Code Coverage       Test Impact Analysis       Coded UI Test       Web Performance Testing         Load Testing1         Microsoft Test Manager 2010       Test Case Management2       Manual Test Execution       Fast-Forward for Manual Testing       Lab Management Configuration3       Integrated Development Environment Multiple Monitor Support   Multi-Targeting   One Click Web Deployment   JavaScript and jQuery Support   Extensible WPF-Based Environment Database Development Database Deployment       Database Change Management2       Database Unit Testing       Database Test Data Generation       Data Access   Development Platform Support Windows Development   Web Development   Office and SharePoint Development   Cloud Development   Customizable Development Experience   Architecture and Modeling Architecture Explorer         UML® 2.0 Compliant Diagrams (Activity, Use Case, Sequence, Class, Component)         Layer Diagram and Dependency Validation         Read-only diagrams (UML, Layer, DGML Graphs)         Lab Management Virtual environment setup & tear down3       Provision environment from template3       Checkpoint environment3       Team Foundation Server Version Control2   Work Item Tracking2   Build Automation2   Team Portal2   Reporting & Business Intelligence2   Agile Planning Workbook2   Microsoft Visual Studio Team Explorer 2010   Test Case Management2       MSDN Subscription – Software and Services for Production Use Windows Azure Platform 20 hrs/mo † 50 hrs/mo † 100 hrs/mo † 250 hrs/mo † n/a Microsoft Visual Studio Team Foundation Server 2010   Microsoft Visual Studio Team Foundation Server 2010 CAL   1 1 1 1 Microsoft Expression Studio 3       Microsoft Office Professional Plus 2010, Project Professional 2010, Visio Premium 2010 (following Office 2010 launch)       MSDN Subscription – Software for Development and Testing 4 Windows 7, Windows Server 2008 R2 and SQL Server 2008 Toolkits, Software Development Kits, Driver Development Kits Previous versions of Windows (client and server operation systems)   Previous versions of Microsoft SQL Server   Microsoft Office       Microsoft Dynamics       All other Servers       Windows Embedded operating systems       Teamprise         MSDN Subscription – Other Benefits Technical support incidents 0 2 4 4 2 Priority support in MSDN Forums Microsoft e-learning collections (typically 10 courses or 20 hours) 0 1 2 2 1 MSDN Flash newsletter MSDN Online Concierge MSDN Magazine   System Requirements View View View View View Buy from (MSRP) $799 $1,199 $5,469 $11,899 $2,169 Renew from (MSRP) $549 (upgrade) $799 $2,299 $3,799 $899 † Availability varies by country and subscription level.  Details available on the MSDN site 1. May require one or more Microsoft Visual Studio Load Test Virtual User Pack 2010 2. Requires Team Foundation Server and a Team Foundation Server CAL 3. Requires Microsoft Visual Studio Lab Management 2010 4. Per-user license allows unlimited installations and use for designing, developing, testing, and demonstrating applications. UML is a registered trademark of Object Management Group, Inc. Windows is either a registered trademark or trademark of Microsoft Corporation in the United States and/or other countries.

    Read the article

  • Création d'une application « Hello World » dans Visual Studio Lightswitch, un article d'Avkash Chauhan, traduit par Deepin Prayag

    Citation: Visual Studio LightSwitch 2011 propose des « starter kits » et des options de déploiement flexibles qui vous aident à créer et à facilement publier des applications métier personnalisées à l'aspect professionnel et distingué, sans nécessité de code. Visual Studio LightSwitch propose une manière simple de développer des applications métier de type bureau ou Cloud. LightSwitch gère toute la plomberie pour vous, afin que vous puissiez vous concentrer sur la création de valeurs métier. Partie 1 :

    Read the article

  • Windows Azure – Write, Run or Use Software

    - by BuckWoody
    Windows Azure is a platform that has you covered, whether you need to write software, run software that is already written, or Install and use “canned” software whether you or someone else wrote it. Like any platform, it’s a set of tools you can use where it makes sense to solve a problem. The primary location for Windows Azure information is located at http://windowsazure.com. You can find everything there from the development kits for writing software to pricing, licensing and tutorials on all of that. I have a few links here for learning to use Windows Azure – although it’s best if you focus not on the tools, but what you want to solve. I’ve got it broken down here into various sections, so you can quickly locate things you want to know. I’ll include resources here from Microsoft and elsewhere – I use these same resources in the Architectural Design Sessions (ADS) I do with my clients worldwide. Write Software Also called “Platform as a Service” (PaaS), Windows Azure has lots of components you can use together or separately that allow you to write software in .NET or various Open Source languages to work completely online, or in partnership with code you have on-premises or both – even if you’re using other cloud providers. Keep in mind that all of the features you see here can be used together, or independently. For instance, you might only use a Web Site, or use Storage, but you can use both together. You can access all of these components through standard REST API calls, or using our Software Development Kit’s API’s, which are a lot easier. In any case, you simply use Visual Studio, Eclipse, Cloud9 IDE, or even a text editor to write your code from a Mac, PC or Linux.  Components you can use: Azure Web Sites: Windows Azure Web Sites allow you to quickly write an deploy websites, without setting a Virtual Machine, installing a web server or configuring complex settings. They work alone, with other Windows Azure Web Sites, or with other parts of Windows Azure. Web and Worker Roles: Windows Azure Web Roles give you a full stateless computing instance with Internet Information Services (IIS) installed and configured. Windows Azure Worker Roles give you a full stateless computing instance without Information Services (IIS) installed, often used in a "Services" mode. Scale-out is achieved either manually or programmatically under your control. Storage: Windows Azure Storage types include Blobs to store raw binary data, Tables to use key/value pair data (like NoSQL data structures), Queues that allow interaction between stateless roles, and a relational SQL Server database. Other Services: Windows Azure has many other services such as a security mechanism, a Cache (memcacheD compliant), a Service Bus, a Traffic Manager and more. Once again, these features can be used with a Windows Azure project, or alone based on your needs. Various Languages: Windows Azure supports the .NET stack of languages, as well as many Open-Source languages like Java, Python, PHP, Ruby, NodeJS, C++ and more.   Use Software Also called “Software as a Service” (SaaS) this often means consumer or business-level software like Hotmail or Office 365. In other words, you simply log on, use the software, and log off – there’s nothing to install, and little to even configure. For the Information Technology professional, however, It’s not quite the same. We want software that provides services, but in a platform. That means we want things like Hadoop or other software we don’t want to have to install and configure.  Components you can use: Kits: Various software “kits” or packages are supported with just a few clicks, such as Umbraco, Wordpress, and others. Windows Azure Media Services: Windows Azure Media Services is a suite of services that allows you to upload media for encoding, processing and even streaming – or even one or more of those functions. We can add DRM and even commercials to your media if you like. Windows Azure Media Services is used to stream large events all the way down to small training videos. High Performance Computing and “Big Data”: Windows Azure allows you to scale to huge workloads using a few clicks to deploy Hadoop Clusters or the High Performance Computing (HPC) nodes, accepting HPC Jobs, Pig and Hive Jobs, and even interfacing with Microsoft Excel. Windows Azure Marketplace: Windows Azure Marketplace offers data and programs you can quickly implement and use – some free, some for-fee.   Run Software Also known as “Infrastructure as a Service” (IaaS), this offering allows you to build or simply choose a Virtual Machine to run server-based software.  Components you can use: Persistent Virtual Machines: You can choose to install Windows Server, Windows Server with Active Directory, with SQL Server, or even SharePoint from a pre-configured gallery. You can configure your own server images with standard Hyper-V technology and load them yourselves – and even bring them back when you’re done. As a new offering, we also even allow you to select various distributions of Linux – a first for Microsoft. Windows Azure Connect: You can connect your on-premises networks to Windows Azure Instances. Storage: Windows Azure Storage can be used as a remote backup, a hybrid storage location and more using software or even hardware appliances.   Decision Matrix With all of these options, you can use Windows Azure to solve just about any computing problem. It’s often hard to know when to use something on-premises, in the cloud, and what kind of service to use. I’ve used a decision matrix in the last couple of years to take a particular problem and choose the proper technology to solve it. It’s all about options – there is no “silver bullet”, whether that’s Windows Azure or any other set of functions. I take the problem, decide which particular component I want to own and control – and choose the column that has that box darkened. For instance, if I have to control the wiring for a solution (a requirement in some military and government installations), that means the “Networking” component needs to be dark, and so I select the “On Premises” column for that particular solution. If I just need the solution provided and I want no control at all, I can look as “Software as a Service” solutions. Security, Pricing, and Other Info  Security: Security is one of the first questions you should ask in any distributed computing environment. We have certification info, coding guidelines and more, even a general “Request for Information” RFI Response already created for you.   Pricing: Are there licenses? How much does this cost? Is there a way to estimate the costs in this new environment? New Features: Many new features were added to Windows Azure - a good roundup of those changes can be found here. Support: Software Support on Virtual Machines, general support.    

    Read the article

  • SOA Community Newsletter June 2012

    - by JuergenKress
    Dear SOA partner community member Happy New fiscal Year FY13 - thanks for the FY12 middleware business! Our SOA & BPM Partner Community continued to grow to almost 4000 members. Additional we launched the WebLogic Partner Community which grew very fast to 800+ members! To continue our joint successful business in the new fiscal year our Top priorities FY13 are: Become trained:the next opportunity are the summer camps in Lisbon & Munich or our on-demand training SOA & BPM and see our detailed training calendar below. Run your marketing & sales campaign: sales kits, marketing kits, solution catalog add your services to oracle.com, add your events to oracle.com and advertisement Get recognized: OFM awards, partner excellence awards & references & plaques Become Specialized: All of the above makes the Oracle Specialization! Make sure you get your Specialization benefits! Topics: Key product focus areas will be: SOA as the foundation for clouds, integration platform 2.0 for industrial SOA including BAM & CEP, BPM & adaptive case management & migrate legacy solutions to the strategic offerings. The new Oracle VM VirtualBox image is available to test SOA Suite and BPM Suite. To start your BPM 11g project a new BPM Standard Edition a license entry version is available. EAIESB published a post with all BPMN2.0 notations. If you want to learn more please visit the Oracle Learning Library. We want to promote your SOA 11g & BPM 11g success let us know where you are in production! And nominate this success for our Middleware Oracle Excellence Awards 2012. Douwe P. van den Bos published at his blog a SOA governance series: Principles of Service-Oriented Architecture & The Maturity of a Service-Oriented Architecture & SOA Maturity Models. Please let us know if you published interesting papers! Would be great to see you at the SOA, Cloud + Service Technology Symposium by Thomas Erl. Please feel free to get your conference pass with the oracle discount code “DJMXZ370”. See you in Lisbon & London at our summer camps! Jürgen Kress Oracle SOA & BPM Partner Adoption EMEA To read the newsletter please visit http://tinyurl.com/soanewsJune2012 (OPN Account required) To become a member of the SOA Partner Community please register at http://www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: SOA Community newsletter,SOA Community,Oracle,OPN,Jürgen Kress,SOA Demo System,BPM

    Read the article

  • WebLogic Partner Community Newsletter June 2012

    - by JuergenKress
    Dear WebLogic partner community member Happy New fiscal Year FY13 - thanks for the FY12 middleware business! Our WebLogic Partner Community grew very fast to 800+ members! To continue our joint successful business in the new fiscal year our top priorities in FY13 are: Become trained:the next opportunity are the summer camps in Lisbon & Munich or our on-demand training WebLogic 12c & ExaLogic & ADF see our detailed training calendar below. Run your marketing & sales campaign: sales kits, marketing kits, solution catalog add your services to oracle.com, add your events to oracle.com and advertisement Get recognized: OFM awards, partner excellence awards & references & plaques Become Specialized: All of the above makes the Oracle WebLogic 12c & ExaLogic & ADF Specialization! Make sure you get your Specialization benefits! Topics: Key product focus areas will be: ias to WebLogic & ExaLogic, ADF mobile and Oracle Java Cloud platform. Get a sneak preview of our FY13 sales plays (Oracle and Partner confidential) If you can not attend our Summer Camps and our WebLogic 12c Bootcamps please register for the on-demand Oracle WebLogic Server 12c Sales Boot Camp & Oracle WebLogic Server 12c PreSales Boot Camp and the WebLogic Server: Diagnosing Performance Webcast From June 1st 2012 ExaLogic Specialization is mandatory for re-sell! To support you with your opportunities we published the ExaLogic Kit & Cloud Application Foundation kit which includes sales ppt presentations and technical details! We are also highly interested to run a joint iAS to WebLogic upgrade marketing campaign! See you in Lisbon! Jürgen Kress Oracle WebLogic Partner Adoption EMEA To read the newsletter please visit http://tinyurl.com/WebLogicnewsJunea2012 (OPN Account required) To become a member of the WebLogic Partner Community please register at http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: WebLogic Community newsletter,WebLogic,WebLogic Community,OPN,Oracle,Jürgen Kress,WebLogic 12c,Fusion Middleware Innovation Awards 2012,SPCEjEnterprise 2012 Benchmark,WebLogic Benchmark Sun,Java training,WebLogic advisor webcast

    Read the article

  • Publication d'une application LightSwitch dans Windows Azure, un article d'Avkash Chauhan, traduit par Deepin Prayag

    Citation: Visual Studio LightSwitch 2011 propose des « starter kits » et des options de déploiement flexibles qui vous aident à créer et à facilement publier des applications métier personnalisées à l'aspect professionnel et distingué, sans nécessité de code. Visual Studio LightSwitch propose une manière simple de développer des applications métier de type bureau ou Cloud. LightSwitch gère toute la plomberie pour vous, afin que vous puissiez vous concentrer sur la création de valeurs métier. Partie 2 :

    Read the article

  • What were the typical price range for a development kit?

    - by Vaughan Hilts
    A lot of these things are usually behind NDAs and tricky to gauge. Is there any information and ranges on how much these thing costs? For example, the PS1 had the "Net Yaroze", which according to Wikipedia was: "For about $750 USD, the Net Yaroze (DTL-H300x) package would contain a special black-colored debugging PlayStation unit with documentation, software, and no regional lockout." So, what were the prices of some game development kits? P.S: This might make a good community wiki

    Read the article

  • Neue Oracle Marketing Services für Partner

    - by A&C Redaktion
    Damit Sie immer gut über die Marketing-Materialien von Oracle informiert sind, haben wir die für Sie wichtigsten Materialien vom OMS4P (Oracle Marketing Services for Partners) auf der Seite Oracle Marketing Kits zusammen gefasst. Hier finden Sie alle, speziell für Partner erstellten Tools und Ressoucen für Datenbanken, Middleware, Applications, Server/Storage und für diverse Branchen. Die OMS4P-Seite wird bald abgeschaltet, deshalb bookmarken Sie sich gleich diesen neuen Link.

    Read the article

  • New Marketing Assets Available

    - by Cinzia Mascanzoni
    NEW translated demand generation materials available for the following Oracle Marketing Kits, designed to help partners generate sales around Oracle's solutions: Improve Database Capacity Management with Oracle Storage and Hybrid Columnar Compression Accelerating Database Test & Development with Sun ZFS Storage Appliance Upgrade SAN Storage to Oracle Pillar Axiom SPARC Refresh with Oracle Solaris Operating System SPARC Server Refresh: The Next Level of Datacenter Performance with Oracle’s New SPARC Servers Oracle Server Virtualization Oracle Desktop Virtualization

    Read the article

  • Book Review: MCTS Self-Paced Training Kit (Exam 70-667): Configuring Microsoft SharePoint 2010

    Microsoft Certification Exams are tough even though it is multiple choice. You should refer to training kits available on the market before attempting an exam. Configuring Microsoft SharePoint 2010 is a comprehensive Self-Paced Training Kit for those looking to obtain Microsoft Certified Technology Specialist Certification. The book examines all aspects of Microsoft SharePoint 2010 in a detailed manner with the help of a mock exam in the accompanying CD-ROM. In this review, Anand analyses the content of the book and also provides suggestions for the improvement.

    Read the article

  • Ajouter l'accès RDP à une application LightSwitch 2011 déployée sur Windows Azure, un article d'Avkash Chauhan, traduit par Deepin Prayag

    Citation: Visual Studio LightSwitch 2011 propose des « starter kits » et des options de déploiement flexibles qui vous aident à créer et à facilement publier des applications métier personnalisées à l'aspect professionnel et distingué, sans nécessité de code. Visual Studio LightSwitch propose une manière simple de développer des applications métier de type bureau ou Cloud. LightSwitch gère toute la plomberie pour vous, afin que vous puissiez vous concentrer sur la création de valeurs métier. Partie 3 :

    Read the article

  • Welcome Xsigo Partners

    - by Cinzia Mascanzoni
    Oracle recently achieved LEC for Xsigo Systems, Inc. and the migration of legacy partners is underway. Welcome Kits were distributed to partners providing details on how to join Oracle PartnerNetwork and next steps to jump start their business with Oracle. To find out more about the transition of Xsigo Partners, view the recently updated FAQ here.

    Read the article

  • Which RAM is faster (or, is Crucial's Memory Advisor giving non-optimal advice)?

    - by adpe
    In general, if a PC's motherboard is only specified for RAM up to a given core speed x, will that PC be faster with: RAM of latency y capable of running at a maximum core speed >x or RAM of latency <y capable of running at a maximum core speed of exactly x ? I would have thought the latter, but Crucial's Memory Adviser tool advises the former. So, which of us is correct - me, or the machine? (Here is a concrete example: I wish to upgrade a Toshiba Satellite Pro L300-155 laptop from its current 1GB RAM to 2GB Crucial RAM. The laptop's specifications are given here. I see from those specifications that the laptop is designed for DDR2-667 Ram. Crucial sells two compatible 2GB kits, priced exactly the same as each other: DDR2-667, CL=5; DDR2-800, CL=6. It seems to me that of these two upgrade kits, the first kit would run slightly faster on the L300-155 than the second, because both will presumably be capped at DDR2-667 core speed (see laptop specs), but the second kit has more latency. However, Crucial's Memory Advisor tool recommends the second kit.)

    Read the article

< Previous Page | 1 2 3 4 5 6 7 8  | Next Page >