Search Results

Search found 755 results on 31 pages for 'leeks and leaks'.

Page 22/31 | < Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >

  • VS 11 Beta merge tool is awesome, except for resovling conflicts

    - by deadlydog
    If you've downloaded the new VS 11 Beta and done any merging, then you've probably seen the new diff and merge tools built into VS 11.  They are awesome, and by far a vast improvement over the ones included in VS 2010.  There is one problem with the merge tool though, and in my opinion it is huge.Basically the problem with the new VS 11 Beta merge tool is that when you are resolving conflicts after performing a merge, you cannot tell what changes were made in each file where the code is conflicting.  Was the conflicting code added, deleted, or modified in the source and target branches?  I don't know (without explicitly opening up the history of both the source and target files), and the merge tool doesn't tell me.  In my opinion this is a huge fail on the part of the designers/developers of the merge tool, as it actually forces me to either spend an extra minute for every conflict to view the source and target file history, or to go back to use the merge tool in VS 2010 to properly assess which changes I should take.I submitted this as a bug to Microsoft, but they say that this is intentional by design. WHAT?! So they purposely crippled their tool in order to make it pretty and keep the look consistent with the new diff tool?  That's like purposely putting a little hole in the bottom of your cup for design reasons to make it look cool.  Sure, the cup looks cool, but I'm not going to use it if it leaks all over the place and doesn't do the job that it is intended for. Bah! but I digress.Because this bug is apparently a feature, they asked me to open up a "feature request" to have the problem fixed. Please go vote up both my bug submission and the feature request so that this tool will actually be useful by the time the final VS 11 product is released.

    Read the article

  • ArchBeat Link-o-Rama for 10-19-2012

    - by Bob Rhubart
    One Week to Go: OTN Architect Day Los Angeles - Oct 25 Oracle Technology Network Architect Day in Los Angeles happens in one week. Register now to make sure you don't miss out on a rich schedule of expert technical sessions and peer interaction covering the use of Oracle technologies in cloud computing, SOA, and more. Even better: it's all free. Register now! When: October 25, 2012, 8:30am - 5:00pm. Where: Sofitel Los Angeles, 8555 Beverly Boulevard, Los Angeles, CA 90048. Moving your APEX app to the Oracle Cloud | Dimitri Gielis Oracle ACE Director (and OSN Developer Challenge co-winner) Dimitri Gielis shares the steps in the process as he moves his "DGTournament" application, along with all of its data, onto the Oracle Cloud. A brief note for customers running SOA Suite on AIX platforms | A-Team - SOA "When running Oracle SOA Suite with IBM JVMs on the AIX platform, we have seen performance slowdowns and/or memory leaks," says Christian, an architect on the Oracle Fusion Middleware A-Team. "On occasion, we have even encountered some OutOfMemoryError conditions and the concomittant Java coredump. If you are experiencing this issue, the resolution may be to configure -Dsun.reflect.inflationThreshold=0 in your JVM startup parameters." Introducing the New Face of Fusion Applications | Misha Vaughan Oracle ACE Directors Debra Lilly and Floyd Teter have already blogged about the the new face of Oracle Fusion Applications. Now Applications User Experience Architect Misha Vaughan shares a brief overview of how the Oracle Applications User Experience (UX) team developed the new look. ADF Essentials Security Implementation for Glassfish Deployment | Andrejus Baranovskis According to Oracle ACE Director Andrejus Baranovskis, Oracle ADF Essentials includes all the key ADF technologies, save one: ADF Security. In this post he illustrates a solution for filling that gap. Thought for the Day "Why are video games so much better designed than office software? Because people who design video games love to play video games. People who design office software look forward to doing something else on the weekend." — Ted Nelson Source: softwarequotes.com

    Read the article

  • How to increase the disk cache of Windows 7

    - by Mark Christiaens
    Under Windows 7 (64 bit), I'm reading through 9000 moderately sized files. In total, there is more than 200 MB of data. Using Java (JDK 1.6.21) I'm iterating over the files. The first 1400 or so go at full speed but then speed drops off to 4ms per file. It turns out that the main cost is incurred simply by opening the files. I'm opening the files using new FileInputStream (and of course closing them in time to avoid file leaks). After some investigating, I see that Windows' disk cache is using only 100 MB or so of RAM although I have 8 GiB available. I've tried increasing the cache size using the CacheSet tool but any values I provide are considered out of range. I've also tried enabling the LargeSystemCache registry key but (after rebooting) the CacheSet tool still indicates I'm using 100 MB of cache (and doesn't increase during the test run). Does anybody have any suggestions to "encourage" Windows 7 to cache my 9000 files?

    Read the article

  • Does scheduling recycling app pool in IIS7 help the server conserve memory better?

    - by user29266
    Hello, I have a VPS (IIS7 with Win 2008) It's got: 40 websites and a SQL Server 2008 powering them with only 2 Gigs of RAM. None of the sites are mission critical, they are all just demos. I often have ram issues on the server because each site has does caching and generally uses a lot of memory. Would it make sense to set the application pools to recycle every 3 hours? I'm sure this would free up any memory leaks or processes left "hanging" Are there any other tips on this? Thank you very much!, Aron

    Read the article

  • How can I create an encrypted, bootable thumbdrive containing Linux?

    - by Hanno Fietz
    I want to have a bootable flash drive that's fully encrypted. I have not tested, but seem to like, TrueCrypt, which provides a fully encrypted system and has lots of other features I like (for instance, hidden volumes). Unfortunately, it seems, system encryption is only supported for Windows, although I'm not sure why. The crux here, I guess, is that you need a boot loader that is capable of asking for your password and decrypt the disk, at least the part that contains kernel and initrd. An alternative might be to have an unencrypted boot partition containing a more powerful system which will decrypt and mount the main partition. However, this brings up the question of whether you're introducing data leaks. Depending on the specific scenario, I may lack the experience to assess if this is a problem. So I'd strongly prefer a fully encrypted disk or a similarly straightforward alternative.

    Read the article

  • Kill Leaking Connections on SQL Server 2005

    - by Thierry Brunet
    We have a legacy ASP application that somewhere leaks SQL Connections. In Activity Monitor, I can see a bunch of idle processes with Last Batch times over an hour old. When I look at the T-SQL command batch, these are always FETCH API_CURSORXXX, which from my understanding is caused by improperly closed ASP ADO Recordsets. While we are try to pinpoint the offeding code, is there a way for me to monitor which requests open which cursors? I'm assuming profiler, but I'm not sure what I should be monitoring exactly. I can see a bunch of calls to sp_cursoropen but I don't see the API_CUSORXXX name anywhere. Second, would anyone be able to suggest a script we could run to kill these processes based on the Last Batch time 10 minutes and Last Batch Command being FETCH API_CURSORXXX? For various reasons, we unfortunately don't have any SQL Server DBAs.

    Read the article

  • How can I launch RemoteApp on Windows Server from server itself at startup

    - by Rusted
    I have Windows Server 2008 R2 with RDS and custom desktop (GUI) application installed on the server. The app is started as RemoteApp on server by user from his desktop computer (or, sometimes, he can work from notebook over VPN). Some details about environment: the server automatically shuts down every evening and automatically power-on every morning (this is a requirement) desktop application do some precalculations/precaching on startup and it can take lot of time mentioned application have some memory leaks, so I can't use hibernate instead of shutdown When user launching this app from his computer, he can't start work with it until this app finishes pre-initialization. Is there any way to start RemoteApp session at the server startup (without actual user logon), so that the user could connect to this session from his computer later? I don't want to involve the user's computer to make it work. I have tried to do it by Windows startup script, but have no luck - starting RDP session requires actual user session.

    Read the article

  • You wouldn&rsquo;t drink 9 year old milk would you?

    - by Jim Duffy
    This is an absolutely brilliant campaign to urge users that its time to move on from IE 6. I like how it puts it terms that everyone can understand and has probably experienced at one time or another. How many times have you opened the milk, took a sniff, and experienced that visceral reaction that accompanies catching a whiff of milk that has turned to the dark side of the force? I call it Darth Vader milk. :-) Of course I’m assuming that you haven’t used IE 6 for a long time now. It is our responsibility as information technology workers to communicate to our friends and family how lame using IE 6 is. Shame them into upgrading if necessary. I don’t care how you get through to them but get through. Tell them that only losers use IE 6. Tell them you’ll cut them out of the your will. Tell them they’re banned from your annual BBQ blowout. Tell them that [insert their favorite celebrity’s name here] thinks people using IE6 are losers.  :-) Seriously, IE6 sucks and blows at the same time and has got to go for a number of reasons including the security leaks that come with using it. Confidentially, I urge them to upgrade for purely selfish reasons. Because I am the first level of computer support for waaaaaay to many of my family members I always advocate they use a current browser (IE 8 or Firefox) and anti-virus software (AVG). Call me selfish but I’d rather not waste my time dealing with a virus or malware that could potentially slip through with IE6. Yes, I’m selfish with my time that way. :-) Have a day. :-|

    Read the article

  • Choosing the Database Solution for Large Data Application

    - by GµårÐïåñ
    I have been tasked to write an application that will be a combination of document and inventory management in VB.net which will be used to store document images in TIFF, PDF, XPS, TXT, DOC, PPT and so on as binary data that can be retrieved for viewing, printing, and possible OCR to be searchable as well along with meta data such as sender, recipient, type of document, date, source, etc. So the table would probably be something like: DOC_NAME, DOC_DATE, NOTES, ... DOC_BINARY (where the actual document will be put inside) What my concern is finding a database solution that will not become unstable due to size restrictions, records limitations and performance. Some of the options are MS_SQL, SQL Express, SQLite, mySQL, and Access. Now I can pretty much eliminate Access right off the bat as it is just too limiting and not scalable. I can further eliminate SQL Express because of the 2 GB limit and again scalability. So that leaves me with MS_SQL, SQLite and mySQL (although if anyone has other options they think would be good as well, please feel free to share them, by no means am I set on these only). So this brings me to what you guys think is the best option for what I have described. The goal is that the data is all in one place (a single file) that will make backup and portability easier. For small volume usage, pretty much any solution will hold for a while, but my goal is to think ahead and make sure its able to withstand heavy large volume usage as well. Another consideration is also the interoperability with .NET and stability of such code to avoid errors and memory leaks. Your feedback would be greatly appreciated.

    Read the article

  • How to check the OS is running on bare metal and not in virtualized environment created by BIOS?

    - by Arkadi Shishlov
    Is there any software available as a Linux, *BSD, or Windows program or boot-image to check (or guess with good probability) the environment an operating system is loaded onto is genuine bare metal and not already virtualized? Given recent information from various sources, including supposed to be E.Snowden leaks, I'm curious about the security of my PC-s, even about those that don't have on-board BMC. How it could be possible and why? See for example Blue Pill, and a number of papers. With a little assistance from network card firmware, which is also loadable on popular card models, such hypervisor could easily spy on me resulting in PGP, Tor, etc. exercises futile.

    Read the article

  • Isn't Java a quite good choice for desktop applications?

    - by tactoth
    At present most applications are still developed with C++, painfully. Lack of portability, in compatible libraries, memory leaks, slow compilation, and poor productivity. Even if you pick only a single from these shortages, it's still a big headache. However the surprising truth is that C++ remains the first choice for desktop applications. Compared to C++ Java has lots of advantages. The success in server side development shows that the language itself is good, Swing is also thought to be as programmer friendly as the highly recognized QT framework (No, never say even a single word about MFC!). All the disadvantages of C++ listed above has a solution in Java. "Performance!", Well that might still be the problem but to my experience it's a slight problem. I'd been using Java to decode some screen video and generate key frames. The video has a duration of more than 1 hour. The time spent on an average machine is just 1 minute. With C++ I don't expect even faster speed. In recent days there are many news on the JIT performance improvements, that make us feel Java is gradually becoming very suitable for desktop development, without people realizing it. Isn't it?

    Read the article

  • How to increase the disk cache of Windows 7

    - by Mark Christiaens
    Under Windows 7 (64 bit), I'm reading through 9000 moderately sized files. In total, there is more than 200 MB of data. Using Java (JDK 1.6.21) I'm iterating over the files. The first 1400 or so go at full speed but then speed drops off to 4ms per file. It turns out that the main cost is incurred simply by opening the files. I'm opening the files using new FileInputStream (and of course closing them in time to avoid file leaks). After some investigating, I see that Windows' disk cache is using only 100 MB or so of RAM although I have 8 GiB available. I've tried increasing the cache size using the CacheSet tool but any values I provide are considered out of range. I've also tried enabling the LargeSystemCache registry key but (after rebooting) the CacheSet tool still indicates I'm using 100 MB of cache (and doesn't increase during the test run). Does anybody have any suggestions to "encourage" Windows 7 to cache my 9000 files?

    Read the article

  • [Get Proactive!] Advisor Webcast ???! ~ WebLogic Server????·????????? OutOfMemoryError ??????????????

    - by aiyoku
    WebLogic Server????OutOfMemoryError ?????????????????????????????? OutOfMemoryError ?????????????????????????????????????????????????????????????????????????????????????????? ????Java ????????????????????????????????(1) ~ (3) ?????????????????????????????? ????????????? ??????????????????????????? ?????????????? ?????????????????????????????????????? ????????OutOfMemoryError ??????????????? ??????OutOfMemoryError ?????????????????????????????????????????????????????????????????????????????????? ??? OutOfMemoryError ????????????????????Advisor Webcast ?WebLogic Server ??????????????????????? ????????????? ??????10??????????????????????????????WebLogic Server???Advisor Webcast????????????????? ??? ?WebLogic Server ??????????????????????? ???JavaVM???????????????????????OutOfMemoryError ??????????????OutOfMemoryError ??????????????????????????????????????????????? OutOfMemoryError ?????????????????????????????????????? ????????Web Conferencing???????????????????????????????????????????????????????????(Q&A)???????????????? ???????????? Advisor Webcast: WebLogic Server ?????????????????????? ??: 11/26(?) 16?~17? ??: OutOfMemoryError ???????????? ??????????????????????? ??????? OutOfMemoryError ??? (???Q&A???????????) ????: ???? ??? ????????????? (? Advisor Webcast ????5???????????????Oracle WebLogic Server - Troubleshooting Memory Leaks(???Web???????/?????????)???????????????????????????????????? ) ????????????WebLogic Server????OutOfMemoryError????????????????????????????????????????

    Read the article

  • Why does jquery leak memory so badly?

    - by Thomas Lane
    This is kind of a follow-up to a question I posted last week: http://stackoverflow.com/questions/2429056/simple-jquery-ajax-call-leaks-memory-in-ie I love the jquery syntax and all of its nice features, but I've been having trouble with a page that automatically updates table cells via ajax calls leaking memory. So I created two simple test pages for experimenting. Both pages do an ajax call every .1 seconds. After each successful ajax call, a counter is incremented and the DOM is updated. The script stops after 1000 cycles. One uses jquery for both the ajax call and to update the DOM. The other uses the Yahoo API for the ajax and does a document.getElementById(...).innerHTML to update the DOM. The jquery version leaks memory badly. Running in drip (on XP Home with IE7), it starts at 9MB and finishes at about 48MB, with memory growing linearly the whole time. If I comment out the line that updates the DOM, it still finishes at 32MB, suggesting that even simple DOM updates leak a significant amount of memory. The non-jquery version starts and finishes at about 9MB, regardless of whether it updates the DOM. Does anyone have a good explanation of what is causing jquery to leak so badly? Am I missing something obvious? Is there a circular reference that I'm not aware of? Or does jquery just have some serious memory issues? Here is the source for the leaky (jquery) version: <html> <head> <script type="text/javascript" src="http://www.google.com/jsapi"></script> <script type="text/javascript"> google.load('jquery', '1.4.2'); </script> <script type="text/javascript"> var counter = 0; leakTest(); function leakTest() { $.ajax({ url: '/html/delme.x', type: 'GET', success: incrementCounter }); } function incrementCounter(data) { if (counter<1000) { counter++; $('#counter').text(counter); setTimeout(leakTest,100); } else $('#counter').text('finished.'); } </script> </head> <body> <div>Why is memory usage going up?</div> <div id="counter"></div> </body> </html> And here is the non-leaky version: <html> <head> <script type="text/javascript" src="http://yui.yahooapis.com/2.8.0r4/build/yahoo/yahoo-min.js"></script> <script type="text/javascript" src="http://yui.yahooapis.com/2.8.0r4/build/event/event-min.js"></script> <script type="text/javascript" src="http://yui.yahooapis.com/2.8.0r4/build/connection/connection_core-min.js"></script> <script type="text/javascript"> var counter = 0; leakTest(); function leakTest() { YAHOO.util.Connect.asyncRequest('GET', '/html/delme.x', {success:incrementCounter}); } function incrementCounter(o) { if (counter<1000) { counter++; document.getElementById('counter').innerHTML = counter; setTimeout(leakTest,100); } else document.getElementById('counter').innerHTML = 'finished.' } </script> </head> <body> <div>Memory usage is stable, right?</div> <div id="counter"></div> </body> </html>

    Read the article

  • Pain Comes Instantly

    - by user701213
    When I look back at recent blog entries – many of which are not all that current (more on where my available writing time is going later) – I am struck by how many of them focus on public policy or legislative issues instead of, say, the latest nefarious cyberattack or exploit (or everyone’s favorite new pastime: coining terms for the Coming Cyberpocalypse: “digital Pearl Harbor” is so 1941). Speaking of which, I personally hope evil hackers from Malefactoria will someday hack into my bathroom scale – which in a future time will be connected to the Internet because, gosh, wouldn’t it be great to have absolutely everything in your life Internet-enabled? – and recalibrate it so I’m 10 pounds thinner. The horror. In part, my focus on public policy is due to an admitted limitation of my skill set. I enjoy reading technical articles about exploits and cybersecurity trends, but writing a blog entry on those topics would take more research than I have time for and, quite honestly, doesn’t play to my strengths. The first rule of writing is “write what you know.” The bigger contributing factor to my recent paucity of blog entries is that more and more of my waking hours are spent engaging in “thrust and parry” activity involving emerging regulations of some sort or other. I’ve opined in earlier blogs about what constitutes good and reasonable public policy so nobody can accuse me of being reflexively anti-regulation. That said, you have so many cycles in the day, and most of us would rather spend it slaying actual dragons than participating in focus groups on whether dragons are really a problem, whether lassoing them (with organic, sustainable and recyclable lassos) is preferable to slaying them – after all, dragons are people, too - and whether we need lasso compliance auditors to make sure lassos are being used correctly and humanely. (A point that seems to evade many rule makers: slaying dragons actually accomplishes something, whereas talking about “approved dragon slaying procedures and requirements” wastes the time of those who are competent to dispatch actual dragons and who were doing so very well without the input of “dragon-slaying theorists.”) Unfortunately for so many of us who would just get on with doing our day jobs, cybersecurity is rapidly devolving into the “focus groups on dragon dispatching” realm, which actual dragons slayers have little choice but to participate in. The general trend in cybersecurity is that powers-that-be – which encompasses groups other than just legislators – are often increasingly concerned and therefore feel they need to Do Something About Cybersecurity. Many seem to believe that if only we had the right amount of regulation and oversight, there would be no data breaches: a breach simply must mean Someone Is At Fault and Needs Supervision. (Leaving aside the fact that we have lots of home invasions despite a) guard dogs b) liberal carry permits c) alarm systems d) etc.) Also note that many well-managed and security-aware organizations, like the US Department of Defense, still get hacked. More specifically, many powers-that-be feel they must direct industry in a multiplicity of ways, up to and including how we actually build and deploy information technology systems. The more prescriptive the requirement, the more regulators or overseers a) can be seen to be doing something b) feel as if they are doing something regardless of whether they are actually doing something useful or cost effective. Note: an unfortunate concomitant of Doing Something is that often the cure is worse than the ailment. That is, doing what overseers want creates unfortunate byproducts that they either didn’t foresee or worse, don’t care about. After all, the logic goes, we Did Something. Prescriptive practice in the IT industry is problematic for a number of reasons. For a start, prescriptive guidance is really only appropriate if: • It is cost effective• It is “current” (meaning, the guidance doesn’t require the use of the technical equivalent of buggy whips long after horse-drawn transportation has become passé)*• It is practical (that is, pragmatic, proven and effective in the real world, not theoretical and unproven)• It solves the right problem With the above in mind, heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged. A little background on PCI before I get too wound up. In 2008, the Payment Card Industry (PCI) Security Standards Council (SSC) introduced the Payment Application Data Security Standard (PA-DSS). That standard requires vendors of payment applications to ensure that their products implement specific requirements and undergo security assessment procedures. In order to have an application listed as a Validated Payment Application (VPA) and available for use by merchants, software vendors are required to execute the PCI Payment Application Vendor Release Agreement (VRA). (Are you still with me through all the acronyms?) Beginning in August 2010, the VRA imposed new obligations on vendors that are extraordinary and extraordinarily bad, short-sighted and unworkable. Specifically, PCI requires vendors to disclose (dare we say “tell all?”) to PCI any known security vulnerabilities and associated security breaches involving VPAs. ASAP. Think about the impact of that. PCI is asking a vendor to disclose to them: • Specific details of security vulnerabilities • Including exploit information or technical details of the vulnerability • Whether or not there is any mitigation available (as in a patch) PCI, in turn, has the right to blab about any and all of the above – specifically, to distribute all the gory details of what is disclosed - to the PCI SSC, qualified security assessors (QSAs), and any affiliate or agent or adviser of those entities, who are in turn permitted to share it with their respective affiliates, agents, employees, contractors, merchants, processors, service providers and other business partners. This assorted crew can’t be more than, oh, hundreds of thousands of entities. Does anybody believe that several hundred thousand people can keep a secret? Or that several hundred thousand people are all equally trustworthy? Or that not one of the people getting all that information would blab vulnerability details to a bad guy, even by accident? Or be a bad guy who uses the information to break into systems? (Wait, was that the Easter Bunny that just hopped by? Bringing world peace, no doubt.) Sarcasm aside, common sense tells us that telling lots of people a secret is guaranteed to “unsecret” the secret. Notably, being provided details of a vulnerability (without a patch) is of little or no use to companies running the affected application. Few users have the technological sophistication to create a workaround, and even if they do, most workarounds break some other functionality in the application or surrounding environment. Also, given the differences among corporate implementations of any application, it is highly unlikely that a single workaround is going to work for all corporate users. So until a patch is developed by the vendor, users remain at risk of exploit: even more so if the details of vulnerability have been widely shared. Sharing that information widely before a patch is available therefore does not help users, and instead helps only those wanting to exploit known security bugs. There’s a shocker for you. Furthermore, we already know that insider information about security vulnerabilities inevitably leaks, which is why most vendors closely hold such information and limit dissemination until a patch is available (and frequently limit dissemination of technical details even with the release of a patch). That’s the industry norm, not that PCI seems to realize or acknowledge that. Why would anybody release a bunch of highly technical exploit information to a cast of thousands, whose only “vetting” is that they are members of a PCI consortium? Oracle has had personal experience with this problem, which is one reason why information on security vulnerabilities at Oracle is “need to know” (we use our own row level access control to limit access to security bugs in our bug database, and thus less than 1% of development has access to this information), and we don’t provide some customers with more information than others or with vulnerability information and/or patches earlier than others. Failure to remember “insider information always leaks” creates problems in the general case, and has created problems for us specifically. A number of years ago, one of the UK intelligence agencies had information about a non-public security vulnerability in an Oracle product that they circulated among other UK and Commonwealth defense and intelligence entities. Nobody, it should be pointed out, bothered to report the problem to Oracle, even though only Oracle could produce a patch. The vulnerability was finally reported to Oracle by (drum roll) a US-based commercial company, to whom the information had leaked. (Note: every time I tell this story, the MI-whatever agency that created the problem gets a bit shirty with us. I know they meant well and have improved their vulnerability handling/sharing processes but, dudes, next time you find an Oracle vulnerability, try reporting it to us first before blabbing to lots of people who can’t actually fix the problem. Thank you!) Getting back to PCI: clearly, these new disclosure obligations increase the risk of exploitation of a vulnerability in a VPA and thus, of misappropriation of payment card data and customer information that a VPA processes, stores or transmits. It stands to reason that VRA’s current requirement for the widespread distribution of security vulnerability exploit details -- at any time, but particularly before a vendor can issue a patch or a workaround -- is very poor public policy. It effectively publicizes information of great value to potential attackers while not providing compensating benefits - actually, any benefits - to payment card merchants or consumers. In fact, it magnifies the risk to payment card merchants and consumers. The risk is most prominent in the time before a patch has been released, since customers often have little option but to continue using an application or system despite the risks. However, the risk is not limited to the time before a patch is issued: customers often need days, or weeks, to apply patches to systems, based upon the complexity of the issue and dependence on surrounding programs. Rather than decreasing the available window of exploit, this requirement increases the available window of exploit, both as to time available to exploit a vulnerability and the ease with which it can be exploited. Also, why would hackers focus on finding new vulnerabilities to exploit if they can get “EZHack” handed to them in such a manner: a) a vulnerability b) in a payment application c) with exploit code: the “Hacking Trifecta!“ It’s fair to say that this is probably the exact opposite of what PCI – or any of us – would want. Established industry practice concerning vulnerability handling avoids the risks created by the VRA’s vulnerability disclosure requirements. Specifically, the norm is not to release information about a security bug until the associated patch (or a pretty darn good workaround) has been issued. Once a patch is available, the notice to the user community is a high-level communication discussing the product at issue, the level of risk associated with the vulnerability, and how to apply the patch. The notices do not include either the specific customers affected by the vulnerability or forensic reports with maps of the exploit (both of which are required by the current VRA). In this way, customers have the tools they need to prioritize patching and to help prevent an attack, and the information released does not increase the risk of exploit. Furthermore, many vendors already use industry standards for vulnerability description: Common Vulnerability Enumeration (CVE) and Common Vulnerability Scoring System (CVSS). CVE helps ensure that customers know which particular issues a patch addresses and CVSS helps customers determine how severe a vulnerability is on a relative scale. Industry already provides the tools customers need to know what the patch contains and how bad the problem is that the patch remediates. So, what’s a poor vendor to do? Oracle is reaching out to other vendors subject to PCI and attempting to enlist then in a broad effort to engage PCI in rethinking (that is, eradicating) these requirements. I would therefore urge all who care about this issue, but especially those in the vendor community whose applications are subject to PCI and who may not have know they were being asked to tell-all to PCI and put their customers at risk, to do one of the following: • Contact PCI with your concerns• Contact Oracle (we are looking for vendors to sign our statement of concern)• And make sure you tell your customers that you have to rat them out to PCI if there is a breach involving the payment application I like to be charitable and say “PCI meant well” but in as important a public policy issue as what you disclose about vulnerabilities, to whom and when, meaning well isn’t enough. We need to do well. PCI, as regards this particular issue, has not done well, and has compounded the error by thus far being nonresponsive to those of us who have labored mightily to try to explain why they might want to rethink telling the entire planet about security problems with no solutions. By Way of Explanation… Non-related to PCI whatsoever, and the explanation for why I have not been blogging a lot recently, I have been working on Other Writing Venues with my sister Diane (who has also worked in the tech sector, inflicting upgrades on unsuspecting and largely ungrateful end users). I am pleased to note that we have recently (self-)published the first in the Miss Information Technology Murder Mystery series, Outsourcing Murder. The genre might best be described as “chick lit meets geek scene.” Our sisterly nom de plume is Maddi Davidson and (shameless plug follows): you can order the paper version of the book on Amazon, or the Kindle or Nook versions on www.amazon.com or www.bn.com, respectively. From our book jacket: Emma Jones, a 20-something IT consultant, is working on an outsourcing project at Tahiti Tacos, a restaurant chain offering Polynexican cuisine: refried poi, anyone? Emma despises her boss Padmanabh, a brilliant but arrogant partner in GD Consulting. When Emma discovers His-Royal-Padness’s body (verdict: death by cricket bat), she becomes a suspect.With her overprotective family and her best friend Stacey providing endless support and advice, Emma stumbles her way through an investigation of Padmanabh’s murder, bolstered by fusion food feeding frenzies, endless cups of frou-frou coffee and serious surfing sessions. While Stacey knows a PI who owes her a favor, landlady Magda urges Emma to tart up her underwear drawer before the next cute cop with a search warrant arrives. Emma’s mother offers to fix her up with a PhD student at Berkeley and showers her with self-defense gizmos while her old lover Keoni beckons from Hawai’i. And everyone, even Shaun the barista, knows a good lawyer. Book 2, Denial of Service, is coming out this summer. * Given the rate of change in technology, today’s “thou shalts” are easily next year’s “buggy whip guidance.”

    Read the article

  • MPMoviePlayerController on large videos causes massive memory spike, and a level 1 memory warning

    - by Shizam
    When viewing images my application hums along nicely with low memory consumption, once I try to watch a video using MPMoviePlayerController memory usage spikes way up, dwarfing the previous memory graph and if I play the video it causes a 'memory warning. Level=1' message. The video files (mp4) aren't even that big, 40MB or so, and it doesn't matter if I play the file streamed from a URL or loaded from a local file, actually the memory spike is even worse if I try to stream it. Here is the code I use to create the player: if (_photo.videoPath != nil) { _movieViewController=[[MPMoviePlayerViewController alloc] initWithContentURL:[NSURL fileURLWithPath:_photo.videoPath]]; } else { _movieViewController=[[MPMoviePlayerViewController alloc] initWithContentURL:[NSURL URLWithString:_photo.videoURL]]; } [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(videoMetaListener:) name:MPMovieDurationAvailableNotification object:_movieViewController.moviePlayer]; _movieViewController.moviePlayer.scalingMode=MPMovieScalingModeAspectFit; _movieViewController.moviePlayer.shouldAutoplay = YES; _movieViewController.moviePlayer.controlStyle = MPMovieControlStyleEmbedded; Anybody else running into issues playing video? Also I checked for leaks, there are none reported.

    Read the article

  • new[n] and delete every location with delete instead the whole chunk with delete[]

    - by pmr
    Is this valid C++ (e.g. not invoking UB) and does it achieve what I want without leaking memory? valgrinds complains about mismatching free and delete but says "no leaks are possible" in the end. int main() { int* a = new int[5]; for(int i = 0; i < 5; ++i) a[i] = i; for(int i = 0; i < 5; ++i) delete &a[i]; } The reason I'm asking: I have a class that uses boost::intrusive::list and I new every object that is added to that list. Sometimes I know how many objects I want to add to the list and was thinking about using new[] to allocate a chunk and still be able to delete every object on its own with the Disposer-style of boost::intrusive.

    Read the article

  • C#: Is this the correct way to use the SqlDataReader for DAAB

    - by Luke101
    Hello, I have just started using the Data Access Application Block from microsoft. There are very few instructions on the correct way to use the library. Just wanted to know if this is the correct way to use the data reader. SqlDataReader reader = SqlHelper.ExecuteReader(config.ConnectionString, CommandType.Text, "select * from category"); List<string> a = new List<string>(); using (reader) { while (reader.Read()) { string t = reader.GetString(1); a.Add(t); } return a; } will everything get closed doing it this way? Is there any chance of memory leaks?

    Read the article

  • Is tcerl for Mnesia production ready? Is there any alternatives?

    - by Sanoj
    I would like to create a scalable web service using Mnesia as database. However Mnesia per default isn't scalable for persistent storgage since it is using Dets (which has a 2GB limit) as backend. I have seen discussions about extending Mnesia with MnesiaEx and use tcerl as backend. It sounds good and have showed good performance. However, I have seen in a talk about Tokyo Cabinet and CouchDB with Mnesia that there are some issues: issues with durability issues with memory leaks issues with crashes Is tcerl + Mnesia really production ready? And is there any other alternatives? How doe´s companies overcome these issues if they use Mnesia in bigger systems? Is there a working solution with Mnesia and Tokyo Tyrant that is working better?

    Read the article

  • iPhone application-Memory handling issues

    - by Vin
    Hi All, I am having some memory management issues in my app. Maybe someone may help me out here. 1) While checking for leaks in intruments, when I deploy and run the app on device, the virtual memory utilized, starts from 50 MB(even though i've just launched the app and am on the first screen). My resources contribute to 2.6 MB of it and I don't know what is contributing for the rest. What is the ideal utilization of virtual memory for an app? 2) In certain screen of the app, user is allowed to click a picture from the camera. In Instruments, I observe that virtual memory utilization jumps around 20MB, on the invocation of camera. Is it normal and can it be decreased? Looking forward to hear a reply soon. Thanks in advance

    Read the article

  • Silverlight SOS (Son of Strike) documenation

    - by Kris Erickson
    Is there any microsoft or even non-official documentation for SOS for Silverlight. Other than a few web posts I have seen zero documentation for it on MSDN. Even official documentation for the CLR version of SOS seems hard to find, this ancient article mentions a sos.htm file that is included in the windows SDK but it doesn't appear to be there any more. Any pointers to debugging Silveright with SOS? I have found the following blog posts but am looking for more information: http://davybrion.com/blog/2009/08/finding-memory-leaks-in-silverlight-with-windbg/ http://www.ningzhang.org/2008/12/19/silverlight-debugging-with-windbg-and-sos/ http://debuggingblog.com/wp/2009/07/07/windbg-extension-sos-in-clr-40net-framework-40-ctp-net-runtime-dll-renamed-and-sos-commands-just-got-richer/ http://www.netfxharmonics.com/label/debugging http://blogs.msdn.com/b/tess/archive/2008/08/21/debugging-silverlight-applications-with-windbg-and-sos-dll.aspx http://blogs.msdn.com/b/delay/archive/2009/03/11/where-s-your-leak-at-using-windbg-sos-and-gcroot-to-diagnose-a-net-memory-leak.aspx http://blogs.msdn.com/b/delay/archive/2009/03/09/controls-are-like-diapers-you-don-t-want-a-leaky-one-implementing-the-weakevent-pattern-on-silverlight-with-the-weakeventlistener-class.aspx

    Read the article

  • Memory Allocation Profiling in C++

    - by Amit Kumar
    I am writing an application and am surprised to see its total memory usage is already too high. I want to profile the dynamic memory usage of my application: How many objects of each kind are there in the heap, and which functions created these objects? Also, how much memory is used by each of the object? Is there a simple way to do this? I am working on both linux and windows, so tools of any of the platforms would suffice. NOTE: I am not concerned with memory leaks here.

    Read the article

  • In windbg, how do I get a heap header address from !heap -l results?

    - by Kevin
    I am playing around with windbg's !heap command, particular the "-l" switch which detects memory leaks. When -l does detect a leak, I am having problems navigating from its results to a stack trace for the source of the leak. Here is a snippet of the results from !heap -l 0:066 !heap -l Searching the memory for potential unreachable busy blocks. Entry User Heap Segment Size PrevSize Unused Flags 0324b500 0324b508 01580000 03230000 20 60 a busy 0324b520 0324b528 01580000 03230000 20 20 a busy 0324b5c8 0324b5d0 01580000 03230000 20 28 a busy Windbg's documentation for !heap tells me to use dt _DPH_BLOCK_INFORMATION with the header address, followed by dds with the blocks' StackTrace field. But the output for !heap -l doesn't specify a header address! It's only specififying Entry, User, Heap, and Segment. I've racked my brain looking over the other commands but can't figure out how to get the header address from any of these fields. Can someone help?

    Read the article

  • Prevent IE users from visiting my site?

    - by Paul Hatcherian
    Internet Explorer has caused me a lot of trouble over the years, between security problems, memory leaks, endless CSS and JavaScript hacks to get my site to look correct, and inconsistencies between releases, I've spent countless hours as the hapless victim of IE's idiosyncrasies. Well that ends today, I've decided to take matters into my own hands and ban all users of IE from visiting my website. That will teach them to use such a cruddy browser. My question is how best to do this? I don't want to rely on JavaScript, which could be disabled, nor the request agent string, which could be tampered with. A clever user could even temporarily switch to Firefox or Chrome just to visit my site. Ideally, I'd have a list of the IP addresses of every IE user in the world and restrict based on the IP address. The main problem I'm having, aside from getting the list in the first place, is how do I keep it updated? Thanks!

    Read the article

  • Cleanup for control inside a FlowDocument

    - by Thorarin
    I have a custom control that I use inside a FlowDocument. The control uses a System.Drawing.ImageAnimator to display transparent, animated GIF images. Why is this such a pain in the butt in WPF anyway? :P In my original implementation, this was causing memory leaks when a paragraph containing the control was being deleted from the document, because the ImageAnimator kept a reference to the control for event handling. I've now implemented a WeakEventManager pattern which seems to indeed fix the leak itself, but I would like to stop "OnFrameChanged" events from being fired if a particular animated GIF is not currently in the document, instead of relying on the garbage collector to eventually collect the control objects and my event manager to notice that there no longer are valid listeners to the event. Basically, I would like to take a more active role in this and have the control react to being removed from the FlowDocument. Is there some way to do this? I've been unable to find it. OnVisualParentChanged doesn't get fired, because the direct parent (a Paragraph) is unchanged.

    Read the article

< Previous Page | 18 19 20 21 22 23 24 25 26 27 28 29  | Next Page >