Search Results

Search found 1742 results on 70 pages for 'bob murphy'.

Page 28/70 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Do employers hiring for software jobs care about the classes you took in a Computer Science Masters program?

    - by Bob Dole
    I'm torn between two classes right now for next semester (Software Design and Advanced Computer Graphics). I would enjoy Advanced Computer Graphics more, but I feel the software design class would help me when approaching anything I ever build for the rest of my career. I feel though I could just buy the book (I already have both books actually) of the Software Design class and go through it, if I wanted. But think it would be a bit tougher to pick up the Advanced Computer Graphics class on my own. So do employers look at the graduate classes you've taken to decide if you would be a good fit or not? I think, more importantly, what I'm wanting to know is if I wanted to work for a high-end software company like Apple or Google would a company like that be more impressed by someone that took software engineering classes or hardcore CS classes?

    Read the article

  • What is a good method for coloring textures based on a palette in XNA?

    - by Bob
    I've been trying to work on a game with the look of an 8-bit game using XNA, specifically using the NES as a guide. The NES has a very specific palette and each sprite can use up to 4 colors from that palette. How could I emulate this? The current way I accomplish this is I have a texture with defined values which act as indexes to an array of colors I pass to the GPU. I imagine there must be a better way than this, but maybe this is the best way? I don't want to simply make sure I draw every sprite with the right colors because I want to be able to dynamically alter the palette. I'd also prefer not to alter the texture directly using the CPU.

    Read the article

  • Building a complete program?

    - by Bob
    Reading books, watching videos, and reviewing tutorials is all very easy. Taking notes and actually learning the material may be slightly harder, but even then, anyone with a decent brain and a fair amount of interest, it's easy enough (not to mention, fun). The thing is, it doesn't really prepare you to write a full program or website. Let's say you're those teens (only in highschool, no true (college level) computer science or programming courses, and no real world experience), and you come out with Groupon. Or even Mark Zuckerburg, sure he was a genius, and he was a very capable programmer... but how? How do you recommend that people who are not necessarily new to programming, but new to programming real applications and real programmers go about developing it? What is the "development process" - especially for single programmers (or maybe 2-3 teens)? Also, as far as web development goes, what is the process? Was something like Facebook or Groupon written with a framework (like CodeIgniter or Zend for PHP)? Or do they develop their own frameworks? I'm not asking how to come up with a great idea, but how to implement great ideas in an effective way? Does anyone have advice? I've read a couple of books on both C and C++ (primarily the C Programming Language and the C++ Programming Language) and taken AP Computer Science (as well as read a few additional books on Java and OOP). I also have read a few tutorials on PHP (and CodeIgniter) and Python. But I'm still in highschool, and I'm technically not even old enough to work at an internship for a few more months.

    Read the article

  • How does Requiring users to Periodically Change their Passwords Improve Security? [closed]

    - by Bob Kaufman
    I've had the same password for some sites for years with no regrets. Meanwhile, at work, I find myself being forced to change passwords every two to three months. My thinking is that if a password gets compromised, requiring that I change it several weeks out isn't going to protect me or the network very much. Moreover, I find that by being required to change passwords frequently, I degenerate into a predictable password pattern (e.g., BearsFan111, BearsFan222, ...) which results in easier to remember and easier to guess passwords. Is there a sound argument for requiring that passwords be changed periodically?

    Read the article

  • Can I make query strings produce separate pages?

    - by John Smith
    I have a profile page with a URL like so: localhost/profile.php/?username=Bob I was wondering, if I had a separate <title> which changed according to the username, would they produce separate pages in the google search results? How do I tell Google to only use the username string or does it search within the title? On a similar note, how would I create a separate page with the username like so: localhost/bob instead of a query string like facebook does. Do that make a new file for each user?

    Read the article

  • How to Load Oracle Tables From Hadoop Tutorial (Part 5 - Leveraging Parallelism in OSCH)

    - by Bob Hanckel
    Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 Using OSCH: Beyond Hello World In the previous post we discussed a “Hello World” example for OSCH focusing on the mechanics of getting a toy end-to-end example working. In this post we are going to talk about how to make it work for big data loads. We will explain how to optimize an OSCH external table for load, paying particular attention to Oracle’s DOP (degree of parallelism), the number of external table location files we use, and the number of HDFS files that make up the payload. We will provide some rules that serve as best practices when using OSCH. The assumption is that you have read the previous post and have some end to end OSCH external tables working and now you want to ramp up the size of the loads. Using OSCH External Tables for Access and Loading OSCH external tables are no different from any other Oracle external tables.  They can be used to access HDFS content using Oracle SQL: SELECT * FROM my_hdfs_external_table; or use the same SQL access to load a table in Oracle. INSERT INTO my_oracle_table SELECT * FROM my_hdfs_external_table; To speed up the load time, you will want to control the degree of parallelism (i.e. DOP) and add two SQL hints. ALTER SESSION FORCE PARALLEL DML PARALLEL  8; ALTER SESSION FORCE PARALLEL QUERY PARALLEL 8; INSERT /*+ append pq_distribute(my_oracle_table, none) */ INTO my_oracle_table SELECT * FROM my_hdfs_external_table; There are various ways of either hinting at what level of DOP you want to use.  The ALTER SESSION statements above force the issue assuming you (the user of the session) are allowed to assert the DOP (more on that in the next section).  Alternatively you could embed additional parallel hints directly into the INSERT and SELECT clause respectively. /*+ parallel(my_oracle_table,8) *//*+ parallel(my_hdfs_external_table,8) */ Note that the "append" hint lets you load a target table by reserving space above a given "high watermark" in storage and uses Direct Path load.  In other doesn't try to fill blocks that are already allocated and partially filled. It uses unallocated blocks.  It is an optimized way of loading a table without incurring the typical resource overhead associated with run-of-the-mill inserts.  The "pq_distribute" hint in this context unifies the INSERT and SELECT operators to make data flow during a load more efficient. Finally your target Oracle table should be defined with "NOLOGGING" and "PARALLEL" attributes.   The combination of the "NOLOGGING" and use of the "append" hint disables REDO logging, and its overhead.  The "PARALLEL" clause tells Oracle to try to use parallel execution when operating on the target table. Determine Your DOP It might feel natural to build your datasets in Hadoop, then afterwards figure out how to tune the OSCH external table definition, but you should start backwards. You should focus on Oracle database, specifically the DOP you want to use when loading (or accessing) HDFS content using external tables. The DOP in Oracle controls how many PQ slaves are launched in parallel when executing an external table. Typically the DOP is something you want to Oracle to control transparently, but for loading content from Hadoop with OSCH, it's something that you will want to control. Oracle computes the maximum DOP that can be used by an Oracle user. The maximum value that can be assigned is an integer value typically equal to the number of CPUs on your Oracle instances, times the number of cores per CPU, times the number of Oracle instances. For example, suppose you have a RAC environment with 2 Oracle instances. And suppose that each system has 2 CPUs with 32 cores. The maximum DOP would be 128 (i.e. 2*2*32). In point of fact if you are running on a production system, the maximum DOP you are allowed to use will be restricted by the Oracle DBA. This is because using a system maximum DOP can subsume all system resources on Oracle and starve anything else that is executing. Obviously on a production system where resources need to be shared 24x7, this can’t be allowed to happen. The use cases for being able to run OSCH with a maximum DOP are when you have exclusive access to all the resources on an Oracle system. This can be in situations when your are first seeding tables in a new Oracle database, or there is a time where normal activity in the production database can be safely taken off-line for a few hours to free up resources for a big incremental load. Using OSCH on high end machines (specifically Oracle Exadata and Oracle BDA cabled with Infiniband), this mode of operation can load up to 15TB per hour. The bottom line is that you should first figure out what DOP you will be allowed to run with by talking to the DBAs who manage the production system. You then use that number to derive the number of location files, and (optionally) the number of HDFS data files that you want to generate, assuming that is flexible. Rule 1: Find out the maximum DOP you will be allowed to use with OSCH on the target Oracle system Determining the Number of Location Files Let’s assume that the DBA told you that your maximum DOP was 8. You want the number of location files in your external table to be big enough to utilize all 8 PQ slaves, and you want them to represent equally balanced workloads. Remember location files in OSCH are metadata lists of HDFS files and are created using OSCH’s External Table tool. They also represent the workload size given to an individual Oracle PQ slave (i.e. a PQ slave is given one location file to process at a time, and only it will process the contents of the location file.) Rule 2: The size of the workload of a single location file (and the PQ slave that processes it) is the sum of the content size of the HDFS files it lists For example, if a location file lists 5 HDFS files which are each 100GB in size, the workload size for that location file is 500GB. The number of location files that you generate is something you control by providing a number as input to OSCH’s External Table tool. Rule 3: The number of location files chosen should be a small multiple of the DOP Each location file represents one workload for one PQ slave. So the goal is to keep all slaves busy and try to give them equivalent workloads. Obviously if you run with a DOP of 8 but have 5 location files, only five PQ slaves will have something to do and the other three will have nothing to do and will quietly exit. If you run with 9 location files, then the PQ slaves will pick up the first 8 location files, and assuming they have equal work loads, will finish up about the same time. But the first PQ slave to finish its job will then be rescheduled to process the ninth location file, potentially doubling the end to end processing time. So for this DOP using 8, 16, or 32 location files would be a good idea. Determining the Number of HDFS Files Let’s start with the next rule and then explain it: Rule 4: The number of HDFS files should try to be a multiple of the number of location files and try to be relatively the same size In our running example, the DOP is 8. This means that the number of location files should be a small multiple of 8. Remember that each location file represents a list of unique HDFS files to load, and that the sum of the files listed in each location file is a workload for one Oracle PQ slave. The OSCH External Table tool will look in an HDFS directory for a set of HDFS files to load.  It will generate N number of location files (where N is the value you gave to the tool). It will then try to divvy up the HDFS files and do its best to make sure the workload across location files is as balanced as possible. (The tool uses a greedy algorithm that grabs the biggest HDFS file and delegates it to a particular location file. It then looks for the next biggest file and puts in some other location file, and so on). The tools ability to balance is reduced if HDFS file sizes are grossly out of balance or are too few. For example suppose my DOP is 8 and the number of location files is 8. Suppose I have only 8 HDFS files, where one file is 900GB and the others are 100GB. When the tool tries to balance the load it will be forced to put the singleton 900GB into one location file, and put each of the 100GB files in the 7 remaining location files. The load balance skew is 9 to 1. One PQ slave will be working overtime, while the slacker PQ slaves are off enjoying happy hour. If however the total payload (1600 GB) were broken up into smaller HDFS files, the OSCH External Table tool would have an easier time generating a list where each workload for each location file is relatively the same.  Applying Rule 4 above to our DOP of 8, we could divide the workload into160 files that were approximately 10 GB in size.  For this scenario the OSCH External Table tool would populate each location file with 20 HDFS file references, and all location files would have similar workloads (approximately 200GB per location file.) As a rule, when the OSCH External Table tool has to deal with more and smaller files it will be able to create more balanced loads. How small should HDFS files get? Not so small that the HDFS open and close file overhead starts having a substantial impact. For our performance test system (Exadata/BDA with Infiniband), I compared three OSCH loads of 1 TiB. One load had 128 HDFS files living in 64 location files where each HDFS file was about 8GB. I then did the same load with 12800 files where each HDFS file was about 80MB size. The end to end load time was virtually the same. However when I got ridiculously small (i.e. 128000 files at about 8MB per file), it started to make an impact and slow down the load time. What happens if you break rules 3 or 4 above? Nothing draconian, everything will still function. You just won’t be taking full advantage of the generous DOP that was allocated to you by your friendly DBA. The key point of the rules articulated above is this: if you know that HDFS content is ultimately going to be loaded into Oracle using OSCH, it makes sense to chop them up into the right number of files roughly the same size, derived from the DOP that you expect to use for loading. Next Steps So far we have talked about OLH and OSCH as alternative models for loading. That’s not quite the whole story. They can be used together in a way that provides for more efficient OSCH loads and allows one to be more flexible about scheduling on a Hadoop cluster and an Oracle Database to perform load operations. The next lesson will talk about Oracle Data Pump files generated by OLH, and loaded using OSCH. It will also outline the pros and cons of using various load methods.  This will be followed up with a final tutorial lesson focusing on how to optimize OLH and OSCH for use on Oracle's engineered systems: specifically Exadata and the BDA. /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;}

    Read the article

  • vlc issue with unity

    - by bob
    I'm using ubuntu 12.04 with unity 3d. I am having troubles to lock vlc (version: VLC media player 2.0.1 Twoflower (revision 2.0.1-0-gf432547)) to the left panel. It doesn't behave the same way other applications do. This is a fresh install from the repo, I didn't change any settings. Ubuntu 12.04 is also a fresh install. For example, (left) clicking on it doesn't bring it to front, but creates a new instance (this in particular is very annoying, if it gets behind another window, that happens to be maximized, there is no way to bring it back up). It also doesn't have a right arrow to say the number of instances there is. Any way around that ?

    Read the article

  • How to react to an office harassment based on my profession ? [closed]

    - by bob from jersey
    A lot of my co-workers (not developers, people from the other departments) who are framing me in the classical "nerd" stereotype, and with that acting disturbing towards me. Of course they are not aggressive or anything, since we are in a work environment having rules on it's own, plus we are all grownups now, but they are on a "quite war" against me (not particularly against me, they are against all developers, but I am the only one who dares to speak about it). I hear names, "nerd", "geek", "cyborg", "outsider" and so on, it's really inappropriate. Of course, nothing is said in our faces, but, you know, "you hear things over". Also this general feeling of "them not liking us at all" can be sensed in the air all the time. And while it is not a problem for a few weeks, a larger duration of constant office harassment (going for months now), can be really annoying and can cause a serious drop in the development performance, which will (inevitably) lead to problems with the management (maybe getting me fired). I want to know, should I continue with my current defensive strategy (passively ignoring their inappropriate labels) or should I switch into a more aggressive maneuvers, like giving them logical reasons why their antisocial behavior should be banned?

    Read the article

  • Twitter Tuesday - Top 10 @ArchBeat Tweets - August 12-18, 2014

    - by Bob Rhubart-Oracle
    Man in gray hat: "You know, more than three thousand people follow @OTNArchBeat on Twitter. I wonder which tweets were the most popular over the last seven days." Man in brown hat: "Shut up! I think I see a UFO!" Man in gray hat: "That's OK. I'll just read this blog post." RT @java: "Programmers are creative people and typically delight in contriving clever ways to solve problems." -Casimir Saternos in @OracleJavaMag Aug 18, 2014 at 12:54 PM The Offer Still Stands: Produce your own episode of the OTN ArchBeat Podcast. Click for details. Aug 13, 2014 at 02:03 PM Binge-Ready! Watch the Top 10 OTN ArchBeat Videos featuring @stewartbryson @stenvesterli @gurcanorhan Aug 13, 2014 at 11:49 AM Oracle Announces First Java 9 Features | InfoQ Aug 18, 2014 at 12:20 PM Getting Started wit the #Coherence Memcached Adaptor | David Felcey Aug 18, 2014 at 10:19 AM #WebLogic Data Source Connection Labeling | Steve Felts Aug 14, 2014 at 10:03 AM How to introduce #DevOps into a moribund corporate culture | ZDNet Aug 15, 2014 at 11:23 AM Sample Chapter: Installing Oracle #WebLogic Server 12c and Using the Management Tools | Sam Alapati Aug 14, 2014 at 11:09 AM Building a Responsive #WebCenter Portal Application | @JayJayZheng Aug 12, 2014 at 11:04 AM #OEM12c Cloud Control authorization with Active Directory | Jeroen Gouma Aug 14, 2014 at 10:16 AM

    Read the article

  • ArchBeat Link-o-Rama for 10-24-2012

    - by Bob Rhubart
    Play Oracle Vanquisher Here's a little respite from whatever it is you normally spend your time on. Oracle Vanquisher is an online diversion that makes a game of data center optimization. According to the description: "Armed with a cool Oracle vacuum pack suit and a strategic IT roadmap, you will thwart threats and optimize your data center to increase your company’s stock price and boost your company's position." Mainly you avoid electric shock and killer birds. The current high score belongs to someone identified as "TEN." My score? Never mind. Book: DevOps for Developers | The Java Source The subject of DevOps has come up in a couple of recent OTN ArchBeat Podcasts, so it's somewhat serendipitous that Tori Weildt's recent blog post offers an overview of Java Champion Michael Hutterman's new book, DevOps for Developers, now available from Apress. Bring Your Own Device (BYOD) : Context is everything… | The ORACLE-BASE Blog BOYD is a factor in the evolution of IT, but in what context? "The real IT work in companies is still being done on PCs," says Oracle ACE Director Tim Hall. "Yes, you can use a cloud service on your phone, but look around the office and you will see those cloud services are actually being used by people on PCs." Oracle in the Cloud: Oracle EBusiness Suite sizing | Tom Laszewski Cloud expert Tom Laszewski shares several technical resources that will be helpful for sizing of Oracle EBusiness Suite. Setting Up, Configuring, and Using an Oracle WebLogic Server Cluster Author and expert Yuli Vasiliev shows you how take advantage of multiple Oracle WebLogic Server instances grouped into a cluster to maximize scalability and availability. Webcast: Reduce Costs with Oracle's Database Storage Management Watch this! Join Oracle experts Kevin Jernigan and Margaret Hamburger for an interactive webcast in which you'll learn how Oracle's Database Storage Management can reduce storage costs and management complexity while improving query performance to meet service-level agreements and compliance requirements. Event Date: Tuesday, November 6, 2012 Event Time: 10 a.m. PT/1 p.m. ET Thought for the Day "Most software today is very much like an Egyptian pyramid with millions of bricks piled on top of each other, with no structural integrity, but just done by brute force and thousands of slaves." — Alan Kay Source: softwarequotes.com

    Read the article

  • ArchBeat Link-o-Rama for December 12, 2012

    - by Bob Rhubart
    “Cloud Integration in Minutes” – True or False? | Bruce Tierney The answer is 'True, but..." according to Bruce Tierney. "Connecting on-premise and cloud applications “in minutes” is true…provided you only consider the connectivity subset of integration and have a small number of cloud integration touch points." Get the rest of the story in Bruce's detailed post. Tech World Discovers New Species: The Cloud Architect | Wired Enterprise | Wired.com This Wired article by Cade Metz boils down to one essential conclusion: Cloud computing is a significant departure from "data center designs of the past," and the demand for the specialized skills of the cloud architect will only increase. But you already knew that, right? Oracle B2B - Synchronous Request Reply | A-Team - SOA "Beginning with Oracle SOA Suite PS5 (11.1.1.6), B2B supports synchronous request reply over http using the b2b/syncreceiver servlet," says C. D. Wright of the Fusion Middleware A-Team. His post includes a demo and everything you need to run it. Thought for the Day "Don't worry about what anybody else is going to do… The best way to predict the future is to invent it." — Alan Kay (Month Day, Year - Month Day, Year) Source: SoftwareQuotes.com

    Read the article

  • Instructions on Installing the FreeNX server on Ubuntu Karmic (9.10) are incorrect

    - by Bob Free
    How does one fix (or report an error) on an 'immutable' help.ubuntu.community wiki page? I am a registered member of the wiki. On http://help.ubuntu.com/community/FreeNX under the section: Installing the FreeNX server on Ubuntu Karmic (9.10) and higher, step #2, bjorn-nostvold erroneously changed on 2013-01-24 "add-apt-repository" to "apt-add-repository". The original "add-apt-repository" is correct - at least on my Karmic (9.10) version of Ubuntu. By the number of confused people I've found via google search, this seems to be throwing off a lot of people, myself included.

    Read the article

  • mount remotely mybook live network drive

    - by bob
    I have a mybook live western digital 1TB hard disk connected to fritzbox 7270 router in office. When I am in the office, I can mount this drive to ubuntu since I have added to the etc/fstab file: //192.168.178.30/user /home/user/DISK cifs auto,iocharset=utf8,user=user%password 0 0 Is there a similar, easy & safe way, to do the same when I am out of the office using the static IP of the fritzbox router? I have already added tcp port forwarding in the router for ports 8080 (to 80 of the disk) and 8443 (to 443 of the disk). Thank you in advance

    Read the article

  • Issues With IIS Hosting Two Domains From Same Folder [closed]

    - by Bob Mc
    I have two different domain names that resolve to the same ASP.Net site. Both domains are hosted on the same server, which runs Windows Server 2003 and IIS6. The sites are differentiated in IIS Manager using host headers. However, both of the sites point to the same folder on the local drive for the site's page files. I am occasionally experiencing an ASP.Net error that says "The state information is invalid for this page and might be corrupted." I'm the site developer so I've addressed all the relevant code-related causes for this issue. However, I was wondering whether having two domains/sites sharing the same folder for an ASP.Net application might be causing this intermittent error. Also, is this generally a bad practice? Should I make separate, duplicate folders for each of the domains? Seems like that can become a maintenance headache.

    Read the article

  • A Virtual Seat at the Architect&rsquo;s Table

    - by Bob Rhubart
    I always have fun producing the Arch2Arch podcasts, but the latest batch was all that and a bag of chips, since I was required to do absolutely no preparation and very little talking, and since the conversation was reminiscent of those I’ve had with various architects (you know who you are) in various watering holes: free-ranging, extemporaneous, and far, far from dull. The three most recent programs were recorded during a virtual mini meet-up of architects back in February.  You’ll find more detail here, but in a nutshell, I invited several previous Arch2Arch panelists to join me on Skype to talk about whatever was on their minds.  The resulting conversation yielded the three latest programs. Check them out – it’s like you’re sitting at the table. Listen to Part 1 Listen to Part 2 Listen to Part 3 The conversation begins with the participant’s responses to my challenge to fill in the blank in the sentence “Most conversations about Enterprise Architecture are too ____.” From there the conversation morphed into a discussion of the sheer joy of finding funding for architecture projects. The architects seated at the virtual table in these programs are:  Todd Biske, a veteran enterprise architect and the author of the book SOA Governace, from Packt Publishing. ( LinkedIn | Twitter | Blog | Oracle Mix ) Jordan Braunstein, an Oracle ACE Director and the Business Integration and Architecture Partner at TUSC. (Blog | Twitter | LinkedIn | Oracle Mix) Basheer Khan,  also an Oracle ACE Director, and the founder and CEO of Innowave Technology (Blog | LinkedIn | Twitter | Oracle Mix) Pat Shepherd, an enterprise architect with the Oracle Enterprise Solutions Group. (Oracle Mix | LinkedIn | Blog) Coming Soon I was so pleased with the results of this meet-up format that I did the same thing for the next series of programs.  These free-ranging conversations feature a different group of participants, covering a different set topics, including the fear of SOA, the misunderstanding and misinformation behind that fear, and the idea of beauty in architecture. Yeah, you read that right. So stay tuned: RSS   Technorati Tags: oracle,otn,enterprise architecture,podcast. arch2arch,meet-up del.icio.us Tags: oracle,otn,enterprise architecture,podcast. arch2arch,meet-up

    Read the article

  • ArchBeat Link-o-Rama for November 7, 2012

    - by Bob Rhubart
    Updated Business Activity Monitoring (BAM) Class | @OracleSOA Oracle SOA Team blogger Gary Barg has news for those interested in a skills upgrade. This updated Oracle University course "explains how to use Oracle BAM to monitor enterprise business activities across an enterprise in real time. You can measure your key performance indicators (KPIs), determine whether you are meeting service-level agreements (SLAs), and take corrective action in real time." Oracle Solaris 11.1 update focuses on database integration, cloud | @markfontecchio TechTarget editor Mark Fontecchio reports on the recent Oracle Solaris 11.1 release, with comments from IDC's Al Gillen. Thought for the Day "Why is composing symphonies tough? I don't know. It's just very few people in the world can do it well. And I think that's the case with upfront design. It is very hard to do well." — Martin Fowler Source: SoftwareQuotes.com

    Read the article

  • PCI Encryption Key Management

    - by Unicorn Bob
    (Full disclosure: I'm already an active participant here and at StackOverflow, but for reasons that should hopefully be obvious, I'm choosing to ask this particular question anonymously). I currently work for a small software shop that produces software that's sold commercially to manage small- to mid-size business in a couple of fairly specialized industries. Because these industries are customer-facing, a large portion of the software is related to storing and managing customer information. In particular, the storage (and securing) of customer credit card information. With that, of course, comes PCI compliance. To make a long story short, I'm left with a couple of questions about why certain things were done the way they were, and I'm unfortunately without much of a resource at the moment. This is a very small shop (I report directly to the owner, as does the only other full-time employee), and the owner doesn't have an answer to these questions, and the previous developer is...err...unavailable. Issue 1: Periodic Re-encryption As of now, the software prompts the user to do a wholesale re-encryption of all of the sensitive information in the database (basically credit card numbers and user passwords) if either of these conditions is true: There are any NON-encrypted pieces of sensitive information in the database (added through a manual database statement instead of through the business object, for example). This should not happen during the ordinary use of the software. The current key has been in use for more than a particular period of time. I believe it's 12 months, but I'm not certain of that. The point here is that the key "expires". This is my first foray into commercial solution development that deals with PCI, so I am unfortunately uneducated on the practices involved. Is there some aspect of PCI compliance that mandates (or even just strongly recommends) periodic key updating? This isn't a huge issue for me other than I don't currently have a good explanation to give to end users if they ask why they are being prompted to run it. Question 1: Is the concept of key expiration standard, and, if so, is that simply industry-standard or an element of PCI? Issue 2: Key Storage Here's my real issue...the encryption key is stored in the database, just obfuscated. The key is padded on the left and right with a few garbage bytes and some bits are twiddled, but fundamentally there's nothing stopping an enterprising person from examining our (dotfuscated) code, determining the pattern used to turn the stored key into the real key, then using that key to run amok. This seems like a horrible practice to me, but I want to make sure that this isn't just one of those "grin and bear it" practices that people in this industry have taken to. I have developed an alternative approach that would prevent such an attack, but I'm just looking for a sanity check here. Question 2: Is this method of key storage--namely storing the key in the database using an obfuscation method that exists in client code--normal or crazy? Believe me, I know that free advice is worth every penny that I've paid for it, nobody here is an attorney (or at least isn't offering legal advice), caveat emptor, etc. etc., but I'm looking for any input that you all can provide. Thank you in advance!

    Read the article

  • TechEd 2010 Day Three: The Database Designer (Isn't)

    - by BuckWoody
    Yesterday at TechEd 2010 here in New Orleans I worked the front-booth, answering general SQL Server questions for the masses. I was actually a little surprised to find most of the questions I got were from folks that wanted to know more about Stream Insight and Master Data Services. In past conferences I've been asked a lot of "free consulting" questions, about problems folks have had from older products. I don't mind that a bit - in fact, I'm always happy to help in any way I can. But this time people are really interested in the new features in the product, and I like that they are thinking ahead, not just having to solve problems in production. My presentation was on "Database Design in an Hour". We had the usual fun, and SideShow Bob made an appearance - I kid you not. The guy in the back of the room looked just like Sideshow Bob, so I quickly held a "bes thair" contest, and he won. Duing the presentation, I explain the tools you can use to design databases. I also explain that the "Database Designer" tool in SQL Server Management Studio (SSMS) isn't truly a desinger - it uses non-standard notation, doesn't have a meta-data dictionary, and worst of all, it works at the physical level. In other words, whatever you do in SSMS will automatically change the field/table/relationship structures in the database. We fixed this in SSMS 2008 and higher by adding an option to block that, but the tool is not a good design function nonetheless. To be fair, no one I know of at Microsoft recommends that it is - but I was shocked to hear so many developers in the room defending it as a good tool. I think the main issue for someone who doesn't have to work with Relational Systems a great deal is that it can be difficult to figure out Foreign Keys. The syntax makes them look "backwards", so it's just easier to grab a field and place it on the table you want to point to. There are options. You can download a couple of free tools (CA has a community edition of ER-WIN, Quest has one, and Embarcadero also has one) and if you design more than one or two databases a year, it may be worth buying a true design tool. For years I used Visio, but we changed it so that it doesn't forward-engineer (create the DDL) any more, so it isn't a true design tool either. So investigate those free and not-so-free tools. You'll find they help you in your job - but stay away from the Database Designer in SSMS. Or I'll send Sideshow Bob over there to straighten you out. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

    Read the article

  • links for 2010-05-14

    - by Bob Rhubart
    Oracle to show SOA middleware on a prepackaged machine at OOW 2010 « Adventures in SOA and BPM A wish comes true for Oracle ACE Director and SOA expert Hajo Normann. (tags: oracle otn exadata middleware soa ace)

    Read the article

  • Read the Comments!

    - by Bob Porter
    Originally posted on: http://geekswithblogs.net/blogofbob/archive/2013/06/18/read-the-comments.aspxSorry, I have been lax in posting for quite some time. Hopefully this will be the start of a renewed posting binge! A piece of advice, if you are searching for a solution to an issue, or a recommendation, or anything else on the web, when you find a post or a forum thread do 2 things.  First, check the date on the post of thread. If it is older it may no longer be fully up to date and or inaccurate. Bear that in mind.  Second, READ THE COMMENTS! Often small omissions or other issues in the post itself are resolved in the comments. If the solution to your issue does not appear to work check the comments. There may be a step missing or something else relavent that was raised by a prior reader or the author themselves. Cheers, Robert Porter

    Read the article

  • Follow the action: OTN's YouTube Channel

    - by Bob Rhubart
    If you're not one of the 50,000 people participating in Oracle OpenWorld in San Francisco next week you can still be a part of the action. Members of the OTN crew will be interviewing various community luminaries and subject matter experts and capturing some of the color and exitement on video. These videos will be posted on the Oracle Technology Network YouTube Channel daily.  Of course, you can also keep tabs on what's happening through social media via OTN's Facebook and Twitter (@oracletechnet) channels. Stay tuned...

    Read the article

  • Today in the OTN Lounge (Wednesday October 3, 2012)

    - by Bob Rhubart
    Here's a quick rundown of today's activities in the OTN Lounge: OTN Lounge hours today: 8:00 am - 6:00pm 9:00 am - 1:00 pm RAC Attack Learn about Oracle Real Application Clustering (RAC) in this collaborative event. You'll work with experts from the IOUG RAC SIG to get an Oracle Database 11gR2 RAC cluster running inside a virtual machine. For more information: RAC attack at Oracle Open World (Pythian Blog) RAC Attack - Oracle Cluster Database at Home/Events (WikiBooks) 4:30 pm - 8:00 pm Oracle Social Network Developer Challenge Judging The Oracle Social Network Developer Challenge comes to its conclusion with the final judging on entries and the award of the single prize: $500 in Amazon gift cards. Click here for more information. 4:30 pm - 5:30 pm Oracle ADF / Oracle Fusion Middleware Meet-up Join other Oracle ADF and Oracle Fusion Middleware developers and meet the product managers and engineers behind Oracle ADF, ADF Mobile, and ADF Essentials. Did we mention free beer? The OTN Lounge is located in the Howard St. Tent, between 3rd and 4th, directly between Moscone North and Moscone South. Access to the OTN Lounge requires an Oracle OpenWorld or JavaOne conference badge.

    Read the article

  • JDeveloper does not recognize existing subversion working directory

    - by Bob Webster
    Just a quick note about an issue where JDeveloper no longer recognized an existing subversion working directory. Symptom:  JDeveloper Versioning menu offers to Version an Application that is already versioned in svn. Cause: The repository url contained in the hidden .svn folders of the working directory is no longer valid. Solution: Determine the correct url for the Subversion repository and update the .svn working directory.Fix the url contained in the svn folders of the working directory using the svn switch command. Example:           In a shell change directory to the Application folder.           Run the svn info command to confirm the current settings.                $ svn info                   Path: .                   URL: http://192.168.1.128/repos/jdeveloperrepo/AsyncExamples/BPELCallAsync/trunk                   Repository Root: http://192.168.1.128/repos/jdeveloperrepo                   Repository UUID: 3dc5eb88-3001-0010-8d6e-fd6f73825647                   Revision: 145                   Node Kind: directory                   Schedule: normal                   Last Changed Rev: 145                   Last Changed Date: 2012-06-07 07:15:56 -0700 (Thu, 07 Jun 2012)            In this case, the IP address in the repository URL is incorrect,           the svn server is located at 192.168.56.1           Note: The IP Address currently set is displayed after the Project Name in the            Application Navigator.  See the screen snapshot above.            Run the svn switch command with the --relocate option            Provide as much of the urls as necessary to correctly rewrite the url from current to new.            For example,            to change the repository server address from 192.168.1.128   to   192.168.56.1                     $  svn switch --relocate  http://192.168.1.128   http://192.168.56.1  .                               (Note the trailing period in the above command)           When the url is correct, JDeveloper should recognize the Subversion Working Directory.

    Read the article

  • Citrix SDK: Where to start? [closed]

    - by Bob Dole
    I'm needing to start hacking around the Citrix SDK and am trying to figure out where to start. I'm wanting to basically find a way to pass data from the client to the server and figure out how to open an application on the citrix client. I see there is a XenApp SDK, and Virtual Channel SDK but really don't know which one I need to start with. I have a Citrix development virtual server set up, but am unsure how to get started. Does someone know of a good site/tutorial on how to get started with the various Citrix API's quickly?

    Read the article

  • Failed to download repository information

    - by Bob Van Elst
    When i clicked check this error message came up. But it does not come up when update manager strarts automatically. When you open update manager this error comes up. Any ideas on how to fix it? Details: *W:GPG error: (http://ppa.launchpad.net precise Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY FC8CA6FE7B1FEC7C, W:Failed to fetch (http://ppa.launchpad.net/jonabeck/ppa/ubuntu/dists/precise/main/binary-amd64/Packages 404 Not Found , W:Failed to fetch (http://ppa.launchpad.net/jonabeck/ppa/ubuntu/dists/precise/main/binary-i386/Packages 404 Not Found , W:Failed to fetch (http://ppa.launchpad.net/jonabeck/ppa/ubuntu/dists/precide/main/source/Sources 404 Not Found , E:Some index files failed to download. They have been ignored, or old ones used instead.*

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >