Search Results

Search found 1104 results on 45 pages for 'corporate'.

Page 28/45 | < Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >

  • Disaster Recovery Example

    Previously, I use to work for a small internet company that sells dental plans online. Our primary focus concerning disaster prevention and recovery is on our corporate website and private intranet site. We had a multiphase disaster recovery plan that includes data redundancy, load balancing, and off-site monitoring. Data redundancy is a key aspect of our disaster recovery plan. The first phase of this is to replicate our data to multiple database servers and schedule daily backups of the databases that are stored off site. The next phase is the file replication of data amongst our web servers that are also backed up daily by our collocation. In addition to the files located on the server, files are also stored locally on development machines, and again backed up using version control software. Load balancing is another key aspect of our disaster recovery plan. Load balancing offers many benefits for our system, better performance, load distribution and increased availability. With our servers behind a load balancer our system has the ability to accept multiple requests simultaneously because the load is split between multiple servers. Plus if one server is slow or experiencing a failure the traffic is diverted amongst the other servers connected to the load balancer allowing the server to get back online. The final key to our disaster recovery plan is off-site monitoring that notifies all IT staff of any outages or errors on the main website encountered by the monitor. Messages are sent by email, voicemail, and SMS. According to Disasterrecovery.org, disaster recovery planning is the way companies successfully manage crises with minimal cost and effort and maximum speed compared to others that are forced to make decision out of desperation when disasters occur. In addition Sun Guard stated in 2009 that the first step in disaster recovery planning is to analyze company risks and factor in fixed costs for things like hardware, software, staffing and utilities, as well as indirect costs, such as floor space, power protection, physical and information security, and management. Also availability requirements need to be determined per application and system as well as the strategies for recovery.

    Read the article

  • OpenJDK In The News: AMD and Oracle to Collaborate in the OpenJDK Community [..]

    - by $utils.escapeXML($entry.author)
    During the JavaOne™ 2012 Strategy Keynote, AMD (NYSE: AMD) announced its participation in OpenJDK™ Project “Sumatra” in collaboration with Oracle and other members of the OpenJDK community to help bring heterogeneous computing capabilities to Java™ for server and cloud environments. The OpenJDK Project “Sumatra” will explore how the Java Virtual Machine (JVM), as well as the Java language and APIs, might be enhanced to allow applications to take advantage of graphics processing unit (GPU) acceleration, either in discrete graphics cards or in high-performance graphics processor cores such as those found in AMD accelerated processing units (APUs).“Affirming our plans to contribute to the OpenJDK Project represents the next step towards bringing heterogeneous computing to millions of Java developers and can potentially lead to future developments of new hardware models, as well as server and cloud programming paradigms,” said Manju Hegde, corporate vice president, Heterogeneous Applications and Developer Solutions at AMD. “AMD has an established track record of collaboration with open-software development communities from OpenCL™ to the Heterogeneous System Architecture (HSA) Foundation, and with this initiative we will help further the development of graphics acceleration within the Java community.”“We expect our work with AMD and other OpenJDK participants in Project “Sumatra” will eventually help provide Java developers with the ability to quickly leverage GPU acceleration for better performance,” said Georges Saab, vice president, Software Development, Java Platform Group at Oracle. "We hope individuals and other organizations interested in this exciting development will follow AMD's lead by joining us in Project “Sumatra."Quotes taken from the first press release from AMD mentioning OpenJDK, titled "AMD and Oracle to Collaborate in the OpenJDK Community to Explore Heterogeneous Computing for Java ".

    Read the article

  • StreamInsight Now Available Through Microsoft Update

    - by Roman Schindlauer
    We are pleased to announce that StreamInsight v1.1 is now available for automatic download and install via Microsoft Update globally. In order to enable agile deployment of StreamInsight solutions, you have asked of us a steady cadence of releases with incremental, but highly impactful features and product improvements. Following our StreamInsight 1.0 launch in Spring 2010, we offered StreamInsight 1.1 in Fall 2010 with implicit compatibility and an upgraded setup to support side by side installs. With this setup, your applications will automatically point to the latest runtime, but you still have the choice to point your application back to a 1.0 runtime if you choose to do so. As the next step, in order to enable timely delivery of our releases to you, we are pleased to announce the support for automatic download and install of StreamInsight 1.1 release via Microsoft Update starting this week. If you have a computer: that is subscribed to Microsoft Update (different from Windows Update) has StreamInsight 1.0 installed, and does not yet have StreamInsight 1.1 installed, Microsoft Update will automatically download and install the corresponding StreamInsight 1.1 update side by side with your existing StreamInsight 1.0 installation – across all supported 32-bit and 64-bit Windows operating systems, across 11 supported languages, and across StreamInsight client and server SKUs. This is also supported in WSUS environments, if all your updates are managed from a corporate server (please talk to the WSUS administrator in your enterprise). As an example, if you have SI Client 1.0 DEU and SI Server 1.0 ENU installed on the same computer, Microsoft Update will selectively download and side-by-side install just the SI Client 1.1 DEU and SI Server 1.1 ENU releases. Going forward, Microsoft Update will be our preferred mode of delivery – in addition to support for our download sites, and media based distribution where appropriate. Regards, The StreamInsight Team

    Read the article

  • Which Language Next? Python? Ruby? [closed]

    - by Ryan Craig
    I am a beginning Webmaster (relatively), with 2+ years of php experience. I also have some java training and a bit of .net. My company is now close to redeveloping the website that I work on, which is coded primarily in php, but has some poorly-written .net in part as well (it's confusing and ill-planned, but I didn't make any of those decisions. Can anyone say action-oriented .net and JScript?). So, I'm trying to decide which language I should learn next to quickly develop a new site. I will probably just redevelop it at first in php because I'm very comfortable with it. However, I'd like to migrate in the next year to something newer and more forward-thinking. This being said, .net is out of the question a little bit. We need cheap developers who are fast and can get pages up quickly. In this part of the country, part-time .net developers are hard to find. So, we need something that will be pretty standard in the next few years, but we have some .net SOAP 1.1 APIs that we use on our actual service (separate from the corporate website), that we will need to integrate part of the site with. Developing with php and SOAP is much more difficult than doing the same thing. So, I may have to develop the API collaborative part in .net just to be easy, and then I'd like to use something else that is fast, flexible, forward thinking, and will be relatively standard and easy to find developers for. So, any ideas? Python and Django? Ruby on Rails? Another framework? Thanks for your thoughts. Sorry, I know this was long, but it's all very convoluted and confusing so I needed to be slightly long-winded.

    Read the article

  • Twitter Tuesday - Top 10 @ArchBeat Tweets - August 12-18, 2014

    - by Bob Rhubart-Oracle
    Man in gray hat: "You know, more than three thousand people follow @OTNArchBeat on Twitter. I wonder which tweets were the most popular over the last seven days." Man in brown hat: "Shut up! I think I see a UFO!" Man in gray hat: "That's OK. I'll just read this blog post." RT @java: "Programmers are creative people and typically delight in contriving clever ways to solve problems." -Casimir Saternos in @OracleJavaMag Aug 18, 2014 at 12:54 PM The Offer Still Stands: Produce your own episode of the OTN ArchBeat Podcast. Click for details. Aug 13, 2014 at 02:03 PM Binge-Ready! Watch the Top 10 OTN ArchBeat Videos featuring @stewartbryson @stenvesterli @gurcanorhan Aug 13, 2014 at 11:49 AM Oracle Announces First Java 9 Features | InfoQ Aug 18, 2014 at 12:20 PM Getting Started wit the #Coherence Memcached Adaptor | David Felcey Aug 18, 2014 at 10:19 AM #WebLogic Data Source Connection Labeling | Steve Felts Aug 14, 2014 at 10:03 AM How to introduce #DevOps into a moribund corporate culture | ZDNet Aug 15, 2014 at 11:23 AM Sample Chapter: Installing Oracle #WebLogic Server 12c and Using the Management Tools | Sam Alapati Aug 14, 2014 at 11:09 AM Building a Responsive #WebCenter Portal Application | @JayJayZheng Aug 12, 2014 at 11:04 AM #OEM12c Cloud Control authorization with Active Directory | Jeroen Gouma Aug 14, 2014 at 10:16 AM

    Read the article

  • Integrated Reporting Is Getting Closer

    - by Evelyn Neumayr
    By John O’Rourke, Vice President, Product Marketing, Oracle Oracle recently sponsored a webcast on CFO.com titled:  The CFO Playbook on Integrated Reporting: Integrating Sustainability into Financial Disclosures which focused on why top companies in the U.S. and overseas are incorporating sustainability content into their annual reports and other financial disclosures.  The webcast speakers, James Margolis, partner with Environmental Resources Management (ERM), a global provider of environmental, health, safety, risk and sustainability consulting services (EHSS) and Mike Wallace, Director of the Global Reporting Initiative's Focal Point USA, discussed the benefits of integrating sustainability reporting with traditional financial reporting. They noted how investors, corporate directors, lenders and most recently, the Securities and Exchange Commission, use this information to better understand, benchmark and value companies. They also talked about the November 2012 release of an Integrated Reporting Framework by the International Integrated Reporting Council (IIRC).  Read the press release and link to the framework here.  The shift towards integrated financial and sustainability reporting is gaining momentum with a number of global stock exchanges endorsing this approach in 2012.  Visit these links to listen to the webcast and download the slides. You can also view a demonstration of Oracle's solution for integrated financial and sustainability reporting. If you’re interested in learning more about this and Oracle’s other sustainability reporting solutions, click here. If you have any questions or need additional information, please feel free to contact me at [email protected].

    Read the article

  • Forking a GPL dual licensed software with business owned copyrights

    - by Eric
    After receiving some threats of the copyrights holder of a dual licensed software(GPL2 and commercial) to buy the commercial version for projects in production, I am thinking to make a fork. In a case of GPL2 and commercially dual licensed with business owned copyrights software, is forking the GPL2 version an option? Also, is forking a good way to deal with such cases? Background information The software is a web CMS released under 2 versions a GPL2 free open source edition and a commercial edition including technical support and extra functionality. The problem is that now, basing their argumentation on the "distribution" definition of the GPL2, the company holding the copyrights argue that delivering the software and some extensions to a client is considered as a "distribution". And that such a "distribution" falls under the GPL2 obligation to release the custom made extension code. Custom made extensions are mainly designs, templates and very specific functionality. Basically they give me 3 choices: Buying the commercial licensed edition for projects based on the GPL in production, Deleting all the projects in production based on GPL2 version, Releasing all the extensions as GPL2 code. The first 2 options are nothing realistic for finished projects. The third option could be fine, but as most of the extensions are very specific, cleaning the code to make it usable by other users means lot of works and also I am not sure the clients will appreciate to have their website designs and specific functionality released publicly. The copyrights holding company even contacted some clients directly, giving them the "choice". I know that this is a very corporate interpretation of GPL2, and a such action is nothing close to legal, but as an independent developer, I don't want to take the risk to get involved in some long and tiring legal procedures. PS. This question was first asked on Stack Overflow where it felt out of the scope and closed, after reading the present site FAQ, discussing about software licensing seems fine.

    Read the article

  • eSTEP Newsletter November 2011 now available

    - by uwes
    Dear Partners,We would like to inform you that the November issue of our Newsletter is now available.The issue contains informations to the following topics:Notes from Corporate: Magic Quadrant for Enterprise Application Servers, Oracle Buys RightNow Technical Corner: Oracle Solaris 11 – The First Cloud OS, Oracle Solaris 10 8/11 now available, New RAC/Containers certifications, DTrace and Container for Oracle Linux, Oracle Enterprise Manager Ops Center released, News from the Oracle Solaris Cluster, SPARC - New roadmap, T-Series Benchmarks Learning & Events: eSTEP Events Schedule, Recently Delivered TechCasts, Delivered Campaigns in 2011 How to ...: About Oracle Solaris Containers, Detailed feature comparison between the different versions of database 11g, Upgrade Advantage Program + table with examples, Sun Software Name ===> New Oracle Name, Oracle Linux and OVM Certification Search, TO YOUR ATTENTION - Repricing Servers and Xoptions You find the Newsletter on our portal under eSTEP News ---> Latest Newsletter. You will need to provide your email address and the pin below to get access. Link to the portal is shown below.URL: http://launch.oracle.com/PIN: eSTEP_2011Previous published Newsletters can be found under the Archived Newsletters section and more useful information under the Events, Download and Links tab. Feel free to explore and any feedback is appreciated to help us improve the service and information we deliver.Thanks and best regards,Partner HW Enablement EMEA

    Read the article

  • BPI On Demand achieves both Oracle Fusion CRM Cloud Service 2013 Specialisation and Reseller status!

    - by Richard Lefebvre
    Oracle is delighted to share with you that BPI OnDemand has achieved the Oracle Fusion CRM Cloud Service 2013 Specialization and is the EMEA first ever Oracle Sales Cloud reseller ! One of Oracle's most active CRM SaaS partners across EMEA, BPI OnDemand operates out of the UK with subsidiaries in Spain and South Africa that will also benefit locally from the specialization and reseller status. Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";} BPI OnDemand distinguishes itself from other Oracle Sales Cloud integrators with 2 unique implementation options: 1) Rapid Advantage Fixed Scope for as low as £20,000 or their famous 2) Zero upfront cost Fully Managed Cloud CRM Service which has no equivalent in Europe. BPI OnDemand has already 2 Oracle Sales Cloud live customers and is engaging in many other opportunities including large corporate accounts. Meet BPI OnDemand here or on LinkedIn or on Twitter

    Read the article

  • Webcast: DB Enterprise User Security Integration with Oracle Directory Services

    - by B Shashikumar
    The typical enterprise has a large number of DBA (Database administrator) accounts that are locally managed, which is often very costly, problematic and error-prone. Databases are a crucial component of your enterprise IT infrastructure, housing sensitive corporate data and database user accounts and privileges. To ensure the integrity of your enterprise's data, it's imperative to have a well-managed identity management system. This begins with centralized management of user accounts and access rights. Enterprise User Security (EUS), an Oracle Database Enterprise Edition feature, combined with Oracle Identity Management, gives you the ability to centrally manage database users and their authorizations in one central place. The cost of user provisioning and password resets is dramatically reduced. This technology is a must for new application development and should be considered for existing applications as well. Join Oracle Advisors for a live webcast on Jul 11 at 8am Pacific Time where Oracle experts will briefly introduce EUS, followed by a detailed discussion about the various directory options that are supported, including integration with Microsoft Active Directory. We'll conclude how to avoid common pitfalls deploying EUS with directory services. To register for this event, click here  

    Read the article

  • Two views of Federation: inside out, and outside in

    - by Darin Pendergraft
    IDM customers that I speak to have spent a lot of time thinking about enterprise SSO - asking your employees to log in to multiple systems, each with distinct hard to guess (translation: hard to remember) passwords that fit the corporate security policy for length and complexity is a strategy that is just begging for a lot of help-desk password reset calls. So forward thinking organizations have implemented SSO for as many systems as possible. With the mix of Enterprise Apps moving to the cloud, it makes sense to continue this SSO strategy by Federating with those cloud apps and services.  Organizations maintain control, since employee access to the externally hosted apps is provided via the enterprise account.  If the employee leaves, their access to the cloud app is terminated when their enterprise account is disabled.  The employees don't have to remember another username and password - so life is good. From the outside in - I am excited about the increasing use of Social Sign-on - or BYOI (Bring your own Identity).  The convenience of single-sign on is extended to customers/users/prospects when organizations enable access to business services using a social ID.  The last thing I want when visiting a website or blog is to create another account.  So using my Google or Twitter ID is a very nice quick way to get access without having to go through a registration process that creates another username/password that I have to try to remember. The convenience of not having to maintain multiple passwords is obvious, whether you are an employee or customer - and the security benefit of not having lots of passwords to lose or forget is there as well. Are enterprises allowing employees to use their personal (social) IDs for enterprise apps?  Not yet, but we are moving in the right direction, and we will get there some day.

    Read the article

  • Microsoft Access as a Weapon of War

    - by Damon
    A while ago (probably a decade ago, actually) I saw a report on a tracking system maintained by a U.S. Army artillery control unit.  This system was capable of maintaining a bearing on various units in the field to help avoid friendly fire.  I consider the U.S. Army to be the most technologically advanced fighting force on Earth, but to my terror I saw something on the title bar of an application displayed on a laptop behind one of the soldiers they were interviewing: Tracking.mdb Oh yes.  Microsoft Office Suite had made it onto the battlefield.  My hope is that it was just running as a front-end for a more proficient database (no offense Access people), or that the soldier was tracking something else like KP duty or fantasy football scores.  But I could also see the corporate equivalent of a pointy-haired boss walking into a cube and asking someone who had piddled with Access to build a database for HR forms.  Except this pointy-haired boss would have been a general, the cube would have been a tank, and the HR forms would have been targets that, if something went amiss, would have been hit by a 500lb artillery round. Hope that solider could write a good query :)

    Read the article

  • Web Service Standard Complexity

    Are we over-standardizing web services and hindering their adoption? No, and in fact I feel that it is helping its adoption in the modern corporate world. Standards, although they can be daunting and tedious, provide a universal framework to which we all can operate in and around. These frameworks provide a common interface for all of to use when interaction with various computing environments so that data can be transfer freely.  Standards are protocols in which computers communicate with one another. If we take this to the living world, the united nations hires interprets for all each countries dignitaries so that they can understand what other countries are talking about. Imagine if the president of the United States wanted to talk to the ruler of China. How would these to communicate? The interpreter would translate data back and forth acting as in intermediary using both standard American English and Chinese. Without knowing the standards in either language no one would be able to communicate. Even though we work within the framework of standards does not mean that we are stuck with these standards. As technology evolves all standards will be out of touch, and when this occurs standards need to be refactored or replaced with new standards that are current with the technology at that time. How else are we as developers and the technology going to grow? What do you guys think?

    Read the article

  • Majoring in computer science, but i'm not to sure I'm in the right field [closed]

    - by user74340
    Throught out my high school years and first year in college, I never thought of studying computer science. I studied biology and chemistry during my first year, and I didn't like the research, nor any type of medical professionals. So I took an introductory CS course, and loved the diverse roles this field can have. So I declare CS as my major. I finished first, and second year CS courses. Then now, I'm doing my co-op(intern) as a web developer. During my first and second year, I was always just an average student. My grades is around low B. But I put so much effort to understand my course' materials. I see many brilliants peers who not only excel at what they do, but have the passion. So I always doubt myself if I don't belong in this field. I'm not good at math, I usually get Cs on my math courses. My internship (a corporate developer job) is okay. But doesn't want to work like this after my graduation). Some aspects of CS that I like is HCI. In my experience in programming, and group projects, I enjoyed designing User interface, and thinking of user experience. I'm also thinking of taking some psychology courses.. I would appreciate any criticism, or advices.

    Read the article

  • Domain Specific Software Engineering (DSSE)

    Domain Specific Software Engineering (DSSE) believes that creating every application from nothing is not advantageous when existing systems can be leveraged to create the same application in less time and with less cost.  This belief is founded in the idea that forcing applications to recreate exiting functionality is unnecessary. Why would we build a better wheel when we already have four really good and proven wheels? DSSE suggest that we take an existing wheel and just modify it to fit an existing need of a system. This allows developers to leverage existing codebases so that more time and expense are focused on creating more usable functionality compared to just creating more functionality. As an example, how many functions do we need to create to send an email when one can be created and used by all other applications within the existing domain? Key Factors of DSSE Domain Technology Business A Domain in DSSE is used to control the problem space for a project. This control allows for applications to be developed within specific constrains that focus development is to a specific direction.Technology in DSSE offers a variety of technological solutions to be applied within a domain. Technology Examples: Tools Patterns Architectures & Styles Legacy Systems Business is the motivator for any originations to use DSSE in there software development process. Business reason to use DSSE: Minimize Costs Maximize market and Profits When these factors are used in combination additional factors and benefits can be found. Result of combining Key Factors of DSSE Domain + Business  = Corporate Core Competencies Domain expertise improved by market and business expertise Domain + Technology = Application Family Architectures All possible technological solutions to problems in a domain without any business constraints.  Business + Technology =  Domain independent infrastructure Tools and techniques for building systems  independent of all domains  Domain + Business + Technology = Domain-specific software engineering Applies technology to domain related goals in the context of business and market expertise

    Read the article

  • Using Ubuntu isn't worth it for me, Windows works best.

    - by user72475
    Welcome to Ubuntu and the lack of support( 12.04 LOS ). If I say Ubuntu 12.04 is a so so broken OS, I will get flamed. But if I ask for help, I can here the crickets chirruping. Unix/Linux user have an attitude and really don't like to share info. Because if they help everyone, they wouldn't have anyone to call a noob. Then their moms basement wouldn't be the same without being able to flame Ubuntu noobs. I am going back to windows I don't have to spend all day trying to get a single app or option to work. Sure Ubuntu is fun to tinker with but it is not a professional consumer OS. Windows is a better consumer based os, I don't need server software(Unix) that's been broken and hacked to be used like windows(Ubuntu). All the time I have wasted trying to get Ubuntu to work CORRECTLY cost me more the Windows 7 ultimate by far. HOW MUCH IS YOUR TIME WORTH. If you are unemployed and have all night to set in your moms basement and flame noobs then Ubuntu is for you. If you want to use an external monitor on your notebook or download Adobe reader use Windows 7. When are we going to stop complaining about corporate giants like Microsoft and admit they have great products. Gave it a shot, did work for me, I have better things to do with my time. bye Ubuntu

    Read the article

  • Which metric/list should be used to evaluate whole software development team?

    - by adt
    Title might be seem vague, so let me tell you a little bit history what i am trying to clarify question. I have been hired as a consultant for a corporate's small developement divison ( The company also owns a couple of software dev. companies) My ex manager runs a BI team, with reportes, analyts and developers. He asked me to evaluate overall design, software developement process and code quality . Here what i found, Lots of copy/paste code everywhere ( no reuse ) Even though they have everything TFS, VS Ultimate etc, No Build process , No Cruise Control.net / team city... No unit tests Web Pages with 3700 lines of code, Lots of huge functions ( which can be divided into smaller one's ) No naming convention both db and c# code No 3r party or open source project No IoC No Seperation Of Concerns No Code Quality Check ( NDepend or FxCope or nothing ) No Code Review No Communication within the team They claim they wrote an application framework ( 6 months 3 persons), but I would hardly call a framework ( of course no unit test, there are some but all commented out). Framework contains 14 projects but there are some projects with 1 file 20 lines of code . Honestly, what people are doing fixing bug all thr day( which will provide more bugs eventually), they are kind of isolated from community, some team members even dont know github or stackoverflow they probably went there with google but they dont know about it. So here is question, Is This list ok ? Or am i being picky? Since I dont have any grudge against them, I just want to be fair, honest and I would like to hear you suggestions, before I would submit this list. And since this list also will be review by software division's manager, I dont want any heart break or something like this. http://www.hanselman.com/altnetgeekcode/ For example I would love to such lists, i cant make references. Thanks in advance.

    Read the article

  • Solaris 11 VNC Server is "blurry" or "smeared"

    - by user12620111
    I've been annoyed by quality of the image that is displayed by my VNC viewer when I visit a Solaris 11 VNC server. How should I describe the image? Blurry? Grainy? Smeared? Low resolution? Compressed? Badly encoded? This is what I have gotten used to seeing on Solaris 11: This is not a problem for me when I view Solaris 10 VNC servers. I've finally taken the time to investigate, and the solution is simple. On the VNC client, don't allow "Tight" encoding. My VNC Viewer will negotiate to Tight encoding if it is available. When negotiating with the Solaris 10 VNC server, Tight is not a supported option, so the Solaris 10 server and my client will agree on ZRLE.  Now that I have disabled Tight encoding on my VNC client, the Solaris 11 VNC Servers looks much better: How should I describe the display when my VNC client is forced to negotiate to ZRLE encoding with the Solaris 11 VNC Server? Crisp? Clear? Higher resolution? Using a lossless compression algorithm? When I'm on a low bandwidth connection, I may re-enable Tight compression on my laptop. In the mean time, the ZRLE compression is sufficient for a coast-to-coast desktop, through the corporate firewall, encoded with VPN, through my ISP and onto my laptop. YMMV.

    Read the article

  • ADF Hands on Training &ndash; Prerequisites for 22nd March 2011

    - by Grant Ronald
    For those of you coming to the ADF Hands on training on the 22nd March in London, there was a link to the prerequisites.  Unfortunately, in a reshuffle of content on OTN, this page was removed.  So, over the next day or so I’m hoping to the pull together the relevant information into this blog post.  So keep checking back! Firstly, you need to being your laptop with you to do the hands on exercises.  No laptop, no hands on. Recommended 2GB RAM running Microsoft Windows XP SP2, 2003 Server SP2, Vista (32 bit only), Windows 7 or Linux or Mac 2GHz Processor (less will be acceptable but slower) Mozilla Firefox 2.0 or higher, Internet Explorer 7 or higher, Safari 3.0 and higher, Google Chrome 1.0 or higher Winzip or other extracting software Adobe Acrobat reader Flash (if you want to see dynamic graphs in your application) As for software, you will need have installed JDeveloper 11g.  The hands on instructions are based on 11.1.1.2 (or is it 11.1.1.3)! anyway, either of those or 11.1.1.4 would be required. You also need an Oracle database on your machine and access to the HR schema (which should be unlocked).  Don’t expect to have access to a network and VPN to a database. A simple test, unplug your laptop from your corporate network, run up JDev  and select File –> New –> Database connection and make sure you can connect to HR database and see the Emp/Dept etc tables.  If you can do that, you should be good to go. I would strongly recommend ensuring you have this in place before you arrive on Tuesday. Look forward to seeing you there.

    Read the article

  • There's Not an App for That (Yet)

    - by Mark Hesse
    With an earlier-than-normal departure this morning to avoid the stalemate known as traffic congestion, I suddenly realized what I had failed to grab on my way out the door...  my company ID badge.  Unfortunately, at the time of my epiphany, I was far enough into commuter no-man's land where turning back would completely negate my early departure and increase my overall drive time exponentially.  Not being one to retrace my steps, I decided to press on. Upon arrival at the office and with an hour to go before a security guard would be on duty, I started thinking about the number of times I had forgotten my ID vs. the number of times I had forgotten my phone.  While rare on both accounts, my ID was most likely the missing artifact. I then wondered why there isn't an app for my smartphone that allows me to verify my credentials with my employer and then, provided with a secure token for the day, have the ability to access my building's card entry system.  On many levels, this seems much more secure than an ID card which can be lost, stolen or even forged and then used simply by tailgating into and around buildings at facilities where card scanning can generally be avoided.   As it turns out, another building on the campus has 24 x 7 guard coverage, so I was able to gain access in a relatively short time and secure a temporary ID badge.  Once inside and online, a quick internet search on the subject of smartphone badge access shows that efforts are underway to do exactly what I was thinking needed to be done. Having not spent any time studying about the technology, I discovered that it relies on Near Field Communications (NFC) enabled smartphones (of which, mine does not provide).  The only other option would require modifications to the security infrastructure to support alternative authentication technologies, such as barcode readers, which would be extremely costly to implement. For now, my best option is to put my corporate ID under my car keys... 

    Read the article

  • How to join a Windows Domain an Map NEtwork Drives on Ubuntu Partition

    - by AgainstClint
    I just installed the current build for Ubuntu on a partition for my work computer. I am a novice when it comes to Linux/Ubuntu, which is why I installed it along side windows. I want to learn how to operate and use Ubuntu much more than I do now, so I figured installing it and trying to do day to day functions here would be a "Thrown into the pool with sharks" way to do it, and I like that way. I did however have a few questions: We are on a Domain in Windows, is there any way to join that domain using the Ubuntu partition? We Also have 16 mapped network drives. I don't actually need ALL of them mapped for Ubuntu, but is there a way to Map at least one of them to see/use here in Ubuntu. Outlook Corporate email, how can I sign in/use it while...well, you get the idea. As I said earlier, I am VERY new to Ubuntu, i've only played around with it a bit at home and never at the office. If you could simplify it down for me a bit, that would be great.

    Read the article

  • How to join a Windows Domain and Map Network Drives?

    - by AgainstClint
    I just installed the current build for Ubuntu on a partition for my work computer. I am a novice when it comes to Linux/Ubuntu, which is why I installed it along side windows. I want to learn how to operate and use Ubuntu much more than I do now, so I figured installing it and trying to do day to day functions here would be a "Thrown into the pool with sharks" way to do it, and I like that way. I did however have a few questions: We are on a Domain in Windows, is there any way to join that domain using the Ubuntu partition? We Also have 16 mapped network drives. I don't actually need ALL of them mapped for Ubuntu, but is there a way to Map at least one of them to see/use here in Ubuntu. Outlook Corporate email, how can I sign in/use it while...well, you get the idea. As I said earlier, I am VERY new to Ubuntu, i've only played around with it a bit at home and never at the office. If you could simplify it down for me a bit, that would be great.

    Read the article

  • Partner Showcase

    - by rituchhibber
    Building a High Performance Employee Self Service Portal with Oracle WebCenter Free Half Day Technical Workshop Organisations started with static corporate intranets at the beginning of the “Noughties”, these have been evolving to the Intranet Portal that is common today. The rise in Employee Self Service leverages off this evolution to transform the intranet as a resource in order to deliver the “Contextual workers control panel”. This empowers employees to do their complete job from a single environment covering transactions, document handling, form completion, watching presentations, participating in discussions through to utilising search functionality. Ether Solutions - the Enterprise Portal specialists, together with C2B2 - the independent middleware experts, will deliver this workshop to you, allowing you to discover how Oracle WebCenter provides a high performance, highly scalable platform for social intranets and EmployeeSelf Service Portals. To register, please click here. When? Wednesday, 12th of December 2012 Where? Institute of Directors, 116 Pall Mall, London SW1Y 5ED Who should attend? Lead Developers, Technical Architects, Solution Architects, Technical Leads and other Technical team member interested in learning about WebCenter. Lingotek - Collaborative Translation Technology Lingotek is the leading provider of Collaborative Translation Technology designed to meet the requirements of organizations challenged with communicating, interacting, and commercializing a global audience. Lingotek software helps companies achieve unprecedented control over the translation process and enables companies to capture, grow, and reuse their linguistic assets. Lingotek has deployed systems for some of the most innovative organizations in the United States and has enabled the success of large Fortune 500 corporations, small professional firms, and companies of every size in between. For further information, please click here.

    Read the article

  • CodePlex Daily Summary for Thursday, June 16, 2011

    CodePlex Daily Summary for Thursday, June 16, 2011Popular ReleasesTibiaPingFixer: TibiaPingFixer v.1.0: TibiaPingFixer v.1.0TerrariViewer: TerrariViewer v3.1 [Terraria Inventory Editor]: This version adds tool tips. Almost every picture box you mouse over will tell you what item is in that box. I have also cleaned up the GUI a little more to make things easier on my end. There are various bug fixes including ones associated with opening different characters in the same instance of the program. As always, please bring any bugs you find to my attention.CommonLibrary.NET: CommonLibrary.NET - 0.9.7 Beta: A collection of very reusable code and components in C# 3.5 ranging from ActiveRecord, Csv, Command Line Parsing, Configuration, Holiday Calendars, Logging, Authentication, and much more. Samples in <root>\src\Lib\CommonLibrary.NET\Samples CommonLibrary.NET 0.9.7Documentation 6738 6503 New 6535 Enhancements 6583 6737DropBox Linker: DropBox Linker 1.2: Public sub-folders are now monitored for changes as well (thanks to mcm69) Automatic public sync folder detection (thanks to mcm69) Non-Latin and special characters encoded correctly in URLs Pop-ups are now slot-based (use first free slot and will never be overlapped — test it while previewing timeout) Public sync folder setting is hidden when auto-detected Timeout interval is displayed in popup previews A lot of major and minor code refactoring performed .NET Framework 4.0 Client...Terraria World Viewer: Version 1.3: Update June 15th Removed "Draw Markers" checkbox from main window because of redundancy/confusing. (Select all or no items from the Settings tab for the same effect.) Fixed Marker preferences not being saved. It is now possible to render more than one map without having to restart the application. World file will not be locked while the world is being rendered. Note: The World Viewer might render an inaccurate map or even crash if Terraria decides to modify the World file during the pro...MVC Controls Toolkit: Mvc Controls Toolkit 1.1.5 RC: Added Extended Dropdown allows a prompt item to be inserted as first element. RequiredAttribute, if present, trggers if no element is chosen Client side javascript function to set/get the values of DateTimeInput, TypedTextBox, TypedEditDisplay, and to bind/unbind a "change" handler The selected page in the pager is applied the attribute selected-page="selected" that can be used in the definition of CSS rules to style the selected page items controls now interpret a null value as an empr...Umbraco CMS: Umbraco CMS 5.0 CTP 1: Umbraco 5 Community Technology Preview Umbraco 5 will be the next version of everyone's favourite, friendly ASP.NET CMS that already powers over 100,000 websites worldwide. Try out our first CTP of version 5 today! If you're new to Umbraco and would like to get a quick low-down on our popular and easy-to-learn approach to content management, check out our intro video here. What's in the v5 CTP box? This is a preview version of version 5 and includes support for the following familiar Umbr...Ribbon Browser for Microsoft Dynamics CRM 2011: Ribbon Browser (1.0.514.30): Initial releaseCoding4Fun Kinect Toolkit: Coding4Fun.Kinect Toolkit: Version 1.0Kinect Mouse Cursor: Kinect Mouse Cursor v1.0: The initial release of the Kinect Mouse Cursor project!patterns & practices: Project Silk: Project Silk Community Drop 11 - June 14, 2011: Changes from previous drop: Many code changes: please see the readme.mht for details. New "Client Data Management and Caching" chapter. Updated "Application Notifications" chapter. Updated "Architecture" chapter. Updated "jQuery UI Widget" chapter. Updated "Widget QuickStart" appendix and code. Guidance Chapters Ready for Review The Word documents for the chapters are included with the source code in addition to the CHM to help you provide feedback. The PDF is provided as a separat...Orchard Project: Orchard 1.2: Build: 1.2.41 Published: 6/14/2010 How to Install Orchard To install Orchard using Web PI, follow these instructions: http://www.orchardproject.net/docs/Installing-Orchard.ashx. Web PI will detect your hardware environment and install the application. Alternatively, to install the release manually, download the Orchard.Web.1.2.41.zip file. http://orchardproject.net/docs/Manually-installing-Orchard-zip-file.ashx The zip contents are pre-built and ready-to-run. Simply extract the contents o...PowerGUI Visual Studio Extension: PowerGUI VSX 1.3.4: Changes - Got rid of suppressed exceptions on assemblies loading at project startup - Fixed Issue #28535 "No Print Support" - Enabled IntelliSence commands wich are supported by ActiPro Syntax Editor control: ToggleBookmark, NextBookmark, PreviousBookmark, ShowMemberList - Added missing Import directives in PS Script project template - Fixed exception occurring on debug start - Fixed an issue: after creating a new PS project, a debugging session hung being run for the second timeSnippet Designer: Snippet Designer 1.4.0: Snippet Designer 1.4.0 for Visual Studio 2010 Change logSnippet Explorer ChangesReworked language filter UI to work better in the side bar. Added result count drop down which lets you choose how many results to see. Language filter and result count choices are persisted after Visual Studio is closed. Added file name to search criteria. Search is now case insensitive. Snippet Editor Changes Snippet Editor ChangesAdded menu option for the $end$ symbol which indicates where the c...Mobile Device Detection and Redirection: 1.0.4.1: Stable Release 51 Degrees.mobi Foundation is the best way to detect and redirect mobile devices and their capabilities on ASP.NET and is being used on thousands of websites worldwide. We’re highly confident in our software and we recommend all users update to this version. Changes to Version 1.0.4.1Changed the BlackberryHandler and BlackberryVersion6Handler to have equal CONFIDENCE values to ensure they both get a chance at detecting BlackBerry version 4&5 and version 6 devices. Prior to thi...Rawr: Rawr 4.1.06: This is the Downloadable WPF version of Rawr!For web-based version see http://elitistjerks.com/rawr.php You can find the version notes at: http://rawr.codeplex.com/wikipage?title=VersionNotes Rawr AddonWe now have a Rawr Official Addon for in-game exporting and importing of character data hosted on Curse. The Addon does not perform calculations like Rawr, it simply shows your exported Rawr data in wow tooltips and lets you export your character to Rawr (including bag and bank items) like Char...AcDown????? - Anime&Comic Downloader: AcDown????? v3.0 Beta6: ??AcDown?????????????,?????????????,????、????。?????Acfun????? ????32??64? Windows XP/Vista/7 ????????????? ??:????????Windows XP???,?????????.NET Framework 2.0???(x86)?.NET Framework 2.0???(x64),?????"?????????"??? ??v3.0 Beta6 ?????(imanhua.com)????? ???? ?? ??"????","?????","?????","????"?????? "????"?????"????????"?? ??????????? ?????????????? ?????????????/???? ?? ????Windows 7???????????? ????????? ?? ????????????? ???????/??????????? ???????????? ?? ?? ?????(imanh...Pulse: Pulse Beta 2: - Added new wallpapers provider http://wallbase.cc. Supports english search, multiple keywords* - Improved font rendering in Options window - Added "Set wallpaper as logon background" option* - Fixed crashes if there is no internet connection - Fixed: Rewalls downloads empty images sometimes - Added filters* Note 1: wallbase provider supports only english search. Rewalls provider supports only russian search but Pulse automatically translates your english keyword into russian using Google Tr...WPF Application Framework (WAF): WPF Application Framework (WAF) 2.0.0.7: Version: 2.0.0.7 (Milestone 7): This release contains the source code of the WPF Application Framework (WAF) and the sample applications. Requirements .NET Framework 4.0 (The package contains a solution file for Visual Studio 2010) The unit test projects require Visual Studio 2010 Professional Remark The sample applications are using Microsoft’s IoC container MEF. However, the WPF Application Framework (WAF) doesn’t force you to use the same IoC container in your application. You can use ...Windows Azure VM Assistant: AzureVMAssist V1.0.0.5: AzureVMAssist V1.0.0.5 (Debug) - Test Release VersionNew ProjectsASP.NET REST Services Framework: This framework provides capability to work with backend server-side .NET code via REST services from client-side javascript or other types of client code. REST-service component is a server-side framework that allows easy creation and working with REST services within any ASP.NET application. Ones a REST-service is defined it can be consumed via regular URL, or using client-side javascript call that resembles the standard C# style function call that is expected to be used within server-sid...ASP.NET, MVC, Learning: This project is for MojtabaSahraei's blog ResourceAuto Downloads Service: ADSrv (Auto Downloads Service) is a windows services (based on BITS) to add, remove and track downloads from several text files.BizTalk BDD Sample: This project is to go alongside the videos I have recently done about BDD and acceptance testing in BizTalk development.Bluvee Boxer: Video conveter for the WD TV Live Hub.Clomibep: PL: Zaawansowany system zarzadzania trescia Clomibep. EN: Advenced content managment system ClomibepCVPAT: CVPAT is a Process Automation ToolDigital Life Assistant Framework: DLAEF SharePoint 2010 web parts: SharePoint 2010 visual web parts ( SharePoint 2010 only ) Please change "Deploy.cmd" with the correct SharePoint site url, then run it from the SharePoint 2010 server.Entity Framework Query Visualizer: This is a visual studio debug visualizer for retrieving the SQL query generated by the Entity Framework at run time. In order to install this visualizer, you need to copy the downloaded DLL file ( EntityFrameworkLinqQueryVisualizer.dll ) to "C:\Users\<User Name>\Documents\Visual Studio 2010\Visualizers" folderHighYouth: HighYouthHMM-CMS: CMS pour le site HMMICompas: Sample startup siteKontrolDJNET: KontrolDJ.NET is: * A midi translator for KontrolDJ KDJ500 controller: This software is designed to work with Traktor Pro 2.0.1, Traktor Pro 1.0.1 or Traktor 3.4. (4 Decks support, Led feedback, Soft Takeover, ...) * An HID to Midi translator for all your gamepads, joysticks, ... This software is designed to work with Windows XP SP3, Vista and Seven. OS: Windows XP SP3, Vista and Seven (32 or 64bits). LevelZap: LevelZap is a Windows Explorer add-on that adds an item to the contextual menu on all folders allowing the user to "zap" the folder by moving all files/folders within it up one level, then deleting the folder itself. Works on Windows XP or later, both 32-bit and 64-bit versions.Locadora de Veiculos: Locadora de Veiculos - Projeto teste da pós graduaçãoMediator Framework: LINQ DataSource Integration FrameworkMetin2 Patcher: This project is a patcher. First Release Under ConstructionMVC Obsidian: Obsidian aims at creating a solid Quickstart solution for MVC3 projects.Orchard Delete Content Type: This Orchard modules provides a feature to delete dynamic content types.Osbourne Shell (Forth-like scripting language for .NET): I wrote it under the influence of LSD. There are a lot of architectural & codding mistakes and I do not want to even try to correct them. So, enjoy, lol.PowerShell EventLogWatcher Module: A PowerShell module that provides some additional functions to enhance PowerShell Eventing in relation to Windows Event Log events. Subscriptions can be made and actions taken when new events are written to a log. In a sense, this can be used as "poor mans" auditing system.Present it now!: PresentItNow allows to present the desktop to others on the LAN. Since SharedView does not work with IE9 and Netmeeting is not working on Vista/Windows 7 there is a need for a tool to be able to share the desktop with others on the LAN. This is a simple tool written in C#.Quadruple 128-bit Floating Point Library: 128-bit floating point library with 64 effective bits of precision (vs. 53 for the built-in Double type) and a 64 bit exponent (vs. 11 for Doubles). Greater range avoids under/overflows and makes log arithmetic unnecessary.Ribbon Browser for Microsoft Dynamics CRM 2011: This tool helps developer to browse ribbons in Microsoft Dynamics CRM. It makes easier to identify ribbon controls properties.Rsp.Windows.Forms: This project includes several custom Button types, Windows Form types, a numeric textbox and a custom MessageBox class. * RoundedButton - A button with rounded corners. * ShadedButton - A button with customizable shine. * ColorizedButton - A button with customizable Tint color for specified background image. * NumericTextBox - Textbox allowing only numeric input. * MsgBoxUI - Alternative to Windows MessageBox with a nicer look. * ShadowedForm - Windows form with a shadow. ...SocialTFS: SocialTFS is an extension of the Team Foundation Server which provides members of a global software team with information collected from Enterprise 2.0 applications, such as professional social networks and corporate microblogging. SocialTFS makes it easier for members of large distributed software teams to get in touch with each other, using corporate microblogging services (first StatusNet, then Yammer) and professional SNS profiles (Ohloh and LinkedIn). SocialTFS is part of a researc...SQLite Code Generator: Contains a stand alone GUI application and a Visual Studio Custom Tool for automatically generating a .NET data access layer code for objects in a SQLite database.Taste : state machines made easy: Taste is a lightweight state machine implementation for .NET. Its main purpose is to simplify the implementation of complex ViewModels in WPF and Silverlight applications, where the code to execute, the commands to enable and their effects depend on the current state of the View.Tau: TauTelerik MVC Music Store: This project has Telerik OpenAccess ORM as its database access logic and is entirely based of http://mvcmusicstore.codeplex.com/ . TextFileToGrid: This is the library made specifically to render the text file data stored in tabular form into data grid view.TFS Scrumboard: TFS Scrumboard is an extension to TFS 2010 Web Access, providing easy planning and managing of workitem progress.Umbraco Advertising Management: This is the home page for the Umbraco Advertising Management Project. Umbraco CMS is an .NET opensource CMS. This project has just started, you can download the source code of the initial version. The objective of this project is to create a package that would provide a new toVAI: The goal of this project is to create a home entertainment solution focused on various forms of user interaction such as audio, video, and traditional.XBee DSS service for Robotics Studio: This is a Microsoft Robotics Studio DSS service used to communicate with XBee devices. It is able to send messages to remote end devices and receive data samples from them. It is built on top of the Grommet library.????: ??:???

    Read the article

  • Pain Comes Instantly

    - by user701213
    When I look back at recent blog entries – many of which are not all that current (more on where my available writing time is going later) – I am struck by how many of them focus on public policy or legislative issues instead of, say, the latest nefarious cyberattack or exploit (or everyone’s favorite new pastime: coining terms for the Coming Cyberpocalypse: “digital Pearl Harbor” is so 1941). Speaking of which, I personally hope evil hackers from Malefactoria will someday hack into my bathroom scale – which in a future time will be connected to the Internet because, gosh, wouldn’t it be great to have absolutely everything in your life Internet-enabled? – and recalibrate it so I’m 10 pounds thinner. The horror. In part, my focus on public policy is due to an admitted limitation of my skill set. I enjoy reading technical articles about exploits and cybersecurity trends, but writing a blog entry on those topics would take more research than I have time for and, quite honestly, doesn’t play to my strengths. The first rule of writing is “write what you know.” The bigger contributing factor to my recent paucity of blog entries is that more and more of my waking hours are spent engaging in “thrust and parry” activity involving emerging regulations of some sort or other. I’ve opined in earlier blogs about what constitutes good and reasonable public policy so nobody can accuse me of being reflexively anti-regulation. That said, you have so many cycles in the day, and most of us would rather spend it slaying actual dragons than participating in focus groups on whether dragons are really a problem, whether lassoing them (with organic, sustainable and recyclable lassos) is preferable to slaying them – after all, dragons are people, too - and whether we need lasso compliance auditors to make sure lassos are being used correctly and humanely. (A point that seems to evade many rule makers: slaying dragons actually accomplishes something, whereas talking about “approved dragon slaying procedures and requirements” wastes the time of those who are competent to dispatch actual dragons and who were doing so very well without the input of “dragon-slaying theorists.”) Unfortunately for so many of us who would just get on with doing our day jobs, cybersecurity is rapidly devolving into the “focus groups on dragon dispatching” realm, which actual dragons slayers have little choice but to participate in. The general trend in cybersecurity is that powers-that-be – which encompasses groups other than just legislators – are often increasingly concerned and therefore feel they need to Do Something About Cybersecurity. Many seem to believe that if only we had the right amount of regulation and oversight, there would be no data breaches: a breach simply must mean Someone Is At Fault and Needs Supervision. (Leaving aside the fact that we have lots of home invasions despite a) guard dogs b) liberal carry permits c) alarm systems d) etc.) Also note that many well-managed and security-aware organizations, like the US Department of Defense, still get hacked. More specifically, many powers-that-be feel they must direct industry in a multiplicity of ways, up to and including how we actually build and deploy information technology systems. The more prescriptive the requirement, the more regulators or overseers a) can be seen to be doing something b) feel as if they are doing something regardless of whether they are actually doing something useful or cost effective. Note: an unfortunate concomitant of Doing Something is that often the cure is worse than the ailment. That is, doing what overseers want creates unfortunate byproducts that they either didn’t foresee or worse, don’t care about. After all, the logic goes, we Did Something. Prescriptive practice in the IT industry is problematic for a number of reasons. For a start, prescriptive guidance is really only appropriate if: • It is cost effective• It is “current” (meaning, the guidance doesn’t require the use of the technical equivalent of buggy whips long after horse-drawn transportation has become passé)*• It is practical (that is, pragmatic, proven and effective in the real world, not theoretical and unproven)• It solves the right problem With the above in mind, heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged. A little background on PCI before I get too wound up. In 2008, the Payment Card Industry (PCI) Security Standards Council (SSC) introduced the Payment Application Data Security Standard (PA-DSS). That standard requires vendors of payment applications to ensure that their products implement specific requirements and undergo security assessment procedures. In order to have an application listed as a Validated Payment Application (VPA) and available for use by merchants, software vendors are required to execute the PCI Payment Application Vendor Release Agreement (VRA). (Are you still with me through all the acronyms?) Beginning in August 2010, the VRA imposed new obligations on vendors that are extraordinary and extraordinarily bad, short-sighted and unworkable. Specifically, PCI requires vendors to disclose (dare we say “tell all?”) to PCI any known security vulnerabilities and associated security breaches involving VPAs. ASAP. Think about the impact of that. PCI is asking a vendor to disclose to them: • Specific details of security vulnerabilities • Including exploit information or technical details of the vulnerability • Whether or not there is any mitigation available (as in a patch) PCI, in turn, has the right to blab about any and all of the above – specifically, to distribute all the gory details of what is disclosed - to the PCI SSC, qualified security assessors (QSAs), and any affiliate or agent or adviser of those entities, who are in turn permitted to share it with their respective affiliates, agents, employees, contractors, merchants, processors, service providers and other business partners. This assorted crew can’t be more than, oh, hundreds of thousands of entities. Does anybody believe that several hundred thousand people can keep a secret? Or that several hundred thousand people are all equally trustworthy? Or that not one of the people getting all that information would blab vulnerability details to a bad guy, even by accident? Or be a bad guy who uses the information to break into systems? (Wait, was that the Easter Bunny that just hopped by? Bringing world peace, no doubt.) Sarcasm aside, common sense tells us that telling lots of people a secret is guaranteed to “unsecret” the secret. Notably, being provided details of a vulnerability (without a patch) is of little or no use to companies running the affected application. Few users have the technological sophistication to create a workaround, and even if they do, most workarounds break some other functionality in the application or surrounding environment. Also, given the differences among corporate implementations of any application, it is highly unlikely that a single workaround is going to work for all corporate users. So until a patch is developed by the vendor, users remain at risk of exploit: even more so if the details of vulnerability have been widely shared. Sharing that information widely before a patch is available therefore does not help users, and instead helps only those wanting to exploit known security bugs. There’s a shocker for you. Furthermore, we already know that insider information about security vulnerabilities inevitably leaks, which is why most vendors closely hold such information and limit dissemination until a patch is available (and frequently limit dissemination of technical details even with the release of a patch). That’s the industry norm, not that PCI seems to realize or acknowledge that. Why would anybody release a bunch of highly technical exploit information to a cast of thousands, whose only “vetting” is that they are members of a PCI consortium? Oracle has had personal experience with this problem, which is one reason why information on security vulnerabilities at Oracle is “need to know” (we use our own row level access control to limit access to security bugs in our bug database, and thus less than 1% of development has access to this information), and we don’t provide some customers with more information than others or with vulnerability information and/or patches earlier than others. Failure to remember “insider information always leaks” creates problems in the general case, and has created problems for us specifically. A number of years ago, one of the UK intelligence agencies had information about a non-public security vulnerability in an Oracle product that they circulated among other UK and Commonwealth defense and intelligence entities. Nobody, it should be pointed out, bothered to report the problem to Oracle, even though only Oracle could produce a patch. The vulnerability was finally reported to Oracle by (drum roll) a US-based commercial company, to whom the information had leaked. (Note: every time I tell this story, the MI-whatever agency that created the problem gets a bit shirty with us. I know they meant well and have improved their vulnerability handling/sharing processes but, dudes, next time you find an Oracle vulnerability, try reporting it to us first before blabbing to lots of people who can’t actually fix the problem. Thank you!) Getting back to PCI: clearly, these new disclosure obligations increase the risk of exploitation of a vulnerability in a VPA and thus, of misappropriation of payment card data and customer information that a VPA processes, stores or transmits. It stands to reason that VRA’s current requirement for the widespread distribution of security vulnerability exploit details -- at any time, but particularly before a vendor can issue a patch or a workaround -- is very poor public policy. It effectively publicizes information of great value to potential attackers while not providing compensating benefits - actually, any benefits - to payment card merchants or consumers. In fact, it magnifies the risk to payment card merchants and consumers. The risk is most prominent in the time before a patch has been released, since customers often have little option but to continue using an application or system despite the risks. However, the risk is not limited to the time before a patch is issued: customers often need days, or weeks, to apply patches to systems, based upon the complexity of the issue and dependence on surrounding programs. Rather than decreasing the available window of exploit, this requirement increases the available window of exploit, both as to time available to exploit a vulnerability and the ease with which it can be exploited. Also, why would hackers focus on finding new vulnerabilities to exploit if they can get “EZHack” handed to them in such a manner: a) a vulnerability b) in a payment application c) with exploit code: the “Hacking Trifecta!“ It’s fair to say that this is probably the exact opposite of what PCI – or any of us – would want. Established industry practice concerning vulnerability handling avoids the risks created by the VRA’s vulnerability disclosure requirements. Specifically, the norm is not to release information about a security bug until the associated patch (or a pretty darn good workaround) has been issued. Once a patch is available, the notice to the user community is a high-level communication discussing the product at issue, the level of risk associated with the vulnerability, and how to apply the patch. The notices do not include either the specific customers affected by the vulnerability or forensic reports with maps of the exploit (both of which are required by the current VRA). In this way, customers have the tools they need to prioritize patching and to help prevent an attack, and the information released does not increase the risk of exploit. Furthermore, many vendors already use industry standards for vulnerability description: Common Vulnerability Enumeration (CVE) and Common Vulnerability Scoring System (CVSS). CVE helps ensure that customers know which particular issues a patch addresses and CVSS helps customers determine how severe a vulnerability is on a relative scale. Industry already provides the tools customers need to know what the patch contains and how bad the problem is that the patch remediates. So, what’s a poor vendor to do? Oracle is reaching out to other vendors subject to PCI and attempting to enlist then in a broad effort to engage PCI in rethinking (that is, eradicating) these requirements. I would therefore urge all who care about this issue, but especially those in the vendor community whose applications are subject to PCI and who may not have know they were being asked to tell-all to PCI and put their customers at risk, to do one of the following: • Contact PCI with your concerns• Contact Oracle (we are looking for vendors to sign our statement of concern)• And make sure you tell your customers that you have to rat them out to PCI if there is a breach involving the payment application I like to be charitable and say “PCI meant well” but in as important a public policy issue as what you disclose about vulnerabilities, to whom and when, meaning well isn’t enough. We need to do well. PCI, as regards this particular issue, has not done well, and has compounded the error by thus far being nonresponsive to those of us who have labored mightily to try to explain why they might want to rethink telling the entire planet about security problems with no solutions. By Way of Explanation… Non-related to PCI whatsoever, and the explanation for why I have not been blogging a lot recently, I have been working on Other Writing Venues with my sister Diane (who has also worked in the tech sector, inflicting upgrades on unsuspecting and largely ungrateful end users). I am pleased to note that we have recently (self-)published the first in the Miss Information Technology Murder Mystery series, Outsourcing Murder. The genre might best be described as “chick lit meets geek scene.” Our sisterly nom de plume is Maddi Davidson and (shameless plug follows): you can order the paper version of the book on Amazon, or the Kindle or Nook versions on www.amazon.com or www.bn.com, respectively. From our book jacket: Emma Jones, a 20-something IT consultant, is working on an outsourcing project at Tahiti Tacos, a restaurant chain offering Polynexican cuisine: refried poi, anyone? Emma despises her boss Padmanabh, a brilliant but arrogant partner in GD Consulting. When Emma discovers His-Royal-Padness’s body (verdict: death by cricket bat), she becomes a suspect.With her overprotective family and her best friend Stacey providing endless support and advice, Emma stumbles her way through an investigation of Padmanabh’s murder, bolstered by fusion food feeding frenzies, endless cups of frou-frou coffee and serious surfing sessions. While Stacey knows a PI who owes her a favor, landlady Magda urges Emma to tart up her underwear drawer before the next cute cop with a search warrant arrives. Emma’s mother offers to fix her up with a PhD student at Berkeley and showers her with self-defense gizmos while her old lover Keoni beckons from Hawai’i. And everyone, even Shaun the barista, knows a good lawyer. Book 2, Denial of Service, is coming out this summer. * Given the rate of change in technology, today’s “thou shalts” are easily next year’s “buggy whip guidance.”

    Read the article

< Previous Page | 24 25 26 27 28 29 30 31 32 33 34 35  | Next Page >