Search Results

Search found 2197 results on 88 pages for 'explanation'.

Page 41/88 | < Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >

  • How do audio based games such as Audiosurf and Beat Hazard work?

    - by The Communist Duck
    Note: I am not asking how to make a clone of one of these. I am asking about how they work. I'm sure everyone's seen the games where you use your own music files (or provided ones) and the games produce levels based on them, such as Audiosurf and Beat Hazard. Here is a video of Audiosurf in action, to show what I mean. If you provide a heavy metal song, you would get a completely different set of obstacles, enemies, and game experience from something like Vivaldi. What does interest me is how these games work. I do not know much about audio (well, data-side), but how do they process the song to understand when it is settling down or when it's speeding up? I guess they could just feed the pitch values (assuming those sorts of things exist in audio files) to form a level, but it wouldn't fully explain it. I'm either looking for an explanation, some links to articles about this sort of thing (I'm sure there's a term or terms for it), or even an open-source implementation of this kind of thing ;-) EDIT: After some searching and a little help, I found out about FFT (Fast Fourier Transform). This maybe a step in the right direction, but it is something that does not make any sense to me..or fits with my physics knowledge of waves.

    Read the article

  • How come there is still so much programming work?

    - by jd_505
    First I'd like to say that I am not pretty sure that this question will meet the guidelines. I think it can goes under the "Freelancing and business concerns" bullet, but I am not sure. Anyway, I will give it a shot. I wonder how the programming jobs hasn't yet "dried" because of the software evolution, for example, I am a developer myself, which means that I do care about software (I mean I am not of the type of guys that needs a computer mainly to just browse the Internet), and still I wouldn't mind if I never receive any more updates on my Ubuntu machine. I find that it provides everything I need, and while the updates provide various bug fixes/improvements, I wouldn't mind using it with it's current state for the rest of my life, for 2 years of Ubuntu usage I have never bumped at a serious bug/problem. Another example is Windows, almost half of it's users still use XP, which is practically ancient, yet they find it satisfying all their needs (and I agreee with them). I could go with many more examples, but by now you are understanding my point and my question. While new "trends" appears all of the time (like a new mobile OS) which runs on new platforms and requires some fresh development work, still the majority of the software effort goes in to what I consider as "completed projects", or at least a state of a project which is enough to be considered as completed. Do you have an explanation ? I can't think of the right tags for this question, please edit it the way you find it to be most appropriate. Thanks.

    Read the article

  • Problems with 3D transformation - (SharpDX)

    - by Morphex
    First of all , I have been trying to get this right for a couple of day already, I have read so much info and still fail miserably to understand this. So I am going to tell you that even though I have done fairly amount of research myself, I failed to implement it. I must say miserably I am trying to create a generic camera class for a game engine of sorts - for research purposes only - the thing is I have no idea how to go about it. I have read about quaternions and matrices, but when it comes to the actual implementation I suck at it. Sharpdx has already Matrices and QUaternions implemented. SO no big deal on the map behind it. How in the world would I go about creating a camera? I have seen so many camera examples and still can't make one that works as expected. I would like to implement diferent types too (Orbital, 6DoF, FPS). So what is need for a camera? UP, Forward and Right vectors I read they are needed, also a quaternion for rotations, and View and Projection matrices. I understand that a FPS camera for instance only rotates around the World Y and the Right Axis of the camera. the 6DoF rotates always around their own axis, and the orbital is just translating for set distance and making it look always at a fixed target point. The concepts are there, now implementing this is not trivial for me. Can anyone point me on what am I missing, what I got wrong? I would really enjoy if you could give a tutorial, some piece of code, or just plain explanation of the concepts. Thank you for readin, a frustrated coder.

    Read the article

  • OBIEE Capacity Planning

    - by THE
    I can not even recall how many times I was asked by a customer what size the machine should be bought to run our Software. Unfortunately Tech Support is not even the right address to answer that question, as a purchase decision is closely tied to the answer. Hence, Tech Support has been limited to the answer: "The biggest machine you can afford" . Many Customers were unhappy with that and have tried to get us to be more precise and that causes a lot of explanation and lengthy discussion. In the end no one is wiser or happier.  Therefore I am happy to report that at least for OBIEE the decision has just been made a whole lot easier. Have a look at the note Oracle BI EE 11g Architectural Deployment: Capacity Planning (Doc ID 1323646.1) The document attached to that note gives you a good overview for teh sizing of the machines that Oracle recommends to run OBIEE (be it a small installation or a bigger distributed installation) If you have any more questions about this topic and what machines we recommend, then get in contact with  Oracle Consulting or speak to your sales representative.

    Read the article

  • How come there is still so much programming work?

    - by jd_505
    I wonder why programming jobs haven't yet "dried up" because of the software evolution, for example, I am a developer myself, which means that I do care about software (I mean I am not of the type of guys that needs a computer mainly to just browse the Internet), and still I wouldn't mind if I never receive any more updates on my Ubuntu machine. I find that it provides everything I need, and while the updates provide various bug fixes/improvements, I wouldn't mind using it with its current state for the rest of my life, for 2 years of Ubuntu usage I have never bumped at a serious bug/problem. Another example is Windows, almost half of it's users still use XP, which is practically ancient, yet they find it satisfying all their needs (and I agree with them). I could go with many more examples, but by now you are understanding my point and my question. While new "trends" appears all of the time (like a new mobile OS) which runs on new platforms and requires some fresh development work, still the majority of the software effort goes in to what I consider as "completed projects", or at least a state of a project which is enough to be considered as completed. Do you have an explanation? I can't think of the right tags for this question; please edit it the way you find it to be most appropriate.

    Read the article

  • RPGMakerVX - Changing item_max?

    - by rackemup420
    I've been working on a game for awhile and I am developing it with RPG Maker VX. I came to a point where I needed to... I guess for lack of better explanation... Limit the key items to just 1. So I started looking through my scripts and found (in Game_Party): #-------------------------------------------------------------------------- # * Get Maximum Number of Items Possessed #-------------------------------------------------------------------------- def max_item_number(item) return 99 end and added below it: #-------------------------------------------------------------------------- # * Get Maximum Number of Key Items Possessed #-------------------------------------------------------------------------- def max_key_item_number(item) return 1 end and right below that is: #-------------------------------------------------------------------------- # * Determine if Maximum Number of Items Are Possessed #-------------------------------------------------------------------------- def item_max?(item) item_number(item) >= max_item_number(item) end So I changed the last one too: #-------------------------------------------------------------------------- # * Determine if Maximum Number of Items Are Possessed #-------------------------------------------------------------------------- def item_max?(item) if key_item? == true item_number(item) >= max_key_item_number(item) end if key_item? == false item_number(item) >= max_item_number(item) end end Now this seemed to not affect anything (that I could tell). I tested it and its still the same as before I touched anything. I am new to developing games and relatively new to scripting for them. Is this approach even close to what I want to do? Any help is greatly apprecieated!

    Read the article

  • How Expedia Made My New Bride Cry

    - by Lance Robinson
    Tweet this? Email Expedia and ask them to give me and my new wife our honeymoon? When Expedia followed up their failure with our honeymoon trip with a complete and total lack of acknowledgement of any responsibility for the problem and endless loops of explaining the issue over and over again - I swore that they would make it right. When they brought my new bride to tears, I got an immediate and endless supply of motivation. I hope you will help me make them make it right by posting our story on Twitter, Facebook, your blog, on Expedia itself, and when talking to your friends in person about their own travel plans.   If you are considering using them now for an important trip - reconsider. Short summary: We arrived early for a flight - but Expedia had made a mistake with the data they supplied to JetBlue and Emirates, which resulted in us not being able to check in (one leg of our trip was missing)!  At the time of this post, three people (myself, my wife, and an exceptionally patient JetBlue employee named Mary) each spent hours on the phone with Expedia.  I myself spent right at 3 hours (according to iPhone records), Lauren spent an hour and a half or so, and poor Mary was probably on the phone for a good 3.5 hours.  This is after 5 hours total at the airport.  If you add up our phone time, that is nearly 8 hours of phone time over a 5 hour period with little or no help, stall tactics (?), run-around, denial, shifting of blame, and holding. Details below (times are approximate): First, my wife and I were married yesterday - June 18th, the 3 year anniversary of our first date. She is awesome. She is the nicest person I have ever known, a ton of fun, absolutely beautiful in every way. Ok enough mushy - here are the dirty details. 2:30 AM - Early Check-in Attempt - we attempted to check-in for our flight online. Some sort of technology error on website, instructed to checkin at desk. 4:30 AM - Arrive at airport. Try to check-in at kiosk, get the same error. We got to the JetBlue desk at RDU International Airport, where Mary helped us. Mary discovered that the Expedia provided itinerary does not match the Expedia provided tickets. We are informed that when that happens American, JetBlue, and others that use the same software cannot check you in for the flight because. Why? Because the itinerary was missing a leg of our flight! Basically we were not shown in the system as definitely being able to make it home. Mary called Expedia and was put on hold by their automated system. 4:55 AM - Mary, myself, and my brand new bride all waited for about 25 minutes when finally I decided I would make a call myself on my iPhone while Mary was on the airport phone. In their automated system, I chose "make a new reservation", thinking they might answer a little more quickly than "customer service". Not surprisingly I was connected to an Expedia person within 1 minute. They informed me that they would have to forward me to a customer service specialist. I explained to them that we were already on hold for that and had been for nearly half an hour, that we were going on our honeymoon and that our flight would be leaving soon - could they please help us. "Yes, I will help you". I hand the phone to JetBlue Mary who explains the situation 3 or 4 times. Obviously I couldn't hear both ends of the conversation at this point, but the Expedia person explained what the problem was by stating exactly what Mary had just spent 15 minutes explaining. Mary calmly confirms that this is the problem, and asks Expedia to re-issue the itinerary. Expedia tells Mary that they'll have to transfer her to customer service. Mary asks for someone specific so that we get an answer this time, and goes on hold. Mary get's connected, explains the situation, and then Mary's connection gets terminated. 5:10 AM - Mary calls back to the Expedia automated system again, and we wait for about 5 minutes on hold this time before I pick up my iPhone and call Expedia again myself. Again I go to sales, a person picks up the phone in less than a minute. I explain the situation and let them know that we are now very close to missing our flight for our honeymoon, could they please help us. "Yes, I will help you". Again I give the phone to Mary who provides them with a call back number in case we get disconnected again and explains the situation again. More back and forth with Expedia doing nothing but repeating the same questions, Mary answering the questions with the same information she provided in the original explanation, and Expedia simply restating the problem. Mary again asks them to re-issue the itinerary, and explains that doing so will fix the problem. Expedia again repeats the problem instead of fixing it, and Mary's connection gets terminated. 5:20 AM - Mary again calls back to Expedia. My beautiful bride also calls on her own phone. At this point she is struggling to hold back her tears, stumbling through an explanation of all that has happened and that we are about to miss our flight. Please help us. "Yes, I will help". My beautiful bride's connection gets terminated. Ok, maybe this disconnection isn't an accident. We've now been disconnected 3 times on two different phones. 5:45 AM - I walk away and pleadingly beg a person to help me. They "escalate" the issue to "Rosy" (sp?) at Expedia. I go through the whole song and dance again with Rosy, who gives me the same treatment Mary was given. Rosy blames JetBlue for now having the correct data. Meanwhile Mary is on the phone with Emirates Air (the airline for the second leg of our trip), who agrees with JetBlue that Expedia's data isn't up to date. We are informed by two airport employees that issues like this with Expedia are not uncommon, and that the fix is simple. On the phone iwth Rosy, I ask her to re-issue the itinerary because we are about to miss our flight. She again explains the problem to me. At this point, I am standing at the window, pleading with Rosy to help us get to our honeymoon, watching our airplane. Then our airplane leaves without us. 6:03 AM - At this point we have missed our flight. Re-issuing the itinerary is no longer a solution. I ask Rosy to start from the beginning and work us up a new trip. She says that she cannot do that. She says that she needs to talk to JetBlue and Emirates and find out why we cannot check-in for our flight. I remind Rosy that our flight has already left - I just watched it taxi away - it no longer matters why (not to mention the fact that we already knew why, and have known why since 4:30 AM), and have known the solution since 4:30 AM. Rosy, can you please book a new trip? Yes, but it will cost $400. Excuse me? Now you can, but it will cost ME to fix your mistake? Rosy says that she can escalate the situation to her supervisor but that will take 1.5 hours. 6:15 AM - I told Rosy that if they had re-issued the itinerary as JetBlue asked (at 4:30 AM), my new wife and I might be on the airplane now instead of dealing with this on the phone and missing the beginning (and how much more?) of our honeymoon. Rosy said that it was not necessary to re-issue the itinerary. Out of curiosity, i asked Rosy if there was some financial burden on them to re-issue the itinerary. "No", said Rosy. I asked her if it was a large time burden on Expedia to re-issue the itinerary. "No", said Rosy. I directly asked Rosy: Why wouldn't Expedia have re-issued the itinerary when JetBlue asked? No answer. I asked Rosy: If you had re-issued the itinerary at 4:30, isn't it possible that I would be on that flight right now? She actually surprised me by answering "Yes" to that question. So I pointed out that it followed that Expedia was responsible for the fact that we missed out flight, and she immediately went into more about how the problem was with JetBlue - but now it was ALSO an Emirates Air problem as well. I tell Rosy to go ahead and escalate the issue again, and please call me back in that 1.5 hours (which how is about 1 hour and 10 minutes away). 6:30 AM - I start tweeting my frustration with iPhone. It's now pretty much impossible for us to make it to The Maldives by 3pm, which is the time at which we would need to arrive in order to be allowed service to the actual island where we are staying. Expedia has now given me the run-around for 2 hours, caused me to miss my flight, and worst of all caused my amazing new wife Lauren to miss our honeymoon. You think I was mad? No. Furious. Its ok to make mistakes - but to refuse to fix them and to ruin our honeymoon? No, not ok, Expedia. I swore right then that Expedia would make this right. 7:45 AM - JetBlue mary is still talking her tail off to other people in JetBlue and Emirates Air. Mary works it out so that if Expedia simply books a new trip, JetBlue and Emirates will both waive all the fees. Now we just have to convince Expedia to fix their mistake and get us on our way! Around this time Expedia Rosy calls me back! I inform her of the excellent work of JetBlue Mary - that JetBlue and Emirates both will waive the fees so Expedia can fix their mistake and get us going on our way. She says that she sees documentation of this in her system and that she needs to put me on hold "for 1 to 10 minutes" to talk to Emirates Air (why I'm not exactly sure). I say ok. 8:45 AM - After an hour on hold, Rosy comes on the line and asks me to hold more. I ask her to call me back. 9:35 AM - I put down the iPhone Twitter app and picks up the laptop. You think I made some noise with my iPhone? Heh 11:25 AM - Expedia follows me and sends a canned "We're sorry, DM us the details".  If you look at their Twitter feed, 16 out of the most recent 20 tweets are exactly the same canned response.  The other 4?  Ads.  Um - #MultiFAIL? To Expedia:  You now have had (as explained above) 8 hours of 3 different people explaining our situation, you know the email address of our Expedia account, you know my web blog, you know my Twitter address, you know my phone number.  You also know how upset you have made both me and my new bride by treating us with such a ... non caring, scripted, uncooperative, argumentative, and possibly even deceitful manner.  In the wise words of the great Kenan Thompson of SNL: "FIX IT!".  And no, I'm NOT going away until you make this right. Period. 11:45 AM - Expedia corporate office called.  The woman I spoke to was very nice and apologetic.  She listened to me tell the story again, she says she understands the problem and she is going to work to resolve it.  I don't have any details on what exactly that resolution might me, she said she will call me back in 20 minutes.  She found out about the problem via Twitter.  Thank you Twitter, and all of you who helped.  Hopefully social media will win my wife and I our honeymoon, and hopefully Expedia will encourage their customer service teams treat their customers properly. 12:22 PM - Spoke to Fran again from Expedia corporate office.  She has a flight for us tonight.  She is booking it now.  We will arrive at our honeymoon destination of beautiful Veligandu Island Resort only 1 day late.  She cannot confirm today, but she expects that Expedia will pay for the lost honeymoon night.  Thank you everyone for your help.  I will reflect more on this whole situation and confirm its resolution after our flight is 100% confirmed.  For now, I'm going to take a breather and go kiss my wonderful wife! 1:50 PM - Have not yet received the promised phone call.  We did receive an email with a new itinerary for a flight but the booking is not for specific seats, so there is no guarantee that my wife and I will be able to sit together.  With the original booking I carefully selected our seats for every segment of our trip.  I decided to call into the phone number that Fran from the Expedia corporate office gave me.  Its automated voice system identified itself as "Tier 3 Support".  I am currently still on hold with them, I have not gotten through to a human yet. 1:55 PM - Fran from Expedia called me back.  She confirmed us as booked.  She called the airlines to confirm.  Unfortunately, Expedia was unwilling or unable to allow us any type of seat selection.  It is possible that i won't get to sit next to the woman I married less than a day ago on our 40 total hours of flight time (there and back).  In addition, our seats could be the worst seats on the planes, with no reclining seat back or right next to the restroom.  Despite this fact (which in my opinion is huge), the horrible inconvenience, the hours at the airport, and the negative Internet publicity that Expedia is receiving, Expedia declined to offer us any kind of upgrade or to mark us as SFU (suitable for upgrade).  Since they didn't offer - I asked, and was rejected.  I am grateful to finally be heading in the right direction, but not only did Expedia horribly botch this job from the very beginning, they followed that botch job with near zero customer service, followed by a verbally apologetic but otherwise half-hearted resolution.  If this works out favorably for us, great.  If not - I'm not done making noise, Expedia.  You owe us, and I expect you to make it right.  You haven't quite done that yet. Thanks - Thank you to Twitter.  Thanks to all those who sympathize with us and helped us get the attention of Expedia, since three people (one of them an airline employee) using Expedia's normal channels of communication for many hours didn't help.  Thanks especially to my PowerShell and Sharepoint friends, my local friends, and those connectors who encouraged me and spread my story. 5:15 PM - Love Wins - After all this, Lauren and I are exhausted.  We both took a short nap, and when we woke up we talked about the last 24 hours.  It was a big, amazing, story-filled 24 hours.  I said that Expedia won, but Lauren said no.  She pointed out how lucky we are.  We are in love and married.  We have wonderful family and friends.  We are both hard-working successful people who love what they do.  We get to go to an amazing exotic destination for our honeymoon like Veligandu in The Maldives...  That's a lot of good.  Expedia didn't win.  This was (is) a big loss for Expedia.  It is a public blemish for all to see.  But Lauren and I did win, big time.  Expedia may not have made things right - but things are right for us.  Post in progress... I will relay any further comments (or lack of) from Expedia soon, as well as an update on confirmation of their repayment of our lost resort room rates.  I'll also post a picture of us on our honeymoon as soon as I can!

    Read the article

  • Pain Comes Instantly

    - by user701213
    When I look back at recent blog entries – many of which are not all that current (more on where my available writing time is going later) – I am struck by how many of them focus on public policy or legislative issues instead of, say, the latest nefarious cyberattack or exploit (or everyone’s favorite new pastime: coining terms for the Coming Cyberpocalypse: “digital Pearl Harbor” is so 1941). Speaking of which, I personally hope evil hackers from Malefactoria will someday hack into my bathroom scale – which in a future time will be connected to the Internet because, gosh, wouldn’t it be great to have absolutely everything in your life Internet-enabled? – and recalibrate it so I’m 10 pounds thinner. The horror. In part, my focus on public policy is due to an admitted limitation of my skill set. I enjoy reading technical articles about exploits and cybersecurity trends, but writing a blog entry on those topics would take more research than I have time for and, quite honestly, doesn’t play to my strengths. The first rule of writing is “write what you know.” The bigger contributing factor to my recent paucity of blog entries is that more and more of my waking hours are spent engaging in “thrust and parry” activity involving emerging regulations of some sort or other. I’ve opined in earlier blogs about what constitutes good and reasonable public policy so nobody can accuse me of being reflexively anti-regulation. That said, you have so many cycles in the day, and most of us would rather spend it slaying actual dragons than participating in focus groups on whether dragons are really a problem, whether lassoing them (with organic, sustainable and recyclable lassos) is preferable to slaying them – after all, dragons are people, too - and whether we need lasso compliance auditors to make sure lassos are being used correctly and humanely. (A point that seems to evade many rule makers: slaying dragons actually accomplishes something, whereas talking about “approved dragon slaying procedures and requirements” wastes the time of those who are competent to dispatch actual dragons and who were doing so very well without the input of “dragon-slaying theorists.”) Unfortunately for so many of us who would just get on with doing our day jobs, cybersecurity is rapidly devolving into the “focus groups on dragon dispatching” realm, which actual dragons slayers have little choice but to participate in. The general trend in cybersecurity is that powers-that-be – which encompasses groups other than just legislators – are often increasingly concerned and therefore feel they need to Do Something About Cybersecurity. Many seem to believe that if only we had the right amount of regulation and oversight, there would be no data breaches: a breach simply must mean Someone Is At Fault and Needs Supervision. (Leaving aside the fact that we have lots of home invasions despite a) guard dogs b) liberal carry permits c) alarm systems d) etc.) Also note that many well-managed and security-aware organizations, like the US Department of Defense, still get hacked. More specifically, many powers-that-be feel they must direct industry in a multiplicity of ways, up to and including how we actually build and deploy information technology systems. The more prescriptive the requirement, the more regulators or overseers a) can be seen to be doing something b) feel as if they are doing something regardless of whether they are actually doing something useful or cost effective. Note: an unfortunate concomitant of Doing Something is that often the cure is worse than the ailment. That is, doing what overseers want creates unfortunate byproducts that they either didn’t foresee or worse, don’t care about. After all, the logic goes, we Did Something. Prescriptive practice in the IT industry is problematic for a number of reasons. For a start, prescriptive guidance is really only appropriate if: • It is cost effective• It is “current” (meaning, the guidance doesn’t require the use of the technical equivalent of buggy whips long after horse-drawn transportation has become passé)*• It is practical (that is, pragmatic, proven and effective in the real world, not theoretical and unproven)• It solves the right problem With the above in mind, heading up the list of “you must be joking” regulations are recent disturbing developments in the Payment Card Industry (PCI) world. I’d like to give PCI kahunas the benefit of the doubt about their intentions, except that efforts by Oracle among others to make them aware of “unfortunate side effects of your requirements” – which is as tactful I can be for reasons that I believe will become obvious below - have gone, to-date, unanswered and more importantly, unchanged. A little background on PCI before I get too wound up. In 2008, the Payment Card Industry (PCI) Security Standards Council (SSC) introduced the Payment Application Data Security Standard (PA-DSS). That standard requires vendors of payment applications to ensure that their products implement specific requirements and undergo security assessment procedures. In order to have an application listed as a Validated Payment Application (VPA) and available for use by merchants, software vendors are required to execute the PCI Payment Application Vendor Release Agreement (VRA). (Are you still with me through all the acronyms?) Beginning in August 2010, the VRA imposed new obligations on vendors that are extraordinary and extraordinarily bad, short-sighted and unworkable. Specifically, PCI requires vendors to disclose (dare we say “tell all?”) to PCI any known security vulnerabilities and associated security breaches involving VPAs. ASAP. Think about the impact of that. PCI is asking a vendor to disclose to them: • Specific details of security vulnerabilities • Including exploit information or technical details of the vulnerability • Whether or not there is any mitigation available (as in a patch) PCI, in turn, has the right to blab about any and all of the above – specifically, to distribute all the gory details of what is disclosed - to the PCI SSC, qualified security assessors (QSAs), and any affiliate or agent or adviser of those entities, who are in turn permitted to share it with their respective affiliates, agents, employees, contractors, merchants, processors, service providers and other business partners. This assorted crew can’t be more than, oh, hundreds of thousands of entities. Does anybody believe that several hundred thousand people can keep a secret? Or that several hundred thousand people are all equally trustworthy? Or that not one of the people getting all that information would blab vulnerability details to a bad guy, even by accident? Or be a bad guy who uses the information to break into systems? (Wait, was that the Easter Bunny that just hopped by? Bringing world peace, no doubt.) Sarcasm aside, common sense tells us that telling lots of people a secret is guaranteed to “unsecret” the secret. Notably, being provided details of a vulnerability (without a patch) is of little or no use to companies running the affected application. Few users have the technological sophistication to create a workaround, and even if they do, most workarounds break some other functionality in the application or surrounding environment. Also, given the differences among corporate implementations of any application, it is highly unlikely that a single workaround is going to work for all corporate users. So until a patch is developed by the vendor, users remain at risk of exploit: even more so if the details of vulnerability have been widely shared. Sharing that information widely before a patch is available therefore does not help users, and instead helps only those wanting to exploit known security bugs. There’s a shocker for you. Furthermore, we already know that insider information about security vulnerabilities inevitably leaks, which is why most vendors closely hold such information and limit dissemination until a patch is available (and frequently limit dissemination of technical details even with the release of a patch). That’s the industry norm, not that PCI seems to realize or acknowledge that. Why would anybody release a bunch of highly technical exploit information to a cast of thousands, whose only “vetting” is that they are members of a PCI consortium? Oracle has had personal experience with this problem, which is one reason why information on security vulnerabilities at Oracle is “need to know” (we use our own row level access control to limit access to security bugs in our bug database, and thus less than 1% of development has access to this information), and we don’t provide some customers with more information than others or with vulnerability information and/or patches earlier than others. Failure to remember “insider information always leaks” creates problems in the general case, and has created problems for us specifically. A number of years ago, one of the UK intelligence agencies had information about a non-public security vulnerability in an Oracle product that they circulated among other UK and Commonwealth defense and intelligence entities. Nobody, it should be pointed out, bothered to report the problem to Oracle, even though only Oracle could produce a patch. The vulnerability was finally reported to Oracle by (drum roll) a US-based commercial company, to whom the information had leaked. (Note: every time I tell this story, the MI-whatever agency that created the problem gets a bit shirty with us. I know they meant well and have improved their vulnerability handling/sharing processes but, dudes, next time you find an Oracle vulnerability, try reporting it to us first before blabbing to lots of people who can’t actually fix the problem. Thank you!) Getting back to PCI: clearly, these new disclosure obligations increase the risk of exploitation of a vulnerability in a VPA and thus, of misappropriation of payment card data and customer information that a VPA processes, stores or transmits. It stands to reason that VRA’s current requirement for the widespread distribution of security vulnerability exploit details -- at any time, but particularly before a vendor can issue a patch or a workaround -- is very poor public policy. It effectively publicizes information of great value to potential attackers while not providing compensating benefits - actually, any benefits - to payment card merchants or consumers. In fact, it magnifies the risk to payment card merchants and consumers. The risk is most prominent in the time before a patch has been released, since customers often have little option but to continue using an application or system despite the risks. However, the risk is not limited to the time before a patch is issued: customers often need days, or weeks, to apply patches to systems, based upon the complexity of the issue and dependence on surrounding programs. Rather than decreasing the available window of exploit, this requirement increases the available window of exploit, both as to time available to exploit a vulnerability and the ease with which it can be exploited. Also, why would hackers focus on finding new vulnerabilities to exploit if they can get “EZHack” handed to them in such a manner: a) a vulnerability b) in a payment application c) with exploit code: the “Hacking Trifecta!“ It’s fair to say that this is probably the exact opposite of what PCI – or any of us – would want. Established industry practice concerning vulnerability handling avoids the risks created by the VRA’s vulnerability disclosure requirements. Specifically, the norm is not to release information about a security bug until the associated patch (or a pretty darn good workaround) has been issued. Once a patch is available, the notice to the user community is a high-level communication discussing the product at issue, the level of risk associated with the vulnerability, and how to apply the patch. The notices do not include either the specific customers affected by the vulnerability or forensic reports with maps of the exploit (both of which are required by the current VRA). In this way, customers have the tools they need to prioritize patching and to help prevent an attack, and the information released does not increase the risk of exploit. Furthermore, many vendors already use industry standards for vulnerability description: Common Vulnerability Enumeration (CVE) and Common Vulnerability Scoring System (CVSS). CVE helps ensure that customers know which particular issues a patch addresses and CVSS helps customers determine how severe a vulnerability is on a relative scale. Industry already provides the tools customers need to know what the patch contains and how bad the problem is that the patch remediates. So, what’s a poor vendor to do? Oracle is reaching out to other vendors subject to PCI and attempting to enlist then in a broad effort to engage PCI in rethinking (that is, eradicating) these requirements. I would therefore urge all who care about this issue, but especially those in the vendor community whose applications are subject to PCI and who may not have know they were being asked to tell-all to PCI and put their customers at risk, to do one of the following: • Contact PCI with your concerns• Contact Oracle (we are looking for vendors to sign our statement of concern)• And make sure you tell your customers that you have to rat them out to PCI if there is a breach involving the payment application I like to be charitable and say “PCI meant well” but in as important a public policy issue as what you disclose about vulnerabilities, to whom and when, meaning well isn’t enough. We need to do well. PCI, as regards this particular issue, has not done well, and has compounded the error by thus far being nonresponsive to those of us who have labored mightily to try to explain why they might want to rethink telling the entire planet about security problems with no solutions. By Way of Explanation… Non-related to PCI whatsoever, and the explanation for why I have not been blogging a lot recently, I have been working on Other Writing Venues with my sister Diane (who has also worked in the tech sector, inflicting upgrades on unsuspecting and largely ungrateful end users). I am pleased to note that we have recently (self-)published the first in the Miss Information Technology Murder Mystery series, Outsourcing Murder. The genre might best be described as “chick lit meets geek scene.” Our sisterly nom de plume is Maddi Davidson and (shameless plug follows): you can order the paper version of the book on Amazon, or the Kindle or Nook versions on www.amazon.com or www.bn.com, respectively. From our book jacket: Emma Jones, a 20-something IT consultant, is working on an outsourcing project at Tahiti Tacos, a restaurant chain offering Polynexican cuisine: refried poi, anyone? Emma despises her boss Padmanabh, a brilliant but arrogant partner in GD Consulting. When Emma discovers His-Royal-Padness’s body (verdict: death by cricket bat), she becomes a suspect.With her overprotective family and her best friend Stacey providing endless support and advice, Emma stumbles her way through an investigation of Padmanabh’s murder, bolstered by fusion food feeding frenzies, endless cups of frou-frou coffee and serious surfing sessions. While Stacey knows a PI who owes her a favor, landlady Magda urges Emma to tart up her underwear drawer before the next cute cop with a search warrant arrives. Emma’s mother offers to fix her up with a PhD student at Berkeley and showers her with self-defense gizmos while her old lover Keoni beckons from Hawai’i. And everyone, even Shaun the barista, knows a good lawyer. Book 2, Denial of Service, is coming out this summer. * Given the rate of change in technology, today’s “thou shalts” are easily next year’s “buggy whip guidance.”

    Read the article

  • WPF Delay Refresh of UI Elements in ItemsControl

    - by Wonko the Sane
    Hello All, The short question is - how can I prevent (delay) a bound UI element from refreshing until I want it to? The longer explanation: I have a process that adds a number of items to an ItemsControl, and then performs some additional calculations on those items using a background thread. This (correctly) updates the items as it goes along. However, I would like to prevent the ItemsControl from updating during a particular calculation, as it performs some reordering of the items before it does additional calculations based on that order, and then returns the items to their original order. I do show a "Please Wait" animation on top of the ItemsControl, with the ItemsControl dimmed down as it is working, but I'd rather not hide the ItemsControl entirely because it gives the user an indication that progress is being made. Thanks, wTs

    Read the article

  • RowFilter.regexFilter multiple columns

    - by twodayslate
    I am currently using the following to filter my JTable RowFilter.regexFilter( Pattern.compile(textField.getText(), Pattern.CASE_INSENSITIVE).toString(), columns ); How do I format my textField or filter so if I want to filter multiple columns I can do that. Right now I can filter multiple columns but my filter can only be of one of the columns An example might help my explanation better: Name Grade GPA Zac A 4.0 Zac F 1.0 Mike A 4.0 Dan C 2.0 The text field would contain Zac A or something similar and it would show the first Zac row if columns was int[]{0, 1}. Right now if I do the above I get nothing. The filter Zac works but I get both Zac's. A also works but I would then get Zac A 4.0 and Mike A 3.0. I hope I have explained my problem well. Please let me know if you do not understand.

    Read the article

  • Is Programming == Math?

    - by moffdub
    I've heard many times that all programming is really a subset of math. Some suggest that OO, at its roots, is mathematically based. I don't get the connection. Aside from some obvious examples: using induction to prove a recursive algorithm formal correctness proofs functional languages lambda calculus asymptotic complexity DFAs, NFAs, Turing Machines, and theoretical computation in general the fact that everything on the box is binary In what ways is programming really a subset of math? I'm looking for an explanation that might have relevance to enterprise/OO development (if there is a strong enough connection, that is). Thanks in advance. Edit: as I stated in a comment to an answer, math is uber important to programming, but what I struggle with is the "subset" argument.

    Read the article

  • Merge Cells Vertically in RTF

    - by Jimmy Johnson
    I need to programmatically generate an RTF document with a table that has a column vertically merged., e.x. ______________________________ | merged | foo | hello | | cell | | | | right |--------|----------| | here | bar | world | |_________|________|__________| I looked up online and found that the codes are \clvmgf and \clvmrg but I can't find a decent example. I made a text rtf using MS word, but there's too much junk rtf codes in it for me to figure it out where to put the \clvmgf and \clvmrg to get this to work. Could someone give me an rtf for above example table with no extraneous rtf codes so I can figure out how \clvmgf and \clvmrg works? Any additional explanation would also be greatly appreciated. Thanks!

    Read the article

  • Genetic algorithms

    - by daniels
    I'm trying to implement a genetic algorithm that will calculate the minimum of the Rastrigin functon and I'm having some issues. I need to represent the chromosome as a binary string and as the Rastrigin's function takes a list of numbers as a parameter, how can decode the chromosome to a list of numbers? Also the Rastrigin's wants the elements in the list to be -5.12<=x(i)<=5.12 what happens if when i generate the chromosome it will produce number not in that interval? I'm new to this so help and explanation that will aid me in understanding will be highly appreciated. Thanks.

    Read the article

  • ActiveMQ, timestamp for broker receiving the message to send

    - by StaxMan
    Ok, as per ActiveMQ docs, it appears that Message.getJMSTimestamp() returns time that client claims it sent the message (with its local clock). And that there is supposedly property "JMSActiveMQBrokerInTime" that is added to Message (see http://activemq.apache.org/activemq-message-properties.html). However, trying to access it on an ActiveMQ 4.1.2 installation gives an error. Does anyone know if this is something that was only added in 5.0 or later? Or is there some other explanation as to where it might have disappeared? Message.getPropertyNames() returns empty enumeration, which could indicate that nothing gets through.

    Read the article

  • Using String+string+string vs using string.replace

    - by Madi D.
    A colleague told me that using the following method: string url = "SomeURL"; string ext = "SomeExt"; string sub = "SomeSub"; string subSub = "moreSub"; string Url = @"http://www." + Url +@"/"+ ext +@"/"+ sub + subSub; is not efficenet (takes more resources) and it is preferred to use the following method: string Url = @"http://www.#URL.#EXT/#sub/#subSub"; string url = "SomeURL"; string ext = "SomeExt"; string sub = "SomeSub"; string subSub = "moreSub"; Url.Replace("#URL",url) Url.Replace("#EXT",ext); Url.Replace("#sub",sub); Url.Replace("#subSub",subSub); Is that true? and what is the explanation behind it?

    Read the article

  • automation of data format conversion to parent child format

    - by silverkid
    This is an excel sheet which has only a single column filled for each row. (explanation : all CITY categories fall under V21 , all handset categories fall under CityJ and so on ) V21 CITYR CITYJ HandsetS HandsetHW HandsetHA LOWER_AGE<=20 LOWER_AGE>20 SMS_COUNT<=0 RECHARGE_MRP<=122 RECHARGE_MRP>122 SMS_COUNT>0 I need to change this format to a double column format with parent and child category format. therefore the output sheet would be V21 CITYR V21 CITYJ CITYJ HandsetS CITYJ HandsetHW CITYJ HandsetHA HandsetHA LOWER_AGE<=20 HandsetHA LOWER_AGE>20 LOWER_AGE>20 SMS_COUNT<=0 SMS_COUNT<=0 RECHARGE_MRP<=122 SMS_COUNT<=0 RECHARGE_MRP>122 LOWER_AGE>20 SMS_COUNT>0 the datas are huge so i cant do them manually . how can i automate this ?

    Read the article

  • How to rollback in EF4?

    - by Jaxidian
    In my research about rolling back transactions in EF4, it seems everybody refers to this blog post or offers a similar explanation. In my scenario, I'm wanting to do this in a unit testing scenario where I want to rollback practically everything I do within my unit testing context to keep from updating the data in the database (yeah, we'll increment counters but that's okay). In order to do this, is it best to follow the following plan? Am I missing some concept or anything else major with this (aside from my SetupMyTest and PerformMyTest functions won't really exist that way)? using (var ts = new TransactionScope()) { // Arrange SetupMyTest(context); // Act PerformMyTest(context); var numberOfChanges = context.SaveChanges(false); // if there's an issue, chances are that an exception has been thrown by now. // Assert Assert.IsTrue(numberOfChanges > 0, "Failed to _____"); // transaction will rollback because we do not ever call Complete on it }

    Read the article

  • CSRF (Cross-site request forgery) attack example and prevention in PHP

    - by Saif Bechan
    I have an website where people can place a vote like this: http://mysite.com/vote/25 This will place a vote on item 25. I want to only make this available for registered users, and only if they want to do this. Now I know when someone is busy on the website, and someone gives them a link like this: http://mysite.com/vote/30 then the vote will be places for him on the item without him wanting to do this. I have read the explanation on the OWASP website, but i don't really understand it Is this an example of CSFR, and how can I prevent this. The best thing i can think off is adding something to the link like a hash. But this will be quite irritating to put something on the end of all the links. Is there no other way of doing this. Another thing can someone maybe give me some other example of this, because the website seems fairly fugue to me.

    Read the article

  • Changing ActiveRecord attribute value in before_save hook

    - by fifigyuri
    I needed to fix the encoding of an ActiveRecord attribute and decided to do it in a before_save hook. And at this point I noticed an unexpected feature. When I wanted to change the value of the attribute, simple using the attribute_name=XY did not work as I expected. Instead of that I needed to use self[:attribute_name]=XY. So far did not recognise this behaviour and I used AR.attribute_name=XY. What is the reason for this? Does this behaviour relate to the hook or something else? Thanks for explanation.

    Read the article

  • Question about "ASP.NET 3.5 Social Networking" by Andrew Siemer (from Packt Publishing)

    - by user287745
    am currently reading a book, which has explanation of making a social website. ASP.NET 3.5 Social Networking https://www.packtpub.com/expert-guide-for-social-networking-with-asp-.net-3.5/book On page 41 I noticed that the images of the solution explorer given in the text, indicate that windowsformapplication[PROJECT] has been used instead of WebForms[create new website]. there are no webforms? how would the end result be a site? what is happening here?? the name of the book is, ASP.NET 3.5 Social Networking, please refer to page 41, thanks note:- i have always made websites which needs hosting and be accessible from other computers using webforms[create new website] which has web.config file app_data etc..... please help thank you.

    Read the article

  • parsing a list and producing a structure of that

    - by qzar
    ;; structure representing homework points ;; nr: number - the number of the homework ;; points: number - the number of points reached (define-struct homework (nr points)) ;; parse-homework: (list of number pairs) -> (list of homework) ;; The procedure takes a list of number pairs and produces a list of homework structures ;; Example: (parse-homework (list (list 1 6) (list 2 7) (list 3 0))) should produce (list (make-homework 1 6) (make-homework 2 7) (make-homework 3 0)) (define (parse-homework homework-entries) (if (and (= (length (first homework-entries) 2))(= (length (parse-homework (rest homework-entries)) 2))) (make-homework (first homework-entries) (parse-homework (rest homework-entries))) (error 'Non-valid-input "entered list is not of length two")) ) (parse-homework (list (list 1 6) (list 2 7) (list 3 0))) This code produces the error length: expects 1 argument, given 2: (list 1 6) 2 I really appreciate every explanation that you can give me to get in in this scheme-stuff... Thank you very much

    Read the article

  • jquery cycle "allowPagerClickBubble: true" not quite working

    - by Shelagh
    Hi all, I want my page anchors to work as menu links so I used this code: $(function() { $('#slideshow').cycle({ slideExpr: 'img', fx: 'fade', speed: 2000, timeout: 4000, pager: '#nav', pagerEvent: 'mouseover', pauseOnPagerHover: true, pagerAnchorBuilder: function(idx, slide) { // return sel string for existing anchor return '#nav li:eq(' + (idx) + ') a'; }, allowPagerClickBubble: true }); }); If you click the right mouse button, you can choose to open the links and they do open just fine but a normal left button click does nothing. The thing is, they WERE working so I went to work on supposedly unrelated parts of the website and at some point the left mouse button click stopped working. Any ideas what I might have done? Left button clicking still works for everything else on the site so its not some global setting. The cycle is here if my explanation is not clear: http://www.mcguirenaturals.ca/index.php Thanks for any help

    Read the article

  • Grails GORM (Hibernate) query

    - by bsreekanth
    Hello, I'm trying to do the below sql statement in GORM select * from table1 where table1.x not in (select x from table 2 where y='something'); so, I have two tables, and needs to find the entries from table 1 which are not in table 2. In Grails def xx= table2.findByY('something') def c = table1.createCriteria() def result= c.list { not ( in('x', xx) ) } the syntax is wrong, and I'm not sure how to simulate not in sql logic. As a learning point, if someone can also tell me why minus (-) operator in grails/groovy doesn't work with list. I tried getting x and y seperately, and doing x.minus(y), but it doesn't change the list. I saw an explanation at http://stackoverflow.com/questions/1754576/groovy-on-grails-list-not-working , but I would expect the list defined are local. thank you so much.

    Read the article

  • How can I resolve exception: Error executing child request for ChartImg.axd

    - by macleojw
    I'm using the Chart Controls for Mircosoft .NET Framerwork. Most of the time they work perfectly. However, if I leave a page for longer than 20-30 mins and then try to refresh the page, I get an error saying: Error executing child request for ChartImg.axd. Exception Details: System.Web.HttpException: Error executing child request for ChartImg.axd. If I update the page using an AJAX update panel I get the following error: Sys.WebForms.PageRequestManagerServerErrorException: Error executing child request for ChartImg.axd It seems that the chart handler stops after a period of inactivity. Most of the webpages I've looked at for this error are for situations when this error is displayed all the time. In my case it is only displayed after a period of inactivity. Can someone provide a better explanation of what is happening and suggest a solution?

    Read the article

  • SQL Server 2005 high memory usage and performance problems

    - by emzero
    Hi there guys. I have this ASP.NET/SQLServer2005 website running on a production server (Win2003, QuadCore, 4GB). The site runs smoothly normally, but after 2-3 weeks I notice a slow performance on the site (especifically in one particular page). Also I notice that the SQL Server process is using like 2GBs of RAM. So I restart the service, the site runs fast again and the process 300-400MBs. I'm looking for an explanation of why is this happening? What is SQL Server storing in RAM that takes too much space and degrades the performance? What can I do to avoid this? I'm trying to avoid restarting the SQLServer everytime this happens. Thank you!

    Read the article

< Previous Page | 37 38 39 40 41 42 43 44 45 46 47 48  | Next Page >