Search Results

Search found 140 results on 6 pages for 'angelo hannes'.

Page 5/6 | < Previous Page | 1 2 3 4 5 6  | Next Page >

  • SQL Server 2008 Management Studio Activity Monitor

    - by Angelo
    Hi, I tried to turn on the Activity Monitor using SQL Server 2008 Management Studio (SSMS) through the options window of the application (Tools | Options | Environment | General | At Startup). I restarted SSMS and I am getting the following message: "This operation does not support connections to Microsoft SQL Server Standard Edition version 8.00.2249." I need to be able to monitor the processes and activities inside the database since I am investigating a particular application which takes a lot of time in its database data retrieval access and I am thinking it may be due to some locks or some processes. How do I resolve this? Inputs highly appreciated. Thanks.

    Read the article

  • Can this be done in 1 line? [PHP]

    - by Angelo
    Can this be done in 1 line with PHP? Would be awesome if it could: $out = array("foo","bar"); echo $out[0]; Something such as: echo array("foo","bar")[0]; Unfortunately that's not possible. Would it be possible like this? So I can do this for example in 1 line: echo array(rand(1,100), rand(1000,2000))[rand(0,1)];

    Read the article

  • JavaScript - Multiple signals received after click

    - by Angelo A
    I'm creating a webapp using jQueryMobile. When I'm using the app and I click a button it runs the script multiple times. For example: I have a submit button: <input type="submit" id="login-normal" value="Login" /> And I have this JavaScript for debugging on which this error occurs: $("input#login-normal").live('click',function() { console.log("Test"); }); On the very first click it works (and it goes to another screen for example), but when I go back to that screen and I click again, it outputs multiple console.logs

    Read the article

  • jQuery trigger custom event synchronously?

    - by Miguel Angelo
    I am using the jQuery trigger method to call an event... but it behaves inconsistently. Sometimes it call the event, sometimes it does not. <a href="#" onclick=" $(this).trigger('custom-event'); window.location.href = 'url'; return false; ">text</a> The custom-event has lots of listeners added to it. It is as if the trigger method is not synchronous, allowing the window.location.href be changed before executing the events. And when window.location.href is changed a navigation occurs, interrupting everything. How can I trigger events synchronously? Using jQuery 1.8.1. Thanks! EDIT I have found that the event, when called has a stack trace like this: jQuery.fx.tick (jquery-1.8.1.js:9021) tick (jquery-1.8.1.js:8499) jQuery.Callbacks.self.fireWith (jquery-1.8.1.js:1082) jQuery.Callbacks.fire (jquery-1.8.1.js:974) jQuery.speed.opt.complete (jquery-1.8.1.js:8991) $.customEvent (myfile.js:28) This proves that jQuery trigger method is asynchronous. Oohhh my... =\

    Read the article

  • links for 2011-01-13

    - by Bob Rhubart
    Webcast: Oracle WebCenter Suite: Giving Users a Modern Experience Speakers: Vince Casarez (VP Enterprise 2.0 Product Management, Oracle),  Erin Smith (Consulting Practice Manager – Portals, Oracle), Robert Wessa (Consulting Technical Director – Enterprise 2.0 Infrastructure, Oracle)  (tags: oracle otn webcenter webcast enterprise2.0) Oracle & StickyMinds.com Webcast: Load Testing Techniques for Enterprise Applications Mughees Minhas, Senior Director of Product Management, Oracle Server Technologies, answers your questions about the latest techniques for effectively and efficiently testing enterprise application performance. Thursday, January 20, 2011. 10am PT / 1pm ET. (tags: oracle otn stickymings webcast) Bay Area Coherence Special Interest Group (BACSIG) Jan 20, 5:30pm - 8:00pm PT. Presentations: Coherence 3.6 Clustering Features (Rob Lee), Efficient Management and Update of Coherence Clusters to Reduce Down Time ( Rao Bhethanabotla), How To Build a Coherence Practice (Christer Fahlgren). (tags: oracle, otn coherence bacsig) Podcast Show Notes: William Ulrich and Neal McWhorter on Business Architecture (ArchBeat) A four-part interview with the authors of  "Business Architecture: The Art and Practice of Business Transformation"  (tags: oracle otn podcast businessarchitecture) John Brunswick: Overlapping Social Networks in your Enterprise? Strategies to Understand and Govern "Overall it is important to consider if tacit knowledge being captured by the social systems is able to be retained and somehow summarized into an overall organizational directory." - John Brunswick (tags: oracle otn enterprise2.0 socialnetworking) Coherence - How to develop a custom push replication publisher (Middlewarepedia) Cosmin Todur describes "a way of developing a custom push replication publisher that publishes data to a database via JDBC."  (tags: oracle coherence grid) Aino Andriessen: Oracle Diagnostics Logging (ODL) for application development "Logging is a very important aspect of application development as it offers run-time access to the behaviour and data of the application. It’s important for debugging purposes but also to investigate exception situations on production." -- Aino Andriessen (tags: oracle odl java jdeveloper weblogic) Security issues when upgrading a Web Catalog from 10g to 11g Oracle BI By Bakboord "I blogged about upgrading from Oracle BI EE 10g to Oracle BI EE 11g R1 earlier. Although this is a very straight forward process, you could end up with some security issues." -- Daan Bakboord (tags: oracle businessintelligence obiee) Angelo Santagata: SOA Composite Sensors : Good Practice "A good best practice is that for any composites you create, consider publishing a composite sensor value using a primary key of some sort , e.g. orderId, that way if you need to manipulate/query composites you can easily look up the instanceId using the sensorid." - Angelo Santagata (tags: oracle soa sca) Javier Ductor: WebCenter Spaces 11g PS2 Task Flow Customization "Previously, I wrote about Spaces Template Customization. In order to adapt Spaces to customers prototype, it was necessary to change template and skin, as well as the members task flow. In this entry, I describe how to customize this task flow." - Javier Ductor (tags: oracle otn enterprise2.0 webcenter) RonBatra's blog: Cloud Computing Series: VI: Industry Directions "When someone says their 'Product/Solution is in the Cloud,' ask them basic questions to seperate the spin from the reality. I would start with 'tell me what that means' and see which way the conversation goes." - Oracle ACE Director Ron Batra (tags: oracle otn oracleace cloud) First JSRs Proposed for Java EE 7 (The Java Source) With the approval of Java SE 7 and Java SE 8 JSRs last month, attention is now shifting towards the Java EE platform. (tags: oracle java jsr javaee)

    Read the article

  • SPARC M7 Chip - 32 cores - Mind Blowing performance

    - by CarylTakvorian-Oracle
    Now that we've just announced our Next Generation Processor at the HotChips HC26 conference , my colleague Angelo Rajadurai has a great write-up on what was announced and what this could mean for our ISV partners, covering in particular the SPARC M7 new Software-in-Silicon features such as Application Data Integrity and the In-Memory Query Accelerator. During the same presentation we also introduced the SPARC Accelerated Program to provide our partners and third party developers access to all the goodness of the M7's SPARC Application Acceleration features. Please get in touch with us if you are interested in knowing more about this program.

    Read the article

  • What You Said: Your Tech Spring Cleaning Routines

    - by Jason Fitzpatrick
    Earlier this week we asked you to share your tech spring cleaning routine; now we’re back to highlight your tips, tricks, and techniques. What tools rule the spring cleaning roost? Compressed air and microfiber cloths are the tools of choice by a wide margin. D^Angelo highlights the software and physicals tools he uses: Backup all the important stuff just to be safe (c:/, my documents, desktop, drivers) Cleaning the dust with some office depot compressed air, avoiding spinning the fans. Use a brush for that small places (fans, memory, capacitors, etc). Use some dielectric spray on the motherboard. If the pc turned on without problems its time to use ccleaner, Check if there is a toolbar installed or another unusual software that I don’t want. Run my antivirus software or malwarebytes; some defraggler maybe. Make Your Own Windows 8 Start Button with Zero Memory Usage Reader Request: How To Repair Blurry Photos HTG Explains: What Can You Find in an Email Header?

    Read the article

  • Oracle Solaris 11 Developer Webinar Series

    - by Larry Wake
    This coming Tuesday, a new series of webcasts (not to be confused with a series of tubes) is kicking off, aimed at developers. Register today Next week's session covers IPS and related topics: What: Modern Software Packaging for Enterprise Developers When: Tuesday, March 27, 9 AM Pacific Who: Eric Reid, Oracle Systems ISV Engineering We've got several more queued up -- here's the full schedule, with registration links for each one. Or, see the series overview, which includes a link to a "teaser" preview of all the sessions. Topic Date (all sessions 9 AM Pacific) Speaker Modern Software Packaging for Enterprise Developers March 27th Eric Reid (Principal Software Engineer) Simplify Your Development Environment with Zones, ZFS & More April 10th Eric Reid (Principal Software Engineer)Stefan Schneider (Chief Technologist, ISV Engineering) Managing Application Services – Using SMF Manifests in Solaris 11 April 24th Matthew Hosanee (Principal Software Engineer) Optimize Your Applications on Oracle Solaris 11: The DTrace Advantage May 8th Angelo Rajadurai (Principal Software Engineer) Maximize Application Performance and Reliability on Oracle Solaris 11 May 22nd Ikroop Dhillon (Principal Product Manager) Writing Oracle Solaris 11 Device Drivers June 6th Bill Knoche (Principal Software Engineer)

    Read the article

  • Oracle Outsourced Repair Solution: The “Control Tower” for the Reverse Supply Chain

    - by John Murphy
    By Hannes Sandmeier, Vice President of cMRO and Depot Repair Development Smart businesses are increasing their focus on core competencies and aggressively cutting costs in their supply chains. Outsourcing repairs can enable a business to focus on what they do best and most profitably while delivering top-notch customer service through partners that specialize in reverse logistics and repair. A well managed “virtual service organization” can deliver fast turn times, lower costs and high customer satisfaction. A poorly managed partner network can deliver disaster for your business. Managing a virtual service organization requires accurate, real-time information and collaboration tools that enable smart, informed and immediate corrective action. To meet this need, Oracle has released the Oracle Outsourced Repair Solution to provide the “control tower” for managing outsourced reverse supply chain operations from customer complaint through remediation to partner claim settlement. The new solution provides real-time visibility to return status, location, turn time, discrepancies and partner performance. Additionally, its web portals allow partners and carriers to view assigned work, request parts, enter data, capture time and submit claims. Leveraging the combined power of Oracle E-Business Suite and Oracle E-Business Suite Extensions for Oracle Endeca, the Oracle Outsourced Repair Solution provides a comprehensive set of tools that range from quick online partner registration to partner claim reconciliation, from capturing parts and labor to Oracle Cost Management and Financials integration, and from part requisition to waste and hazmat controls. These tools empower service operations managers to: · Increase customer satisfaction Ensure customers are satisfied by holding partners accountable for the speed and quality of repairs, and taking immediate corrective action when things go wrong · Reduce costs: Remove waste from the repair process using accurate job cost and cost breakdown data · Increase return velocity: Users have the tools to view all orders in flight and immediately know the current location, status, owner and contact point for repairs so as to be able to remove bottlenecks, resolve discrepancies and manage escalations The Oracle Outsourced Repair Solution further demonstrates Oracle’s commitment to helping supply chain professionals and service managers deliver high customer satisfaction at the lowest cost. For more information on the Oracle Outsourced Repair Solution, visit here. 

    Read the article

  • Building Great-Looking, Usable Apps: A two-day workshop applying Oracle’s best UX practices in ADF

    - by mvaughan
    By Misha Vaughan, Oracle Applications User ExperienceI have been with Oracle for more than 12 years. It is a company that has granted me extraordinary creative freedom to help deliver compelling experiences for customers.I am beyond proud to talk about one of the experiences we just took for a test drive. Recently, we delivered a first-of-its-kind, three-team collaboration, train-the-trainer event in Reading, U.K., on building great-looking, usable apps based on Oracle Fusion Applications -- using the ADF tool kit. A new kind of workshopKevin Li, Platform Product Director, asked the Oracle Applications User Experience VP, Jeremy Ashley, if the team had anything to help partners and customers build applications that looked like Fusion. He was receiving this request from European partners and customers.Some quick conversations ensued, and the idea for the workshop was born: We would conduct an experiment.  We would work with feedback from the key Platform Technology Solutions (PTS) trainers under Andre Pavanello, Director, Platform Technology Solutions, in Europe, Middle East, and Africa. We would partner with the ADF team lead by Grant Ronald, Director of Product Management, title> and leverage the Applications UX expertise in Ashley’s team.The goal: Create a pilot workshop that in two days would explain to an ADF developer how to leverage the next-generation user experience best-practices developed for Fusion Apps. Why? Customers who need integrations with Oracle Fusion Applications, who are looking for custom applications that need to co-exist with Fusion, or who quite simply want a next-generation design for a custom app, need their solutions to reflect the next-generation research and design.Building an event for an ADF developerThe biggest hurdle was figuring out where to start.  How far into user experience country do you take an ADF developer? How far into ADF do you need to go if you are a UX professional?After some time in the UX kitchen, the workshop recipe looked like this: Mix equal parts: Fusion user experience design principles and functional design patterns The art and science behind UX How to wireframe designs that you can build in Fusion How to translate those designs into an ADF application Ultan O’Broin, Director of Global User Experience, explaining the trouble ticket wireframe design exerciseLynn Munsinger, Senior Group Product Manager, explaining the follow-on trouble ticket ADF coding exercise For spice, add:•    Debra Lilley, Fujitsu and ACE director, showcasing some of the latest ADF design work in the new face of Fusion Applications •    Partner show-and-tell of example apps they have built with FMW and ADF that are dynamic, beautiful, and interactive.Debra Lilley, Oracle ACE Director and Fujitsu Fusion Champion on the new face of Fusion built with ADF and Fusion extensibility with composers as a window into “the possible”?The taste testThis first go-round of the workshop was aimed squarely at ADF developers and partners.  We were privileged to have participation and feedback from:•    Sten Vesterli, Scott/Tiger S. A., Denmark•    John Sim, Fishbowl Solutions, UK•    Josef Huber, Primus Delphi Group, Munich•    Thaddaus Weindl, Primus Delphi, Group , Munich•    Praveen Pillalamarri, EiS Technologies, Bangalore•    Balaji Kamepalli, EiS Technologies, Bangalore•    Plinio Arbizu, Services & Processes Solutions S. A., Mexico•    Yannick Ongena, infoMENTUM, UK•    Jakub Ciszek, infoMENTUM, UK•    Mauro Flores, infoMENTUM, UK•    Matteo Formica, infoMENTUM, UKRichard Bingham, Oracle, Mauro Flores and Matteo Formica, infoMENTUMWhy is this so exciting?  Oracle has invested heavily in the research and development of the Oracle Fusion Applications user experience. This investment has been and continues to be applied across the product lines. Now, we finally get to teach customers and partners how to take advantage of this investment for custom solutions.This event was a pilot to test-drive the content, as well as a train-the-trainer event that our EMEA colleagues will be using with partners who want to build with Fusion Apps design patterns.What did attendees think?"I liked most the science stuff, like eye-tracking, design patterns and best-practice (color, contrast),” Josef Huber said. “It was a very good introduction to UI design, and most developers and project managers are very bad in that.  So this course would be good for all developers and even project managers." Team Anonymous: John Sim, Fishbowl Solutions, Flavius Sana, Oracle, Josef Huber, infoMENTUM, Mireille Duroussaud, Oracle. Winners of the wireframing design exercise.  Sten Vesterli, of Scott/Tiger, said he attended to learn techniques he could use in his own projects. He wants to ensure that his applications better meet the needs of his users, and he said sessions during the workshop on user interface design and wireframing were most useful to him.  “Go to this event to learn the art and science of good user interfaces from people who really know how to do it,” he said.Sten Vesterli, Scott/Tiger, Angelo Santagata, Oracle Plinio Arbizu said the workshop fulfilled his goals, thanks to the recommendations given in how to design user interfaces to facilitate the adoption of applications among the final users. “The workshop combined these recommendations with an exercise that improved the technical comprehension, permitting the usage of JDeveloper to set forth our solutions,” he said. He added: “The first session that I really enjoyed was the five Fusion design principles. It was incredible to discover how these simple principles were included in an inherit manner in Fusion Applications, and I had been using many of them applying only ADF components.  Another topic that I enjoyed a lot was the eight recommendations about the visual design of UIs. The issues that were raised in that lesson are unknown to the developers and of great value to achieve an attractive presentation layer to the end users.  Participate in this workshop, and include these usability features in your projects and in this manner not only to facilitate and improve the user productivity, but also to distinguish you as a professional who takes advantage fully of the functionalities offered by Oracle technology. Praveen Pillalamarri came to the workshop to learn about the difficulties faced in UI and UX development, and how this can be resolved with the help of ADF.  He also appreciated the opportunity to talk with other individuals who came to the workshop. Pillalmarri said, “The way we looked at things in terms of work and projects were sharpened.  UI and UX design knowledge shared by you was quite interesting, especially the minute things which we ignored in the UI or UX design.” Plinio Arbizu, Services & Processes Solutions S. A., Richard Bingham, Oracle, Balaji Kamepalli, & Praveen Pillalamarri, EiS TechnologiesReady to spread the wordIn EMEA, Oracle customers and partners have access to three world-class trainers via Platform Technology Solutions: Mireille Duroussaud, Flavius Sana, and Angelo Santagata. Contact Andre Pavanello if you like to experience this workshop firsthand, or you have customers or partners who would benefit from the training.We are looking to bring the event to the U.S. in spring 2013. If you have interest in this kind of a workshop, leave a comment below. For those who want to follow the action, join the ADF Enterprise Methodology Group run by Oracle’s Chris Muir. Ask questions and continue with the conversation in this forum, or check blogs.oracle.com/usableapps for topics emerging from the workshop.

    Read the article

  • How to register a QueryExecuterFactory in jasper reports in java

    - by Bosso
    Hi, I implemented JRQueryExecuter and want to use it in a report. Using iReport I managed to register and use the executer. Now I want to use it in a java application, but I can't find any resources how to register the factory. I thought it's enough to have the implementation in the classpath, but I get the following exception: Caused by: net.sf.jasperreports.engine.JRException: No query executer factory class registered for tmql queries. at net.sf.jasperreports.engine.query.DefaultQueryExecuterFactoryBundle.getQueryExecuterFactory(DefaultQueryExecuterFactoryBundle.java:80) at net.sf.jasperreports.engine.util.JRQueryExecuterUtils.getQueryExecuterFactory(JRQueryExecuterUtils.java:57) at net.sf.jasperreports.engine.design.JRDesignDataset.queryLanguageChanged(JRDesignDataset.java:1006) Can anybody give me a hint? regards Hannes

    Read the article

  • Subversion for web designer: repository on a network share and ftp to the live server?

    - by ceatus
    My configuration: htdocs on a windows network share (z:) web developers check out with dreamweaver modify and check in back to the drive z LAMP running on a Ubuntu server virtualized on Hyper-V with apache that point on the z drive for dev in order to test the websites Upload by FTP on the live server Now: I need multiple access to the repository, keep them on a network shares and we manage about 200 websites. All the web developers, administrators and IT need to access to the share. I found out that creating a svn server is the best way for me, so I created it on a Ubuntu Server which is virtualized on Hyper-V. Right now I have the repos local on the Ubuntu Server but I'd like them on my network drive and I'd like to have a post-commit, if possible, in order to ftp directly on my live server. Do you guys think that a WebDav solution would be better? Thanks in advance Angelo

    Read the article

  • Reminder: ATG Live Webcast June 29th: Reducing TCO Using Oracle E-Business Suite Management Packs

    - by Steven Chan (Oracle Development)
    Reminder: Our next ATG Live Webcast is happening tomorrow, Thursday, June 29th: How to Reduce TCO Using Oracle E-Business Suite Management Packs This one-hour webcast provides an overview of how EBS sysadmins can make their lives easier with the Management Packs for Oracle E-Business Suite Release 12.x. This session will highlight key features in Applications Management Pack (AMP) and Applications Change Management Pack (ACMP) that can automate or streamline some of the tasks needed to: Manage your EBS system configurations Monitor your EBS environment's performance and uptime Keep multiple EBS environments in sync with their patches and configurations Create patches for your EBS customizations and apply them with Oracle's own patching tools There will also be a special mention of Oracle E-Business Suite Adapter. How to Reduce TCO Using Oracle E-Business Suite Management Packs Date: Thursday, June 30, 2011 Time: 8:00 AM - 9:00 AM Pacific Standard Time (4.00 PM - 5.00 PM GMT) Presenters: Angelo Rosado, Product Manager, ATG Development Registration Link to Webcast Event Dial-in Numbers: U.S. Participants: 877-697-8128 International Participants: 706-634-9568 Passcode: You will receive this with your registration confirmation. Related Articles Oracle E-Business Suite Plug-in 4.0 Released for OEM 11g (11.1.0.1) ATG Live Webcast Replay Available: EBS 12 OAF Rich UI Enhancements WebCast Replay Available: Deploying Oracle VM Templates for E-Business Suite and PeopleSoft

    Read the article

  • Fusion Middleware Summer Camps & advanced partner trainings

    - by JuergenKress
    For Specialized partners who are working on following projects & opportunities, we offer these advanced summer camps: BPM Suite 11 ADF 11g WebCenter Portal WebLogic 12c SOA Suite 11g ADF for BPM Suite 11 WebCenter Sites 11g All training sessions will be from HQ product management and our PTS team. The sessions will take place in July in Lisbon Portugal and Munich Germany. . Participation is limited to two people per company and bootcamp. Registration is handled by first come first serve, please pay attention to the skill requirements, the pre-requisitions and the follow up! We will not accept people onto the training who do not match the criteria! Lisbon: Monday, July 9th 11:00AM - Friday July 13th 16:00 PM (Lisbon time) BPM Suite 11g advanced training by David Read ADF 11g advanced training by Grant Ronald and Frank Nimphius WebCenter Portal advanced training by Stefan Krantz and Angelo Santagata WebLogic 12c training by Cosmin Tudor Munich: Monday, July 16th 11:00 AM - Wednesday July 18th 16:00 PM (CET) SOA Suite 11g advanced training by Niall Commiskey ADF for BPM Suite 11g advanced training by David Read WebCenter Sites 11g advanced training by Product Management & PTS Cost: Free of charge, cancelation or no-show fee 2.000€. Bootcamps are limited to 20 persons first come first serve. For details and registration please visit Lisbon registration page: & Munich registration page Quotes summer camps 2011 “From zero to hero with this BPM workshop" Steven Boon, Ordina. “This is the training that prepares for real projects and POCs"Jon Petter Hjulstad, eVita - blog & twitter Impressions summer camps 2011 SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: summer camps,OFM summer camps,training,education,SOA Community,Oracle SOA,Oracle BPM,BPM Community,OPN,Jürgen Kress

    Read the article

  • Fusion Middleware Summer Camps - advanced partner trainings

    - by JuergenKress
    For Specialized partners who are working on following projects & opportunities, we offer these advanced summer camps: BPM Suite 11 ADF 11g WebCenter Portal WebLogic 12c SOA Suite 11g ADF for BPM Suite 11 WebCenter Sites 11g All training sessions will be from HQ product management and our PTS team. The sessions will take place in July in Lisbon Portugal and Munich Germany. . Participation is limited to two people per company and bootcamp. Registration is handled by first come first serve, please pay attention to the skill requirements, the pre-requisitions and the follow up! We will not accept people onto the training who do not match the criteria! Lisbon: Monday, July 9th 11:00AM - Friday July 13th 16:00 PM (Lisbon time) BPM Suite 11g advanced training by David Read ADF 11g advanced training by Grant Ronald and Frank Nimphius WebCenter Portal advanced training by Stefan Krantz and Angelo Santagata WebLogic 12c training by Cosmin Tudor Munich: Monday, July 16th 11:00 AM - Wednesday July 18th 16:00 PM (CET) SOA Suite 11g advanced training by Niall Commiskey ADF for BPM Suite 11g advanced training by David Read WebCenter Sites 11g advanced training by Product Management & PTS Cost: Free of charge, cancelation or no-show fee 2.000€. Bootcamps are limited to 20 persons first come first serve. For details and registration please visit Lisbon registration page: & Munich registration page Quotes summer camps 2011 “From zero to hero with this BPM workshop" Steven Boon, Ordina. “This is the training that prepares for real projects and POCs"Jon Petter Hjulstad, eVita - blog & twitter Impressions summer camps 2011 WebLogic Partner Community For regular information become a member in the WebLogic Partner Community please visit: http://www.oracle.com/partners/goto/wls-emea ( OPN account required). If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Wiki Technorati Tags: WebLogic,WebLogic Community,Java Message Service,Java Spring,Summer Camps,education

    Read the article

  • ORACLE Fusion Middleware Summer Camps in Lisbon: Includes Advanced ADF Training by Oracle Product Management

    - by Frank Nimphius
    From July 9th - JUly 13th 2012, Frank Nimphius and Grant Ronald from the JDeveloper and ADF Product Management team present an 4 1/2 day advanced ADF Training Lisbon for the EMEA Oracle SOA Community. The training runs in parallel to an advanced WebCenter training giving you a chance to network with your peers during breaks and lunch. See below announcement by the ORACLE EMEA SOA Community for details:For Specialized partners who are working on following projects & opportunities, we (Oracle) offer these advanced summer camps:    ADF 11g     WebCenter Portal     SOA Suite 11g     ADF for BPM Suite 11     WebCenter Sites 11g All training sessions will be from HQ product management and our PTS team. The sessions will take place in July in Lisbon Portugal and Munich Germany. . Participation is limited to two people per company and bootcamp. Registration is handled by first come first serve, please pay attention to the skill requirements, the pre-requisitions and the follow up! We will not accept people onto the training who do not match the criteria!Lisbon: Monday, July 9th 11:00AM - Friday July 13th 16:00 PM (Lisbon time) ADF 11g advanced training by Grant Ronald and Frank Nimphius WebCenter Portal advanced training by Stefan Krantz and Angelo Santagata Cost: Free of charge, cancelation or no-show fee 2.000€Bootcamps are limited to 20 persons first come first serveFor details and registration please visit Lisbon registration page

    Read the article

  • May In Review

    - by Richard Bingham
    Content Highlights Our Application Composer series had fresh articles on the related internal data model and lots more on Groovy, including how to manipulate your data and a useful table showing you when and where groovy scripting can be used. For those just getting started with Fusion Applications user security, this article gave some handy examples to get your going. Jani's Java Cloud Service series continued strongly, with examples of integration using ADFbc, a Web Service Proxy client, and the ADF Data Control. From Other Teams The Oracle A-Team provided a broad set of articles during May, with various topics related to Fusion Applications including patching and performance management for on-premises deployments, and generic content on both integration and data extraction via web services. As part of their presentation to Oracle Israel User Group, our AppsUX colleagues explained the fresh new type of interface to Oracle Sales, through the voice mobile apps. This was in addition to demonstrations of the newer Release 8 Simplified UI customization options. Finally Angelo, our colleague in Platform Technical Services, explained in his blog how to use the findCriteria element included in all Oracle Sales web services to reduce the data returned, making response payloads much more specific, lightweight and therefore usable. Events and Announcements Oliver explained in this post about the new set of code samples on OTN for extending Sales Cloud using Oracle Platform as a Service. In addition, a new set of cloud developer documentation was released to provide more guided-learning on extending Oracle Sales Cloud with Oracle Platform as a Service (PaaS) services. This illustrative content is mainly as downloadable PDFs, and include topics covering sales cloud extensibility basics, using web services from JDeveloper (including security), using PaaS for SaaS development, and ADF (including mobile).

    Read the article

  • JavaOne 2012 Day 1

    - by Geertjan
    Day 1, Sunday, started the night before for those attending the NetBeans Party at Johnny Foley's: Invitations had been sent out prior to the party to all speakers for NetBeans Day, as well as speakers in JavaOne sessions where NetBeans is going to be used. That turns out to be around 40 people, who hung out until quite late, with snacks and drinks. Next day, NetBeans Day had most sessions with completely packed rooms, which means there were around 300 people! Panel discussions around central themes in the NetBeans ecosystem (Java EE, JavaFX, and NetBeans Platform) were held, which resulted in a whole bunch of people up on stage throughout the day, such as this group of speakers in the Java EE session: From left to right above you see Sean Comerford from ESPN.com, John Yeary the Java EE panel moderator and JUG lead from Greenville, Cagatay Civici the PrimeFaces lead developer, Glenn Holmer long time NetBeans enthusiast (more on him below) from the Weyco Group, and NetBeans/Java EE book author David Heffelfinger. There were panels just like the above for JavaFX and the NetBeans Platform too, with very interesting and dynamic talks, such as one by JavaFX book authors Gail and Paul Anderson, who showed off this brilliant JavaFX/NetBeans Platform mashup: NetBeans Day ended with a good discussion about how to get involved in the NetBeans community, wrapping up with an award ceremony with two very special NetBeans community awards: Then everyone caught buses to the Masonic Auditorium, where 4 hours of keynotes took place. This is what the room looked like: The 4 hours ended with a very well received HTML5/NetBeans demo, showing of NetBeans IDE 7.3 features, by NetBeans director John Ceccarelli. And I liked this slide during an earlier keynote session by Oracle VP Hasan Rizvi: There was really a lot of love for NetBeans during the JavaOne keynote sessions and I don't remember hearing any other IDE being mentioned, in any way at all. Next there was the Duke's Choice Award ceremony, outside the Hilton in a cool lounge area, where, among others, Timon and Angelo from the NetBeans Platform community received their awards for AgroSense and MICE. In between all of the above, I met very many friends from previous conferences, as well as several new ones. It was clearly a great start to the conference. Looking forward to what the rest of the week will bring!

    Read the article

  • JOIN THE ORACLE Fusion Middleware Summer Camps

    - by mseika
    JOIN THE ORACLE Fusion Middleware Summer Camps For Specialized partners who are working on following projects & opportunities, we offer these advanced summer camps: - BPM Suite 11 - ADF 11g - WebCenter Portal - WebLogic 12c - SOA Suite 11g - ADF for BPM Suite 11 - WebCenter Sites 11g All training sessions will be from HQ product management and our PTS team. The sessions will take place in July in Lisbon Portugal and Munich Germany. . Participation is limited to two people per company and bootcamp. Registration is handled by first come first serve, please pay attention to the skill requirements, the pre-requisitions and the follow up! We will not accept people onto the training who do not match the criteria! Lisbon: Monday, July 9th 11:00AM - Friday July 13th 16:00 PM (Lisbon time) - ADF 11g advanced training by Grant Ronald and Frank Nimphius - WebCenter Portal advanced training by Stefan Krantz and Angelo Santagata - WebLogic 12c training by Cosmin Tudor Munich: Monday, July 16th 11:00 AM - Wednesday July 18th 16:00 PM (CET) - ADF for BPM Suite 11g advanced training by David Read - WebCenter Sites 11g advanced training by Product Management & PTS Cost: Free of charge, cancelation or no-show fee 2.000€ Bootcamps are limited to 20 persons first come first serve For details and registration please visit Lisbon registration page: & Munich registration page Quotes summer camps 2011 “From zero to hero with this BPM workshop” Steven Boon, Ordina Linkedin “This is the training that prepares for real projects and POCs” Jon Petter Hjulstad, eVita – blog & twitter SOA & BPM Partner Community registration Please first login at http://partner.oracle.com and then visit: http://www.oracle.com/goto/emea/soa. If you have any questions please contact the Oracle Partner Business Center. If you have questions please feel free to contact us any time! Best regards Jürgen KressOracle EMEA SOA & BPM Partner Adoption EMEATel. +49 89 1430 1479E-Mail: [email protected]

    Read the article

  • Toorcon 15 (2013)

    - by danx
    The Toorcon gang (senior staff): h1kari (founder), nfiltr8, and Geo Introduction to Toorcon 15 (2013) A Tale of One Software Bypass of MS Windows 8 Secure Boot Breaching SSL, One Byte at a Time Running at 99%: Surviving an Application DoS Security Response in the Age of Mass Customized Attacks x86 Rewriting: Defeating RoP and other Shinanighans Clowntown Express: interesting bugs and running a bug bounty program Active Fingerprinting of Encrypted VPNs Making Attacks Go Backwards Mask Your Checksums—The Gorry Details Adventures with weird machines thirty years after "Reflections on Trusting Trust" Introduction to Toorcon 15 (2013) Toorcon 15 is the 15th annual security conference held in San Diego. I've attended about a third of them and blogged about previous conferences I attended here starting in 2003. As always, I've only summarized the talks I attended and interested me enough to write about them. Be aware that I may have misrepresented the speaker's remarks and that they are not my remarks or opinion, or those of my employer, so don't quote me or them. Those seeking further details may contact the speakers directly or use The Google. For some talks, I have a URL for further information. A Tale of One Software Bypass of MS Windows 8 Secure Boot Andrew Furtak and Oleksandr Bazhaniuk Yuri Bulygin, Oleksandr ("Alex") Bazhaniuk, and (not present) Andrew Furtak Yuri and Alex talked about UEFI and Bootkits and bypassing MS Windows 8 Secure Boot, with vendor recommendations. They previously gave this talk at the BlackHat 2013 conference. MS Windows 8 Secure Boot Overview UEFI (Unified Extensible Firmware Interface) is interface between hardware and OS. UEFI is processor and architecture independent. Malware can replace bootloader (bootx64.efi, bootmgfw.efi). Once replaced can modify kernel. Trivial to replace bootloader. Today many legacy bootkits—UEFI replaces them most of them. MS Windows 8 Secure Boot verifies everything you load, either through signatures or hashes. UEFI firmware relies on secure update (with signed update). You would think Secure Boot would rely on ROM (such as used for phones0, but you can't do that for PCs—PCs use writable memory with signatures DXE core verifies the UEFI boat loader(s) OS Loader (winload.efi, winresume.efi) verifies the OS kernel A chain of trust is established with a root key (Platform Key, PK), which is a cert belonging to the platform vendor. Key Exchange Keys (KEKs) verify an "authorized" database (db), and "forbidden" database (dbx). X.509 certs with SHA-1/SHA-256 hashes. Keys are stored in non-volatile (NV) flash-based NVRAM. Boot Services (BS) allow adding/deleting keys (can't be accessed once OS starts—which uses Run-Time (RT)). Root cert uses RSA-2048 public keys and PKCS#7 format signatures. SecureBoot — enable disable image signature checks SetupMode — update keys, self-signed keys, and secure boot variables CustomMode — allows updating keys Secure Boot policy settings are: always execute, never execute, allow execute on security violation, defer execute on security violation, deny execute on security violation, query user on security violation Attacking MS Windows 8 Secure Boot Secure Boot does NOT protect from physical access. Can disable from console. Each BIOS vendor implements Secure Boot differently. There are several platform and BIOS vendors. It becomes a "zoo" of implementations—which can be taken advantage of. Secure Boot is secure only when all vendors implement it correctly. Allow only UEFI firmware signed updates protect UEFI firmware from direct modification in flash memory protect FW update components program SPI controller securely protect secure boot policy settings in nvram protect runtime api disable compatibility support module which allows unsigned legacy Can corrupt the Platform Key (PK) EFI root certificate variable in SPI flash. If PK is not found, FW enters setup mode wich secure boot turned off. Can also exploit TPM in a similar manner. One is not supposed to be able to directly modify the PK in SPI flash from the OS though. But they found a bug that they can exploit from User Mode (undisclosed) and demoed the exploit. It loaded and ran their own bootkit. The exploit requires a reboot. Multiple vendors are vulnerable. They will disclose this exploit to vendors in the future. Recommendations: allow only signed updates protect UEFI fw in ROM protect EFI variable store in ROM Breaching SSL, One Byte at a Time Yoel Gluck and Angelo Prado Angelo Prado and Yoel Gluck, Salesforce.com CRIME is software that performs a "compression oracle attack." This is possible because the SSL protocol doesn't hide length, and because SSL compresses the header. CRIME requests with every possible character and measures the ciphertext length. Look for the plaintext which compresses the most and looks for the cookie one byte-at-a-time. SSL Compression uses LZ77 to reduce redundancy. Huffman coding replaces common byte sequences with shorter codes. US CERT thinks the SSL compression problem is fixed, but it isn't. They convinced CERT that it wasn't fixed and they issued a CVE. BREACH, breachattrack.com BREACH exploits the SSL response body (Accept-Encoding response, Content-Encoding). It takes advantage of the fact that the response is not compressed. BREACH uses gzip and needs fairly "stable" pages that are static for ~30 seconds. It needs attacker-supplied content (say from a web form or added to a URL parameter). BREACH listens to a session's requests and responses, then inserts extra requests and responses. Eventually, BREACH guesses a session's secret key. Can use compression to guess contents one byte at-a-time. For example, "Supersecret SupersecreX" (a wrong guess) compresses 10 bytes, and "Supersecret Supersecret" (a correct guess) compresses 11 bytes, so it can find each character by guessing every character. To start the guess, BREACH needs at least three known initial characters in the response sequence. Compression length then "leaks" information. Some roadblocks include no winners (all guesses wrong) or too many winners (multiple possibilities that compress the same). The solutions include: lookahead (guess 2 or 3 characters at-a-time instead of 1 character). Expensive rollback to last known conflict check compression ratio can brute-force first 3 "bootstrap" characters, if needed (expensive) block ciphers hide exact plain text length. Solution is to align response in advance to block size Mitigations length: use variable padding secrets: dynamic CSRF tokens per request secret: change over time separate secret to input-less servlets Future work eiter understand DEFLATE/GZIP HTTPS extensions Running at 99%: Surviving an Application DoS Ryan Huber Ryan Huber, Risk I/O Ryan first discussed various ways to do a denial of service (DoS) attack against web services. One usual method is to find a slow web page and do several wgets. Or download large files. Apache is not well suited at handling a large number of connections, but one can put something in front of it Can use Apache alternatives, such as nginx How to identify malicious hosts short, sudden web requests user-agent is obvious (curl, python) same url requested repeatedly no web page referer (not normal) hidden links. hide a link and see if a bot gets it restricted access if not your geo IP (unless the website is global) missing common headers in request regular timing first seen IP at beginning of attack count requests per hosts (usually a very large number) Use of captcha can mitigate attacks, but you'll lose a lot of genuine users. Bouncer, goo.gl/c2vyEc and www.github.com/rawdigits/Bouncer Bouncer is software written by Ryan in netflow. Bouncer has a small, unobtrusive footprint and detects DoS attempts. It closes blacklisted sockets immediately (not nice about it, no proper close connection). Aggregator collects requests and controls your web proxies. Need NTP on the front end web servers for clean data for use by bouncer. Bouncer is also useful for a popularity storm ("Slashdotting") and scraper storms. Future features: gzip collection data, documentation, consumer library, multitask, logging destroyed connections. Takeaways: DoS mitigation is easier with a complete picture Bouncer designed to make it easier to detect and defend DoS—not a complete cure Security Response in the Age of Mass Customized Attacks Peleus Uhley and Karthik Raman Peleus Uhley and Karthik Raman, Adobe ASSET, blogs.adobe.com/asset/ Peleus and Karthik talked about response to mass-customized exploits. Attackers behave much like a business. "Mass customization" refers to concept discussed in the book Future Perfect by Stan Davis of Harvard Business School. Mass customization is differentiating a product for an individual customer, but at a mass production price. For example, the same individual with a debit card receives basically the same customized ATM experience around the world. Or designing your own PC from commodity parts. Exploit kits are another example of mass customization. The kits support multiple browsers and plugins, allows new modules. Exploit kits are cheap and customizable. Organized gangs use exploit kits. A group at Berkeley looked at 77,000 malicious websites (Grier et al., "Manufacturing Compromise: The Emergence of Exploit-as-a-Service", 2012). They found 10,000 distinct binaries among them, but derived from only a dozen or so exploit kits. Characteristics of Mass Malware: potent, resilient, relatively low cost Technical characteristics: multiple OS, multipe payloads, multiple scenarios, multiple languages, obfuscation Response time for 0-day exploits has gone down from ~40 days 5 years ago to about ~10 days now. So the drive with malware is towards mass customized exploits, to avoid detection There's plenty of evicence that exploit development has Project Manager bureaucracy. They infer from the malware edicts to: support all versions of reader support all versions of windows support all versions of flash support all browsers write large complex, difficult to main code (8750 lines of JavaScript for example Exploits have "loose coupling" of multipe versions of software (adobe), OS, and browser. This allows specific attacks against specific versions of multiple pieces of software. Also allows exploits of more obscure software/OS/browsers and obscure versions. Gave examples of exploits that exploited 2, 3, 6, or 14 separate bugs. However, these complete exploits are more likely to be buggy or fragile in themselves and easier to defeat. Future research includes normalizing malware and Javascript. Conclusion: The coming trend is that mass-malware with mass zero-day attacks will result in mass customization of attacks. x86 Rewriting: Defeating RoP and other Shinanighans Richard Wartell Richard Wartell The attack vector we are addressing here is: First some malware causes a buffer overflow. The malware has no program access, but input access and buffer overflow code onto stack Later the stack became non-executable. The workaround malware used was to write a bogus return address to the stack jumping to malware Later came ASLR (Address Space Layout Randomization) to randomize memory layout and make addresses non-deterministic. The workaround malware used was to jump t existing code segments in the program that can be used in bad ways "RoP" is Return-oriented Programming attacks. RoP attacks use your own code and write return address on stack to (existing) expoitable code found in program ("gadgets"). Pinkie Pie was paid $60K last year for a RoP attack. One solution is using anti-RoP compilers that compile source code with NO return instructions. ASLR does not randomize address space, just "gadgets". IPR/ILR ("Instruction Location Randomization") randomizes each instruction with a virtual machine. Richard's goal was to randomize a binary with no source code access. He created "STIR" (Self-Transofrming Instruction Relocation). STIR disassembles binary and operates on "basic blocks" of code. The STIR disassembler is conservative in what to disassemble. Each basic block is moved to a random location in memory. Next, STIR writes new code sections with copies of "basic blocks" of code in randomized locations. The old code is copied and rewritten with jumps to new code. the original code sections in the file is marked non-executible. STIR has better entropy than ASLR in location of code. Makes brute force attacks much harder. STIR runs on MS Windows (PEM) and Linux (ELF). It eliminated 99.96% or more "gadgets" (i.e., moved the address). Overhead usually 5-10% on MS Windows, about 1.5-4% on Linux (but some code actually runs faster!). The unique thing about STIR is it requires no source access and the modified binary fully works! Current work is to rewrite code to enforce security policies. For example, don't create a *.{exe,msi,bat} file. Or don't connect to the network after reading from the disk. Clowntown Express: interesting bugs and running a bug bounty program Collin Greene Collin Greene, Facebook Collin talked about Facebook's bug bounty program. Background at FB: FB has good security frameworks, such as security teams, external audits, and cc'ing on diffs. But there's lots of "deep, dark, forgotten" parts of legacy FB code. Collin gave several examples of bountied bugs. Some bounty submissions were on software purchased from a third-party (but bounty claimers don't know and don't care). We use security questions, as does everyone else, but they are basically insecure (often easily discoverable). Collin didn't expect many bugs from the bounty program, but they ended getting 20+ good bugs in first 24 hours and good submissions continue to come in. Bug bounties bring people in with different perspectives, and are paid only for success. Bug bounty is a better use of a fixed amount of time and money versus just code review or static code analysis. The Bounty program started July 2011 and paid out $1.5 million to date. 14% of the submissions have been high priority problems that needed to be fixed immediately. The best bugs come from a small % of submitters (as with everything else)—the top paid submitters are paid 6 figures a year. Spammers like to backstab competitors. The youngest sumitter was 13. Some submitters have been hired. Bug bounties also allows to see bugs that were missed by tools or reviews, allowing improvement in the process. Bug bounties might not work for traditional software companies where the product has release cycle or is not on Internet. Active Fingerprinting of Encrypted VPNs Anna Shubina Anna Shubina, Dartmouth Institute for Security, Technology, and Society (I missed the start of her talk because another track went overtime. But I have the DVD of the talk, so I'll expand later) IPsec leaves fingerprints. Using netcat, one can easily visually distinguish various crypto chaining modes just from packet timing on a chart (example, DES-CBC versus AES-CBC) One can tell a lot about VPNs just from ping roundtrips (such as what router is used) Delayed packets are not informative about a network, especially if far away from the network More needed to explore about how TCP works in real life with respect to timing Making Attacks Go Backwards Fuzzynop FuzzyNop, Mandiant This talk is not about threat attribution (finding who), product solutions, politics, or sales pitches. But who are making these malware threats? It's not a single person or group—they have diverse skill levels. There's a lot of fat-fingered fumblers out there. Always look for low-hanging fruit first: "hiding" malware in the temp, recycle, or root directories creation of unnamed scheduled tasks obvious names of files and syscalls ("ClearEventLog") uncleared event logs. Clearing event log in itself, and time of clearing, is a red flag and good first clue to look for on a suspect system Reverse engineering is hard. Disassembler use takes practice and skill. A popular tool is IDA Pro, but it takes multiple interactive iterations to get a clean disassembly. Key loggers are used a lot in targeted attacks. They are typically custom code or built in a backdoor. A big tip-off is that non-printable characters need to be printed out (such as "[Ctrl]" "[RightShift]") or time stamp printf strings. Look for these in files. Presence is not proof they are used. Absence is not proof they are not used. Java exploits. Can parse jar file with idxparser.py and decomile Java file. Java typially used to target tech companies. Backdoors are the main persistence mechanism (provided externally) for malware. Also malware typically needs command and control. Application of Artificial Intelligence in Ad-Hoc Static Code Analysis John Ashaman John Ashaman, Security Innovation Initially John tried to analyze open source files with open source static analysis tools, but these showed thousands of false positives. Also tried using grep, but tis fails to find anything even mildly complex. So next John decided to write his own tool. His approach was to first generate a call graph then analyze the graph. However, the problem is that making a call graph is really hard. For example, one problem is "evil" coding techniques, such as passing function pointer. First the tool generated an Abstract Syntax Tree (AST) with the nodes created from method declarations and edges created from method use. Then the tool generated a control flow graph with the goal to find a path through the AST (a maze) from source to sink. The algorithm is to look at adjacent nodes to see if any are "scary" (a vulnerability), using heuristics for search order. The tool, called "Scat" (Static Code Analysis Tool), currently looks for C# vulnerabilities and some simple PHP. Later, he plans to add more PHP, then JSP and Java. For more information see his posts in Security Innovation blog and NRefactory on GitHub. Mask Your Checksums—The Gorry Details Eric (XlogicX) Davisson Eric (XlogicX) Davisson Sometimes in emailing or posting TCP/IP packets to analyze problems, you may want to mask the IP address. But to do this correctly, you need to mask the checksum too, or you'll leak information about the IP. Problem reports found in stackoverflow.com, sans.org, and pastebin.org are usually not masked, but a few companies do care. If only the IP is masked, the IP may be guessed from checksum (that is, it leaks data). Other parts of packet may leak more data about the IP. TCP and IP checksums both refer to the same data, so can get more bits of information out of using both checksums than just using one checksum. Also, one can usually determine the OS from the TTL field and ports in a packet header. If we get hundreds of possible results (16x each masked nibble that is unknown), one can do other things to narrow the results, such as look at packet contents for domain or geo information. With hundreds of results, can import as CSV format into a spreadsheet. Can corelate with geo data and see where each possibility is located. Eric then demoed a real email report with a masked IP packet attached. Was able to find the exact IP address, given the geo and university of the sender. Point is if you're going to mask a packet, do it right. Eric wouldn't usually bother, but do it correctly if at all, to not create a false impression of security. Adventures with weird machines thirty years after "Reflections on Trusting Trust" Sergey Bratus Sergey Bratus, Dartmouth College (and Julian Bangert and Rebecca Shapiro, not present) "Reflections on Trusting Trust" refers to Ken Thompson's classic 1984 paper. "You can't trust code that you did not totally create yourself." There's invisible links in the chain-of-trust, such as "well-installed microcode bugs" or in the compiler, and other planted bugs. Thompson showed how a compiler can introduce and propagate bugs in unmodified source. But suppose if there's no bugs and you trust the author, can you trust the code? Hell No! There's too many factors—it's Babylonian in nature. Why not? Well, Input is not well-defined/recognized (code's assumptions about "checked" input will be violated (bug/vunerabiliy). For example, HTML is recursive, but Regex checking is not recursive. Input well-formed but so complex there's no telling what it does For example, ELF file parsing is complex and has multiple ways of parsing. Input is seen differently by different pieces of program or toolchain Any Input is a program input executes on input handlers (drives state changes & transitions) only a well-defined execution model can be trusted (regex/DFA, PDA, CFG) Input handler either is a "recognizer" for the inputs as a well-defined language (see langsec.org) or it's a "virtual machine" for inputs to drive into pwn-age ELF ABI (UNIX/Linux executible file format) case study. Problems can arise from these steps (without planting bugs): compiler linker loader ld.so/rtld relocator DWARF (debugger info) exceptions The problem is you can't really automatically analyze code (it's the "halting problem" and undecidable). Only solution is to freeze code and sign it. But you can't freeze everything! Can't freeze ASLR or loading—must have tables and metadata. Any sufficiently complex input data is the same as VM byte code Example, ELF relocation entries + dynamic symbols == a Turing Complete Machine (TM). @bxsays created a Turing machine in Linux from relocation data (not code) in an ELF file. For more information, see Rebecca "bx" Shapiro's presentation from last year's Toorcon, "Programming Weird Machines with ELF Metadata" @bxsays did same thing with Mach-O bytecode Or a DWARF exception handling data .eh_frame + glibc == Turning Machine X86 MMU (IDT, GDT, TSS): used address translation to create a Turning Machine. Page handler reads and writes (on page fault) memory. Uses a page table, which can be used as Turning Machine byte code. Example on Github using this TM that will fly a glider across the screen Next Sergey talked about "Parser Differentials". That having one input format, but two parsers, will create confusion and opportunity for exploitation. For example, CSRs are parsed during creation by cert requestor and again by another parser at the CA. Another example is ELF—several parsers in OS tool chain, which are all different. Can have two different Program Headers (PHDRs) because ld.so parses multiple PHDRs. The second PHDR can completely transform the executable. This is described in paper in the first issue of International Journal of PoC. Conclusions trusting computers not only about bugs! Bugs are part of a problem, but no by far all of it complex data formats means bugs no "chain of trust" in Babylon! (that is, with parser differentials) we need to squeeze complexity out of data until data stops being "code equivalent" Further information See and langsec.org. USENIX WOOT 2013 (Workshop on Offensive Technologies) for "weird machines" papers and videos.

    Read the article

  • "Well, Swing took a bit of a beating this week..."

    - by Geertjan
    One unique aspect of the NetBeans community presence at JavaOne 2012 was its usage of large panels to highlight and discuss various aspects (e.g., Java EE, JavaFX, etc) of NetBeans IDE usage and tools. For example, here's a pic of one of the panels, taken by Markus Eisele: Above you see me, Sean Comerford from ESPN.com, Gerrick Bivins from Halliburton, Angelo D'Agnano and Ioannis Kostaras from the NATO Programming Center, and Çagatay Çivici from PrimeFaces. (And Tinu Awopetu was also on the panel but not in the picture!) On one of those panels a remark was made which has kind of stuck with me. Henry Arousell, a member of the "NetBeans Platform Discussion Panel", who works on accounting software in Sweden, together with Thomas Boqvist, who was also at JavaOne, said, a bit despondently, I thought, the following words at the start of the demo of his very professional looking accounting software: "Well, Swing took a bit of a beating this week..." That remark comes in the light of several JavaFX sessions held at JavaOne, together with many sessions from the web and mobile worlds making the argument that the browser, tablet, and mobile platforms are the future of all applications everywhere. However, then I had another look at the list of Duke's Choice Award winners: http://www.oracle.com/us/corporate/press/1854931 OK, there are 10 winners of the Duke's Choice Award this year. Three of them (JDuchess, London Java Community, Student Nokia Developer Group) are not awards for software, but for people or groups. So, that leaves seven awards. Three of them (Hadoop, Jelastic, and Parleys) are, in one way or another, some kind of web-oriented solution, though both Hadoop and Jelastic are broader than that, but are service-oriented solutions, relating to cloud technologies. That leaves four others: NATO air defense software, Liquid Robotics software, AgroSense software, and UNHCR Refugee Registration software. All these are, on the software level, Java desktop solutions that, on the UI layer, make use of Java Swing, together with LuciadMaps (NATO), GeoToolkit (AgroSense), and WorldWind (Liquid Robotics). (And, it went even further than that, i.e., this is not passive usage of Swing but active and motivated: Timon Veenstra, during his AgroSense demo, said "There are far more Swing applications out there than we seem to think. Web developers just make more noise." And, during his Liquid Robotics demo, James Gosling said: "Not everything can be done in HTML.") Seems to me that Java Swing was the enabler of more Duke's Choice Award winners this year than any other UI-oriented Java technology. Now, I'm not going to interpret that one way or another, since I've noticed that interpretations of facts tend to validate some underlying agenda. Take any fact anywhere and you can interpret it to prove whatever opinion you're already holding to be true. Therefore, no interpretation from me. Simply stating the fact that Swing, far from taking a beating during JavaOne 2012, was a more significant user interface enabler of Duke's Choice Award winners than any other Java user interface technology. That's not an interpretation, but a fact.

    Read the article

  • ATG Live Webcast Nov. 8th: Advanced Management of EBS with Oracle Enterprise Manager

    - by Bill Sawyer
    The task of managing and monitoring Oracle E-Business Suite environments can be very challenging. The Application Management Pack plug-in is part of Oracle Enterprise Manager 12c Application Management Suite for Oracle E-Business Suite. The Application Management Pack plug-in is designed to monitor and manage all the different technologies that constitute Oracle E-Business Suite applications, including midtier, configuration, host, and database management—to name just a few. Customers that have implemented Oracle Enterprise Manager have experienced dramatic improvements in system visibility, diagnostic capability, and administrator productivity. This webcast will highlight the key features and benefits of Oracle Enterprise Manager, the latest version of the Oracle Application Management Suite for Oracle E-Business Suite. Advanced Management of Oracle E-Business Suite with Oracle Enterprise Manager Date:                Thursday, November 8, 2012Time:               8:00 AM - 9:00 AM Pacific Standard TimePresenters:   Angelo Rosado, Principal Product Manager, E-Business Suite ATG                         Lauren Cohn, Principal Curriculum Developer, E-Business Suite ATGWebcast Registration Link (Preregistration is optional but encouraged)To hear the audio feed:   Domestic Participant Dial-In Number:           877-697-8128    International Participant Dial-In Number:      706-634-9568    Additional International Dial-In Numbers Link:    Dial-In Passcode:                                              103191To see the presentation:    The Direct Access Web Conference details are:    Website URL: https://ouweb.webex.com    Meeting Number:  591460967 If you miss the webcast, or you have missed any webcast, don't worry -- we'll post links to the recording as soon as it's available from Oracle University.  You can monitor this blog for pointers to the replay. And, you can find our archive of our past webcasts and training here. If you have any questions or comments, feel free to email Bill Sawyer (Senior Manager, Applications Technology Curriculum) at BilldotSawyer-AT-Oracle-DOT-com.

    Read the article

  • October in Review

    - by Richard Bingham
    With OpenWorld over October was time to get back to serious work for everyone, including the Fusion Applications Developer Relations team. Don't forget the OpenWorld content is still available, including presentation downloads, for a limited period of time so be sure to grab anything you found useful or take another scan for anything you might have missed. Of all the announcements, the continued evolution of the Oracle Cloud services for extending and integrating with Fusion Applications is increasing in popularity, and certainly the Cloud Marketplace is something we're becoming involved in. More details to follow. Fusion Concepts Last week Vik from our team started the new "Fusion Concepts" series of articles, providing those new to Fusion Applications an explanation of the architectural basics, with the aim to reduce the learning curve and lay the platform for more efficient and effective development. The series begun with an insightful first post on the different schemas that exist in the Fusion Applications database. Look out for upcoming posts on multi-lingual entities, profile options, look-ups and more. New Learning Resources Our YouTube channel continued to expand with more 'how to' videos on using page composer, extending the Simplified UI (aka FUSE), and integrating BI reports and analytics. Also the Oracle Learning Library is now well established as a central resource for knowledge, now with thousands of tutorials, videos, and documents. Of particular note are the great new extensibility-related videos added by the CRM Product Management team, including more on the ever-expanding capabilities of Application Composer. To see some examples of these search using keyword 'customization' or the product 'Sales Cloud'. Finally on learning resources, as Oliver mentioned the Oracle Press book on Fusion Application Customization and Extensibility is now available for pre-order on Amazon (due out 1st Jan). Out And About October also saw us attend the annual Apps Conference held by the UK Oracle User Group in London. Interestingly there was an Applications Transformation stream of sessions and content that included Fusion Applications with all the latest in the Oracle Applications evolution, as always focused around the three tenets of social, mobile, and cloud. Read more in Richard's post-event write up. Other teams around Oracle have also been busy. Angelo from the Platform Technical Services group has done quite a bit of work using web services with Fusion SaaS and has published many interesting findings on his blog. It's definitely recommended reading if you are working on any related integration projects. The middleware-for-applications group has built a new tool called "AppAdvantage" offering an online assessment of your use of Fusion Middleware technologies with Oracle Applications. As the popularity of integrating cloud applications with on-premises systems continued to grow, leveraging existing middleware technologies (and licenses) to support the integration solution is likely to be of paramount importance. Similarly the "Build Enterprise Application Extensions with Ease" section of the related webpage has AppsUX director Killan Evers speaking about customization using the composer tools. Both are useful resources for those just getting started with a move to Fusion Applications. The Oracle A-Team, specialists in middleware technical architecture, always publish superb content via their 'chronicles' site, now with a substantial amount specifically related to Fusion Applications. Click on the Fusion Applications menu on the top right of their homepage to see more. Last month of particular note was an article on customizing the timeout pop-up message that shows to inactive users, providing design-time insight and easy-to-follow steps. Finally if you're looking at using Oracle Middleware and Cloud to tailor and extend your applications then you may also be interested in this new blog post on the roadmap for Oracle SOA and the latest on-demand Cloud Development webcast.

    Read the article

  • OPN Exchange General Sessions –Fowler, Kurian & More!

    - by Kristin Rose
    Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;} With so much excitement about to take place at OPN Exchange @ OpenWorld, it’s hard to decide what to attend, where to go, who to meet and what to eat! Let us help you decide by first asking a question… How often do you get to choose between seven key Oracle Executives as they address the five biggest topics facing the industry today? After the Partner Keynote with Judson Althoff, join us for the OPN Exchange General Sessions: DATE: Sunday September 30th TIME: 3:30-4:30 pm LOCATION: Moscone South, Esplanade Level John Fowler & Tom LaRocca (Technology for Partners: Room 306): Learn how to grow your top and bottom line by selling Oracle on Oracle. Chris Leone (Applications for Partners: Room 303): Catch the partner-only value prop, selling secrets and competitive compares to win with the Fusions Applications product family. Angelo Pruscino & Sohan DeMel (Engineered Systems for Partners: Room 301): Get the secrets to selling and implementing Oracle’s transformational Engineered Systems products. You won’t want to miss the Oracle Database Appliance Unplugged demonstration! Sonny Singh (Industry Solutions: Room 302): Develop profitable practices answering the challenges faced by companies operating in discrete industries and the opportunity represented by Machine2Machine Java. Thomas Kurian (Cloud for Partnesr: Room 304): Today it is all about the Cloud. Oracle offers both traditional cloud infrastructure solutions, as well cloud platform and software services. Attend this session to learn more about Oracle’s Platform, Application, and Social cloud services. Put on your thinking caps because these speakers are ready to blow your mind with five tracks of exclusive content catered to you, our partners. Boom! The OPN Communication Team Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman","serif";}

    Read the article

  • CEN/CENELEC Lacks Perspective

    - by trond-arne.undheim
    Over the last few months, two of the European Standardization Organizations (ESOs), CEN and CENELEC have circulated an unfortunate position statement distorting the facts around fora and consortia. For the benefit of outsiders to this debate, let's just say that this debate regards whether and how the EU should recognize standards and specifications from certain fora and consortia based on a process evaluating the openness and transparency of such deliverables. The topic is complex, and somewhat confusing even to insiders, but nevertheless crucial to the European economy. As far as I can judge, their positions are not based on facts. This is unfortunate. For the benefit of clarity, here are some of the observations they make: a)"Most consortia are in essence driven by technology companies making hardware and software solutions, by definition very few of the largest ones are European-based". b) "Most consortia lack a European presence, relevant Committees, even those that are often cited as having stronger links with Europe, seem to lack an overall, inclusive set of participants". c) "Recognising specific consortia specifications will not resolve any concrete problems of interoperability for public authorities; interoperability depends on stringing together a range of specifications (from formal global bodies or consortia alike)". d) "Consortia already have the option to have their specifications adopted by the international formal standards bodies and many more exercise this than the two that seem to be campaigning for European recognition. Such specifications can then also be adopted as European standards." e) "Consortium specifications completely lack any process to take due and balanced account of requirements at national level - this is not important for technologies but can be a critical issue when discussing cross-border issues within the EU such as eGovernment, eHealth and so on". f) "The proposed recognition will not lead to standstill on national or European activities, nor to the adoption of the specifications as national standards in the CEN and CENELEC members (usually in their official national languages), nor to withdrawal of conflicting national standards. A big asset of the European standardization system is its coherence and lack of fragmentation." g) "We always miss concrete and specific examples of where consortia referencing are supposed to be helpful." First of all, note that ETSI, the third ESO, did not join the position. The reason is, of course, that ETSI beyond being an ESO, also has a global perspective and, moreover, does consider reality. Secondly, having produced arguments a) to g), CEN/CENELEC has the audacity to call a meeting on Friday 25 February entitled "ICT standardization - improving collaboration in Europe". This sounds very nice, but they have not set the stage for constructive debate. Rather, they demonstrate a striking lack of vision and lack of perspective. I will back this up by three facts, and leave it there. 1. Since the 1980s, global industry fora and consortia, such as IETF, W3C and OASIS have emerged as world-leading ICT standards development organizations with excellent procedures for openness and transparency in all phases of standards development, ex post and ex ante. - Practically no ICT system can be built without using fora and consortia standards (FCS). - Without using FCS, neither the Internet, upon which the EU economy depends, nor EU institutions would operate. - FCS are of high relevance for achieving and promoting interoperability and driving innovation. 2. FCS are complementary to the formally recognized standards organizations including the ESOs. - No work will be taken away from the ESOs should the EU recognize certain FCS. - Each FCS would be evaluated on its merit and on the openness of the process that produced it. ESOs would, with other stakeholders, have a say. - ESOs could potentially educate and assist European stakeholders to engage more actively and constructively with FCS. - ETSI, also an ESO, seems to clearly recognize these facts. 3. Europe and its Member States have a strong voice in several of the most relevant global industry fora and consortia. - W3C: W3C was founded in 1994 by an Englishman, Sir Tim Berners-Lee, in collaboration with CERN, the European research lab. In April 1995, INRIA (Institut National de Recherche en Informatique et Automatique) in France became the first European W3C host and in 2003, ERCIM (European Research Consortium in Informatics and Mathematics), also based in France, took over the role of European W3C host from INRIA. Today, W3C has 326 Members, 40% of which are European. Government participation is also strong, and it could be increased - a development that is very much desired by W3C. Current members of the W3C Advisory Board includes Ora Lassila (Nokia) and Charles McCathie Nevile (Opera). Nokia is Finnish company, Opera is a Norwegian company. SAP's Claus von Riegen is an alumni of the same Advisory Board. - OASIS: its membership - 30% of which is European - represents the marketplace, reflecting a balance of providers, user companies, government agencies, and non-profit organizations. In particular, about 15% of OASIS members are governments or universities. Frederick Hirsch from Nokia, Claus von Riegen from SAP AG and Charles-H. Schulz from Ars Aperta are on the Board of Directors. Nokia is a Finnish company, SAP is a German company and Ars Aperta is a French company. The Chairman of the Board is Peter Brown, who is an Independent Consultant, an Austrian citizen AND an official of the European Parliament currently on long-term leave. - IETF: The oversight of its activities is by the Internet Architecture Board (IAB), since 2007 chaired by Olaf Kolkman, a Dutch national who lives in Uithoorn, NL. Kolkman is director of NLnet Labs, a foundation chartered to develop open source software and open source standards for the Internet. Other IAB members include Marcelo Bagnulo whose affiliation is the University Carlos III of Madrid, Spain as well as Hannes Tschofenig from Nokia Siemens Networks. Nokia is a Finnish company. Siemens is a German company. Nokia Siemens is a European joint venture. - Member States: At least 17 European Member States have developed Interoperability Frameworks that include FCS, according to the EU-funded National Interoperability Framework Observatory (see list and NIFO web site on IDABC). This also means they actively procure solutions using FCS, reference FCS in their policies and even in laws. Member State reps are free to engage in FCS, and many do. It would be nice if the EU adjusted to this reality. - A huge number of European nationals work in the global IT industry, on European soil or elsewhere, whether in EU registered companies or not. CEN/CENELEC lacks perspective and has engaged in an effort to twist facts that is quite striking from a publicly funded organization. I wish them all possible success with Friday's meeting but I fear all of the most important stakeholders will not be at the table. Not because they do not wish to collaborate, but because they just have been insulted. If they do show up, it would be a gracious move, almost beyond comprehension. While I do not expect CEN/CENELEC to line up perfectly in favor of fora and consortia, I think it would be to their benefit to stick to more palatable observations. Actually, I would suggest an apology, straightening out the facts. This works among friends and it works in an organizational context. Then, we can all move on. Standardization is important. Too important to ignore. Too important to distort. The European economy depends on it. We need CEN/CENELEC. It is an important organization. But CEN/CENELEC needs fora and consortia, too.

    Read the article

< Previous Page | 1 2 3 4 5 6  | Next Page >