Search Results

Search found 1275 results on 51 pages for 'eric c singer'.

Page 8/51 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • Design and Print Your Own Christmas Cards in MS Word, Part 1

    - by Eric Z Goodnight
    Looking for a  little DIY fun this holiday season? Open up familiar tool MS Word and create simple, beautiful Christmas and Holiday cards, and impress your family with your crafting skills. This is the first part of a two part article. In this first section, we’ll tackle design in MS Word. In our second, we’ll cover supplies and proper printing methods to get a great look out of your dusty old inkjet. Latest Features How-To Geek ETC The How-To Geek Guide to Learning Photoshop, Part 8: Filters Get the Complete Android Guide eBook for Only 99 Cents [Update: Expired] Improve Digital Photography by Calibrating Your Monitor The How-To Geek Guide to Learning Photoshop, Part 7: Design and Typography How to Choose What to Back Up on Your Linux Home Server How To Harmonize Your Dual-Boot Setup for Windows and Ubuntu Hang in There Scrat! – Ice Age Wallpaper How Do You Know When You’ve Passed Geek and Headed to Nerd? On The Tip – A Lamborghini Theme for Chrome and Iron What if Wile E. Coyote and the Road Runner were Human? [Video] Peaceful Winter Cabin Wallpaper Store Tabs for Later Viewing in Opera with Tab Vault

    Read the article

  • Windows Azure guidance from the Patterns and Practices team

    - by Eric Nelson
    The P&P team have started to share guidance on the Windows Azure Platform.  They plan to group their efforts around: 1. Moving to the Cloud 2. Integrating with the Cloud 3. Leveraging the Cloud First up is a document which explains the capabilities and limitations of Enterprise Library 5.0 Beta 2 in terms of use within .NET applications designed to run with the Windows Azure platform. You can download it here. Related Links: UK Azure Online Community – join today. UK Windows Azure Site Start working with Windows Azure

    Read the article

  • FREE Windows Azure evening in London on April 15th including FREE access to Windows Azure

    - by Eric Nelson
    [Did I overdo the use of FREE in the title? :-)] April 12th to 16th is Microsoft Tech Days – 5 days of sessions on Visual Studio 2010 through to Windows 7 Phone Series. Many of these days are now full (Tip - Thursday still has room if rich client applications is your thing) but the good news is the development community in the UK has pulled together an awesome series of “fringe events” during April in London and elsewhere in the UK. There are sessions on Silverlight, SQL Server 2008 R2, Sharepoint 2010 and … the Windows Azure Platform. The UK AzureNET user group is planning to put on a great evening and AzureNET will be giving away hundreds of free subscriptions to the Windows Azure Platform during the evening. The subscription includes up to 20 Windows Azure Compute nodes and 3 SQL Azure databases for you to play with over the 2 weeks following the event. This is a great opportunity to really explore the Windows Azure Platform in detail – without a credit card! Register now! (and you might also want to join the UK Fans of Azure Community while I have your attention) FYI The Thursday day time event includes an introduction to Windows Azure session delivered by my colleague David – which would be an ideal session to attend if you are new to Azure and want to get the most out of the evening session. 7:00pm: See the difference: How Windows Azure helped build a new way of giving Simon Evans and James Broome (@broomej) They will cover the business context for Azure and then go into patterns used and lessons learnt from the project....as well as showing off the app of course! 8:00pm: UK AzureNET update 8:15pm: NoSQL databases or: How I learned to love the hash table Mark Rendle (@markrendle) In this session Mark will look at how Azure Table Service works and how to use it. We’ll look briefly at the high-level Data Services SDK, talk about its limitations, and then quickly move on to the REST API and how to use it to improve performance and reduce costs. We’ll make-up some pretend real-world problems and solve them in new and interesting ways. We’ll denormalise data (for fun and profit). We’ll talk about how certain social networking sites can deal with huge volumes of data so quickly, and why it sometimes goes wrong. Check out the complete list of fringe events which covers the UK fairly well:

    Read the article

  • Cloud Computing : publication du volet 3 du Syntec Numérique

    - by Eric Bezille
    Une vision client/fournisseur réunie autour d'une ébauche de cadre contractuel Lors de la Cloud Computing World Expo qui se tenait au CNIT la semaine dernière, j'ai assisté à la présentation du nouveau volet du Syntec numérique sur le Cloud Computing et les "nouveaux modèles" induits : modèles économiques, contrats, relations clients-fournisseurs, organisation de la DSI. L'originalité de ce livre blanc vis à vis de ceux déjà existants dans le domaine est de s'être attaché à regrouper l'ensemble des acteurs clients (au travers du CRIP) et fournisseurs, autour d'un cadre de formalisation contractuel, en s'appuyant sur le modèle e-SCM. Accélération du passage en fournisseur de Services et fin d'une IT en silos ? Si le Cloud Computing permet d'accélérer le passage de l'IT en fournisseur de services (dans la suite d'ITIL v3), il met également en exergue le challenge pour les DSI d'un modèle en rupture nécessitant des compétences transverses permettant de garantir les qualités attendues d'un service de Cloud Computing : déploiement en mode "self-service" à la demande, accès standardisé au travers du réseau,  gestion de groupes de ressources partagées,  service "élastique" : que l'on peut faire croitre ou diminuer rapidement en fonction de la demande mesurable On comprendra bien ici, que le Cloud Computing va bien au delà de la simple virtualisation de serveurs. Comme le décrit fort justement Constantin Gonzales dans son blog ("Three Enterprise Principles for Building Clouds"), l'important réside dans le respect du standard de l'interface d'accès au service. Ensuite, la façon dont il est réalisé (dans le nuage), est de la charge et de la responsabilité du fournisseur. A lui d'optimiser au mieux pour être compétitif, tout en garantissant les niveaux de services attendus. Pour le fournisseur de service, bien entendu, il faut maîtriser cette implémentation qui repose essentiellement sur l'intégration et l'automatisation des couches et composants nécessaires... dans la durée... avec la prise en charge des évolutions de chacun des éléments. Pour le client, il faut toujours s'assurer de la réversibilité de la solution au travers du respect des standards... Point également abordé dans le livre blanc du Syntec, qui rappelle les points d'attention et fait un état des lieux de l'avancement des standards autour du Cloud Computing. En vous souhaitant une bonne lecture...

    Read the article

  • Microsoft Generation 4 Datacenter using ITPACs

    - by Eric Nelson
    Microsoft is continuing to make significant investments in Datacenter technology and is focused on solving issues such as long lead times, significant up-front costs and over capacity. Enter the world of modular Datacenters and ITPACs – IT Pre-Assembled Components. In simple terms – air handling and IT units which are pre-assembled (looking somewhat like a container) and then installed on concrete bases. Each unit can hold  between 400 and 2500 servers (which means many more virtual machines depending on your density) Kevin Timmons’, manager of the datacenter operations team, just posted a great post digging into the detail One Small Step for Microsoft’s Cloud, Another Big Step for Sustainability which includes a short video on how we build one of these ITPACs. You might also want to check out this video from the PDC:

    Read the article

  • Mini Book Review of IronRuby Unleashed by Shay Friedman

    - by Eric Nelson
    When I get some time (and hell starts to look a little chilly) I would love to do a more detailed review. But I wanted to get something “out there” as I really like this book and reviews of it seem a little thin on the ground. In brief: Is it a good book? Yes Would I recommend this book to a .NET developer who was new to Ruby? Yes (This is me by the way) Would I recommend this book to a Ruby developer who was new to .NET ? Yes Would I recommend this book to a developer who sometimes does Ruby and sometimes does .NET? Yes Would I recommend this book to a developer new to .NET and new to Ruby? Yes The above demonstrates how well balanced this book is (IMHO). What I like about it: Its assumes pretty much no knowledge of IronRuby or .NET. All it asks is that you are a developer interested in IronRuby. Yet it manages to cover off the topics in a good degree of detail. If you are a Ruby developer you skip Part 2, if you are a .NET developer you skip some of Part 1 and whizz through the short intros to the individual technologies such as WPF. It is definitely not a “lets makes the manual look pretty” book – this is original content thoughtfully written and presented. It is pretty comprehensive – in 500 pages it packs in  Intro to IronRuby Intro to .NET Intro to Ruby Using IronRuby with Windows Forms, ASP.NET, WPF, Silverlight etc Getting Rails working with IronRuby Unit testing with IronRuby – which I think is an excellent way for a .NET developer to start using IronRuby Embedding IronRuby in a .NET app  - another interesting “first step” for a .NET developer What I didn’t like: Err… nothing yet. Ok, If I am being picky then the start of chapter 2 irked me a little as it went through the history of .NET. “The first version [of the .NET Framework] wasn’t that great”.  Felt pretty good to me compared to Java and C++ development at the time :-) Buy on Amazon UK | Buy on Amazon USA Related Links: Posts from the author Shay Friedman on IronRuby Guest Post: What's IronRuby, and how do I put it on Rails? Guest Post: Using IronRuby and .NET to produce the ‘Hello World of WPF’ Getting PhP and Ruby working on Windows Azure and SQL Azure

    Read the article

  • Guest Post: Using IronRuby and .NET to produce the &lsquo;Hello World of WPF&rsquo;

    - by Eric Nelson
    [You might want to also read other GuestPosts on my blog – or contribute one?] On the 26th and 27th of March (2010) myself and Edd Morgan of Microsoft will be popping along to the Scottish Ruby Conference. I dabble with Ruby and I am a huge fan whilst Edd is a “proper Ruby developer”. Hence I asked Edd if he was interested in creating a guest post or two for my blog on IronRuby. This is the second of those posts. If you should stumble across this post and happen to be attending the Scottish Ruby Conference, then please do keep a look out for myself and Edd. We would both love to chat about all things Ruby and IronRuby. And… we should have (if Amazon is kind) a few books on IronRuby with us at the conference which will need to find a good home. This is me and Edd and … the book: Order on Amazon: http://bit.ly/ironrubyunleashed Using IronRuby and .NET to produce the ‘Hello World of WPF’ In my previous post I introduced, to a minor extent, IronRuby. I expanded a little on the basics of by getting a Rails app up-and-running on this .NET implementation of the Ruby language — but there wasn't much to it! So now I would like to go from simply running a pre-existing project under IronRuby to developing a whole new application demonstrating the seamless interoperability between IronRuby and .NET. In particular, we'll be using WPF (Windows Presentation Foundation) — the component of the .NET Framework stack used to create rich media and graphical interfaces. Foundations of WPF To reiterate, WPF is the engine in the .NET Framework responsible for rendering rich user interfaces and other media. It's not the only collection of libraries in the framework with the power to do this — Windows Forms does the trick, too — but it is the most powerful and flexible. Put simply, WPF really excels when you need to employ eye candy. It's all about creating impact. Whether you're presenting a document, video, a data entry form, some kind of data visualisation (which I am most hopeful for, especially in terms of IronRuby - more on that later) or chaining all of the above with some flashy animations, you're likely to find that WPF gives you the most power when developing any of these for a Windows target. Let's demonstrate this with an example. I give you what I like to consider the 'hello, world' of WPF applications: the analogue clock. Today, over my lunch break, I created a WPF-based analogue clock using IronRuby... Any normal person would have just looked at their watch. - Twitter The Sample Application: Click here to see this sample in full on GitHub. Using Windows Presentation Foundation from IronRuby to create a Clock class Invoking the Clock class   Gives you The above is by no means perfect (it was a lunch break), but I think it does the job of illustrating IronRuby's interoperability with WPF using a familiar data visualisation. I'm sure you'll want to dissect the code yourself, but allow me to step through the important bits. (By the way, feel free to run this through ir first to see what actually happens). Now we're using IronRuby - unlike my previous post where we took pure Ruby code and ran it through ir, the IronRuby interpreter, to demonstrate compatibility. The main thing of note is the very distinct parallels between .NET namespaces and Ruby modules, .NET classes and Ruby classes. I guess there's not much to say about it other than at this point, you may as well be working with a purely Ruby graphics-drawing library. You're instantiating .NET objects, but you're doing it with the standard Ruby .new method you know from Ruby as Object#new — although, the root object of all your IronRuby objects isn't actually Object, it's System.Object. You're calling methods on these objects (and classes, for example in the call to System.Windows.Controls.Canvas.SetZIndex()) using the underscored, lowercase convention established for the Ruby language. The integration is so seamless. The fact that you're using a dynamic language on top of .NET's CLR is completely abstracted from you, allowing you to just build your software. A Brief Note on Events Events are a big part of developing client applications in .NET as well as under every other environment I can think of. In case you aren't aware, event-driven programming is essentially the practice of telling your code to call a particular method, or other chunk of code (a delegate) when something happens at an unpredictable time. You can never predict when a user is going to click a button, move their mouse or perform any other kind of input, so the advent of the GUI is what necessitated event-driven programming. This is where one of my favourite aspects of the Ruby language, blocks, can really help us. In traditional C#, for instance, you may subscribe to an event (assign a block of code to execute when an event occurs) in one of two ways: by passing a reference to a named method, or by providing an anonymous code block. You'd be right for seeing the parallel here with Ruby's concept of blocks, Procs and lambdas. As demonstrated at the very end of this rather basic script, we are using .NET's System.Timers.Timer to (attempt to) update the clock every second (I know it's probably not the best way of doing this, but for example's sake). Note: Diverting a little from what I said above, the ticking of a clock is very predictable, yet we still use the event our Timer throws to do this updating as one of many ways to perform that task outside of the main thread. You'll see that all that's needed to assign a block of code to be triggered on an event is to provide that block to the method of the name of the event as it is known to the CLR. This drawback to this is that it only allows the delegation of one code block to each event. You may use the add method to subscribe multiple handlers to that event - pushing that to the end of a queue. Like so: def tick puts "tick tock" end timer.elapsed.add method(:tick) timer.elapsed.add proc { puts "tick tock" } tick_handler = lambda { puts "tick tock" } timer.elapsed.add(tick_handler)   The ability to just provide a block of code as an event handler helps IronRuby towards that very important term I keep throwing around; low ceremony. Anonymous methods are, of course, available in other more conventional .NET languages such as C# and VB but, as usual, feel ever so much more elegant and natural in IronRuby. Note: Whether it's a named method or an anonymous chunk o' code, the block you delegate to the handling of an event can take arguments - commonly, a sender object and some args. Another Brief Note on Verbosity Personally, I don't mind verbose chaining of references in my code as long as it doesn't interfere with performance - as evidenced in the example above. While I love clean code, there's a certain feeling of safety that comes with the terse explicitness of long-winded addressing and the describing of objects as opposed to ambiguity (not unlike this sentence). However, when working with IronRuby, even I grow tired of typing System::Whatever::Something. Some people enjoy simply assuming namespaces and forgetting about them, regardless of the language they're using. Don't worry, IronRuby has you covered. It is completely possible to, with a call to include, bring the contents of a .NET-converted module into context of your IronRuby code - just as you would if you wanted to bring in an 'organic' Ruby module. To refactor the style of the above example, I could place the following at the top of my Clock class: class Clock include System::Windows::Shape include System::Windows::Media include System::Windows::Threading # and so on...   And by doing so, reduce calls to System::Windows::Shapes::Ellipse.new to simply Ellipse.new or references to System::Windows::Threading::DispatcherPriority.Render to a friendlier DispatcherPriority.Render. Conclusion I hope by now you can understand better how IronRuby interoperates with .NET and how you can harness the power of the .NET framework with the dynamic nature and elegant idioms of the Ruby language. The manner and parlance of Ruby that makes it a joy to work with sets of data is, of course, present in IronRuby — couple that with WPF's capability to produce great graphics quickly and easily, and I hope you can visualise the possibilities of data visualisation using these two things. Using IronRuby and WPF together to create visual representations of data and infographics is very exciting to me. Although today, with this project, we're only presenting one simple piece of information - the time - the potential is much grander. My day-to-day job is centred around software development and UI design, specifically in the realm of healthcare, and if you were to pay a visit to our office you would behold, directly above my desk, a large plasma TV with a constantly rotating, animated slideshow of charts and infographics to help members of our team do their jobs. It's an app powered by WPF which never fails to spark some conversation with visitors whose gaze has been hooked. If only it was written in IronRuby, the pleasantly low ceremony and reduced pre-processing time for my brain would have helped greatly. Edd Morgan blog Related Links: Getting PhP and Ruby working on Windows Azure and SQL Azure

    Read the article

  • SyncToBlog #11 Stuff and more stuff

    - by Eric Nelson
    Just getting more stuff “down on paper” which grabbed my attention over the last couple of weeks. http://www.koodibook.com/ is live. This is a a rich desktop application built in WPF by some ex-colleagues and current friends :-) Check it out if “photo books” is your thing or you like sweet WPF UX. Study rates Microsoft .NET Framework rated top, Ruby on Rails 2nd bottom. I know a bit about both of these frameworks. Both are sweet for different reasons. .NET top. Ok – I liked that. But Ruby on Rails 2nd bottom just blows away the credibility of the survey results for me. Stylecop is going Open Source. Sweet. ”…will be taking code submissions from the open source community” VMforce for running Java in the cloud. Hmmmmm… Windows Azure Guidance Code and Docs available on patterns and practices. Download both zip files. – One is just the code and the other is 7 chapters of the guide to migration. UK Architect Insight Conference post event presentations are here including a full day track of cloud stuff. http://uxkit.cloudapp.net/ This appears to be a well-kept secret but the Silverlight Demo Kit is on-line in Windows Azure. You already knew! Ok – just me then :-) 3 day Silverlight Masterclass training in the UK from people I trust and like :-) http://silverlightmasterclass.net/ (£995) SQL Server Driver for PHP 2.0 CTP adds PHP's PDO style data access for SQL Server/SQL Azure A Domain Oriented N-Layered .NET 4.0 App Sample from Microsoft Spain. Not looked at it yet – but had it recommended to me (tx Torkil Pedersen) You might also want to check out delicious stream – a blur of azure, ruby and gaming right now http://delicious.com/ericnel :-)

    Read the article

  • Details of 5GB and 50GB SQL Azure databases have now been released, along with new price points

    - by Eric Nelson
    Like many others signed up to the Windows Azure Platform, I received an email overnight detailing the upcoming database size changes for SQL Azure. I know from our work with early adopters over the last 12 months that the 1GB and 10GB limits were sometimes seen as blockers, especially when migrating existing application to SQL Azure. On June 28th 2010, we will be increasing the size limits: SQL Azure Web Edition database from 1 GB to 5 GB SQL Azure Business Edition database will go from 10 GB to 50 GB Along with these changes comes new price points, including the option to increase in increments of 10GB: Web Edition: Up to 1 GB relational database = $9.99 / month Up to 5 GB relational database = $49.95 / month Business Edition: Up to 10 GB relational database = $99.99 / month Up to 20 GB relational database = $199.98 / month Up to 30 GB relational database = $299.97 / month Up to 40 GB relational database = $399.96 / month Up to 50 GB relational database = $499.95 / month Check out the full SQL Azure pricing. Related Links: http://ukazure.ning.com UK community site Getting started with the Windows Azure Platform

    Read the article

  • 2 Birds, 1 Stone: Enabling M2M and Mobility in Healthcare

    - by Eric Jensen
    Jim Connors has created a video showcase of a comprehensive healthcare solution, connecting a mobile application directly to an embedded patient monitoring system. In the demo, Jim illustrates how you can easily build solutions on top of the Java embedded platform, using Oracle products like Berkeley DB and Database Mobile Server. Jim is running Apache Tomcat on an embedded device, using Berkeley DB as the data store. BDB is transparently linked to an Oracle Database backend using  Database Mobile Server. Information protection is important in healthcare, so it is worth pointing out that these products offer strong data encryption, for storage as well as transit. In his video, Jim does a great job of demystifying M2M. What's compelling about this demo is that uses a solution architecture that enterprise developers are already comfortable and familiar with: a Java apps server with a database backend. The additional pieces used to embed this solution are Oracle Berkeley DB and Database Mobile Server. It functions transparently, from the perspective of Java apps developers. This means that organizations who understand Java apps (basically everyone) can use this technology to develop embedded M2M products. The potential uses for this technology in healthcare alone are immense; any device that measures and records some aspect of the patient could be linked, securely and directly, to the medical records database. Breathing, circulation, other vitals, sensory perception, blood tests, x-rats or CAT scans. The list goes on and on. In this demo case, it's a testament to the power of the Java embedded platform that they are able to easily interface the device, called a Pulse Oximeter, with the web application. If Jim had stopped there, it would've been a cool demo. But he didn't; he actually saved the most awesome part for the end! At 9:52 Jim drops a bombshell: He's also created an Android app, something a doctor would use to view patient health data from his mobile device. The mobile app is seamlessly integrated into the rest of the system, using the device agent from Oracle's Database Mobile Server. In doing so, Jim has really showcased the full power of this solution: the ability to build M2M solutions that integrate seamlessly with mobile applications. In closing, I want to point out that this is not a hypothetical demo using beta or even v1.0 products. Everything in Jim's demo is available today. What's more, every product shown is mature, and already in production at many customer sites, albeit not in the innovative combination Jim has come up with. If your customers are in the market for these type of solutions (and they almost certainly are) I encourage you to download the components and try it out yourself! All the Oracle products showcased in this video are available for evaluation download via Oracle Technology Network.

    Read the article

  • Online Multiplayer Game Architecture [on hold]

    - by Eric
    I am just starting to research online multiplayer game development and I have a high-level architectural question regarding how online multiple games function. I have server-side and client-side programming experience, and I understand how AJAX-esque transfer protocol operates. What I don't understand yet is how online multiple fits into all of that. For example, an online Tetris multiplayer game. Would both players have the entire Tetris game built out on their client-side and then get pushed "moves" from the other player via some AJAX-esque mechanism, in which case each client would have to be constantly listening via JavaScript for inbound "moves" and update the client appropriately? Or would each client build out the aesthetics and run a virtual server per game to which each client connects and thus pull and push commands in real-time via something like web sockets? I apologize if this question is too high-level and general, but I couldn't find anything online that offered this high-level of a perspective on the topic.

    Read the article

  • Setup basic proxypass in Apache

    - by Eric
    I have a web application that communicates to a web service deployed on the same server. The web app was written with Tibco General Interface and works well only when it is running locally on the development system. When I deploy the web app to the Apache server it fails with code 200 apparently due to cross domain data. I use Firefox as a browser. I have tried changing Internet Explorer to access cross domain data and it works however IE is not an option. Web application runs on 192.168.2.205 (port 80). Web service runs on 192.168.2.205:8040 I have tried a number of things with proxypass inside Apache with no luck.

    Read the article

  • Announcing Berkeley DB Java Edition Major Release

    - by Eric Jensen
    Berkeley DB Java Edition 5.0 was just released. There are a number of new features, enhancements, and options in there that our users have been asking for. Chief among them is a new class called DiskOrderedCursor, which greatly increases performance of systems using spinning platter magnetic hard drives. A number of users expressed interest in this feature, including Alex Feinberg of LinkedIn. Berkeley DB Java Edition is part of Project Voldemort, a distributed key/value database used by LinkedIn. There have been many other improvements and optimizations. Concurrency is significantly improved, as is the performance of update and delete operations. New and interesting methods include Environment.preload, which allows multiple databases to be preloaded simultaneously. New Cursor methods enable for more effective searching through the database. We continue to enhance Berkeley DB Java Edition’s High Availability as well. One new feature is the ability to open a replicated node read-only when the master is unavailable. This can allow critical systems to continue offering some functionality, even during a network or master node failure. There’s a lot more in release 5.0. I encourage you to take a look at the extensive changelog yourself. As always, you can download the new release and try it out here: http://www.oracle.com/technetwork/database/berkeleydb/downloads/index.html

    Read the article

  • How to Own Your Own Website (Even If You Can’t Build One) Pt 3

    - by Eric Z Goodnight
    If you’ve followed along, you’ve bought hosting and installed WordPress software for a swanky new webpage. Today we’ll explain the less obvious perks of WordPress and how you can get a bit more mileage out of your new web software. This is the third and final entry in our series on owning your own website and creating content with a basic WordPress installation. In language any beginner could understand, we’ll talk about the plugins and tweaks that you can use to get features you might have not realized were even possible. How to Own Your Own Website (Even If You Can’t Build One) Pt 3 How to Sync Your Media Across Your Entire House with XBMC How to Own Your Own Website (Even If You Can’t Build One) Pt 2

    Read the article

  • A New Threat To Web Applications: Connection String Parameter Pollution (CSPP)

    - by eric.maurice
    Hi, this is Shaomin Wang. I am a security analyst in Oracle's Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Connection String Parameter Pollution (CSPP). Earlier this year, at the Black Hat DC 2010 Conference, two Spanish security researchers, Jose Palazon and Chema Alonso, unveiled a new class of security vulnerabilities, which target insecure dynamic connections between web applications and databases. The attack called Connection String Parameter Pollution (CSPP) exploits specifically the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. CSPP, if carried out successfully, can be used to steal user identities and hijack web credentials. CSPP is a high risk attack because of the relative ease with which it can be carried out (low access complexity) and the potential results it can have (high impact). In today's blog, we are going to first look at what connection strings are and then review the different ways connection string injections can be leveraged by malicious hackers. We will then discuss how CSPP differs from traditional connection string injection, and the measures organizations can take to prevent this kind of attacks. In web applications, a connection string is a set of values that specifies information to connect to backend data repositories, in most cases, databases. The connection string is passed to a provider or driver to initiate a connection. Vendors or manufacturers write their own providers for different databases. Since there are many different providers and each provider has multiple ways to make a connection, there are many different ways to write a connection string. Here are some examples of connection strings from Oracle Data Provider for .Net/ODP.Net: Oracle Data Provider for .Net / ODP.Net; Manufacturer: Oracle; Type: .NET Framework Class Library: - Using TNS Data Source = orcl; User ID = myUsername; Password = myPassword; - Using integrated security Data Source = orcl; Integrated Security = SSPI; - Using the Easy Connect Naming Method Data Source = username/password@//myserver:1521/my.server.com - Specifying Pooling parameters Data Source=myOracleDB; User Id=myUsername; Password=myPassword; Min Pool Size=10; Connection Lifetime=120; Connection Timeout=60; Incr Pool Size=5; Decr Pool Size=2; There are many variations of the connection strings, but the majority of connection strings are key value pairs delimited by semicolons. Attacks on connection strings are not new (see for example, this SANS White Paper on Securing SQL Connection String). Connection strings are vulnerable to injection attacks when dynamic string concatenation is used to build connection strings based on user input. When the user input is not validated or filtered, and malicious text or characters are not properly escaped, an attacker can potentially access sensitive data or resources. For a number of years now, vendors, including Oracle, have created connection string builder class tools to help developers generate valid connection strings and potentially prevent this kind of vulnerability. Unfortunately, not all application developers use these utilities because they are not aware of the danger posed by this kind of attacks. So how are Connection String parameter Pollution (CSPP) attacks different from traditional Connection String Injection attacks? First, let's look at what parameter pollution attacks are. Parameter pollution is a technique, which typically involves appending repeating parameters to the request strings to attack the receiving end. Much of the public attention around parameter pollution was initiated as a result of a presentation on HTTP Parameter Pollution attacks by Stefano Di Paola and Luca Carettoni delivered at the 2009 Appsec OWASP Conference in Poland. In HTTP Parameter Pollution attacks, an attacker submits additional parameters in HTTP GET/POST to a web application, and if these parameters have the same name as an existing parameter, the web application may react in different ways depends on how the web application and web server deal with multiple parameters with the same name. When applied to connections strings, the rule for the majority of database providers is the "last one wins" algorithm. If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used. This opens the door to some serious attacks. By way of example, in a web application, a user enters username and password; a subsequent connection string is generated to connect to the back end database. Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; In the password field, if the attacker enters "xxx; Integrated Security = true", the connection string becomes, Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; Intergrated Security = true; Under the "last one wins" principle, the web application will then try to connect to the database using the operating system account under which the application is running to bypass normal authentication. CSPP poses serious risks for unprepared organizations. It can be particularly dangerous if an Enterprise Systems Management web front-end is compromised, because attackers can then gain access to control panels to configure databases, systems accounts, etc. Fortunately, organizations can take steps to prevent this kind of attacks. CSPP falls into the Injection category of attacks like Cross Site Scripting or SQL Injection, which are made possible when inputs from users are not properly escaped or sanitized. Escaping is a technique used to ensure that characters (mostly from user inputs) are treated as data, not as characters, that is relevant to the interpreter's parser. Software developers need to become aware of the danger of these attacks and learn about the defenses mechanism they need to introduce in their code. As well, software vendors need to provide templates or classes to facilitate coding and eliminate developers' guesswork for protecting against such vulnerabilities. Oracle has introduced the OracleConnectionStringBuilder class in Oracle Data Provider for .NET. Using this class, developers can employ a configuration file to provide the connection string and/or dynamically set the values through key/value pairs. It makes creating connection strings less error-prone and easier to manager, and ultimately using the OracleConnectionStringBuilder class provides better security against injection into connection strings. For More Information: - The OracleConnectionStringBuilder is located at http://download.oracle.com/docs/cd/B28359_01/win.111/b28375/OracleConnectionStringBuilderClass.htm - Oracle has developed a publicly available course on preventing SQL Injections. The Server Technologies Curriculum course "Defending Against SQL Injection Attacks!" is located at http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm - The OWASP web site also provides a number of useful resources. It is located at http://www.owasp.org/index.php/Main_Page

    Read the article

  • Design and Print Your Own Christmas Cards in MS Word, Part 2: How to Print

    - by Eric Z Goodnight
    Creating greeting cards can be a lot of DIY fun around the holidays, but printing them can often be a nightmare. This simple How-To will show you how to figure out how to perfectly print your half fold card. Last week we showed you how to create a simple, attractive greeting card in Microsoft Word using Creative Commons images and basic fonts. If you missed out, it is still available, and the Word template used here can still be downloaded. If you have already made your Christmas card and are struggling to get it printed right, then this simple How-To is for you Latest Features How-To Geek ETC The How-To Geek Guide to Learning Photoshop, Part 8: Filters Get the Complete Android Guide eBook for Only 99 Cents [Update: Expired] Improve Digital Photography by Calibrating Your Monitor The How-To Geek Guide to Learning Photoshop, Part 7: Design and Typography How to Choose What to Back Up on Your Linux Home Server How To Harmonize Your Dual-Boot Setup for Windows and Ubuntu Hang in There Scrat! – Ice Age Wallpaper How Do You Know When You’ve Passed Geek and Headed to Nerd? On The Tip – A Lamborghini Theme for Chrome and Iron What if Wile E. Coyote and the Road Runner were Human? [Video] Peaceful Winter Cabin Wallpaper Store Tabs for Later Viewing in Opera with Tab Vault

    Read the article

  • Help Us Pick the First T-Shirt Design to Promote How-To Geek

    - by Eric Z Goodnight
    Here’s your first peek at How-To Geek’s new line of merchandise! Tell us what you think, what you like, and what you actually would like to own in this first round of potential HTG tee shirts. If you like the content here at HTG, we’d love to hear back from you—we made these for you, the readers, and we hope to hear what suits you and if you like what we’ve got to offer. Check them out, tell us your thoughts in the comments section (or send us emails at [email protected]) and fill out our poll in the section below.  The design that you like the most will be professionally printed and sold right here at howtogeek.com. Interested in buying one of them right now? Jump to the bottom to be notified when they’re ready for be bought and shipped right to you. How to Own Your Own Website (Even If You Can’t Build One) Pt 3 How to Sync Your Media Across Your Entire House with XBMC How to Own Your Own Website (Even If You Can’t Build One) Pt 2

    Read the article

  • Manual Uninstall Adobe Reader 9.2

    - by Eric Johnson
    Lately, I've been having issues with Adobe Reader and noticed that I had multiple versions installed.  Unfortunately I was unable to remove Reader 9.2 through add/remove programs.  However, I found this handy msi command that manually removed it from my machine. msiexec /x {AC76BA86-7AD7-1033-7B44-A92000000001} /qn

    Read the article

  • 13 Mobile Development Questions to Think About

    - by Eric Johnson
    Why is this important to our business? How is this different than how we develop today?   Why now? What new skills and technologies are required? What devices and standards should we target? Is context-awareness important? Where will applications be deployed? What enterprise capabilities are required to support mobile? What is the roadmap? How is this related or not related to the portal? Are we targeting internal apps, external apps, or both?   Who will consume the apps and with what? How does this change IT service offerings?

    Read the article

  • How can I merge two SubVersion branches to one working copy without committing?

    - by Eric Belair
    My current SubVersion workflow is like so: The trunk is used to make small content changes and bug fixes to the main source code. Branches are used for adding/editing enhancements and projects. So, trunk changes are made, tested, committed and deployed pretty quickly. Whereas, enhancements and projects need additional user testing and approval. At time, I have two branches that need testing and approval at the same time. I don't want to merge to the trunk and commit until the changes are fully tested and approved. What I need to do is merge both branches to one working copy without any commits. I am using Tortoise SVN, and when I try to merge the second branch, I get an error message: Cannot merge into a working copy that has local modifications Is there a way that I can do this without committing either merge?

    Read the article

  • Links from UK TechDays 2010 sessions on Entity Framework, Parallel Programming and Azure

    - by Eric Nelson
    [I will do some longer posts around my sessions when I get back from holiday next week] Big thanks to all those who attended my 3 sessions at TechDays this week (April 13th and 14th, 2010). I really enjoyed both days and watched some great session – my personal fave being the Silverlight/Expression session by my friend and colleague Mike Taulty. The following links should help get you up and running on each of the technologies. Entity Framework 4 Entity Framework 4 Resources http://bit.ly/ef4resources Entity Framework Team Blog http://blogs.msdn.com/adonet Entity Framework Design Blog http://blogs.msdn.com/efdesign/ Parallel Programming Parallel Computing Developer Center http://msdn.com/concurrency Code samples http://code.msdn.microsoft.com/ParExtSamples Managed Team Blog http://blogs.msdn.com/pfxteam Tools Team Blog http://blogs.msdn.com/visualizeparallel My code samples http://gist.github.com/364522  And PDC 2009 session recordings to watch: Windows Azure Platform UK Site http://bit.ly/landazure UK Community http://bit.ly/ukazure (http://ukazure.ning.com ) Feedback www.mygreatwindowsazureidea.com Azure Diagnostics Manager - A client for Windows Azure Diagnostics Cloud Storage Studio - A client for Windows Azure Storage SQL Azure Migration Wizard http://sqlazuremw.codeplex.com

    Read the article

  • Is there a viable alternative to the agile development methodology? [closed]

    - by Eric Wilson
    The two predominant software-development methodologies are waterfall and agile. When discussing these two, there is often much focus on the particular practices that distinguish them (pair programming, TDD, etc. vs. functional spec, big up-front design, etc.) But the real differences are far deeper, in that these practices come from a philosophy. Waterfall says: Change is costly, so it should be minimized. Agile says: Change is inevitable, so make change cheap. My question is, regardless of what you think of TDD or functional specs, is the waterfall development methodology really viable? Does anyone really think that minimizing change in software is a viable option for those that desire to deliver valuable software? Or is the question really about what sort of practices work best in our situations to manage the inevitable change?

    Read the article

  • The king is dead, long live the king&ndash;Cloud Evening 15th Feb in London

    - by Eric Nelson
    Advert alert :-) The UK's only Cloud user group The Cloud is the hot topic. You can’t escape hearing about it everywhere you go. Cloud Evening is the UK’s only cloud-focussed user group. Cloud Evening replaces UKAzureNet, with a new objective to cover all aspects of Cloud Computing, across all platforms, technologies and providers. We want to create a community for developers and architects to come together, learn, share stories and share experiences. Each event we’ll bring you two speakers talking about what’s hot in the world of Cloud. Our first event was a great success and we're now having the second exciting instalment. We're covering running third party applications on Azure and federated identity management. We will, of course, keep you fed and watered with beer and pizza. Spaces are limited so please sign-up now! Agenda 6.00pm – Registration 6.30pm – Windows Azure and running third-party software - using Elevated Privileges, Full IIS or VM Roles  (by @MarkRendle): We all know how simple it is to run your own applications on Azure, but how about existing software? Using the RavenDB document database software as an example, Mark will look at three ways to get 3rd-party software running on Azure, including the use of Start-up Tasks, Full IIS support and VM Roles, with a discussion of the pros and cons of each approach. 7.30pm – Beer and Pizza. 8.00pm – Federated identity – integrating Active Directory with Azure-based apps and Office 365  (by Steve Plank): Steve will cover off how to write great applications which leverage your existing on-premises Active Directory, along with providing seamless access to Office 365. We hope you can join us for what looks set to be a great evening. Register now

    Read the article

  • Installed Ubuntu in VMware Player, Black side bars / broken GUI

    - by Eric
    I recently installed Ubuntu 12.10 in VMware Player and have came up with a black sidebar, missing icons, a pretty broken GUI. Everything works just fine though. I am able to run Firefox and open termainal and all that good stuff just fine, it's just that I can SEE them on the sidebar. I have to open up a seperate window on Windows with a picture of the Ubuntu 12.10 desktop in order for me to know what to click on, but once I do click on it, it's pretty much smooth sailing from there(not counting closing Firefox and several other things). Again, everything works just fine, but when it comes to the sidebar, the GUI, the dashboard (get a completely black screen for when I open dash board), they come up as completely black, broken (visual tears and what not), and hoving over them just brings up a big black bar (assuming it's the "zooming" in of the icon, but it just shows a black bar of where the icon should be). I'm not exactly sure what so do to get this to work (to fix the GUI), any ideas as to what I may do to fix this?

    Read the article

  • What Can Super Mario Teach Us About Graphics Technology?

    - by Eric Z Goodnight
    If you ever played Super Mario Brothers or Mario Galaxy, you probably thought it was only a fun videogame—but fun can be serious.  Super Mario has lessons to teach you might not expect about graphics and the concepts behind them. The basics of image technology (and then some) can all be explained with a little help from everybody’s favorite little plumber. So read on to see what we can learn from Mario about pixels, polygons, computers and math, as well as dispelling a common misconception about those blocky old graphics we remember from when me first met Mario. Latest Features How-To Geek ETC What Can Super Mario Teach Us About Graphics Technology? Windows 7 Service Pack 1 is Released: But Should You Install It? How To Make Hundreds of Complex Photo Edits in Seconds With Photoshop Actions How to Enable User-Specific Wireless Networks in Windows 7 How to Use Google Chrome as Your Default PDF Reader (the Easy Way) How To Remove People and Objects From Photographs In Photoshop Seas0nPass Now Offers Untethered Apple TV Jailbreaking Never Call Me at Work [Humorous Star Wars Video] Add an Image Properties Listing to the Context Menu in Chrome and Iron Add an Easy to View Notification Badge to Tabs in Firefox SpellBook Parks Bookmarklets in Chrome’s Context Menu Drag2Up Brings Multi-Source Drag and Drop Uploading to Firefox

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >