Search Results

Search found 1250 results on 50 pages for 'eric chartier'.

Page 8/50 | < Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >

  • A New Threat To Web Applications: Connection String Parameter Pollution (CSPP)

    - by eric.maurice
    Hi, this is Shaomin Wang. I am a security analyst in Oracle's Security Alerts Group. My primary responsibility is to evaluate the security vulnerabilities reported externally by security researchers on Oracle Fusion Middleware and to ensure timely resolution through the Critical Patch Update. Today, I am going to talk about a serious type of attack: Connection String Parameter Pollution (CSPP). Earlier this year, at the Black Hat DC 2010 Conference, two Spanish security researchers, Jose Palazon and Chema Alonso, unveiled a new class of security vulnerabilities, which target insecure dynamic connections between web applications and databases. The attack called Connection String Parameter Pollution (CSPP) exploits specifically the semicolon delimited database connection strings that are constructed dynamically based on the user inputs from web applications. CSPP, if carried out successfully, can be used to steal user identities and hijack web credentials. CSPP is a high risk attack because of the relative ease with which it can be carried out (low access complexity) and the potential results it can have (high impact). In today's blog, we are going to first look at what connection strings are and then review the different ways connection string injections can be leveraged by malicious hackers. We will then discuss how CSPP differs from traditional connection string injection, and the measures organizations can take to prevent this kind of attacks. In web applications, a connection string is a set of values that specifies information to connect to backend data repositories, in most cases, databases. The connection string is passed to a provider or driver to initiate a connection. Vendors or manufacturers write their own providers for different databases. Since there are many different providers and each provider has multiple ways to make a connection, there are many different ways to write a connection string. Here are some examples of connection strings from Oracle Data Provider for .Net/ODP.Net: Oracle Data Provider for .Net / ODP.Net; Manufacturer: Oracle; Type: .NET Framework Class Library: - Using TNS Data Source = orcl; User ID = myUsername; Password = myPassword; - Using integrated security Data Source = orcl; Integrated Security = SSPI; - Using the Easy Connect Naming Method Data Source = username/password@//myserver:1521/my.server.com - Specifying Pooling parameters Data Source=myOracleDB; User Id=myUsername; Password=myPassword; Min Pool Size=10; Connection Lifetime=120; Connection Timeout=60; Incr Pool Size=5; Decr Pool Size=2; There are many variations of the connection strings, but the majority of connection strings are key value pairs delimited by semicolons. Attacks on connection strings are not new (see for example, this SANS White Paper on Securing SQL Connection String). Connection strings are vulnerable to injection attacks when dynamic string concatenation is used to build connection strings based on user input. When the user input is not validated or filtered, and malicious text or characters are not properly escaped, an attacker can potentially access sensitive data or resources. For a number of years now, vendors, including Oracle, have created connection string builder class tools to help developers generate valid connection strings and potentially prevent this kind of vulnerability. Unfortunately, not all application developers use these utilities because they are not aware of the danger posed by this kind of attacks. So how are Connection String parameter Pollution (CSPP) attacks different from traditional Connection String Injection attacks? First, let's look at what parameter pollution attacks are. Parameter pollution is a technique, which typically involves appending repeating parameters to the request strings to attack the receiving end. Much of the public attention around parameter pollution was initiated as a result of a presentation on HTTP Parameter Pollution attacks by Stefano Di Paola and Luca Carettoni delivered at the 2009 Appsec OWASP Conference in Poland. In HTTP Parameter Pollution attacks, an attacker submits additional parameters in HTTP GET/POST to a web application, and if these parameters have the same name as an existing parameter, the web application may react in different ways depends on how the web application and web server deal with multiple parameters with the same name. When applied to connections strings, the rule for the majority of database providers is the "last one wins" algorithm. If a KEYWORD=VALUE pair occurs more than once in the connection string, the value associated with the LAST occurrence is used. This opens the door to some serious attacks. By way of example, in a web application, a user enters username and password; a subsequent connection string is generated to connect to the back end database. Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; In the password field, if the attacker enters "xxx; Integrated Security = true", the connection string becomes, Data Source = myDataSource; Initial Catalog = db; Integrated Security = no; User ID = myUsername; Password = XXX; Intergrated Security = true; Under the "last one wins" principle, the web application will then try to connect to the database using the operating system account under which the application is running to bypass normal authentication. CSPP poses serious risks for unprepared organizations. It can be particularly dangerous if an Enterprise Systems Management web front-end is compromised, because attackers can then gain access to control panels to configure databases, systems accounts, etc. Fortunately, organizations can take steps to prevent this kind of attacks. CSPP falls into the Injection category of attacks like Cross Site Scripting or SQL Injection, which are made possible when inputs from users are not properly escaped or sanitized. Escaping is a technique used to ensure that characters (mostly from user inputs) are treated as data, not as characters, that is relevant to the interpreter's parser. Software developers need to become aware of the danger of these attacks and learn about the defenses mechanism they need to introduce in their code. As well, software vendors need to provide templates or classes to facilitate coding and eliminate developers' guesswork for protecting against such vulnerabilities. Oracle has introduced the OracleConnectionStringBuilder class in Oracle Data Provider for .NET. Using this class, developers can employ a configuration file to provide the connection string and/or dynamically set the values through key/value pairs. It makes creating connection strings less error-prone and easier to manager, and ultimately using the OracleConnectionStringBuilder class provides better security against injection into connection strings. For More Information: - The OracleConnectionStringBuilder is located at http://download.oracle.com/docs/cd/B28359_01/win.111/b28375/OracleConnectionStringBuilderClass.htm - Oracle has developed a publicly available course on preventing SQL Injections. The Server Technologies Curriculum course "Defending Against SQL Injection Attacks!" is located at http://st-curriculum.oracle.com/tutorial/SQLInjection/index.htm - The OWASP web site also provides a number of useful resources. It is located at http://www.owasp.org/index.php/Main_Page

    Read the article

  • Design and Print Your Own Christmas Cards in MS Word, Part 2: How to Print

    - by Eric Z Goodnight
    Creating greeting cards can be a lot of DIY fun around the holidays, but printing them can often be a nightmare. This simple How-To will show you how to figure out how to perfectly print your half fold card. Last week we showed you how to create a simple, attractive greeting card in Microsoft Word using Creative Commons images and basic fonts. If you missed out, it is still available, and the Word template used here can still be downloaded. If you have already made your Christmas card and are struggling to get it printed right, then this simple How-To is for you Latest Features How-To Geek ETC The How-To Geek Guide to Learning Photoshop, Part 8: Filters Get the Complete Android Guide eBook for Only 99 Cents [Update: Expired] Improve Digital Photography by Calibrating Your Monitor The How-To Geek Guide to Learning Photoshop, Part 7: Design and Typography How to Choose What to Back Up on Your Linux Home Server How To Harmonize Your Dual-Boot Setup for Windows and Ubuntu Hang in There Scrat! – Ice Age Wallpaper How Do You Know When You’ve Passed Geek and Headed to Nerd? On The Tip – A Lamborghini Theme for Chrome and Iron What if Wile E. Coyote and the Road Runner were Human? [Video] Peaceful Winter Cabin Wallpaper Store Tabs for Later Viewing in Opera with Tab Vault

    Read the article

  • Help Us Pick the First T-Shirt Design to Promote How-To Geek

    - by Eric Z Goodnight
    Here’s your first peek at How-To Geek’s new line of merchandise! Tell us what you think, what you like, and what you actually would like to own in this first round of potential HTG tee shirts. If you like the content here at HTG, we’d love to hear back from you—we made these for you, the readers, and we hope to hear what suits you and if you like what we’ve got to offer. Check them out, tell us your thoughts in the comments section (or send us emails at [email protected]) and fill out our poll in the section below.  The design that you like the most will be professionally printed and sold right here at howtogeek.com. Interested in buying one of them right now? Jump to the bottom to be notified when they’re ready for be bought and shipped right to you. How to Own Your Own Website (Even If You Can’t Build One) Pt 3 How to Sync Your Media Across Your Entire House with XBMC How to Own Your Own Website (Even If You Can’t Build One) Pt 2

    Read the article

  • Manual Uninstall Adobe Reader 9.2

    - by Eric Johnson
    Lately, I've been having issues with Adobe Reader and noticed that I had multiple versions installed.  Unfortunately I was unable to remove Reader 9.2 through add/remove programs.  However, I found this handy msi command that manually removed it from my machine. msiexec /x {AC76BA86-7AD7-1033-7B44-A92000000001} /qn

    Read the article

  • 13 Mobile Development Questions to Think About

    - by Eric Johnson
    Why is this important to our business? How is this different than how we develop today?   Why now? What new skills and technologies are required? What devices and standards should we target? Is context-awareness important? Where will applications be deployed? What enterprise capabilities are required to support mobile? What is the roadmap? How is this related or not related to the portal? Are we targeting internal apps, external apps, or both?   Who will consume the apps and with what? How does this change IT service offerings?

    Read the article

  • How can I merge two SubVersion branches to one working copy without committing?

    - by Eric Belair
    My current SubVersion workflow is like so: The trunk is used to make small content changes and bug fixes to the main source code. Branches are used for adding/editing enhancements and projects. So, trunk changes are made, tested, committed and deployed pretty quickly. Whereas, enhancements and projects need additional user testing and approval. At time, I have two branches that need testing and approval at the same time. I don't want to merge to the trunk and commit until the changes are fully tested and approved. What I need to do is merge both branches to one working copy without any commits. I am using Tortoise SVN, and when I try to merge the second branch, I get an error message: Cannot merge into a working copy that has local modifications Is there a way that I can do this without committing either merge?

    Read the article

  • Links from UK TechDays 2010 sessions on Entity Framework, Parallel Programming and Azure

    - by Eric Nelson
    [I will do some longer posts around my sessions when I get back from holiday next week] Big thanks to all those who attended my 3 sessions at TechDays this week (April 13th and 14th, 2010). I really enjoyed both days and watched some great session – my personal fave being the Silverlight/Expression session by my friend and colleague Mike Taulty. The following links should help get you up and running on each of the technologies. Entity Framework 4 Entity Framework 4 Resources http://bit.ly/ef4resources Entity Framework Team Blog http://blogs.msdn.com/adonet Entity Framework Design Blog http://blogs.msdn.com/efdesign/ Parallel Programming Parallel Computing Developer Center http://msdn.com/concurrency Code samples http://code.msdn.microsoft.com/ParExtSamples Managed Team Blog http://blogs.msdn.com/pfxteam Tools Team Blog http://blogs.msdn.com/visualizeparallel My code samples http://gist.github.com/364522  And PDC 2009 session recordings to watch: Windows Azure Platform UK Site http://bit.ly/landazure UK Community http://bit.ly/ukazure (http://ukazure.ning.com ) Feedback www.mygreatwindowsazureidea.com Azure Diagnostics Manager - A client for Windows Azure Diagnostics Cloud Storage Studio - A client for Windows Azure Storage SQL Azure Migration Wizard http://sqlazuremw.codeplex.com

    Read the article

  • Is there a viable alternative to the agile development methodology? [closed]

    - by Eric Wilson
    The two predominant software-development methodologies are waterfall and agile. When discussing these two, there is often much focus on the particular practices that distinguish them (pair programming, TDD, etc. vs. functional spec, big up-front design, etc.) But the real differences are far deeper, in that these practices come from a philosophy. Waterfall says: Change is costly, so it should be minimized. Agile says: Change is inevitable, so make change cheap. My question is, regardless of what you think of TDD or functional specs, is the waterfall development methodology really viable? Does anyone really think that minimizing change in software is a viable option for those that desire to deliver valuable software? Or is the question really about what sort of practices work best in our situations to manage the inevitable change?

    Read the article

  • The king is dead, long live the king&ndash;Cloud Evening 15th Feb in London

    - by Eric Nelson
    Advert alert :-) The UK's only Cloud user group The Cloud is the hot topic. You can’t escape hearing about it everywhere you go. Cloud Evening is the UK’s only cloud-focussed user group. Cloud Evening replaces UKAzureNet, with a new objective to cover all aspects of Cloud Computing, across all platforms, technologies and providers. We want to create a community for developers and architects to come together, learn, share stories and share experiences. Each event we’ll bring you two speakers talking about what’s hot in the world of Cloud. Our first event was a great success and we're now having the second exciting instalment. We're covering running third party applications on Azure and federated identity management. We will, of course, keep you fed and watered with beer and pizza. Spaces are limited so please sign-up now! Agenda 6.00pm – Registration 6.30pm – Windows Azure and running third-party software - using Elevated Privileges, Full IIS or VM Roles  (by @MarkRendle): We all know how simple it is to run your own applications on Azure, but how about existing software? Using the RavenDB document database software as an example, Mark will look at three ways to get 3rd-party software running on Azure, including the use of Start-up Tasks, Full IIS support and VM Roles, with a discussion of the pros and cons of each approach. 7.30pm – Beer and Pizza. 8.00pm – Federated identity – integrating Active Directory with Azure-based apps and Office 365  (by Steve Plank): Steve will cover off how to write great applications which leverage your existing on-premises Active Directory, along with providing seamless access to Office 365. We hope you can join us for what looks set to be a great evening. Register now

    Read the article

  • Installed Ubuntu in VMware Player, Black side bars / broken GUI

    - by Eric
    I recently installed Ubuntu 12.10 in VMware Player and have came up with a black sidebar, missing icons, a pretty broken GUI. Everything works just fine though. I am able to run Firefox and open termainal and all that good stuff just fine, it's just that I can SEE them on the sidebar. I have to open up a seperate window on Windows with a picture of the Ubuntu 12.10 desktop in order for me to know what to click on, but once I do click on it, it's pretty much smooth sailing from there(not counting closing Firefox and several other things). Again, everything works just fine, but when it comes to the sidebar, the GUI, the dashboard (get a completely black screen for when I open dash board), they come up as completely black, broken (visual tears and what not), and hoving over them just brings up a big black bar (assuming it's the "zooming" in of the icon, but it just shows a black bar of where the icon should be). I'm not exactly sure what so do to get this to work (to fix the GUI), any ideas as to what I may do to fix this?

    Read the article

  • What Can Super Mario Teach Us About Graphics Technology?

    - by Eric Z Goodnight
    If you ever played Super Mario Brothers or Mario Galaxy, you probably thought it was only a fun videogame—but fun can be serious.  Super Mario has lessons to teach you might not expect about graphics and the concepts behind them. The basics of image technology (and then some) can all be explained with a little help from everybody’s favorite little plumber. So read on to see what we can learn from Mario about pixels, polygons, computers and math, as well as dispelling a common misconception about those blocky old graphics we remember from when me first met Mario. Latest Features How-To Geek ETC What Can Super Mario Teach Us About Graphics Technology? Windows 7 Service Pack 1 is Released: But Should You Install It? How To Make Hundreds of Complex Photo Edits in Seconds With Photoshop Actions How to Enable User-Specific Wireless Networks in Windows 7 How to Use Google Chrome as Your Default PDF Reader (the Easy Way) How To Remove People and Objects From Photographs In Photoshop Seas0nPass Now Offers Untethered Apple TV Jailbreaking Never Call Me at Work [Humorous Star Wars Video] Add an Image Properties Listing to the Context Menu in Chrome and Iron Add an Easy to View Notification Badge to Tabs in Firefox SpellBook Parks Bookmarklets in Chrome’s Context Menu Drag2Up Brings Multi-Source Drag and Drop Uploading to Firefox

    Read the article

  • Links and code from session on Entity Framework 4, Parallel and C# 4.0 new features

    - by Eric Nelson
    Last week (12th May 2010) I did a session in the city on lot of the new .NET 4.0 Stuff. My demo code and links below. Code Parallel demos http://gist.github.com/364522  C# 4.0 new features http://gist.github.com/403826  EF4 Links Entity Framework 4 Resources http://bit.ly/ef4resources Entity Framework Team Blog http://blogs.msdn.com/adonet Entity Framework Design Blog http://blogs.msdn.com/efdesign/ Parallel Links Parallel Computing Dev Center http://msdn.com/concurrency Code samples http://code.msdn.microsoft.com/ParExtSamples Managed blog http://blogs.msdn.com/pfxteam Tools blog http://blogs.msdn.com/visualizeparallel C# 4.0 New features http://bit.ly/baq3aU  New in .NET 4.0 Coevolution http://bit.ly/axglst  New in C# 4.0 http://bit.ly/bG1U2Y

    Read the article

  • Recent resources on Entity Framework 4

    - by Eric Nelson
    I just posted on the bits you need to install to explore all the features of Entity Framework 4 with the Visual Studio 2010 RC. I’ve also had a quick look (March 12th 2010) to see what new resources are out there on EF4. They appear a little thin on the ground – but there are some gems. The following all caught my attention: Julie Lerman has published 2 How-to-videos on EF4 on pluralsight.com. You need to create a free guest pass to watch them. Getting Started with Entity Framework 4.0 – Session given at Cairo CodeCamp 2010 . This includes ppt and demos. Entity Framework 4 providers – read through the comments What’s new with Entity Framework in Visual Studio 2010 RC Extending the design surface of EF4 using the Extension Starter Kit Persistence Ignorance and EF4 on geekSpeak on channel 9 (poor audio IMHO – I gave up) First of a series of posts on EF4 How to stop your dba having a heart attack with EF4 from Simon Sabin in the UK. This includes ppt and demos. And the biggy. You no longer have to depend on SQL Profiler to keep an eye on the generated SQL. There is now a commercial profiler for Entity Framework.  I am yet to try it – but I listened to a .NET rocks podcast which made it sound great. It is “hidden” in a session on DSLs in Boo –> Oren Eini on creating DSLs in Boo. This is a much richer experience than you would get from SQL Profiler – matching the SQL to the .NET code. And finally a momentous #fail to … drum roll… the Visual Studio 2010 and .NET Framework 4 Training Kit Feb release. This just contains one ppt on EF4 – and it is not even a good one. Real shame. P.S. I will update the 101 EF4 Resources with the above … but post devweek in case I find some more goodies. Related Links 101 EF4 Resources

    Read the article

  • New Release of Oracle Berkeley DB

    - by Eric Jensen
    We are pleased to announce that a new release of Oracle Berkeley DB, version 11.2.5.2.28, is available today. Our latest release includes yet more value added features for SQLite users, as well as several performance enhancements and new customer-requested features to the key-value pair API.  We continue to provide technology leadership, features and performance for SQLite applications.  This release introduces additional features that are not available in native SQLite, and adds functionality allowing customers to create richer, more scalable, more concurrent applications using the Berkeley DB SQL API. This release is compelling to Oracle’s customers and partners because it: delivers a complete, embeddable SQL92 database as a library under 1MB size drop-in API compatible with SQLite version 3 no-oversight, zero-touch database administration industrial quality, battle tested Berkeley DB B-TREE for concurrent transactional data storage New Features Include: MVCC support for even higher concurrency direct SQL support for HA/replication transactionally protected Sequence number generation functions lower memory requirements, shared memory regions and faster/smaller memory on startup easier B-TREE page size configuration with new ''db_tuner" utility New Key-Value API Features Include: HEAP access method for constrained disk-space applications (key-value API) faster QUEUE access method operations for highly concurrent applications -- up 2-3X faster! (key-value API) new X/open compliant XA resource manager, easily integrated with Oracle Tuxedo (key-value API) additional HA/replication management and communication options (key-value API) and a lot more! BDB is hands-down the best edge, mobile, and embedded database available to developers. Downloads available today on the Berkeley DB download pageProduct Documentation

    Read the article

  • Researching runtime technologies (Xmas fun with HTML5)

    - by Eric Nelson
    The Internet Explorer 9.0 team just posted about Pirates love Daises. This is a showcase game for the power of HTML 5 running inside IE 9.0 – and the author has done a fantastic job (you can get more details from Grant’s blog post). A game developer is an ISV (Independent Software Vendor) – a B2C  ISV. In my role I don’t (typically) work with B2C ISVs, hence a reasonable question is “Why blog about it?”. I think applications like this demonstrate the power of HTML 5 and IE9 for delivering really rich user experiences which have the promise of working cross browser and cross platform - in the future as HTML5 capable browsers become the norm. Microsoft is investing heavily in implementing a great “run time” in IE9 if cross platform is an important requirement for your UX. And the other reason for blogging this… it is nearly Xmas and we all should be having a little more fun on the run in. Hence you can play with confidence that your defence to your manager is “I’m just researching a powerful runtime that Microsoft is working on which could be significant to our future B2B product directions” Play now (Needs HTML 5 browser such as IE9) Related Links: To install IE9 Beta or the Preview (which won’t replace your existing IE) check our the IE9 TestDrive center. Learn about our other important UX runtime with the on-demand recordings of the Silverlight FireStarter event. If you want FREE help with new technologies from Microsoft, sign up to Microsoft Platform Ready.

    Read the article

  • SQL Azure maximum database size rises from 10GB to 50GB in June

    - by Eric Nelson
    At Mix we announced that we will be offering a new 50gb size option in June. If you would like to become an early adopter of this new size option before generally available, send an email to [email protected]  and it will auto-reply with instructions to fill out a survey to nominate your application that requires greater than 10gb of storage. Other announcements included: MARS in April: Execute multiple batches in a single connection Spatial Data in June: Geography and geometry types SQL Azure Labs: SQL Azure Labs provides a place where you can access incubations and early preview bits for products and enhancements to SQL Azure. Currently OData Service for SQL Azure. Related Links: SQL Azure Announcements at MIX http://ukazure.ning.com

    Read the article

  • Q&amp;A: What is the UK pricing for the Windows Azure CDN?

    - by Eric Nelson
    The pricing for Windows Azure Content Delivery Network (CDN) was announced last week. The prices are: £0.091 per GB transferred from North America & Europe locations £0.1213 per GB transferred from other locations £0.0061 per 10,000 transactions CDN rates are effective for all billing periods that begin subsequent to June 30, 2010. All usage for billing periods beginning prior to July 1, 2010 will not be charged. To help you determine which pricing plan best suits your needs, please review the comparison table, which includes the CDN information. Steven Nagy has also done an interesting follow up post on CDN. Related Links: Q&A- How can I calculate the TCO and ROI when considering the Windows Azure Platform? Q&A- When do I get charged for compute hours on Windows Azure? Q&A- What are the UK prices for the Windows Azure Platform

    Read the article

  • Why was Python's popularity so sudden? [closed]

    - by Eric Wilson
    Python first appeared in 1991, but it was somewhat unknown until 2004, if the TIOBE rankings quantify anything meaningful. What happened? What caused the interest in this 13 year old language to go through the roof? Is there a reason that Python wasn't considered a real competitor to Perl in its first decade of existence? Is there a reason that Python didn't continue in relative obscurity for another ten years? I personally think that Python is a very nice language, and I'm glad that I'm not the only one. But it doesn't have corporate backing or a killer feature that would explain a sudden rise to relevance. Does anyone know the story?

    Read the article

  • Is Your Desktop Printer More Expensive Than Printing Services?

    - by Eric Z Goodnight
    While many users see desktop printers as the best way to print photos, compared to cheap printing services, they may be more expensive. In this simple How-To, learn how to compare the cost per print to commercial options. Readers may not think of desktop printers as “convenient,” however manufacturers are largely selling the convenience of being able to print at home. Many commercial printers may offer services that are cheaper, even at small quantities. See how a few free downloads, some internet research, and some math can save you money over the holidays Latest Features How-To Geek ETC The Complete List of iPad Tips, Tricks, and Tutorials The 50 Best Registry Hacks that Make Windows Better The How-To Geek Holiday Gift Guide (Geeky Stuff We Like) LCD? LED? Plasma? The How-To Geek Guide to HDTV Technology The How-To Geek Guide to Learning Photoshop, Part 8: Filters Improve Digital Photography by Calibrating Your Monitor The Brothers Mario – Epic Gangland Style Mario Brothers Movie Trailer [Video] Score Awesome Games on the Cheap with the Humble Indie Bundle Add a Colorful Christmas Theme to Your Windows 7 Desktop This Windows Hack Changes the Blue Screen of Death to Red Edit Images Quickly in Firefox with Pixlr Grabber Zoho Writer, Sheet, and Show Now Available in Chrome Web Store

    Read the article

  • Highlights from recent Yammer video

    - by Eric Jensen
    Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin;} A few weeks back, Ryan Kennedy of Yammer gave a talk about Berkeley DB Java Edition. You can find it posted here on Alex Popescu's Blog, or go directly to the video post itself. It was full of useful nuggets of information, such as why they chose to use BDB JE, performance, and some tips & tricks at the end. At over 40 minutes, the video is quite long. Ryan is an entertaining speaker, so I suggest you watch all of it. But if you only have time for the highlights, here are some times you can sync to:  06:18 hear the Berkeley DB JE features that caused Yammer select it, including: replication auto leader election, failover configurable durability and consistency guarantees 23:10 System performance characteristics 35:08 Check out the tips and tricks for using Berkeley DB JE I know the Berkeley DB development team is very pleased that BDB JE is working out well for Yammer. We definitely encourage others out there to take note of this success, especially if your requirements are similar to Yammer's (which Ryan outlines at the beginning of his talk)

    Read the article

  • Is Ubuntu workable as a laptop for an IT consultant?

    - by Eric Wilson
    I work as a consultant programmer, typically in large businesses. I use a Windows Laptop, and many of my colleagues use a Mac. My personal preference would be to run Ubuntu if I could have complete control over my development environment. But I will have occasional need for Microsoft specific products, especially IE. My colleagues that use a Mac often run Windows on a virtual machine for these situations. My question is: Is Ubuntu a workable solution for the laptop of an enterprise programmer? For example, is it as easy to run Windows on a VM on Ubuntu as it is on a Mac? Has anyone out there tried this? Is there any particular reason why Ubuntu would not serve as well as a Mac for development in this environment? Note that I am not doing .NET development, so I am typically dealing with Java that is going to be run on an Apache server and used by clients running Windows.

    Read the article

  • HTG Projects: Create a Pop Art Sci-Fi Poster with an Inkjet Printer

    - by Eric Z Goodnight
    Looking to decorate your house with some cool artwork? Grab some of your favorite Sci-Fi pics and some surprisingly simple tools, and create a Pop Art style poster in minutes. Through a simple process called “posterization,” you can reduce any graphic into a cool limited graphic with a similar look that Andy Warhol would have used when he created his famous Marylin Monroe image in the sixties. Pick a theme, grab some images, and get ready to decorate your home with a surprisingly easy and surprisingly cool poster any inkjet printer can produce Latest Features How-To Geek ETC HTG Projects: How to Create Your Own Custom Papercraft Toy How to Combine Rescue Disks to Create the Ultimate Windows Repair Disk What is Camera Raw, and Why Would a Professional Prefer it to JPG? The How-To Geek Guide to Audio Editing: The Basics How To Boot 10 Different Live CDs From 1 USB Flash Drive The 20 Best How-To Geek Linux Articles of 2010 Arctic Theme for Windows 7 Gives Your Desktop an Icy Touch Install LibreOffice via PPA and Receive Auto-Updates in Ubuntu Creative Portraits Peek Inside the Guts of Modern Electronics Scenic Winter Lane Wallpaper to Create a Relaxing Mood Access Your Web Apps Directly Using the Context Menu in Chrome The Deep – Awesome Use of Metal Objects as Deep Sea Creatures [Video]

    Read the article

  • TechEd Europe early bird saving &ndash; register by 5th July

    - by Eric Nelson
    Another event advert alert :-) But this one comes with a cautious warning. I spoke at TechEd Europe last year. I found TechEd to be a huge, extremely well run conference filled with great speakers and passionate attendees in a top notch venue and fascinating city. As an “IT Pro” I think it is the premiere conference for Microsoft technologies in Europe. However, IMHO and those of others I trust, I didn’t think it hit the mark for developers in 2009. There was a fairly obvious reason – the PDC was scheduled to take place only a couple of weeks later which meant the “powder was being kept dry” and (IMHO) some of the best speakers on developer technologies were elsewhere. But I’m reasonably certain that this won’t be repeated this year (Err… Have I missed an announcement about “no pdc in 2010”?) Enjoy: Register for Tech·Ed Europe by 5 July and Save €500 Tech·Ed Europe returns to Berlin this November 8 – 12, for a full week of deep technical education, hands-on-learning and opportunities to connect with Microsoft and Community experts one-on-one.  Register by 5 July and receive your conference pass for only €1,395 – a €500 savings. Arrive Early and Get a Jumpstart on Technical Sessions Choose from 8 pre-conference seminars led by Microsoft and industry experts, and selected to give you a jumpstart on technical learning.  Additional fees apply.  Conference attendees receive a €100 discount.   Join the Tech·Ed Europe Email List for Event Updates Get the latest event news before the event, and find out more about what’s happening onsite.  Join the Tech·Ed Europe email list today!

    Read the article

  • Azure eBook Update #1 &ndash; 16 authors so far!

    - by Eric Nelson
    I just wanted to share with folks where we are up to with the Windows Azure eBook (Check out the original post for full details) I have had lots of great submissions from folks with some awesome stuff to share on Azure. Currently we have 16 authors and 25 proposed articles. There is still a couple of days left to submit your proposal if you would like to get involved (see the original post ) and some topic suggestions below for which we don’t currently have authors. It is official – I’m excited! :-) Article Area Accepted Wikipedia Explorer: A case study how we did it and why. CaseSetudy Optional Patterns for the Windows Azure Platform (picking up 1 or 2 patterns that seem to be evolving) Architecture Optional Azure and cost-oriented architecture. Architecture Yes Code walkthrough of a comprehensive application submitted to newCloudApp contest CaseSetudy Yes Principles of highly scalable apps on Azure Compute Optional Auto-Scaling Azure Compute Yes Implementing a distributed cache using memcached with worker roles Interop Yes Building a content-based router service to direct requests to internal HTTP endpoints Compute Optional How to debug an Azure app by with a custom TraceListener & the AppFabric Service Bus AppFabric Yes How to host Java apps in Azure Interop Yes Bing Maps Tile Servers using Azure Blog Storage Interop Yes Tricks for storing time and date fields in Table Storage Storage Yes Service Runtime in Windows Azure Compute Yes Azure Drive Storage Optional Queries in Azure Table Storage Optional Getting RubyOnRails running on Azure Interop Yes Consuming Azure services within Windows Phone Interop Yes De-risking Your First Azure Project Architecture Yes Designing for failure Architecture Optional Connecting to SQL Azure In x Minutes SQLAzure Yes Using Azure Table Service as a NoSQL store via the REST API Storage Yes Azure Table Service REST API Storage Optional Threading, Scalability and Reliability in the Cloud Compute Yes Azure Diagnostics Compute Yes 5 steps to getting started with Windows Azure Introduction Yes The best tools for working with Windows Azure Tools Author Needed Understanding how SQL Azure works SQLAzure Author Needed Getting started with AppFabric Control Services AppFabric Author Needed Using the Microsoft Sync Framework with SQL Azure SQLAzure Author Needed Dallas - just a TV show or something more? Dallas Author Needed Comparing Azure to other cloud offerings Interop Author Needed Hybrid solutions using Azure and on-premise Interop Author Needed

    Read the article

  • Avoid SEO loss after URL structure change

    - by Eric Nguyen
    We recently re-wrote our site from Umbraco to WordPress. This has been done by third-party developers. I have been the project manager and it is my mistake that I haven't notice the change of URLs that affect SEO until now. New site was launch last Thursday. The old URL for a "place" (a WordPress custom post type, in case you're WordPress expert and want/ need to point me to another discussion on WP Stackexchange) page is as follows: ourdomain.com/singapore/central/alexandra/an-interesting-place Now it has been changed to ourdomain.com/places/an-interesting-place I have already requested the third-party developers to work rewriting the URLs to emulate the old URL structure. However, it's taking quite a lot of time (we have multiple custom post types e.g. events etc. so it might be complicated; the developers seem quite by blur when I first mentioned rewriting URLs for the custom post types) In the meantime, I wonder if there is a quicker work around for this 1) Use .htaccess to rewrite ourdomain.com/singapore/central/alexandra/an-interesting-place to ourdomain.com/places/an-interesting-place This should avoid 90% loss of the search traffic. I suppose I can learn how to do this quite quickly but no harm mentioning it here 2) Use rel="canonical" to indicate that ourdomain.com/places/an-interesting-place is the exact duplicate of ourdomain.com/singapore/central/alexandra/an-interesting-place I will definitely go for both approaches (and also I'm changing 404 page to cater for this temporary isue) but I wonder if 2) is even feasible and if I have missed anything. Is there anything else you could recommend me in this situation. Let me know if my question is not clear anywhere. Clarifications The old website is on a Windows Server EC2 completely separated from the Linux EC2 instance on which the new site is running. In addition, the same domain "ourdomain.com" is used here (an A record is used to point to an EC2 Elastic IP). Therefore, the old server is completely inaccessible at the moment, unless you we use the IP address to old server (which doesn't help me at all in this case). Even if the old server is accessible, I can't see where one can put the .htaccess or a HTML file to do 301 redirect here. Unless I'm successful with my approach 1) or the developers can rewrite the URLs with coding, 404 page is really a choice for me.

    Read the article

< Previous Page | 4 5 6 7 8 9 10 11 12 13 14 15  | Next Page >