This is a mirror of official site: http://jasper-net.blogspot.com/

Creative walls

| Thursday, March 11, 2010

Skype URI Handler Input Validation

|
   (    , )     (,
.   `.' ) ('.    ',
 ). , ('.   ( ) (
(_,) .`), ) _ _,
/  _____/  / _  \    ____  ____   _____
\____  \==/ /_\  \ _/ ___\/  _ \ /     \
/       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
      \/         \/.-.    \/         \/:wq
                  (x.0)
                '=.|w|.='
                _='`"``=.

      presents..

Skype URI Handler Input Validation
Versions affected: All versions prior to 4.2.0.1.55 (v4.2 hotfix #1)


+-----------+
|Description|
+-----------+

The Windows Skype client implements two URI handlers, Skype: and Skype-Plugin. Both handlers allow for easy browser integration and are supported by all
modern browsers. When a Skype link is clicked, the Skype.exe process is spawned with the "/URI:%1" command argument, followed by the user specified
phone number or contact name. For example, clicking the link:
  Skype:PaulCraig will spawn the process Skype.exe “/URI:Skype:PaulCraig“

 Due to a flaw in the current user input validation performed by Skype, it is possible to append additional command line arguments which are subsequently
processed during the launch of Skype.exe.

 In 2006 colleague Brett Moore, discovered a similar vulnerability in Skype which led to certain security restrictions being enforced when using the
Skype: URI handler. Brett’s exploit at the time involved including additional command line arguments to the Skype.exe process which would send a file to a
remote user when a Skype link was clicked. Changes were made to Skype to remove available command line arguments when the /URI argument is present, and to resolve the discovered injection vulnerability.

 Although many of the useful arguments have been disallowed, Security-Assessment.com found that the /Datapath argument can be included and directed to a remote SMB share directly through a specially crafted Skype URI.

  The Datapath argument specifies the location of the Skype configuration files and security policy. Specifying a Datapath argument will override any local security policy defined in the Windows registry.

  A remote user is capable of crafting a link that when clicked, will spawn Skype.exe on a client using a Datapath location which is present on a remote
SMB share. The Skype client will load any configuration or security policy present, and save the users Skype account information to the remote share.

 This allows a remote user to control the Skype configuration and security policy of the local client instance of Skype. Settings such as a remote
proxy can be defined, which could be used to Man in The Middle Skype communications.

Read more: Bugtraq

Posted via email from jasper22's posterous

ASP.NET 1.1 missing under IIS7 on Windows 2008 x64 server

|
 So I assume that you have already installed .NET framework 1.1 and .NET 1.1 SP1 on the server but if you haven’t then here are the links to download the same. I am sure all of you might be knowing that Windows server 2008 doesn’t have .NET 1.1 pre-installed like the way it was the case with Windows server 2003. And also .NET 1.1 doesn’t have any 64bit version.

# Download .NET Fx 1.1 from http://www.microsoft.com/downloads/details.aspx?familyid=A8F5654F-088E-40B2-BBDB-A83353618B38&displaylang=en
# Download .NET Fx 1.1 SP1 from http://www.microsoft.com/downloads/details.aspx?familyid=A8F5654F-088E-40B2-BBDB-A83353618B38&displaylang=en

 If .NET 1.1 is installed on the server then in IIS7 you should see an application pool with the name “ASP.NET 1.1” . Also under the ISAPI and CGI restriction feature of IIS7 you should see ASP.NET 1.1 extension listed though it might not be allowed by default.

Now if you go to the application pools tree view option and try to create a new application pool , you will not see .NET 1.1 framework option under the drop down box.

There are couple of ways by which you can either configure an existing or a new application pool to run under ASP.NET 1.1 and here are those.

Method 1.

Open the ApplicationHost.config file located under the C:\windows\system32\inetsrv\config\ folder and just find the application pool name you are looking to run under .NET 1.1. Suppose the Application Pool Name is “TEST”. This is how the “TEST” application pool element should look like under ApplicationHost.config.

<add name="Test" enable32BitAppOnWin64="true" managedRuntimeVersion="v1.1" managedPipelineMode="Classic" autoStart="true" />

A thing to note here is that application pool configured to run under .NET 1.1 framework will only be allowed to have Classic Pipeline.

Following KB article illustrates this. http://support.microsoft.com/kb/949353

Method 2.


Read more: Experience is what you get when you don’t get what you want.

Posted via email from jasper22's posterous

WCF multipleSiteBindingsEnabled

|

כאשר רוצים לאחסן שרות WCF תחת IIS ושיהיה אפשר להגיעה אליו ע"י מספר שמות למשל:

אפשר להשתמש ביכולת חדשה של WCF 4.0:

image


Read more: I love C#

Posted via email from jasper22's posterous

Finding awesome stuff online with Google Reader Play

|
I use Google Reader a lot — not only to stay on top of the news, but also to find interesting blog  posts and  articles. I’m always telling my friends about Google Reader, and while some of them love it, others don’t want to take the time to set it up. For those of you who fall into this second category, we’re announcing Google Reader Play, a new product that makes the best stuff in Reader more accessible for everyone. Reader Play is a new way to browse interesting stuff on the web, customized to the topics you’re interested in, with no setup required.

Items in Reader Play are presented one at a time, and images and videos are automatically enlarged to maximize the viewing experience. We use the technology behind Recommended Items in Reader to populate Reader Play with the most interesting content on the web. While you don’t need a Google account to use Reader Play, your experience will be personalized if you sign in. As you browse, you can let us know which items you enjoy by clicking the "like" button, and we'll use that info to show you other content we think you’ll enjoy.

Read more: Official Google blog

Posted via email from jasper22's posterous

Multimediakeys with .Xmodmap HOWTO

|
This HowTo describes how to activate the extra keys (multimedia keys) like "mute", "play" and "mail" based on the ".Xmodmap" file when you are using a windowmanager based on a graphics environment like XFree86 or Xorg.

Read more: Xmodmap

Posted via email from jasper22's posterous

LHC Will Be Shut Down In 2011 Because of "Mistake"

|
It's to be expected when pushing the frontiers of physics, but the LHC's epic 'will it or won't it' saga continues. Due to an unforeseen construction mistake, the LHC will cease experiments for a year (starting around late-2011) so repairs and upgrades can be carried out. For now, accelerated particles will have a maximum energy of 7TeV (half the power of the LHC's design maximum), which is ample for at least 18 months of experiments before shutdown.

Read more: Slashdot

Posted via email from jasper22's posterous

OpenSSH 5.4 Released

|
As posted on the OpenBSD Journal, OpenSSH 5.4 has been released: 'Some highlights of this release are the disabling of protocol 1 by default, certificate authentication, a new "netcat mode," many changes on the sftp front (both client and server) and a collection of assorted bugfixes. The new release can already be found on a large number of mirrors and of course on www.openssh.com.

Read more: Slashdot

Posted via email from jasper22's posterous

GreenGnome Desktop Environment

|
300px-Greengnome-screenshot.png?attredirects=0

GreenGnome is a free, modern desktop environment for Windows XP. Written completely from scratch, it aims to become the first Windows like operative system and follow the Windows architecture designed by Microsoft from the hardware level right through to the application level. This is not a Unixlike based system (as GNU/Linux).
The main goal of the GreenGnome project is to provide an operating system which is binary compatible with Windows. This will allow your Windows applications and drivers to run as they would on your Windows system. Additionally, the look and feel of the Gnome desktop environment is used. The ultimate goal of GreenGnome is to allow you to remove Windows and install GreenGnome.

Read more: GreenGnome

Posted via email from jasper22's posterous

Use Windows Live Writer with Posterous

|
I just came across a great tip for Posterous bloggers on the LifeRocks blog. If you’re among those who prefer Posterous’s simplified blogging platform over the more complex options from Moveable Type, Wordpress and the like, you’ll be happy to know that you can use Windows Live Writer to post to Posterous.

Now why would you want to do that considering that Posterous is already one of the easiest platforms to publish to? Well, maybe you want to send the same post to both your traditional blog or website and your Posterous blog at the same time. If you create the post in WLW, that’s possible. You would just write the post once, publish it to one site, then switch blogs to publish it a second time to the other site. Or maybe you just prefer WLW’s interface over anything else (I know I do!).

In order to support Posertous publishing, you’ll need to grab the Writerous plugin from Codeplex.

Read more: on10

Posted via email from jasper22's posterous

Скрейпинг сайтов с .Net и WatiN

|
Рано или поздно у каждого разработчика появится соблазн «скачать» какой-нибудь сайт, либо для того чтобы получить или проанализировать определенный контент, либо просто доказать себе что это в его (её) силах. На самом деле, получить доступ к HTML определенного сайта просто, но проблемы начинаются тогда, когда сайт требует авторизации или содержит контент в виде картинки (например капчу или текст). В этом посте я расскажу какими методами я получаю контент с сайтов и что я с ним делаю.
Как получить текст?

Первый инструмент который я использую называется WatiN. Этот фреймворк используется для интерактивного тестирования веб-приложений. С помощью него, ваша .Net программа может открыть браузер, перейти на определенную страницу, нажать на кнопку или проверить что открылось ожидаемое окошко. WatiN предоставляет более-менее объектную модель, с помощью которой можно разбирать страницу на ее DOM составляющие и вытаскивать из них информацию.

Read more: Дмитрий Нестерук – Статьи

Posted via email from jasper22's posterous

Steps for internationalizing your application: Globalization and Localization

|
Today I am going to show on how we can internationalize the an asp.net application. I have gone through some scenarios and error and they have been discussed as well. Moreover, I have also described about Satellite assembly versioning facts.

Here it goes:

  1. Open the Microsoft Visual Studio 2008(Recommended VS2008 SP1).
  2. Open a new web application project in your preferred language. I am using C#.
  3. In the solution explorer, you will see default.aspx page and if we expand “Show all files”, we will see “Default.aspx.cx” and a designer file (Default.aspx.designer.cx) as well.
  4. Add a App_GlobalResources ASP.Net Folder by right clicking on the “Project” and click on Add.
  5. This will add App_GlobalResources folder to the Project/Solution.
  6. Now, here we have to be cautious on what we add.
  7. Lets add a new item to the App_GlobalResources.
  8. Right click on the App_GlobalResources folder, it should automatically reflect “Resource1.resx”file.
  9. Change the file name to a general name, say “Strings.resx” or “Localization.resx”
 10. I will keep the name of the resource as “Strings”.
 11. This will add a new resource to the App_GlobalResources folder.
 12. NOTE: It is necessary to have a default resource file . Without the default resource file(in my case it is “Strings.aspx”) it is going to throw following error.

Server Error in '/' Application.

Could not load file or assembly 'App_GlobalResources' or one of its dependencies. The system cannot find the file specified.

Read more: Navigate till the end

Posted via email from jasper22's posterous

Project Wonderland

|
Use Project Wonderland to build your virtual world! Create dynamic learning environments, collaborative business applications, or interactive, multi-user simulations. Start with a blank slate, or modify an existing world. While some types of worlds can be created by end-users or 3D artists, this toolkit is designed primarily for developers familiar with the Java programming language. As a developer, you can extend any part of the system and add functionality by creating modules, the Wonderland version of plugins.

Read more: Project Wonderland

Posted via email from jasper22's posterous

Session: Debugging .NET Applications with WinDbg

|
If you ever had a hang, performance issue, memory leak, crash, or cryptic exception in a .NET application that you couldn't fix, then maybe it is time to pull out the big guns and start looking at windbg and sos. Join Tess as she walks through a number of these issues and talks about how to debug them. This demo-intensive session also shows you how you can use new features in Visual Studio .NET 2010 to look at post-mortem dumps and troubleshoot these types of issues.

Read more: 0Redev ( + video)

Posted via email from jasper22's posterous

Benchmarking: 1-TB table population

|
As part of my new benchmarking series I first wanted to play around with different configurations of data files and backup files for a 1-TB database to see what kind of performance gains I can get invoking the parallelism possible when backing up and restoring the database. To do that I need a way to quickly populate a 1-TB database so that I can mess around with different numbers of files and so on. It doesn't matter what the data in the database is, as backup doesn't care - as long as there's a terabyte of it. Why a terabyte? It's a nice round number, it's a common enough database size right now, and I have the storage to play around with it.

But then my plans got derailed. In figuring out how to most quickly populate a 1-TB database, I realized that in itself would be an interesting benchmark to explore, so that's what I'm doing first.

My aim is to give you improvements you can use in real life. If you think this is going to be boring, skip down to the end of the post where I show a detailed perfmon and explain what's going on in my overloaded IO subsystem, then come back up here :-)

The baseline for this benchmark is contrived - I'm going to populate a 1-TB clustered index (so I can do other experiments with the index) as quickly as I can. The interesting part is that I'm starting with a brain-dead database layout, configuration, and method of populating the table, and then I'm going to alter different things to see the effect on the system. The effects and gains will be the interesting part as it will expose parts of how SQL Server works which *WILL* be applicable to real-life situations and workloads - the whole point of me doing all of this is to show you improvements, why they work, and how they could be useful to you.

When doing any kind of performance testing it's *essential* to have a baseline with which to compare - otherwise how do you know what effect a variation is having? This post describes my baseline setup, measurements, and limitations I start to notice.

Read more: Part 1: the baseline, Part 2: optimizing log block IO size and how log IO works, Part 3: separating data and log files, Part 4: network optimization

Posted via email from jasper22's posterous

Известные баги System.Net.Mail.SmtpClient в .NET 3.5

|
Сегодня открыл для себя некоторые глюки класса System.Net.Mail.SmtpClient в .net framework 3.5. (Я уже не говорю что творилось с System.Web.Mail.*, но оно уже obsolete и слава небесам. RIP).

1. Некорректная реализация команды EHLO протокола SMTP. Согласно RFC#821 ещё лохматого года необходимо передавать FQDN хоста-отправителя, причем по RFC это правило строгое. Вместо этого в MS решили, что хватит и NetBIOS-имени компа. Соответственно сервера, не отклоняющиеся от стандарта посылают ентот SmtpClient лесом, как пытающийся разослать спам. Решения нет. Есть только очень неочевидный WorkAround через Reflection.

2. Вытекает из первого. MS хотела как лучше, и разрешила называть компьютеры в NetBIOS сетях именами с символами из национальных алфавитов. Мало того, собсно Windows 7 RU предлагает подобное имя при установке! (Правда при попытке сменить руками, уже после установки, честно предупреждает что нехорошо использовать символы русского алфавита). И, как я уже говорил выше, это NetBIOS-имя использует SmtpClient в качестве имени хоста, правда никак не кодируя символы национальных алфавитов. После чего сам же валится с исключением "недопустимый знак в заголовке электронной почты". Собственно исключение то другое, но вот InnerException именно такой. Решения нет. Есть только очень неочевидный WorkAround через Reflection.

Read more: Brain IT!

Posted via email from jasper22's posterous

Using Windows AIK to Automate Windows 7 Deployment

|
If you are looking for a way to do massive Windows 7 migration, Microsoft has updated its own tool sets for this purpose, called the Windows Automated Installation Kit or WAIK. It has a lot of new features for both Windows 7 and Windows Server 2008 R2. This screencast shows how it works.

I recommend WAIK if you have already tried out earlier versions and know your way around SYSPREP and Windows volume licenses. Be prepared for a somewhat steep learning curve, especially if you are going to try to automate everything for your deployments and have a large collection of diverse PC hardware. While you can’t beat the cost (it is free), Kbox or SmartDeploy might be a better alternative for these more complex situations.

Read more: IT Expert Voice
Download: WAIK

Posted via email from jasper22's posterous

Titanium 1.0

|
Today is a major milestone in the evolution of the web as an open development platform.  Appcelerator's newly unveiled Titanium 1.0 framework lets web developers build native applications for the iPhone and Android phones using nothing but web languages.  This means that Titanium applications can leverage any functionality of the iPhone or Android operating systems without going through a browser or WebView.  Over 27,000 developers have already started using Titanium with an average of 5,000 new users per month.  DZone talked to Scott Schwarzhoff, who was once an independent developer himself and is now Appcelerator's VP of marketing.

Your Choices as a Mobile Developer

Mobile developers have traditionally had to decide whether they want to build native apps or web apps for mobile devices.  Native apps have most of the advantages in performance and seamless usability.  The user experience on a web app can't leverage the relationship between the user and the device in the same way that native apps can.   If mobile developers choose to build native apps, the investment is significant.  

Forrester Research finds that most applications take at least three months to develop working full-time.  The cost is between $20k - $150 for each application, and Schwarzhoff says that's a tame estimate.  There's also the blaring fact that you are locked into one platform with its own particular SDK.  Developing for multiple platforms means you have to learn multiple languages.  With the mobile market moving so fast, who knows what the next major platform will be in 5-10 years?

Read more: DZone

Posted via email from jasper22's posterous

Memory Barriers and JVM Concurrency

|
Memory barriers, or fences, are a set of processor instructions used to apply ordering limitations on memory operations. This article explains the impact memory barriers have on the determinism of multi-threaded programs. We'll look at how memory barriers relate to JVM concurrency constructs such as volatile, synchronized and atomic conditionals. It is assumed the reader has a solid understanding of these concepts and the Java memory model. This is not an article about mutual exclusion, parallelism or atomicity per se. Memory barriers are used to achieve an equally important element of concurrent programming called visibility.

Why Are Memory Barriers Important?

A trip to main memory costs hundreds of clock cycles on commodity hardware. Processors use caching to decrease the costs of memory latency by orders of magnitude. These caches re-order pending memory operations for the sake of performance. In other words, the reads and writes of a program are not necessarily performed in the order in which they are given to the processor. When data is immutable and/or confined to the scope of one thread these optimizations are harmless. Combining these optimizations with symmetric multi-processing and shared mutable state on the other hand can be a nightmare. A program can behave non-deterministically when memory operations on shared mutable state are re-ordered. It is possible for a thread to write values that become visible to another thread in ways that are inconsistent with the order in which they were written. A properly placed memory barrier prevents this problem by forcing the processor to serialize pending memory operations.
Memory Barriers As Protocols

Memory barriers are not directly exposed by the JVM; instead they are inserted into the instruction sequence by the JVM in order to uphold the semantics of language level concurrency primitives. We'll look at the source code and assembly instructions of some simple Java programs to see how. Let's begin a crash course in memory barriers with Dekker's algorithm. This algorithm uses three volatile variables to coordinate access to a shared resource between two threads.

Try not to focus on the finer details of this algorithm. Which parts are relevant? Each thread attempts to enter the critical section on the first line of code by signaling intent to do so. If a thread observes a conflict on line three (both threads have signaled intent) the conflict is resolved by turn taking. Only one thread can access the critical section at a given point in time.

Read more: InfoQ

Posted via email from jasper22's posterous

Secure IOS Template Version 6.2 01 FEB 2010

|
Introduction

One of the challenges of any network is how to mitigate, if not deny, the various attacks launched daily on the Internet. While blocking the script kiddies and their attempts to gain root or scan a subnet is one challenge, a greater challenge has been to mitigate the DDoS attacks. While nothing is foolproof, layers of protection can be applied to the problem.

Taking a holistic view of the challenge led to the creation of the layered approach. In this approach, the following philosophies are applied:

  1. The border router provides for protocol protection and defends itself and the firewall.
  2. The firewall provides port protection and defends itself and the host residing behind it.
  3. The end stations are configured to survive various DOS attacks as well as to reduce the number of noxious services which might be exploited.

This results in the "funnel effect," wherein progressively less nasty traffic comes through the overall pipe. The network is "crunchy through and through," not just at the edges.

A brief aside - If you are interested in tuning your UNIX systems to provide additional defense against myriad attack types, please peruse my UNIX IP Stack Tuning Guide.

Read more: Secure IOS Template Version 6.2 01 FEB 2010

Posted via email from jasper22's posterous

Glide Gdrive – 30GB online storage for free

| Wednesday, March 10, 2010
Most of us knew about Microsoft’s Skydrive which offered 25GB of free online storage. Skydrive has its restrictions like 50MB max file size and a bad uploader which doesn’t function as we would like it to. The other option was to setup Skydrive FTP like connection that you could use through My Computer to transfer files.

Glide Society has come up with Gdrive which offers 30 GB of free online storage space without any of the restrictions that Skydrive has. It is an advertisment free, cloud computing solution that can be used by upto 6 different people in one account.

Read more: Techie portal

Posted via email from jasper22's posterous

Untitled

|

Understanding where your virtual machine files are [Hyper-V]

|
To be honest, I am surprised that I have not blogged about this before, but today I would like to talk about how virtual machine files are placed on the hard disk.

Virtual Machine files

The first thing to know is what files are used to create a virtual machine:

   * .XML files
         o These files contain the virtual machine configuration details.  There is one of these for each virtual machine and each snapshot of a virtual machine.  They are always named with the GUID used to internally identify the virtual machine or snapshot in question.
   * .BIN files
         o This file contains the memory of a virtual machine or snapshot that is in a saved state.
   * .VSV files
         o This file contains the saved state from the devices associated with the virtual machine.
   * .VHD files
         o These are the virtual hard disk files for the virtual machine
   * .AVHD files
         o These are the differencing disk files used for virtual machine snapshots

Understanding data roots

Hyper-V has a concept of the “virtual machine data root” and the “virtual machine snapshot root”.  These are the locations where the virtual machine configuration (.XML) and saved state (.BIN & .VSV) files are stored.  For example – a virtual machine which had a virtual machine data root of “D:\Foo” and a snapshot data root of “D:\Foo” and had two snapshots would have a file structure like this:

D:\Foo
D:\Foo\Snapshots
D:\Foo\Snapshots\[Snapshot #1 GUID directory]
D:\Foo\Snapshots\[Snapshot #1 GUID].XML
D:\Foo\Snapshots\[Snapshot #2 GUID directory]
D:\Foo\Snapshots\[Snapshot #2 GUID].XML
D:\Foo\Virtual Machines
D:\Foo\Virtual Machines\[Virtual Machine GUID directory]
D:\Foo\Virtual Machines\[Virtual Machine GUID].XML

Read more: Virtual PC Guy's Blog

Posted via email from jasper22's posterous

Retrieving Kernel32's Base Address

|
For shellcode, a common method to resolve the addresses of library functions needed, is to get the base address of the kernel32.dll image in memory and retrieve the addresses of GetProcAddress and LoadLibraryA by parsing the kernel32 images Export Address Table (EAT). These two functions can then be used to resolve the remaining functions needed by the shellcode. To retrieve the kernel32.dll base address most shellcodes use the Process Environment Block (PEB) structure to retrieve a list of modules currently loaded in the processes address space. The InInitializationOrder module list pointed to by the PEB's Ldr structure holds a linked list of modules. Typically the second entry in this list has always been that of kernel32.dll. The code used to retrieve the kernel32 base address based on this method is shown below:

xor ebx, ebx             // clear ebx
mov ebx, fs:[ 0x30 ]     // get a pointer to the PEB
mov ebx, [ ebx + 0x0C ]  // get PEB->Ldr
mov ebx, [ ebx + 0x1C ]  // get PEB->Ldr.InInitializationOrderModuleList.Flink (1st entry)
mov ebx, [ ebx ]         // get the next entry (2nd entry)
mov ebx, [ ebx + 0x08 ]  // get the 2nd entries base address (kernel32.dll)

This method has worked for all versions of Windows from Windows 2000 up to and including Windows Vista. The introduction of Windows 7 (rc1) has broken this method of retrieving the kernel32 base address due to the new MinWin kernel structure employed by Windows 7. A new module kernelbase.dll is loaded before kernel32.dll and as such appears in the second entry of the InInitializationOrder module list.

Read more: Harmony security

Posted via email from jasper22's posterous

Serious Apache Exploit Discovered

|
  An IT security company has discovered a serious exploit in Apache's HTTP web server, which could allow a remote attacker to gain complete control of a database. ZDNet reports the vulnerability exists in Apache's core mod_isapi module. By exploiting the module, an attacker could remotely gain system privileges that would compromise data security. Users of Apache 2.2.14 and earlier are advised to upgrade to Apache 2.2.15, which fixes the exploit.
  Note: according to the advisory, this exploit is exclusive to Windows

Read more: Slashdot

Posted via email from jasper22's posterous

Rapportive replaces Gmail ads with useful social information

|
There are a number of email plugins that look to give you contextual information about the person you're communicating with. The first one I tried (and arguably the best I've seen) is Xobni, an Outlook plugin.

There's now a similar plugin available for Gmail users called Rapportive. Rapportive replaces the ads you normally see in the right-hand sidebar with a profile of the person you're emailing with that is automatically generated by searching online services for your correspondent's email address. Rapportive is only available to users that are using either Firefox or Chrome as their browser, since Firefox and Chrome have a plugin architecture.

Read more: Downloadsquad
Download: Rapportive

Posted via email from jasper22's posterous

All The Oscar Nominated Animated Short Films

|
One of my favorite parts of the Oscars are the nominees for the animated short films. This year had an exceptional amount of great ones, so rather than just posting the winner, here are all the nominees. Enjoy.

Logorama
A Matter of Loaf and Death
French Roast
La dama y la muerte
(more..)

Read more: Buzzfeed

Posted via email from jasper22's posterous

Shamrocks Theme pack

|
Shamrockstheme.png


The Shamrocks theme brings to desktops a few wallpapers that are bound to resonate with Irish nationals more than with other users of Windows 7. As the theme’s label implies, the content features a lot of green and the shamrock, both symbols of Ireland. Saint Patrick's Day, also referred to as St. Paddy's Day or even Paddy's Day, is an annual celebration of Saint Patrick, without a doubt the most prominent patron saint of the island.

Historians claim that St. Patrick’s Day was celebrated well ahead of its introduction in the Catholic Church’s calendar, however, the event was a religious holiday at core for over two centuries after it was officially recognized by the church in the 17th century. Only in 1903 did St. Paddy's Day become a public holiday. At this point in time, March 17th is celebrated around the world in countries with citizens that have an Irish heritage, such as the US, Australia, Canada, etc.

Read more: The blog of Rob Margel - Windows Help
Download: MS Download

Posted via email from jasper22's posterous

Office 2010 Beta Resource Kit Technical Library in Compiled Help format

|
This downloadable CHM is a copy of content in the Office 2010 Beta Resource Kit technical library. The CHM is current as of the date above. For the latest information, see the technical library on the Web.

Read more: MS Download
Read onlie:

Posted via email from jasper22's posterous

Making Sense of CPU and GPU Model Numbers?

|
How do you make sense of the various model numbers or naming schemes for CPUs, graphics cards, and the related chipsets? All I want is something that will run Oblivion and output full 1080 video to a TV. Last time I built my own computer I just went to Pricewatch, made a few easy choices, and everything came to my door. Do I really have to research the differences among Core i5, Core 2 Duo, Pentium 4, Pentium D, Sempron, Athlon, Phenom ...? And that's just the processor. Is there a reference somewhere? In short, how do you buy a computer these days?

Read more: Slashdot

Posted via email from jasper22's posterous

Secret Shortcuts to Turn Off Windows Operating Systems

|
As you know in all Windows Operating Systems there are a lot of shortcuts which help you with your daily tasks. What you don’t know is that there are hidden, or at least little known shortcuts, which involve a sequence of keys that, if  individually pressed (meaning that you have to press the keys one at a time), turn off  and exit your computer right away.

Windows 7

   * Windows key, Right arrow, Enter

Windows Vista

   * Windows key, Right Arrow, Right Arrow, Right Arrow, u
   * Sleep Mode: Windows key, Right arrow, Enter

Windows XP

   * Windows key, u, u

Read more: web talk

Posted via email from jasper22's posterous

Comodo Dragon Internet Browser

|
browser.jpg

Fast and versatile Internet Browser based on Chromium, infused with Comodo's unparalleled level of Security

What makes Comodo Dragon THE Browser for the new decade?

The Comodo companies are innovative and prolific developers of online security and trust assurance solutions. The Comodo Dragon has taken the latest Chromium technology and beefed it up in the one way necessary to make it the optimum Browser to use on today's malware plagued Internet. – Superior Security and Privacy. Comodo Dragon not only gives you the complete compliment of features offered by Chromium (key features listed above), it also gives you Comodo's unsurpassed security and privacy features.
Comodo Dragon Security:

   * Has privacy enhancements that surpass those in Chromium's technology
   * Has Domain Validation technology that identifies and segregates superior SSL certificates from inferior ones
   * Stops cookies and other Web spies
   * Prevents all Browser download tracking to ensure your privacy

Read more: Comodo

Posted via email from jasper22's posterous

Hibernate, lazy loading and inheritance

|
A common problem with typecasting a lazy loaded entity to its child is a ClassCastException. This exception occurs because the dynamic created proxy implements the baseclass and has no knowledge about its subclasses.

Suppose we have a class B which extends A and a class C which has class A as a member as shown below.

public class A
{
   private Long id;
   private String name;
   public String getName() { return name; }
   public void setName(String name) { this.name = name; }
   public Long getId() { return id; }
}

public class B extends A
{
   private String somethingElse;
   public String getSomethingElse() { return somethingElse; }
   public void setSomethingElse(String something) { this.somethingElse = something; }
}

public class C
{
   private Long id;
   private A a;
   public A getA() { return a; }
   public void setA(A a) { this.a = a; }
   public Long getId() { return id; }
}

Read more: blog.smart-java.nl  

Posted via email from jasper22's posterous

Differences Between Visual Basic .NET and Visual C# .NET

|
Although there are differences between Visual Basic .NET and Visual C# .NET, both are first-class programming languages that are based on the Microsoft .NET Framework, and they are equally powerful. Visual Basic .NET is a true object-oriented programming language that includes new and improved features such as inheritance, polymorphism, interfaces, and overloading. Both Visual Basic .NET and Visual C# .NET use the common language runtime. There are almost no performance issues between Visual Basic .NET and Visual C# .NET. Visual C# .NET may have a few more "power" features such as handling unmanaged code, and Visual Basic .NET may be skewed a little toward ease of use by providing features such as late binding. However, the differences between Visual Basic .NET and Visual C# .NET are very small compared to what they were in earlier versions.

Read more: Java/J2EE,.Net,IBM Mainframes,DB2,CICS,JCL,VB and many other Languages and technologies
Download: Differences between Microsoft Visual Basic .NET and Microsoft Visual C# .NET" white paper package

Posted via email from jasper22's posterous

Reflection Studio

|
Reflection Studio is a development tool that encapsulate all my work around reflection, performance and WPF. It allows to inject performance traces into any NET software, get them back for analyse and reporting. Reflection Studio is a complete new re-write of my unfinished project NPerf at http://nperf.codeplex.com/.

Background

On my last project, I experienced that there was no software to test performance on mobiles for NET applications. The ones working on Winform or ASP.NET site have a high performance cost because they hook everything they need. So, I start this one having with a view to including in it all my work around reflection like assembly diagrams and code generation.

Read more: Codeplex

Posted via email from jasper22's posterous

What is JSON?

|
json-protocol.png

 JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

A JSON document is built on two structures:

   *     A collection of name/value pairs. In various languages, this is realized as an object, record, struct, dictionary, hash table, keyed list, or associative array.
   *     An ordered list of values. In most languages, this is realized as an array, vector, list, or sequence.

These are universal data structures as such all modern programming languages support them in one form or another.

Read more: Java4Learners

Posted via email from jasper22's posterous

ALTER INDEX ALL REBUILD behavior

|
I was asked a few questions about the behavior of using “ALTER INDEX ALL… REBUILD” and thought I would detail my answers here…  Quick background - using the ALL argument with ALTER INDEX REBUILD instead of naming a specific index allows you to specify all indexes associated with the table.

For example – in the below command I’m rebuilding all indexes for the HumanResources.Department table:

ALTER INDEX ALL ON HumanResources.Department REBUILD;

So I received a few questions on this topic which I’ll detail here – along with the query I used to “prove” out the answers (and if you find varying results in your own testing, I would like to hear about it):

Question: When using ALTER INDEX ALL – are all indexes rebuilt at the same time?
Answer: No.  Although individual index rebuilds can use parallelism, each rebuild is executed in a serial fashion.

Question: If I have a heap – does that get included too?


Read more: Joe Sack's SQL Server WebLog

Posted via email from jasper22's posterous

.Net, Native, P/Invoke marshaling just like magic… “Marshaling with C# Pocket Reference”

|
   Contents at a Glance

       * About the Author
       * Who should read this book?
       * Chapter 1: Introducing Marshaling
       * Chapter 2: Marshaling Simple Types
       * Chapter 3: Marshaling Compound Types
       * Chapter 4: Marshaling Arrays
       * Chapter 5: Marshaling Callbacks
       * Chapter 6: Memory Management
       * Chapter 7: Controlling the Marshaling Process
       * Appendix A: What about VB.NET
       * Where to Go Next
       * References
       * Figures
       * Code Listings
       * Glossary

   …”

I hate to say it, but I kind of suck at writing P/Invoke code. I just don’t do it enough, so end up cutting-n-pasting a good deal. sigh… I’ve been on the look out for a good Marshalling Guide for the Busy Dev Guy Guide and I think I’ve found it… :)

PDF/XPS version coming too…

Read more: Greg's Cool [Insert Clever Name] of the Day

Posted via email from jasper22's posterous

Setting Network Location to Private

|
The Network Location feature was introduced in Windows Vista. It provides an easy way to customize your firewall settings based on whether you trust or don’t trust the computers around you. There are three Network Location types - Private, Public and Domain. If your computer is a member of the domain then you won’t be able to change the Network Location type. If your computer is standalone or part of the workgroup, then you can choose what type of network location do you want - Public or Private. Private means that you are a member of the trusted network and you can lower your network security a little bit. Public means that you have no trust for the network outside, and you should not let your guard down.

The network location is per connection/network card. Every time a new connection is added - the dialog will appear, asking you to choose the network location type.

Setting the correct network location type is very important for Windows PowerShell Remoting. You cannot enable and use Windows PowerShell Remoting feature if you have Public connections on your machine. Vista provides a UI dialog for setting network location, but, unfortunately, there is no command-line utility for that. You can however do it with Windows PowerShell.

The API for setting network location type in vista is COM-based and we will show how to call this API from Windows PowerShell script:

Read more: Todd's World

Posted via email from jasper22's posterous

How the Windows built-in watchdog infrastructure can monitor performance counters and trigger alerts.

|
Introduction

Two built-in tools are available for systems administrators to perform detailed diagnostic analyses:

   * Performance monitor
   * Ressource monitor

These tools are part of the Microsoft Management Console (MMC) Snap-in named «Performance Monitor». The name of this snap-in has unfortunately changed. It used to be called «Reliability and Performance Monitor» (RPM), which better describes its purpose. Starting with Windows 7 this tool has been renamed «Performance Monitor» (PM). In this article I’ll stick with the RPM name!

Stop creating your own programs that run in the background in order to monitor and trigger other utilities to perform diagnose, performance and intrusion analyze. Start using the extended RPM infrastructure that already makes these watch-dogs mechanisms available.
Using RPM you can define complex criteria that can trigger any kind of action you define.

Programmatic interface to RPM

Performance Logs und Alerts (PLA) is a new interface to programmatically access the RPM. PLA is a collection of DCOM objects. As a programmatic interface to RPM, PLA exist since Windows Vista. PLA has been extended in Windows 7 and 2008. Using PLA you can do things that are not even possible with RPM.


Read more: Codeproject

Posted via email from jasper22's posterous

What Version of SQL Server Should I Use?

|
Thinking about running Windchill® 9.1 on SQL Server? Then you’ll want to know about versions and compatibility. Look no further.

Windchill® 9.1 supports Microsoft® SQL Server® 2005. You also need to choose the edition of SQL Server 2005 that you want to deploy. You do not want to deploy Express, Developer, or Workgroup editions because these are not designed for enterprise use. You need to deploy either Standard or Enterprise editions. You can compare the different editions of SQL Server 2005 here: Choose the Right Edition for Your Needs. The most important distinction is the number of CPUs on the box. Standard Edition only supports 4 processors, Enterprise supports unlimited CPUS. CPUs are counted as physical sockets, so two quad core that show up as 8 processors in your task manager, is really just 2 CPUs from the SQL Server licensing stand point.
Which Operating System?

Though the 32-bit standard edition of SQL Server 2005 will install on Windows Vista and Windows XP, we highly recommend that you install SQL Server on a server-based operating system—either Windows 2000, Windows Server 2003 or Windows Server 2008. There is no 64-bit version of SQL Server 2005, but it will install on a 64-bit version of the OS, under WOW64. You can find out more about version compatibility here: Hardware and Software Requirements for Installing SQL Server 2008

Read more: PTC Windchill on SQL Server

Posted via email from jasper22's posterous

5 мощнейших инструментов для работы с файлами *.chm

|
Друзья, сегодня речь пойдет о так называемых фалах справках, т.е. о файлах с расширением *.chm. Будь вы начинающий пользователь ПК или профессионал и опытный программист, в любом случае всем приходится сталкиваться с данными файлами. Только одни их исключительно читают, а другие еще и создают. Также помимо этого у некоторых людей возникает потребность в декомпиляции данных файлов, т.е. в их разборе, извлечения всего содержимого. Сегодня я решил привести вам 5 наиболее мощных инструментов для работы с данными файлами, т.е. для компиляции и декомпиляции *.chm. Возможно, о некоторых из них вы уже слышали, но все-таки я хочу напомнить про все наиболее полезные и сильные программы. Пробежимся вкратце по списку.

HTML Help Workshop
HTM2CHM
CHM Decoder
Chm4You!
OneClickHelp

Read more: Блог Зелёного Кактуса

Posted via email from jasper22's posterous

Measuring ASP.NET Performance Using Counters

|
Following is a list of performance counters I am usually taking to spot low hanging fruits when measuring ASP.NET performance:
Resource utilization

\.Processor\%Processor Time
\.NET CLR Memory(*)\Allocated Bytes/sec
\.NET CLR Memory(*)\% Time in GC
\.NET CLR Exceptions(*)\# of Exceps Thrown / sec
\.NET CLR Loading(*)\Current Assemblies
Throughput

\.NET CLR LocksAndThreads(*)\Contention Rate / sec
\.NET CLR LocksAndThreads(*)\Current Queue Length
\ASP.NET\Requests Queued
\ASP.NET\Request Wait Time
\ASP.NET\Requests Current
\ASP.NET Applications\Requests In Application Queue
\ASP.NET Applications\Pipeline Instance Count
\ASP.NET Applications\Requests Executing
\ASP.NET Applications\Requests/Sec
\Web Service\Current ISAPI Extension Requests
Response time

\ASP.NET\Request Execution Time
SQL Server
SQL Server: General Statistics\Logins/sec
SQL Server: General Statistics\Logouts/sec
SQL Server: General Statistics\User Connections

Detailed explanation about each counter and its significance can be found here: Chapter 15 — Measuring .NET Application Performance

Read more: Alik Levin's

Posted via email from jasper22's posterous

Netflow

|
NetFlow is a network protocol developed by Cisco Systems to run on Cisco IOS-enabled equipment for collecting IP traffic information. It is proprietary and supported by platforms other than IOS, such as Juniper routers, Linux or FreeBSD and OpenBSD.

Protocol description

Cisco routers that have the Netflow feature enabled generate netflow records; these are exported from the router in User Datagram Protocol (UDP) or Stream Control Transmission Protocol (SCTP) packets and collected using a netflow collector. Other vendors provide similar features for their routers but with different names:

   * Jflow or cflowd for Juniper Networks
   * NetStream for 3Com/H3C
   * NetStream for Huawei Technology
   * Cflowd for Alcatel-Lucent

[edit] NetFlow and IPFIX

Although initially implemented by Cisco, NetFlow is emerging as an IETF standard: Internet Protocol Flow Information eXport (IPFIX). Based on the NetFlow Version 9 implementation, IPFIX is the industry standard with RFC5101, RFC5102, etc. Network infrastructure vendors are already adding IPFIX support to their devices.

Read more: Wikipedia

Posted via email from jasper22's posterous

Remotely-Triggered Black Hole (RTBH) Routing

|
Remotely-Triggered Black Hole (RTBH) routing is an interesting application of BGP as a security tool within service provider networks. One common use is mitigation of distributed denial of service (DDoS) attacks, as this article will explore.

Pictured below is a (very) simplified service provider architecture.

RTBH.png

Routers 1 through 4 compose the network core, and router 9 functions as a standalone "management" router for route injection. OSPF is running across the core to exchange internal routes. Each router in this core square also maintains an iBGP adjacency with the other core routers, and with router 9. The server at 172.16.10.100 represents the target of a DDoS attack.

Assume a DDoS attack is launched from the public Internet toward the customer server at 172.16.10.100. The throughput consumed is so excessive that the attack is impacting the entire internal infrastructure and must be blocked at the edge. Due to the distributed nature of the attack, we must block at the edge all inbound traffic destined for the victim. Rather than resorting to laborious and error-prone access lists, we can utilize BGP and RTBH to quickly achieve the desired result.

Read more: PacketLife.net

Posted via email from jasper22's posterous

Satoshi Minakawa

| Tuesday, March 9, 2010

Debugging unknown termination of adplusmanager.exe

|
With the latest release of debugging tools (6.12.0002.633) comes AdplusManager.exe  ,which is in managed code.  The adplusmanager.exe is a tool to manage multiple instance of adplus running across in different machines. Essentially a Master to control different slaves.  I will blog about the usage of this in a future post.

When I tried to start the AdplusManager.exe from the command line , nothing happened. My guess was if I didn’t enter any command line parameters , the tool should come up with the help text in the command line, similar to rest of command line tools I have used from MS. The next option I tried was  “AdplusManager.exe HELP” and there wasn’t any output. Surprisingly I went back to the documentation to look for command line parameters , which I never do, because I expect the tool to provide me with options. After reading the documentation for the parameters , the next option I tried was “D:\Program Files\Debugging Tools for Windows (x64)\adplusmanager.exe” GUI and nothing happened.  The only choice was to launch adplusmanager.exe using Windbg.

Because it was failing on the startup of the application ,I had set a load break-point when mscorwks was loaded in to the process , So that I can load sos after CLR is  loaded.
sxe -c ".loadby sos mscorwks;g" ld:mscorwks

And then setup a break-point on CLR exception , to dump the call stack and exception information
sxe -c "!clrstack;!pe" clr

Read more: Naveen's Blog

Posted via email from jasper22's posterous

Fix: Can’t Change or Remove Visual Studio 2008 from DVD

|
image_9.png

If you installed Visual Studio 2008 on a 64-bit operating system, you may have trouble when you try ad add or remove functionality by inserting the disk (or remounting the ISO image).  I believe this is because of the path used to install the 32-bit Visual Studio program.

Read more: Steve Smith

Posted via email from jasper22's posterous

10 sql tips to speed up your database

|
On most websites, content is stored in a database and served to visitors upon request. Databases are very fast, but there's lots of things that you can do to enhance its speed and make sure you won't waste any server resources. In this article, I have compiled 10 very useful tips to optimize and speed up your website database.

Design your database with caution

This first tip may seems obvious, but the fact is that most database problems come from badly-designed table structure.
For example, I have seen people storing information such as client info and payment info in the same database column. For both the database system and developers who will have to work on it, this is not a good thing.
When creating a database, always put information on various tables, use clear naming standards and make use of primary keys.
Source: http://www.simple-talk.com/sql/database-administration/ten-common-database-design-mistakes/

Know what you should optimize
The fastest query… Is the one you don’t send
Don’t select what you don’t need
(more...)

Read more: Jean-Baptiste Jung

Posted via email from jasper22's posterous

AMD providing ‘affordable’ DMM package

|
Two new physics engine bundles made available to developers

AMD announced today that it is providing game developers with the latest version of partner Pixelux’s Digital Molecular Matter (DMM) physics simulation.

DMM was regarded as a ‘key technology’ when it was made available for licensing in 2008, having impressed in LucasArts’ Star Wars: The Force Unleashed.

AMD will now be sponsoring Free DMM2 for the PC. This version has no DMM development or production deployment license fee and includes all of the features of DMM. AMD claim it will be made accessible to interested developers shortly.

Read more: develop

Posted via email from jasper22's posterous

Add Google Buzz Button on Blogger

|
now you can use google Buzz buttons to share your ideas , pics, videos, and many more just like the twitter does,here is my post on how to add twitter button on your site or blog.the same you can add it for your google buzz basically if u search on google you get the lots of search on how to add google buzz button on Word-press blog, its very easy to do so you need to download the plugin and install it on your server that's it. but now u can use same on blogger too ,
Please follow the steps to add the Google buzz button

1.   Sign in on your blogger account
2.   Go to Dashboard section - Layout and click on Edit HTML
3.   and it will show you HTML code , now try to search the keyword

  <div class='post-header-line-1'>

on it,

4.   Now below that you can paste this code , google buzz provides you two button one is bigger one just like this and smaller one too , here is code for large button

<a href='javascript:var%20b=document.body;var%20GR________bookmarklet_domain="http://www.google.com";if(b&&!document.xmlVersion){void(z=document.createElement("script"));void(z. src="http://www.google.com/reader/ui/link-bookmarklet.js" );void(b.appendChild(z));}else{}'> <img alt='Buzz this' src='http://img2.pict.com/15/da/3e/2809374/0/googlebuzz.png'/> </a>

Read more: Coding Stuffs

Posted via email from jasper22's posterous

1024-bit RSA encryption cracked by carefully starving CPU of electricity

|
Since 1977, RSA public-key encryption has protected privacy and verified authenticity when using computers, gadgets and web browsers around the globe, with only the most brutish of brute force efforts (and 1,500 years of processing time) felling its 768-bit variety earlier this year. Now, three eggheads (or Wolverines, as it were) at the University of Michigan claim they can break it simply by tweaking a device's power supply. By fluctuating the voltage to the CPU such that it generated a single hardware error per clock cycle, they found that they could cause the server to flip single bits of the private key at a time, allowing them to slowly piece together the password. With a small cluster of 81 Pentium 4 chips and 104 hours of processing time, they were able to successfully hack 1024-bit encryption in OpenSSL on a SPARC-based system, without damaging the computer, leaving a single trace or ending human life as we know it. That's why they're presenting a paper at the Design, Automation and Test conference this week in Europe, and that's why -- until RSA hopefully fixes the flaw -- you should keep a close eye on your server room's power supply.

Read more: engadget

Posted via email from jasper22's posterous

SQL SERVER – Improve Performance by Reducing IO – Creating Covered Index

|
This blog post is in the response of the T-SQL Tuesday #004: IO by Mike Walsh. The subject of this month is IO. Here is my quick blog post on how Cover Index can Improve Performance by Reducing IO.

Let us kick off this post with disclaimers about Index. Index is a very complex subject and should be exercised with experts. Too many indexes, and in particular, too many covering indexes can hamper the performance. Again, indexes are very important aspect of performance tuning. In this post, I am demonstrating very limited capacity of Index. We will create covering index for query and see how its performance improves as IO reduces. Please note that do not run this scripts on production server as they contain DBCC commands which can create performance issues. This script is created for demo purpose only.

Let us run the following query and see the DBCC outcome along with the enabling of actual execution plan. Estimated Execution plan may work but I have used actual execution plan in this demo.

USE [AdventureWorks]
GO
SET STATISTICS IO ON
GO
-- Clean the buffers
-- Do not run these DBCC on production server
DBCC FREEPROCCACHE
DBCC DROPCLEANBUFFERS
GO
-- Run Select Statement
SELECT ProductID, ProductNumber, Color
FROM Production.Product
WHERE ProductID < 500
GO

The result of the statistics is as follows.

Read more: Journey to SQL Authority with Pinal Dave

Posted via email from jasper22's posterous

Extended Generic Collection From Absolute Zero

|
Introduction

I decided to try my hand at a custom generic collection class, and started looking into the implementations of the generic collection classes, such as List<T> or the interfaces like ICollection<T>. But while what I found as I went along was useful information, ultimately one question rose above all others as I looked at example after example of simple and complex implementations of CollectionBase or ICollection<T> that at its core just wrapped an ArrayList or List<T> internally, which to me defeats the purpose of implementing a baser class or interface in the first place. If you could write a class that wraps a List<T> successfully why bother with implementing ICollection or IList if you could just put a List<T> in your class? What if I didn't want to wrap an existing structure that is more advanced than the more primitive interfaces I was considering? What options are there?

Background

Eventually I ended up with my own collection class, which I think could still be useful even in the age of 3.0 - HashSet<T> is a speedy unique-value list that can beat my collection on Contains checks for unique values but it relies on being unique and cannot sort, and List<T> is slightly faster than my collection on Sorts, but not by much. Neither one still natively provide a single-value sorted unique-value list. (See Benchmarks near the end for actual numbers)

Even if it is rendered obsolete by extending a List<T> to add a Unique function, I think it's still good information to know, I had never broken down a collection to this level before and picked up a few new concepts.

Read more: Codeproject

Posted via email from jasper22's posterous

BranchCache Distributed Cache Mode Step by Step Guide

|
BranchCache is a wide area network (WAN) bandwidth optimization technology that is included in some editions of the Windows Server® 2008 R2 and Windows® 7 operating systems. To optimize WAN bandwidth, BranchCache copies content from your main office content servers and caches the content at branch office locations, allowing client computers at branch offices to access the content locally rather than over the WAN. This step-by-step guide provides instructions on how to deploy BranchCache in distributed cache mode in a test lab environment. To perform the steps in this guide, you need one computer that is running Windows Server 2008 R2 and three computers that are running either Windows® 7 Enterprise or Windows® 7 Ultimate.

Read more: MS Download

Posted via email from jasper22's posterous

Security Database Tools Watch

|
Here is the site's newsletter "Security Database Tools Watch" ( http://www.security-database.com/toolswatch ).

We also announce the update of the Free Security-Database IT vulnerability and Threats Dashboard ( http://www.security-database.com/toolswatch/Security-Database-Vulnerability,1051.html ).

SecTechno ( http://www.sectechno.com/ ) the excellent blog that publishes articles and whitepapers on a variety of IT security topics has also released a nice paper on our Dashboards - Block new emerging threats with Security-Database - ( http://www.sectechno.com/2010/02/23/block-new-emerging-threats-with-security-database/ )

Link: http://www.security-database.com/toolswatch

Posted via email from jasper22's posterous

CORE IMPACT

|
CORE IMPACT security testing software solutions provide a comprehensive approach to assessing organizational readiness in the face of real-world IT threats. Our products and services enable customers to move beyond security point solutions to proactively expose vulnerabilities, measure operational risk, and assure security effectiveness across diverse information systems. As a result, they gain actionable data that enables them to better secure their sensitive information assets and critical technology infrastructure throughout their organizations.

Read more: CORE IMPACT

Posted via email from jasper22's posterous

Software project

| Monday, March 8, 2010

Run Your Tests With Any NUnit Version

|
I always thought that the NUnit test runners and the test assemblies need to reference the same NUnit.Framework version. I wanted to be able to run my test assemblies with the newest GUI runner (currently 2.5.3). Ok so all I need to do is to reference both NUnit versions the newest one and the official for the current project. There is a nice article form Kent Bogart online how to reference the same assembly multiple times with different versions. The magic works by referencing one NUnit assembly with an alias which does prefix all types inside it. Then I could decorate my tests with the TestFixture and Test attribute from both NUnit versions and everything worked fine except that this was ugly. After playing a little bit around to make it simpler I found that I did not need to reference both NUnit.Framework assemblies. The test runners do not require the TestFixture and Test attribute in their specific version. That is really neat since the test runners are instructed by attributes what to do in a declarative way there is really no need to tie the runners to a specific version. At its core NUnit has this little method hidden to find matching TestFixtures and Tests

public bool CanBuildFrom(Type type)
{
   if (!(!type.IsAbstract || type.IsSealed))
   {
       return false;
   }


   return (((Reflect.HasAttribute(type,           "NUnit.Framework.TestFixtureAttribute", true) ||

             Reflect.HasMethodWithAttribute(type, "NUnit.Framework.TestAttribute"       , true)) ||

             Reflect.HasMethodWithAttribute(type, "NUnit.Framework.TestCaseAttribute"   , true)) ||

             Reflect.HasMethodWithAttribute(type, "NUnit.Framework.TheoryAttribute"     , true));
}

That is versioning and backwards compatibility at its best. I tell NUnit what to do by decorating my tests classes with NUnit Attributes and the runner executes my intent without the need to bind me to a specific version. The contract between NUnit versions is actually a bit more complex (think of AssertExceptions) but this is also handled nicely by using not the concrete type but simply to check for the catched exception type by string.

Read more: Alois Kraus

Posted via email from jasper22's posterous

Subversion Open Source Support

|
Many large organizations recognize the value of open source solutions such as Subversion, but require the security provided by a commercial software vendor’s support contract. With core developers from the project on staff and solutions that support the world’s largest Subversion implementations, WANdisco is uniquely qualified to deliver the enterprise-class support services that these organizations expect to eliminate the risks of implementing an open source solution such as Subversion from both a business continuity as well as a legal perspective. We offer indemnification coverage that protects our customers from intellectual property claims that can arise from the use of open source software.

WANdisco offers four levels of Subversion support: Silver, Gold, Platinum and Platinum Plus. See the table below and read why you should choose WANdisco for your Subversion support.

Read more: WANdisco

Posted via email from jasper22's posterous

Nominees & Winners for the 82nd Academy Awards

|
Actor in a Leading Role ................................. Jeff Bridges in “Crazy Heart”
Actor in a Supporting Role ............................. Christoph Waltz in “Inglourious Basterds”
Actress in a Leading Role .............................. Sandra Bullock in “The Blind Side”
Actress in a Supporting Role .......................... Mo’Nique in “Precious: Based on the Novel ‘Push’ by Sapphire”
Animated Feature Film .................................. “Up” Pete Docter
Art Direction ................................................. “Avatar” Art Direction: Rick Carter and Robert Stromberg; Set Decoration: Kim Sinclair
Cinematography ............................................ “Avatar” Mauro Fiore
Costume Design ........................................... “The Young Victoria” Sandy Powell
Directing ...................................................... “The Hurt Locker” Kathryn Bigelow
Documentary (Feature) ................................... “The Cove” Louie Psihoyos and Fisher Stevens
Documentary (Short Subject) .......................... “Music by Prudence” Roger Ross Williams and Elinor Burkett
Film Editing .................................................. “The Hurt Locker” Bob Murawski and Chris Innis
Foreign Language Film ................................... “The Secret in Their Eyes (El Secreto de Sus Ojos)” Argentina
Makeup ........................................................ “Star Trek” Barney Burman, Mindy Hall and Joel Harlow
Music (Original Score) ................................... “Up” Michael Giacchino
Music (Original Song) .................................... “The Weary Kind (Theme from Crazy Heart)” from “Crazy Heart” Music and Lyric by Ryan Bingham and T Bone Burnett
Best Picture .................................................. “The Hurt Locker” Kathryn Bigelow, Mark Boal, Nicolas Chartier and Greg Shapiro, Producers
Short Film (Animated) .................................... “Logorama” Nicolas Schmerkin
Short Film (Live Action) ................................. “The New Tenants” Joachim Back and Tivi Magnusson
Sound Editing ............................................... “The Hurt Locker” Paul N.J. Ottosson
Sound Mixing ................................................ “The Hurt Locker” Paul N.J. Ottosson and Ray Beckett
Visual Effects ............................................... “Avatar” Joe Letteri, Stephen Rosenbaum, Richard Baneham and Andrew R. Jones
Writing (Adapted Screenplay) ......................... “Precious: Based on the Novel ‘Push’ by Sapphire” Screenplay by Geoffrey Fletcher
Writing (Original Screenplay) .......................... “The Hurt Locker” Written by Mark Boal


Read more: Oscar

Posted via email from jasper22's posterous

Windows 7 Life Theme

|
Download-Free-Windows-7-Life-Theme-5.jpg


   The latest Windows 7 theme made available by the Redmond company is titled Life, and comes courtesy of the Discovery channel and BBC. The theme pack in question is available for download, as many others, free of charge via the Windows Personalization Gallery, the company’s central hub for offering themes designed to allow customers to customize their Windows 7 desktops.

“Bizarre, beautiful nature from Discovery Channel,” the short description of the Life theme, which will leave users with a feeling that the images should have been accompanied by more information, reads. Of course, the same is not the case with many themes on the Windows Personalization Gallery, but this specific example feels like it needs the added touch of the Bing wallpaper hotspots.

Download:  Windows 7 Life Theme

Posted via email from jasper22's posterous

Facebook Founder Accused of Hacking Into Rivals' Email

|
An anonymous reader notes a long piece up at BusinessInsider.com accusing Facebook founder Mark Zuckerberg of hacking into the email accounts of rivals and journalists. The CEO of the world's most successful social networking website was accused of at least two breaches of privacy. In a two-year investigation detailing the founding of Facebook, Nicholas Carlson, a senior editor at Silicon Alley Insider, uncovered what he claimed was evidence of the hackings in 2004. "New information uncovered by Silicon Alley Insider suggests that some of the complaints [in a court case ongong since 2007] against Mark Zuckerberg are valid. It also suggests that, on at least one occasion in 2004, Mark used private login data taken from Facebook's servers to break into Facebook members' private email accounts and read their emails — at best, a gross misuse of private information. Lastly, it suggests that Mark hacked into the competing company's systems and changed some user information with the aim of making the site less useful. ... Over the past two years, we have interviewed more than a dozen sources familiar with aspects of this story — including people involved in the founding year of the company. We have also reviewed what we believe to be some relevant IMs and emails from the period. Much of this information has never before been made public. None of it has been confirmed or authenticated by Mark or the company." The single-page view doesn't have its own URL; click on "View as one page" near the bottom.

Read more: Slashdot

Posted via email from jasper22's posterous

More Google Buzz Tips, Resources, Extensions, and Icons to Keep You Buzzed.

|
Google Buzz’s launch week is about to come to a close. And with that, we’re going to start seeing just how buzzed people are about it. But just in case you’re not buzzed yet, here’s a quick round up of the best tricks, resources, and tutorials that have sprung up in the last few days.

Extensions: Wordpress Integration
Extension: Widget for Anyone
Resource: Verify Your Buzz Profile
Resource: Keyboard Shortcuts – Google Buzz Cheat Sheet
Resource: Integrate Facebook, Twitter, & Buzz into Your Gmail
(more...)

Read more: aext.net

Posted via email from jasper22's posterous

Visual Studio Background Customizer

|
17676

Allows users to customize the Visual Studio 2010 background.

There were a couple of reports of default Visual Studio's background flickering on LCD monitors because of the texture it uses. While I suspect those problems are caused by video card drivers and/or the monitors not supoprting properly the vertical refresh rate, I decided to implement this extension that will allow users to customize or replace the default Visual Studio's background texture.

Another situation where customizing the background may come in handy is for distinguishing easier between the running instances of Visual Studio and the Visual Studio Experimental (if you're using Visual Studio SDK to create your own pacakges/extensions).

With this extension you will be able to :

   * use your own image for the background, either tiled or not.
   * use a solid color texture for background
   * use a transparent/empty texture for a gradient background
   * use one of the pre-defined textures or create your own texture

Read more: Visual Studio Gallery

Posted via email from jasper22's posterous

Visual Studio Color Theme Editor

|
16812

Allows users to customize the Visual Studio 2010 color palette used for menus, toolbars, tabs, title bars, and other environment colors.  A detailed walkthrough describing all of the features is available here: http://blogs.msdn.com/visualstudio/archive/2010/01/04/changing-visual-studio-s-color-palette.aspx

   * Apply color themes.  The Theme menu lists your currently-installed themes and lets you quickly change themes.
   * Edit themes.  There are several features which make it easy to quickly create new themes or edit existing themes.
         o Modify hue, saturation, and lightness of multiple colors. The Modify Hue/Saturation/Lightness option lets you saturate/desaturate or lighten/darken each selected color, or rotate the hues of each color. The Colorize option lets you apply a single hue to all of the selected colors.
         o Copy and paste colors.  By selecting one or more colors in the Customize Colors dialog, you can copy the color’s values.  In the clipboard, these values are stored as as hex RGB values in a comma-delimited string.  You can then paste the values into multiple other color “cells”.  I call them “cells” because copying and pasting behaves the same way that Excel behaves when copying and pasting cell values.  You can even copy a single color, select multiple cells, and paste that single value into all selected cells with one operation.
         o Undo and redo changes.  Any of the operations you take while the Customize Colors dialog is open can be undone and redone while the dialog is open.

Read more: Visual Studio Gallery

Posted via email from jasper22's posterous

End of support for Windows XP with Service Pack (SP2) and Windows Vista without service packs

|
So if you are running either Windows Vista with no service packs or Windows XP with SP2 then read on.

   * Support for Windows Vista without any service packs will end on April 13, 2010.
   * Support for Windows XP with Service Pack 2 (SP2) will end on July 13, 2010.

If you're running one of these versions after support ends, you won't get security updates for Windows.

   “ An unsupported version of Windows will no longer receive software updates from Windows Update. These include security updates that can help protect your PC from harmful viruses, spyware, and other malicious software, which can steal your personal information. Windows Update also installs the latest software updates to improve the reliability of Windows—new drivers for your hardware and more” read more

For more info see  End of support for Windows XP with Service Pack (SP2) and Windows Vista without service packs which has information about how you can help you find out what you are running

I highly recommend that you should always install the latest service packs from Microsoft for your version of Windows. You can download and install these through Windows Update.


Read more: The blog of Rob Margel - Windows Help

Posted via email from jasper22's posterous

Getting started with Fake Objects

|
If you’ve been writing unit tests for a short while you might have noticed that writing good unit tests is hard. The object under test can be hard to create because it require dependencies that you just cannot provide or some complicated environment is needed just to make the test pass.

When writing a unit test one of the challenges is how to code around the dependencies of the object of his test. In other words – how to isolate the code under test from external dependencies.
Fake, Stubs and Mocks

There is a difference – at least for some people - between mocks, stubs and fakes. for the purpose of this post and every unit test you will ever write – it does not really matters.

Some mocking framework have the distinction between these types of objects and for the sake of terminology (which some people seem to like) I’ll explain the difference between the two:

   * Stubs are used to replace an object that your object depends on
   * Mocks are used to verify that happened to that object (while faking some, all or none of it’s calls)

In a nutshell you do not care what happens to the stub during the test, but you do want to know something about the interaction between objects when you’re using a mock.

For a short (and good) explanation of mocks take a look at Roy Osherove’s mock objects elevator speech.

I prefer to simply call them “fakes”, because unless the tool I’m using forces me to differentiate between them – I don’t really care what they are as long as I write a good unit test.
When to use Fake objects

If you need to simulate the behavior of a complex or hard to create object – use fake object.

There are other good reasons for faking an object:

   * Make the test deterministic – unit tests should have the same result each time you run them. If your object returns a non deterministic value that would change each time you run the test, by faking that class behavior you can make it return the same value each and every time.
   * Hard to set up environment – if you need a database (with specific data), a server or similar components for the test to pass.
   * When objects do not yet exist – during development you cannot rely on all of the objects you need to be when you need them. You might need another class that was not written yet or some algorithm that was not implemented yet.
   * Difficult to reproduce state – e.c. you need to check what happens when your client receives a network error while calling its server.

Fake objects are used to isolate your code from external dependencies. You can write your own (called hand rolled mocks/fakes) but there is no reason to reinvent the wheel – there are isolation frameworks for most mainstream languages – check Wikipedia’s list of mock object frameworks for your language of choice.

Read more: Helper Code Part 1, Part 2

Posted via email from jasper22's posterous