In September 2007, we have published an article about a great disease that affected tens of Windows security products. The article called Plague in (security) software drivers revealed awful quality of kernel mode drivers installed by all the major desktop security products for Windows. The revealed problems could cause random system crashes, freezes and in some cases more severe security issues. Today, we reveal even more serious problem of the Windows desktop security products that can be exploited to bypass a big portion of security features implemented by the affected products. The protection implemented by kernel mode drivers of today's security products can be bypassed effectively by a code running on an unprivileged user account. If you ever heard of SSDT hooks or similar techniques to implement various security features such as products' self-defense, we will show you how to bypass the protection easily. Read more: matousec.com
Vbootkit 2.0 is now open-source ( under GPL license)
|
Vbootkit 2.0 has now been made open-source under GPL license.Vbootkit 2.0 currently only works on Windows 7 ( x64 edition ).Read more: Vbootkit
Ubuntu 10.04 Hit By Major Bug; ISOs Now Being Re-Spun
|
While Ubuntu 10.04 LTS is scheduled for release today, development of this "Lucid Lynx" release has not been as optimal as many would have liked. There had been many upset over Lucid's use of the Linux 2.6.32 kernel rather than the newer 2.6.33 release and the extensive back-porting that has went on, among other items to cause concern for some users. Last week they were then hit by a serious memory leaking issue within the X.Org Server, which fortunately has now been fixed in time for the release. But now we are onto a new issue. Rather than the Canonical crew and Ubuntu developers around the world spending today celebrating the release of Ubuntu 10.04 LTS, they are busy re-spinning some of the ISOs due to a new "critical" bug. Bug #570765 came up earlier this week and it's bringing up the fact that when installing Ubuntu 10.04 LTS on a system with another operating system present, GRUB2 will not show the other operating system once installed for the dual/multi-boot system. It doesn't matter whether the other operating system is Microsoft Windows or another Linux installation, but the GRUB2 boot-loader doesn't offer you the option to boot that OS, just Ubuntu. The partition(s) of the other operating system(s) are not being destroyed and the menu entries for GRUB can be re-generated using update-grub. To address this issue, Canonical engineers were just going to add to the Ubuntu 10.04 documentation a note about this and to run the aforementioned command to fix the boot-loader. They've also been planning to release a zero-day Linux kernel update for Ubuntu Lucid, which would address the issue too by automatically rebuilding the GRUB entries upon installation of the new kernel. A GRUB2 update, which would also rebuild the entries, is also in the queue for being pushed out into the Lucid repository upon its release. Just hours ago, however, it's been decided to take the best and safest course of action -- to re-spin the ISOs. However, as it would take two days to re-spin all of the ISOs, which would then push the release into May (Ubuntu 10.05 LTS?), they have decided to just re-spin select ISOs. Read more: Phoronix
PostgreSQL 9.0 Beta 1 Now Available
|
he first beta release of PostgreSQL version 9.0 is now available. Version 9.0 is the first version of PostgreSQL to include built-in real-time binary database replication with query scale-out, consisting of two features, "hot standby" and "streaming replication". Combined with its other major features, this release will expand adoption of PostgreSQL by new users and in new types of applications. This release is a beta version. This means that it is expected to have bugs, issues, and missing documentation. 9.0 beta is being released so
that our users will find those issues and allow eliminating them before the final release. The PostgreSQL Global Development Group requests that all users download and test version 9.0 to help us produce a timely and trouble-free 9.0 release. In version 9.0, a large number of new features will allow developers and DBAs to broaden their use of PostgreSQL, including:New binary replication
64-bit support on Windows
Improved LISTEN/NOTIFY allows fast internal database event messaging
Anonymous procedure blocks with the DO statement
Conditional and SQL-compliant per-column triggers
Support for Python 3 in in PL/Python and numerous PL/Perl improvements
Uniqueness constraints for non-scalar data (exclusion constraints)
Improved key-value data support
Automatic join removal, optimizing for ORM-generated queriesThe full list of over 200 changes is available in the release notes.Read more: PostgreSQL
that our users will find those issues and allow eliminating them before the final release. The PostgreSQL Global Development Group requests that all users download and test version 9.0 to help us produce a timely and trouble-free 9.0 release. In version 9.0, a large number of new features will allow developers and DBAs to broaden their use of PostgreSQL, including:New binary replication
64-bit support on Windows
Improved LISTEN/NOTIFY allows fast internal database event messaging
Anonymous procedure blocks with the DO statement
Conditional and SQL-compliant per-column triggers
Support for Python 3 in in PL/Python and numerous PL/Perl improvements
Uniqueness constraints for non-scalar data (exclusion constraints)
Improved key-value data support
Automatic join removal, optimizing for ORM-generated queriesThe full list of over 200 changes is available in the release notes.Read more: PostgreSQL
Here's The First Screenshot Of The Linux Steam Client
|
Less than two weeks ago we reported on the Mac OS X Steam client confirming the existence of a Linux client and then found more Linux references too. We then found the unreleased Steam Linux binaries that were under active development. Some still didn't believe the existence of a Steam client for Linux with Source Engine support, but it's something we have said for nearly two years based upon our sources and then the emergence of these binaries. These Linux binaries didn't successfully run, but now some independent users managed to get the first Steam client window to appear. Below is the first screenshot of the Steam Linux client provided to us by a Phoronix reader known as Kame. Read more: Phoronix
A wireframe kit for Google Drawings and 5 reasons it beats Omnigraffle and Visio
|
I’ve been playing around with the newest addition to Google Docs, Google Drawings, and I’m quite liking it. I tried drawing a few diagrams and even a wireframe, and it turns out the basic drawing interactions are just as good – in some cases even better – than what I’m used to in Omnigraffle and Fireworks. Read more: Morten Just
10 Reasons To Delete Your Facebook Account
|
This work is licensed under a Creative Commons License. It was originally published on the author's blog.
After some reflection, I've decided to delete my account on Facebook. I'd like to encourage you to do the same. This is part altruism and part selfish. The altruism part is that I think Facebook, as a company, is unethical. The selfish part is that I'd like my own social network to migrate away from Facebook so that I'm not missing anything. In any event, here's my "Top Ten" reasons for why you should join me and many others and delete your account. 10. Facebook's Terms Of Service are completely one-sided. Let's start with the basics. Facebook's Terms Of Service state that not only do they own your data (section 2.1), but if you don't keep it up to date and accurate (section 4.6), they can terminate your account (section 14). You could argue that the terms are just protecting Facebook's interests, and are not in practice enforced, but in the context of their other activities, this defense is pretty weak. As you'll see, there's no reason to give them the benefit of the doubt. Essentially, they see their customers as unpaid employees for crowd-sourcing ad-targeting data. 9. Facebook's CEO has a documented history of unethical behavior. From the very beginning of Facebook's existence, there are questions about Zuckerberg's ethics. According to BusinessInsider.com, he used Facebook user data to guess email passwords and read personal email in order to discredit his rivals. These allegations, albeit unproven and somewhat dated, nonetheless raise troubling questions about the ethics of the CEO of the world's largest social network. They're particularly compelling given that Facebook chose to fork over $65M to settle a related lawsuit alleging that Zuckerberg had actually stolen the idea for Facebook. 8. Facebook has flat out declared war on privacy. Founder and CEO of Facebook, in defense of Facebook's privacy changes last January: "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time." More recently, in introducing the Open Graph API: "... the default is now social." Essentially, this means Facebook not only wants to know everything about you, and own that data, but to make it available to everybody. Which would not, by itself, necessarily be unethical, except that ...
Read more: Business Insider
After some reflection, I've decided to delete my account on Facebook. I'd like to encourage you to do the same. This is part altruism and part selfish. The altruism part is that I think Facebook, as a company, is unethical. The selfish part is that I'd like my own social network to migrate away from Facebook so that I'm not missing anything. In any event, here's my "Top Ten" reasons for why you should join me and many others and delete your account. 10. Facebook's Terms Of Service are completely one-sided. Let's start with the basics. Facebook's Terms Of Service state that not only do they own your data (section 2.1), but if you don't keep it up to date and accurate (section 4.6), they can terminate your account (section 14). You could argue that the terms are just protecting Facebook's interests, and are not in practice enforced, but in the context of their other activities, this defense is pretty weak. As you'll see, there's no reason to give them the benefit of the doubt. Essentially, they see their customers as unpaid employees for crowd-sourcing ad-targeting data. 9. Facebook's CEO has a documented history of unethical behavior. From the very beginning of Facebook's existence, there are questions about Zuckerberg's ethics. According to BusinessInsider.com, he used Facebook user data to guess email passwords and read personal email in order to discredit his rivals. These allegations, albeit unproven and somewhat dated, nonetheless raise troubling questions about the ethics of the CEO of the world's largest social network. They're particularly compelling given that Facebook chose to fork over $65M to settle a related lawsuit alleging that Zuckerberg had actually stolen the idea for Facebook. 8. Facebook has flat out declared war on privacy. Founder and CEO of Facebook, in defense of Facebook's privacy changes last January: "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time." More recently, in introducing the Open Graph API: "... the default is now social." Essentially, this means Facebook not only wants to know everything about you, and own that data, but to make it available to everybody. Which would not, by itself, necessarily be unethical, except that ...
Read more: Business Insider
GQueues is A Google-Oriented Task Manager
|
By itself, task manager GQueues is pretty handy—a list-oriented task manager with sub-tasks, due dates, assignments, tagging, and other neat features. But its integration with Google sign-in, Calendar, and Google Apps make it more than just another to-do app. Not everything that GQueues offers is free, as email/SMS reminders, task assignments, and the advanced Calendar integration require a $25/year subscription (though there's a two-week trial to see if they're needed). Even on its free terms, though, GQueues is a nice-looking app that uses Google OAuth sign-in, so you don't give it your password and yet don't have to create a new password. You create tasks, sub-tasks, notes, and tags on to-do items in a familiar fashion, and can also share those tasks with others, embed them in a public or private web page, and move items around in priority order using drag and drop. Read more: Lifehacker
Wireshark 1.2.8, 1.0.13, and 1.3.5 Released
|
Wireshark 1.2.8 (stable), 1.0.13 (old stable), and 1.3.5 (development) have been released. Installers for Windows, Mac OS X 10.5.5 and above (Intel and PPC), and source code is now available.In 1.2.8
A security-related bug in the DOCSIS dissector has been fixed. See the advisory for details.Several user interface bugs have been fixed. Bugs in the HTTP, TCP, and SSL dissectors have been fixed. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.2.8 release notes.In 1.0.13
A security-related bug in the DOCSIS dissector has been fixed. See the advisory for details.For a complete list of changes, please refer to the 1.0.13 release notes. In 1.3.5
More improvements have been made to the new packet list code.Official releases are available right now from the download page.Read more: Wireshark
A security-related bug in the DOCSIS dissector has been fixed. See the advisory for details.Several user interface bugs have been fixed. Bugs in the HTTP, TCP, and SSL dissectors have been fixed. Many other bugs have been fixed. For a complete list of changes, please refer to the 1.2.8 release notes.In 1.0.13
A security-related bug in the DOCSIS dissector has been fixed. See the advisory for details.For a complete list of changes, please refer to the 1.0.13 release notes. In 1.3.5
More improvements have been made to the new packet list code.Official releases are available right now from the download page.Read more: Wireshark
Microsoft .Net Libraries Not Acting "Open Source"
|
Three years ago, with much fanfare, Microsoft announced it would make some of the .Net libraries open source using the Microsoft Reference License. Since then Microsoft has reneged on its promise. The reference code site is dead, the blog hasn't been updated in a year and a half, and no one from Microsoft responds to questions on the forum. Read more: Slashdot
Techonomy 2010 וידאו: Omek Interactive
|
מאז יוני שנה שעברה, כל העולם מדבר על הדור הבא של בקרי השליטה, או שמא נאמר, העולם שללא בקרי השליטה. מאז החשיפה של פרויקט נאטאל על-ידי מיקרוסופט בתערוכת E3 ביוני שעבר, אשר הביאה את עולם הזיהוי התנועהוהממשק הטבעי מהמדע הבדיוני למציאות, העולם כולו מדבר על הפוטנציאל הגלום בטכנולוגיה ועל הדברים שאפשר לבצע איתה. כבר בעת ההכרזה, היו דיבורים על מספר חברות ישראליות המעורבות בבניית המערכת החדשה, אך אף אחת מהן לא הזכירה את חברה קטנה העוסקת בתחום בשם Omek Interactive. ג'נין קוטלירוף, מייסדת החברה הציגה ב-Techonomy את רכיב תוכנה המפותח בחברה בשם Shadow SDK, המקשר בין מערכות החומרה ומצלמות העומק עליהן מבוססת מערכת השליטה במערכות דוגמת נאטאל ובין האפליקציות והמשחקים שאמורים להשתמש ביכולות של המערכת. תשתית התוכנה של Omek הם בעצם סוג של Middleware אשר נועד לבצע את התרגום בין התנועות המתקבלות מהמצלמות והחיישנים ובין מערך השליטה הסטנדרטי של האפליקציה או המשחק, כך שבפועל ניתן יהיה לבצע הסבה של משחק רגיל למשחק הנשלט על-ידי מערכת זיהוי תנועה ללא הצורך לשכתב את הקוד בצורה משמעותית.
Read more: newsGeek
I LOVE YOU VIRUS 10 Years Out
|
10 years ago yesterday, The ILOVEYOU or LOVELETTER computer worm successfully attacked tens of millions of Windows computers in 2000 when it was sent as an attachment to an email message with the text "ILOVEYOU" in the subject line. Mefi Was There that day when Onel De Guzman released a virus that he had proposed creating as part of his undergraduate thesis. The BBC Looks Back. The key part of the virus was not any technical trick but the wording of the subject line - ILOVEYOU - and its attachment LOVE-LETTER-FOR-YOU. Read more: Metafilter
Skype to launch monthly subscriptions and group video chat
|
Skype, the app that's famous for enabling cheap voice and video calls over the internet, is about to get even cheaper. Skype is set to introduce monthly subscription plans in 170 countries, bringing the cost of calls down significantly for frequent users. On top of that, there are rumors that Skype's long-awaited group video chat feature might enter beta as early as next week. The plans start as low as $1.09 a month, and come with 1 cent/minute rates to any of the 170 included countries. You can buy plans in 3, 6 or 12-month increments, and there will some options to customize your plan according to the way you use Skype. As far as the group video chat feature, word is it will be free to start, and then cost a little bit in the future. The Windows version will launch first, with Mac support later this year. Should Ustream, Justin.tv, et al. be worried that Skype is about to horn in on their one-to-many broadcast territory? Maybe, but people still see the Skype brand as a way of cheaply communicating with friends and family in other countries. It still hasn't even cracked the business market, let alone webcasting. Read more: DownloadSquad
Google Releases a Web-App Case Study For Hackers
|
The San Francisco Chronicle reports that Google has released Jarlsberg, a 'small, cheesy' web application specifically designed to be full of bugs and security flaws as a security tutorial for coders, and encourages programmers to try their hands at exploiting weaknesses in Jarlsberg as a way of teaching them how to avoid similar vulnerabilities in their own code. Jarlsberg has multiple security bugs ranging from cross-site scripting and cross-site request forgery, to information disclosure, denial of service, and remote code execution. The codelab is organized by types of vulnerabilities." (Read on for more.)"In black box hacking, users try to find security bugs by experimenting with the application and manipulating input fields and URL parameters, trying to cause application errors, and looking at the HTTP requests and responses to guess server behavior while in white-box hacking, users have access to the source code and can use automated or manual analysis to identify bugs. The tutorial notes that accessing or attacking a computer system without authorization is illegal in many jurisdictions but while doing this codelab, users are specifically granted authorization to attack the Jarlsberg application as directed Read more: Slashdot
Official site: Jarlsberg
Official site: Jarlsberg
New Linux Petabyte-Scale Distributed File System
|
A recent addition to Linux's impressive selection of file systems is Ceph, a distributed file system that incorporates replication and fault tolerance while maintaining POSIX compatibility. Explore the architecture of Ceph and learn how it provides fault tolerance and simplifies the management of massive amounts of data Read more: Slashdot
Official site: Ceph
Official site: Ceph
Open Source Guacamole Puts VNC On the Web
|
A new open source project dubbed Guacamole allows users to access a desktop remotely through a web browser, potentially streamlining the requirements for client support and administration. Guacamole is an HTML5 and JavaScript (Ajax) VNC viewer that makes use of a VNC-to-XML proxy server written in Java. According to its developers, Guacamole is almost as responsive as native VNC and should work in any browser supporting the HTML5 canvas tag. Supporting 10 Linux desktops in 10 browser tabs? I like the sound of that. Read more: Slashdot
Official site: Guacamole
Official site: Guacamole
Seeker Nails Hacker Pr0n
|
Do SQL injections turn you on? How about double SQL injections? If the answer is ‘yes’, then1): Good luck with your dating life
2) Boy are you in some luck!A new of breed of security product called Seeker produces some vivid hacker pr0n in the form of a video (see above) of how it broke and exploited every nook and cranny of your unsecure code. Yes, I’m going to say it, Seeker might be the Seymore Butts of security products! Kidding aside, Seeker seems be packing pretty fearsome application security technology. The company behind it is an Israeli white hat hacking shop called Hacktics. These guys do work for startups, banks, telcos, governments, and homeland security agencies. Their team members hold very high security clearances due to their prior and current service records in the IDF (Israeli Defense Force). It’s safe to say these guys know a thing or two about application security. Seeker was designed for use by individuals that are part of the development organization which do not necessarily possess security knowledge, or even deep technical knowledge. These can range from developers, to QA staff, to team leaders. It’s for this reason that Seeker points to real business threats rather than just technical issues. Read more: Techcrunch
2) Boy are you in some luck!A new of breed of security product called Seeker produces some vivid hacker pr0n in the form of a video (see above) of how it broke and exploited every nook and cranny of your unsecure code. Yes, I’m going to say it, Seeker might be the Seymore Butts of security products! Kidding aside, Seeker seems be packing pretty fearsome application security technology. The company behind it is an Israeli white hat hacking shop called Hacktics. These guys do work for startups, banks, telcos, governments, and homeland security agencies. Their team members hold very high security clearances due to their prior and current service records in the IDF (Israeli Defense Force). It’s safe to say these guys know a thing or two about application security. Seeker was designed for use by individuals that are part of the development organization which do not necessarily possess security knowledge, or even deep technical knowledge. These can range from developers, to QA staff, to team leaders. It’s for this reason that Seeker points to real business threats rather than just technical issues. Read more: Techcrunch
Designer Filtering using Reference Assemblies
|
Visual Studio 2010 expands multi-targeting support to include metadata filtering in features such as intellisense and the property grid. Notice how the property grid filters out the new ClientIDMode property added to web controls in .NET 4 when targeting .NET 2: So, how is this happening when Visual Studio itself is running on .NET 4? The answer is reference assemblies!Reference assemblies are metadata-only assemblies that have method bodies and non-public members stripped out in order to make them more compact. As such, they can’t be loaded for execution by the CLR. However, the multi-targeting infrastructure is able to load and unload these assemblies as needed and has all the information it needs to provide target-aware reflection. Read more: Christy's tidbits
Ten Linux Commands Every Web Developer Should Know
|
Although the learning curve for developing websites remains remarkably shallow, the industry's growing complexity requires today's professional web developer to embrace a variety of technologies. For instance, developers who limit their Linux exposure to the occasional SSH session are missing the opportunity to manage website assets effectively, monitor server performance, and easily carry out other tasks that are otherwise time-consuming and tedious. In his Web Developer's Virtual Library (WDVL) article, Jason Gilmore lists 10 indispensable Linux commands that can make web development work much easier and even more enjoyable. These 10 commands will hopefully prompt you to begin investigating the power of the Linux command-line if you haven't already: 1. Retrieving a software package
2. Monitoring server processes
3. Reviewing log files
4. Copying files with scp
5. Finding world-writable files
6. Backing up your web directory
7. Viewing your command history
8. Creating directory trees
9. Creating command aliases
10. Managing source code with git (or svn, or bzr...)Read more: developer.com
2. Monitoring server processes
3. Reviewing log files
4. Copying files with scp
5. Finding world-writable files
6. Backing up your web directory
7. Viewing your command history
8. Creating directory trees
9. Creating command aliases
10. Managing source code with git (or svn, or bzr...)Read more: developer.com
Digitally Signing a XAP Silverlight
|
I’ve been referring a lot of people lately to the steps to sign a XAP. So I decided to post an excerpt I wrote about signing Silverlight XAP files in the Silverlight 4 Whitepaper on Channel 9 here to help spread the word. The signing process is important if you are creating an elevated trust out of browser application because it helps: * Reassure your users that the application is authentic
* Allow updates to elevated trust applicationsElevated trust out-of-browser applications enable developers to take advantage of platform features that are inaccessible to sandboxed Silverlight applications. You can digitally sign your XAP files to reassure end users of the authenticity of an application’s publisher and that the code’s integrity is intact. This feature only applies to trusted apps; sandboxed XAPs may be signed but doing so will have no effect on it. Read more: JohnPapa.net
* Allow updates to elevated trust applicationsElevated trust out-of-browser applications enable developers to take advantage of platform features that are inaccessible to sandboxed Silverlight applications. You can digitally sign your XAP files to reassure end users of the authenticity of an application’s publisher and that the code’s integrity is intact. This feature only applies to trusted apps; sandboxed XAPs may be signed but doing so will have no effect on it. Read more: JohnPapa.net
Microsoft ASP.NET 4 Hosting Deployment Guide
|
The Microsoft ASP.NET 4 Hosting Deployment Guide provides hosting service providers with an overview of the features and benefits of Microsoft ASP.NET 4 for Web hosting. Read more: MS Download
Shared Folders in VirtualBox on Windows 7
|
In my adventures with VirtualBox, my latest victory was in figuring out how to share folders between my host OS (Windows 7) and my virtual OS (Windows Server 2008). I’m familiar with VirtualPC and other such products, which allow you to share local folders with the VM. When you do, they just show up in Windows Explorer and all is good. However, after configuring shared folders in VirtualBox like so Read more: Steve Smith
The Cobra Programming Language
|
There are plenty of object-oriented programming languages in .NET such as C#, IronPython and IronRuby. Why would you want to use Cobra instead?This would seem to be a silly question on first glance. However, Cobra is much more than Python without the eccentricities and with the raw performance of C#; In addition, It has the support for automated unit-testing from D, the software contracts introduced by Eiffel, the static and dynamic binding of Objective-C or Boo. It introduces Nil-tracking to eliminate some of the most difficult errors in code that are caused by NULLs being passed as parameters. Moreover, Cobra creates the same kinds of classes, interfaces, method signatures, etc. that are found in C# and Visual Basic, so that it will produce assemblies that are compatible. This allows Cobra to coexist with the more conventional .NET languages in applications. Cobra isn't a port to .NET from the world of Linux, it is intrinsically bound up in the .NET framework and takes advantage of the standard library, the class/object model, including events, and the use of generics. Rather than compiling straight to MSIL, it acts as a pre-processor for C# which is in turn compiled to MSIL. This means that it is safe to use in a mixed project that uses C# as well as Cobra. It plays nice with C# and VB Cobra is an excellent general-purpose imperative scripting language as it is able to do dynamic binding.An aim of Cobra is to allow the programmer to write robust applications with a minimum of bugs. The use of Contracts, which are analogous to constraints in SQL, are implemented in a way that is very close to Eiffel. Cobra also allows you to embed unit-tests into the code, which can be executed at compile time, and every time the code is run, to catch the simple but irritating coding errors without having to create a separate test suite. You can use both of these, but they definitely improve the readability of code, since the unit tests also act as coding examples. If you also add the 'documentation' feature, primitive though it is, your source code will be starting to look clear and nicely laid out. Cobra actually rewards good coding practices. Read more: simple-talk
The Objective-C Language from a Java / C++ perspective
|
If you are a Java, C#, or C++ developer, then you are probably not excited to learn Objective-C. Objective-C code is hard to read, and I sometimes wonder why Apple would chose an “ancient” language as a basis for a brand new mobile platform? The language is about to turn 25 years old. I really wanted to write some iPhone applications, so I started learning about Objective-C a few months ago. Once I got past the unusual syntax and unfamiliar Xcode tools, I realized that this language has a lot to offer object oriented developers. I’d like to share with you my favorite Objective-C language features. First off, Objective-C is very different from C++. What a relief! C++ is not my favorite language. I spent years learning the intricacies of C++. It’s a very difficult language to learn, it’s way too complex for most developers. I’m so glad Objective-C is a simpler, and far more powerful language than C++. Read on for some details… Powerful Objective-C language features: * Dynamic Messaging Passing
o Objects pass messages, rather than make direct method calls. It seems like a subtle distinction, but message passing is very flexible. Object messages can be auto-forwarded, passed over a network, or even queued up and sent at a later time. Dynamic message dispatch enables many of the important object oriented features in the language.
o Nil (or null) pointer protection is built in. Sending a message to nil (null) will cause a C, C++, or Java program to crash. In Objective-C, the message simply gets dispatched to … nowhere! Nothing bad happens, and the program continues to run. (Debug code can be added to detect messages being sent to Nil.) * The compiler is Type-safe, and the runtime provides super easy object introspection
o For the most part, Objective-C is strongly typed. The compiler catches most type related errors. I prefer typed languages, because I want to catch my simple mistakes before I run the application.
o At runtime, object type information is fully available. It’s easy to check the type of an object and find out which messages (methods) it accepts. It’s basically a single line of code to access type information, compared to Java which requires 4 or 5 lines of code to do the same type lookups. Read more: Gavin Pierce on Software
o Objects pass messages, rather than make direct method calls. It seems like a subtle distinction, but message passing is very flexible. Object messages can be auto-forwarded, passed over a network, or even queued up and sent at a later time. Dynamic message dispatch enables many of the important object oriented features in the language.
o Nil (or null) pointer protection is built in. Sending a message to nil (null) will cause a C, C++, or Java program to crash. In Objective-C, the message simply gets dispatched to … nowhere! Nothing bad happens, and the program continues to run. (Debug code can be added to detect messages being sent to Nil.) * The compiler is Type-safe, and the runtime provides super easy object introspection
o For the most part, Objective-C is strongly typed. The compiler catches most type related errors. I prefer typed languages, because I want to catch my simple mistakes before I run the application.
o At runtime, object type information is fully available. It’s easy to check the type of an object and find out which messages (methods) it accepts. It’s basically a single line of code to access type information, compared to Java which requires 4 or 5 lines of code to do the same type lookups. Read more: Gavin Pierce on Software
Close these Loopholes - Reproduce Database Errors
|
This is the final part of Alex's ground-breaking series on unit-testing Transact-SQL code. Here, he shows how you can test the way that your application handles database-related errors such as constraint-violations or deadlocks. With a properly-constructed test-harness you can ensure that the end-user need never sees the apparent gobbledegook of database system error messages, and that they are properly and robustly handled by the application. We have been proud to publish this unique series of articles on Simple-Talk. We would urge you to read them in sequence, as they follow a logical sequence. . Close These Loopholes in Your Database Testing
. Close These Loopholes: Testing Stored Procedures
. Close These Loopholes: Testing Database Modifications
. Close These Loopholes: Stress-Test those Stored ProceduresRead more: simple-talk
. Close These Loopholes: Testing Stored Procedures
. Close These Loopholes: Testing Database Modifications
. Close These Loopholes: Stress-Test those Stored ProceduresRead more: simple-talk
Beautiful Dependency Injection in C++
|
Dependency injection is a very nice way of making classes testable and more reusable. An instance of a class Foo that a class NeedsFoo depends on are simply injected into NeedsFoo's constructor. That is, the client of NeedsFoo (the code instantiating it) controls how Foo instances are created, thus, NeedsFoo is more decoupled from the rest of the system. Why? Because any object that is a Foo can be used with NeedsFoo: subclasses of Foo, instances shared other objects, or a Foo created in a special way (e.g., a singelton or proxy to a remote object). Compare this to the traditional non-dependency injection way, where Foo is instantiated by NeedsFoo, thus making it impossible for the client to control what kind of instance of Foo that is used by NeedsFoo. Object life-time management complicated
Dependency injection is straight forward to do (correctly) in languages with automatic memory management like Java and Python, but it's much harder to get right in languages like C++ which forces you to manage memory manually. Of course, it possible to do simply delete the injected object in NeedsFoo's destructor; like: class NeedsFoo {
Foo* foo;
public:
NeedsFoo(Foo* foo) : foo(foo) { }
~NeedsFoo() { delete foo; }
// Methods using foo that needs to be tested.
};Read more: Programmatically Speaking
Dependency injection is straight forward to do (correctly) in languages with automatic memory management like Java and Python, but it's much harder to get right in languages like C++ which forces you to manage memory manually. Of course, it possible to do simply delete the injected object in NeedsFoo's destructor; like: class NeedsFoo {
Foo* foo;
public:
NeedsFoo(Foo* foo) : foo(foo) { }
~NeedsFoo() { delete foo; }
// Methods using foo that needs to be tested.
};Read more: Programmatically Speaking
Talk about nasty bugs
|
Let us see how many of you can figure this one out.Here is the code: [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)]
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool CopyFileEx(string lpExistingFileName, string lpNewFileName,
IntPtr lpProgressRoutine, IntPtr lpData, ref Int32 pbCancel,
CopyFileFlags dwCopyFlags); public void CopyFileWithProgressReports()
{
var lpProgressRoutineIntPtr = Marshal.GetFunctionPointerForDelegate(new CopyProgressRoutine(LpProgressRoutine));
int pbCancel = 0;
CopyFileEx(hugeFile, hugeFile + ".new", lpProgressRoutineIntPtr, IntPtr.Zero, ref pbCancel,
CopyFileFlags.COPY_FILE_RESTARTABLE);
} private static CopyProgressResult LpProgressRoutine(long totalFileSize, long totalBytesTransferred, long streamSize,
long streamBytesTransferred, uint dwStreamNumber, CopyProgressCallbackReason dwCallbackReason, IntPtr hSourceFile,
IntPtr hDestinationFile, IntPtr lpData)
{
Console.WriteLine("{0:#,#} / {1:#,#}", totalBytesTransferred, totalFileSize);
return CopyProgressResult.PROGRESS_CONTINUE;
} This code will run perfectly if you execute it in a single threaded fashion.But, if you run it on a background thread and continue to do additional operations (just running it on a background thread work) that has nothing to do with the file system, it will crash, sometimes with a null reference exception, sometimes with attempt to write to protected memory, etc. There is a very subtle bug here, can you figure out what it is?Read more: Ayende @ Rahien
[return: MarshalAs(UnmanagedType.Bool)]
static extern bool CopyFileEx(string lpExistingFileName, string lpNewFileName,
IntPtr lpProgressRoutine, IntPtr lpData, ref Int32 pbCancel,
CopyFileFlags dwCopyFlags); public void CopyFileWithProgressReports()
{
var lpProgressRoutineIntPtr = Marshal.GetFunctionPointerForDelegate(new CopyProgressRoutine(LpProgressRoutine));
int pbCancel = 0;
CopyFileEx(hugeFile, hugeFile + ".new", lpProgressRoutineIntPtr, IntPtr.Zero, ref pbCancel,
CopyFileFlags.COPY_FILE_RESTARTABLE);
} private static CopyProgressResult LpProgressRoutine(long totalFileSize, long totalBytesTransferred, long streamSize,
long streamBytesTransferred, uint dwStreamNumber, CopyProgressCallbackReason dwCallbackReason, IntPtr hSourceFile,
IntPtr hDestinationFile, IntPtr lpData)
{
Console.WriteLine("{0:#,#} / {1:#,#}", totalBytesTransferred, totalFileSize);
return CopyProgressResult.PROGRESS_CONTINUE;
} This code will run perfectly if you execute it in a single threaded fashion.But, if you run it on a background thread and continue to do additional operations (just running it on a background thread work) that has nothing to do with the file system, it will crash, sometimes with a null reference exception, sometimes with attempt to write to protected memory, etc. There is a very subtle bug here, can you figure out what it is?Read more: Ayende @ Rahien
Calling Web Services from Silverlight after the Browser has closed
|
Today I was reading an excellent post by my fellow Disciple Laurent Bugnion, which led on to a short discussion about performing actions after a user attempts to close a browser window. It got me thinking about the capability to dispatch a web service call in Silverlight just after a user attempts to close the browser window or navigate elsewhere. I have been asked the question before, yet before now, have not attempted to answer it. So today I decided to do some experimenting. There are two things I wanted to look at. Firstly, I wanted to allow a web service to be called after the Silverlight application’s Exit event is raised. Secondly, I wanted to provide the Silverlight application with the opportunity to cancel, or at least interrupt the close window process. In the first scenario, I found the way I could achieve the call after the Silverlight applications Exit event was raised, was to call a JavaScript method from Silverlight, and then finally a PageMethod; to perform the housekeeping. Read more: Codeproject
KDevelop 4.0: A C++ Focused IDE
|
The KDevelop open source IDE for the KDE desktop environment has reached version 4.0 after five years of development. The developers decided to focus on making KDevelop a solid C++ IDE for this release instead of adding half-supported features for some of the other languages that KDevelop supports. In fact, many features from version 3.5 were dropped because the "nearly complete rewrite" was intended to focus mostly on C++ features. The crown jewel of KDevelop 4.0 is its C++ code "understanding engine." According to the developers, it "allows the IDE to understand your code better than you do." This cuts down on the tedious tasks required for development. KDevelop 4.0 features plenty of specific code assistance features as well. Code AssistantsThere are a handful of semi-automatic coding assistants in the IDE. For example, if you assign an item to a variable that doesn't exist, KDevelop will intelligently ask if you want to create a variable with the matching type you've assigned. If you call on a non-existent function, a similar process will take place. KDevelop will also ask if you want to adapt a declaration when you change the signature of a function-definition. Read more: DZone
Detection keys for .NET Framework 4.0 and Visual Studio 2010
|
Now that Microsoft .NET Framework 4.0 and Visual Studio 2010 have been released, developers may wonder how to detect them on the system. As with previous releases, we support registry detection of either product family and Windows Installer component detection for Visual Studio. Detecting either product uses a separate set of supported keys.
.NET Framework 4.0The .NET Framework has and continues to use registry keys and values under HKLM\Software\Microsoft\NET Framework Setup. To detect .NET Framework 4.0, you can check if the following key is present and the value is set to 1.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client
Name Install
Type REG_DWORD (32-bit integer)
Data 0x00000001 (1)The core .NET Framework 4.0 package is English, so 1033 is always available. To detect specific language support, see the LCIDs listed in the table of supported languages. You can also detect if the full package is installed, which includes the core (Client) and extended support, such as ASP.NET.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Name Install
Type REG_DWORD (32-bit integer)
Data 0x00000001 (1)For more information, see the .NET Framework 4.0 deployment guide for developers. Administrators may be interested in the .NET Framework deployment guide for administrators.
Visual Studio 2010The detection keys for Visual Studio are used both to detect if the product is installed and what service pack level is installed. As with previous versions, these keys and values are under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VS\Servicing.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VS\Servicing\10.0\$(var.ProductEdition)\$(var.LCID)
Name Install
Type REG_DWORD (32-bit integer)
Data 0x00000001 (1)Read more: Detection keys for .NET Framework 4.0 and Visual Studio 2010
.NET Framework 4.0The .NET Framework has and continues to use registry keys and values under HKLM\Software\Microsoft\NET Framework Setup. To detect .NET Framework 4.0, you can check if the following key is present and the value is set to 1.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client
Name Install
Type REG_DWORD (32-bit integer)
Data 0x00000001 (1)The core .NET Framework 4.0 package is English, so 1033 is always available. To detect specific language support, see the LCIDs listed in the table of supported languages. You can also detect if the full package is installed, which includes the core (Client) and extended support, such as ASP.NET.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full
Name Install
Type REG_DWORD (32-bit integer)
Data 0x00000001 (1)For more information, see the .NET Framework 4.0 deployment guide for developers. Administrators may be interested in the .NET Framework deployment guide for administrators.
Visual Studio 2010The detection keys for Visual Studio are used both to detect if the product is installed and what service pack level is installed. As with previous versions, these keys and values are under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VS\Servicing.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DevDiv\VS\Servicing\10.0\$(var.ProductEdition)\$(var.LCID)
Name Install
Type REG_DWORD (32-bit integer)
Data 0x00000001 (1)Read more: Detection keys for .NET Framework 4.0 and Visual Studio 2010
Microsoft Enterprise Library 5.0 Documentation for Visual Studio 2008
|
The integrated documentation for Microsoft Enterprise Library 5.0 to be used with Visual Studio 2008.Read more: MS Download
Microsoft Unity 2.0
|
Unity is a lightweight, extensible dependency injection container. It facilitates building loosely coupled applications and provides developers with the following advantages: * Simplified object creation, especially for hierarchical object structures and dependencies
* Abstraction of requirements; this allows developers to specify dependencies at run time or in configuration and simplify management of crosscutting concerns
* Increased flexibility by deferring component configuration to the container
* Service location capability; this allows clients to store or cache the container
* Instance and type interceptionRead more: MS Download
Microsoft Unity 2.0 Documentation for Visual Studio 2008
Read more: MS Download Microsoft Unity 2.0 for Silverlight
Read more: MS Download
* Abstraction of requirements; this allows developers to specify dependencies at run time or in configuration and simplify management of crosscutting concerns
* Increased flexibility by deferring component configuration to the container
* Service location capability; this allows clients to store or cache the container
* Instance and type interceptionRead more: MS Download
Microsoft Unity 2.0 Documentation for Visual Studio 2008
Read more: MS Download Microsoft Unity 2.0 for Silverlight
Read more: MS Download
Arbitration and Translation
|
A while back Jake Oshins answered a question on NTDEV about bus arbitration and afterwards I asked him if he could write a couple of posts about it for the blog. Here is part 1.History Lesson In the history of computing, most machines weren’t PCs. PCs, and the related “industry standard” server platforms, may constitute a huge portion of the computers that have been sold in the last couple of decades, but even during that time, there have been countless machines, both big and small, which weren’t PCs. Windows, at least those variants which are derived from Windows NT, (which include Windows XP and everything since,) was originally targeted at non-PC machines, specifically those with a MIPS processor and a custom motherboard which was designed by in-house at Microsoft. In the fifteen years that followed that machine, NT ran on a whole pile of other machines, many with different processor architectures. My own career path involved working on the port of Windows NT to PowerPC machines. I wrote HALs and worked on device drivers for several RS/6000 workstations and servers which (briefly) ran NT. When I came to Microsoft from IBM, the NT team was just getting into the meat of the PnP problem. The Windows 95 team had already done quite a bit to understand PnP, but their problem space was really strongly constrained. Win95 only ran on PCs, and only those with a single processor and a single root PCI bus. Very quickly, I got sucked into the discussion about how to apply PnP concepts to machines which were not PCs, and also how to extend the driver model in ways that would continue to make it possible to have one driver which ran on any machine, PC or not. If the processor target wasn’t x86, you’d need to recompile it. But the code itself wouldn’t need changing. If the processor target was x86, even if the machine wasn’t strictly a PC, your driver would just run. In order to talk about non-PC bus architectures, I want to briefly cover PC buses, for contrast. PC’s have two address spaces, I/O and memory. You use different instructions to access each. I/O uses “IN, OUT, INS, and OUTS.” That’s it. Memory uses just about any other instruction, at least any that can involve a pointer. I/O has no way of indirecting it, like virtual memory indirects memory. That’s all I’ll say about those here. If you want more detail, there have been hundreds of good explanations for this. My favorite comes from Mindshare’s ISA System Architecture, although that’s partly because that one existed back when I didn’t fully understand the problem space. Perhaps there are better ones now. In the early PC days, the processor bus and the I/O bus weren’t really separate. There were distinctions, but those weren’t strongly delineated until PCI came along, in the early ‘90s. PCI was successful and enduring because, in no small part, it was defined entirely without reference to a specific processor or processor architecture. The PCI Spec has almost completely avoided talking about anything that happens outside of the PCI bus. This means, however, that any specific implementation has to have something which bridges the PCI spec to the processor bus. (I’m saying “processor bus” loosely here to mean any system of interconnecting processors, memory and the non-cache-coherent I/O domains. This sometimes gets referred to as a “North Bridge,” too.) The processor bus then gets mapped onto the I/O subsystem, specifically one or more root PCI buses. The following diagram shows a machine that has two root PCI buses (which is not at all typical this year, but was very typical of PC servers a decade ago.) The specific addresses could change from motherboard to motherboard and were reported to the OS by the BIOS. Read more: A Hole In My Head
StyleCop+
|
What is StyleCop+?StyleCop+ is a plug-in that extends original StyleCop features. It offers you a variety of rules for building C# code style that best suits your needs. Currently StyleCop+ is in the beta-state, but is going to be significantly improved. * Key Features
* How to Use
* Rule ReferenceKey FeaturesAdvanced Naming Rules
StyleCop+ has rich and flexible naming rules that are intended to completely replace all original Naming Rules (SA13xx). Read more: Codeplex
* How to Use
* Rule ReferenceKey FeaturesAdvanced Naming Rules
StyleCop+ has rich and flexible naming rules that are intended to completely replace all original Naming Rules (SA13xx). Read more: Codeplex
Mailbag: How to detect the presence of the Visual C++ 2010 redistributable package
|
Question:I have seen your previous blog posts that describe how to detect the presence of the Visual C++ 2005 redistributable package and the Visual C++ 2008 redistributable package. I am creating an installer that requires the Visual C++ 2010 runtime files. How can I detect the presence of the Visual C++ 2010 redistributable package? Answer:Unlike the Visual C++ 2005 and 2008 redistributable packages, there are registry keys that can be used to detect the presence of the Visual C++ 2010 redistributable package.Visual C++ 2010 redistributable package detection registry values * Visual C++ 2010 Redistributable Package (x86) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x86]
Installed = 1 (REG_DWORD) * Visual C++ 2010 Redistributable Package (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x64]
Installed = 1 (REG_DWORD) * Visual C++ 2010 Redistributable Package (ia64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\ia64]
Installed = 1 (REG_DWORD)Alternatively, like in past releases of the Visual C++ redistributable package, you can use an algorithm like the one I described in my previous blog posts to detect the presence of the Visual C++ 2010 redistributable package on a system: 1. Call the MsiQueryProductState API
2. Pass in the product code for the package that you want to detect based on the list below
3. Check the return value of this API. If it is anything other than INSTALLSTATE_DEFAULT, the package is not yet installed
Read more: Aaron Stebner's WebLog
Installed = 1 (REG_DWORD) * Visual C++ 2010 Redistributable Package (x64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\x64]
Installed = 1 (REG_DWORD) * Visual C++ 2010 Redistributable Package (ia64) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VisualStudio\10.0\VC\VCRedist\ia64]
Installed = 1 (REG_DWORD)Alternatively, like in past releases of the Visual C++ redistributable package, you can use an algorithm like the one I described in my previous blog posts to detect the presence of the Visual C++ 2010 redistributable package on a system: 1. Call the MsiQueryProductState API
2. Pass in the product code for the package that you want to detect based on the list below
3. Check the return value of this API. If it is anything other than INSTALLSTATE_DEFAULT, the package is not yet installed
Read more: Aaron Stebner's WebLog
AuditPro
|
AuditPro® is a comprehensive enterprise security assessment solution featuring critical asset identification, policy compliance, risk analysis, real time vulnerability views, enhanced reporting capability, graphical progress analysis and more. Supporting multiple operating systems and databases, AuditPro® brings you the state-of-the-art in information systems security evaluation and risk management. Read more: Network Intelligence
MySQL vs PostgreSQL Benchmarks
|
Wednesday, May 5, 2010
We are living interesting times … MySQL was first purchased by SUN and now SUN was purchased by ORACLE. I don’t know what future will reserve for MySQL, but in this moment it seems MySQL is coming very very close to PostgreSQL. We are NOT talking about MySQL with MyISAM, we are talking about MySQL with InnoDB, because I’m directly interested in a set of properties what PostgreSQL already have them built-in and MySQL achieve them through InnoDB (and the new Maria Data plugin). This properties are Atomicity, Consistency, Isolation, Durability = ACID, in other words, very stable, good integrity and crash proof database. Why an ACID database? Sometimes we are more interested in ACID for our data than raw speed. For example do you keep your savings to a bank who is running a NON ACID database? I think you understand my concern. When ORACLE launched the InnoDB 1.0.3 patched with the InnoDB Google patch I was very interested to see a benchmark between MySQL 5.1.30 and PostgreSQL 8.3.7. Until now I didn’t find any benchmark between this databases so I found some free time to do that myself. Hardware Resources
CPU: Intel(R) Pentium(R) D CPU 3.00GHz Dual Core
RAM: 3G Ram
HDD: WDC WD3200AAJS-0Software Resources
Debian Lenny 5.0 64 bit arch
Linux painkiller 2.6.26-2-amd64 #1 SMP Wed May 13 15:37:46 UTC 2009 x86_64 GNU/Linux
MySQL 5.0.51a-24+lenny1
MySQL 5.1.30 Sun compiled
InnoDB 1.0.3 Plugin compiled by ORACLE for MySQL 5.1.30
PostgreSQL 8.3.7
osdb 2.1 – Opensource Database benchmark.Read more: Randombugs
CPU: Intel(R) Pentium(R) D CPU 3.00GHz Dual Core
RAM: 3G Ram
HDD: WDC WD3200AAJS-0Software Resources
Debian Lenny 5.0 64 bit arch
Linux painkiller 2.6.26-2-amd64 #1 SMP Wed May 13 15:37:46 UTC 2009 x86_64 GNU/Linux
MySQL 5.0.51a-24+lenny1
MySQL 5.1.30 Sun compiled
InnoDB 1.0.3 Plugin compiled by ORACLE for MySQL 5.1.30
PostgreSQL 8.3.7
osdb 2.1 – Opensource Database benchmark.Read more: Randombugs
Bypassing Windows XP Logon Password using bootkit
|
Sometimes you want to log into Windows box, but you don't know the password. A few years ago (summer 2007), I wrote a utility to solve this problem. At the time, there was no similar tool around. There existed programs which were able to reset the password (it's not a very stealthy approach btw). Nowadays, such tools are nothing special (some Polish guy even created webpages for such a tool and he is charging money for it) and so I decided to publish my old stuff. I believe that bright people from CodeProject community can extend it into actually usable open source software.
BackgroundI came across this blog post [1]. The idea is to use kernel debugger in order to modify routine msv1_0!MsvpPasswordValidate in such a way it always returns TRUE, even for an incorrect password. I was impressed by the simplicity of the idea and decided to implement it using bootable CD instead of debugger. A great compilation of information on bootable CD is eEye's BootRoot [2]. Another inspirational material is [3]. Theory of operation:
CollapseFlow of execution
0 hic sum leones (DRAM initialization, POST, etc.) - see [4]
1 boot from CD:
CD code hooks int 15h and copies itself to RAM
CD code boots NTLDR from HDD
2 boot from HDD
NTLDR is running
NTLDR calls int 15h
int 15h hooked handler patches NTDLR with 32 bit stager
NTLDR is running
32 bit stager is called
32 bit stager calls payload
payload hooks IoCreateDriver
NTLDR is running
IoCreateDriver is called, hook registers custom callback
using PsSetLoadImageNotifyRoutine
PspLoadImageNotifyRoutine notifies us about images being loaded
if the image name is msv1_0.dll, hook (IAT style) RtlCompareMemory
3 windows logon dialog appears and arbitrary password is accepted
for every accountNota bene: * int 15h is used instead of usual int 13h used in BootRoot and its clones
* int 15h was found to be viable by using custom interrupt PCI-ROM based sniffer and leads to more compact code
* msv1_0!MsvpPasswordValidate is not hooked, because it's not exported
* password is validated also in ADVAPI32!SystemFunction031
* both functions mentioned above call RtlCompareMemory, which is exported
* RtlCompareMemory is modified in such a way it returns 0 (true) for all the blocks of length of password hash
* it's dirty hack, it's not intended for production use :)So, how does it work? When you enter password, Windows computes hash of the password and compares it with stored hash of the correct password. But the comparison routine was modified, so it returns true for any two hashes, i.e. for any password you enter. Read more: Codeproject
BackgroundI came across this blog post [1]. The idea is to use kernel debugger in order to modify routine msv1_0!MsvpPasswordValidate in such a way it always returns TRUE, even for an incorrect password. I was impressed by the simplicity of the idea and decided to implement it using bootable CD instead of debugger. A great compilation of information on bootable CD is eEye's BootRoot [2]. Another inspirational material is [3]. Theory of operation:
CollapseFlow of execution
0 hic sum leones (DRAM initialization, POST, etc.) - see [4]
1 boot from CD:
CD code hooks int 15h and copies itself to RAM
CD code boots NTLDR from HDD
2 boot from HDD
NTLDR is running
NTLDR calls int 15h
int 15h hooked handler patches NTDLR with 32 bit stager
NTLDR is running
32 bit stager is called
32 bit stager calls payload
payload hooks IoCreateDriver
NTLDR is running
IoCreateDriver is called, hook registers custom callback
using PsSetLoadImageNotifyRoutine
PspLoadImageNotifyRoutine notifies us about images being loaded
if the image name is msv1_0.dll, hook (IAT style) RtlCompareMemory
3 windows logon dialog appears and arbitrary password is accepted
for every accountNota bene: * int 15h is used instead of usual int 13h used in BootRoot and its clones
* int 15h was found to be viable by using custom interrupt PCI-ROM based sniffer and leads to more compact code
* msv1_0!MsvpPasswordValidate is not hooked, because it's not exported
* password is validated also in ADVAPI32!SystemFunction031
* both functions mentioned above call RtlCompareMemory, which is exported
* RtlCompareMemory is modified in such a way it returns 0 (true) for all the blocks of length of password hash
* it's dirty hack, it's not intended for production use :)So, how does it work? When you enter password, Windows computes hash of the password and compares it with stored hash of the correct password. But the comparison routine was modified, so it returns true for any two hashes, i.e. for any password you enter. Read more: Codeproject
Ядра – чистый изумруд
|
Даже если ты не собираешься писать драйвера, эта статья пригодиться тебе для понимания некоторых внутренних особенностей ОС Windows. Несмотря на то, что Microsoft заботиться о программерах и предоставляет достаточно подробную информацию об API, архитектура ОС остается наименее открытой и информация обрывочна. Мы постарались собрать в этой небольшой статье самое интересное о ядре Windows и рассказать тебе. Набор инструментовДля создания драйвера под Windows необходим специальный набор инструментов, который называется DDK (Driver Development Kit). Помимо этого, желательно установить специализированную версию Windows, которая содержит отладочную информацию. Это поможет в отладке драйвера, что не такое уж и простое занятие. Набор DDK существует для каждой версии ОС свой и распространяется отдельно от компилятора. Это значит, что если даже у тебя установлена полная версия Visual Studio, DDK придется ставить отдельно. Причем, просто так скачать его с сайта Microsoft нельзя, потому что он распространяется вместе с платной подпиской MSDN. Read more: vr-online.ru
Шалом, ИТ-Израиль!
|
Вот уже некоторое время нахожусь в Израиле и хочу немного рассказать о местном ИТ. Не секрет, что ИТ специалисты в Израиле являются одними из самых высокооплачиваемых. В Израиле размещаются офисы практически всех известных мне (и не известных) мировых компаний, а также большое количество отечественных. Все они расположаются в индустриальных зонах (эти участки называют промзоной) в современных зданиях, внутри которых бурлит ИТ жизнь... Read more: MS Group
How the shell converts an icon location into an icon
|
A customer had trouble getting an icon to display for a registered file type. In my resource file, I specify the icon like this: 101 ICON awesome.ico And when I register my file type, I set it like this: [HKEY_CLASSES_ROOT\.xyz\DefaultIcon]
@="C:\path\to\awesome.exe,101" However, when I view an .xyz file, my awesome icon doesn't appear. On the other hand, if I change the 101 to a 0, then it works. Why? Isn't the number in the resource file the resource ID? Why yes, in fact, the number in the resource file is indeed the resource ID. But the number after the comma in the DefaultIcon isn't.The format of shell icon locations (used most visibly by DefaultIcon, but also used in other places) is «file»,«index», where the index is a zero-based index of the icon in your resources. In other words, an index of zero means "Give me the first icon in the file." The resource compiler sorts icons numerically by resource ID, so the first icon in the file is the icon with the numerically lowest resource ID. In the above example, apparently there are no icons with resource IDs less than 101; that would explain why asking for icon index zero results in the awesome icon. The function behind all this icon hunting is ExtractIcon. The icon location string is split up at the comma into a path and an integer, and that path and integer are passed to the ExtractIcon function. Since the ExtractIcon function interprets the integer as the icon index, that's what the integer in your icon location string means. Read more: The old new thing
@="C:\path\to\awesome.exe,101" However, when I view an .xyz file, my awesome icon doesn't appear. On the other hand, if I change the 101 to a 0, then it works. Why? Isn't the number in the resource file the resource ID? Why yes, in fact, the number in the resource file is indeed the resource ID. But the number after the comma in the DefaultIcon isn't.The format of shell icon locations (used most visibly by DefaultIcon, but also used in other places) is «file»,«index», where the index is a zero-based index of the icon in your resources. In other words, an index of zero means "Give me the first icon in the file." The resource compiler sorts icons numerically by resource ID, so the first icon in the file is the icon with the numerically lowest resource ID. In the above example, apparently there are no icons with resource IDs less than 101; that would explain why asking for icon index zero results in the awesome icon. The function behind all this icon hunting is ExtractIcon. The icon location string is split up at the comma into a path and an integer, and that path and integer are passed to the ExtractIcon function. Since the ExtractIcon function interprets the integer as the icon index, that's what the integer in your icon location string means. Read more: The old new thing
Mono ASP.NET FAQ
|
If you read instruction on how to set up mod_mono with Apache here: http://www.mono-project.com/FAQ:_ASP.NET do not forget to read a little bit more about it here: ImprovingModMono - http://www.mono-project.com/ImprovingModMono Because 'MonoDebug' directive really crash all my settings and took me whole day to figure it. If you have this command in your configurations files - just commant it and then everything back to normal
7 Billion Scanned Photos Later, Face.com Opens Up To Developers
|
Tuesday, May 4, 2010
Facial recognition technology startup Face.com publicly launched at last year’s Techonomy event in Tel Aviv, Israel. Today thus marks an excellent time for them to make some announcements, as it is the evening prior to Techonomy 2010, which I’m attending. The company is today publicly launching a developer community and open API, providing third-party developers access to their facial recognition technology, including the algorithm that powers their Facebook applications Photo Finder and Photo Tagger. The former app saw one hell of a kick-off, tagging up to 400 million photos in its first month. A year later, Face.com’s Facebook apps have scanned over 7 billion photos in total and identified no less than 52 million faces. Read more: Techcrunch
Official site: Face.com
Official site: Face.com
Gene Therapy Restores Sight To Blind
|
Looks like we have found a cure for genetic blindness (clinical trial — abstract — paper [PDF] — ABC News video). This gene therapy treatment increases both cone and rod photoreceptor-based vision. These engineered viruses are implanted to do our bidding to restore vision. Clinical trials on 6 children and young people proved the therapy and didn't find any notable side effects Read more: Salshdot
Xcode: The complete explanation on how to use static libraries.
|
It won’t take so long to follow the tutorial…After writing the complete tutorial i was a little bit worried that it was too big or that it would take to long for people to read it all through, however, i followed the whole tutorial all over and it actually doesn’t take that long at all. The whole tutorial takes in between 8 to 12 minutes to complete.
So what are static libraries and why would i want to use them?When you are developing you always have pieces of code that are convenient and usable in different projects, or you have for example a piece of code that accesses something in the same manner which could be used for various projects of the same kind (for example the code for communicating with a high score server which can be used by all sorts of games). Now there are a number of ways on how to go about this, one method could be to just simple copy the code to a project every time you need it. One big downside to this is that every project has a copy of the code and pretty soon all the various copies are different, or even worse, you found a bug and need to change it in twenty different projects. A better solution would be to keep the code in a separate project so that all maintenance on that code can be done in one single spot. This is where a static library comes in, you can create a static library project and link the library into the various projects. Now in our case we will not only link the library but actually the complete static project to our normal project. The reason for this is that a compiled ‘product’ is specific for it’s environment, so when you compile a static library project for a simulator / debug target it cannot be used in a deployment to a physical device. Linking the project itself has the advantage that when you change the compile target for your own project it will be automatically be delegated to the static library project. When you now compile your own project it will automatically compile the static project along with it. Read more: Sodeso
So what are static libraries and why would i want to use them?When you are developing you always have pieces of code that are convenient and usable in different projects, or you have for example a piece of code that accesses something in the same manner which could be used for various projects of the same kind (for example the code for communicating with a high score server which can be used by all sorts of games). Now there are a number of ways on how to go about this, one method could be to just simple copy the code to a project every time you need it. One big downside to this is that every project has a copy of the code and pretty soon all the various copies are different, or even worse, you found a bug and need to change it in twenty different projects. A better solution would be to keep the code in a separate project so that all maintenance on that code can be done in one single spot. This is where a static library comes in, you can create a static library project and link the library into the various projects. Now in our case we will not only link the library but actually the complete static project to our normal project. The reason for this is that a compiled ‘product’ is specific for it’s environment, so when you compile a static library project for a simulator / debug target it cannot be used in a deployment to a physical device. Linking the project itself has the advantage that when you change the compile target for your own project it will be automatically be delegated to the static library project. When you now compile your own project it will automatically compile the static project along with it. Read more: Sodeso
DPack 3 (3.0.1) is out - Think VS2010 RTM, VS2008 versions and with great tasting filling too…
|
I’m proud to announce that new DPack version 3.0.1 for VS 2008/2010 is available now. This is a major update, which introduces VS 2010 RTM as well as Code Browser toolwindow mode support.DPack is also available on Visual Studio Gallery site. The version you can download right from Visual Studio 2010 is slightly different from the standalone setup application you can get off DPack’s site. Visual Studio Gallery extension doesn’t include any keyboard mapping schemes where as the standalone setup application does. Read more: Greg's Cool [Insert Clever Name] of the Day
Official site: DPack
Official site: DPack
Channel Sinks in .NET
|
The examples for this section are in the Sample5 folder. Two projects-CustomSinkLib and SimpleObjectForSinkLib-are libraries. The client and server console projects are SinkClientExe and SinkServerExe respectively. Each of the console projects requires references to System.Runtime.Remoting.dll, SimpleObjectForSinkLib.dll, and CustomSinkLib.dll. Channel sinks are the means by which messages are passed back and forth between the client and server. Earlier in the chapter, call contexts were explored as a device to transparently pass data across the wire. A channel sink can be an alternative way to achieve the same end. But sinks are not limited to that single function. The HTTP and TCP channels, provided by .NET, have two default sinks in the sink chain-a formatter and a transport sink. The formatter converts an IMessage into a stream, while the transporter streams the data across the wire. Each does a discrete unit of work and hands the result to the next sink in the chain. The .NET Framework does not restrict the number of links in a sink chain. The sink chain can be viewed as a functional linked list, rather than a linked list of data. Depending on the problem domain, one to many sinks are plugged into a channel's chain, with each sink addressing a single task. This may include logging, security functions, encryption, or any other task that is required on the route from the transparent proxy to the remote object. To become a member of a sink chain, certain criteria must be met. All channels are divided into senders and receivers. Receivers are generally servers, while senders are clients. Channel sinks can be seen in the same light. They are connected to a channel by a sink provider, either a System.Runtime.Remoting.Channels.IClientChannelSinkProvider or an IServerChannelSinkProvider. Listing 25.28: ClientSinkProvider.cs public class ClientSinkProvider : IClientChannelSinkProvider
{
private IClientChannelSinkProvider next = null; public ClientSinkProvider()
{
} public ClientSinkProvider(IDictionary props, ICollection provider)
{
} public IClientChannelSink CreateSink(IChannelSender sender, string url, object channelData)
{
IClientChannelSink sink = null; if (next != null)
{
sink = next.CreateSink(sender, url, channelData);
} if (sink != null)
{
sink = new ClientSink(sink);
} return (sink);
} public IClientChannelSinkProvider Next
{
get
{
return (next);
} set
{
next = value;
}
}
}Deriving from the IClientChannelSinkProvider interface, described in Listing 25.28, requires implementing the CreateSink method and the Next property. The server provider code, not shown, in ServerSinkProvider.cs is the same, except for an additional method, GetChannelData(), which has a System.Runtime.Remoting.Channels.IChannelDataStore parameter. Read more: C# Corner
{
private IClientChannelSinkProvider next = null; public ClientSinkProvider()
{
} public ClientSinkProvider(IDictionary props, ICollection provider)
{
} public IClientChannelSink CreateSink(IChannelSender sender, string url, object channelData)
{
IClientChannelSink sink = null; if (next != null)
{
sink = next.CreateSink(sender, url, channelData);
} if (sink != null)
{
sink = new ClientSink(sink);
} return (sink);
} public IClientChannelSinkProvider Next
{
get
{
return (next);
} set
{
next = value;
}
}
}Deriving from the IClientChannelSinkProvider interface, described in Listing 25.28, requires implementing the CreateSink method and the Next property. The server provider code, not shown, in ServerSinkProvider.cs is the same, except for an additional method, GetChannelData(), which has a System.Runtime.Remoting.Channels.IChannelDataStore parameter. Read more: C# Corner
10 Amazing Cross Platform IDE for Developers
|
An Integrated Development Environment (IDE) or known as Integrated Environmental Design is the application software that provides coding, editing and debugging tool for creating desktop applications, Web applications and more. The developers really need an IDE because it is very helpful in developing applications. When you create applications using PHP or Java, you have to go back and forth between the Firebug, a text editor and FTP. You lose time in switching between different applications. IDE to fill this gap by keeping you focused on your work rather than switching between different applications. In this post, we’ve collect 10 Stunning Multi Platform IDE for Developers. No matter your platform, whether Windows, Mac or linux
Qt CreatorQt Creator is a new cross-platform integrated development environment (IDE) tailored to meet the needs of the developers Qt. Qt Creator is available with the QT libraries and the latest development tools as part of the additional QT SDK that all you need to proceed with the to launch platform Qt development offers in a single install. The latest version of Qt Creator introduces preliminary support for the development of the Symbian platform. Code::BlocksCode:: Blocks is a free C + + IDE to meet the demanding needs of its users. It is designed to be very extensible and configurable. Built around a plugin framework, Code:: Blocks can be extended with plugins. All functions can be added by installing a plugin coding. For example, compiling and debugging functionality is already provided by plugins ! NetBeans IDENetBeans is the most popular cross platform, which supports many languages such as Ajax, C / C + +, Ruby, PHP, JavaScript, Python and more. Choose script or programming language and start working. You can create desktop, mobile, web application using NetBeans. Read more: denbagus.net
Qt CreatorQt Creator is a new cross-platform integrated development environment (IDE) tailored to meet the needs of the developers Qt. Qt Creator is available with the QT libraries and the latest development tools as part of the additional QT SDK that all you need to proceed with the to launch platform Qt development offers in a single install. The latest version of Qt Creator introduces preliminary support for the development of the Symbian platform. Code::BlocksCode:: Blocks is a free C + + IDE to meet the demanding needs of its users. It is designed to be very extensible and configurable. Built around a plugin framework, Code:: Blocks can be extended with plugins. All functions can be added by installing a plugin coding. For example, compiling and debugging functionality is already provided by plugins ! NetBeans IDENetBeans is the most popular cross platform, which supports many languages such as Ajax, C / C + +, Ruby, PHP, JavaScript, Python and more. Choose script or programming language and start working. You can create desktop, mobile, web application using NetBeans. Read more: denbagus.net
9 Rules about Constructors, Destructors, and Finalizers
|
OverviewFirst, this writing concentrates of and compares between three programming languages, C#, C++/CLI, and ISO/ANSI C++. It discusses 9 rules that every developer should keep in mind while working with constructors, destructors, and finalizers and class hierarchies: * Rule #1: Contrsuctors are called in descending order
* Rule #2: In C# lexicology, a destructor and a finalizer refer to the same thing
* Rule #3: Destructors are called in ascending order
* Rule #4: Finalizers are a feature of GC-managed objects only
* Rule #5: You cannot determine when finalizers would be called
* Rule #6: MC++ differs between destructors and finalizers
* Rule #7: In MC++ and classic C++, you can determine when destructors are called
* Rule #8: In MC++, destructors and finalizers are not called together
* Rule #9: Beware of virtual functions in constructorsRule #1: Constructors are called in descending order Rule #1: Constructors are called in descending order; starting from the root class and stepping down through the tree to reach the last leaf object that you need to instantiate. Applies to C#, MC++, and ANSI C++. Let's consider a simple class hierarchy like this:class BaseClass
{
{
{
* Rule #2: In C# lexicology, a destructor and a finalizer refer to the same thing
* Rule #3: Destructors are called in ascending order
* Rule #4: Finalizers are a feature of GC-managed objects only
* Rule #5: You cannot determine when finalizers would be called
* Rule #6: MC++ differs between destructors and finalizers
* Rule #7: In MC++ and classic C++, you can determine when destructors are called
* Rule #8: In MC++, destructors and finalizers are not called together
* Rule #9: Beware of virtual functions in constructorsRule #1: Constructors are called in descending order Rule #1: Constructors are called in descending order; starting from the root class and stepping down through the tree to reach the last leaf object that you need to instantiate. Applies to C#, MC++, and ANSI C++. Let's consider a simple class hierarchy like this:class BaseClass
{
public BaseClass()
{
{
Console.WriteLine("ctor of BaseClass");
}
} class DerivedClass : BaseClass {
public DerivedClass()
{
{
Console.WriteLine("ctor of DerivedClass");
}
} class ChildClass : DerivedClass {
public ChildClass()
{
{
Console.WriteLine("ctor of ChildClass");
}
}ChildClass inherits from DerivedClass, and DerivedClass, in turn, inherits from BaseClass.Read more: C# Corner SubversionSharp
|
SubversionSharp is a C# wrapper that fully covers the client API of Subversion SCM 1.0. Easy access to the Subversion API is provided without any compromise on fonctionality. This library is the starting point to easily integrate Subversion repositories in any .NET managed software. These C# bindings for Subversion has been written for portability and performances. This library is now available for both Mono/Linux and .NET/Windows environments. SubversionSharp (or SVNSharp or even SVN#) is a C# wrapper that fully covers the client API of Subversion. Easy access to the Subversion API is provided without any compromise on functionality.Read more: softec
Svn.NET
|
This is a project to build reliable .NET bindings for the Subversion version-control system libraries. This is a continuation of the SubversionSharp library initially created by Softec and released under the LGPL. Even though this is a "fork" of SubversionSharp, I have spoken with the author of that project and we plan to eventually merge the projects back together. I am more interested in full .NET 2.0 compatibility and eventually creating a fully-managed client library that does not expose any "unsafe" code to users. I also want to regularly publish Win32 binary zipfiles which contain all the DLLs necessary to access the Subversion API from .NET 2.0 (including the Subversion client library and all dependencies such as APR, Neon, etc.) Creating this "temporary fork" allows me more flexibility in continuing development in these areas. I do not intend to change the namespace of any existing classes or assemblies.
Project Status (and How You Can Help!) We have released a zipfile (see below) containing a binary Win32 build of the Subversion 1.4 client library, its dependencies, and the AprSharp and SubversionSharp managed assemblies which fully expose the Subversion 1.4 client API. Note that other Subversion APIs, such as the RA (Repository Access, or "server") layer are not implemented and we have no plans to implement them at this time. The long-term goal for Svn.NET is to hide all unsafe methods from the public interface, and expose only a fully managed API. Consuming applications should not need to deal with the intricacies of the Subversion API. However, in order to achieve this goal, the existing SvnClient library needs to have a complete suite of unit tests written, as well as better code documentation, in order to allow us to refactor parts of the codebase without breaking functionality. If you have C# experience and would like to help a bit on this project, writing a unit test or two is a great way to help! Read more: Svn.NET
Project Status (and How You Can Help!) We have released a zipfile (see below) containing a binary Win32 build of the Subversion 1.4 client library, its dependencies, and the AprSharp and SubversionSharp managed assemblies which fully expose the Subversion 1.4 client API. Note that other Subversion APIs, such as the RA (Repository Access, or "server") layer are not implemented and we have no plans to implement them at this time. The long-term goal for Svn.NET is to hide all unsafe methods from the public interface, and expose only a fully managed API. Consuming applications should not need to deal with the intricacies of the Subversion API. However, in order to achieve this goal, the existing SvnClient library needs to have a complete suite of unit tests written, as well as better code documentation, in order to allow us to refactor parts of the codebase without breaking functionality. If you have C# experience and would like to help a bit on this project, writing a unit test or two is a great way to help! Read more: Svn.NET
Apache Portable Runtime
|
The mission of the Apache Portable Runtime (APR) project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of predictable if not identical behaviour regardless of the platform on which their software is built, relieving them of the need to code special-case conditions to work around or take advantage of platform-specific deficiencies or features. Read more: Apache
SVNCOM
|
SVNCOM is a set of COM objects designed to provide subversion functionality for purposes of automatization without direct usage of sources or command line client. There are lot of reasons why usage of source codes directly can be not convenient. The main is necessity to spend much time for learning and requirement of specific knowledge (senior "C language" skills). Usage of command line client also cause lot of problems and the main are: problem with file names encoding and output parsing. On Windows OS, COM binding will allow access to subversion almost from any place: .NET code, native Win32 code, vbs scripts (standalone, VB for applications, ASP etc). So you can use subversion in your programs and automatizations scripts easy. SVNCOM bindings available in two packages: MSI installer with "SDK" (few vbs examples, svn help file and some api help) and MSM redistributive package. The MSM package will allow easy integration with your own installer. SVNCOM bindings can be freely redistributed, preserving both subversion (tigris) and PushOk Software copyright rights. Both licenses grant almost non limited usage in binary form. SVNCOM now is the part of Pushok SVNSCC Proxy (SCC API integration plug-in). This mostly means that binding have the commercial quality and will be maintained in the future. But in the same time SVNCOM project is an open source project and any contribution (including money donations) are welcome. SVNCOM binding API is closely linked with SVN "C" api which is closely linked with SVN command line client functionality. Binding have two main object "SVNClient" and "SVNAdmin" which correspond to "svn.exe" and "svnadmin.exe" correspondingly. Few events are raised from client: cancellation ask (idle), working copy notifications and progress. Typical usage of COM binding will look like this (vbs code): dim client
' create client
set client = CreateObject("PushOkSvn.SVNClient")
' set any options (if any), for example user name and password
client.SetOption SvnClientOptionDefUserName, "User"
client.SetOption SvnClientOptionDefUserPassword, "Password"
' init client
client.InitClient()
' use it, for example let's add some files into repository
dim src
set src = CreateObject("PushOkSvn.StringVector")
src.Add("C:\some\path\here")
client.Import src, "svn://some.svn.url/here", "Commit message"
Read more: SVNCOM
' create client
set client = CreateObject("PushOkSvn.SVNClient")
' set any options (if any), for example user name and password
client.SetOption SvnClientOptionDefUserName, "User"
client.SetOption SvnClientOptionDefUserPassword, "Password"
' init client
client.InitClient()
' use it, for example let's add some files into repository
dim src
set src = CreateObject("PushOkSvn.StringVector")
src.Add("C:\some\path\here")
client.Import src, "svn://some.svn.url/here", "Commit message"
Read more: SVNCOM
Handwriting Recognition using Kernel Discriminant Analysis
|
1. Introduction
1. Linear Discriminant Analysis
2. Non-linear Discriminant Analysis with Kernels
3. Kernel trick and standard Kernel functions
2. Source code
3. Digit recognition
1. UCI's Optdigits Dataset
2. Classification by KDA
4. Test application
1. Analysis
2. Results
5. Conclusion
6. See also
7. References IntroductionLinear Discriminant AnalysisLinear discriminant analysis (LDA) is a method used in statistics and machine learning to find a linear combination of features which best characterize or separates two or more classes of objects or events. The resulting combination may be used as a linear classifier, or, more commonly, for dimensionality reduction before later classification. Read more: Codeproject
1. Linear Discriminant Analysis
2. Non-linear Discriminant Analysis with Kernels
3. Kernel trick and standard Kernel functions
2. Source code
3. Digit recognition
1. UCI's Optdigits Dataset
2. Classification by KDA
4. Test application
1. Analysis
2. Results
5. Conclusion
6. See also
7. References IntroductionLinear Discriminant AnalysisLinear discriminant analysis (LDA) is a method used in statistics and machine learning to find a linear combination of features which best characterize or separates two or more classes of objects or events. The resulting combination may be used as a linear classifier, or, more commonly, for dimensionality reduction before later classification. Read more: Codeproject
Smart Card Authentication Module Update Released
|
I’ve finally wrapped up updating the SmartCardAuthenticationModule. The link to the download is at the end of this post.A complete write-up of the previous version can be located here: http://securitythroughabsurdity.com/2007/04/implementing-smartcard-authentication.html
Changes / Improvements * Added support for ASP.NET Membership which means support for Profiles and Roles as well.
* Removed all custom database requirements from the Module. If custom DB access is needed this can be implemented in a Global event.
* Removed SmartCardPrincipal class. Smart Cards only help establish identity and don’t provide any roles membership information so I opted to remove the class and instead just wrap the identity into a GenericPrincipal. If the ASP.NET Role provider is being used, the Role module will automatically wrap the SmartCardIdentity in a RolePrincipal. Implementer's can also add custom event code in the Global to use any Principal of their choice.
* Added ASP.NET Health Monitoring events for auditing Success and Failed logins, as well as when Membership accounts are created.
* Added support for custom error pages on a 401 Unauthorized.
* Added the following Smart Card Authentication Module events:
o Authenticate
o FailedMembershipAuthentication
o MembershipValidating
o MembershipUserCreated
o MembershipUserCreating OOTB BehaviorThe out of the box behavior for the Smart Card Authentication module is as follows: 1. With ASP.NET Membership – The first time a user visits the web site, the Smart Card Authentication Module will automatically create a Membership account in a disabled state. The new MembershipUser will not have access until the account is enabled through the Membership Admin. For users who visit the site have a Membership account. the Module will call the Membership.Validate() method and will only allow them access if their Smart Card is the same as it was when they enrolled and the account is enabled.
2. With ASP.NET Membership and ASP.NET Roles – The RolePrincipal will contain the SmartCardIdentity. IsInRole() checks will work as expected and the SmartCardIdentity will also be available.
3.
Without ASP.NET Membership/RoleProvider enabled – the SmartCardAuthenticationModule will authenticate the user and attach a GenericPrincipal with NO ROLES to the HttpContext.User. To provide custom roles (when not using the ASP.NET RoleProvider), subscribe to the SmartCardAuthentication_Authenticate event in Global.asax and attach an IPrincipal containing the roles appropriate for authorization. InstallationConfigure the Web project to have a reference to the SmartCardAuthenticationModule. This can be accomplished in one of two ways:. 1. Add a reference to the SmartCardAuthentication.dll to the web application project
2. To have Smart Card Authentication Module source available in the solution, add the SmartCardAuthentication Project to the Solution containing your web project and then add a project reference to the SmartCardAuthenticationModule. In IIS, install a SSL/TLS Certificate and for Client Certificates, make sure to check either Accept or Require for the Web Site or Application. For production environments,
Read more: [ security through absurdity ]
Changes / Improvements * Added support for ASP.NET Membership which means support for Profiles and Roles as well.
* Removed all custom database requirements from the Module. If custom DB access is needed this can be implemented in a Global event.
* Removed SmartCardPrincipal class. Smart Cards only help establish identity and don’t provide any roles membership information so I opted to remove the class and instead just wrap the identity into a GenericPrincipal. If the ASP.NET Role provider is being used, the Role module will automatically wrap the SmartCardIdentity in a RolePrincipal. Implementer's can also add custom event code in the Global to use any Principal of their choice.
* Added ASP.NET Health Monitoring events for auditing Success and Failed logins, as well as when Membership accounts are created.
* Added support for custom error pages on a 401 Unauthorized.
* Added the following Smart Card Authentication Module events:
o Authenticate
o FailedMembershipAuthentication
o MembershipValidating
o MembershipUserCreated
o MembershipUserCreating OOTB BehaviorThe out of the box behavior for the Smart Card Authentication module is as follows: 1. With ASP.NET Membership – The first time a user visits the web site, the Smart Card Authentication Module will automatically create a Membership account in a disabled state. The new MembershipUser will not have access until the account is enabled through the Membership Admin. For users who visit the site have a Membership account. the Module will call the Membership.Validate() method and will only allow them access if their Smart Card is the same as it was when they enrolled and the account is enabled.
2. With ASP.NET Membership and ASP.NET Roles – The RolePrincipal will contain the SmartCardIdentity. IsInRole() checks will work as expected and the SmartCardIdentity will also be available.
3.
Without ASP.NET Membership/RoleProvider enabled – the SmartCardAuthenticationModule will authenticate the user and attach a GenericPrincipal with NO ROLES to the HttpContext.User. To provide custom roles (when not using the ASP.NET RoleProvider), subscribe to the SmartCardAuthentication_Authenticate event in Global.asax and attach an IPrincipal containing the roles appropriate for authorization. InstallationConfigure the Web project to have a reference to the SmartCardAuthenticationModule. This can be accomplished in one of two ways:. 1. Add a reference to the SmartCardAuthentication.dll to the web application project
2. To have Smart Card Authentication Module source available in the solution, add the SmartCardAuthentication Project to the Solution containing your web project and then add a project reference to the SmartCardAuthenticationModule. In IIS, install a SSL/TLS Certificate and for Client Certificates, make sure to check either Accept or Require for the Web Site or Application. For production environments,
Read more: [ security through absurdity ]
NTLM V1… no, excuse me… NTLM V2… oh, no, you were right… it’s V1…
|
… and the discussion goes like that for a couple hours.Have you been in that situation before?If the answer is no… then you probably have something better to do than reading this blog. May I suggest Dilbert? I’m a longtime fan. If the answer is yes, then you will probably like this short tip.It is easy to understand that NTLM is the authentication method being used between two computers when capturing data over the wire but, how can we distinguish if the version being used is V1 or V2?
Well, the only way to tell is by looking into the following details:3489 1:50:07 AM 3/19/2010 143.9069739 ENDPOINT01 SUT01 SMB SMB:C; Negotiate, Dialect = NT LM 0.12 {SMBOverTCP:148, TCP:147, IPv4:3} 3490 1:50:07 AM 3/19/2010 143.9077536 SUT01 ENDPOINT01 SMB SMB:R; Negotiate, Dialect is NT LM 0.12 (#0) {SMBOverTCP:148, TCP:147, IPv4:3}3491 1:50:07 AM 3/19/2010 143.9168036 ENDPOINT01 SUT01 SMB SMB:C; Session Setup Andx, NTLM NEGOTIATE MESSAGE {SMBOverTCP:148, TCP:147, IPv4:3} 3492 1:50:07 AM 3/19/2010 143.9174079 SUT01 ENDPOINT01 SMB SMB:R; Session Setup Andx, NTLM CHALLENGE MESSAGE - NT Status: System - Error, Code = (22) STATUS_MORE_PROCESSING_REQUIRED {SMBOverTCP:148, TCP:147, IPv4:3} 3493 1:50:07 AM 3/19/2010 143.9396336 ENDPOINT01 SUT01 SMB SMB:C; Session Setup Andx, NTLM AUTHENTICATE MESSAGE, Domain: , User: Administrator, Workstation: ENDPOINT01 {SMBOverTCP:148, TCP:147, IPv4:3} 3495 1:50:07 AM 3/19/2010 143.9414495 SUT01 ENDPOINT01 SMB SMB:R; Session Setup Andx {SMBOverTCP:148, TCP:147, IPv4:3}Looking into the highlighted message:
Read more: Microsoft Open Specification Blog
Well, the only way to tell is by looking into the following details:3489 1:50:07 AM 3/19/2010 143.9069739 ENDPOINT01 SUT01 SMB SMB:C; Negotiate, Dialect = NT LM 0.12 {SMBOverTCP:148, TCP:147, IPv4:3} 3490 1:50:07 AM 3/19/2010 143.9077536 SUT01 ENDPOINT01 SMB SMB:R; Negotiate, Dialect is NT LM 0.12 (#0) {SMBOverTCP:148, TCP:147, IPv4:3}3491 1:50:07 AM 3/19/2010 143.9168036 ENDPOINT01 SUT01 SMB SMB:C; Session Setup Andx, NTLM NEGOTIATE MESSAGE {SMBOverTCP:148, TCP:147, IPv4:3} 3492 1:50:07 AM 3/19/2010 143.9174079 SUT01 ENDPOINT01 SMB SMB:R; Session Setup Andx, NTLM CHALLENGE MESSAGE - NT Status: System - Error, Code = (22) STATUS_MORE_PROCESSING_REQUIRED {SMBOverTCP:148, TCP:147, IPv4:3} 3493 1:50:07 AM 3/19/2010 143.9396336 ENDPOINT01 SUT01 SMB SMB:C; Session Setup Andx, NTLM AUTHENTICATE MESSAGE, Domain: , User: Administrator, Workstation: ENDPOINT01 {SMBOverTCP:148, TCP:147, IPv4:3} 3495 1:50:07 AM 3/19/2010 143.9414495 SUT01 ENDPOINT01 SMB SMB:R; Session Setup Andx {SMBOverTCP:148, TCP:147, IPv4:3}Looking into the highlighted message:
Read more: Microsoft Open Specification Blog
CLI on the Web
|
In the last few days Joe Hewitt has been lamenting the state of client side web development technologies on twitter. TechCrunch covered the progress in their The State Of Web Development Ripped Apart In 25 Tweets By One Man. Today Joe followed up with a brilliant point: joehewitt: If CLI was the ECMA standard baked into browsers instead of ECMAScript we'd have a much more flexible web: http://bit.ly/sLILI ECMA CLI would have given the web both strongly typed and loosely typed programming languages. It would have given developers a choice between performance and scriptability. A programming language choice (use the right tool for the right job) and would have in general made web pages faster just by moving performance sensitive code to strongly typed languages. A wide variety of languages would have become first-class citizens on the web client. Today those languages can run, but they can run in plugin islands. They can run inside Flash or they can run inside Silverlight, but they are second class citizens: they run on separate VMs, and they are constrained on how they talk to the browser with very limited APIs (only some 20 or so entry points exist to integrate the browser with a plugin, and most advance interoperability scenarios require extensive hacks and knowing about a browser internal). Perhaps the time has come to experiment embedding the ECMA CLI inside the browser. Not as a separate plugin, and not as a plugin island, but as a first-class VM inside the browser. Running side-by-side to the Javascript engine. Read more: Miguel de Icaza's web log
NTFS - MFT - deleted files
|
Some time ago I needed to write some code to scan NTFS File table to find which files had been deleted from the disk (marked as deleted) and list them.Since there's little information available about the MFT structure, data runs and, on the other hand, no article (at least that i had found) about some .net code to get this, i decided to post this article. Since there are few articles about this, it took me long time to have this code working, some pieces could have been done differently, feel free to make your suggestions.
BackgroundYou can find more information about NFTS structure at www.NTFS.com. Also this article (http://comunidad.dragonjar.org/f157/taller-forensic-ii-ntfs-7688/) helped me underestand some other things..
1-NTFS BasicsNtfs is the file system proprietary to Windows XP Vista 2003 2000 NT & Windows 7, which supports file-level security, compression and auditing. It also supports large volumes and powerful storage solution such as RAID. The most important new feature of NTFS is the ability to encrypt files and folders to protect your sensitive data.I won't go very deep inside the NFTS structure, I'll just explain some topics that are used in this example.
2-Partition Boot Sector
(some description taken from NTFS.com)When you format an NTFS volume, the format program allocates the first 16 sectors for the boot sector and the bootstrap code.Read more: Codeproject
BackgroundYou can find more information about NFTS structure at www.NTFS.com. Also this article (http://comunidad.dragonjar.org/f157/taller-forensic-ii-ntfs-7688/) helped me underestand some other things..
1-NTFS BasicsNtfs is the file system proprietary to Windows XP Vista 2003 2000 NT & Windows 7, which supports file-level security, compression and auditing. It also supports large volumes and powerful storage solution such as RAID. The most important new feature of NTFS is the ability to encrypt files and folders to protect your sensitive data.I won't go very deep inside the NFTS structure, I'll just explain some topics that are used in this example.
2-Partition Boot Sector
(some description taken from NTFS.com)When you format an NTFS volume, the format program allocates the first 16 sectors for the boot sector and the bootstrap code.Read more: Codeproject
IKVM 0.42 Update 1 Released
|
I've promoted 0.42 Update 1 RC 2 to an official release.Changes (Update 1 RC 0 + RC 1 + RC 2): * Added fix to mangle all artificial type names if they clash with Java type names in the same assembly.
* Fix for http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41696.
* Fixed exception sorter to be correct when invoked with two references to the same object.
* Fix for bug #2946842.
* Fixed ikvmstub to not emit stubs for generic type definitions.
* Fixed several incorrect usages of Type.IsArray when we only want to deal with vectors.
* Fixed timezone handing bug for unrecognized timezone names.
* Several partial trust fixes.About:
IKVM.NET is a JVM for the Microsoft .NET Framework and Mono. It can both dynamically run Java classes and can be used to convert Java jars into .NET assemblies. It also includes a port of the OpenJDK class libraries to .NET. Read more: IKVM Weblog
* Fix for http://gcc.gnu.org/bugzilla/show_bug.cgi?id=41696.
* Fixed exception sorter to be correct when invoked with two references to the same object.
* Fix for bug #2946842.
* Fixed ikvmstub to not emit stubs for generic type definitions.
* Fixed several incorrect usages of Type.IsArray when we only want to deal with vectors.
* Fixed timezone handing bug for unrecognized timezone names.
* Several partial trust fixes.About:
IKVM.NET is a JVM for the Microsoft .NET Framework and Mono. It can both dynamically run Java classes and can be used to convert Java jars into .NET assemblies. It also includes a port of the OpenJDK class libraries to .NET. Read more: IKVM Weblog
Subscribe to:
Posts (Atom)
Posts
