NX bit

Posted by jasper22 at 13:31 | Saturday, May 29, 2010

   The NX bit, which stands for No eXecute, is a technology used in CPUs to segregate areas of memory for use by either storage of processor instructions (or code) or for storage of data, a feature normally only found in Harvard architecture processors. However, the NX bit is being increasingly used in conventional von Neumann architecture processors, for security reasons.
   An operating system with support for the NX bit may mark certain areas of memory as non-executable. The processor will then refuse to execute any code residing in these areas of memory. The general technique, known as executable space protection, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; this is known as a buffer overflow attack.
   Intel markets the feature as the XD bit, for eXecute Disable. AMD uses the name Enhanced Virus Protection. The ARM architecture refers to the feature as XN for eXecute Never; it was introduced in ARM v6.

WehnTrust

Posted by jasper22 at 13:31 |

Overview

WehnTrust is a Host-based Intrusion Prevention System (HIPS) for Windows 2000, XP, and Server 2003. It includes support for exploit mitigations that are designed to make exploitation more difficult by preventing the use of specific exploitation techniques and by making exploitation unreliable.

How it works

WehnTrust randomizes the base addresses of memory allocations to make it more difficult to exploit software vulnerabilities such as buffer overflows. This technique is commonly known as Address Space Layout Randomization (ASLR) and was originally conceived by the PaX team. Microsoft has recently incorporated support for ASLR into Windows Vista and Windows Server 2008. In addition to ASLR, WehnTrust generically mitigates SEH overwrites by dynamically validating a thread's exception handler chain prior to allowing exceptions to be dispatched.

Recommendations
Using WehnTrust in combination with hardware-enforced DEP (non-executable pages) as included with Windows XP SP2 and Windows Server 2003 provides the greatest level of security. Non-executable pages help to counter some of the inherent weaknesses of ASLR.

Read more: Codeplex

Posted via email from jasper22's posterous

Linux Disable or Enable ExecShield Buffer Overflows Protection

Posted by jasper22 at 13:30 |

Now that I have Cent OS (RHEL clone) installed on my IBM server, I'm wondering what is ExecShield and how do I disable the same?

ExecShield is security Linux kernel patch to avoid worms and other problems.

Wikipedia has more information about Exec Shield project:

Exec Shield is a project that got started at Red Hat, Inc in late 2002 with the aim of reducing the risk of worm or other automated remote attacks on Linux systems. The first result of the project was a security patch for the Linux kernel that adds an NX bit to x86 CPUs. While the Exec Shield project has had many other components, some people refer to this first patch as Exec Shield.

Task: Disable ExecShield protection

Type the following command as root user:
# sysctl -w kernel.exec-shield=0

You can disable it permanently system-wide after each and every reboot by adding following line to /etc/sysctl.conf file:
# vi /etc/sysctl.conf

Append following line
kernel.exec-shield=0

Save and close the file. Please note that I don’t recommend disabling ExecShild protection.

GroundWork Monitor Enterprise

Posted by jasper22 at 13:30 |

GroundWork Monitor Enterprise Edition is the most scalable open source system and network management software for companies with heterogeneous operating systems, application and hardware environments who want to reduce ongoing monitoring costs, consolidate views and reports and improve staff productivity.

Posted via email from jasper22's posterous

Detecting Rootkits in Memory Dumps

Posted by jasper22 at 13:30 |

About the presentation

I am going to talk about different techniques to dump the memory on a system and how to analyze it, looking for the presence of a kernel level rootkit.

60 minutes

usually takes hours to explain

High technical level

Hopefully comprehensive

Agenda

What is a rootkit?
Dumping the memory
How-to analyze a memory dump?
Different rootkit techniques and how we detect it

RedHat Linux: Advanced Installation and Deployment

Posted by jasper22 at 13:30 |

The Red Hat Enterprise Linux Installation Guide discusses the installation of Red Hat Enterprise Linux and some basic post-installation troubleshooting. However, advanced installation options are also covered in this manual. This part provides instructions for kickstart (an automated installation technique)and all related tools. Use this part in conjunction with the first part of the Red Hat Enterprise Linux Installation Guide to perform any of these advanced installation tasks.

Clonezilla

Posted by jasper22 at 13:30 |

You're probably familiar with the popular proprietary commercial package Norton Ghost®. The problem with these kind of software packages is that it takes a lot of time to massively clone systems to many computers. You've probably also heard of Symantec's solution to this problem, Symantec Ghost Corporate Edition® with multicasting. Well, now there is an OpenSource clone system (OCS) solution called Clonezilla with unicasting and multicasting!

Clonezilla, based on DRBL, Partclone and udpcast, allows you to do bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the clone efficiency. At the NCHC's Classroom C, Clonezilla SE was used to clone 41 computers simultaneously. It took only about 10 minutes to clone a 5.6 GBytes system image to all 41 computers via multicasting!

Features of Clonezilla

Free (GPL) Software.
Filesystem supported: (1) ext2, ext3, ext4, reiserfs, reiser4, xfs, jfs of GNU/Linux, (2) FAT, NTFS of MS Windows, (3) HFS+ of Mac OS, (4) UFS of FreeBSD, NetBSD, and OpenBSD, and (5) VMFS of VMWare ESX. Therefore you can clone GNU/Linux, MS windows, Intel-based Mac OS, and FreeBSD, NetBSD, and OpenBSD, no matter it's 32-bit (x86) or 64-bit (x86-64) OS. For these file systems, only used blocks in partition are saved and restored. For unsupported file system, sector-to-sector copy is done by dd in Clonezilla.
LVM2 (LVM version 1 is not) under GNU/Linux is supported.
Grub (version 1 and version 2) is supported.
Multicast is supported in Clonezilla SE, which is suitable for massively clone. You can also remotely use it to save or restore a bunch of computers if PXE and Wake-on-LAN are supported in your clients.
Based on Partclone (default), Partimage (optional), ntfsclone (optional), or dd to image or clone a partition. However, Clonezilla, containing some other programs, can save and restore not only partitions, but also a whole disk.
By using another free software drbl-winroll, which is also developed by us, the hostname, group, and SID of cloned MS windows machine can be automatically changed.

Limitations

The destination partition must be equal or larger than the source one.
Differential/incremental backup is not implemented yet.
Online imaging/cloning is not implemented yet. The partition to be imaged or cloned has to be unmounted.
Software RAID/fake RAID is not supported by default. It's can be done manually only.
Due to the image format limitation, the image can not be explored or mounted. You can _NOT_ recovery single file from the image. However, you still have workaround to make it, read this.

Mondo Rescue

Posted by jasper22 at 13:30 |

Mondo Rescue is a GPL disaster recovery solution. It supports Linux (i386, x86_64, ia64) and FreeBSD (i386). It's packaged for multiple distributions (RedHat, RHEL, SuSE, SLES, Mandriva, Debian, Gentoo).

It supports tapes, disks, network and CD/DVD as backup media, multiple filesystems, LVM, software and hardware Raid.

You need it to be safe.

Cobbler

Posted by jasper22 at 13:30 |

Cobbler is an install server; batteries are included

Cobbler is a Linux installation server that allows for rapid setup of network installation environments. It glues together and automates many associated Linux tasks so you do not have to hop between lots of various commands and applications when rolling out new systems, and, in some cases, changing existing ones.

With a simple series of commands, network installs can be configured for PXE, reinstallations, media-based net-installs, and virtualized installs (supporting Xen, qemu, KVM, and some variants of VMware). Cobbler uses a helper program called 'koan' (which interacts with Cobbler) for reinstallation and virtualization support.

Cobbler is a small and lightweight application (about 15k lines of Python code). It tries to be extremely simple to use both for very small and very large installations -- as well as easy to work on, extend, and hack. It avoids being "enterprisey" (as in complicated) whenever possible, but is highly useful in all sorts of enterprises by having a lot of advanced features and doing small things to save a large amount of time in repeated tasks.

Cobbler can also optionally help with managing DHCP, DNS, and yum package mirroring infrastructure -- in this regard, it is a more generalized automation app, rather than just dealing specifically with installations. There is also a lightweight built-in configuration management system, as well as support for integrating with configuration management systems like Puppet. Cobbler has a command line interface, a web interface (screenshot), and also several API access options. That sounds like a lot, but it's really pretty simple. New users may like to start with the web app after doing the initial setup steps on the command line (cobbler check; cobbler import) as it will give them a good idea of all of the features available. Advanced features don't have to be understood all at once, they can be incorporated over time as the need for them arises.

You can read more at the various links below to understand all that Cobbler can do.

SystemImager

Posted by jasper22 at 13:30 |

SystemImager is software which automates Linux installs, software distribution, and production deployment.

SystemImager makes it easy to do automated installs (clones), software distribution, content or data distribution, configuration changes, and operating system updates to your network of Linux machines. You can even update from one Linux release version to another!
It can also be used to ensure safe production deployments. By saving your current production image before updating to your new production image, you have a highly reliable contingency mechanism. If the new production enviroment is found to be flawed, simply roll-back to the last production image with a simple update command!

Some typical environments include: Internet server farms, database server farms, high performance clusters, computer labs, and corporate desktop environments.

Mono Tools for Visual Studio 2.0 Beta 1

Posted by jasper22 at 00:19 | Friday, May 28, 2010

Mono Tools for Visual Studio 2.0 Beta 1We are extremely happy to announce Mono Tools for Visual Studio 2.0 Beta 1! (MonoTools). This version is a major upgrade from MonoTools 1.1, bringing many new features:

* The Mono soft debugger, for more reliable debugging
* Server profiles, for easier deployment options
* Compressed deployment for faster copying to server
* Full Run/Debug support for Linux, Mac, and Windows

Full details of these features can be found in the Mono Tools for Visual Studio 2.0 Release Notes:

http://mono-project.com/Release_Notes_MonoTools_2.0

As part of this round of betas, we are moving these discussions to a public forums for all Mono Tools users:

http://forums.mono-tools.com/

Read more: List

Error in posting

Posted by jasper22 at 00:14 |

Somehow new post didn't get here - I'm currently fixing it.

Slackware 13.1 Released

Posted by jasper22 at 00:02 |

Yes, it's that time again! After many months of development and careful testing, we are proud to announce the release of Slackware version 13.1!

We are sure you'll enjoy the many improvements. We've done our best to bring the latest technology to Slackware while still maintaining the stability and security that you have come to expect. Slackware is well known for its simplicity and the fact that we try to bring software to you in the condition that the authors intended.

Slackware 13.1 brings many updates and enhancements, among which you'll find two of the most advanced desktop environments available today: Xfce 4.6.1, a fast and lightweight but visually appealing and easy to use desktop environment, and KDE 4.4.3, a recent stable release of the new 4.4.x series of the award-winning KDE desktop environment. We continue to make use of HAL (Hardware Abstraction Layer) and udev, which allow the system administrator to grant use of various hardware devices according to users' group membership so that they will be able to use items such as USB flash sticks, USB cameras that appear like USB storage, portable hard drives, CD and DVD media, MP3 players, and more, all without requiring sudo, the mount or umount command. Just plug and play. Properly set up, Slackware's desktop should be suitable for any level of Linux experience. New to the desktop framework are ConsoleKit and PolicyKit. ConsoleKit handles "seats", things like dealing with devices when switching from one user to another. PolicyKit is a system for fine-grained access control, allowing a non-root user to run certain tasks with elevated privilege, but more securely than if the entire task were simply run as root.

Slackware uses the 2.6.33.4 kernel bringing you advanced performance features such as journaling filesystems, SCSI and ATA RAID volume support, SATA support, Software RAID, LVM (the Logical Volume Manager), and encrypted filesystems. Kernel support for X DRI (the Direct Rendering Interface) brings high-speed hardware accelerated 3D graphics to Linux.

Read more: Slashdot
Read more: Slackware

Posted via email from jasper22's posterous

2010: The year instant messaging finally died ?

Posted by jasper22 at 00:01 |

Has Twitter killed instant messaging? That’s one possible explanation for the sudden and precipitous drop in instant message traffic in the past few years. A recent study shows that Britons spent an entire 14 percent of the online-time instant messaging back in 2007. Now? That number is a paltry 5 percent. Is IM dead, dying, or merely going through growing pains?

There’s a few reasons why IM may have fallen out out of fashion. One is that IM services are incompatible with each other. You can’t IM your friends in London with AIM becuase they use Windows Live Messenger. You can, however, send them a quick SMS and accomplish the same thing.

Or, and this is something I noticed in the few years that I’ve been out of school, is that kids, rather than merely sending text IMs to each other, will often fire up Skype and have a conversation right there. Or, again, they’ll SMS each other.

Notice a pattern here? It’s all SMS, baby, especially if you connect your Twitter account to your phone. One quick text, boom, everyone knows that you think the Lakers will win the championship this year rather than just one buddy on your long buddy list.

And let’s not forget that Facebook has had a built-in IM system for a few years now. Too bad Facebook is losing users left and right these days…

Why Online Privacy Is Broken

Posted by jasper22 at 00:01 |

One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that.

Read more: Slashdot

Posted via email from jasper22's posterous

Mark Twain To Reveal All After 100 Year Wait

Posted by jasper22 at 00:01 |

The Independent reports that one of Mark Twain's dying wishes is at last coming true: an extensive, outspoken and revelatory autobiography which he devoted the last decade of his life to writing is finally going to be published one hundred years after his death. Twain, the pen name of Samuel Clemens, left behind 5,000 unedited pages of memoirs when he died in 1910, together with handwritten notes saying that he did not want them to hit bookshops for at least a century, but in November, the University of California, Berkeley, where the manuscript is in a vault, will release the first volume of Mark Twain's three-volume autobiography. Scholars are divided as to why Twain wanted his autobiography kept under wraps for so long, with some believing it was because he wanted to talk freely about issues such as religion and politics. Michael Shelden, who this year published Man in White, an account of Twain's final years, says that some of his privately held views could have hurt his public image. 'He had doubts about God, and in the autobiography, he questions the imperial mission of the US in Cuba, Puerto Rico and the Philippines,' says Shelden. 'He's also critical of [Theodore] Roosevelt, and takes the view that patriotism was the last refuge of the scoundrel. Twain also disliked sending Christian missionaries to Africa. He said they had enough business to be getting on with at home: with lynching going on in the South, he thought they should try to convert the heathens down there.' Interestingly enough, Twain had a cunning plan to beat the early 20th century copyright law with its short copyright terms. Twain planned to republish every one of his works the moment it went out of copyright with one-third more content, hoping that availability of such 'premium' version will make prints based on the out-of-copyright version less desirable on the market

Read more: Slashdot

Posted via email from jasper22's posterous

How to create a certificate request with CertEnroll and .NET (C#)

Posted by jasper22 at 00:01 |

Hi all,

The following C# sample shows how to use CertEnroll COM component to create a certificate request, send the request to the CA, get the response from the CA, and install the new certificate in the machine:

(Note that this sample is a WinForms app with 3 buttons -createRequestButton, sendRequestButton, acceptPKCS7Button- and 2 textboxes -requestText & responseText-)

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;

// Add the CertEnroll namespace
using CERTENROLLLib;
using CERTCLIENTLib;

namespace CATest
{
public partial class Form1 : Form
{
private const int CC_DEFAULTCONFIG = 0;
private const int CC_UIPICKCONFIG = 0x1;
private const int CR_IN_BASE64 = 0x1;
private const int CR_IN_FORMATANY = 0;
private const int CR_IN_PKCS10 = 0x100;
private const int CR_DISP_ISSUED = 0x3;
private const int CR_DISP_UNDER_SUBMISSION = 0x5;
private const int CR_OUT_BASE64 = 0x1;
private const int CR_OUT_CHAIN = 0x100;

public Form1()
{
InitializeComponent();
}

// Create request
private void createRequestButton_Click(object sender, EventArgs e)
{
// Create all the objects that will be required
CX509CertificateRequestPkcs10 objPkcs10 = new CX509CertificateRequestPkcs10Class();
CX509PrivateKey objPrivateKey = new CX509PrivateKeyClass();
CCspInformation objCSP = new CCspInformationClass();
CCspInformations objCSPs = new CCspInformationsClass();
CX500DistinguishedName objDN = new CX500DistinguishedNameClass();
CX509Enrollment objEnroll = new CX509EnrollmentClass();
CObjectIds objObjectIds = new CObjectIdsClass();
CObjectId objObjectId = new CObjectIdClass();
CX509ExtensionKeyUsage objExtensionKeyUsage = new CX509ExtensionKeyUsageClass();
CX509ExtensionEnhancedKeyUsage objX509ExtensionEnhancedKeyUsage = new CX509ExtensionEnhancedKeyUsageClass();
string strRequest;

try
{
requestText.Text = "";

// Initialize the csp object using the desired Cryptograhic Service Provider (CSP)
objCSP.InitializeFromName(
"Microsoft Enhanced Cryptographic Provider v1.0"
);

// Add this CSP object to the CSP collection object
objCSPs.Add(
objCSP
);

// Provide key container name, key length and key spec to the private key object
//objPrivateKey.ContainerName = "AlejaCMa";
objPrivateKey.Length = 1024;
objPrivateKey.KeySpec = X509KeySpec.XCN_AT_SIGNATURE;
objPrivateKey.KeyUsage = X509PrivateKeyUsageFlags.XCN_NCRYPT_ALLOW_ALL_USAGES;
objPrivateKey.MachineContext = false;

// Provide the CSP collection object (in this case containing only 1 CSP object)
// to the private key object
objPrivateKey.CspInformations = objCSPs;

// Create the actual key pair
objPrivateKey.Create();

// Initialize the PKCS#10 certificate request object based on the private key.
// Using the context, indicate that this is a user certificate request and don't
// provide a template name
objPkcs10.InitializeFromPrivateKey(
X509CertificateEnrollmentContext.ContextUser,
objPrivateKey,
""
);

// Key Usage Extension
objExtensionKeyUsage.InitializeEncode(
X509KeyUsageFlags.XCN_CERT_DIGITAL_SIGNATURE_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_NON_REPUDIATION_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_KEY_ENCIPHERMENT_KEY_USAGE |
X509KeyUsageFlags.XCN_CERT_DATA_ENCIPHERMENT_KEY_USAGE
);
objPkcs10.X509Extensions.Add((CX509Extension)objExtensionKeyUsage);

// Enhanced Key Usage Extension
objObjectId.InitializeFromValue("1.3.6.1.5.5.7.3.2"); // OID for Client Authentication usage
objObjectIds.Add(objObjectId);
objX509ExtensionEnhancedKeyUsage.InitializeEncode(objObjectIds);
objPkcs10.X509Extensions.Add((CX509Extension)objX509ExtensionEnhancedKeyUsage);

// Encode the name in using the Distinguished Name object
objDN.Encode(
"CN=AlejaCMa",
X500NameFlags.XCN_CERT_NAME_STR_NONE
);

// Assing the subject name by using the Distinguished Name object initialized above
objPkcs10.Subject = objDN;

// Create enrollment request
objEnroll.InitializeFromRequest(objPkcs10);
strRequest = objEnroll.CreateRequest(
EncodingType.XCN_CRYPT_STRING_BASE64
);

requestText.Text = strRequest;

} catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}

// Submit request to CA and get response
private void sendRequestButton_Click(object sender, EventArgs e)
{
// Create all the objects that will be required
CCertConfig objCertConfig = new CCertConfigClass();
CCertRequest objCertRequest = new CCertRequestClass();
string strCAConfig;
string strRequest;
int iDisposition;
string strDisposition;
string strCert;

try
{
strRequest = requestText.Text;

// Get CA config from UI
//strCAConfig = objCertConfig.GetConfig(CC_DEFAULTCONFIG);
strCAConfig = objCertConfig.GetConfig(CC_UIPICKCONFIG);

// Submit the request
iDisposition = objCertRequest.Submit(
CR_IN_BASE64 | CR_IN_FORMATANY,
strRequest,
null,
strCAConfig
);

// Check the submission status
if (CR_DISP_ISSUED != iDisposition) // Not enrolled
{
strDisposition = objCertRequest.GetDispositionMessage();

if (CR_DISP_UNDER_SUBMISSION == iDisposition) // Pending
{
MessageBox.Show("The submission is pending: " + strDisposition);
return;
}
else // Failed
{
MessageBox.Show("The submission failed: " + strDisposition);
MessageBox.Show("Last status: " + objCertRequest.GetLastStatus().ToString());
return;
}
}

// Get the certificate
strCert = objCertRequest.GetCertificate(
CR_OUT_BASE64 | CR_OUT_CHAIN
);

responseText.Text = strCert;
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}

// Install response from CA
private void acceptPKCS7Button_Click(object sender, EventArgs e)
{
// Create all the objects that will be required
CX509Enrollment objEnroll = new CX509EnrollmentClass();
string strCert;

try
{
strCert = responseText.Text;

// Install the certificate
objEnroll.Initialize(X509CertificateEnrollmentContext.ContextUser);
objEnroll.InstallResponse(
InstallResponseRestrictionFlags.AllowUntrustedRoot,
strCert,
EncodingType.XCN_CRYPT_STRING_BASE64,
null
);

MessageBox.Show("Certificate installed!");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
}
}

I hope this helps.

OpenDLP

Posted by jasper22 at 00:01 |

OpenDLP is a free and open source, agent-based, centrally-managed, massively distributable data loss prevention tool released under the GPL. Given appropriate Windows domain credentials, OpenDLP can simultaneously identify sensitive data at rest on hundreds or thousands of Microsoft Windows systems from a centralized web application. OpenDLP has two components: a web application and an agent.

Web Application

Automatically deploy and start agents over Netbios/SMB
When done, automatically stop, uninstall, and delete agents over Netbios/SMB
Pause, resume, and forcefully uninstall agents in an entire scan or on individual systems
Concurrently and securely receive results from hundreds or thousands of deployed agents over two-way-trusted SSL connection
Create Perl-compatible regular expressions (PCREs) for finding sensitive data at rest
Create reusable profiles for scans that include whitelisting or blacklisting directories and file extensions
Review findings and identify false positives
Export results as XML
Written in Perl with MySQL backend
Agent

Runs on Windows 2000 and later systems
Written in C with no .NET Framework requirements
Runs as a Windows Service at low priority so users do not see or feel it
Resumes automatically upon system reboot with no user interaction
Securely transmit results to web application at user-defined intervals over two-way-trusted SSL connection
Uses PCREs to identify sensitive data inside files
Performs additional checks on potential credit card numbers to reduce false positives
Can read inside ZIP files, including Office 2007 and OpenOffice files

Windows 7 Sins

Posted by jasper22 at 00:01 |

With Windows 7, Microsoft is asserting legal control over your computer and is using this power to abuse computer users.

How to configure RPC dynamic port allocation to work with firewalls

Posted by jasper22 at 00:01 |

Remote Procedure Call (RPC) dynamic port allocation is used by remote administration applications such as Dynamic Host Configuration Protocol (DHCP) Manager, Windows Internet Name Service (WINS) Manager, and so on. RPC dynamic port allocation will instruct the RPC program to use a particular random port above 1024.

Customers using firewalls may want to control which ports RPC is using so that their firewall router can be configured to forward only these Transmission Control Protocol (TCP) ports.

Many RPC servers in Windows let you specify the server port. When you can specify a dedicated server port, you know what traffic flows between the hosts across the firewall, and you can define the that is traffic allowed much better. You can find a comprehensive list of Server ports that are used in Windows and major Microsoft products can be found in Microsoft Knowledge Base article 832017. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
832017 Service overview and network port requirements for the Windows Server system
The article also lists the RPC servers and which RPC servers can be configured to use custom server ports beyond the facilities that RPC offers. Use the method that is described in this article only if the RPC server does not offer a way to define the server port.

Дождались — Запущена бета Heroes of Might and Magic Online!

Posted by jasper22 at 00:00 |

Итак, дождались! TQ Digital Entertainment и Ubisoft открыли европейскую бету HoMM Online. Да-да! Это всеми любимые герои. Графика в лучших традициях пиксель-арта 2-3 частей. Классические бои. Классическая карта. И все это перемешано с прокачкой, MMO, собственным замком и т.п.

SilverShader - Silverlight Pixel Shader Demos

Posted by jasper22 at 00:00 |

SilverShader is an extensible Silverlight application that is used to demonstrate the effect of different pixel shaders. The shaders can be applied to various sources like an image or the live webcam stream.
This project also contains the HLSL source code of several pixel shaders.

This project has its root in a Coding4Fun article that explains how to write pixel shaders and the extensible Silverlight shader application.

Read more: Codeplex

Posted via email from jasper22's posterous

SilverShader – Introduction to Silverlight and WPF Pixel Shaders

Posted by jasper22 at 00:00 |

Introduction

Almost 10 years ago, Microsoft announced DirectX 8.0, including the huge real-time computer graphics milestone, Direct3D 8.0. Direct3D 8.0 introduced programmable shaders and gave the developers a chance to create never-before-seen effects and experiences apart from the fixed-function graphics pipeline. With Direct3D 8.0’s new shader capabilities, it became possible to compute neat custom-rendering effects on mainstream graphics hardware. Today’s graphics hardware is capable of running hundreds of shaders in parallel and modern games make heavy use of this technology t to achieve stunning effects.

A shader is a rather small program, a so-called kernel function, typically executed in parallel for each data element. Pixel shaders, for example, are executed for each pixel of a bitmap, and therefore used to implement per-pixel effects.

This introductory article will explain how to write pixel shaders for Silverlight and WPF, what tools should be used, and how to work with the tools. Furthermore, it will show how to build an extensible Silverlight shader application.

Demo Application

The demo application makes it possible to apply different shaders to an image or to the live stream from the webcam. The application not only comes with the two shaders that will be implemented in this article, it also contains three other shaders I’ve written before. The complete source code is licensed under the Ms-PL and can be downloaded from the CodePlex site.

You need at least the Silverlight 4 runtime installed to run the sample and a webcam is needed in order to exploit the full functionality. The runtime is available for Windows and Mac.

Причины, по которым 64-битные программы требуют больше стековой памяти

Posted by jasper22 at 23:59 | Thursday, May 27, 2010

В форумах люди часто упоминают, что 64-битные версии программ поглощают больший объем памяти и стека. При этом обычно ссылаются на то, что размеры данных стали в 2 раза больше. Однако это необоснованное утверждение, так как размер большинства типов (char, short, int, float) в языке Си/Си++ остался прежним на 64-битных системах. Конечно, например, увеличился размер указателей, но ведь не все данные в программе состоят из указателей. Причины роста потребляемой памяти и стека более сложны. Я решил подробнее исследовать данный вопрос.

В данной заметке я поговорю о стеке, а в будущем планирую обсудить выделение памяти и размер двоичного кода. И еще хочу сразу заметить, что статья посвящена языку Си/Си++ и среде разработки Visual Studio.

До недавнего времени я считал, что код 64-битной программы может поглощать стек не быстрее чем в два раза по сравнению с 32-битным кодом. Основываясь на этом предположении, я рекомендовал в статьях на всякий случай увеличивать стек программы в два раза. Однако теперь я выяснил неприятный факт. Поглощение стека может вырасти существенно больше чем в два раза. Я был удивлен, поскольку ранее считал рост стека в два раза самым пессимистическим вариантом развития событий. Причина моих необоснованных надежд станет понятна чуть позже. Рассмотрим теперь, как в 64-битной программе передаются параметры при вызове функций.

При разработке соглашений по вызовам (calling conventions) для архитектуры x86-64 решили положить конец существованию различных вариантов вызова функций. В Win32 существовал целый ряд соглашений о вызове: stdcall, cdecl, fastcall, thiscall и так далее. В Win64 только одно «родное» соглашение по вызовам. Модификаторы подобные __cdecl компилятором игнорируются. Думаю, что все согласятся в благородстве такого резкого сокращение числа соглашений.

Соглашение по вызовам на платформе x86-64 похоже на соглашение fastcall, существующее в x86. В x64-соглашении первые четыре целочисленных аргумента (слева направо) передаются в 64-битных регистрах, выбранных специально для этой цели:

RCX: 1-й целочисленный аргумент
RDX: 2-й целочисленный аргумент
R8: 3-й целочисленный аргумент
R9: 4-й целочисленный аргумент

Остальные целочисленные аргументы передаются через стек. Указатель «this» считается целочисленным аргументом, поэтому он всегда помещается в регистр RCX. Если передаются значения с плавающей точкой, то первые четыре из них передаются в регистрах XMM0-XMM3, а последующие — через стек.

The quick and easy way to add web interfaces to C/C++ applications

Posted by jasper22 at 23:59 |

Recently we needed a way to monitor a remote system’s IPv4-TCP connection table without having to periodically log on to the system and run the “netstat” command. The solution that I came up with, a lightweight netstat like server, provides real-time connection monitoring viewable from any internet browser. The project is a nice example of how to add web-interfaces to applications that only have text UIs.

Background

We used the Microsoft function GetTcpTable for gathering connection data. A Microsoft example, which illustrated how to use the function, listed below, provided a nice starting point.

Collapse
1 // Need to link with Iphlpapi.lib and Ws2_32.lib
2 #include <winsock2.h>

3 #include <ws2tcpip.h>

4 #include <iphlpapi.h>

5 #include <stdio.h>

6
7 #pragma comment(lib, "iphlpapi.lib")
8 #pragma comment(lib, "ws2_32.lib")
9
10 #define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
11 #define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
12
13 /* Note: could also use malloc() and free() */
14
15 int main()
16 {
17
18 // Declare and initialize variables
19 PMIB_TCPTABLE pTcpTable;
20 DWORD dwSize = 0;
21 DWORD dwRetVal = 0;
22
23 char szLocalAddr[128];
24 char szRemoteAddr[128];
25
26 struct in_addr IpAddr;
27
28 int i;
29
30 pTcpTable = (MIB_TCPTABLE *) MALLOC(sizeof (MIB_TCPTABLE));
31 if (pTcpTable == NULL) {
32 printf("Error allocating memory\n");
33 return 1;
34 }
35
36 dwSize = sizeof (MIB_TCPTABLE);
37 // Make an initial call to GetTcpTable to
38 // get the necessary size into the dwSize variable
39 if ((dwRetVal = GetTcpTable(pTcpTable, &dwSize, TRUE)) ==
40 ERROR_INSUFFICIENT_BUFFER) {
41 FREE(pTcpTable);
42 pTcpTable = (MIB_TCPTABLE *) MALLOC(dwSize);
43 if (pTcpTable == NULL) {
44 printf("Error allocating memory\n");
45 return 1;
46 }
47 }
48 // Make a second call to GetTcpTable to get
49 // the actual data we require
50 if ((dwRetVal = GetTcpTable(pTcpTable, &dwSize, TRUE)) == NO_ERROR) {
51 printf("\tNumber of entries: %d\n", (int) pTcpTable->dwNumEntries);
52 for (i = 0; i < (int) pTcpTable->dwNumEntries; i++) {
53 IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwLocalAddr;
54 strcpy_s(szLocalAddr, sizeof (szLocalAddr), inet_ntoa(IpAddr));
55 IpAddr.S_un.S_addr = (u_long) pTcpTable->table[i].dwRemoteAddr;
56 strcpy_s(szRemoteAddr, sizeof (szRemoteAddr), inet_ntoa(IpAddr));
57
58 printf("\n\tTCP[%d] State: %ld - ", i,
59 pTcpTable->table[i].dwState);
60 switch (pTcpTable->table[i].dwState) {
61 case MIB_TCP_STATE_CLOSED:
62 printf("CLOSED\n");
63 break;
64 case MIB_TCP_STATE_LISTEN:
65 printf("LISTEN\n");
66 break;

Docx 2 UnitTest – an interesting tool for VS2010

Posted by jasper22 at 23:59 |

Last week I got a chance to check out a new unit testing related tool called Docx 2 unitTest.

When I first saw it I remembered a previous job where I needed to produce a lot of documents along with my code. It was such a hassle that one of my fellow developers planed to create an application that will automatically generate word documents from the source code so that she won’t need to update them every single day. D2UT does the opposite – it generates (part of) unit tests from a document. So if you feel more comfortable writing documents than writing code (marketing/PM folk – I mean you) or if you need to maintain ordered documents of your test plan (QA) you want to check out Docx2UnitTest.

Dynamically Load xaml in Silverlight

Posted by jasper22 at 23:59 |

Introduction:

Let's have a scenario. Suppose you have a login page and a registration page or typically two separate xamls. Now you have only one user control and inside its layout root you have a grid. When the page loads first time you need to show the login window. But when user clicks something say one button named "Register yourself" you want to load your customized registration xamls inside the same grid. So the scenario is you have two xamls and you need to load it dynamically. This is known as dynamically loading of xamls.

Approach:

For this, I would like to store the xaml on the web. You can have it in your local drives also but putting it on the web (typically in SharePoint list) will serve the purpose. We will try to make a Synchronous call like this :

public class SyncJSWS
{
private static void createDiv()
{
}
public static string LoadStringFromUrl(string url)
{
return callService(url);
}
}
public static string callService(string url)
{
HtmlPage.Window.Eval("if(typeof XMLHttpRequest==\"undefined\"){XMLHttpRequest=function(){var a=[\"Microsoft.XMLHTTP\",\"MSXML2.XMLHTTP\",\"MSXML2.XMLHTTP.3.0\",\"Msxml3.XMLHTTP\"];for(var b=0;b<a.length;b++){try{return new ActiveXObject(a[ b ]);}catch(ex){}}};}");

ScriptObject xhr = HtmlPage.Window.CreateInstance("XMLHttpRequest");
xhr.Invoke("open", "GET", url, false);
xhr.Invoke("setRequestHeader", "Content-Type", "text/xml; charset='utf-8'");
createDiv();
xhr.Invoke("send", "");
Double status = (Double)xhr.GetProperty("status");
string statusText = (string)xhr.GetProperty("statusText");
if (status != 200)
{
string responseText = (string)xhr.GetProperty("responseText");
if (!string.IsNullOrEmpty(responseText))
{
throw new Exception(responseText);
}
else
{
throw new Exception(statusText);
}
}
else
{
string responseText = (string)xhr.GetProperty("responseText");
return responseText;
}
}

The XamlReader class will serve the purpose of loading the xaml automatically.

Malware on Hijacked Subdomains, a New Trend?

Posted by jasper22 at 23:59 |

The Unmask Parasites blog discusses a technique attackers are using more and more often recently: modifying a compromised site's DNS settings to redirect various subdomains to different IPs that serve up malware, often leaving site administrators none the wiser. Quoting:

"It is clear that hackers have figured out that subdomains of legitimate websites are an almost infinite source of free domain names for their attack sites. With access to DNS settings, they can create arbitrary subdomains that point to their own servers. Such subdomains can hardly be noticed by domain owners who rarely check their DNS records after the initial domain configuration. And they cost nothing to hackers. I wonder if using hijacked subdomains of legitimate websites is a new trend in malware distribution or just a temporarily solution that won't be widely adopted by cybercriminals in the long run (like dynamic DNS domains last September)."

Read more: Slashdot

Posted via email from jasper22's posterous

Microsoft Dynamics GP "Encrypted" Using Caesar Cipher

Posted by jasper22 at 23:58 |

Many large companies use Microsoft's Dynamics GP product for accounting, and many of these companies use it to store credit card numbers for billing customers. Turns out these numbers (and anything else in GP) are encrypted only by means of a simple substitution cipher. This includes the master system password, which can be easily selected and decrypted from the GP database by any user. Quoting: '[Y]ou DON'T HAVE TO GIVE ACCESS TO THE DYNAMICS DATABASE. What that means is if you create a base user in GP, that user can log into the SQL server and run a select statement on the table containing the "encrypted" GP System password. Not good.'

Read more: Slashdot

Clean Up the New Ubuntu Grub2 Boot Menu

Posted by jasper22 at 23:58 |

Ubuntu adopted the new version of the Grub boot manager in version 9.10, getting rid of the old problematic menu.lst. Today we look at how to change the boot menu options in Grub2.

Grub2 is a step forward in a lot of ways, and most of the annoying menu.lst issues from the past are gone. Still, if you’re not vigilant with removing old versions of the kernel, the boot list can still end up being longer than it needs to be.

Symantec To Buy VeriSign's Authentication Business

Posted by jasper22 at 23:58 |

Security giant Symantec is taking another step toward global domination of the information security market with the purchase of VeriSign's authentication business. Back in April it purchased PGP Corporation and GuardianEdge. VeriSign is the best known Certificate Authority; they are virtually synonymous with certificates for SSL and PKI. It seems like this could dilute the trust value of their brand rather than enhance it. It is not clear yet what effects this will have on VeriSign customers but the cynic in me says it can't be good. In terms of putting all your eggs in one basket, this will sure make Symantec a juicy target for hackers (as if they weren't already). Imagine you could hack one company and control a large chunk of endpoint security software and the bulk of the Internet's public key infrastructure

Read more: Slashdot

Posted via email from jasper22's posterous

Data Access (How Do I in C#)

Posted by jasper22 at 23:58 |

This page links to help on widely used data access tasks. To view other categories of popular tasks covered in Help, see How Do I in C#.

General
How to: Install Sample Databases
Provides steps to install a sample databse such as Northwind sample database, SQL Server Express (SSE), MSDE, or an Access version of Northwind.

Walkthrough: Creating a Simple Data Application
Provides a step-by-step procedure to create a data application.

Connecting to Data in Visual Studio
Connecting to Data in Visual Studio Overview
Provides information on connecting your application to data from many different sources, such as databases, web services, and objects.

Walkthrough: Connecting to Data in a Database
Provides a procedure to connect your application to data in Visual Studio by using the Data Source Configuration Wizard.

Walkthrough: Connecting to Data in a Web Service
Provides a procedure to connect your application to data Web service by using the Data Source Configuration Wizard.

Walkthrough: Connecting to Data in an Access Database
Provides a procedure to connect your application to data in an Access database by using the Data Source Configuration Wizard.

Creating and Designing Typed Datasets
How to: Create a Typed Dataset
Explains how to create a typed DataSet using the Data Source Configuration Wizard or the Dataset Designer.

Walkthrough: Creating a Dataset with the Dataset Designer
Provides a procedure to create a dataset using the Dataset Designer.

Walkthrough: Creating a DataTable in the Dataset Designer
Provides a procedure to create a DataTable using the Dataset Designer.

Walkthrough: Creating a Relationship between Data Tables
Explains how to create two data tables without TableAdapters using the Dataset Designer and creating a relationship between them.

TableAdapters
TableAdapter Overview
Provides an overview of TableAdapters which provides communication between your application and a database.

Walkthrough: Creating a TableAdapter with Multiple Queries
Provides a procedure to create a TableAdapter in a dataset using the Data Source Configuration Wizard. The walkthrough will take you through the process of creating a second query in the TableAdapter using the TableAdapter Query Configuration Wizard within the Dataset Designer..

Filling Datasets and Executing Queries

Syser Kernel Debugger

Posted by jasper22 at 23:58 |

is designed for Windows NT Family based on X86 platform. It is a kernel debugger with full-graphical interfaces and supports assembly debugging and source code debugging.

Softice is left. Syser will continue.

1. Supports multi-CPU and Intel Hyper-Threaded processors
2. Supports Microsoft Windows 2000, Windows xp,Windows 2003 or Windows Vista operation system
3. Supports VMWare and Virtual PC
4. Source code debugging supports syntax coloring.
5. Supports color disassembly
6. Commands are Softice-compatible

2010.03.30 Syser Debugger 1.99.1900.1201 Release

1. Fixed editing assemble code bugs.
2. Enhanced assemble instruction support.
3. Add crc32, crc16, crc16-ccitt commands.

DynamoRIO

Posted by jasper22 at 23:57 |

DynamoRIO is a runtime code manipulation system that supports code transformations on any part of a program, while it executes. DynamoRIO exports an interface for building dynamic tools for a wide variety of uses: program analysis and understanding, profiling, instrumentation, optimization, translation, etc. Unlike many dynamic tool systems, DynamoRIO is not limited to insertion of callouts/trampolines and allows arbitrary modifications to application instructions via a powerful IA-32/AMD64 instruction manipulation library. DynamoRIO provides efficient, transparent, and comprehensive manipulation of unmodified applications running on stock operating systems (Windows or Linux) and commodity IA-32 and AMD64 hardware.

DynamoRIO's powerful API abstracts away the details of the underlying infrastructure and allows the tool builder to concentrate on analyzing or modifying the application's runtime code stream. API documentation is included in the release package and can also be browsed online.

DynamoRIO is available free of charge as a binary package for both Windows and Linux. DynamoRIO's source code is available under a BSD license.

Escaping From The Virtualization Prison

Posted by jasper22 at 23:57 |

As we exploit everyday lot and lot of targets, we may find that some of these targets are Virtual Machines! The nature of use for these VMs is first for security purposes, second for ease of
work. Well “security” is not good word in place anymore; we can now attack the VM itself and then exploit the Host which carries the Guest VM. Think of virtualization as a prison, and you
are trapped inside (just like the guest OS). Outside the prison there’s a Cherif, every time you try to escape, you get caught, pushed back in, and no matter what you do you can’t get out.

Kon-Boot

Posted by jasper22 at 23:57 |

Kon-Boot is an prototype piece of software which allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting). In the current compilation state it allows to log into a linux system as 'root' user without typing the correct password or to elevate privileges from current user to root. For Windows systems it allows to enter any password protected profile without any knowledge of the password. It was acctually started as silly project of mine, which was born from my never-ending memory problems :) Secondly it was mainly created for Ubuntu, later i have made few add-ons to cover some other linux distributions. Finally, please consider this is my first linux project so far :) Entire Kon-Boot was written in pure x86 assembly, using old grandpa-geezer TASM 4.0.
Additional notes:

Kon-Boot was designed to work on X86-32 architectures only.
This utility was not designed to work with USB sticks, however you can try some unofficial methods to boot Kon-Boot from USB, check the USB tutorial on IronGeek or Raymond blog post.
Kon-Boot was presented on numerous places, it was featured in: Hak5 Episode-518, PaulDotCom Security Weekly Episode-158, WindowsITPro and others. Till the 13-07-2009 it was downloaded about 170.000 times.

Silverlight – DataBind to an Anonymous type (Who knew?)

Posted by jasper22 at 23:57 |

I searched the web for the idea first. I was certain somebody had blogged about this before, and just wanted to quickly confirm it’s truth. Unfortunately all I came across were work-a-rounds and people telling you it’s not possible. So hopefully this post will help the next guy.

All you have to do is expose your privates. Placing the following into your AssemblyInfo.cs will give the built in bindings the ability DataBind to your object(s).

[assembly: System.Runtime.CompilerServices.InternalsVisibleTo("System.Windows")]

I’m not going to say whether this is or is not a good idea, and I’m sure there’s many ways to abuse it.

Don’t inhale too much of this stuff.

Creating a Custom Out-of-Browser Window in Silverlight 4

Posted by jasper22 at 23:56 |

Silverlight 4 extends the out-of-browser feature to include support for window customization through the Window class.

What this means is that you can turn this:

into this:

7 LESSONS LEARNED WHILE BUILDING REDDIT TO 270 MILLION PAGE VIEWS A MONTH

Posted by jasper22 at 23:56 |

Steve Huffman, co-founder of social news site Reddit, gave an excellent presentation (slides, transcript) on the lessons he learned while building and growing Reddit to 7.5 million users per month, 270 million page views per month, and 20+ database servers.

Steve says a lot of the lessons were really obvious, so you may not find a lot of completely new ideas in the presentation. But Steve has an earnestness and genuineness about him that is so obviously grounded in experience that you can't help but think deeply about what you could be doing different. And if Steve didn't know about these lessons, I'm betting others don't either.

There are seven lessons, each has their own summary section: Lesson one: Crash Often; Lesson 2: Separation of Services; Lesson 3: Open Schema; Lesson 4: Keep it Stateless; Lesson 5: Memcache; Lesson 6: Store Redundant Data; Lesson 7: Work Offline.

By far the most surprising feature of their architecture is in Lesson Six, whose essential idea is: The key to speed is to precompute everything and cache It. They turn the precompute knob up to 11. It sounds like nearly everything you see on Reddit has been precomputed and cached, regardless of the number of versions they need to create. For example, they precompute all 15 different sort orders (hot, new, top, old, this week. etc) for listings when someone submits a link. Normally developers would be afraid of going this extreme, being this wasteful. But they thought it's better to wasteful upfront than slow. Wasting disk and memory is better than keeping users waiting. So if you've been holding back, go to 11, you have a good precedent.

LESSON ONE: CRASH OFTEN
The essence of this lesson is: automatically restart failed and cancerous services.

The downside of running your own system in a colo is that you are on the hook for maintenance. When your service dies you have to fix it now, even at 2AM. This is a constant tension in your life. You have to take a computer with you everywhere and you know that anytime anyone calls it could be another disaster you have to fix. It ruins your life.

One way to mitigate this problem is restart process that have died or become cancerous. Reddit uses Supervise to automatically restart applications. Special monitoring programs kill processes that use too much memory, use too much CPU, or aren’t responsive. Instead of worrying just restart and the system is up. Of course you have to read the logs and find a root cause, but until then it keeps you sane.

First Look: H.264 and VP8 Compared

Posted by jasper22 at 23:56 |

VP8 is now free, but if the quality is substandard, who cares? Well, it turns out that the quality isn't substandard, so that's not an issue, but neither is it twice the quality of H.264 at half the bandwidth. See for yourself.

To set the table, Sorenson Media was kind enough to encode these comparison files for me to both H.264 and VP8 using their Squish encoding tool. They encoded a standard SD encoding test file that I've been using for years. I'll do more testing once I have access to a VP8 encoder, but wanted to share these quick and dirty results.

CassiniDev - Cassini 3.5/4.0 Developers Edition

Posted by jasper22 at 23:56 |

The goal of the CassiniDev project is to provide an open platform for developing a robust ASP.Net web server implementation that addresses many of the limitations and difficulties encountered when using Cassini and/or Visual Studio Development Server.

CassiniDev is suitable for use as a standalone WinForms GUI application, a console application, self hosting and in automated testing scenarios including continuous integration and as a 100% compatible drop-in replacement for the Visual Studio 2008/2010 development server.
Highlights
Full support for any IP address. Not limited to localhost.
NOTE: Due to an intentional limitation in SimpleWorkerRequest, WCF content is not servable on other than the loopback (localhost)
HostName support with option to temporarily add hosts file entry.
Port scan option. Dynamically assign an available port when specific port is not required or known to be available.
WaitOnPort: Length of time, in ms, to wait for specific port to become available.
TimeOut: Length of time, in ms, to sit idle before stopping server.
NTLM authentication support.
Single file GUI and Console applications and a library assembly for in-process hosting.
Painless self hosting of a full ASP.Net server implementation for applications and testing frameworks.
Unlike Cassini and Visual Studio Development Server, CassiniDev supports a full compliment of content types.
Integrated request/response log and viewer to support debugging.
Visual Studio 2008/2010 Development server drop-in replacement with all CassiniDev enhancements.

Read more: Codeplex

Posted via email from jasper22's posterous

Essential Tools for the WPF Novice

Posted by jasper22 at 23:55 |

Windows Presentation Foundation (WPF) is simultaneously enticing and intimidating. It offers potential for amazing flexibility in UI design but there is a mountain of learning to climb. At the time of writing I am still very much in the foothills, gazing upward. This is my second article on WPF wherein I attempt to give both you and me a “leg up” on the WPF climb from a unique perspective. In this article I present a collection of little known but useful utility applications that can assist you as you learn and develop WPF code.

Notice: This article is heavily dependent on a collection of links to external sites. They were all accurate at press time but by the time you read this one or more could easily have changed or evaporated. That is just the nature of the beast...

SDK XAML Browser

The SDK XAML Browser from Microsoft lets you select a layout container or control in the navigation panel, then shows you the XAML and a rendering of the control in isolation in the main panel.

Type Explorer

XamlT—short for XAML Type Explorer—provides a unique interface to examining class diagrams specifically for WPF classes.

Gradient Editor

This Gradient Editor lets you define a color gradient graphically with an arbitrary number of bands and returns a XAML code fragment for you to paste into your application.

Dotfuscator 4.7.1000 with WPF obfuscation support

Posted by jasper22 at 23:55 |

The most recent release of Dotfuscator includes a new feature that has been a top customer request: increasing the level of protection for Windows Presentation Foundation applications. Up until now, obfuscators were unable to transform items in code-behind that are referenced from the layout of Windows Presentation Foundation applications. Excluding all of the necessary items from being renamed and removed decreased the level of protection and increased the testing required to ensure stability. With the 4.7.1000 release of Dotfuscator WPF applications are now able to be protected with an unprecedented level of obfuscation. Dotfuscator now analyzes and rewrites BAML (the compiled XAML) in WPF applications and applies consistent renaming across the layout and application code as well as ensuring that items referenced in the BAML are not pruned from the output. With full renaming support information leakage of namespaces, class, event and property names is reduced to the bare minimum. The below sample WPF application decompilation demonstrates the effectiveness of this groundbreaking feature.

Lars Rasmussen, Using Google Wave for Collaborative Software Development

Posted by jasper22 at 23:55 |

Lars Rasmussen, one of the Lead Engineers who started Google Maps, and leading the Google Wave project, spoke with The Bitsource in this exclusive interview.

Please tell The Bitsource’s developers a bit about yourself.

Lars Rasmussen: Sure thing, I’ve worked for Google for about six years. I came to Google in 2004 when they bought a little company, called Where2 Technologies that my brother and I had started and we did mapping software which we turned into Google Maps. I worked on Google maps for 3 years and then three years ago I started working on Google Wave.

Are there software development teams which are using Wave for facilitating and boosting efficiency in the various phases of the software development life cycle?

Lars Rasmussen: Yes, for sure. My own team, of course and there are a couple of teams at Google that use Wave for that exact thing. The Google Web Toolkit Team internally uses Wave for all of their work: tracking of their tasks, testing, processes, design documents, and discussing features.

There’s a story I really like, Google was recently asked to do a partnership with VMWare. Bruce Johnson was talking about this partnership during today’s keynote where they integrated the Google Web Toolkit with Spring Roo, which lets enterprise developers put together enterprise applications very quickly. Bruce was telling me how, when they started working with VMWare, they encouraged them to adopt Wave so that the GWT team and the VMWare team could Wave together. The VMWare team was actually in two other countries, and they all really loved it. It made their work much easier to coordinate in Wave and I spoke to one of the VMware guys who is here today and he is trying to get other people at VMWare to use it internally at VMWare as well.

How would one benefit by extending a continuous integration system such as Hudson or Atlassian Bamboo by integrating that into Google Wave?

Lars Rasmussen: Interesting you should ask. We’re giving a presentation tomorrow about Google Wave in the enterprise, the example I think the presenters for Google Wave and the Enterprise Environment are going to show an integration between Wave and the release system at Google with Robots and Gadgets. Every time you want to do a release, you start a Wave, which you use to do all of the coordination. Throw in a Gadget, and it goes and gets the current state [of the release] from the build system. By combining the two, you get all of the powerful discussion features [of Wave]. And when something goes wrong, something always goes wrong, you have all of the powerful discussion features, plus you have access to a control panel where you can manipulate the process right there.

In regard to Hudson and Bamboo, I don’t know if anyone is working on those particular systems, but I think Wave and development tools in general, there’s a lot of different areas where you can see some really cool integrations.

Also with coding itself. There is a team, I don’t recall they’re name, but they have this great thing where they used the Wave Federation Protocol to make programming collaborative inside of Visual Studio, and I know there’s a couple of folks at Google that are starting, too. We have a code review process, where a junior programmer will write the code and send it over to a senior programmer for review. The way it is currently, it is a serialized process. One person writes the code, they send it over here, it gets reviewed, comments go back, and the first programmer implements the comments, and it goes back for review.

Some of my colleagues are starting to play around with (they haven’t completed it yet), if you put those processes inside Wave it will go from being this very serialized, sometimes quite drawn-out process to being a much shorter and much more collaborative process. The code I write, can sit in a Wave, visible to the reviewer, and instead of sending back comments, they can just edit the code, and maybe even put comments in real-time if were online at the same time, and then I can understand what was done, and we can save ourselves a couple of round-trips.

Word2MediaWiki.NET

Posted by jasper22 at 23:55 |

FileDownload.aspx?ProjectName=Word2MediaWikiDotNET&DownloadId=31153

Do you hate trying to remember how to format text in Wikipedia? Do you have a bunch of Word documents that you'd like to convert to use in Wikipedia (or another site that uses the same wiki engine - aka "MediaWiki")? This .NET/VSTO add-in for Microsoft Word will allow you to take a document authored in Word and upload it (with automatic format conversion) to Wikipedia, or any other site that uses the MediaWiki engine.

Read more: Codeplex

Posted via email from jasper22's posterous

Full Silverlight Web Video/Voice Conference

Posted by jasper22 at 23:55 |

The (SocketCoder) Full Silverlight Web Video/Voice Conference Is an open source project to develop a full Silverlight Web Video/Voice Conferencing System in the following features:

The Main Features:
- Full Silverlight InBrowser Client application
- Multi Conferencing Rooms
- Up to 6 Video/Voice Talkers on each room to unlimited listeners
- Online Presenter System
- Text Chatting System
- Supports Working on Windows and MAC OS
- Suitable to Work on WAN/LAN Networks

Read more: Codeplex

Posted via email from jasper22's posterous

Find Latitude and Longitude

Posted by jasper22 at 23:54 |

Latitude: (shown as a horizontal line) is the angular distance, in degrees, minutes, and seconds of a point north or south of the Equator. Lines of latitude are often referred to as parallels.

Longitude: (shown as a vertical line) is the angular distance, in degrees, minutes, and seconds, of a point east or west of the Prime (Greenwich) Meridian. Lines of longitude are often referred to as meridians.

Minutes and Seconds: For precision purposes, degrees of longitude and latitude have been divided into minutes (') and seconds ("). There are 60 minutes in each degree. Each minute is divided into 60 seconds. Seconds can be further divided into tenths, hundredths, or even thousandths.

Google Pacman

Posted by jasper22 at 23:54 |

This is a copy of Google's playable Pacman game logo hosted for Pacman's 30th Anniversary.

With the help of StackOverflow users, we were able to get a playable version working.

To play a live version: http://macek.github.com/google_pacman/

Or download the source and run it offline.

Apache Click v2.2.0 has been released

Posted by jasper22 at 23:54 |

Click 2.2.0 final is available for download. Major new features include DataProviders for on-demand data loading and a Page interceptor facility for implementing cross cutting concerns such as security and transaction handling. There are also improved support for dynamic forms and stateful pages.

New features and improvements:
Added DataProvider support for Table, Select, PickList and CheckList providing on demand loading of data. With DataProviders, users won't have to be concerned about which page event (onInit or onRender) to set the data on the control [CLK-640].
Added PagingDataProvider interface to support large paginated result sets for Tables [CLK-640].
Added a MenuFactory for creating and loading Menus from configuration files. All the static Menu methods have been deprecated and will be removed in a future release.
Added an option for MenuFactory to not statically cache menus. This allows developers to cache menus in different scopes such as HttpSession. [CLK-405].
Added i18n support for Menus loaded from menu.xml. The menu DTD now includes a new name attribute. By specifying a name attribute in menu.xml, the Menu will attempt to load its label and title from resource bundles [CLK-591].
Added a Page Interceptor facility that provides an extension point for code which can listen to key page events and also interrupt normal page processing flow. [CLK-598].
Added improved dynamic Form support. Forms can now optionally bypass validation for JavaScript based submissions using the new JavaScript function "Click.submit(formName, validate)" [CLK-638].

Read more: CLICK FRAMEWORK
Official site: Apache Click

Posted via email from jasper22's posterous

Create Silverlight Master – Detail UI Using Data Sources Window Object DataSource

Posted by jasper22 at 23:54 |

Master – Detail layouts are the bread and butter of Line of Business (LOB) applications. This walkthrough will show you how to drag & drop from the Data Sources Window to create the UI that is sourced from an Object DataSource.

This article has a single download that contains C# and VB.NET completed solutions and starter solutions. The starter solution includes the data entity classes and a static (Shared) data source class.

This walk through assumes that you'll be starting with the starter solution.

Table of Contents

Completed Application
Starter Solution
Adding a Title to the Form
Adding the ComboBox Used for Record Selection
Adding the Details Form
Adding the DataGrid
How does it Work?
Links
Comments

XPlatformCPP

Posted by jasper22 at 23:53 |

A cross platform C++ rendering API, that uses either OpenGL 2.1 or Direct3D 9.0c as a backend. Works with Win32API (Windows), Xlib (Linux,etc...), Cocoa (Mac OSX)

Read more: Codeplex

Posted via email from jasper22's posterous

Code Contracts Part 1 - Introduction

Posted by jasper22 at 23:53 |

This blog post is part of a series concerning Microsoft Code Contracts. For a complete series directory, please refer to the following list. Articles without a link will be published as they become available.

Part 01 - Introduction
Part 02 - Preconditions
Part 03 - Postconditions
Part 04 - Object Invariants
Part 05 - Abstract Types and Interfaces
Part 06 - Assert, Assume, ForAll and Exists
Part 07 - Contract and Invariant Inheritance
Part 08 - Contract Reference Assemblies
Part 09 - Refactoring a Legacy Code Base
Part 10 - Writing a Custom Contract Runtime Class
Part 11 - Documenting Code Contracts
Part 12 - Command Line Tools
Part 13 - Contracts in Continuous Integration
Part 14 - A Chat with Microsoft's Code Contracts Team

Microsoft Code Contracts have finally emerged from the Microsoft Research DevLabs into production. This is the first in a new blog series dedicated to spreading the good news about this amazing product. You may already know that Microsoft dumps billions of dollars into Research & Development every year, collaborating with academic, government and industry researchers all over the world to improve the platform. To be frank, this "culture of investment" is the main reason that I'm proud to call myself a .NET developer. Microsoft's deep level of investment is also attracting some of the best and brightest minds in software engineering to their research projects: another great reason for me to reply in kind, dedicating myself to mastering the platform.

Augmented Reality Domino Knock-Down Game

Posted by jasper22 at 23:53 |

This article provides step-by-step instructions about how to create a simple, yet interesting, augmented reality game called “domino knock-down game” using an open source framework called Goblin XNA.

Introduction

This is an advanced tutorial, and as such we expect that you are already familiar with XNA and scene graph based 3D programming. The game is a single player game in which the player shoots virtual balls into a real-world environment to knock down all of the virtual dominos overlaid on top of a board. The player holds a webcam in one hand and shoots the virtual ball by clicking a mouse using the other hand. Before the game starts, the player is allowed to add virtual dominos or modify the positions and orientations of the existing ones overlaid on the board as desired.

MonoDroid - Mono for Android Beta Program

Posted by jasper22 at 23:52 |

We are hard at work on MonoDroid -- Mono for Android -- and we have created a survey that will help us prioritize our tooling story and our binding story.

If you are interested in Monodroid and in participating on the beta program, please fill out our Monodroid survey.

Here is what you can expect from Mono on Android:

C#-ified bindings to the Android APIs.
Full JIT compiler: this means full LINQ, dynamic, and support for the Dynamic Language Runtime (IronPython, IronRuby and others).
Linker tools to ship only the bits that you need from Mono.
Ahead-of-Time compilation on install: when you install a Monodroid application, you can have Mono precompile the code to avoid any startup performance hit from your application.
We are still debating a few things like:

Shared Full Mono runtime vs embedded/linked runtime on each application.
Which IDE and OS to make our primary developer platform. Our options are VS2010, VS2008 and MonoDevelop and the platforms are Windows, OSX and Linux.
We are currently leaning towards using VS2008/2010 for Windows during the beta and later MonoDevelop on Linux/Mac.

Communication b/w C++ Silverlight host and Silverlight application

Posted by jasper22 at 23:52 |

I would like you to look take at my previous article Host_Silverlight_In_ATL.aspx before continue with this one. In this article we will talk about communication b/w C++ Silverlight host and Silverlight application which means we can call a method of Silverlight app from C++ Silverlight host.

using System.Windows.Browser;

Use above mentioned namespace for communication. We will use Html communication bridge to communicate with the C++ host.

Use following statement to register the Communicator object. We will get this communicator object in C++ silverlight host using IDispath

HtmlPage.RegisterScriptableObject("Communicator", this);
Write another function in Silverlight application which we will call from C++ Silverlight host.

[ScriptableMember]
public void SetDataInTextBox(string strData)
{

txtData.Text = strData;

}

Complete code for the Silverlight page.

using System.Windows.Browser;
namespace SilverlightTestApp
{

public partial class MainPage : UserControl
{

public MainPage()

{

HtmlPage.RegisterScriptableObject("Communicator", this);

InitializeComponent();

}
private void ClickMe_Click(object sender, RoutedEventArgs e)

{

MessageBox.Show("Button click handler is in Silverlight :)", "SilverlightTestApp", MessageBoxButton.OK);

}
[ScriptableMember]

public void SetDataInTextBox(string strData)
{

txtData.Text = strData;

}

}

I am not trying to explain Silverlight developmentment issues here but I would like to say that same things we do for Silverlight and Java Script interaction. If someone is not familiar with above code, google Silverlight and JavaScript interaction. Almost every Silverlight book covers this topic.

Archive

Random sites

Followers

Search This Blog

Subscribe To