This is a mirror of official site: http://jasper-net.blogspot.com/

ChromeOS In VirtualBox – Test Drive It

| Thursday, November 10, 2011
    In a lot of cases you wish to develop to the new Chromebook but don’t have the hardware or just want to be more productive while working on your 8-core linux box… In these cases, there is a good option to run the latest ChromeOS inside Virtualbox (or VMware if you have it). A quick reminder, Chromium OS (which is the open source version of ChromeOS) is a project that aims to build an operating system that provides a fast, simple and more secure computing experience for people who spend most of their time on the web.

The steps to follow

    Download VirtualBox.
    You can build your own OS if you wish, just go to: chromium-os and read the details.
    However, there is an easy way – just download an image of ChromeOS – I have one for you here.
    And this guy is creating lots of fresh images of ChromeOS every day. So if you want the real ‘development’ (=alpha) version of it – check it out.
    Open the VirtualBox and click on ‘New’ button (upper left corner) – You will get this:

screen-shot-2011-11-10-at-9-18-07-am.png?w=630&h=349

Read more: Ido's Blog
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://greenido.wordpress.com/2011/11/10/chromeos-in-virtualbox-test-drive-it/

Posted via email from Jasper-net

Announcing The Opening Of FreeYourAndroid…

| Wednesday, November 9, 2011
FYA-238x123.jpg

    We all know that there is a myriad of Android forums and related sites throughout the internet. While we would like to think that xda-developers is alone in this race, the fact of the matter is that this could not be further from the truth. Our site is a wonderful place to be a community and learn a lot if you are willing to put the time on it. Learning to develop on xda is not impossible as there is a vast (quasi-endless) amount of information available from some of the brightest minds on the planet. However, due to the vast amount of said information, it is sometimes very difficult and borderline a full time job to be able to go through all the material necessary to do what one wants to do, be it root your device, or be able to theme it from the ground up.

This is where our friends from Villainrom come into play. After many months of market research and studying how people use and search for information, they have come up with a new type of site, which they have called freeyourandroid (FYA), that is aimed to help n00bs and seasoned pros alike with all of their Android related needs. The site is structured around an easy to use type of interface, which is rather intuitive and will save you from having to search and read through thousands upon thousands of things that, while useful, might be completely irrelevant to what you are looking for. On top of that, FYA has the distinct feature that it will offer pro support live via a dedicated IRC channel. Basically allowing you to get all the help you need from the right people.


Read more: XDA developers
Read more: Free Your Android
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://freeyourandroid.com/

Posted via email from Jasper-net

Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)

|
General Information


Executive Summary

This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends a continuous flow of specially crafted UDP packets to a closed port on a target system.

This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. For more information, see the subsection, Affected and Non-Affected Software, in this section.

The security update addresses the vulnerability by modifying the way that the Windows TCP/IP stack keeps track of UDP packets within memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.

Recommendation. The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871.

For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service.

See also the section, Detection and Deployment Tools and Guidance, later in this bulletin.

Read more: MS Security TechCenter
QR: ms11-083

Posted via email from Jasper-net

PaX

|
PaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.

PaX flags data memory as non-executable, program memory as non-writable and randomly arranges the program memory. This effectively prevents many security exploits, such as some kinds of buffer overflows. The former prevents direct code execution absolutely, while the latter makes so-called return-to-libc (ret2libc) attacks difficult to exploit, relying on luck to succeed, but doesn't prevent variables and pointers overwriting.

PaX is maintained by The PaX Team, whose principal coder is anonymous.


Read more: Wikipedia
QR: PaX

Posted via email from Jasper-net

Nimbus IO

| Tuesday, November 8, 2011
logo.png

    REST API Similar to Amazon S3
    100% Open source hardware, client libraries and server software
    Build by SpiderOak on the same proven backend storage network which powers hundreds of thousands of backups
    Focus on high throughput and reliability, while sacrificing low latency for cost effectiveness


Read more: nimbus IO
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=https://nimbus.io/

Posted via email from Jasper-net

Microsoft Issues Stopgap Fix for ‘Duqu’ Flaw

|
fixitduqu-300x129.png

Microsoft has released an advisory and a stopgap fix for the zero-day vulnerability exploited by the “Duqu” Trojan, a highly targeted malware strain that some security experts say could be the most important cyber espionage threat since Stuxnet.

According to the advisory, the critical vulnerability resides in most supported versions of Windows, including Windows XP, Vista and Windows 7. The problem stems from the way Windows parses certain font types. Microsoft says it is aware of targeted attacks exploiting this flaw, but that it believes few users have been affected.

Read more: Kerbs on Security
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=krebsonsecurity.com/2011/11/microsoft-issues-stopgap-fix-for-duqu-flaw/

Posted via email from Jasper-net

Steam forums suspended after alleged hack

|
Web space redirected to hacker site before shutdown

Valve’s Steam forums appear to have been the latest target in a tumultuous year of hacking and security scares at games companies.

The forum, at time of going to press, is suspended for maintenance. Last night it was reported that the forums redirected to a website offering hacking tutorials and tools.

The destination website in question has denied responsibility for the hack.

It is also alleged that a number of Steam users had been emailed spam in connection to the hack, though this has not been confirmed, nor is there a suggestion that any personal data has been compromised.


Read more: Developer
QR: Steam-forums-suspended-after-alleged-hack

Posted via email from Jasper-net

Intercepting Calls in Web Services (Worker Process)

|
Introduction

This is not a tutorial about Web Services and their usage. The usage of this technology is well known across the software industry.

The purpose of this article is to show a method for “how to intercept Web Service calls and show in screen”. We will work directly on the Worker process. Unfortunately, with sniffers, we can’t get traffic from localhost.

OK, let’s start:

Suppose you have an application which is calling a WebService.

    Open Windows Debugger: windbg.exe process.
    Press F6 and attach the w3wp.exe process.
    Once we get the process attached, execute the command (.loadby sos mscorwks in the case of .NET Framework < 4.0): .loadby sos mscoreei.
    After deep research, I found an interesting function which could be useful: System.Web.HttpRequest.GetEntireRawContent.
    Let’s try to see where this function is JITted:

!name2ee * System.Web.HttpRequest.GetEntireRawContent

image001.jpg


Read more: Codeproject
QR: InterceptCallsWebServices.aspx

Posted via email from Jasper-net

AkismetPC

|
AKismetPC is a C# wrapper for the popular anti-spam plugin for Wordress Akismet. This can be used with a .NET blog system. Examples on it's usage are forthcoming.

Read more: Codeplex
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://akismetpc.codeplex.com/

Posted via email from Jasper-net

How to get started using Boost threads

|
Introduction

This post aims to be an accessible step-by-step introduction to helping beginners get set up with the Boost threads in Visual Studio environments for the first time. Like with many technical subjects, there seems to be a great deal of information out there that tells you a lot but does not actually show you much! This article contains no in-depth discussions on how to use Boost threads in all their different guises. That's for another time or place. What this article (hopefully) does is help you get up and running with Boost threads minus any compiler whinges, which for me at least is often the hardest part.
A simple boost::thread example

A nice introduction to boost thread programming exists over at Gavin Baker’s “antonymn” page which I will take the liberty of reproducing here:

#include <iostream> 
#include <boost/thread.hpp>  
#include <boost/date_time.hpp>      
     
void workerFunc() 

    boost::posix_time::seconds workTime(3);         
    std::cout << "Worker: running" << std::endl;   
     
    // Pretend to do something useful... 
    boost::this_thread::sleep(workTime);         
    std::cout << "Worker: finished" << std::endl; 
}   
     
int main(int argc, char* argv[]) 

    std::cout << "main: startup" << std::endl;         
    boost::thread workerThread(workerFunc);   
     
    std::cout << "main: waiting for thread" << std::endl;         
    workerThread.join();   
     
    std::cout << "main: done" << std::endl;         
    return 0; 

This example code creates a boost thread object, passes it an example worker function and exits the thread when complete.  This simple example I use as a means of validating the successful setup of the Boost thread library.  The following sections describe the preliminary steps that will be necessary to run this simple example. 


Read more: Codeproject
QR: StartingBoostThreads.aspx

Posted via email from Jasper-net

Silverlight User Controls

| Sunday, November 6, 2011
I have recently completed to develop the Elements topic in my Silverlight Basic course. It covers Silverlight's available user controls. I completed to develop both the slides and the video clips. You can find the community version of my Silverlight course available for free personal usage at www.abelski.org. The professional version is available at www.abelski.com.

The following short video clips were prepared as part of this topic.


Read more: Life Michael
QR: silverlight-user-controls.aspx

Posted via email from Jasper-net

Windows 3.1 на Android

|
Человеческой изобретательности нет предела.
На этот раз нашли способ запускать Windows 3.1 (а возможно и выше) на аппарате под управлением OS Android.

4edc7c6d.png

Система устанавливается оригинальная и полностью рабочая, единственный большой минус — довольно сложное управление.

И так для этого нам понадобится:

  • Аппарат с Android версии 2.2 или выше
  • Приложение aDosBox
  • Установочные файлы Windows
  • Свободное место на SD карте или в самом аппарате (20 мб (это проблема..))
  • Прямые руки
Read more: Habrahabr.ru
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://habrahabr.ru/blogs/android/131989/

Posted via email from Jasper-net

Don't be difficult, DiffMerge! Using the free DiffMerge with SourceSafe, TFS & SVN

|
What is DiffMerge

DiffMerge is yet-another-diff-and-merge-tool from the fine folks at SourceGear. It’s awesome. It’s head and shoulders above whatever junky diff tool they provided with your source control platform, unless of course you’re already using Vault. Eric Sink, the founder of SourceGear, wrote about it here. By the way, Eric’s blog is easily one of the most valuable I’ve read, and while it doesn’t get much love these days, there’s a lot of great stuff there, and it’s even worth going back and reading from the beginning if you haven’t seen it.

Are there better diff tools out there? Sure, there probably are. I’m sure you have your favorite. If you’re using something already that works for you, great. DiffMerge is just yet another great option to consider when you’re getting started.

You sound like a sleazy used car salesman

Yeah, I probably do, but I don’t work for SourceGear and have no financial interest in their products. I’ve just been a very happy user of Vault and DiffMerge for years. And it if increases Vault adoption, both among development shops and development tool vendors, it will make my life easier.

But when I go to work on long-term contracts for large clients, they already have source control in place that they want me to use, which is OK, but when I need to do some merging, it starts getting painful. I want it to tell me not just that a line changed, but exactly what in that line changed. I want to it actually be able to tell me the only change is whitespace. I want it to offer me a clean and intuitive interface. Crazy, I know.


Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: DiffMerge
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://mooneyblog.mmdbsolutions.com/index.php/2011/11/02/how-to-use-sourcegear-diffmerge-in-sourcesafe-tfs-and-svn/

Posted via email from Jasper-net

Platform Invoke Data Types

|
   The following table lists data types used in the Win32 API (listed in Wtypes.h) and C-style functions. Many unmanaged libraries contain functions that pass these data types as parameters and return values. The third column lists the corresponding .NET Framework built-in value type or class that you use in managed code. In some cases, you can substitute a type of the same size for the type listed in the table.

Unmanaged type in Wtypes.h

Unmanaged C language type

Managed class name

Description

HANDLE

void*

System.IntPtr

32 bits on 32-bit Windows operating systems, 64 bits on 64-bit Windows operating systems.

BYTE

unsigned char

System.Byte

8 bits

SHORT

short

System.Int16

16 bits

WORD

unsigned short

System.UInt16

16 bits

INT

int

System.Int32

32 bits

UINT

unsigned int

System.UInt32

32 bits

LONG

long

System.Int32

32 bits

BOOL

long

System.Int32

32 bits

DWORD

unsigned long

System.UInt32

32 bits

ULONG

unsigned long

System.UInt32

32 bits

CHAR

char

System.Char

Decorate with ANSI.

WCHAR

wchar_t

System.Char

Decorate with Unicode.

LPSTR

char*

System.String or System.Text.StringBuilder

Decorate with ANSI.

LPCSTR

Const char*

System.String or System.Text.StringBuilder

Decorate with ANSI.

LPWSTR

wchar_t*

System.String or System.Text.StringBuilder

Decorate with Unicode.

LPCWSTR

Const wchar_t*

System.String or System.Text.StringBuilder

Decorate with Unicode.

FLOAT

Float

System.Single

32 bits

DOUBLE

Double

System.Double

64 bits


Read more: MSDN
QR: ac7ay120.aspx

Posted via email from Jasper-net

Бесплатный шаблон со слайдшоу для студии дизайна

|
Free-Website-Template2.jpg

Представленная тема может быть использована как теми, кто планирует запуск нового интернет проекта, так и для обновления дизайна уже существующих. Этот бесплатный шаблон оживит ваш проект и позволит сделать ваш сайт запоминающимся и эффективным. Стильный дизайн с контрастными цветами и насыщенным макетом созданным профессионалами делает этот шаблон идеальным для web студии. Прикольная прокрутка в шапке создана командой TemplateMonster, и вы можете использовать ее абсолютно бесплатно. Перед началом работы с шаблоном вы можете посмотреть живое демо в полном размере. Так вы сможете ознакомиться со всеми возможностями и особенностями шаблона.  Создайте собственный проект, который продемонстрирует ваш потенциал клиентам!


Read more: TemplateMonster blog
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.templatemonsterblog.ru/2011/11/03/free-template-design-studio/

Posted via email from Jasper-net

Yii

|
logo.png

Yii is a high-performance PHP framework best for developing Web 2.0 applications.

Yii comes with rich features: MVC, DAO/ActiveRecord, I18N/L10N, caching, authentication and role-based access control, scaffolding, testing, etc. It can reduce your development time significantly.

Read more: Yii
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.yiiframework.com/

Posted via email from Jasper-net

300 Windows Phone 7 Icons, Creative Commons (with *.XAML, *.Design and *.PNG)

|
Project: Windows Phone Icons

This is a project started a few months ago to supply creative commons licensed icons to Windows Phone developers.

image_thumb.png?imgmax=800

Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Project: Windows Phone Icons
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://templarian.com/project_windows_phone_icons/

Posted via email from Jasper-net

Coded UI tests : AutomationId or how to find the chose one (control) !

|

C#/.NET Little Wonders: The Generic Action Delegates

|
Once again, in this series of posts I look at the parts of the .NET Framework that may seem trivial, but can help improve your code by making it easier to write and maintain. The index of all my past little wonders posts can be found here.

Back in one of my three original “Little Wonders” Trilogy of posts, I had listed generic delegates as one of the Little Wonders of .NET.  Later, someone posted a comment saying said that they would love more detail on the generic delegates and their uses, since my original entry just scratched the surface on them.

So over the next few weeks, I’ll be looking at some of the handy generic delegates built into .NET.  For this week, I’ll give a quick overview of delegates and their usefulness.  Then I’ll launch into a look at the Action generic delegates and how they can be used to support more generic, reusable algorithms and classes.
Delegates in a nutshell

Delegates are similar to function pointers in C++ in that they allow you to store a reference to a method.  They can store references to either static or instance methods, and can actually be used to chain several methods together in one delegate.

Delegates are very type-safe and can be satisfied with any standard method, anonymous method, or a lambda expression.  They can also be null as well, so care should be taken to make sure that the delegate is not null before you call it.

So let’s go back to the early days of .NET, before generic delegates, when you typically had to define delegates explicitly.  For example, if we wanted to define a delegate for a logging method, we could define a delegate that takes a string as an argument and returns void:

   1: // This delegate matches any method that takes string, returns nothing
   2: public delegate void Log(string message);

This delegate defines a type named Log that can be used to store references to any method(s) that satisfies its signature (whether instance, static, lambda expression, etc.).

Let’s look at some example code using this delegate type:

   1: // creates a delegate instance named currentLogger defaulted to Console.WriteLine (static method)
   2: Log currentLogger = Console.WriteLine;
   3: currentLogger("Hi Console!");
   4: 
   5: using(var file = File.CreateText("c:\\sourcecode\\out.txt"))
   6: {
   7:     // changes delegate to now refer to the file instance's WriteLine method
   8:     currentLogger = file.WriteLine;
   9:     currentLogger("Hello file!");
  10: 
  11:     // now append Console.WriteLine to delegate (instead of replace, adds)
  12:     currentLogger += Console.WriteLine;
  13:     currentLogger("Hi to both!");
  14: }

Let’s examine what’s going on in the code above:

    At line 2, we create an instance of a delegate of type Log and have it refer to a static method that takes a string and returns void by assigning it the method name, Console.WriteLine() has an overload that fits this signature.
    At line 3, we invoke the delegate just like we would any other method, by using the delegate name and passing the arguments in the parenthesis.  If our delegate returned a value, we could assign it like a normal method as well.
    At line 8, we change the delegate to refer to an instance method, in this case the WriteLine() method of the file variable.
    At line 9, we invoke the delegate again, this time it will write to file.
    At line 12, instead of replacing the delegate, we are appending a method to the delegate.  This means that both Console.WriteLine (from the previous assignment) and file.WriteLine() appended with the += will be called.

So, both = and += can be used to assign method references to a delegate, albeit in different ways.  The = releases any previous method(s) referenced, and assigns a new method reference (or you can assign to null to remove all and leave unassigned).  And the += is used to chain a new method reference to any existing method referenced (if any).  Likewise, you can use –= to remove a method from a delegate chain.

Always remember that on the call to invoke the delegate, you should make sure the delegate reference isn’t currently null.  Depending on the structure of your code, you may or may not have to check at the point you call it, but you should at least be logically sure it has a value (by comparing to null) before you invoke it.

Also remember that delegates can be used to refer to anonymous methods or lambda expressions as well:

   1: // assign to an anonymous method
   2: currentLogger = delegate(string message) { Console.WriteLine(message.ToUpper()); };
   3: currentLogger("This will be upper case.");
   4: 
   5: // assign to a lambda expression
   6: currentLogger = msg => Console.WriteLine(msg.Length);
   7: currentLogger("This will output 19");


Read more: James Michael Hare
QR: c.net-little-wonders-the-generic-action-delegates.aspx

Posted via email from Jasper-net

SSLyze

|
iSEC Partners Releases SSLyze

Transport Layer Security (TLS), commonly called SSL, is one of the most widely used protocols to secure network communications. As costs fall and user security and privacy expectations rise companies are deploying it more widely every year. Attacks against the CA system, SSL implementation flaws and aging protocol versions have grabbed news headlines, bringing attention to weak configurations, and the need to avoid them. Additionally, server misconfigurations have always greatly increased the overhead caused by SSL, slowing the transition to improved communications security.

To help improve system configurations, iSEC is releasing the free software “SSLyze” tool. We have found this tool helpful for analyzing the configuration of SSL servers and for identifying misconfigurations such as the use of outdated protocol versions, weak hash algorithms in trust chains, insecure renegotiation, and session resumption settings.

SSLyze is a stand-alone python application that looks for classic SSL misconfigurations, while providing the advanced user with the opportunity to customize the application via a simple plugin interface. Right now it supports the following features:

    Insecure renegotiation testing
    Scanning for weak strength ciphers
    Checking for SSLv2, SSLv3 and TLSv1 versions
    Server certificate information dump and basic validation
    Session resumption capabilities and actual resumption rate measurement
    Support for client certificate authentication
    Simultaneous scanning of multiple servers, versions and ciphers

For example, SSLyze can help user’s identify server configurations vulnerable to THC’s recently released SSL DOS attack (http://www.thc.org/thc-ssl-dos/) by checking the server’s support for client-initiated renegotiations. For more information on testing for client-initiated renegotiations, see: http://code.google.com/p/sslyze/wiki/ThcSslDOS

The project is hosted on Google Code at the following URL: http://code.google.com/p/sslyze/

Read more: iSEC
QR: isec-partners-releases-sslyze.html

Posted via email from Jasper-net

OSSEC

|
ossec_logo.jpg
Welcome to the Home of OSSEC

 
OSSEC is an Open Source Host-based Intrusion Detection System. It performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.

It runs on most operating systems, including Linux, MacOS, Solaris, HP-UX, AIX and Windows. A list with all supported platforms is available here.


Read more: OSSEC
QR: https://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.ossec.net/

Posted via email from Jasper-net