This is a mirror of official site: http://jasper-net.blogspot.com/

The Greenbone Security Manager

| Thursday, February 2, 2012
gsm-150x150.png

The Greenbone Security Manager (GSM) is a Vulnerability Management Solution that seamlessly and transparently integrates into your Security and GRC strategy, providing Vulnerability Assessment, Vulnerability Intelligence and Threat Management capabilities in the form of a dedicated or virtual appliance.

With a strong focus on 3rd Party integration and open standards, the GSM is a best of breed security solution that will enhance and supplement your security posture and allow a proactive approach to automated Vulnerability Lifecycle Management.

Read more: The Greenbone Security Manager
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://greenbone.net/

Posted via email from Jasper-net

Norton Identity Safe: Cross-Platform Alternative To LastPass

| Wednesday, February 1, 2012
Norton-Identity-Safe-Final.png

LastPass is a widely used password manager, which is available as a plugin for all famous browsers, including Internet Explorer, Mozilla Firefox, Chrome, Opera, and Safari. While LastPass works as a browser extension, there are also desktop applications that deliver similar functionality. Norton has recently created a comprehensive application, which brings the functionality of password management browser extensions like LastPass and desktop application like 1Password. Norton Identity Safe is a cross-platform password management application that integrates with your browser and allows you to you safeguard your login information. It quickly and securely logs users into online accounts from computers and mobile devices on the go, with a secure master password. Unlike most password managers, Norton Identity Safe also provides information regarding the safety of a website to protect you from phishing websites.

To get started, you will require logging in or signing up with a Norton account.


Read more: Addictive tips
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=www.addictivetips.com/windows-tips/norton-identity-safe-cross-platform-alternative-to-lastpass/

Posted via email from Jasper-net

Hacker Geek: OS Fingerprinting With TTL and TCP Window Sizes

|
Did you know that you can find out which operating system a networked device is running just by looking at the way it communicates on the network? Let’s take a look at how we can discover what operating system our devices are running.


Why Would You Do This?

Determining what OS a machine or device is running can be useful for many reasons. First lets take a look at an everyday perspective, imagine you want to switch to a new ISP who offers uncapped internet for $50 a month so you take a trial of their service. By using OS fingerprinting you will soon discover that they have rubbish routers and offer a PPPoE service offered on a bunch of Windows Server 2003 machines. Doesn’t sound like such a good deal anymore, huh?

Another use for this, albeit not so ethical, is the fact that security holes are OS specific. For example, you do a port scan and find port 53 open and the machine is running an outdated and vulnerable version of Bind, you have a SINGLE chance to exploit the security hole since a failed attempt would crash the daemon.


How Does OS Fingerprinting Work?

When doing passive analysis of current traffic or even looking at old packet captures, one of the easiest, effective, ways of doing OS Fingerprinting is by simply looking at the TCP window size and Time To Live (TTL) in the IP header of the first packet in a TCP session.

Here are the values for the more popular operating systems:

Operating System Time To Live TCP Window Size
Linux (Kernel 2.4 and 2.6) 64 5840
Google Linux 64 5720
FreeBSD 64 65535
Windows XP 128 65535
Windows Vista and 7 (Server 2008) 128 8192
iOS 12.4 (Cisco Routers) 255 4128

Read more: How-to geek
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=www.howtogeek.com/104337/hacker-geek-os-fingerprinting-with-ttl-and-tcp-window-sizes/

Posted via email from Jasper-net

להרוויח יותר מהאפליקציות שלכם עם StartApp [סטארטאפ]

|
יזמים בתחום הסלולר מתלבטים כל הזמן כיצד הכי נכון עבורם למנף את האפליקציה (או האפליקציות) שהכינו ולייצר הכנסה. ישנם מודלים רבים אפשריים, כמו אלה המציעים למכור את האפליקציה בתשלום, או להעניק אותה בחינם עם אפשרויות שדרוג פנימיות, או עבודה עם באנרים (או כל סוג אחר של פרסום) בתוך האפליקציה.
אפליקציות בחינם

כעת, חברת StartApp הישראלית מעוניינת לעזור ולהציע ליזמים אפיק אפשרי נוסף לייצור הכנסה מהאפליקציה שלהם. החברה פיתחה SDK פשוט, שניתן לשלב בכל אפליקציה המפותחת לפלטפורמת אנדרואיד ומאפשרת למפתחים להרוויח מכל התקנה של האפליקציה (גם כאשר זאת ניתנת להורדה בחינם מה-Market).

הפתרון של StartApp מבוסס על מודל מוכר מעולם ה-Desktop שנקרא Paid Search שעובד בצורה דומה למודלים של סרגלי הכלים לדפדפנים במחשבים האישיים, בין היתר של חברות כמו קונדואיט ואחרות.

לאחר הוספת ה-SDK לאפליקציה, המשתמש הסופי יקבל אפשרות חיפוש חדשה באמצעות אייקון ייעודי, המוביל לדף הבית של מנוע החיפוש. כל חיפוש המתבצע דרך הכלים החדשים מייצר הכנסה, דרך הסכמים עם חברות נוספות, עבור StartApp, והיא המאפשרת לחברה לשלם למפתחים עבור כל התקנה של האפליקציה שלהם מראש, עוד לפני שהמשתמש החדש ביצע חיפוש כלשהו.
הצלחה אנדרואידית

מאז הושק המוצר באוגוסט 2011, ה-SDK של Startapp הצליח למצוא את דרכו אל יותר מ-850 אפליקציות, המותקנות אצל כ-30,000,000 משתמשים שונים. החברה עצמה, StartApp, הוקמה בדצמבר 2010 על-ידי גיל דודקביץ, המכהן כמנכ"ל החברה, ורן אבידן, המכהן כסמנכ"ל הטכנולוגיות של החברה והיא שמה לעצמה כמטרה לפתור את שתי הבעיות העיקריות בעולם האפליקציות – מודל ההכנסות ומודל הפצה ושיווק של האפליקציה. בדצמבר 2010 גייסה החברה השקעת סיד מקרן סידר הישראלית, בעקבותיה הצטרף לדירקטוריון החברה גל ישראלי, אחד ממייסדי הקרן ושותף מנהל בסידר.


Read more: newsGeek
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=www.newsgeek.co.il/startapp-mobile-apps/

Posted via email from Jasper-net

Why Linux Vendors Need To Sell More Than Linux

|
Mandriva, a venerable Linux distro, is on the verge of shutting down. One of its main problems is that it never grew into more than just an OS vendor. The big players in the commercial Linux space — Red Hat, SuSE, Canonical — all built Linux into their larger computing visions. Is there any room in the marketplace for just a straight-up Linux distro anymore?

Read more: Slashdot
QR: why-linux-vendors-need-to-sell-more-than-linux

Posted via email from Jasper-net

Google запустила сайт для разработчиков: JavaScript vs. Dart

|
c34012e6bee39a62680ca36261a147ae.jpg

   Google сделала очередной шаг для популяризации языка Dart, который позиционируется поисковым гигантом как замена JavaScript. Компания запустила для разработчиков промо-сайт Dart Synonym, облегчающий сравнение синтаксических конструкций обоих языков, удобно расположив примеры кода в двух столбцах и великодушно поставив JavaScript на первое место. Сами примеры охватывают весьма широкий диапазон: он начинается от объявлений переменных, затрагивает такие темы как работу с массивами, строками, манипуляцию с DOM, и заканчивается объектно-ориентированным программированием, так что сайт, в принципе, может служить быстрым справочником и по Dart и по JavaScript.

Read more: Habrahabr.ru
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://habrahabr.ru/blogs/webdev/137376/

Posted via email from Jasper-net

Делаем библиотеку написанную на .Net понятной для Unmanaged кода

|
Пол года проработав в компании, которая занимается программированием на MQL под Meta Trader столкнулся с таким заказом: клиенту нужно что бы программа была написана на C# или VB.Net.

Задача была в том, что бы написать программу на C# и dll на том же языке, которая связывает приложение с торговым советником на MQL. С одной стороны мне это на руку, так как C# изучаю больше года, с другой — стало непонятно, а как же это делается и вообще возможно ли это?

Ни для кого не секрет, что библиотека, написанная на C# не имеет в своем коде раздела для экспорта, и собственно передать название функции не является возможным. Пару часов поисков в интернете таки дали мне понять, что решение существует, и состоит оно в следующем:

    Нужно декомпилировать библиотеку при помощи ILDASM, получив при этом IL-код
    Изменить код так, что бы функции стали экспортируемыми
    Заново собрать при помощи ILASM


Про IL что-то там слышал, но в глаза ни разу не видал сие чудо. Что бы вам не пришлось искать литературу, которой по данному вопросу не так и много, опишу всё шаг за шагом. В результате у нас получится библиотека, которая отлично запускается из любой программы.

Итак приступим:
Первым делом создадим обычную библиотеку, в которой будет 2 метода, где первый выводит на экран всем любимое «Hello, World!», второй возвращает сумму двух чисел.

Названия функций желательно выбрать такими, которые потом будет легко найти.
Собственно вот как выглядит код нашей библиотеки:

using System;
using System.Windows.Forms;

namespace Test
{
    public class Class1
    {
        public static void Message_Export(String message)
        {
            MessageBox.Show(message);
        }

        public static Double Sum_Export(Double a, Double b)
        {
            return a + b;
        }
    }
}


Read more: Habrahabr.ru
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://habrahabr.ru/blogs/net/137300/

Posted via email from Jasper-net

15 Best Practices for Exception Handling

|
  1. Don't manage business logic with exceptions. Use conditional statements instead. If a control can be done with if-else statement clearly, don't use exceptions because it reduces readability and performance  (e.g. null control, divide by zero control). .
  2. Exception names must be clear and meaningful, stating the causes of exception.
  3. Throw exceptions for error conditions while implementing a method. E.g. if you return -1, -2, -3 etc. values instead of FileNotFoundException, that method can not be understand.
  4. Catch specific exceptions instead of the top Exception class. This will bring additional performance, readability and more specific exception handling.
  5. Null control with conditionals is not an alternative to catching NullPointerException. If a method may return null, control it with if-else statement. If a return may throw NullPointerException, catch it.
  6. Try not to re-throw the exception because of the price. Bu if re-throwing had been a must, re-throw the same exception instead of creating a new exception. This will bring additional performance. You may add additional info in each layer to that exception.
  7. Define your own exception hierarchy by extending current Exception class (e.g. UserException, SystemException and their sub types) and use them. By doing this you can specialize your exceptions and define a reusable module/layer of exceptions.
  8. Use types of exceptions clearly. Fatal: System crash states. Error: Lack of requirement. Warn: Not an error but error probability. Info: Info for user. Debug: Info for developer.
  9. Don't absorb exceptions with no logging and operation. Ignoring exceptions will save that moment but will create a chaos for maintainability later.
  10. Don't log the same exception more than once. This will provide clearness of the exception location.
  11. Always clean up resources (opened files etc.) and perform this in "finally" blocks.
  12. Exception handling inside a loop is not recommended for most cases. Surround the loop with exception block instead.

Read more: CodeBuild
QR: 15-best-practices-about-exception.html

Posted via email from Jasper-net

Silverlight 5 Released to Web

|
Summary of the features

(from the Silverlight 5 download package)
Improved media support

    Low Latency Audio Playback
    Variable Speed Playback
    H/W Decode of H.264 media
    DRM Key Rotation/LiveTV Playback
    Application-Restricted Media

Improved Text support

    Text Tracking & Leading
    Linked Text Containers
    OpenType and Pixel Snapped Text
    Postscript vector printing
    Performance improvements for Block Layout Engine.

Building next-generation business applications

    PivotViewer
    ClickCount
    Listbox/ComboBox type-ahead text searching
    Ancestor RelativeSource Binding
    Implicit DataTemplates
    DataContextChanged event
    Added PropertyChanged to the UpdateSourceTrigger enum
    Save File and Open File Dialog
    Databinding Debugging
    Custom Markup Extensions
    Binding on Style Setters

Silverlight 5 performance improvements

    Parser Performance Improvements
    Network Latency Improvements
    H/W accelerated rendering in IE9 windowless mode
    Multicore JIT
    64-bit browser support

Graphics improvements

    Improved Graphics stack
    3D

"Trusted Application" model

    Multiple window support
    Full-Trust in-browser
    In-browser HTML support
    Unrestricted File System Access
    P/Invoke support

Tools improvements

    Visual Studio Team Test support


Read more: John Papa
QR: silverlight5rtw

Posted via email from Jasper-net

Батники против эксплойтов

|
Доброго времени суток, многоуважаемый %USERNAME%. Меня зовут Голованов Сергей, и я всё еще являюсь ведущим вирусным аналитиком в «Лаборатории Касперского». Я понимаю, что название этого поста в корпоративном блоге компании может вызвать смех, грусть, а у некоторых даже эпилептический припадок, но дайте мне всё объяснить.

Я понимаю, что для всех батники выглядят как нечто очень простое и со времен AUTOEXEC.BAT уже практически забытое, в то же время эксплойты, если вы конечно не профессиональный исследователь уязвимостей, выглядят очень сложно и практически неправдоподобно, особенно для некоторых разработчиков. Но! В данном посте я постараюсь перевернуть эти представления и рассказать, что всё как будто наоборот. Батники чуть легче и сильнее по функционалу brainfuck'а, а эксплойты не страшнее сортировки пузырьком на basic'е.

...
...

Если копнуть чуть глубже, то оказывается, что в таких эксплойт-паках часто (практически всегда) полезная нагрузка выделяет себе память в процессе жертвы, ищет нужные системные функции, сохраняет файл из интернета на локаль и делает CreateProcess или очень редко — ShellExecute, при этом проблемы повышения привилегий перекладываются на то, что скачали. Всё в принципе просто и понятно. И чего с этим делать? Хватать за пятую точку за слабые места! Во всей этой схеме есть одно уязвимое место: неважно, какое приложение пробили, главное — запустить файл с троянцем. Таким образом, получается, что нам просто-напросто надо сделать так, чтобы на компьютере пользователя лишние файлы не запускались, и сделать это нужно стандартными средствами.

...
...

Батник

Итого: наш батник должен создать пользователя со стандартными правами, затем модифицировать эти права для запуска только определённого ПО и, наконец, сделать это прозрачно и удобно для пользователя. Начнем-с…

1. Создать пользователя. Халява.

net user saferun_user Passw0rd /add

Имя пользователя и пароль здесь указаны только для примера, их надо будет обязательно разбавить %random%’ами, чтобы не оказалась, что у нас у всех пользователей батника одинаковые имена пользователей и пароли на машинах. А то получится этакий Backdoor.Bat.Hren.a, его еще детектировать придется…)))

2. Модифицировать права. Э… а вот тут уже есть проблемы

По-хорошему назначать права на исполнение нужно AppLocker'ом с помощью PowerShell’a, например так:

PS C:\> Get-ApplockerFileInformation -Directory 'C:\Program Files (x86)\Adobe\' -Recurse -FileType Exe | New-ApplockerPolicy -RuleType Publisher -User SafeRun_user -RuleNamePrefix Adobe -Optimize -Xml > Adoby.xml
PS C:\> Set-AppLockerPolicy –XmlPolicy Adoby.xml

Однако, вся эта хитрая хрень «is only available in Ultimate and Enterprise versions of Windows 7». Поэтому как альтернативу в Home версии Windows 7 можно использовать Parental Control (ссылка на форум — я не шучу), который хранит информацию о том, какие программы можно запускать в:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Parental Controls\Users\UID\App Restrictions

Значит, политики в топку, ибо неудобно, будем использовать ACL, тем более что, начиная с Vista’ы, появилась замечательная команда ICACLS. В принципе всё, что написано дальше, может быть спроецировано и на XP c помощью XCACLS, но по умолчанию такой команды в XP нет, и входит она только в пакет Resource Kit.

Итого, в Windows 7 cначала вынесем пользователя из группы по умолчанию, чтобы ограничить его возможности благодаря групповым разрешениям создавать файлы где попало:

net localgroup users saferun_user /delete

Read more: Habrahabr.ru
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=habrahabr.ru/company/kaspersky/blog/137304/

Posted via email from Jasper-net

WPF Validation

|
Validation2.jpg

Introduction

In this article, I have discussed the validation process in WPF. For understanding the validation process, I have created a simple application which divides numbers entered in text boxes and displays the result in a label. If the user enters invalid data, it displays the appropriate error messages.


Background

While dividing two numbers, the most likely issues can be related to handling of non-numeric data and dividing by zero. In this article, I have described how to do data validation for such errors. In this application, I have validated that the user does not enter non-numeric data and zero in the textboxes. I have developed the application using Microsoft Visual C# 2010 Express Edition (Microsoft .NET Framework Version 4.0.21006).
Using the Code

To use the validator function, we must first declare the namespace where it will be found. This is done by adding an attribute for the root Window element as follows:


xmlns:local="clr-namespace:ValidationExample"

The complete XAML code for the window element is as follows:


<Window x:Class="ValidationExample.Window1"
    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
    xmlns:local="clr-namespace:ValidationExample"
    Title="Number Division" Height="300" Width="300"
    Loaded="Window_Loaded">

Read more: Codeproject
QR: WPF-Validation

Posted via email from Jasper-net

Why does it take Task Manager longer to appear when you start it from the Ctrl+Alt+Del dialog?

|
Amit was curious why it takes longer for Task Manager to appear when you start it from the Ctrl+Alt+Del dialog compared to launching it from the taskbar.

Well, you can see the reason right there on the screen: You're launching it the long way around.

If you launch Task Manager from the taskbar, Explorer just launches taskmgr.exe via the usual Create­Process mechanism, and Task Manager launches under the same credentials on the same desktop.

On the other hand, when you use the secure attention sequence, the winlogon program receives the notification, switches to the secure desktop, and displays the Ctrl+Alt+Del dialog. When you select Task Manager from that dialog, it then has to launch taskmgr.exe, but it can't use the normal Create­Process because it's on the wrong desktop and it's running under the wrong security context. (Because winlogon runs as SYSTEM, as Task Manager will tell you.)

Read more: The Old New Thing
QR: 10261611.aspx

Posted via email from Jasper-net

Enabling SSL for a WCF Service

|
Last week a reader mailed me with some questions about my “WCF over HTTPS” blog post, which I wrote almost 3 years ago.

I created some sample code to help him enable SSL for a WCF service. Last year this was my most popular article, so I thought it would make sense to create a new up-to-date version that shows you step-by-step how to enable SSL for a WCF service with as little fuss as possible.

Let’s get started…

Table Of Contents

    Introduction
    Step 1 – The Service
    Step 2 – Configuration
    Step 3 – Hosting The Service
    Step 4 – SSL Certificate
    Step 5 – Enable SSL
    Step 6 – Consume The Service

Step 1 – The Service

First we are going to create a simple and easy-to-use WCF service. Start up Visual Studio 2010 and create a new blank solution called “SslEnabledWcfService”. Next add a new class library project to it called “CustomerService”.

Read more: Christophe Geers' Blog
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://cgeers.com/2012/01/30/enabling-ssl-for-a-wcf-service/

Posted via email from Jasper-net

MVVMLight Hello World in 10 Minutes.

|
Getting Started

    Firstly, start VS2010, and create a new WPF project.
    Ensure that you have Nuget installed.
    Manage Nuget Package References and add ‘MVVM Light’

MVVM Light has now added a ViewModel folder containing the MainViewModel and the ViewModelLocator.
Edit the Main Window

Simply add a button, and defer the DataContext binding to the ViewModelLocator (elided):


<Window x:Class="MvvmLightTest.MainWindow"
        DataContext="{Binding Main, Source={StaticResource Locator}}">
    <Grid>
        <Button Command="{Binding ShowPopUp}" Content="Show Pop Up" />
    </Grid>
</Window>

Then in the MainViewModel we define the ShowPopUp command:


public class MainViewModel : ViewModelBase
{
    public MainViewModel()
    {
        ShowPopUp = new RelayCommand(() => ShowPopUpExecute(), () => true);
    }

    public ICommand ShowPopUp { get; private set; }

    private void ShowPopUpExecute()
    {
        MessageBox.Show("Hello!");
    }
}

Read more: Codeproject
QR: MVVMLight-Hello-World-in-10-Minutes

Posted via email from Jasper-net

Analyzing a .NET executable or DLL without .NET installed

|
image002.jpg

Introduction

This article describes how to add to a Win32 API, C++ application, the ability to browse for executables (.exe) files, and to determine whether they are .NET ones, and if so, to analyze their classes and display a list of them, without having .NET installed on the machine running it.


Background

.NET executables can be easily analyzed, and each class can be enumerated. However, some users prefer not to install the .NET Framework because they don't need it or because it is quite heavy. There seems to be a need to allow applications that are not .NET based, to analyze .NET executables.


The Application

The application works very simple. You run it.

list<string> CPEParser::GetDotNetClassName(string filePathName)
{
    list<string> lString;
    HANDLE hFile = CreateFile(filePathName.c_str(),
                              GENERIC_READ, FILE_SHARE_READ, NULL,
                              OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL);

    HANDLE hMapFile = CreateFileMapping(hFile, NULL, PAGE_READONLY, 0, 0, "NetExe");
    SYSTEM_INFO systemInfo;
    GetSystemInfo(&systemInfo);
   
    char *pFileBase = (char *)MapViewOfFile(hMapFile, FILE_MAP_READ, 0, 0, 0);
    IMAGE_DOS_HEADER *pImageDosHeader = reinterpret_cast<IMAGE_DOS_HEADER *>(pFileBase);
    IMAGE_NT_HEADERS *pImageNTHeader  =
      reinterpret_cast<IMAGE_NT_HEADERS *>(pFileBase + pImageDosHeader->e_lfanew);
    IMAGE_FILE_HEADER *pImageFileHeader =
      reinterpret_cast<IMAGE_FILE_HEADER *>(&pImageNTHeader->FileHeader);
    IMAGE_OPTIONAL_HEADER *pImageOpHeader =
      reinterpret_cast<IMAGE_OPTIONAL_HEADER *>(&pImageNTHeader->OptionalHeader);

    IMAGE_DATA_DIRECTORY *entry =
      &pImageOpHeader->DataDirectory[IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR];
    if(entry->Size == 0 || entry->Size < sizeof(IMAGE_COR20_HEADER) ||
       entry->VirtualAddress == 0)
    {
        return lString;
    }

    IMAGE_COR20_HEADER *pClrHeader = reinterpret_cast<IMAGE_COR20_HEADER *>(
                ImageRvaToVa(pImageNTHeader, pFileBase, entry->VirtualAddress, 0));
    char *pMetaDataAddress = reinterpret_cast<char *>(ImageRvaToVa(
          pImageNTHeader, pFileBase, pClrHeader->MetaData.VirtualAddress, 0));
    int mdSignature       = *(reinterpret_cast<int *>(pMetaDataAddress));
    short majorVersion    = *(reinterpret_cast<short *>(pMetaDataAddress + 4));
    short minorVersion    = *(reinterpret_cast<short *>(pMetaDataAddress + 6));
    int reserved          = *(reinterpret_cast<int *>(pMetaDataAddress + 8));
    int length            = *(reinterpret_cast<int *>(pMetaDataAddress + 12));
   
    string version;

    for(int i = 16; i < (length + 16); i++)
    {
        version.append(1, *(reinterpret_cast<char *>(pMetaDataAddress + i)));
    }
   
    int reserved2     = *(reinterpret_cast<short *>(pMetaDataAddress + 16 + length));
    int streams       = *(reinterpret_cast<short *>(pMetaDataAddress + 18 + length));
    int i16Length     = 20 + length;
    list<StreamHeader>   lStreamHeader;

    GetStreamHeaders(pMetaDataAddress, i16Length, lStreamHeader, streams);

    //read meta data table
    char *pMetaDataTable = pMetaDataAddress + GetMetaData(lStreamHeader, "#~")->offset;
    int reserved3         = *(reinterpret_cast<int *>(pMetaDataTable));
    char majorVersion1   = *(pMetaDataTable + 4);
    char minorVersion1   = *(pMetaDataTable + 5);
    char HeapOffSetSize  = *(pMetaDataTable + 6);
    char reserved4  = *(pMetaDataTable + 7);
    int valid1      = *(reinterpret_cast<int *>(pMetaDataTable + 8));
    int valid2      = *(reinterpret_cast<int *>(pMetaDataTable + 12));
    int sort1       = *(reinterpret_cast<int *>(pMetaDataTable + 16));
    int sort2       = *(reinterpret_cast<int *>(pMetaDataTable + 20));

Read more: Codeproject
QR: Analyzing-a-Net-executable-or-DLL-without-NET-inst

Posted via email from Jasper-net

Microsoft Format and Specification Documentation Refresh ("Significantly changed technical content") [Updated: Includes updates for Office 15 Technical Preview ]

|
Microsoft Office File Formats Documentation

    The Microsoft Office file formats documentation provides technical specifications for Microsoft proprietary file formats that are implemented and used in the Microsoft Office system.

Microsoft Office Protocol Documentation

    The Office protocol documentation provides technical specifications for Microsoft proprietary protocols that are implemented and used in the Microsoft Office system.

Microsoft Exchange Server Protocol Documentation

    The Microsoft Exchange protocol documentation provides detailed technical specifications for the Microsoft protocols that are implemented and used by Microsoft Exchange to interoperate or communicate with other products. It also provides technical specifications for extensions to industry-standard and other published protocols that are used by Microsoft Exchange.

Microsoft Exchange and Microsoft Outlook Standards Documentation

    The Microsoft Exchange and Microsoft Outlook standards documentation describes how Exchange and Outlook support industry messaging standards and Requests for Comments (RFCs) documents about iCalendar, Internet Message Access Protocol – Version 4 (IMAP4), and Post Office Protocol – Version 3 (POP3).

Read more: Greg's Cool [Insert Clever Name] of the Day
QR: microsoft-format-and-specification.html

Posted via email from Jasper-net

Bubbles

|
Recently one of our customers asked about how to implement a conversation display similar to the iOS SMS/Messages display. You can find the BubbleCell sample in our Github repository.

This is what the conversation looks like:

c38c418a.png


To implement this, I used iOS's UITableView as it already provides a lot of the functionality that we need for this. What I did was to write a custom UITableViewCell that can render bubbles with their text.

I wrote both a MonoTouch.Dialog Element that you can host in your DialogViewController as well as a custom UITableCellView which can be reused by those using UITableViews directly.

This is how you could populate the initial discussion inside MonoTouch.Dialog:
Section chat;

var root = new RootElement ("Chat Sample") {
  (chat = new Section () {
    new ChatBubble (true, "This is the text on the left, what I find fascinating about this is how many lines can fit!"),
    new ChatBubble (false, "This is some text on the right"),
    new ChatBubble (true, "Wow, you are very intense!"),
    new ChatBubble (false, "oops"),
    new ChatBubble (true, "yes"),
  })
};

Read more: Miguel's OSX and iOS blog
QR: Jan-30.html

Posted via email from Jasper-net

Using the Windows 7 USB Download tool (the ISO to USB drive utility) for any ISO file

|
As notebooks, netbooks and slates get thinner, smaller, and more power-conscious, optical drives that can read and write to a bootable DVD have now become a peripheral device rather than a built-in. This makes it difficult to install software from a DVD, and even more problematic when you want to wipe the device and install a new OS. For these devices, installing software that you download as a compressed .iso file from a SD card or USB flash memory device is fast and cheap and a great alternative to buying an external optical reader. This is particularly useful to developers since most (if not all) of the software available via MSDN and DreamSpark is only available for download in the .iso format. Unfortunately there are not a lot of turn-key tools out there for burning from an .iso to a USB memory device.

Microsoft has created the Windows 7 USB Download Tool which is really nice if your .iso is a Windows 7 operating system, but it fails when you try to use it with any other .iso. While searching for a work-around, I found this great blog post by Rafael Rivera with an explanation for why the Windows 7 USB Download tool won’t work with every .iso file:

Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Using the Windows 7 USB Download Tool with ANY .iso file
QR: using-the-windows-7-usb-download-tool-with-any-iso-file.aspx

Posted via email from Jasper-net

MVVM Light template and WCF services (or any ASP.NET application for that matter)

|
I was recently made aware of a couple of people having issues with WCF services (or ASP.NET applications) when using the MVVM Light project template for Silverlight. There is a blog post and a StackOverflow question, so what exactly is happening there?

Well in fact it is pretty simple when you know how Silverlight connects to web services. Due to the security model of Silverlight, the application cannot connect to a web site if it is not originating of this very website. In laymen’s terms, it means that the application can only connect to a web server if it also comes from the same webserver. For example, if the Silverlight application is served by http://www.galasoft.com, it won’t be able to connect to, say, http://www.cnn.com without getting an exception. We talk about cross-domain access restrictions.

Of course there are ways around that, for instance a website can specifically give access to Silverlight applications through a configuration file.

In the case that concerns us, it is exactly what is happening. You see, the MVVM Light Silverlight project template creates a Silverlight application without an ASP.NET host. I didn’t add one because I didn’t want to complicate the template too much. And also, to be honest, because adding a web project is super easy, but of course only if you know how to do, and this is exactly what we will do here!
Creating the application

The steps to create the application and the WCF service are as follows:

    Create the MVVM Light application using the MVVM Light project template for Silverlight.
    Right click on the solution in the Solution Explorer and select "Add, New Project from the context menu.
    From the WCF category, select a WCF Service Application and create it.
    Build the application.
    Right click on the MVVM Light project and select Add Service Reference from the context menu.
    In the Add Service Reference dialog, click on Discover.
    Make sure that the found service is the one you want to connect to, and click on OK.
    In the MVVM Light application, open the file Model/DataService.cs and modify the code as follows:

Read more: Laurent Bugnion (GalaSoft)
QR: mvvm-light-template-and-wcf-services-or-any-asp.net-application.aspx

Posted via email from Jasper-net

Store Unicode in MySQL

|
This article will be useful when you are dealing with the multilingual site with database driven content. While dealing with multilingual website you may have faced the problem of data is not being either saved or retrieved properly.

So what could be the reason for this? The reason is, you have not set proper Character set and Collation for the database and tables.

So to make your database able to store unicode characters you need to make sure that you have covered below points:

1) Your Database Collation should be utf8_general_ci.
2) Your Table Collation should be utf8_general_ci.
3) Your Field in which you want to store Unicode should have utf8_general_ci collation.

Let’s see how to set above things.

1) Set Database Collation and Character Set

If you are not sure about my ealier article then you would like to refer my earlier article which show ways to change the MySQL Database Collation. For now if you want to want to change the database collation then you need to execute below query in your query browser.

   ALTER SCHEMA `schema_name` DEFAULT CHARACTER SET utf8
   COLLATE utf8_general_ci;

2) Set Table Collation and Character Set

After setting up the Database Collation and Character set, you need to change the Table Collation and Character Set in same manner. Have a look at below image for more information on how to set the Table Collation and Character set.

  ALTER TABLE  `table_name` DEFAULT CHARACTER SET utf8
  COLLATE utf8_general_ci;

Read more: XpertDevelopers
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.xpertdeveloper.com/2012/01/store-unicode-in-mysql/

Posted via email from Jasper-net

How to Write a WinRT XAML Metro App

|
142017_fig1_VS11_NewProject-SM.jpg

For anyone paying attention to the Microsoft space since September 2011, Windows Runtime (WinRT) has been a hot topic among the developer crowd as the platform for developing the next generation of Windows 8 immersive applications. The most exciting thing about WinRT is that both today's web developers and XAML developers have a place in this new environment: WinRT runs just as well when using HTML5 and JavaScript as it does when using XAML and C#. This means that, a few API changes aside, skill reuse is at a maximum. Anyone who is currently working with Silverlight or Windows Presentation Foundation (WPF) should have no problem transitioning into WinRT.

With that in mind, let's take a closer look at WinRT. In this article, we will first explore one of the pre-defined templates in WinRT to see how it compares with the XAML we know today. Then we will start a new application from scratch using our existing XAML and C# skills.
Diving In

The first step in creating any application for WinRT is to open Visual Studio. With the Windows 8 Developer Preview, we also received access to the Visual Studio 11 Express Developer Preview, giving us everything we need to develop, run, and debug a WinRT application even in this early stage of WinRT's life. Opening Visual Studio 11, we are presented with a familiar start screen, so we can click New Project to see what templates are installed with Visual Studio 11. Figure 1 shows the New Project screen.

Read more: DevProConnections
QR: winrt-xaml-metro-142017

Posted via email from Jasper-net

Currying vs partial function application

|
This is a slightly odd post, and before you read it you should probably put yourself into one of three buckets:

    Someone who doesn't care too much about functional programming, and finds higher order functions tricky: feel free to skip this post entirely.
    Someone who knows all about functional programming, and already knows the difference between currying and partial function application: please read this post carefully and post comments about any inaccuracies you find. (Yes, the CAPTCHA is broken on Chrome; sorry.)
    Someone who doesn't know much about functional programming yet, but is interested to learn more: please take this post with a pinch of salt, and read the comments carefully. Read other articles by more experienced developers for more information.

Basically, I've been aware for a while that some people use the terms currying and partial function application somewhat interchangably, when they shouldn't. It's one of those topics (like monads) which I feel I understand to some extent, and I've decided that the best way of making sure I understand it is to try to write about it. If it helps the topic become more accessible to other developers, so much the better.
This post contains no Haskell

Almost every explanation I've ever seen of either topic has given examples in a "proper" functional language, typically Haskell. I have absolutely nothing against Haskell, but I typically find it easier to understand examples in a programming language I understand. I also find it much easier to write examples in a program language I understand, so all the examples in this post are going to be in C#. In fact, it's all available in a single file - that includes all of the examples, admittedly with a few variables renamed. Just compile and run.

C# isn't really a functional language - I know just about enough to understand that delegates aren't really a proper substitute for first class functions. However, they're good enough to demonstrate the principles involved.

While it's possible to demonstrate currying and partial function application using a function (method) taking a very small number of parameters, I've chosen to use 3 for clarity. Although my methods to perform the currying and partial function application will be generic (so all the types of parameters and return value are arbitrary) I'm using a simple function for demonstration purposes:
static string SampleFunction(int a, int b, int c)
{
    return string.Format("a={0}; b={1}; c={2}", a, b, c);
}

So far, so simple. There's nothing tricky about that method, so don't look for anything surprising.
What's it all about?

Both currying and partial function application are about converting one sort of function to another. We'll use delegates as an approximation to functions, so if we want to treat the method SampleFunction as a value, we can write:
Func<int, int, int, string> function = SampleFunction;

This single line is useful for two reasons:

    Assigning the value to a variable hammers home the point that it really is a value. A delegate instance is an object much like any other, and the value of the function variable is a reference just like any other.
    Method group conversions (using just the name of the method as a way of creating a delegate) doesn't work terribly nicely with type inference when calling a generic method.


Read more: Jon Skeet: Coding Blog
QR: currying-vs-partial-function-application.aspx

Posted via email from Jasper-net

Improve WCF services testability with simple Dependency Injection

|
Dependency injection is a great technique to reduce coupling between components and improve testability. There are few techniques we can create dependency injections, you can use a framework like MEF or spring to Automate dependency injection but I personally favor manually injected dependencies. call me old fashion, but I like creating object via simple constructor calls (most of the time).

This is really straight forward most of the time but when dealing with WCF services there is a slight complexity to take in to consideration. In most scenarios WCF is in charge of instantiating the service class (the only exception here is with single instance context mode, where we can supply ServiceHost with a ready made instance of our service class).

Lately I have come across a really cool (and simple) option in WCF Web API. The WCF Web API supply an HttpConfiguration API that exposes a CreateInstance delegate we can use to manually create a new instance of our service class:
HttpConfiguration config = new HttpConfiguration();
config.CreateInstance = (type, context, message) =>
{
    IPlayersDal dal = new PlayersDal();
    return new PlayersCURD(dal);
};

var factory = new HttpServiceHostFactory() { Configuration = config };

While this API is cool, it can only be used for http based services (using the WCF Web API). I really felt like using something like that in a SOAP based project I am currently working on so I figured what the hack, I can create the similar solution (source code can be found here) for any WCF service host out there.

The first stop was creating an IExtension<ServiceHostBase> that can transport the delegate down the WCF pipeline:
class InstanceInitializerExtension : IExtension<ServiceHostBase>
{
    public Func<object> InstanceInitializer;

    public void Attach(ServiceHostBase owner)
    {
    }

    public void Detach(ServiceHostBase owner)
    {
    }
}


Read more: I'm on a mission from God object
QR: improve-wcf-services-testability-with-simple-dependency-injection.aspx

Posted via email from Jasper-net

Правоохранительные органы закрыли ex.ua

|
По непроверенной информации самый крупный украинский сервис хранения информации EX.UA закрыт для интернет-аудитории. Неизвестные сотрудники правоохранительных огранов изъяли 200 серверов с общим объемом нелегального контента более 6000 терабайт. Кроме того, остановлено обслуживание и домена EX.UA. По данным пользователей, файлообменник функционировал в понедельник вечером и утром во вторник.

Хотя уже вчера некоторые украинские пользователи не могли попасть на сайт, так как там стояло ограничение доступа по IP-адресам.

Так же стало известно, что доменное имя EX.UA было снято с обслуживания.

Read more: Habrahabr.ru
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=habrahabr.ru/blogs/patent/137367/

Posted via email from Jasper-net

שבע סיבות לעזוב הכל ולהקים סטארטאפ בהודו

| Tuesday, January 31, 2012
במהלך השנים נפגשתי עם הרבה יזמים וכאלו שרוצים להיות יזמים. בשלב הראשוני, מדובר לרוב בצוות של שניים עד חמישה אנשים מוכשרים, או מוכשרים לכאורה, עם רעיון ומוכנות להקדיש לו זמן. אך זמן צריך יותר ממה שנדמה בתחילה וזמן אינו השיקול היחידי. אני מדבר בעיקר על המרתון הראשוני של פיתוח אב הטיפוס. הוכחת היתכנות. מרתון קשה שהרבה לא מגיעים לסופו. למען כמה חודשים של צירי לידה למיזם, יש לי הצעה אחרת בשבילכם. טוסו להודו מחר ותתחילו את הסטארטאפ שלכם. לא, לא לסיליקון וואלי. כן, דווקא להודו.

"למה” אתם שואלים? כי זו הודו.


סיבה 1: זול לחיות ולהנות בהודו

נדמה כי רבים מהיזמים בישראל נמצאים במעמד כלכלי בינוני כזה או אחר. לפחות אלו שלא עשו אקזיט עדיין. שיקולי עלות המחייה, על אף חשיבותם, תופסים מקום גדול מידי בהחלטה על פתיחת הסטארטאפ וכן על החלטות הרות גורל להמשכו.

אני כרגע כותב אליכם מחדר נוח במיוחד בגואה, הכולל מרפסת וגינה במרחק של ארבע דקות הליכה מחוף פאלולים שהוא אחד החופים היפים בגואה. העלות שלו יקרה יחסית להודו כיוון שמדובר בגואה ובשיא העונה. אני אוכל את רוב ארוחותי במסעדות והמחירים "מופקעים בטירוף" כיוון שמדובר באזור תיירותי. כל הפינוקים האלו מאפשרים לי להקדיש את מירב תשומת הלב לפיתוח אתר האספנות קולנקט מהמרפסת וכן לנסות ליצור קשרים עסקיים עם אנשים אקראיים שאני פוגש בדרך. סכום הכסף שאני מוציא על ההההכל פה, ספק אם היה מספיק לי לשכור אפילו מחסן קטן ורעוע בפתח-תקוה.

היתרון הגדול של מחייה בזול היא שיש הרבה פחות לחץ למשוך משכורת מהסטארטאפ. כאשר אתה מחשב את החיים שלך ברופי ואילו את הסטארטאפ בדולרים או שקלים, היעדר הלחץ מפנה מקום לפיתוח נטו. לרחשם של הגלים ובצילם של העצים יש מספיק מרחב נשימה להרגע ולהמשיך הלאה – לקדם.

סיבה 2: תתחברו לניתוק

אני אוהב את המשפחה והחברים שלי. כל כך אוהב אותם שלעיתים תכופות מידי הם נמצאים במקום גבוה יותר בסדר העדיפויות שלי מהסטארטאפ. סטארטאפ בתחילתו הוא כמו תינוק. התינוקות הרגילים מגיעים באופן טבעי וצריך רק לתת להם ולהצליח לשרוד את התהליך. פה אנחנו מדברים על תינוק עשה-זאת-בעצמך שאתה צריך להרכיב ידנית ואז איכשהו להקים לתחיה בסופו של דבר. סטארטאפ זקוק למירב תשומת הלב שלכם. המחלקה לפתרון בעיות במוח שלך צריכה להיות מוקדשת באופן בלעדי ככל הניתן למיזם. כשאתם קרובים פיזית אל הקרובים ללבכם כל ענייניהם היומיומיים נוגסים בהתקדמות המיזם. כשאתם רחוקים, שיחת סקייפ פעם בשבוע וכמה מיילים מספיקים.

Read more: newsGeek
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=www.newsgeek.co.il/startup-in-india/

Posted via email from Jasper-net

Shmoocon Demo Shows Easy, Wireless Credit Card Fraud

|
   [Security researcher Kristin] Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer's credit card onstage and obtained the card's number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer's money with the counterfeit card she'd just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.) ... A stealthy attacker in a crowded public place could easily scan hundreds of cards through wallets or purses.

Read more: Slashdot
QR: shmoocon-demo-shows-easy-wireless-credit-card-fraud

Posted via email from Jasper-net

Codecademy Becomes A Platform: Now Anyone Can Write Programming Tutorials

|
One of the most buzzed-about startups over the last few months has been Codecademy — a site that looks to make programming accessible to just about anyone, with a variety of interactive, web-based courses that have users writing their first lines of code within a few seconds. The site’s ‘Code Year’ program, which invites users to receive one programming lesson each week, racked up a whopping 100,000 signups in only 48 hours — and it even has the White House on board.

But, as anyone who has spent much time on the site can attest to, Codecademy has had one big problem: there just aren’t that many lessons available. And the ones that are on there sometimes seem to be moving too quickly, without many practice exercises to explore and reinforce what you’ve just learned.

Today, the company is launching a feature that will go a long way toward fixing that. Meet the Codecademy Course Creator.

Read more: Techcrunch
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=techcrunch.com/2012/01/30/codecademy-becomes-a-platform-now-anyone-can-write-programming-tutorials/

Posted via email from Jasper-net

Monster Logs

|
elsa_basic.png

This is a guest blog post from Martin Holste. He's been a great participant in our community and lead developer of the log search utility; ELSA. We asked him to do a guest blog post because we think ELSA is so important to give security analysts better visibility into their Bro logs.

One of Bro's greatest strengths is the massive amount of incredibly detailed information it produces that describes exactly what's taking place on your network. It does all of this by default, with no extra configuration or tuning required. Then on top of that, it provides a framework for creating advanced IDS signatures. This is an amazing thing, but the benefit is only as good as the extent to which the security or IT staff is able to make use of the data. Here is an example line of output from Bro:

1322829241.041505 drj3tWq4mu8 10.236.41.95 63714 198.78.209.254 80 HTTP::MD5 10.236.41.95 c28ec592ac13e009feeea6de6b71f130 http://au.download.windowsupdate.com/msdownload/update/software/secu/2011/01/msipatchregfix-amd64_fdc2d81714535111f2c69c70b39ed1b7cd2c6266.exe c28ec592ac13e009feeea6de6b71f130 10.236.41.95 198.78.209.254 80 - worker-0 Notice::ACTION_LOG 6 3600.000000 - - - - - - - - -

There are many currently available methods for making sense of this output. Most of those methods involve variations of using text utilities to search and format the log data into an output that is requested. The problem with this is that for large installations, scalability quickly becomes an issue. To start with, combining logs from multiple servers is non-trivial if a single location does not have enough disk space to store all of the logs. Even if you can get all of the logs in one location, grepping through the hundreds of Gigabytes per day per sensor that Bro can produce in large environments is prohibitively inefficient.

How much does Bro log? A large network with tens of thousands of users will generate a few thousand HTTP requests per second during the day. Bro will create many logs describing this activity, namely, per request:

    1 HTTP connect log
    1 DNS log (when a lookup is necessary)
    1 Notice log (if an executable is downloaded)
    2 Connection logs (TCP for HTTP, UDP for DNS)
    1 Software inventory log (if this client hasn't been seen before)


That's a total of six logs for just one HTTP request. If the network is seeing 2,000 requests per second, that's 12,000 logs per second (about one billion per day). The logs average about 300 bytes, which means this is about 3.6 MB/sec of logs. That's about 311 Gigabytes of logs per day (if the rate were constant). Text utility speeds vary greatly, but searching even a few Gigabytes of data will take many seconds or minutes. Searching 311 Gigabytes will take hours.

To put this in perspective, if we assume that a single log entry is represented by a stalk of hay, and a stalk of hay is 50 grams, and a hay bale contains 1,000 stalks for 50 kg, then one billion logs would take 1,000,000 bales. If a bale is one meter long and half a meter wide, that would be 500 square kilometers of hay to search through, per day. That's a haystack of 15,000 square kilometers per month (about five times the size of Rhode Island) to search through for a given log.

Constant Time

Enter ELSA: the open-source project for Enterprise Log Search and Archive. ELSA (http://enterprise-log-search-and-archive.googlecode.com) is capable of receiving, parsing, indexing, and storing logs at obscene rates. It provides an easy to use full-text web search interface for getting that data into the hands of analysts and customers. In addition to basic search, ELSA provides ways to report on arbitrary fields such as time, hostname, URL, etc., email alerts for log searches, and a mechanism for storing and sharing search results.

Read more: Bro blog
QR: monster-logs.html

Posted via email from Jasper-net

How to Use Wireshark to Capture, Filter and Inspect Packets

| Monday, January 30, 2012
wireshark-header.png

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.

This tutorial will get you up to speed with the basics of capturing packets, filtering them and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network or troubleshoot network problems.
Getting Wireshark

You can download Wireshark for Windows or Mac OS X from its official website. If you’re using Linux or another UNIX-like system, you’ll probably find Wireshark in its package repositories. For example, if you’re using Ubuntu, you’ll find Wireshark in the Ubuntu Software Center.
Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.

Read more: How-to geek
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.howtogeek.com/104278/how-to-use-wireshark-to-capture-filter-and-inspect-packets/

Posted via email from Jasper-net

Getting Started with HTML5

|
The web is constantly evolving. New & innovative web applications are being created every day, pushing the boundaries of HTML in every direction. To give developers more flexibility and interoperability, and enable more interactive and exciting websites and applications, HTML 5 is introduced. It enhances a wide range of features including form controls, APIs, multimedia, structure, and semantics.

Read more: TheIdeaLab
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.theideallab.com/productivity/html5/getting-started-with-html5/

Posted via email from Jasper-net

The dirty secret of browser security #1

|
Here's a curiousity that's developing in modern browser security: The security of a given browser is dominated by how much effort it puts into other peoples' problems.

This may sound absurd at first but we're heading towards a world where the main browsers will have (with a few notable exceptions):

    Rapid autoupdate to fix security issues.

    Some form of sandboxing.

    A long history of fuzzing and security research.

These factors, combined with an ever more balanced distribution of browser usage, are making it uneconomical for mass malware to go after the browsers themselves.

Enter plug-ins

Plug-ins are an attractive target because some of them have drastically more market share than even the most popular browser. And a lot of plug-ins haven't received the same security attention that browsers have over the past years.

The traditional view in security is to look after your own house and let others look after theirs. But is this conscionable in a world where -- as a browser vendor -- you have the power to defend users from other peoples' bugs?

As a robust illustrative point, a lot of security professionals recently noticed some interesting exploit kit data, showing a big difference in exploitation success between Chrome (~0%) and IE / Firefox (~15%).


Read more: Security
QR: dirty-secret-of-browser-security-1.html

Posted via email from Jasper-net

Context Free: язык для генерации изображений

|
3d5ad32df84501b9745674c0810d67b2.jpg

Эта картина сгенерирована программой Context Free по следующему описанию:

startshape T
// FLIGIZ
background{b -1}
tile {s 2.5}
rule T {3*{r 120 hue 30}S{x .3}}
rule S 3{CIRCLE{hue 30}4*{r 20 b.007 sat .1}S[s.3.7y.9]}
rule S {CIRCLE{hue 15}9*{r 20 b.05 hue -3}S[s.3.7y.9]}
rule S {S{flip 90}}


Для описания изображений в программе Context Free используется язык программирования CFDG с контекстно-свободной грамматикой, созданный специально для генерации изображений. Грубо говоря, это набор базовых правил со всего двумя терминалами CIRCLE и SQUARE. Рендеринг осуществляется с помощью библиотеки Anti-Grain Geometry Максима Шеманарева.

Read more:  Habrahabr.ru
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=habrahabr.ru/blogs/image_processing/137264/

Posted via email from Jasper-net

Working With the Encryption Password Function in MySQL

|
In MySQL server we have to explain the password function() and how it will recover a password in its string form. The password function is mainly used for authentication. The password function encrypts the string into a binary form. Recover a password in text form and set the old password and select it in the text form. The password function returns it in string form and restores a password in plain text. Password also stores as a record on server.

In the following figures we have a database table "employees" and use it with some query with showing result such as follows.

mysql-> select * from myworld;

img%201.gif

Read more: C# Corner
QR: http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://www.c-sharpcorner.com/UploadFile/65fc13/working-with-password-encryption-function-in-mysql/

Posted via email from Jasper-net

Templating a XAML CheckBox to a thumbs-up/down control using Expression Blend

|
The checkbox has been been around in the Graphical User Interface for as long as I can remember doing GUI – since the early 90’s I guess. You know what, let’s make that “it’s been around for longer than I care to remember” ;). For my newest Windows Phone project I wanted something different. In stead of boring old 

checkbox_thumb.png?imgmax=800

I wanted something like this:

thumbsupdown_thumb.png?imgmax=800
Turns out you can do this in pure XAML. And almost entirely in Expression Blend, too. I could just post the XAML and be done with it, but I like to document the track I took, not only to educate you, but also to remember myself how the hell I got here in the first place ;-).

Setting the stage

    Open Visual Studio 2010
    Create a new Windows Phone 7 (7.1 of course!) project,
    Make a folder “icons”build actions
    Download this image to your computer
    Paste it in the “icons” folder in Visual Studio
    Double check the image’s properties, they should be as showed to the right.
    Save the project

Read more: Microsoft .NET by Example
QR: templating-xaml-checkbox-to-thumbs.html

Posted via email from Jasper-net

How to implement communication between Silverlight and the HTML host.

|
A question about intercommunication between Silverlight and the HTML host has been asked in the Israeli MSDN forum.

Since I’ve already implemented it once in a project, I believe I can extract the great info already exist in the MSDN documentation to a more direct how-to.

Let’s begin.

    Create a class called JavaScriptBridge
    Each method that you would like to be exposed to the HTML host, thus be possible to get called by JavaScript you adorn with [ScriptableMember] attribute.

    [ScriptableMember()]
    public void DoSomething(int a, int b)
    {

    }


    Inside the App.xaml.cs, on the Application_startup event handler, register the an instance of the bridge

            private void Application_Startup(object sender, StartupEventArgs e)
            {
                this.RootVisual = new MainPage();
                JavaScriptBridge javaScriptBridge = new JavaScriptBridge();

                HtmlPage.RegisterScriptableObject("bridge", javaScriptBridge);


            }


    We are done with Silverlight side, now we move on to the HTML host, locate the aspx file (usually) that contains the Silverlight object. In this page you will notice that it is represented as an <object> tag. Insert an event handler for the onLoad event of the object.

    <param name="onLoad" value="pluginLoaded" />


Read more: Ariel's Remote Data Center
QR: how-to-implement-communication-between-silverlight-and-the-html-host.aspx

Posted via email from Jasper-net

Kibloc – Real time, distance based object tracking and counting using Kinect

|
image_thumb%25255B6%25255D.png?imgmax=800

This weekend hack is a small Kinect application - Kibloc is a physical object counter/tracker using Kinect.

Kinect for Windows SDK (Download) is pretty intuitive (I’m using Version 1.0 Beta 2 for this), and you may use the same to develop pretty cool applications using Microsoft Kinect. In this post, we’ll be focusing on implementing a quick real time blob counter using Kinect depth data, for counting and tracking objects in front of the sensor. This is a basic demo, but as you can imagine, this has got a couple of pretty hot real life use cases.  As a heads up, the source code is at http://kibloc.codeplex.com/ and keep it handy when you read along. Ensure you’ve the NuGet Packages in packages.config

Here is the video that demonstrates real time, distance based blob tracking.

Read more: amazedsaint's #tech journal
QR: kibloc-kinect-based-real-time-distance.html

Posted via email from Jasper-net