.NET Information center: 02/01/2010

Sunday, February 28, 2010

Online Bankers Get Free Security Software From HSBC…

HSBC online bank customers are being offered free software to help protect them from hackers.
The software, (called Rapport) from the Trusteer company, runs on both Apple Macintosh on PC computers, will prevent hackers hijacking, or getting data via the browser the customer is using.
The Rapport program is designed to work alongside anti-virus and firewall programmes, giving additonal protection, rather than replacing it.
The director of HSBC’s digital security, Nick Staib, stated that the programme is being downloaded and used by a high percentage of HSBC’s online banking users.
“Download rates have surpassed our most optimistic expectations. I am delighted that so many customers share our interest in keeping personal and banking details safe,” he said.

Read more: Suaju Software News
Official site: Trusteer

Posted via email from jasper22's posterous

Android memory usage analysis slides available

Yesterday, I gave a talk at the mobile monday android developer day in Düsseldorf.The slides about analysing the memory usage of android applications with the Eclipse Memory Analyzer are available now. Note it might be worth to download the pdf because it contains some notes.
The slides should be interesting for general java developers, not only for android developers.

Firefox: 46 features you might not know about

Ever since the release of Firefox 3 we’ve been doing a lot of work to add new capabilities for web developers. We thought it would be worth it to make a post that actually listed all of the features that we knew about and people might not know about. This contains everything that we’ve done over the last three releases or so, but calls out stuff that’s new in 3.6.

Enjoy!

CSS

@font-face
Display online fonts (supports WOFF and TTF fonts)
pointer-events
Click through elements
:-moz-locale-dir(ltr/rtl)
Know if you are in a ltr or rtl context
:indeterminate pseudo-class
For “indeterminate” radio and checkboxes
Media Queries
Select CSS depending on the media (size, aspect-ratio, colors, orientation, resolution). has new classes to detect if you’re on a touch device.
Structural pseudo-classes
:nth-child, :nth-last-child, :nth-of-type, :nth-last-of-type, …
-moz-border-radius
Rounded borders
CSS Transforms
Scale, translate, skew and rotate your elements
CSS Gradients
Use linear and radial gradients as backgrounds
Multiple Background
Use images, gradients and other items all as part of the same background
Background size
Define the size of your background images

70 Rich Web Apps Of 2009

Adobe BrowserLab
An easier and faster solution for cross-browser testing. You can preview and test your web pages on leading browser and operating systems. This will help you get your results in real time, from virtually any computer connected to the internet.

Notable
Are you stuck sharing feedback in text documents and email? Notable makes it possible to put your feedback directly on the webpage, highlighting your points exactly. With Notable you can quickly and easily give feedback on design, content, and code on any page of a website or application without leaving your browser.

Google Calendar
With Google’s free online calendar, it’s easy to keep track of life’s important events all in one place. With Google Calender, you can let your family and friends see your calendar, and view schedules that others have shared with you. You can get event reminders via email or have text messages sent right to your mobile phone.

7 of the Best Free Linux Configuration Management Tools

System administrators are responsible for the maintenance and operation of a computer system and network. This is a major task with a huge number of decisions to be made regarding the configuration of the system.

Configuration Management is a term that may not be familiar to many Linux users. But for system administrators the concept will be well known. In a nutshell, Configuration Management software enables administrators to automatically manage the entire configuration of one or multiple computers.

Why is this type of software important? By having tools that automate the configuration and software infrastructure, an organisation's server administration costs are reduced. Furthermore, this type of software enables a large complicated infrastructure to be supported with fewer system administrators. There are also efficiency improvements made by helping to reduce the amount of repetitive tasks performed by the administrator. Moreover, configuration management software help organisations to be able to scale up their computer infrastructure more easily and to instill flexibility in server configuration.

Configuration Management tools work by changing the state of the system. The goal is to get a system from whatever state it is in, into the desired state. The state of a system is mostly described by all the configuration files in the file system, and by the programs and processes that are running.

The software featured in this article are declarative configuration management system. Here the system administrator decides what state the system is to be in, and a runtime pushes the system into that state.

50+ CSS Techniques Designers Should Know

CSS (Cascading Style Sheets) is just an important part of Web Designing. Without CSS, Websites can look untidy as it used to happen before. Designers can alter images, graphics, shading, spacing and other design elements. It can provide the designers with number of new styles to design a website. It can make the user to have complete control over the appearance of the website. It is most useful to those people who have their business online or those who are expanding from offline to online. Even as a part of Marketing, one can design his website as attractive as possible.
Bestdesigntuts decided to list some really brilliant CSS techniques that designers should know anyhow. The list would be a great resource for you. So, just check out the following CSS techniques….\

Navigation Matrix Reloaded
Advance CSS Menus
Block Hover Effect for a List of Links
Hoverbox Image Gallery

Winforms SkinFramework

The CoderLine SkinFramework allows you to add custom Form Borders to your Winforms .net Applications. Didn’t you ever want to give you Windows a unique appearance like Microsoft does it in their Office Suite (since 2007)?

Development Process

To get the expected result I had to do much reading and “trial and error” work.
Main reading sources:

* http://geekswithblogs.net/kobush/articles/CustomBorderForms.aspx
* http://customerborderform.codeplex.com/
* And of course the MSDN. (Especially about Windows Messages)

The first result of my SkinFramework which I finished as a school project in 2008 was quite unusable. It had been very slow and didn’t render well if I maximized my window. So the project suspended a long time till a few days ago when a developer contacted me and asked about the project state and I got interested into this project again. Meanwhile I have developed on some GUI controls and also used some third party libraries. There were some libraries which also provide skinning functionalities. The main idea I copied from those libraries is not to derive from a special Form class to enable skinning. In my library I want to provide a component which can be added to a form which manages the whole skinning.
The result of a few days developing is a ~2700 code line small library which allows creating custom form borders alias Skins.

Read more: Codeproject

Posted via email from jasper22's posterous

Quirks in .NET Part

There are a lot of cool yet strange things in the .NET Framework. A lot of them make you go, “Huh. I didn’t know that.” Let’s take a look at a few of them.

call vs. callvirt

This one is especially interesting to me. In the Microsoft IL specification there are two instructions to call a method, put simply—call and callvirt. call will simply call a method, while callvirt is used to a late-bound method call, meaning that the method which is going to be called is chosen at runtime and not compile time as the simple call would. This is needed for virtual methods when a VTable lookup is required.

Interestingly, all calls to instance classes are compiled as callvirt, even if the method being called is not virtual (thus at compile time we know exactly which method will be called.) I thought it was a bug at first, but really it was a fix for another bug. Consider this code:

class Program
{
static void Main()
{
HelloWorld instance = null;
instance.SayHello();
}
}

public class HelloWorld
{
public void SayHello()
{
System.Console.WriteLine("Hello World!");
}
}

Microsoft Security Awareness Toolkit

Information security awareness and training is critical to any organization’s information security strategy and operations. People are in many cases the last line of defense against threats such as malicious code, disgruntled employees, and malicious third parties. Microsoft offers the security awareness toolkit to help organizations plan, develop, and deliver a successful security awareness program. The kit includes a planning guide, templates, pointers to material can that can help speed the development of a security awareness program, a sample general security awareness presentation that can be modified and tailored to any organization, material to help articulate the value to peers and managers, and three example awareness campaigns from Microsoft Information Security.

Read more: MS Download

Posted via email from jasper22's posterous

Microsoft Releases New Multi-User OS for VDI

Microsoft released Windows MultiPoint Server 2010 Wednesday.
It's a new operating system - for classrooms, labs and libraries to start - that lets multiple users share a host computer using their own monitors, keyboards and mice via USB or a video card.
It's interpreted as Microsoft blessing VDI for everyman - the thin edge of the wedge that pries open the mass market - since small commercial installations can reportedly also use the thing.
It's supposed to be easier to use than conventional Windows Servers and lower cost.
Microsoft says each person controls his or her own station and gets an independent Windows computing experience. Its web site says up to 10 simultaneous users can access one MultiPoint Server license in a commercial environment as long as every accessing device or user (including the host computer if used as a station) has a MultiPoint Server CAL. Apparently there's no limit in a school at least with an academic license.

Yakiimo3D

Have wanted to move Yakiimo3D source code and binaries to an open-source hosting community for a while now. After initially leaning towards creating a Google Code project, I ended up choosing CodePlex. Since Yakiimo3D is going to be mostly DirectX 11 programming samples, a Microsoft-run CodePlex open-source hosting with a MS-user community makes the most sense, so I think it was a good decision. For source code control on CodePlex, I went with Mercurial. Have never used Mercurial or Git, so it should be a good learning experience for me.

Disposable Pattern in .NET

Garbage collector (GC) is a blessing in .NET, if you happen to program in C++ in the past, where it was one of the prime responsibility of a developer was to manage the heap. That means when ever an object is created on the heap, it has to be deleted in the corresponding method or in the destructor, if the life is object long. And if he/she forgot to do so, then the nightmare begins in the form of memory leaks and troubleshooting may take hours and some times even days. But that's the story of the past, we as a C# developers are blessed, because we have a world class Garbage Collector comes right out of the box with .NET framework. What does it mean?? That means we need not to worry about deleting/disposing the objects being created on the heap, and GC, at runtime manage the heap, and its robust algorithm sees when some object is no longer needed, it silently dispose it off. Very clever, but you know what, not that clever. It doesn't know how to close the resources like a Database connections, file handle when it is no more needed, doesn't know what to do when the Network connection needs to be released or closed etc. etc. First thing that would come into your mind, why don't we use the finalizer/destructor to take care of this scenario?? Like we close these resource handles in the finalizers, how's that?? You can do so, but it will not work, why?? due to the GC’s non-deterministic behavior, it may take longer than expected that the destructor/finalizer will be called, and there will be a deadlock, that is you might need to reuse some resource, and since the objects destructor is not called, the object is not releasing it, you are stuck, complete deadlock. So what we do now?? Good news is, you can do it elegantly with the help of proper usage of Disposable Pattern. Before going into the details of this pattern, lets first take a look at what are disposable objects and how the .NET framework facilitates us in this regard.

IDisposable Objects

Any custom object that owns certain resources and wants to participate in the disposable mechanism, has to implement IDisposable interface. What does that mean?? Does the CLR will take care of disposing the object automatically. Not really, it is the consumers responsibility to call the Dispose method, as soon as the object is no more needed. .NET framework itself has created many disposable classes as shown in Figure-1. All of these classes if you look at them are responsible for interacting system resources, like memory, file system, network stream, pipes etc. etc. That's why they all are implemented the IDisposable interface, so the consumer of these types should be aware of its usage and release them as soon as they are done.

Accurately Measuring GC Suspensions

כשבאים לנתח ביצועים של אפליקציית Managed, ורוצים להבין מה הם צווארי הבקבוק שעשויים להכשיל אותה בתרחישי עומס איתם היא אמורה להתמודד, אחד הפרמטרים החשובים שצריך לשים לב אליהם הוא מידת הזמן שהאפליקציה שלנו מבלה ב-GC. בשביל לדעת את זה, תמיד אפשר להריץ במקביל לאפליקציה את Perfmon ולקבל ניתוח כללי של התנהגות ה-GC באפליקציה שלנו, כשהמדד העיקרי שנסתכל עליו בדרך כלל הוא אחוז ה-Time in GC.
התבוננת בנתונים האלה יכולים אמנם לתת לנו "מבט כללי" על השפעת ה-GC על ביצועי האפליקציה, אבל הוא פשוט לא מספיק בשביל לקבל תובנות מעמיקות יותר ולקשר תקיעות שנצפות בפרוסס ל-Collection'ים שיתכן והופעלו באותו הזמן. למשל, גם אם נראה שב-90% מהזמן אנחנו מבלים רק 2% ב-GC, זה עדיין לא אומר שלא יתכן מצב בו ברגע קריטי במערכת פתאום הוחלט להריץ Gen2 שתקע לנו את כל הפרוסס למשך של כ-200 מילישניות. מה שעשוי לגרום לנזק לא מבוטל אצל אפליקציות הרגישות למדי לתקיעות בלתי צפויות שכאלה. כל הרעיון הוא שה-GC לא גורם לתהליכים לעבוד יותר לאט, אלא הוא פשוט יכול לתקוע את כל הפרוסס לחלוטין. לכן הסתכלות נאיבית על גרף ה-Time in GC לא באמת אומרת לנו בצורה מובהקת מה הנזק האמיתי של כל GC במקרה הפרטי שלנו. אם נסתכל על הגרף, יתכן שנראה איזשהיא קפיצה "באזור הזמן" של התקיעה, אבל מאחר והרזולוציה הגבוהה ביותר של Perfmon עומדת על שנייה אחת, ואנחנו לא באמת יודעים באמת כמה זמן כל GC באזור השניה ההיא לקח, אין לנו דרך לקשר בצורה ישירה וברורה בין התקיעה "הכללית" שנצפתה בפרוסס, לבין Collection מסויים שיתכן וקרה או לא קרה באותו הזמן. מה גם, שלא תמיד פשוט לדאוג שבכל מקום שמריצים את האפליקציה ידאגו גם להריץ Collector'ים של Perfmon שידאגו לאסוף את הנתונים האלה בכל רגע נתון.

SQL SERVER – INSERT TOP (N) INTO Table – Using Top with INSERT

During my recent training at one of the clients, I was asked regarding the enhancement in TOP clause. When I demonstrated my script regarding how TOP works along with INSERT, one of the attendees suggested that I should also write about this script on my blog. Let me share this with all of you and do let me know what you think about this.

Note that there are two different techniques to limit the insertion of rows into the table.

Method 1:

INSERT INTO TABLE …
SELECT TOP (N) Cols…
FROM Table1

Method 2:

INSERT TOP(N) INTO TABLE …
SELECT Cols…
FROM Table1

Today, we will go over the second method, which in fact is the enhancement in TOP clause along with INSERT. It is very interesting to also observe the difference between both the methods. Let us take one real example and understand what exactly happens in either case.

Method 1:

INSERT INTO TABLE …
SELECT TOP (N) Cols…
FROM Table1

Method 2:

INSERT TOP(N) INTO TABLE …
SELECT Cols…
FROM Table1

Posted via email from jasper22's posterous

Creating a bootable VHD image

Whenever I first starting trying to figure out how to create a bootable VHD image and boot into it, I received plenty of links from people but it just seemed that no matter which link or advice I would follow, there was always something that just wouldn’t quite work with my specific hardware. Of course, if anyone is ever going to have hardware issues, it always seems to be me!

What I finally came upon was a list of steps, a combination of instructions from various other sources that seem to work every time, no matter what (at least for my hardware). A couple of customers requested that I post these steps, so here we go. If you already have a procedure that works for you, that’s fine, this is just for those that need a concise list of steps.

The first thing to know is, to boot into an OS as a bootable VHD image, the OS needs to be either Windows 7 or Windows Server 2008 R2. And of course you need to setup your hardware BIOS to allow for hardware virtualization. From there…

1. Starting from scratch, what you will need to do is build a .vhd image that has an OS installed on it, but yet has not had the Hardware Abstraction Layer (HAL) associated with it for the machine you are building it on. I will use a tool called Wim2Vhd. This is a command line tool used to extract image information from the OS image on disk and add it to the vhd. You can find more information about this tool here: http://code.msdn.microsoft.com/wim2vhd.

2. Since I have an MSDN subscription , I decided to pull down an image (.iso) from there and then I extracted this .iso image onto a DVD. Make sure you get your product key because you will need that to activate Windows once you get booted into the new OS.

Posted via email from jasper22's posterous

15 Awesome Google Services You Never Knew Existed

Whether you're sending an email in Gmail, finding directions to that fancy restaurant using Google Maps, or pretending to be a part of the latest microblogging craze with Google Buzz, the G-word is everywhere. Well, it turns out that there is also a whole library of Google web applications and services stacked up behind the everyday services you may have come to take for granted.

Most of the mega company's services are either full blown web applications readily available to the public, or secretly tucked away behind a door in the Google Labs. However, even those wearing their Public Beta scrubs are readily available to play with. We've gone and picked through fifteen Google services you may not have heard of before, but can definitely benefit from. Try them out, and if you have any suggestions of ones we may have missed, leave a note in the comments.

News Timeline
Patents
In Quotes
Google Moderator

Things you probably didn’t know about C#

I had some free time today, so I decided to learn something new in C#, here’s list of most interesting things that I learned:

1. Instead of

using (Font f1 = new Font(“Arial”, 10.0f))
{

using (Font f2 = new Font(“Calibri”, 10.0f))

{

//t use f1 and f2 here

}

it can be written:

using (Font f1 = new Font(“Arial”, 10.0f), Font f2 = new Font(“Calibri”, 10.0f))
{

//t use f1 and f2 here

}

2. Instead of

bool NameExists(string name)
{

return name == “dev” || name == “the” || name == “web” || name == “.net”;

}

it can be written:

bool NameExists(string name)
{

return new[] { “dev”, “the”, “web”, “.net” }.Contains(name);

}

Exploring undocumented SOS function in Windbg – .NET 4.0

With the new Microsoft .NET Framework 4.0 ,comes a new sos , which adds bunch of features. In this post I will be exploring one of the undocumented function , which is !HandleCLRN. Brian has also mentioned about these undocumented functions.

I guessed it by the name ,it would have to be something about clr notification exception. I knew these exceptions are raised when there is an assembly load. Here is the simple console application that I am going to be using for exploring this.

01 using System;
02 using System.Collections.Generic;
03 using System.Linq;
04
05 namespace ConsoleApplication1 {
06 class Program {
07 static void Main(string[] args) {
08 Console.WriteLine("Debugging");
09 Console.Read();
10 }
11 }
12 }

Started the exe within windbg. Issued the command

sxe ld:clrjit

To load the sos after clr is loaded. Then loaded sos by

.loadby sos clr

Note there is change in the syntax for loading sos in .NET 4.0. Prior to this, clr was part of mscorwks.dll and now it is clr.dll.

Finding the Visual Studio Activity Log

We’ve had a number of users comment that the couldn’t find the file. This is because the file is only written when you run Visual Studio’s executable (devenv.exe) with the /log parameter. If you are reporting an issue to us (especially through the Connect site), the contents of the log file are very useful. If you’re developing a custom extension to Visual Studio, this can also be useful for determining when and why something doesn’t work.

How to ASP.NET MVC

Today I will discuss about how can we develop a simple Asp.Net MVC Application. As a first article about Asp.Net MVC i will today discuss about a very simple Application development.
Background

MVC:

The Model View Controller (MVC) architectural pattern separates an application into three main components:

Models: Model objects are the parts of the application that implement the domain logic. Often, model objects also retrieve and store model state in a database.

Views: Views are the components that display the application's user interface (UI). Typically, this UI is created from the model data. An example would be an edit view of a Products table that displays text boxes, drop-down lists, and check boxes based on the current state of a Product object.

Controllers: Controllers are the components that handle user interaction, manipulate the model, and ultimately select a view to render the UI. In an MVC application, the view only displays information; the controller handles and responds to user input and interaction.

ASP.NET MVC:

The ASP.NET MVC framework is a lightweight, highly testable presentation framework that is integrated with existing ASP.NET features, such as master pages and membership-based authentication.

Read more: Codeproject

Posted via email from jasper22's posterous

Setting up a continuous integration server for a CodePlex project using TeamCity and Mercurial

Continuous integration enables developers to have an automated way of validating the quality of their check-ins. A CI server will monitor your version control repository and on every check-in will build the project and at the very least run unit tests. If anything goes wrong (compilation error, failing test, etc.), the server will send e-mail to the team so the developer responsible for the faulty check-in can investigate and fix the problem.

It’s an automated finger pointer if you will. It’s one of those things that seem obviously necessary for any project above a certain size but that is too often neglected. After all, you always run unit tests before you check-in, right? Right?

One of the nice things about CI servers is that they are relatively easy to set-up and they can run on any machine: you only need the server to be publicly available if you want anybody to be able to check out the state of the build. Otherwise, one of your own dev machines or an old unused server will do just fine.

Using XSLT to Generate SQL Script

Recently, I received a task to check every field configured at FilterConfig.xml file to make sure that each field has the relative columns' name in Table or View which is configured at ScanConfig.xml file.

P.S: The FilterConfig.xml is used for the filter module in our system, and this module is based on the web control "SqlWhereBuilder". (Refer: http://www.codeproject.com/KB/custom-controls/SqlWhereBuilder.aspx)

If some field is configured at FilterConfig.xml file but not exists in relative table or view, there must be something wrong with either configuration or the database schema.

When dipping into the two configuration files. I found that each field is configured under the node "Module", and each module has the relative "Module" node with the same ID name in ScanConfig.xml, and “TableName” is also configured as a property of the "Module" node of that file, the “TableName” shows the real table name or view name in database.

Example:

-1-. FilterConfig.xml
Collapse

<?xml version="1.0" encoding="utf-8"?>
<FilterSchema>
<Module ID="MasterInfo">
<Field ID="ADDRESS1" Text ="Address" OperatorList ="datatype_text" />
<Field ID="ADDRESS2" Text ="Address2" OperatorList ="datatype_text" />
<Field ID="ADDRESSTYPE" Text ="Address Type" OperatorList ="datatype_text" />
</Module>
<FilterSchema>

Read more: Codeproject

Posted via email from jasper22's posterous

WIM חובה להכיר

הרבה זמן אני מחפש להחליף את שיטת ההפצות שלנו של מערכות ההפעלה ,אני שייך לדור של עידן ה norton ghost למי שמכיר ,גם הוא עבר תהפוכות רבות אך עדיין מחייב אותך בתהליכים מוקדמים או מאוחרים של המערכת לאחר פריסת ה אימג’ , אך לא עוד !!!!
הכל התחיל ביום בהיר אחד שבו מיקרוסופט יצרה את פורמט ה WIM המבוסס על טכנולוגית file based בניגוד ל ghost שהוא sector based , מה שאיפשר לבצע שינויים ב אימג’ כגון הוספת חבילות של תוכנות לאחר ההכנה שלו ( מדהים ) ,
ניתן ללמוד את הנושא מהמון מדריכים באינטרנט ורצוי להתחיל כאן :
http://technet.microsoft.com/en-us/library/cc507842.aspx
מוזכר שם גם על הכלי של imagex שכבר שודרג לכלי חזק הרבה יותר שנקרא Deployment Image Servicing and Management DISM שעליו תוכלו לקרוא במדריך הבא :
http://msdn.microsoft.com/en-us/library/dd371719(VS.85).aspx
אני מתחייב לפרסם מדריך מסודר של עבודה עם אימג’ים באמצעות כלים אלו ,
מקווה לקבל ממכם תגובות בנושא .

Windows Driver Kit Version 7.1.0

The Windows Driver Kit (WDK) Version 7.1.0 is an update to the WDK 7.0.0 release and contains the tools, code samples, documentation, compilers, headers and libraries with which software developers create drivers for Windows 7, Windows Vista, Windows XP, Windows Server 2008 R2, Windows Server 2008, and Windows Server 2003. This development kit does not contain device drivers for your personal computer. If you are looking for drivers for your personal computer, go to Microsoft Update for downloads, or visit Windows Hardware Help for more information to find device drivers and hardware. A working knowledge of C programming is necessary to use this kit to develop Windows drivers.

Read more: MS Download

Posted via email from jasper22's posterous

Developing ASP.NET MVC Apps Using Mono

As some of you know may know, the Mono Project allows your .NET Framework applications to run cross platform. Mono’s .NET implementation is based on the ECMA standards for C# and the Common Language Infrastructure. It is really an amazing project. Check out the project roadmap and compatibility matrix. I was pleasantly surprised

10 Small Things You May Not Know About Javascript

It doesn’t matter how many years I’ve been dealing with Javascript – it contains many little things that surprises me almost every week. For me, Javascript means a constant learning process.

In this article, I’ll provide ten small Javascript tips, mainly aimed for beginner and intermediate Javascript developers. Hopefully there’s at least one useful tip for every reader :).

1. Variables conversions

This sounds quite obvious, but as far I’ve seen, using object constructors, like Array() or Number() for converting variables is quite common practice.

2. Converting decimals to hex or octals and vice versa
3. More playing with numbers
4. Javascript Version Detection

WikiLeaks

The Sunshine Press (WikiLeaks) is an non-profit organization funded by human rights campaigners, investigative journalists, technologists and the general public. Through your support we have exposed significant injustice around the world— successfully fighting off over 100 legal attacks in the process. Although our work produces reforms daily and is the recipient of numerous prestigious awards, including the 2008 Index on Censorship-Economist Freedom of Expression Award as well as the 2009 Amnesty International New Media Award, these accolades do not pay the bills. Nor can we accept government or corporate funding and maintain our absolute integrity. It is your strong support alone that preserves our continued independence and strength.

We are releasing some time sensitive disclosures on this page until the moment of our re-launch.

Microsoft's wiretap guide goes online, security site goes offline

Hotmail hacking how-to for spooks and cops

Updated Long-established privacy and cryptology website Cryptome.org was pulled offline on Wednesday after Microsoft launched a legal offensive over its publication of Redmond's guide to internet wiretapping.

Microsoft's Global Criminal Compliance Handbook, a 22 page booklet designed solely for police and intelligence services, provides an overview of Microsoft's online services, what information it collects on users and how long it keeps it. The guide also explains how to serve warrants and how to make sense of the records it stores to understand, for example, when and to who a Hotmail user sent an email.

Redmond's lawyers used the Digital Millennium Copyright Act (DMCA) in an attempt to force Cryptome to pull the guide, a request it refused, before going to hosting provider Network Solutions. The firm not only complied with this order but went one step further by placing a lock on the Cryptome.org domain to keep the site down.

Cryptome.org remain unavailbel but the site, minus the controversial Microsoft documents, can still be found at cryptomeorg.siteprotect.net.

The secret government surveillance document didn't stay offline for long and was soon republished on Wikileaks which, unlike Cryptome, has a distributed system not tied to a US registered domain.

Exploit writing tutorial part

Last friday (july 17th 2009), somebody (nick)named ‘Crazy_Hacker’ has reported a vulnerability in Easy RM to MP3 Conversion Utility (on XP SP2 En), via packetstormsecurity.org. (see http://packetstormsecurity.org/0907-exploits/). The vulnerability report included a proof of concept exploit (which, by the way, failed to work on my MS Virtual PC based XP SP3 En). Another exploit was released just a little bit later.

Nice work. You can copy the PoC exploit code, run it, see that it doesn’t work (or if you are lucky, conclude that it works), or… you can try to understand the process of building the exploit so you can correct broken exploits, or just build your own exploits from scratch.

(By the way : unless you can disassemble, read and comprehend shellcode real fast, I would never advise you to just take an exploit (especially if it’s a precompiled executable) and run it. What if it’s just built to open a backdoor on your own computer ?

The question is : How do exploit writers build their exploits ? What does the process of going from detecting a possible issue to building an actual working exploit look like ? How can you use vulnerability information to build your own exploit ?

Ever since I’ve started this blog, writing a basic tutorial about writing buffer overflows has been on my “to do” list… but I never really took the time to do so (or simply forgot about it).

When I saw the vulnerability report today, and had a look at the exploit, I figured this vulnerability report could acts as a perfect example to explain the basics about writing exploits… It’s clean, simple and allows me to demonstrate some of the techniques that are used to write working and stable stack based buffer overflows.

So perhaps this is a good time… Despite the fact that the forementioned vulnerability report already includes an exploit (working or not), I’ll still use the vulnerability in “Easy RM to MP3 conversion utility” as an example and we’ll go through the steps of building a working exploit, without copying anything from the original exploit. We’ll just build it from scratch (and make it work on XP SP3 this time :) )

Immunity Debugger

Immunity Debugger is a powerful new way to write exploits, analyze malware, and reverse engineer binary files. It builds on a solid user interface with function graphing, the industry's first heap analysis tool built specifically for heap creation, and a large and well supported Python API for easy extensibility.

A debugger with functionality designed specifically for the security industry
Cuts exploit development time by 50%
Simple, understandable interfaces
Robust and powerful scripting language for automating intelligent debugging
Lightweight and fast debugging to prevent corruption during complex analysis
Connectivity to fuzzers and exploit development tools

The Best of Both Worlds
Immunity Debugger's interfaces include the GUI and a command line. The command line is always available at the bottom of the GUI. It allows the user to type shortcuts as if they were in a typical text-based debugger, such as WinDBG or GDB. Immunity has implemented aliases to ensure that your WinDBG users do not have to be retrained and will get the full productivity boost that comes from the best debugger interface on the market.

Commands can be extended in Python as well, or run from the menu-bar.

BrickHouse Security

This is the first time I see this site - and it's look like spy heaven.

Shadowcircle

Shadowcircle is a Free Linux live CD Distribution which was specially designed for penetration testing purposes. This is the result of a derivative work on the reference Back|track distribution, with a focus on tools integration and usability.

From now shadowcircle forks from Back|track 4.0 , and is available in cdrom ISO image.

Thursday, February 25, 2010

How To Run Ubuntu in Windows 7 with VMware Player

Would you like to use Ubuntu Linux programs, but prefer the convenience of Windows 7? With VMware Player, you can install a full copy of Ubuntu and integrate it with your Windows 7 computer for free.

VMware Player makes it easy to install Ubuntu Linux as a virtual machine in only 5 clicks. It then offers easy access to Ubuntu programs straight from your desktop with Unity mode. Here’s how you can set this up on your computer.

Getting Started

First, download and install VMware Player (link below). It is a free download, but requires registration.

Free CG Software That Works

Time and time again, blogs in the CG community post a collection of free CG software to show what’s available on the freeware and opensource front. Unfortunately, the positive descriptions and legitimate-looking screenshots can lead people into believing that the workflow in the free CG world is identical or even better than that of payware CG apps. So, what I’m going to do is show you a comprehensive overview of free CG tools that you can actually use and not just look at.

Since there are no real offerings in terms of CG compositing, I’ll focus on two fundamental parts of 3D work: modeling and animation/rendering. I’m also going to avoid the really bare-metal applications like POV-RAY and all the RenderMan clones. Writing renderers, it seems, is a fairly trivial task. Writing animation and scene-composing applications, on the other hand, isn’t tackled by the free software community so much.

Modeling

Modeling applications, unsurprisingly, are a dime a dozen. Most of them are polygon (extrusion) modelers that encourage the box-model paradigm. Therefore, I’ll attempt a very simple task, such as creating a box and extruding a single face of the box.

Rendering

How to download and crack a Xap in Silverlight

Sometimes it is useful to be able to download extra functionality into your application at runtime. It's always been possible to make a server call from Silverlight to download an extra assembly and load it into memory. But what if you'd like to download a bunch of assemblies in neat zipped up package.

As I'm sure you're already aware - this is exactly how Silverlight applications are downloaded. In a zip file called a xap.

It's easy to make another XAP that contains just libraries for use later. In Visual Studio, choose Add New Project and choose Silverlight Application. Yup, that was Application, not class library.

Now just delete the App.xaml and App.xaml.cs files to make it a Silverlight class library with the added benefit of being compiled and packed into a tiny xap file. You can also delete the MainWindow.xaml if you don't need it.

Posted via email from jasper22's posterous

How to get Microsoft to speak at your event

If you’re holding a special event, such as a SQL Saturday or a user group, one of the challenges is to get speakers for the event. Now, the best speakers come from the community – people who use the product day-in, day-out. They have a wealth of expertise, and many of them are really great presenters.

But from time to time you might want to get a Microsoft person to speak at your group or event. Microsoft is a big company, and you can get everything from Marketing (yes, there’s a place for that) to deep technical topics in that skillset. But how can your group get Microsoft to speak for you?

It might be easier than you think.

Microsoft has three or four main areas that you might be able to pull from, starting with the folks that are closest to you: Sales.

Don’t make that face, there is sales and then there is sales. Within the sales team are four kinds of folks – your account manager, who owns the relationship between Microsoft and your company, the Sales professional, who owns the revenue and licensing for your account, the Account Technology Specialist (ATS) who knows about multiple Microsoft products, and the Technology Specialist (TSP or TS) that has a deep knowledge in a single technology, like SQL Server. These last two folks are the people who could deliver technical talks, especially around the newest products. And many of them are willing to do it. They are tied to a geographical area, so if your group has people in it that work at a company that is headquartered in that geography, the TSP and ATS might be willing to come out and chat with your group. And you might even want a Salesperson to come. Ever have a licensing briefing? Ever have questions? Ask them!

Typemock Isolator – Much more than an Isolation framework

In my last post, I showed how to fake a dependency. But this involved doing a couple of things. First, it involved changing the original method. Then, I had to write wrappers (a real wrapper and the fake wrapper) and finally, I had to inject the fake object in the test. This is a lot of work, even for a very simplistic example. The solution for that is an isolation framework.

Isolation frameworks isolate the code from their dependencies, but they do it programmatically, and without hassle. What makes Typemock Isolator 2010 different than other frameworks (like Rhino Mocks and Moq) is that you don’t need to change the tested code just to test it.

Let’s look at the test we got last time – using a fake Message Queue to test that the message was called:

[TestMethod]
public void Send_StringMessage_MessageWasSent()
{
var fakeQueue = new FakeMessageQueue();

var server = new Server();
server.SendMessage(fakeQueue, "message");

Assert.IsTrue(fakeQueue.messageWasSent);
}

We’re actually doing two things in this test with our fakeMessageQueue object. The first is changing behavior – the SendMessage method does not call the original SendMessage method. The second is testing that the method was called. We do this by using a public field in the fake object.

Using Mocking Framework - Moq

I am sure you have heard about this if you have done unit tests before or you have experience in software development project that employs the TDD (Test Driven Development) approach.

What actually is a mock object? An object that mimics the behavior of real object in a controlled way. Mock objects are often used in unit test to simulate the behaviors of the dependencies for the object being tested. Mock objects are used because in real life the real objects are very impractical or impossible to create in the unit test environment. It is impractical and impossible because configuring and setting up all these real dependencies subjected to budgets, time or unavailability of the real dependencies at the time the unit testing is performed. For e.g. to unit test an object that uses a database, you can easily setup up a SQL Server database connection with the Visual Studio and it is fairly simple and manageable task. What if the objects you need to test also depend on other data source that resides on the mainframe server in a secure environment or other third-party library that is still under development?

Let assume all the constraints to set up and configure the real dependencies for the objects to be tested don’t exist, then the unit tests themselves will look like the integration tests. This will defeat the purpose of unit testing as the unit test is to isolate each part of the program and to ensure each of this individual parts meet its design and behaves as intended. It meant to be simplest, fast and exercise very specific functionality.

The setting up and configuration of the real dependencies for the objects being tested should be deferred until the integration testing where the idea is to test the combination of units and to identify problems that occur when units are combined. It will eventually expand to testing the modules with those of other groups and finally all the modules that make up the process are tested together. It is significant slower than the unit testing.

# 164 - Learning how to use Manual Mocks for Testing

In this episode we are going to take a look at how to use manual mocks for testing

Often times when creating unit tests we need to work in isolation in order to cover the paths we are attempting to test. When we want to test in isolation you can use a testing technique where you mock out your dependencies. When using Mocks you can either do it manually (what we are looking at) or you can use a mocking framework like Rhino Mocks. Either way you achieve the same results.

Мои первые шаги при создании Asp.Net MVC приложения

Каждый раз когда я начинаю новый проект на Asp.Net MVC, всегда выполняю кучу ритуальных действий, которые уже приелись. Вот небольшой список того, что я делаю слишком часто (и пора бы уже вынести это в отдельный темплейт).

* Определение базового класса контроллера. Это полезно для миллиона вещей, например для предоставления всем контроллерам быстрого доступа к сервисам, которые они используют. Единственный недочет так это то что у нас теперь есть AsyncController, так что получаются либо два разных базовых класса либо множественное наследование.

* Добавление в базовый класс обработчика отсутствующих путей, а также добавление страницы Http404.aspx для показа простенького сообщения об ошибке. Сам обработчик несуществующих путей выглядит так:

protected override void HandleUnknownAction(string actionName)
{
actionName = "Http404";
this.View(actionName).ExecuteResult(ControllerContext);
}

(more..)

Read more: Дмитрий Нестерук – Статьи

Posted via email from jasper22's posterous

Why social media isn't just for teenagers anymore

How do you find IT jobs these days? Back in the day, the print publications were the main source. The first section that most IT professionals turned to when they got Computer Weekly or other trade magazines in the mail was the jobs part at the back. These days, the Internet has taken over as the main source for job seekers, but the signs are that employers and recruiters may not be taking advantage of it as much as they could. And that's potentially damaging, because innovation in online recruitment is speeding up.

Thanks to the economic crash, and the effect on information-centric industries such as financial services, jobs in IT these days are still relatively hard to come by. Almost a third of recent graduates are unemployed, and more than a quarter of those that are in work gross under £10,000, according to CWJobs' recent survey of 5000 jobseekers.

CHAR and VARCHAR

Recently I happened to find an error in the decision, which included the conversion:

CAST(model AS VARCHAR)

Those who have studied the scheme "Computers", think about the absurdity of the type conversion in the same type (the column ‘model’ is defined as VARCHAR (50)). However, it is this conversion, and made the request wrong.

The fact is that, if the type size is not specified when converting, then SQL Server is set to defaults, which for VARCHAR are 30. Thus, if the converted string has larger size, then cut off all the characters except for the first 30. Of course, any errors will not occur. Just on the "long" model numbers the proposed decision and gave the wrong result. As they say in such cases, read the documentation. However, it is interesting that on this occasion Standard said?

How to Setup WinDBG

In order to successfully and effectively analyze a dump file it is very important to ensure your environment is configured correctly.

The first step is to ensure symbol paths are setup. This is extremely important to have a successful analysis session. Assuming you want your symbols to be stored on your local hard drive in a directory called “c:\symbols” you would create a folder structure that looks like “c:\symbols\web” and “c:\symbols\private”. Set the _NT_SYMBOL_PATH and _NT_ALT_SYMBOL_PATH environment variables to “c:\symbols\private;srv*c:\symbols\web*http://msdl.microsoft.com/download/symbols”. This symbol path will tell the debugger to look in the private folder first (where you can place your own private symbols as desired) then the web folder. In the event that the debugger cannot find the symbol already in the web folder it will go the http://msdl.microsoft.com/download/symbols site and download them to the web folder, if they are available.

Note: If either environment variable already exists, do not overwrite their values without understanding the impact as it could negatively impact other applications that use them. The symbol path is delimited by ‘;’ and you can often append the string above to the end of the existing string.

Next install the version of “Debugging Tools for Windows” that reflects the architecture of the dump you are analyzing. If your machine is 32 bit you cannot install the 64 bit tools, but on a 64 bit machine both the 32 bit and 64 bit installations can coexist. If the dump was taken from a 64 bit machine under WOW it will be considered a 32 bit dump. After the package has been installed on one machine it can be copied to others as required.

10 shocking animations using CSS and I mean only CSS

Well I never knew that CSS can really produce such amazing effects that even games and puzzles can be created by it. cssplay is doing same thing , all examples and demos are worth checking and you will love them all. I have collected 10 demos which I liked

1. Calculator
2. Tic Tac Toe (Little Javascript)
3. Cops and Robbers – CSS puzzle
4. Not so simple photograph gallery
(more...)

Hg Init: a Mercurial tutorial

Mercurial is a modern, open source, distributed version control system, and a compelling upgrade from older systems like Subversion. In this user-friendly, six-part tutorial, Joel Spolsky teaches you the key concepts.

Mercurial integration with Visual Studio

I recently posted about how to integrate Git with Visual Studio. Of course Git is not the only DVCS out there.

Mercurial is another source control system similar to Git that is having more and more relevance. Google code have been supporting it for quite a while and recently Microsoft announced that Codeplex is adding it as an option for new projects. (Codeplex already supported TFS and Subversion).

At work we use Fogbugz as our bug tracking/project management tool. A few months ago the people at Fogcreek started a beta for Kiln a code review/source control system that runs on top of mercurial.

I sign up for the beta and have been running a pilot project on it. Since I really like it I decided to start moving all our projects to Kiln and ditch Subversion. The piece that I was missing was a good integration into VS for the rest of my team.

A few day ago I found Mercurial VSS an integration package for Mercurial into VS.

The installation is very simple, just select the version of VS you want to install against (version 1.0.7 released today integrates without problems with both VS 2008 and 2010 RC).

How to Create a Contact Page or a Survey Feedback Form using Google Docs

Does you job involve collecting surveys and feedbacks? How do you do that? Do you send emails to your team, asking for reviews and manually enter into a sheet? or have a centralized excel sheet and ask everyone to update? – Now let me tell you, thats one sad way of doing., and I reckon.. even you will agree on that!

Now lets come to bloggers/Authors – Most of us have blogs and we all need our readers to connect with us, either for Questions or comments (compliments too..!). For this purpose we use plugins and embed it in our Wordpress/Blogspot blogs. Most of the times, you need to create an account in the plugin site and you really are not sure, if the same plugin will work, when you do a blog update. (Wordpress has frequent updates!!). Thats the compatiblity crisis!

This is where exactly, Google Docs can help you! Docs is a free service from Google, which provides you the same functionalities of Word, Excel and PowerPoint online. This means, you dont need Office to be installed on your machine. All you need is Internet and just your gmail id (I guess, everyone has it by now.!)
Ten Simple Steps to Create a Contact Page or a Survey Feedback form

Step 1: Login with your gmail id, at http://docs.google.com/

SecureFTP

A secure FTP component for .NET and Mono.

This initial release is a working, modified, component version of the BareFTP http://www.bareftp.org on the Mono and .NET 4 platform. This project is intended to create a Secure FTP code library for internal use within applications - this is not a graphical FTP client.

PE-file Reader Writer API (PERWAPI)

PERWAPI is a module that reads and writes .NET program executable files. It was developed primarily as a file reader writer for programming language compilers. It defines classes for all of the features of the IL model, and methods to read and write the metadata of the PE-file. The module is written in C#, and does not rely on any facilities outside the base class libraries. It uses neither unmanaged code nor COM interop.

In its current form it supports most of the features of the .NET V3.5 framework.

How to troubleshoot the “Red Arrow” issue in Component Services

In distributed environment, when we meet problems to call DCOM components or COM+ application, the first thing is to open the Components Manager to check or reconfigure COM+/DCOM settings. However, it is possible that when we open the Component Services, a “Red Arrow” displays on the “My Computer” node:

Posted via email from jasper22's posterous

.NET Framework 2.0 Service Pack 2 Update for Windows Server 2003 and Windows XP

There are some known incompatibilities in generic types using the BinaryFormatter or NetDataContractSerializer serialized and deserialized across a mixed .NET Framework 3.5 SP1 and .NET Framework 4 environment. Installing this update addresses these issues.

Read more: MS Download

Posted via email from jasper22's posterous

Make your friends think twice before they click with ShadyURL's NSFW-looking links

There are dozens of URL shortener available on the web like tr.im, bit.ly, and goo.gl, to name just a few. They all take long URLs and squeeze them into fewer characters to make a link that is easier to share, tweet, or email to friends.

It's about using the smallest space possible: On Twitter or instant message status even a 60 character long URL can be too long. For example the URL http://www.downloadsquad.com/ contains 29 characters and can be shortened to http://tr.im/ORcH - 17 characters. But it doesn't always have to be about efficiency.

Why not have some fun with your links?

ShadyURL is a little bit different: "Don't just shorten your URL, make it suspicious and frightening," they say. Hey, why use a run-of-the-mill bit.ly link with some random letters when you can zap someone over to http://5z8.info/inject_now_l2k9y_snufffilms? That'll make your coworkers think twice before they click -- or possibly not, depending on what they're into.

Okay, maybe it's not the best service for transforming URLs prior to sending them to your boss but definitely an eye catcher on Facebook and other social websites. Go check it out and hit the "try again" button after submitting your link to get a freshly-vandalized link.

Example: http://5z8.info/add-worm_q7x5a_pornnow

How Can I Ditch Cable and Watch My TV Shows and Movies Online?

Join the club! Some of us at Lifehacker HQ have already left or are ready to leave the cable company for 24/7 live TV streaming, too. We get this question all the time, and we've examined ditching the monthly bill in favor of watching programs online occasionally in the past, and we've also looked at ways to get your TV fix with apps like Boxee and Hulu, plus there are cool set-top devices like Roku and TiVo, but this is a good opportunity to get exhaustive. There are so many great options for catching a show here or there, but can you rely on them to replicate the cable TV experience? Well, yes and no.

If you're going to unplug from the cable company, prepare to exercise some patience when it comes to watching your favorite shows as soon as they air—it can take anywhere from a day to a week for them to appear online. Also, be ready to do some digging around to find who's streaming special events, sports, and other programming outside of the drama/sitcom variety. Let's take a look at ways to find certain types of programming without relying on your cable company.

# Clicker – Bookmark this site to help you figure out where your favorite shows are airing around the internet. It combs through what's available on Netflix, Hulu, and other streaming video sites, and is searchable by show or topic.
# Hulu – This video streaming service offers the five most recent episodes of dozens of many of the most-watched shows on television. Episodes are available for 30 days after their air date, so this is a great way to catch up on any shows you've missed. It's also full of full seasons of older TV shows
# CBS – Episodes from lots of current programming, as well as some oldies but goodies (MacGyver!)
# NBC – Check out new episodes of current primetime, daytime, and late night programming, and some original online-only series like Office parody show Ctrl.
# ABC – Episodes of current shows, including daytime programming and archives of specials like the American Music Awards
(more...)

Wednesday, February 24, 2010

StockTwits

StockTwitsIt was only a few months ago that StockTwits, a real time platform for stock traders to share information, broke away from Twitter and forged ahead on its own. Part of that separation was the creation of a desktop AIR application that created an entire investor ecosystem, including video, news and charts. Now those features are appearing on the StockTwits site itself, at beta.stocktwits.com. For now the company will run the old and new sites side by side and give users a period of time to get comfortable with the beta site.

GMail Filesystem over FUSE

There is a Debian package which allows you to use GMail storage as a filesystem written by a nice guy named Richard Jones. He has a nice web site dedicated to it.

But, this implementation uses is based on something called libgmail which accesses GMail via its web interface. Unfortunately, that web interface changes constantly and libgmail not been able to keep up with the flux and is not working any more.

So, I went and stole Richard's code and improved it. Instead of using libgmail, I just used python's imaplib. GMail's IMAP interface should be pretty darn stable and not likely to break.
Features:

* Mount gmail as a filesystem
* Full UNIX uids, permissions, symlinks, hard links, and more...
* Extended attributes (xattrs). This allows use of ecryptfs
* Can store multiple filesystems inside the same GMail account
* Stores files as attachments to email messages
* Uses IMAP quota commands to determine free space available

EncFS encrypted filesystem in user-space

EncFS provides an encrypted filesystem in user-space. It runs without any special permissions and uses the FUSE library and Linux kernel module to provide the filesystem interface. You can find links to source and binary releases below. EncFS is open source software, licensed under the GPL.

As with most encrypted filesystems, Encfs is meant to provide security against off-line attacks; ie your notebook or backups fall into the wrong hands, etc. The way Encfs works is different from the “loopback” encrypted filesystem support built into the Linux kernel because it works on files at a time, not an entire block device. This is a big advantage in some ways, but does not come without a cost.

Dokan library

What is Dokan Library

When you want to create a new file system on Windows, for example to improve FAT or NTFS, you need to develope a file system driver. Developing a device driver that works in kernel mode on windows is extremley difficult.By using Dokan library, you can create your own file systems very easily without writing device driver. Dokan Library is similar to FUSE(Linux user mode file system) but works on Windows.
Licensing

Dokan library contains LGPL and MIT licensed programs.

* user-mode library (dokan.dll) LGPL
* driver (dokan.sys) LGPL
* control program (dokanctl.exe) MIT
* mount service (mouter.exe) MIT

How it works

Dokan library contains a user mode DLL (dokan.dll) and a kernel mode file system driver (dokan.sys). Once Dokan file system driver is installed, you can create file systems which can be seen as normal file systems in Windows. The application that creates file systems using Dokan library is called File system application. File operation requests from user programs (e.g., CreateFile, ReadFile, WriteFile, …) will be sent to the Windows I/O subsystem (runs in kernel mode) which will subsequently forward the requests to the Dokan file system driver (dokan.sys). By using functions provided by the Dokan user mode library (dokan.dll), file system applications are able to register callback functions to the file system driver. The file system driver will invoke these callback routines in order to response to the requests it received. The results of the callback routines will be sent back to the user program. For example, when Windows Explorer requests to open a directory, the OpenDirectory request will be sent to Dokan file system driver and the driver will invoke the OpenDirectory callback provided by the file system application. The results of this routine are sent back to Windows Explorer as the response to the OpenDirectory request. Therefore, the Dokan file system driver acts as a proxy between user programs and file system applications. The advantage of this approach is that it allows programmers to develop file systems in user mode which is safe and easy to debug.

Posted via email from jasper22's posterous

Namespace extensions - the undocumented Windows Shell

This article explains how you can easily create a namespace extension with lots of features without doing lots of work by using some undocumented shell functions. The most noticeable function is SHCreateShellFolderViewEx, which creates the view for you and creates all interfaces you need for displaying the contents of your folder. You can modify the behaviour of the folder by implementing a callback function. This is how Microsoft implements its own namespace extensions.
Introduction to the windows shell

The windows shell is built around COM interfaces. The browser ("explorer") calls interfaces that are implemented by a number of DLL's and these DLL's can call back into the interfaces of the browser. You can extend the behaviour of the browser by plugging in your own DLL that implements the needed interfaces.

The householding of the DLL's is maintained in the registry, as is usual for COM objects.
The shell namespace

The shell namespace is a collection of folders that contain items. These items can in turn be folders, generating a tree structure. This ressembles the directory tree structure that is found in a file system, but should not be confused with it.

The top of the shell namespace tree is the Desktop folder. This folder contains "my computer", which in turn contains the drives on your computer. The part of the shell namespace that represents a drive looks almost the same as the directory structure on that drive, but is not exactly the same. The drive can contain additional items and existing items may look very different in the shell namespace.
Shell extensions

The DLL's that are plugged into the shell are called shell extensions. There are several kinds of shell extensions:

1. A context menu extension puts extra items in the context menu that is viewed in the browser.
2. A property sheet extension displays extra property pages in the property sheets that are viewed in the browser.
3. A namespace extension adds extra folders to the namespace.

Pidls

Every item in a folder is identified by an identifier, just like every file or directory on a drive is identified by a filename. This identifier is called a Pidl.

For someone who uses the shell to browse the namespace, a pidl is just an opaque structure that gets passed around without having any meaning.

Someone who implements a part of the namespace assigns a meaning to the pidls for his part of the namespace. The pidl is a variable-sized structure that can contain anything the implementor wants to put in. The pidl usually caches all information that is frequently needed. In a directory structure, the pidl contains the long and short filename and some other stuff.

Read more: Codeproject

Posted via email from jasper22's posterous

After 2 Years of Development, LTSP 5.2 Is Out

After almost two years or work and 994 commits later made by only 14 contributors, the LTSP team is proud to announce that the Linux Terminal Server Project released LTSP 5.2 on Wednesday the 17th of February. As the LTSP team wanted this release to be some kind of a reference point in LTSP's history, LDM (LTSP Display Manager) 2.1 and LTSPfs 0.6 were released on the same day. Packages for LTSP 5.2, LDM 2.1 and LTSPfs 0.6 are already in Ubuntu Lucid and a backport for Karmic is available. For other distributions, packages should be available very soon. And the upstream code is, as always, available on Launchpad.

Cassandra (database)

Cassandra is an open source distributed database management system. It is an Apache Software Foundation top-level project designed to handle very large amounts of data spread out across many commodity servers while providing a highly available service with no single point of failure. It is a NoSQL solution that was initially developed by Facebook and powers their Inbox Search feature. Jeff Hammerbacher, who led the Facebook Data team at the time, has described Cassandra as a BigTable data model running on a Amazon Dynamo-like infrastructure.

Cassandra provides a structured key-value store with eventual consistency. Keys map to multiple values, which are grouped into column families. The column families are fixed when a Cassandra database is created, but columns can be added to a family at any time. Furthermore, columns are added only to specified keys, so different keys can have different numbers of columns in any given family. The values from a column family for each key are stored together, making Cassandra a hybrid between a column-oriented DBMS and a row-oriented store.

Prominent Users

* Facebook uses Cassandra to power Inbox Search, with over 200 nodes deployed.
* Digg, the largest social news website, annouced on Sep 9th, 2009 that it is rolling out its use of Cassandra.
* Twitter is working towards replacing storage of all tweets with Cassandra.
* Rackspace is known to use Cassandra internally
* Cisco's WebEx uses Cassandra to store user feed and activity in near real time
* IBM has done research in building a scalable email system based on Cassandra

Read more: Wikipedia
Ofiicial site: Cassandra

Posted via email from jasper22's posterous

VisualDDK

Welcome to the VisualDDK homepage. This project brings the simplicity and convenience of Windows application development to the driver development world. No more manual creation of build scripts, copying of driver files, installing drivers from INFs, switching between WinDbg and the source editor or waiting for seconds after each step due to the extra-slow virtual COM port. Just create a driver project using a convenient Driver Wizard, select a virtual machine, and enjoy debugging your driver directly from Visual Studio. Want to test a change? Just normally press Shift-F5, modify your driver, rebuild it and launch again. VisualDDK will unload the old driver, install the new one and load it automatically and quickly. Bored with WinDbg loading symbol files for minutes and looking up symbols for seconds? Just let VisualDDK optimize this for you using its own DIA-based symbol engine. Using C++/STLPort in your drivers? VisualDDK will natively visualize all STL containers and strings, as good as Visual Studio does for user-mode applications.

Note that Visual Studio by default queries lots of values from debuggee after each break/step (such as Autos, all locals, call stack, etc.). If you are planning to use VisualDDK with VMWare or VirtualBox, use the VirtualKD project (installed with VisualDDK), that replaces Virtual COM Port for VMWare and VirtualBox machines by a native KD interface, speeding up debugging ~18x for VMWare and ~48x for VirtualBox. Nevertheless, see the debugging speedup guide for more details.

Wishlist: Using the VMware Visual Studio plugin

Last year for Workstation 6.0, one of the features we added was a plugin for Visual Studio 2005 that allows developers to debug a project (native and managed C/C++, C#, or Visual Basic) inside of a Windows virtual machine (specifically Windows 98, Windows 2000, and later). All of you Windows developers know how much of a pain it is to support multiple versions of Windows, but this tool is designed to make that process much, much easier. The Visual Studio Integrated Debugger (VSID in short) plugin utilizes Visual Studio remote debugging technology to allow you to debug a project inside of a VM as if you were debugging on your host computer with the click of one button.

Hibernate Many-To-Many Revisited

The modeling problem is classic: you have two entities, say Users and Roles, which have a many-to-many relationship with one another. In other words, each user can be in multiple roles, and each role can have multiple users associated with it.

The schema is pretty standard and would look like:

CREATE TABLE app_user (
id INTEGER,
PRIMARY KEY ( id ) );

CREATE TABLE app_role (
id INTEGER,
PRIMARY KEY ( id ) );

CREATE TABLE app_user_role (
user_id INTEGER,
role_id INTEGER,
PRIMARY KEY ( user_id, role_id ),
FOREIGN KEY ( user_id ) REFERENCES app_user ( id ),
FOREIGN KEY ( role_id ) REFERENCES app_role ( id ) );

But there are really two choices for how you want to expose this at the Hibernate / EJB3 layer. The first strategy employs the use of the @ManyToMany annotation:

@Entity
@Table(name = "APP_USER")
public class User {
@Id
private Integer id;

@ManyToMany
@JoinTable(name = "APP_USER_ROLE",
joinColumns = { @JoinColumn(name = "USER_ID") },
inverseJoinColumns = { @JoinColumn(name = "ROLE_ID") })
private java.util.Set roles = new HashSet();
}

@Entity
@Table(name = "APP_ROLE")
public class Role {
@Id
private Integer id;

@ManyToMany(mappedBy = "roles")
private java.util.Set users = new HashSet();
}

The second strategy uses a set of @ManyToOne mappings and requires the creation of a third “mapping” entity

Интересно о C#: странное поведение структур

Рассмотрим следующий код:

struct S
{
private string blah;
public S(string blah)
{
this.blah = blah;
}
public void Frob()
{ // whatever
}
}

Следующий код будет работать:

S s1 = new S();
s1.Frob();

Каждая струкура имеет конструктор по умолчанию, в котором все поля иницилизируются со значениями по умолчанию. А как насчет этого кода?

S s2;
s2.Frob();

Похоже, мы увидем ошибку "Use of unassigned local variable 's2'". Интересной особенностью C# компилятора является тот факт, что ошибка присвоения будет выдана лишь в том случае, если структура компилируется с исходного кода. В случае, если структура находится в подключенной библиотеке, ошибка не будет выдана! Рассмотрим другой пример:

How to take ownership of your local SQL Server 2008 Express

Ward Beattie, one of our developers, has published a nice script that allows you to get sysadmin privilege to your local SQL Server Express instance. Obviously, you need to have administrative rights on your machine or access to an account that does.

The script can be very useful in the following situation:

When Visual Studio 2010 RC is installed by one user and being used by another user, the second user is unable to create databases, tables and other objects in SQL Server 2008 Express instance that is installed by Visual Studio 2010 RC. This is because only the user who installed SQL Server 2008 Express is granted sysadmin role in the SQL Server 2008 Express. So even if the second user has administrative privileges to her machine, she will not be able to manage the local SQL Server 2008 Express instance.

If this is your problem, just run Ward's script and become the master of your SQL Server 2008 Express!

Read more: SQL Server Express WebLog
Download: Script

Posted via email from jasper22's posterous

Comparing the Performance of Visual Studio's Web Reference to a Custom Class

As developers, we all make assumptions when programming. Perhaps the biggest assumption we make is that those libraries and tools that ship with the .NET Framework are the best way to accomplish a given task. For example, most developers assume that using ASP.NET's Membership system is the best way to manage user accounts in a website (rather than rolling your own user account store). Similarly, creating a Web Reference to communicate with a web service generates markup that auto-creates a proxy class, which handles the low-level details of invoking the web service, serializing parameters, and so on.

Recently a client made us question one of our fundamental assumptions about the .NET Framework and Web Services by asking, "Why should we use proxy class created by Visual Studio to connect to a web service?" In this particular project we were calling a web service to retrieve data, which was then sorted, formatted slightly and displayed in a web page. The client hypothesized that it would be more efficient to invoke the web service directly via the HttpWebRequest class, retrieve the XML output, populate an XmlDocument object, then use XSLT to output the result to HTML. Surely that would be faster than using Visual Studio's auto-generated proxy class, right?

Prior to this request, we had never considered rolling our own proxy class; we had always taken advantage of the proxy classes Visual Studio auto-generated for us. Could these auto-generated proxy classes be inefficient? Would retrieving and parsing the web service's XML directly be more efficient? The only way to know for sure was to test my client's hypothesis.

This article details the experiment we set up to test this hypothesis. Read on to see our results!

SQL Server Triggers

The sixtieth and final part of the SQL Server Programming Fundamentals tutorial considers the use of triggers. SQL Server triggers can be defined against tables and views to intercept insert, update and delete statements and modify their results.

What are Triggers?

Triggers are a special type of stored procedure. Instead of being executed manually, they run automatically in response to events that occur in a database. In this article we will examine triggers that run when data is inserted, updated or deleted. There are other types of trigger supported by SQL Server 2005 that allow actions to be performed when the schema of a database is changed or when a user logs on. These are beyond the scope of this tutorial.

Triggers are often used to audit changes to data by recording when modifications are made and, optionally, the previous version of the information. They are also used to enforce business rules and data integrity when those rules are too complex to be controlled by primary keys, foreign keys, unique constraints or check constraints. In such cases, rules may be checked and, if broken, data changes can be disallowed, transactions can be rolled back and errors may be raised.

Internet Safety for Enterprise & Organizations

This kit offers some tools that you can use to help your emloyees learn the skills they need to work more safely on the Internet and better defend company, customer, and their own personal information. What's in this kit Kit Instructions: Internet Safety at Work Readme - Instructions for how to use this kit, including printing instructions for the "Top Tips" card. PowerPoint Presentation: Internet Safety at Work Presentation - Give practical advise to help employees secure their computers; protect corporate, customer, and personal data; and defend their mobile devices. Tip Card: Top Tips for Internet Safety at Work Card - Condenses presentation information into a two-sided card ready for printing. Video: Stay Sharp at Work - Presentation information in a three-minute video. Quiz: Test Your Internet Safety IQ - Distribute this quiz before, during or after your presentation.

Read more: MS Download

Posted via email from jasper22's posterous