.NET Information center: 01/01/2012

Tuesday, January 31, 2012

שבע סיבות לעזוב הכל ולהקים סטארטאפ בהודו

במהלך השנים נפגשתי עם הרבה יזמים וכאלו שרוצים להיות יזמים. בשלב הראשוני, מדובר לרוב בצוות של שניים עד חמישה אנשים מוכשרים, או מוכשרים לכאורה, עם רעיון ומוכנות להקדיש לו זמן. אך זמן צריך יותר ממה שנדמה בתחילה וזמן אינו השיקול היחידי. אני מדבר בעיקר על המרתון הראשוני של פיתוח אב הטיפוס. הוכחת היתכנות. מרתון קשה שהרבה לא מגיעים לסופו. למען כמה חודשים של צירי לידה למיזם, יש לי הצעה אחרת בשבילכם. טוסו להודו מחר ותתחילו את הסטארטאפ שלכם. לא, לא לסיליקון וואלי. כן, דווקא להודו.

"למה” אתם שואלים? כי זו הודו.

סיבה 1: זול לחיות ולהנות בהודו

נדמה כי רבים מהיזמים בישראל נמצאים במעמד כלכלי בינוני כזה או אחר. לפחות אלו שלא עשו אקזיט עדיין. שיקולי עלות המחייה, על אף חשיבותם, תופסים מקום גדול מידי בהחלטה על פתיחת הסטארטאפ וכן על החלטות הרות גורל להמשכו.

אני כרגע כותב אליכם מחדר נוח במיוחד בגואה, הכולל מרפסת וגינה במרחק של ארבע דקות הליכה מחוף פאלולים שהוא אחד החופים היפים בגואה. העלות שלו יקרה יחסית להודו כיוון שמדובר בגואה ובשיא העונה. אני אוכל את רוב ארוחותי במסעדות והמחירים "מופקעים בטירוף" כיוון שמדובר באזור תיירותי. כל הפינוקים האלו מאפשרים לי להקדיש את מירב תשומת הלב לפיתוח אתר האספנות קולנקט מהמרפסת וכן לנסות ליצור קשרים עסקיים עם אנשים אקראיים שאני פוגש בדרך. סכום הכסף שאני מוציא על ההההכל פה, ספק אם היה מספיק לי לשכור אפילו מחסן קטן ורעוע בפתח-תקוה.

היתרון הגדול של מחייה בזול היא שיש הרבה פחות לחץ למשוך משכורת מהסטארטאפ. כאשר אתה מחשב את החיים שלך ברופי ואילו את הסטארטאפ בדולרים או שקלים, היעדר הלחץ מפנה מקום לפיתוח נטו. לרחשם של הגלים ובצילם של העצים יש מספיק מרחב נשימה להרגע ולהמשיך הלאה – לקדם.

סיבה 2: תתחברו לניתוק

אני אוהב את המשפחה והחברים שלי. כל כך אוהב אותם שלעיתים תכופות מידי הם נמצאים במקום גבוה יותר בסדר העדיפויות שלי מהסטארטאפ. סטארטאפ בתחילתו הוא כמו תינוק. התינוקות הרגילים מגיעים באופן טבעי וצריך רק לתת להם ולהצליח לשרוד את התהליך. פה אנחנו מדברים על תינוק עשה-זאת-בעצמך שאתה צריך להרכיב ידנית ואז איכשהו להקים לתחיה בסופו של דבר. סטארטאפ זקוק למירב תשומת הלב שלכם. המחלקה לפתרון בעיות במוח שלך צריכה להיות מוקדשת באופן בלעדי ככל הניתן למיזם. כשאתם קרובים פיזית אל הקרובים ללבכם כל ענייניהם היומיומיים נוגסים בהתקדמות המיזם. כשאתם רחוקים, שיחת סקייפ פעם בשבוע וכמה מיילים מספיקים.

Shmoocon Demo Shows Easy, Wireless Credit Card Fraud

[Security researcher Kristin] Paget aimed to indisputably prove what hackers have long known and the payment card industry has repeatedly downplayed and denied: That RFID-enabled credit card data can be easily, cheaply, and undetectably stolen and used for fraudulent transactions. With a Vivotech RFID credit card reader she bought on eBay for $50, Paget wirelessly read a volunteer's credit card onstage and obtained the card's number and expiration date, along with the one-time CVV number used by contactless cards to authenticate payments. A second later, she used a $300 card-magnetizing tool to encode that data onto a blank card. And then, with a Square attachment for the iPhone that allows anyone to swipe a card and receive payments, she paid herself $15 of the volunteer's money with the counterfeit card she'd just created. (She also handed the volunteer a twenty dollar bill, essentially selling the bill on stage for $15 to avoid any charges of illegal fraud.) ... A stealthy attacker in a crowded public place could easily scan hundreds of cards through wallets or purses.

Read more: Slashdot
QR: shmoocon-demo-shows-easy-wireless-credit-card-fraud

Posted via email from Jasper-Net

Codecademy Becomes A Platform: Now Anyone Can Write Programming Tutorials

One of the most buzzed-about startups over the last few months has been Codecademy — a site that looks to make programming accessible to just about anyone, with a variety of interactive, web-based courses that have users writing their first lines of code within a few seconds. The site’s ‘Code Year’ program, which invites users to receive one programming lesson each week, racked up a whopping 100,000 signups in only 48 hours — and it even has the White House on board.

But, as anyone who has spent much time on the site can attest to, Codecademy has had one big problem: there just aren’t that many lessons available. And the ones that are on there sometimes seem to be moving too quickly, without many practice exercises to explore and reinforce what you’ve just learned.

Today, the company is launching a feature that will go a long way toward fixing that. Meet the Codecademy Course Creator.

Monster Logs

This is a guest blog post from Martin Holste. He's been a great participant in our community and lead developer of the log search utility; ELSA. We asked him to do a guest blog post because we think ELSA is so important to give security analysts better visibility into their Bro logs.

One of Bro's greatest strengths is the massive amount of incredibly detailed information it produces that describes exactly what's taking place on your network. It does all of this by default, with no extra configuration or tuning required. Then on top of that, it provides a framework for creating advanced IDS signatures. This is an amazing thing, but the benefit is only as good as the extent to which the security or IT staff is able to make use of the data. Here is an example line of output from Bro:

1322829241.041505 drj3tWq4mu8 10.236.41.95 63714 198.78.209.254 80 HTTP::MD5 10.236.41.95 c28ec592ac13e009feeea6de6b71f130 http://au.download.windowsupdate.com/msdownload/update/software/secu/2011/01/msipatchregfix-amd64_fdc2d81714535111f2c69c70b39ed1b7cd2c6266.exe c28ec592ac13e009feeea6de6b71f130 10.236.41.95 198.78.209.254 80 - worker-0 Notice::ACTION_LOG 6 3600.000000 - - - - - - - - -

There are many currently available methods for making sense of this output. Most of those methods involve variations of using text utilities to search and format the log data into an output that is requested. The problem with this is that for large installations, scalability quickly becomes an issue. To start with, combining logs from multiple servers is non-trivial if a single location does not have enough disk space to store all of the logs. Even if you can get all of the logs in one location, grepping through the hundreds of Gigabytes per day per sensor that Bro can produce in large environments is prohibitively inefficient.

How much does Bro log? A large network with tens of thousands of users will generate a few thousand HTTP requests per second during the day. Bro will create many logs describing this activity, namely, per request:

    1 HTTP connect log
    1 DNS log (when a lookup is necessary)
    1 Notice log (if an executable is downloaded)
    2 Connection logs (TCP for HTTP, UDP for DNS)
    1 Software inventory log (if this client hasn't been seen before)

That's a total of six logs for just one HTTP request. If the network is seeing 2,000 requests per second, that's 12,000 logs per second (about one billion per day). The logs average about 300 bytes, which means this is about 3.6 MB/sec of logs. That's about 311 Gigabytes of logs per day (if the rate were constant). Text utility speeds vary greatly, but searching even a few Gigabytes of data will take many seconds or minutes. Searching 311 Gigabytes will take hours.

To put this in perspective, if we assume that a single log entry is represented by a stalk of hay, and a stalk of hay is 50 grams, and a hay bale contains 1,000 stalks for 50 kg, then one billion logs would take 1,000,000 bales. If a bale is one meter long and half a meter wide, that would be 500 square kilometers of hay to search through, per day. That's a haystack of 15,000 square kilometers per month (about five times the size of Rhode Island) to search through for a given log.

Constant Time

Enter ELSA: the open-source project for Enterprise Log Search and Archive. ELSA (http://enterprise-log-search-and-archive.googlecode.com) is capable of receiving, parsing, indexing, and storing logs at obscene rates. It provides an easy to use full-text web search interface for getting that data into the hands of analysts and customers. In addition to basic search, ELSA provides ways to report on arbitrary fields such as time, hostname, URL, etc., email alerts for log searches, and a mechanism for storing and sharing search results.

Read more: Bro blog
QR: monster-logs.html

Posted via email from Jasper-Net

Monday, January 30, 2012

How to Use Wireshark to Capture, Filter and Inspect Packets

Wireshark, a network analysis tool formerly known as Ethereal, captures packets in real time and display them in human-readable format. Wireshark includes filters, color-coding and other features that let you dig deep into network traffic and inspect individual packets.

This tutorial will get you up to speed with the basics of capturing packets, filtering them and inspecting them. You can use Wireshark to inspect a suspicious program’s network traffic, analyze the traffic flow on your network or troubleshoot network problems.
Getting Wireshark

You can download Wireshark for Windows or Mac OS X from its official website. If you’re using Linux or another UNIX-like system, you’ll probably find Wireshark in its package repositories. For example, if you’re using Ubuntu, you’ll find Wireshark in the Ubuntu Software Center.
Capturing Packets

After downloading and installing Wireshark, you can launch it and click the name of an interface under Interface List to start capturing packets on that interface. For example, if you want to capture traffic on the wireless network, click your wireless interface. You can configure advanced features by clicking Capture Options, but this isn’t necessary for now.

Getting Started with HTML5

The web is constantly evolving. New & innovative web applications are being created every day, pushing the boundaries of HTML in every direction. To give developers more flexibility and interoperability, and enable more interactive and exciting websites and applications, HTML 5 is introduced. It enhances a wide range of features including form controls, APIs, multimedia, structure, and semantics.

The dirty secret of browser security #1

Here's a curiousity that's developing in modern browser security: The security of a given browser is dominated by how much effort it puts into other peoples' problems.

This may sound absurd at first but we're heading towards a world where the main browsers will have (with a few notable exceptions):

Rapid autoupdate to fix security issues.

Some form of sandboxing.

A long history of fuzzing and security research.

These factors, combined with an ever more balanced distribution of browser usage, are making it uneconomical for mass malware to go after the browsers themselves.

Enter plug-ins

Plug-ins are an attractive target because some of them have drastically more market share than even the most popular browser. And a lot of plug-ins haven't received the same security attention that browsers have over the past years.

The traditional view in security is to look after your own house and let others look after theirs. But is this conscionable in a world where -- as a browser vendor -- you have the power to defend users from other peoples' bugs?

As a robust illustrative point, a lot of security professionals recently noticed some interesting exploit kit data, showing a big difference in exploitation success between Chrome (~0%) and IE / Firefox (~15%).

Read more: Security
QR: dirty-secret-of-browser-security-1.html

Posted via email from Jasper-Net

Context Free: язык для генерации изображений

Эта картина сгенерирована программой Context Free по следующему описанию:

startshape T
// FLIGIZ
background{b -1}
tile {s 2.5}
rule T {3*{r 120 hue 30}S{x .3}}
rule S 3{CIRCLE{hue 30}4*{r 20 b.007 sat .1}S[s.3.7y.9]}
rule S {CIRCLE{hue 15}9*{r 20 b.05 hue -3}S[s.3.7y.9]}
rule S {S{flip 90}}

Для описания изображений в программе Context Free используется язык программирования CFDG с контекстно-свободной грамматикой, созданный специально для генерации изображений. Грубо говоря, это набор базовых правил со всего двумя терминалами CIRCLE и SQUARE. Рендеринг осуществляется с помощью библиотеки Anti-Grain Geometry Максима Шеманарева.

Working With the Encryption Password Function in MySQL

In MySQL server we have to explain the password function() and how it will recover a password in its string form. The password function is mainly used for authentication. The password function encrypts the string into a binary form. Recover a password in text form and set the old password and select it in the text form. The password function returns it in string form and restores a password in plain text. Password also stores as a record on server.

In the following figures we have a database table "employees" and use it with some query with showing result such as follows.

mysql-> select * from myworld;

Templating a XAML CheckBox to a thumbs-up/down control using Expression Blend

The checkbox has been been around in the Graphical User Interface for as long as I can remember doing GUI – since the early 90’s I guess. You know what, let’s make that “it’s been around for longer than I care to remember” ;). For my newest Windows Phone project I wanted something different. In stead of boring old

I wanted something like this:

Turns out you can do this in pure XAML. And almost entirely in Expression Blend, too. I could just post the XAML and be done with it, but I like to document the track I took, not only to educate you, but also to remember myself how the hell I got here in the first place ;-).

Setting the stage

    Open Visual Studio 2010
    Create a new Windows Phone 7 (7.1 of course!) project,
    Make a folder “icons”build actions
    Download this image to your computer
    Paste it in the “icons” folder in Visual Studio
    Double check the image’s properties, they should be as showed to the right.
    Save the project

Read more: Microsoft .NET by Example
QR: templating-xaml-checkbox-to-thumbs.html

Posted via email from Jasper-Net

How to implement communication between Silverlight and the HTML host.

A question about intercommunication between Silverlight and the HTML host has been asked in the Israeli MSDN forum.

Since I’ve already implemented it once in a project, I believe I can extract the great info already exist in the MSDN documentation to a more direct how-to.

Let’s begin.

Create a class called JavaScriptBridge
Each method that you would like to be exposed to the HTML host, thus be possible to get called by JavaScript you adorn with [ScriptableMember] attribute.

    [ScriptableMember()]
    public void DoSomething(int a, int b)
    {

}

Inside the App.xaml.cs, on the Application_startup event handler, register the an instance of the bridge

            private void Application_Startup(object sender, StartupEventArgs e)
            {
                this.RootVisual = new MainPage();
                JavaScriptBridge javaScriptBridge = new JavaScriptBridge();

HtmlPage.RegisterScriptableObject("bridge", javaScriptBridge);

}

We are done with Silverlight side, now we move on to the HTML host, locate the aspx file (usually) that contains the Silverlight object. In this page you will notice that it is represented as an <object> tag. Insert an event handler for the onLoad event of the object.

Read more: Ariel's Remote Data Center
QR: how-to-implement-communication-between-silverlight-and-the-html-host.aspx

Posted via email from Jasper-Net

Kibloc – Real time, distance based object tracking and counting using Kinect

image_thumb%25255B6%25255D.png?imgmax=800

This weekend hack is a small Kinect application - Kibloc is a physical object counter/tracker using Kinect.

Kinect for Windows SDK (Download) is pretty intuitive (I’m using Version 1.0 Beta 2 for this), and you may use the same to develop pretty cool applications using Microsoft Kinect. In this post, we’ll be focusing on implementing a quick real time blob counter using Kinect depth data, for counting and tracking objects in front of the sensor. This is a basic demo, but as you can imagine, this has got a couple of pretty hot real life use cases. As a heads up, the source code is at http://kibloc.codeplex.com/ and keep it handy when you read along. Ensure you’ve the NuGet Packages in packages.config

Here is the video that demonstrates real time, distance based blob tracking.

Read more: amazedsaint's #tech journal
QR: kibloc-kinect-based-real-time-distance.html

Posted via email from Jasper-Net

Refreshing an expired STSTestCert WIF certificate

I have been using WIF for the last couple of years on a few of my projects and the STSTestCert gets a bit of a workout on my development machines. This certificate is only valid for 12 months. All the applications that use this test certificate will fail to execute authentication requests once this certificate has expired.

Here is the easiest way to renew the certificate.

    Open up MMC and attach the Certificate Manager plugin for the local machine.
    Navigate to Certificates (Local Computer) -> Personal -> Certificates.
    Select and delete the expired STSTestCert certificate.
    Open VS with elevated rights
    Add a new solution
    Add a new STS project to that solution using the Tools -> Add STS Reference… menu item
    Continue through the wizard
    Refresh the MMC console and you should now have a fresh STSTestCert

Read more: Rory Primrose
QR: Refreshing-an-expired-STSTestCert-WIF-certificate.aspx

Posted via email from Jasper-Net

Take MVVM to the Next Level with Xomega Framework

Introduction

The Model-View-ViewModel (MVVM) is a design pattern that is a variation of the Presentation Model pattern, which was first described by Martin Fowler. Since Microsoft introduced it with the first release of WPF, MVVM has become increasingly popular among WPF and Silverlight developers and many MVVM frameworks are now available.

As with the predecessor design patterns MVC (model–view–controller) and MVP (model–view–presenter), one of the key principles of the MVVM pattern is Separation of Concerns (SoC), which allows cleanly separating the data, presentation and behavior aspects of the application.

In this article we will show you how Xomega Framework takes the basic principles of MVVM to the next level, which allows you to rapidly build .Net applications with high degree of flexibility and reusability and a minimum learning curve. Read on to see how you can quickly and easily develop applications with Xomega Framework.
About Xomega Framework

Xomega Framework is a powerful open source framework that has been built from more than 10 years of experience and is based on the approach that has been proven in many large scale applications. The primary goals of the framework are to:

    Enable rapid application development.
    Promote reusability, which can significantly reduce maintenance costs.
    Ensure consistency to deliver the best user experience.

To demonstrate one of the problems that Xomega Framework is designed to solve efficiently, let’s consider the following example. Suppose that your application has a common field Customer that appears on pretty much every other screen of your application. The requirements for this field are as follows.

    If the customer is not editable on the screen, then it should be displayed as [Customer Number] – [Customer Name], where the customer number is an integer key for the customer, which should be formatted as a six-character string padded with leading zeros, e.g. 001234 – Joe Doe.
    In the screens where the customer is editable, it should be selected from a drop down list, where each item is displayed as Customer Number – Customer Name as in the previous requirement. If multiple customers need to be selected, such as for search criteria, then a list box will be used instead.
    In some screens, where the power users know the customer numbers by heart and need to be able to quickly enter the customer, a text box will be used that accepts the integer customer number without leading zeros. If multiple customers need to be specified, a comma-separated list of customer numbers will be accepted in the text box.
    The customer field should be visible only if the user has a View Customer privilege.
    The customer field should be editable only if the user has an Edit Customer privilege.

Read more: Codeproject
QR: Take-MVVM-to-the-Next-Level-with-Xomega-Framework

Posted via email from Jasper-Net

וידאו הרצאת המליאה של כנס סלע SDP11 - להבין את החלונות 8 חלק 2

בדצמבר התקיים כנס SDP11 של סלע בו הרצאתי על חלונות 8 – הבנת ממשק המשתמש, והמשמעויות של WinRT.

לצד השינויים הגראפיים והשינויים בחויית המשתמש העמוקים של חלונות 8 – ישנם גם הרבה מאוד שינויים מאחורי הקלעים, כשלפעמים נדמה שלא ברור לגמרי הכיוון אליו מיקרוסופט מושכת.

למה פתאום מדברים כל כך הרבה על HTML5?
האם סילברלייט ננטש? האם WPF ננטש?
למה בעצם חלונות 8 זה התפתחות טבעית של ההיסטוריה של חלונות, ואיך חלונות 8 יתן לנו, מפתחי הדוט נט, משהו שחיכינו לו במשך יותר מעשר שנים.

Read more: Elad Katz
QR: video-for-the-keynote-session-sdp11-understanding-win8-and-metro-part-2.aspx

Posted via email from Jasper-Net

Split Generic.xaml in Silverlight Applications

If you work with Templated controls in a big Silverlight project, your Generic.xaml might grow fast. Here’s a quick tutorial on how to split the Generic.xaml into multiple resource files.
Step1: Find the resource

You will typically have the control code:

public class TemplatedControl1 : Control {
    public TemplatedControl1() {
        this.DefaultStyleKey = typeof(TemplatedControl1);
    }
}

and the XAML in the Generic.xaml:

Step2: Create a new resource file

Create a copy of Generic.xaml and rename to TemplatedControl1.xaml.
Delete the TemplatedControl1 style from Generic.xaml.
So Generic.xaml looks like:

IDisposable, Finalizer, and SuppressFinalize in C# and C++/CLI

The .NET Framework features an interface called IDisposable. It basically exists to allow freeing unmanaged resources (think: C++ pointers). In most cases, you won’t need IDisposable when writing C# code. There are some exceptions though, and it becomes more important when writing C++/CLI code.

The help page for IDisposable provides the code for IDisposable's default implementation pattern in C#. This article will explain each part of it step by step and also provide the equivalent C++/CLI code in each step.
Summary – for the impatient

Here’s the summary of this article for those who don’t want to read the actual explanations.

Rules:

For a class owning managed resources, implement IDisposable (but not a finalizer).
For a class owning at least one unmanaged resource, implement both IDisposable and a finalizer.

C# code:

class DataContainer : IDisposable {
public void Dispose() {
Dipose(true);
GC.SuppressFinalizer(this);
}

~DataContainer() { // finalizer
Dispose(false);
}

protected virtual void Dispose(bool disposing) {
if (m_isDisposed)
return;

    if (disposing) {
      // Dispose managed data
      //m_managedData.Dispose();
    }
    // Free unmanaged data
    //DataProvider.DeleteUnmanagedData(m_unmanagedData);
    m_isDisposed = true;
}

private bool m_disposed = false;
}

C++/CLI code:

ref class DataContainer {
public:
~DataContainer() {
if (m_isDisposed)
return;

    // dispose managed data
    //delete m_managedData;
    this->!DataContainer(); // call finalizer
    m_isDisposed = true;
}

// Finalizer
!DataContainer() {
// free unmanaged data
//DataProvider::DeleteUnmanagedData(m_unmanagedData);
}

private:
bool m_isDisposed; // must be set to false
};

The Root of all Evil

In C#, all classes are managed by the garbage collector. However, some things just can’t be expressed in pure managed code. In these cases you’ll need to store unmanaged data in a managed class. Examples are file handles, sockets, or objects created by unmanaged functions/frameworks.

Read more: Codeproject
QR: IDisposable-Finalizer-and-SuppressFinalize-in-Csha

Posted via email from Jasper-Net

Catel v2.5 [Updated: Jan 23 2012 by GeertvanHorrik ]

Release Notes
Catel history
=============

(+) Added
(*) Changed
(-) Removed
(x) Error / bug (fix)

For more information about issues or new feature requests, please visit:

http://catel.codeplex.com

Documentation can be found at: http://catel.catenalogic.com

**********************************************************

===========
Version 2.5
===========

Release date:
=============
2011/01/23

Added/fixed:
============
(+) Added MessageMediator that implements the Mediator pattern
(+) Added IValidationSummary to get an easy summary of a IValidationContext
(+) Added ValidationToViewModel attribute to easily get validation summaries mapped onto properties of a view model
(+) Added ViewModel extensions to retrieve a IValidationSummary that includes all child view models as well
(+) Added CommandHelper that allows to automatically hook a command CanExecute to an IValidationSummary
(+) Added SelectTextOnFocus behavior
(+) Added GetBindingExpression extension method for DependencyObject in Silverlight to allow the retrieval of
bindings for non-FrameworkElement types that still do support bindings (such as behaviors and dependency objects)

Crawling Websites with C# and XPath

Trying to index every item of clothing on the internet for Clossit seems like a pretty difficult task but is easy with C# and the HTML Agility Pack library. Our crawler, nick named Monocle, is written using both.

HTML is pretty messy and can be inconsistent between different sites but HTML Agility Pack seems to be able to handle it all and lets you access it all with XPath. In this example we will be crawling Superalloy’s Wikipedia page. After adding the .dll as a reference you can download and load a single page like this:

string url = "http://en.wikipedia.org/wiki/Superalloy";
var wc = new WebClient();
var document = new HTMLDocument();
document.LoadHtml(wc.DownloadString(url));

At this point the document object is holding the html content and is ready to receive XPath queries. Let’s say we’d like to select the title of the page which appears here:

<h1 id="firstHeading" class="firstHeading">Superalloy</h1>

What makes this node unique is the H1 tag with an id of “firstHeading”. We can select this by using XPath

string title = document.SelectSingleNode("//h1[@id='firstHeading']").InnerText;
Console.WriteLine(title);

Dynamic Theme Switching in Silverlight Prism App

INTRO

In my recent consulting assignment I was asked the question by one of the developer , that how can we get dynamic theming working in Prism application.My answer was that you can implement in the same manner as you do in the standard Silverlight application. But then he further asked that there are various regions in the RegionManager and how each views loaded in the different content regions can get unified theme , this encouraged me to try this out and see how it works.I started working on it and viola my answer was correct , there is no difference in implementing dynamic theming in prism specific app. In this blog post I explain you the same. I assume that readers are already aware of Prism library. If you are not then I strongly recommend that you acquire the knowledge of the same. In my example you will see the very basics of Prism app but the library has much more to offer.

GETTING STARTED

I created a very simple PRISM application which had only one Module (ModuleA). This module is loaded on demand when you click on the menu link which is under the ShellView.The application default gets loaded in the BlueTheme but it allows you to change the theme on the fly from the Themes menu. See the screen shot below of both themes.

VBoxHeadless - Running Virtual Machines With VirtualBox 4.1 On A Headless Ubuntu 11.10 Server

This guide explains how you can run virtual machines with VirtualBox 4.1 on a headless Ubuntu 11.10 server. Normally you use the VirtualBox GUI to manage your virtual machines, but a server does not have a desktop environment. Fortunately, VirtualBox comes with a tool called VBoxHeadless that allows you to connect to the virtual machines over a remote desktop connection, so there's no need for the VirtualBox GUI.

I do not issue any guarantee that this will work for you!

1 Preliminary Note

I have tested this on an Ubuntu 11.10 server (host system) with the IP address 192.168.0.100 where I'm logged in as a normal user (user name administrator in this example) instead of as root.

2 Installing VirtualBox

To install VirtualBox 4.1 on our Ubuntu 11.10 server, we open /etc/apt/sources.list...

sudo vi /etc/apt/sources.list

... and add the following line to it:

[...]
deb http://download.virtualbox.org/virtualbox/debian oneiric contrib

Read more: HowtoForge
QR: vboxheadless-running-virtual-machines-with-virtualbox-4.1-on-a-headless-ubuntu-11.10-server

Posted via email from Jasper-Net

Security Compliance Manager 2.5 Beta is here!

The latest version the Microsoft Security Compliance Manager (SCM) tool—version 2.5—is now available for beta download and review!

NEW baselines include:

* Exchange Server 2007 SP3 Security Baseline

* Exchange Server 2010 SP2 Security Baseline

Updated client product baselines include:

* Windows 7 SP1 Security Compliance Baseline

* Windows Vista SP2 Security Compliance Baseline

* Windows XP SP3 Security Compliance Baseline

* Office 2010 SP1 Security Baseline

* Internet Explorer 8 Security Compliance Baseline

SCM 2.5 enables you to quickly configure and manage your desktops and laptops, traditional data center, and private cloud using Group Policy and Microsoft System Center Configuration Manager.

Read more: Ohad Plotnik's Forefront Blog
QR: security-compliance-manager-2-5-beta-is-here.aspx

Posted via email from Jasper-Net

Notification Control in Silverlight

Introduction

We used to see a Notification tool tip in Windows 7/Vista to inform something about particular context. For example, Capslock warning will be given through a balloon tip on Passwordbox, if capslock has ON. Or sometimes low battery information will be displayed on the Taskbar.

Read more: Codeproject
QR: Notification-Control-in-Silverlight

Posted via email from Jasper-Net

Creating Cross-Platform XAML For Microsoft Developers

With Windows 8 on the horizon and the potential for creating Metro-style applications for the desktop, crafting XAML that can be used across Windows Phone, Silverlight and the desktop is receiving greater attention. While Microsoft demoed “change a line of code and recompile” functionality late last year at BUILD, the reality is that there is typically a bit more to consider from a design and usability perspective for the user and true code reuse for the developer.

Recently, Greg Lutz of ComponentOne gave a presentation at Twin Cities – Tech Connection Live on just this topic – XAML Cubed – Developing for the Browser, Desktop and Phone.

Thursday, January 26, 2012

Исходные коды кросс-платформенного фреймворка Enyo 1.0 и 2.0

Компания HP начала выполнять обещанное и выкладывать в open source части webOS. Сегодня ночью состоялся первый подарок — JavaScript-фреймворк Enyo под лицензией Apache 2.0. Теперь это кросс-платформенный фреймворк.

Enyo отлично подходит для создания легковесных и быстрых приложений: ядро Enyo весит всего 13 КБ. На сайте Enyo есть Playground, где можно написать любой код и посмотреть, как он работает.

Скачать Enyo 2.0
Смотреть код на github

HTML5 - Table of Content

כתבתי די הרבה על נושאים שונים של HTML5, וחשבתי לרכז את כולם.

בשונה ממדריכים אחרים שכתבתי, הפוסט הזה אינו מרוכז לפי סדר מסויים, אלא מגוון רחב של פיצ'רים שהסביבה נותנת.

אני מחלק את זה לשינויים ב - HTML, תוספות של CSS ופונקציונליות חדשה ב - JS - כמובן שישנם חידושים שחופפים ואפשר היה להצמיד אותם גם ל - CSS וגם ל - JS, אך מיקמתי אותם היכן שנראה לי יותר מתאים.

חשוב לשים לב שבחלק מהפוסטים יש כותרת של What new in IE8 וכדומה, אל דאגה - כאן שמתי אך ורק פוסטים של HTML5, כלומר שינויים של IE שמוגדרים מהתקן.

HTML

HTML5 - HTML Review - הסיבות למה כדאי לעבור ומה זה בכלל HTML5.

New Elements - הכרת האלמנטים החדשים.

Canvas - הכרת האלמנט שמאפשר לצייר על גבי המסך.

Generic elements - אלמנטים חדשים שהמפתחים ממציאים.

Audio - הכרת האלמנט המאפשר לנגן.

Video - הכרת האלמנט המאפשר להציג וידיאו

Posted via email from Jasper-Net

15 Fresh And Free Download GUI Kits for Android Developers

According to wikipedia Android is a Linux-based operating system for mobile devices such as smartphones and tablet computers , developers are increasingly interested in this platform that’s why today’s post you will find a fresh collection of Android GUI kit for developers , Chech Out them. !

Read more: Best Free Web resources
QR: 15-fresh-and-free-download-gui-kits-for-android-developers.html

Posted via email from Jasper-Net

Free Microsoft Security tools and utilities

We provide a significant range of security tools for use by organizations and at home at a great price - FREE!

The following list is from our complementary monthly 'Security Chronicles' publication available to enterprise customers.

    Microsoft Security Compliance Manager 2 (SCM 2) ...
    Microsoft Baseline Security Analyzer 2.2 (MBSA 2.2)...
    The Microsoft Security Assessment Tool 4.0 (MSAT 4.0) ...
    Microsoft Safety Scanner ...
    The Microsoft Malicious Software Removal Tool (MSRT) ...
    Microsoft Security Essentials (MSE)...
    Windows Defender ...
        The new Windows Defender Offline Beta can also help to remove hard to find malicious programs using definitions that recognize threats.

Posted via email from Jasper-Net

4 Ways to Create Bootable Live USB Drives (For Windows, Linux and Mac OS X)

1. Using UNetbootin (for Windows and Linux)

photobucketUNetbootin allows you to create bootable Live USB drives for a variety of Linux distributions from Windows or Linux, without requiring you to burn a CD. You can either let it download one of the many distributions supported out-of-the-box for you, or supply your own Linux .iso file if you've already downloaded one or your preferred distribution isn't on the list.

UNetbootin has built-in support for automatically downloading and loading the following distributions: Ubuntu, Debian, Fedora, PCLinuxOS, Linux Mint, Sabayon Linux, Gentoo, MEPIS, openSUSE, Zenwalk, Slax, Dreamlinux, Arch Linux, Elive, CentOS, Damn Small Linux, Mandriva, SliTaz, FaunOS, Puppy Linux, FreeBSD, gNewSense, Frugalware Linux, NetBSD but can work with others too.

Read more: Web Upd8
QR: 4-ways-to-create-bootable-live-usb.html

Posted via email from Jasper-Net

Wednesday, January 25, 2012

YouTube's $500,000 hunt for world's best storyteller

Screen_shot_2012-01-19_at_4.02.04_PM_610x337.png

YouTube announced its Your Film Festival project today. One winner will get $500,000 and the chance to turn their story into a worldwide phenomenon.
(Credit: Screenshot by CNET)

If you're a storyteller, wouldn't you want the chance to have "Gladiator" and "Blade Runner" auteur Ridley Scott help you with a project? And wouldn't it be great to have half a million dollars to spend on it?

That could be your future if you're the winner of YouTube's Your Film Festival, a competition to unearth the world's best storyteller that Google's video sharing site announced today.

Hackers zap Zappos: Info from 24 million users stolen

Popular online shoe retailer Zappos.com said late Sunday that hackers had accessed its network, stealing customer account information from as many as 24 million customers.

Credit card information was not stolen, company CEO Tony Hsieh said in a statement sent to users, but email addresses, billing and shipping addresses, phone numbers, the last four digits from credit cards -- and more -- may have been compromised.

"We were recently the victim of a cyberattack by a criminal who gained access to parts of our internal network and systems through one of our servers in Kentucky," reads a statement posted on the company's blog. "We are cooperating with law enforcement to undergo an exhaustive investigation."

The company stressed that credit cards were not affected, and that it has already reset the passwords for existing customers to prevent abuse of the stolen data.

But users could still be at risk, security experts warn.

"This event offers a teachable moment for almost anyone does online transactions," said Ira Victor, a computer forensics and information analyst with Data Clone Labs.

"Many online shoppers use the same password for multiple sites. This means the Amazon or Facebook password maybe the same as the banking password, and the password for workplace email."

"Cybercriminals know that password reuse is very common," Victor said.

CERT Team Improves Security in the New ISO/IEC C Programming Language Standard

January 9, 2012—In the field of information technology, ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) has established a joint technical committee ISO/IEC JTC 1. For the past several years, members of the Secure Coding team in the SEI’s CERT Program have been contributing to the development of a major revision of the ISO/IEC standard for the C programming language. CERT’s efforts have focused on introducing much-needed security enhancements to the language and standard library. These security enhancements include (conditional) support for bounds-checking interfaces (originally specified in ISO/IEC TR 24731−1:2007), (conditional) support for analyzability, static assertions, no-return functions, support for opening files for exclusive access, and the removal of the insecure gets function. In December 2011, the work of the CERT team and industry participants resulted in the release of ISO/IEC 9899:2011, informally referred to as C11. This third edition of the C standard cancels and replaces the second edition, ISO/IEC 9899:1999.

David Keaton, a member of the SEI’s Secure Coding team, served as chair of Task Group PL22.11 C of the International Committee for Information Technology Standards (INCITS). Working with SEI colleagues Robert C. Seacord and David Svoboda, Keaton helped develop, refine, and introduce many of the security enhancements to this major ISO standard revision.

“Security features in C had been limited to the snprintf function, introduced in 1999,” explained Keaton. “Now, the new ISO standard includes an entire new library of secure string functions, plus an optional compilation model that makes C code more understandable by source code analyzers that perform security checks.”

Read more: Software Engineering Institute
QR: iso-standard.cfm

Posted via email from Jasper-Net

Warcraft Soccer

Project Description
Warcraft Soccer is a soccer game built on Warcraft III engine. Similar to real life, the game lets you pass, shoot, jump and even dribble. If you are a Warcraft III player and looking for a fun map to play, give it a try!

JMono

Experimental Project: JMono is a java implemented Mono runtime to attempt to run .NET compiled applications through the Java Virtual Machine without needing to have a separate Mono VM, and possibly some extra assistance with low level C libraries. The main goal is to get Mono programs running on Android through the main Java Dalvik machine.

Design Goals

    Fully implement Mono/.NET 4.0
    Full performance
    Support of Android API
    Support WCF, WPF, WF
    MSIL Interpreter / JIT recompiler

Я медленно удаляю apache с сервера

Есть у меня серверок (да, да, именно серверок, сервером его назвать сложно). Железо старенькое (2 гига оперативы, AMD Athlon(tm) 64 Processor 3500+, програмный RAID). Админю я его сам, без особых навыков и познаний. Когда-то давным давно (больше года назад) поставил на него Debian 5.0 Lenny (это была вторая в жизни установка linux-системы, до этого ставил только Ubuntu на рабочий ноутбук) и панель управления ISPConfig3 по мануалу. Держу на нем несколько (штук 40) сайтов друзей и клиентов, Redmine, SVN и еще немного по мелочам.
Периодически все это безобразие падает (load average > 20), и приходится на сервере раз в пару часов перегружать apache или высасывать из пальца очередную попытку оптимизации. В общем полный раздрай и разруха. И вот в одну прекрасную субботу я подумал — а почему бы не решить вопрос раз и… И вот в общем.

Под катом — история убитых выходных + предыстория. Интересна в первую очередь мне, чтобы потом легко вспомнить что именно и зачем я ставил. Может быть интересна новичкам в интересном и нелегком (ох, ...) деле серверной оптимизации постепенным(!) переводом сайтов из-под Apache c его ModRewrite под Nginx (кстати, правильно это слово читается «энжинкс»меня поправили, Сысоев на конференциях не раз говорил, что название сервера стоит читать, как «энжин-икс», спасибо bayandin и DorBer ). Возможно, будет интересна более-менее опытным товарищам, оказавшимся в тех же условиях (Debian Lenny, ISPConfig3, слабое железо, несколько хороших, не сильно хороших и разных сайтов). И более опытным может быть интересно зайти, оставить пару комментариев.

Краткое содержание этой серии:
Вместо предисловия — Новичок и его сервер
1. Слушаем чужие советы и тратим время на чепуху
2. Реверс-прокси и еще один админ (ставим и коряво настраиваем nginx)
3. Наконец-то взялись за ум (nginx + php-fpm + eAccelerator)

Начнем с истории

Сервер ставился по вот этому мануалу — классический LAMP + Хостинг-панель + phpMyAdmin.
Позже на него поставили Redmine, который пользовали по прямому назначению и SVN. И тот, и другой в качестве web-сервера используют Apache. Один через Passenger, второй через mod_dav_svn. Это важно, потому что Apache после этих установок потяжелел.

הכירות עם AppHarbor: פלטפורמה כשירות (PaaS) לאפליקציות NET. ו- Node.JS

AppHarbor היא פלטפורמה כשירות (Platform-as-a-Service) עבור אפליקציות NET. ו- Node.JS. למעשה מדובר בפלטפורמת ענן מבוססת Windows שיכולה להריץ אפליקציות ושירותים הכתובים ב- NET. ו- Node.JS ולגדול איתם (to scale) לאורך זמן. פשוט “דוחפים” קוד ל- AppHarbor ע”י שימוש ב- Git, הקוד נבנה, מורצים Unit Tests והפרוייקט מוכן לרוץ.

כמו כל פלטפורמת ענן, היא מאפשרת למפתחים להשקיע יותר זמן בפיתוח האפליקציות שלהם מאשר בענייני IT. היתרון בה לעומת פלטפורמות ענן אחרות הוא שלא נדרש לכתוב קוד ספציפי כדי לקחת אפליקציית ASP.NET ולהעלות אותה לענן עם AppHarbor וניתן להעלות אפליקציות כמעט ללא שינויים כלל.
רישום ל- AppHarbor

ניכנס לעמוד הראשי של AppHarbor בכתובת: http://appharbor.com:

Read more: Guy Burstein's Blog
Read more: AppHarbor
QR:

http://chart.googleapis.com/chart?chs=80x80&cht=qr&choe=UTF-8&chl=http://appharbor.com/

Posted via email from Jasper-Net

Linux application/script debugging with ‘strace’

Every now and then, you'll encounter a problem with an application or a script that is not clear straight away. After the normal troubleshooting, it can be helpful to see the actual system calls that occur when that script executes. Using a tool like strace (manpage) can help you in identifying what is causing the system to slow down or misbehave.

In this blogpost I'll show you some examples where strace can be useful for you. Most of it will be with PHP code but they're easy enough anyone can understand them.
Installing strace

Strace isn't installed by default on most distributions. To install, do a simple yum install strace when on CentOS/Red Hat or apt-get install strace on Debian/Ubuntu systems.
Getting output from strace

You can use strace in two different ways. You can attach it to an already running process or you can use it to start a custom application or script and follow all system calls from the very beginning.

In short, here's how it goes. If you want to start your application and troubleshoot it from beginning to end, you do this:

~# strace -f $command
~# strace -f php -q somefile.php

Or you want to attach to a running process, use this:

~# strace -f -p $pid
~# strace -f -p 8151

The -f parameter tells strace to follow any children or processes that are spawned/forked from the application.
Standard usage of strace

By default, strace will show you -all- system calls that your application or script is performing. That can get pretty overwhelming, but it's a good place to start. Take for instance the following simple script called 'test1.php'.

<?php
   /* Simple buggy script */
   for ($i = 0; $i < 5; $i++)
      sleep(1);
?>

Read more: # Defining Chaos In Order
QR:

Posted via email from Jasper-Net