Monday, January 25, 2010

We love our India


ShareThis

Powered by SantaBanta.com

Happy Republic Day -India !


ShareThis




Sunday, January 24, 2010

Gogola (Google) - too funny!


ShareThis

Saturday, January 23, 2010

360 degree view in video


ShareThis
I found a really amzing technology today in which you can view any video in 360 degrees. You can rotate, tilt or zoom your view just by your mouse movements.
You can understand what I am telling about, just by watching 360 degree view of this haiti earthquake video.

http://us.cnn.com/interactive/2010/01/world/haiti.360/index.html

From many years Britanica encyclopedia has been providing 360 angle view of stattic Images. Lately in last year (2009) Google and Microsoft had provided same feature in its online maps [ maps.google.com and maps.bing.com ]

But both the maping technology has 360 degree view data of only certain places.

But the same techniologyin moving videos is really exciting...
Immersive Media is the Company behind all these 360 degree technology.

http://www.immersivemedia.com/

I really loved it.
Its really worth thinking- how the coming years will be in the web technologies...

EtherPad- best tool for Real time document collaboration


ShareThis
Real time document collaboration


Real time document collaboration has always been a buzz topic. I found a really excellent tool for Real time document collaboration. Its called EtherPad.
http://etherpad.com/

This allows super easy way to collaborate with your friends and workers just by simply sending a document link by email or Instant Messaging (IM).

The the big news is that Google Wave's collaboration features runs on the engine of this EtherPad. Google has recently acquired this company and used this technology in its recent product Google Wave.

http://etherpad.com/ep/blog/posts/google-acquires-appjet

EtherPad has released its code and has went open source. So now any one can setup it on their personal internal servers. Check out this:

http://etherpad.com/ep/blog/posts/etherpad-open-source-release

http://code.google.com/p/etherpad/

EtherPad is a must try web app out there on the web.
The bad news is that EtherPad is discontinuing its services from April 1st 2010 as Google has acquired this company and will be providing similar services via Google Wave.

Thursday, January 21, 2010

Magic Brush


ShareThis
Years back in 2003 My software "Magic Brush" won Best of Subject Category Award in Intel Science and Talent Discovery Fair (a National Level Technology Exhibition)
Here is the award details:

http://bit.ly/8PxveO
http://istdf.educationinindia.net/asp/news/winners/results_prizes.asp

Friday, January 15, 2010

Symantec Security "best practices" for system admins


ShareThis
Symantec Security Response encourages all users and administrators to adhere to the following basic security "best practices":
• Use a firewall to block all incoming connections from the Internet to services that should not be publicly available. By default, you should deny all incoming connections and only allow services you explicitly want to offer to the outside world.
• Enforce a password policy. Complex passwords make it difficult to crack password files on compromised computers. This helps to prevent or limit damage when a computer is compromised.
• Ensure that programs and users of the computer use the lowest level of privileges necessary to complete a task. When prompted for a root or UAC password, ensure that the program asking for administration-level access is a legitimate application.
• Disable AutoPlay to prevent the automatic launching of executable files on network and removable drives, and disconnect the drives when not required. If write access is not required, enable read-only mode if the option is available.
• Turn off file sharing if not needed. If file sharing is required, use ACLs and password protection to limit access. Disable anonymous access to shared folders. Grant access only to user accounts with strong passwords to folders that must be shared.
• Turn off and remove unnecessary services. By default, many operating systems install auxiliary services that are not critical. These services are avenues of attack. If they are removed, threats have less avenues of attack.
• If a threat exploits one or more network services, disable, or block access to, those services until a patch is applied.
• Always keep your patch levels up-to-date, especially on computers that host public services and are accessible through the firewall, such as HTTP, FTP, mail, and DNS services.
• Configure your email server to block or remove email that contains file attachments that are commonly used to spread threats, such as .vbs, .bat, .exe, .pif and .scr files.
• Isolate compromised computers quickly to prevent threats from spreading further. Perform a forensic analysis and restore the computers using trusted media.
• Train employees not to open attachments unless they are expecting them. Also, do not execute software that is downloaded from the Internet unless it has been scanned for viruses. Simply visiting a compromised Web site can cause infection if certain browser vulnerabilities are not patched.
• If Bluetooth is not required for mobile devices, it should be turned off. If you require its use, ensure that the device's visibility is set to "Hidden" so that it cannot be scanned by other Bluetooth devices. If device pairing must be used, ensure that all devices are set to "Unauthorized", requiring authorization for each connection request. Do not accept applications that are unsigned or sent from unknown sources.

Tuesday, January 12, 2010

Setting Cursor to End of the Text Box in java script // Asp.net


ShareThis
Setting Cursor to End of the Text Box in java script / Asp.net

1. Declare this function in Head section of ur html/ php /asp.net page

Setting Cursor to End of the Text Box in java script / Asp.net


<script type="text/javascript"></div><div> function SetCursorToEnd(TB) {</div><div> if (TB.createTextRange) {</div><div> var FieldRange = TB.createTextRange();</div><div> FieldRange.moveStart('character', TB.value.length);</div><div> FieldRange.collapse();</div><div> FieldRange.select();</div><div> }</div><div> }</div><div> </div><div> </script>


2.call this function like this


ASP.net

<asp:TextBox onfocus="SetCursorToEnd(this)" ID="txtRate" runat="server" ></asp:TextBox>

HTML

<input type="textbox" onfocus="SetCursorToEnd(this)" id="something" />

Monday, January 11, 2010

Principles of Software Security


ShareThis

Principles of Software Security

Security is a major concern for the Softwares we design.

There are a number of established security principles that apply to the process of software design. These accepted principles help us design secure applications.

Have a look on these Security Principals:

  • Adopt the principle of least privilege. Processes that run script or execute code should run under a least privileged account to limit the potential damage that can be done if the process is compromised. If a malicious user manages to inject code into a server process, the privileges granted to that process determine to a large degree the types of operations the user is able to perform. Code that requires additional trust (and raised privileges) should be isolated within separate processes.


  • Use defense in depth. Place check points within each of the layers and subsystems within your application. The check points are the gate-keepers that ensure that only authenticated and authorized users are able to access the next downstream layer.

  • Don't trust user input. Applications should thoroughly validate all user input before performing operations with that input. The validation may include filtering out special characters. This preventive measure protects the application against accidental misuse or deliberate attacks by people who are attempting to inject malicious commands into the system. Common examples include SQL injection attacks, cross-site scripting attacks, and buffer overflow.

  • Use secure defaults. A common practice among developers is to use reduced security settings, simply to make an application work. If your application demands features that force you to reduce or change default security settings, test the effects and understand the implications before making the change.

  • Don't rely on security by obscurity. Trying to hide secrets by using misleading variable names or storing them in odd file locations does not provide security. In a game of hide-and-seek, it's better to use platform features or proven techniques for securing your data.

    For example, all of your files that contain data like xml files, can be put in App_Data folder in an ASP.net application to make them secure and inaccessible from attackers.
  • Check at the gate. You don't always need to flow a user's security context to the back end for authorization checks. Often, in a distributed system, this is not the best choice. Checking the client at the gate refers to authorizing the user at the first point of authentication (for example, within the Web application on the Web server), and determining which resources and operations (potentially provided by downstream services) the user should be allowed to access.


    If you design solid authentication and authorization strategies at the gate, you can circumvent the need to delegate the original caller's security context all the way through to your application's data tier.

  • Assume external systems are insecure. If you don't own it, don't assume security is taken care of for you.

  • Reduce surface area. Avoid exposing information that is not required. By doing so, you are potentially opening doors that can lead to additional vulnerabilities. Also, handle errors gracefully; don't expose any more information than is required when returning an error message to the end user.

  • Fail to a secure mode. If your application fails, make sure it does not leave sensitive data unprotected. Also, do not provide too much detail in error messages; meaning don't include details that could help an attacker exploit a vulnerability in your application. Write detailed error information to the Windows event log.

  • Remember you are only as secure as your weakest link. Security is a concern across all of your application tiers.

  • If you don't use it, disable it. You can remove potential points of attack by disabling modules and components that your application does not require. For example, if your application doesn't use output caching, then you should disable the ASP.NET output cache module. If a future security vulnerability is found in the module, your application is not threatened.

Key Terminology

  • Authentication. Positively identifying the clients of your application; clients might include end-users, services, processes or computers.

  • Authorization. Defining what authenticated clients are allowed to see and do within the application.

  • Secure Communications. Ensuring that messages remain private and unaltered as they cross networks.

  • Impersonation. This is the technique used by a server application to access resources on behalf of a client. The client's security context is used for access checks performed by the server.

  • Delegation. An extended form of impersonation that allows a server process that is performing work on behalf of a client, to access resources on a remote computer. This capability is natively provided by Kerberos on Microsoft® Windows® 2000 and later operating systems. Conventional impersonation (for example, that provided by NTLM) allows only a single network hop. When NTLM impersonation is used, the one hop is used between the client and server computers, restricting the server to local resource access while impersonating.

  • Security Context. Security context is a generic term used to refer to the collection of security settings that affect the security-related behavior of a process or thread. The attributes from a process' logon session and access token combine to form the security context of the process.

  • Identity. Identity refers to a characteristic of a user or service that can uniquely identify it. For example, this is often a display name, which often takes the form authority/user name.
References:

http://msdn.microsoft.com/en-us/library/aa302381.aspx#secnetch01_whataregoals

Friday, January 8, 2010

Microsoft patterns and practices


ShareThis

Microsoft patterns and practices provides .NET developers with guidance,
tools, libraries, and frameworks to help them build better applications.
Development teams adopting patterns and practices achieved greater
developer productivity and improved ongoing application management and
application performance.

Microsoft patterns and practices helps software architects, developers, and their
teams leverage the Microsoft platform to build better applications. Patterns and
practices guidance, tools, libraries, and frameworks help to simplify the platform,
provide guidance to common problems, and help development teams build looselycoupled
applications. Key components of patterns and practices include:
􀂃 The Enterprise Library is a collection of reusable software components that help
developers with common development needs such as logging, validation, data
access, and exception handling. They can be used “as is” or extended or
modified by developers as needed.
􀂃 SharePoint Guidance helps architects and developers design and build
SharePoint intranet applications.
􀂃 Composite Application Guidance for WPF (formerly code-named Prism) helps
developers build and evolve modular Windows Presentation Foundation and
Silverlight client applications. These applications typically include multiple
screens and role-determined behavior and are designed to change over time
based on business requirements.
􀂃 Web Service Software Factory are patterns, models, and written guidance
integrated with Visual Studio 2008 that are designed to help developers build
Web services.
􀂃 Microsoft ESB Guidance for BizTalk Server 2006 R2 is designed to help
developers leverage the Microsoft BizTalk Server platform to build an
enterprise service bus (ESB).

Read more here