Friday, May 28, 2010

Computer Emergency Response Team of India – A good initiative


ShareThis

Promoted by CERT India and set up in active collaboration with Microsoft India, SecureFirst acts as a neutral body to disseminate information on security for everyone—from home-users to small businesses to the government and corporate sphere.

SecureFirst aims to create awareness among people and to provide exhaustive information on security so that the users are vigilant and ready to combat the online threats and perils.

The Computer Emergency Response Team, India (CERT-In) provides necessary assistance to prevent security breaches. The team also monitors the cyber security scenario in the country.

The endeavour is Supported by NASCOM, CII & Microsoft. This site can be a good resource for Internet users, parents, females and children.
With activities such as Net surfing, online gaming, and chatting becoming more popular, the number of children accessing the Web has increased drastically. Easy accessibility to computers has played a key role in this. However, with such easy access and technology knowledge also comes some responsibility.

There are infinite reasons for being cautious. There is an equally long list of tips and guidelines on maintaining your online privacy and safeguarding your security. The most important of them are mentioned below.

  • Exercise Caution: If a member of a chat room or forum is soliciting your attention or friendship, share it with your parents or elders
  • Be Vigilant: Close any conversation with an online acquaintance the moment you feel uncomfortable; always save the conversation you have with such strangers
  • Be Aware: Do not give out your telephone number or street address, and do not agree to meet any chat friends in person

There are lot of other useful information on the website. A good site for helping on the issues of cyber crime in English, Hindi and Marathi.

The website can be accessed here:

http://www.cert-in.org.in/securepc/

MICROSOFT SECURITY INTELLIGENCE REPORT (SIR)


ShareThis

The Microsoft Security Intelligence Report (SIR) has become established as the most comprehensive and detailed examination of the evolving threat landscape. Microsoft is committed to combating online threats and to educate the industry around today’s evolving threat landscape.

Microsoft has released volume 8 of the Microsoft Security Intelligence Report (www.microsoft.com/sir). This volume of the SIR covers the period from 1st July – 30th December 2009 and builds on telemetry and analysis over the past several years.

Although threats and techniques are becoming more sophisticated worldwide, SIR v8 reinforces that observing security fundamentals, like staying up-to-date on the latest security updates and migrating to newer software, can help IT professionals and home users achieve safer, more trusted Internet experiences. The data shows that malware infection rates on Windows 7 and Windows Vista SP2 are 50 percent less than on its predecessor, Windows XP. Key findings include the following information:

  • Data in SIRv8 shows that techniques used in pursuit of Cybercrime continue to mature, Mirroring Traditional Business Techniques. Cyber criminals are becoming increasingly sophisticated, financially motivated and organized to turn Cybercrime into a business.
  • Security Fundamentals and Technology Innovation Are Raising the Bar on Cybercrime – SIR v8 shows that following security fundamentals and migrating away from older technology can successfully mitigate potential attacks. Using latest versions mean you are less likely to be compromised. Installing security updates is the fundamental Internet security best practice regardless of whether you are using latest versions or old software.
  • We all need to do more to defend against Cybercrime – an industry-wide challenge - Producing software products that continue to contain vulnerabilities that criminals are showing themselves to be increasingly effective at finding and exploiting is a challenge as shown in SIR v8. For instance, a higher proportion of web-based malware exploits succeed against 3rd-party applications rather than the underlying OS or browser, when the OS and browser have been strengthened through security development processes (which I have discussed in the previous issues of Security Focus). Cyber criminals are not going away, but organizations can limit their success by adopting mitigating strategies to protect network, systems and people. No one individual, company, or technology can solve the security and privacy challenges we face online today. Microsoft encourages the global security and privacy communities, individuals and groups of internet users and others throughout the industry to work together through a community-based defense approach to help create a safer, more trusted Internet.
    In India, we have seen
  • that the threat landscape was dominated by malware, which accounted for 77.1 percent of all threats detected on infected computers in 2H09.
  • the most common category in India was Worms, which accounted for 20.6 percent of all infected computers.
  • together, Miscellaneous Trojans and Trojan Downloaders & Droppers made up more than 32 percent of all families detected on infected computers in India in second half of 2009.
  • Four of the eleven most prevalent threats detected in India during second half of 2009 (Win32/Taterf, Win32/Hamweq, Win32/Conficker and Win32/Autorun) spread via mapped drives with weak or missing passwords, removable media (such as USB drives), or a combination of both.
  • Win32/Renos, the second-most prevalent family in India in second half of 2009, was also the second-most prevalent threat detected worldwide. Win32/Renos is a family of trojan downloaders that install rogue security software. (Rogue security software — software that displays false or misleading alerts about infections or vulnerabilities on the victim’s computer and offers to fix the supposed problems for a price — has become one of the most common methods that attackers use to swindle money from victims.)
  • Win32/Taterf ranked first in the world and in India Win32/Taterf ranked third, (Win32/Taterf: A family of worms that spread through mapped drives to steal login and account details for popular online games.)
  • Win32/Ardamax, the fourth-most prevalent family detected in India in second half of 2009, does not appear in the top 25 families detected worldwide. Win32/Ardamax is a key-logger program that can capture user activity and save it to a text or HTML file. Win32/Ardamax can be configured to send these files via e-mail to a predefined address.

Extract from Microsoft Newsletter.

The Complete report can be read here:
http://www.microsoft.com/security/about/sir.aspx

Saturday, May 22, 2010

Full Social Media Integration for Marketing


ShareThis

Tuesday, May 18, 2010

Web 3.0 –The semantic web


ShareThis
Web3.0 The semantic web.The Semantic Web provides a common framework that allows data to be shared and reused across application, enterprise, and community boundaries. It is a collaborative effort led by W3C with participation from a large number of researchers and industrial partners. It is based on the Resource Description Framework (RDF). Wikipedia describes Semantic web as,The Semantic Web is an evolving development of the World Wide Web in which the meaning (semantics) of information on the web is defined, making it possible for machines to process it.According to semanticweb.org,The Semantic Web is the extension of the World Wide Web that enables people to share content beyond the boundaries of applications and websites. It has been described in rather different ways: as a utopic vision, as a web of data, or merely as a natural paradigm shift in our daily use of the Web. Most of all, the Semantic Web has inspired and engaged many people to create innovative semantic technologies and applications. semanticweb.org is the common platform for this community

Semantic web is the future. I assume the coming era will be of semantic web.

I found a really good presentation that well describes web 1.0, web 2.0 and web 3.0 in detail with suitable examples.

It’s a must watch presentation for Web designers, developers, planners, architects and IT businessmen.Presentation by: Hatem Mahmoud.

Semantic Web a simple description:

The semantic web stack described by Wikipedia:

Another good presentation on web evolution from web 0 to web 3.0 by Liam O'Morain
can be found on youtube:

Few places I would suggest to go to for learning more on semantic web :

http://www.w3.org/2001/sw/

http://semanticweb.org/wiki/Main_Page

http://en.wikipedia.org/wiki/Semantic_Web

http://www.w3.org/2001/sw/SW-FAQ

For developers here is :

A Semantic Web Primer for Object-Oriented Software Developers

Web 3.0 –The semantic web


ShareThis
Web3.0 The semantic web.I found a really good presentation that well describes web 1.0, web 2.0 and web 3.0 in detail with suitable examples.

Presentation by: Hatem Mahmoud.

Saturday, May 15, 2010

Understanding Concurrency Control in SQL Server


ShareThis

Understanding Concurrency Control Options

When multiple users need to access the same data simultaneously, or better yet, update it concurrently, SQL Server must somehow control how these reads and writes to the database are carried out. The two basic controlling options are transaction isolation levels and--especially when updating data--locks.

You are probably familiar at least with the concept of both. However, SQL Server is a complex product, and thus both transaction isolation levels and locking have dozens of different options that will affect the way your applications behave when multiple users use the same database objects simultaneously. Depending on the options selected and the order of events occurring (read, then write, or the other way around), different operations are done by the database server.

Concurrency control is usually divided into two broad categories: pessimistic and optimistic concurrency control. Shortly put, pessimistic concurrency assumes that multiple users will try to update the same rows often, and thus locking is used to control the order in which updates succeed and which will have to wait.

On the other hand, optimistic concurrency can be said to assume the opposite: updates to the same database objects (table rows in particular) are few, and thus an error message on the client is enough to handle the situation when a second user tries to update the same object.

Of course, these are only the broad lines. To understand concurrency control and locking in detail, it's best to start with a quick overview of transaction isolation levels in SQL Server 2008.

 

Briefly About Transaction Isolation Levels

SQL Server 2008 (Figure 1) supports five transaction isolation levels, each of which is part of the SQL standard from 1992. The main idea of different isolation levels is to control how other users (technically, other transactions) see modifications (inserts, updates and deletes) from other transactions. In addition, they specify how locks are being held, which in turn affects performance: how many users can read and write the same database objects at the same time.

 

The isolation levels supported by SQL Server 2008 are named READ UNCOMMITTED, READ COMMITTED, REPEATABLE READ, SNAPSHOT, and SERIALIZABLE. The READ UNCOMMITTED is the least restricted level, and allows reading changes made by other transactions, even if those changes have not yet been committed. The other end of the spectrum is SNAPSHOT, which specifies that a transaction can only read committed data that existed when the transaction started. No chances will be visible during the lifetime of a transaction using the snapshot isolation.

The transaction isolation level can be set using T-SQL statements, but more commonly, it is set using the class libraries used by the application code. For instance when using the ADO.NET SqlConnection class (in the

System.Data.SqlClient

namespace), you can use the

BeginTransaction

method to specify which isolation level you want to use. The

IsolationLevel

enumeration is used to specify the preferred option, and it defaults to

ReadCommitted

. This corresponds to the database engine level

READ COMMITTED

.

Understanding Locking Modes

To gain an understanding of how locking works, you need to be aware of different transaction levels and the different lock modes ("types") supported by SQL Server 2008. The following list shows the most common lock modes, along with their abbreviation in parenthesis:

  • Shared locks (S)
  • Update locks (U)
  • Exclusive locks (X)
  • Intent locks (I)
  • Schema locks (two types, SCH-M and SCH-S)
  • Bulk Update locks (BU)
  • Key-range locks (R)

SQL Server supports many different lock modes and this can be somewhat complex at times. Learning is best to start from exclusive locks, which are the easiest to understand. Shortly put, an exclusive lock (X) is placed on a database object whenever it is updated with an INSERT or UPDATE statement.

At the other end of the spectrum, the shared locks (S) is put to a database object whenever it is being read (using the SELECT statement), depending on the selected transaction isolation mode. Between the shared and exclusive locks, there is the update lock (U), which can be thought of as an in-between mode between shared and exclusive locks. The main purpose of the update lock is to prevent deadlocks where multiple users simultaneously try to update data.

Intent locks are used to indicate that a certain lock will be later placed on a certain database object. Intent locks are used because locks can form hierarchies. Intent locks prevent the potential situation where a newly-acquired lock might invalidate locks on a lower level in the hierarchy.

Finally, schema locks (SCH-M and SCH-S) are used to prevent changes to object structure, bulk update locks (BU) are used when updating or inserting multiple rows using a bulk update, and key-range locks (R) are used to lock ranges of keys in an index. Key-range locks are used with the SERIALIZABLE transaction isolation level to prevent phantom reads, for instance.

In addition to singular locking modes, certain locking modes can be combined with one another. This is especially true with intent locks, which are can be form pairs such as intent shared (IS), intent update (IU), and so forth.

Because maintaining locks can be an expensive operation performance-wise, SQL Server supports a feature called multigranular locking. This means that locks can be placed on different levels, depending on the situation. For instance, a lock can be places on a single table row, a table page (internal storage unit), an entire table, and so on. Sometimes, SQL Server needs to place multiple locks on different levels. These locks then form a locking hierarchy, and intent locks play a role in this, as described above.

Lock Compatibility and Reading Information About Locks

As an application developer or a database administrator, you need to understand how locking works. Part of this understanding is to know how locking compatibility affects your applications. SQL Server calls this technically lock compatibility, but some of it is just common sense: an update cannot be made while another user has already locked the same data exclusively.

Because there are over 20 different locking mode combinations in SQL Server 2008, the SQL Server documentation (Books Online, BOL) contains a complete matrix of all the different locking combinations and their outcome. For instance, will the two types of locks live peacefully together (no locking conflict), or will either an error or delay occur (a conflict)? When using ADO.NET, a statement that causes a lock conflict will usually wait until a timeout occurs, or until the lock is released by another transaction. As locking compatibility has dozens of tiny options, for the purpose of this article, it is enough to understand the main rule: if a database object is already locked by another transaction, a new lock can only be placed on the object if the two lock modes are compatible with one another. Also, almost no other lock type is compatible with the exclusive (X) lock, meaning that if an exclusive lock is already placed on the object, most later lock requests fail.

How SQL Server places locks on object depends on the transaction isolation level currently active. For instance, the default read committed isolation mode does not place shared locks when reading data (think SELECT statements), but if the isolation level is for example repeatable read (a step higher level), then shared locks will be placed on objects that are being read. This is to make sure the identical data can be read again.

All this sounds interesting, but how could you see locking in action yourself? The answer lies in a system view called sys.dm_tran_locks kept by SQL Server. You can query this view, and thus find information about locking in real-time. Although you could use the SQL Server Management Studio to retrieve this information, it's easy to write a .NET application with C# that shows you the results in a nice, easy-to-read grid.

Such an application can be seen in Figure 2. On the left, you can see the application's main form, which contains several buttons to connect and disconnect from the database, start a transaction with the selected transaction isolation level and either commit or roll back the transaction. At the bottom, you can find a button to execute the entered SQL statement (such as SELECT or UPDATE), and finally the button to open the Locks window, shown on the right. From this window, you can see locks acquired by SQL Server. The lock mode abbreviation (such as S or X) is shown in the request_mode column.

 

Figure 2. A simple .NET application can easily retrieve real-time information about locks

The implementation of the application is very straightforward, and uses classes such asSqlConnection, SqlTransaction and SqlCommand from the familiar System.Data.SqlClient namespace. For instance, the following code is executed when the Start Transaction button is clicked:

private void startTransactionButton_Click(  object sender, EventArgs e)
{  IsolationLevel isolation = new IsolationLevel();  switch (isolationLevelComboBox.SelectedIndex)  {    case 0: isolation = IsolationLevel.ReadUncommitted;        break;    case 1: isolation = IsolationLevel.ReadCommitted;        break;    case 2: isolation = IsolationLevel.RepeatableRead;        break;    case 3: isolation = IsolationLevel.Serializable;        break;    case 4: isolation = IsolationLevel.Snapshot;        break;  }  transaction = connection.BeginTransaction(isolation);  MessageBox.Show("Transaction has been started.", this.Text);
}


With this application, you can execute any SQL statement you prefer against the selected SQL Server database. For instance when using the Northwind database that is one of SQL Server's sample databases, you could test reading with statements like following:



SELECT *
FROM Customers


It is exciting to try to run this statement with different transaction isolation levels and note how locking changes. For instance when the repeatable read isolation mode is selected, the locks window will display many shared locks on the Customers table (Figure 3). In a similar fashion, if you execute an UPDATEstatement, you can see that exclusive locks will be placed on the table keys (see again Figure 2).






(Full Size Image)


Figure 3. On the right, many shared (S) locks can be seen after a simple SELECT statement is executed using the repeatable read transaction isolation level.



This is the code that is able to retrieve the locking information from the sys.dm_tran_locks view:



private void refreshButton_Click(object sender, EventArgs e)
{  SqlConnection connection =    new SqlConnection(connectionString);  string sql = "SELECT TOP 2000 [resource_type], " +      "[resource_description], [request_mode], " +      "[request_type], [request_status] " +      "FROM [sys].[dm_tran_locks] " +      "WHERE ([resource_type] <> 'DATABASE')";  SqlDataAdapter adapter = new SqlDataAdapter(sql, connection);  DataTable locks = new DataTable();  adapter.Fill(locks);  // show the results on screen  locksDataGridView.DataSource = locks;    // free resources  adapter.Dispose();  connection.Dispose();
}


The actual SELECT statement executed to retrieve locking information is the following:



SELECT TOP 2000 [resource_type], [resource_description],
[request_mode], [request_type], [request_status]
FROM [sys].[dm_tran_locks]
WHERE ([resource_type] <> 'DATABASE')


Notice how the "TOP 2000" limitation is set as a safeguard against slowing down the database, if there are thousands of locks active currently. Furthermore, the resource type "DATABASE" is excluded from the results, as this lock type is always placed on a database level for each active connection to the database, and thus isn't relevant information for the purposes of this article.



Conclusion



Locking is an imperative feature in any database supporting multiple, simultaneous users. In SQL Server, locking is closely tied to transaction isolation levels. These two features together largely control how simultaneous reads and writes are coordinated in SQL Server.



In this article, you learned the basics of SQL Server 2008's locking, and saw how you can retrieve real-time locking information by querying a system view from your own code. An application similar to the one shown in this article is a great way to learn how SQL Server implements locks, as you can directly observe the locks in place after you've executed an SQL statement with a transaction isolation mode of your choice.



If you are interested in learning more about SQL Server's locking features, the Books Online (BOL) is an invaluable place to start and find reference information. When you study locking further, you can also learn about more advanced features such as lock escalation, lock partition and table hints with the WITHkeyword. But these are topics for another article.



Originally written by :Jani Jarvinen | Taken with thanks from :  CodeGuru

Different office designations and attitudes:


ShareThis

Different office designations and attitudes:

 

1) Project Manager is a Person who thinks nine women can deliver a baby in One month.

 

2) Developer is a Person who thinks it will take 18 months to deliver a Baby.

 

3) Onsite Coordinator is one who thinks single woman can deliver nine babies in one month.

 

4) Client is the one who doesn't know why he wants a baby.

 

5) Marketing Manager is a person who thinks he can deliver a baby even if no man and woman are available.

 

6) Resource Optimization Team thinks they don't need a man or woman; they'll produce a child with zero resources.

 

7) Documentation Team thinks they don't care whether the child is delivered, they'll just document 9 months.

 

8) Quality Auditor is the person who is never happy with the PROCESS to Produce a baby .

 

and lastly.................

9) Tester is a person who always tells his wife that this is not the Right baby

Tuesday, May 11, 2010

How to access public members and controls of master page in a child (content) page and Accessing Content page functions from a Master page


ShareThis

How to: Reference ASP.NET Master Page Content

You can write code in content pages that references properties, methods, and controls in the master page, with some restrictions. The rule for properties and methods is that you can reference them if they are declared as public members of the master page. This includes public properties and public methods. You can reference controls on the master page independently of referencing public members.

To reference a public member on the master page
  1. Add a @ MasterType directive in the content page. In the directive, set the VirtualPath attribute to the location of the master page, as in this example:

    <%@ MasterType virtualpath="~/Masters/Master1.master" %>


    This directive causes the content page's Master property to be strongly typed.





  2. Write code that uses the master page's public member as a member of the Master property, as in this example, which assigns the value of a public property named CompanyName from the master page to a text box on the content page:



    Visual Basic



    CompanyName.Text = Master.CompanyName


    C#



    CompanyName.Text = Master.CompanyName;




To reference a control on the master page




  • Use the FindControl method, using the value returned by the Master property as the naming container.



    The following code example shows how to use the FindControl method to get a reference to two controls on the master page, a TextBox control and a Label control. Because the TextBox control is inside a ContentPlaceHolder control, you must first get a reference to the ContentPlaceHolder and then use its FindControl method to locate the TextBox control.



    Visual Basic



    Sub Page_Load()
    Dim mpContentPlaceHolder As ContentPlaceHolder
    Dim mpTextBox As TextBox
    mpContentPlaceHolder = _
    CType(Master.FindControl("ContentPlaceHolder1"), _
    ContentPlaceHolder)
    If Not mpContentPlaceHolder Is Nothing Then
    mpTextBox = CType(mpContentPlaceHolder. _
    FindControl("TextBox1"), TextBox)
    If Not mpTextBox Is Nothing Then
    mpTextBox.Text = "TextBox found!"
    End If
    End If

    ' Gets a reference to a Label control not in a
    ' ContentPlaceHolder
    Dim mpLabel As Label
    mpLabel = CType(Master.FindControl("masterPageLabel"), Label)
    If Not mpLabel Is Nothing Then
    Label1.Text = "Master page label = " + mpLabel.Text
    End If
    End Sub


    C#



    void Page_Load()
    {
    // Gets a reference to a TextBox control inside
    // a ContentPlaceHolder
    ContentPlaceHolder mpContentPlaceHolder;
    TextBox mpTextBox;
    mpContentPlaceHolder =
    (ContentPlaceHolder)Master.FindControl("ContentPlaceHolder1");
    if(mpContentPlaceHolder != null)
    {
    mpTextBox =
    (TextBox) mpContentPlaceHolder.FindControl("TextBox1");
    if(mpTextBox != null)
    {
    mpTextBox.Text = "TextBox found!";
    }
    }

    // Gets a reference to a Label control that not in
    // a ContentPlaceHolder
    Label mpLabel = (Label) Master.FindControl("masterPageLabel");
    if(mpLabel != null)
    {
    Label1.Text = "Master page label = " + mpLabel.Text;
    }
    }


  • =====================================================


Accessing Content page functions from a Master page


We can use VB’s CallByName function to call a function in the Content page. This will allow us to have, e.g., the validation function for a form stored within the form and thus have different validations for each form. Suppose we have functions in a Content page like:



Collapse



' function that receives a string and returns a string 
Public Function ValidateMe(ByVal strInput As String) As String
ValidateMe = "The input was: " + strInput
End Function

' function that receives an Integer and returns an Integer
Public Function SumMe(ByVal Input1 As Integer, _
ByVal Input2 As Integer) As Integer
SumMe = Input1 + Input2
End Function


Then, we can call them from the Master page by setting up wrapper functions that connect to the Content page object, and do the CallByName.



Collapse



Private Function CallContentPageStringFunction(ByVal FunctionName _
As String, ByVal aParamArray() As String) As String
Dim mpContentPlaceHolder As ContentPlaceHolder
mpContentPlaceHolder = _
CType(FindControl("DetailsMaster_ContentPlaceHolder"), _
ContentPlaceHolder)
CallContentPageStringFunction = CallByName(mpContentPlaceHolder.Page, _
FunctionName, vbMethod, aParamArray)
End Function

Private Function CallContentPageIntegerFunction(ByVal FunctionName _
As String, ByVal aParamArray() As String) As Integer
Dim mpContentPlaceHolder As ContentPlaceHolder
mpContentPlaceHolder = _
CType(FindControl("DetailsMaster_ContentPlaceHolder"), _
ContentPlaceHolder)
CallContentPageIntegerFunction = CallByName(mpContentPlaceHolder.Page, _
FunctionName, vbMethod, aParamArray)
End Function


Then, we can pass parameters and get the return value as shown here:




  1. Using strings:

    Collapse



    Dim aParams(0) As String 
    aParams(0) = "Stand Up and Fight"
    Dim strReturnValue As String = _
    CallContentPageStringFunction("ValidateMe", aParams)


    The return value in this case will be "The input was: Stand Up and Fight".




  2. Using integers:

    Collapse



    ReDim aParams(1) 
    aParams(0) = 10
    aParams(1) = 12
    Dim intRet As Integer = _
    CInt(CallContentPageIntegerFunction("SumMe", aParams))


    The return value in this case will be 220.





References:



(MSDN) http://msdn.microsoft.com/en-us/library/xxwa0ff0(VS.90).aspx



(CodeProject) http://www.codeproject.com/KB/aspnet/Master_and_Contents.aspx