Configuring Visual Studio to Debug .NET Framework Source Code
It’s finally here - the launch of the .NET Reference Source project. This post (hopefully!) contains everything you need to know. Over the past few weeks, we ran a pilot of this feature and collected lots of great data that helped us work through some issues and understand where people were likely to have problems.

First, though, if you have any problems, please make sure you’ve followed all of the steps exactly as described. If you’re still having problems, please check the FAQ/Troubleshooting section at the bottom. If that doesn’t work, post a comment below and I’ll look into it.

BASIC SETUP
Note this functionality is not available on the Express versions of the Visual Studio 2008 products.

1) Install the Visual Studio 2008 QFE. This Hotfix just updates a DLL that’s part of the Visual Studio debugger that fetches the source files, more details on the download page.

UPDATE: If you get an error installing the Hotfix , try inserting your VS 2008 DVD and then running the Hotfix EXE again. We’re looking into the root cause - it’s related to having a prior version of VS 2008 (e.g. Beta 2) installed on the machine. But this workaround should allow the Hotfix to install properly.

UPDATE (1/18): There were some problems with the QFE link above that have been addressed, sorry for the inconvenience, it’s fixed now.

2) Start Visual Studio 2008 and bring up Tools > Options > Debugging > General. If you are running under the Visual Basic Profile, you will need to check the box on the lower left of the Options Dialog marked “Show All Settings” before continuing (other profiles won’t have this option).

(more…)

The Beauty of Maths!

1 x 8 + 1 = 9
12 x 8 + 2 = 98
123 x 8 + 3 = 987
1234 x 8 + 4 = 9876
12345 x 8 + 5 = 98765
123456 x 8 + 6 = 987654
1234567 x 8 + 7 = 9876543
12345678 x 8 + 8 = 98765432
123456789 x 8 + 9 = 987654321
1 x 9 + 2 = 11
12 x 9 + 3 = 111
123 x 9 + 4 = 1111
1234 x 9 + 5 = 11111
12345 x 9 + 6 = 111111
123456 x 9 + 7 = 1111111
1234567 x 9 + 8 = 11111111
12345678 x 9 + 9 = 111111111
123456789 x 9 +10= 1111111111
9 x 9 + 7 = 88
98 x 9 + 6 = 888
987 x 9 + 5 = 8888
9876 x 9 + 4 = 88888
98765 x 9 + 3 = 888888
987654 x 9 + 2 = 8888888
9876543 x 9 + 1 = 88888888
98765432 x 9 + 0 = 888888888
Brilliant, isn’t it?

And finally, take a look at this symmetry:
1 x 1 = 1
11 x 11 = 121
111 x 111 = 12321
1111 x 1111 = 1234321
11111 x 11111 = 123454321
111111 x 111111 = 12345654321
1111111 x 1111111 = 1234567654321
11111111 x 11111111 = 123456787654321
111111111 x 111111111 = 12345678987654321

 

Wireless networks: What impact will 802.11n have?

What impact will 802.11n have? Which security threats are scariest? What of wireless VoIP?

How will 802.11n high-throughput wireless LANs affect the corporate net?

A surprising number of wireless LAN vendors have recently announced enterprise access points based on the draft IEEE 802.11n standard, promising throughput of 100M to 200Mbps per frequency band, or from three to six times that of today’s 11g and 11a nets.

Whether network managers opt for the draft 11n products, certified interoperable by the Wi-Fi Alliance, or wait for the final IEEE ratification in late 2008 or early 2009, they could face any of these four issues: overloading part of the wired infrastructure; overloading existing, older wireless LAN switches; forcing an upgrade to higher-powered Power-over-Ethernet ; and repositioning and rewiring some number of existing wireless access points.

Most of the new access points will come with one or even two Gigabit Ethernet ports. “We’re mostly ‘100 meg’ to our buildings,â€? says Michael Dickson, network analyst at University of Massachusetts at Amherst . “[For 11n,], we’ll need gigabit switches in the closet with 10-gigabit uplinks. That’s a definite cost, almost a necessary cost for 11n.â€?

“11n adds an incentive to go to ‘gigE’ [in the wired infrastructure] ,� says Craig Mathias, principal with Farpoint Group.

One related issue with upgrading a cable plant, given the capacity of 11n, is whether to upgrade the Ethernet wall jacks, a decision about whether the wireless infrastructure becomes the principal means of network access.

If existing wireless LAN controllers also lack the net capacity, and the needed processing power and memory to handle the increased traffic, they’ll have to be replaced, especially if the vendor has a purely centralized architecture with every packet running from each access point to the controller. Vendors have been upgrading their controllers over the past year with 11n in mind, sometimes also offloading the packet switching functions to the access points, creating a distributed data plane.

“With this kind of distributed data plane, there’s no bottleneck at the controller,� says Mathias. “If you have Meru or Extricom, you have centralized data and control planes. But if you design the box to handle whatever is thrown at it, it’s not a problem.�

Benchmarking wireless performance to verify such things as workloads and traffic conditions is likely to become much more important for 11n nets. To do this, enterprises or systems integrators will use complex performance- testing tools, such as those from VeriWave and Azimuth Systems, which previously had been used mainly by radio chip makers and equipment manufacturers. “This will be a big thing down the road,� Mathias predicts.

The Power over Ethernet (PoE) issue may catch some users by surprise. “The PoE infrastructure may have its upper limits tested by 11n deployments [that are] used to their maximum capabilities,� says Chris Silva, analyst at Forrester Research.

PoE lets you run just one cable between switch and access point, instead of two, potentially a big cost saving. But the 11n access points draw more electricity than the 15.4 watts maximum provided by power injectors based on the IEEE 802.3af standard. That will at least double with a new standard, 802.3at, now being finalized. At least one vendor, Trapeze, has created new code that can let its just-announced 11n access point make use of existing PoE injectors, but there are tradeoffs in terms of performance.

“The promise of 11n is more than simply going faster,� says Phil Belanger, managing director for Novarum. “The increased range of 11n will make it more practical to deploy large systems using the 5-GHz band, which has many more channels than the 2.4-GHz and has not been used very much to date. That, in turn, will enable much higher capacity wireless LANs. For many enterprises, a wireless network that delivers hundreds of megabits of capacity everywhere will be good enough to be the only network.�

We’ve identified three, but we’ll treat one of them (denial of service)

The other two threats are emblematic of two very different human dynamics: one springs from the increasing cunning of attackers, the other from the continuing ignorance of users and even IT professionals about the nature of wireless threats.

In 2006, researchers identified problems with wireless interface device drivers that could be exploited in various ways by attackers. Drivers function at the level of the operating system kernel, where malicious code potentially has access to all parts of the system.

Typically, these driver vulnerabilities involve manipulating the lengths of specific pieces of information contained in the wireless management frames, causing a buffer overflow where a malicious payload can be executed, according to Andrew Lockhart, security analyst with Network Chemistry.

“A driver will process these data elements whether or not [the adapter is] associated with an access point. So the combination of simply having a powered-on wireless card with a vulnerable driver can leave a user open to attack,� he says.

The obvious solution is to replace the vulnerable drivers. But that is an ad hoc process. “In the Windows world, most wireless drivers are part of a third-party software package, so they don’t get updated with a Windows update, which makes it troublesome to eliminate the problem, and it will likely be a problem for a while,� he says.

Attackers are becoming smarter about what and how they attack, increasingly using evasion tactics to sidestep or confuse wireless intrusion detection/preventio n applications (IDS/IPS). The long-term solution is smarter IDS/IPS systems that can more comprehensively monitor and analyze wireless traffic and behaviors. But researchers, such as those at Dartmouth College ’s Project MAP (for measure, analyze and protect) are only in the early stages of such work.

The second wireless threat is related to the fact that many mobile users seem to be not getting smarter about wireless security.

“The biggest threat is people who use open Wi-Fi access points and don’t use encryption or VPNs,� says David Kotz, Dartmouth professor of computer science and one of the lead Project MAP researchers. “They trust some random hot spot operator or open access point somewhere with their personal or professional data. People are careless.�

That’s putting it diplomatically.

Security consultant Winn Schwartau likes to tell how his then-12-year- old son used a Windows-based Palm Treo to wirelessly eavesdrop on business executives using laptops or PDAs on an airport or other public Wi-Fi net. He routinely collected username/password combinations to corporate nets. “My son had passwords to 40 of the Fortune 100 [nets],� he says.

The key vulnerability was these users, even if they used an encrypted VPN tunnel to access the corporate net, repeatedly used an unencrypted wireless link to access Internet mail or other Web sites in the clear, allowing the younger Schwartau to collect information to access the user’s Web mail account. He then used it to send the user an e-mail from his own account. “I can then infect that machine [with malicious code], and have access to your VPN account,� Schwartau says.

The inverse of this problem is allowing personal mobile devices, which have been exposed to the Internet in the wild, to connect to corporate nets. “Normal security standards and procedures are often ignored when users are allowed to connect their own devices,� says Lora Mellies, information security officer at Hartsfield-Jackson Atlanta International Airport . “For instance, there may be no scheme to regularly back up the information, no firewall or antivirus protection installed, and no use of encryption for confidentiality or [of] tokens/certificates for strong authentication.�

“No one can define the perimeter [of the corporate net] anymore,� says Schwartau. “The rule is: ‘Thou shalt connect nowhere except to the corporate network; once you’re there, you can do whatever you want, but we’ll be watching you.’�

This threat will only get worse as the number of ill-trained mobile users grows, along with the ballooning amount of sensitive or proprietary corporate data on their mobile devices.

Is wireless [Wi-Fi-based] VoIP worth the bother?

Judging from the market, where enterprises vote with their dollars, the answer so far is, “Generally, no� at least for large-scale deployments.

There are exceptions, though rare, and they tend to prove the rule. One of the most often cited is Osaka Gas, in Japan . The utility used Meru Networks’ WLAN infrastructure to support 6,000 mobile phones that were equipped with cellular and Wi-Fi network interfaces. The price tag for the whole project: $10 million.

The reluctance to embrace large-scale wireless VoIP isn’t suprising. Enterprisewide wireline VoIP deployments have only fairly recently found traction, and many of these have been angst-ridden. To be fair, often the angst is created by specific issues or problems at a given enterprise site.

But using a wireless connection in place of a wire adds lots of complexities, solutions to which are only slowly maturing. Access points have to be pervasively distributed to support voice traffic, while radio interference can easily affect voice quality or call sessions. Wireless eavesdropping on unsecured VoIP sessions is another worry for enterprise managers.

And it’s difficult to pinpoint savings, says Forrester’s Chris Silva. “Wireless VoIP has been positioned as a way to replace cellular minutes of use,� he says. “But corporate IT doesn’t have a good handle on what they’re actually spending on this: It’s often just expensed. So it’s hard to make a case for savings and hard therefore to make a case for investing in VoIP over WLAN.�

Over the course of three months we tested WLAN switches and access points from Aruba Wireless Networks, Chantry Networks (now Siemens), Cisco and Colubris Networks in terms of audio quality QoS enforcement, roaming capabilities, and system features.

Among his findings:

* With QoS enforcement turned on, and with only voice traffic on the net, calls nearly matched toll-quality audio.

* With even a small amount of data traffic, dropped calls became common and audio quality was poor, even with QoS still enabled.

* Roaming from one access point to another either failed or took so long, from 0.5 to 10 seconds, that calls dropped.

Those findings reflect some of the experience at Dartmouth College , which embraced a limited VoIP deployment on its pervasive Aruba-based campus wireless LAN four years ago. Initially, some college staff used the wearable mobile VoIP phone from Vocera. There were some problems with roaming, according to David Bucciero, Dartmouth director of technical services, who despite these teething pains is one who says wireless VoIP is worth the hassle.

More recently, the college has added just under 100 Cisco 7920 wireless VoIP handsets which “were flawless,� though latency was an issue early in the deployment, says Bucciero. Reducing those delays has been an ongoing tuning process, working closely with both Aruba and Cisco, the wireline net vendor for the college.

Things have changed in two years, including the advent of the 802.11e QoS standard, augmented by continued proprietary QoS tweaks, and faster handoffs between access points.

But the real change has been the growing interest in, and products for, shifting call sessions automatically between cellular and Wi-Fi nets. At the enterprise level, this convergence entails an IP PBX, usually a Session Initiation Protocol (SIP) server, the WLAN infrastructure, new specialized servers from start-ups like Divitas and established players like Siemens, and accompanying client code running on so-called dual-mode handsets, which have both a cellular and a Wi-Fi radio.

Dartmouth is doing exactly this, running a pilot test with the Nokia E61i, a dual-mode mobile phone recently introduced in the United States as part of its convergence partnership with Cisco. The handsets use SIP to talk to the Cisco CallManager IP PBX.

“Cellular and Wi-Fi convergence is the real pull for VoIP over wireless LANS,� says Farpoint’s Mathias. “Once that [convergence] happens, then we can converge dialing directories, voice mail, other services, and have one phone that works everywhere.�

Will my organization need to change to support enterprise mobility?

Yes.

A growing number of companies are moving beyond or even ignoring mobile e-mail in favor of mobilizing line-of-business applications.

“When you start rolling out these applications over a wider expanse, the questions become ‘how can I lower costs of existing operations’ or ‘how can I provide new opportunities to grow revenue,’� says Bob Egan, chief analyst with TowerGroup, a Needham, Mass., consulting company. “These questions force you into thinking in a strategic mode versus an ad hoc mode.�

In a 2006 TechRepublic survey, 370 U.S. IT and business professionals said they were targeting the following applications for mobilization (respondents could pick more than one answer): intranet access (chosen by 23%), field service/data entry/data collection (21%), personal information management (19%), customer relationship management or sales force automation (16%), supply chain management (12%), and ERP (nearly 10%).

The justification for making these applications mobile is increased worker productivity and efficiency, which was cited as “extremely significant� by 35% of the same respondents. The two other top justifications (“extremely significant�) were reduced costs, cited by nearly 30%, and improved data collection and accuracy, cited by 28%. In all three cases, larger percentages cited these justifications as “significant.�

Successfully exploiting such applications and achieving these goals requires changes in such diverse areas as employee and manager responsibilities and accountability, network access and authentication, mobile device management, end user and wireless networking tech support, and security and data-protection policies and enforcement.

“If you don’t actively manage [mobile] workforce issues, including human resources and psychological issues as well as technology, you don’t get the full value,� says John Girard, vice president for Gartner. “In the end, the most important parts are the human parts: How do you monitor work, how do you assign responsibility, and do you understand what your team is doing?�

To make this possible, Gartner recommends consolidating an array of mobile provisioning, management and security functions (such as vulnerability assessment, security configuration, standard software image control, security and performance monitoring), shifting routine functions from the security group to the operations group, and forging joint policy development between those groups. One goal of this approach is to minimize the number of individual software products that target subsets of mobility issues but can’t share information and aren’t part of a strategic mobility plan.

“If you have different policies for different platforms [desktops, notebooks, smartphones] , how do you maintain consistency?� Girard asks. “Most companies have a software distribution plan that works well for the desktop but less well for notebooks, and even less well for smartphones.� Or a well-developed method for backing up desktop PCs may ignore mobile devices completely, despite the growing amount of corporate data on them and the greater likelihood of loss, theft or hacks.

“[Organizational changes] are all about controlling the flow of the company’s intellectual property – how to provision and protect the data on the net and on the devices - and all the responsibilities that go along with that,� says TowerGroup’s Bob Egan.

Mobility becomes a system, or a system of systems that has to be viewed and treated as a whole. “With more and more users being mobile every day, we are paying a lot of attention not only to the uptime but also to the health of the system,� says Daver Malik, telecom engineer at Hartsfield-Jackson Atlanta International Airport . “Careful watch on the system usage, capacity and trends is kept so as to prevent any undue disruption to the users.�

One related aspect in preventing undue user disruption is tech support and the enterprise help desk. “Very few companies do a good job in supporting mobile workers,� says Jack Gold, principal of J. Gold Associates. “Their support infrastructure today is for desktop support: You can’t send a technician into the field to fix a [mobile] problem.� The tech support team needs new training, new tools, new policies and procedures to be able to effectively and quickly respond to mobility problems.

One emerging alternative is to outsource some or all of these tasks to a new breed of managed services supplier. One example is Movero Technology, an Austin company that handles all aspects of cellular-based device and application deployments for an enterprise.

How do I control costs in an expanding mobile and wireless environment?

Get a grip.

There are lots of costs in mobility: wireless and wired infrastructures; cellular voice and data plans, including roaming charges; the usage patterns of those plans; mobile device purchases; applications; software for device management; training; tech support.

“Viewing this from a strategic perspective means these costs become more visible,� says TowerGroup’s Egan. A strategic mobility plan for the enterprise uncovers, identifies and quantifies the true costs of the typical piecemeal approach to enterprise mobility, and creates the possibility for systematically controlling and minimizing them, he says.

This can be a shock to organizations that have handled mobility in an ad hoc way, Egan says. “Viewed from a strategic viewpoint, costs become more visible, so it seems like they’re much greater,� he says. “But the ad hoc approach to mobility hid the real costs, and those costs are much greater in my view than they are for a strategic approach.�

A strategic plan can also make more visible the potential benefits of mobility, in terms of saving money or increasing revenues, an essential element in evaluating the needed investments.

Egan says one of his biggest surprises was talking with auto rental giant Avis, which was one of the first to have employees equipped with wireless handhelds, to meet customers in the parking lot as they returned their automobiles. “I said ‘what a great thing for customer service,’� Egan says. “The Avis guy started laughing.� The real benefit of the system was that it let Avis make an instant, on-the-spot decision about whether to keep the car for servicing, which costs money, or send it to auction. It was about where not to spend Avis’ cash.

With a strategic plan, centralized and standardized device and software purchases are possible, a key element in rationalizing and reducing mobility costs. At the same time, changes in network infrastructure and in business processes can be budgeted and planned for. A mobile deployment can be frustrating and investments wasted if, say, an increase in data or transactions overwhelms back-end systems.

“Utilize your fixed infrastructure to its maximum potential to support the expanding wireless/mobile environment,� says Hartsfield-Jackson Airport ’s Malik. “A carefully developed plan for the fixed portion of the network (for example fiber) that is capable of supporting future expansions both in terms of size and technology is the key component of controlling the cost related to such expansions, as and when they happen.�

Acquisition costs have to be managed for mobility just as they are for corporate desktops. “It’s very important to know the costs and ownership implications of everything you buy [for a mobile deployment],� says Gartner’s Girard. “Figure out what platforms you’re willing to support, and provide business groups and users the incentives for adopting those.�

Girard recommends a thorough inventory of the relevant tools, systems and services you already have, including software licenses. “Where have you already spent money?� he says. “Then apply Occam’s Razor, simplify. Ask yourself, ‘How do I reach fewer products, both to reduce complexity and reduce costs?’�

A hidden element in cost calculations, according to Venture Development Corp. (VDC), is the impact of downtime and tech support if the mobile device, or some other part of the mobile system, fails. In an October 2006 report, VDC estimated that the failure rates of some consumer-grade mobile devices can exceed 20% per month. “In fact, the overall cost of downtime/lost productivity can represent up to 30% of the TCO (total cost of ownership) of a mobile device,� according to the report.

VDC notes that device vendors are introducing new features and technologies to boost the durability and ruggedness of laptops and other handhelds. This class includes the semi-rugged laptops, which can endure a lot more rough handling and accidents than their consumer-grade cousins, even though they can’t match the military-grade devices designed for the harshest conditions. The higher initial capital cost for such devices is worth it, because the company avoids the much higher costs of downtime due to equipment failures.

A strategic plan makes it possible to negotiate more aggressively with wireless carriers, refining cellular data plans tuned for various groups of users, minimizing overage charges in terms of rates and shared minutes or megabytes, and keeping international roaming charges in check, says consultant Jack Gold.

What can I do to stop wireless denial-of-service attacks?

Not much.

There are two kinds of DoS attacks emerging. One uses radio waves to jam a wireless LAN (WLAN) access point or network access card. The other, more sophisticated, manipulates the 802.11n protocols to accomplish the same thing – blocking a radio from sending or receiving.

A good example of jamming, though it’s unintentional, is caused by the microwave trucks used by TV stations covering the Boston Red Sox home games at Fenway Park . In some cases, the tightly focused beams are not a problem for the baseball park’s unlicensed band 802.11 WLAN because they’re aimed away from the park to one of several towers. But in one case, the beam shot across the park, bounced off a bank of newly installed metal bleachers, and reflected back into the park, wiping out the WLAN.

Red Sox IT Director Steve Conley says he could stand right next to a WLAN access point with a wireless notebook and still not be able to connect to it.

Few homemade or commercial jammers come with the power of these commercial microwave systems. But for short distances, they don’t need a lot. Products available include a $400 pocket-sized jammer that can disrupt three frequencies, including 2.4 GHz, up to 90 feet. It’s advertised as a way to disable “spy cameras� running on wireless links. Another palm-sized model with a range of about 30 feet costs about $290.

There’s even the Wi-Fi Hog project, complete with its own philosophical justification for “liberating� public wireless nets from the concept of shared use. The Hog, mounted on a notebook PC, uses selective jamming to lock out other clients from an access point and stake an exclusive claim on its use.

But a recent article on the Web site of the Instrumentation, Systems and Automation Society, a nonprofit professional group focusing in industrial automation, puts the jamming threat into perspective. The article, by Richard Caro, chief executive of CMS Associates, lays out several reasons why jamming is not as easy to pull off effectively as some claim and others fear.

(Caro mentions that the tactic of battlefield radio jamming by German forces in World War II led to the invention of frequency hopping spread spectrum communications as a countermeasure, an innovation patented by Hungarian-born Hollywood actor Hedy Lamarr and her associate George Antheil.)

“Interference is definitely an issue,� says Farpoint Group’s Craig Mathias. “We were able to construct some bad interference scenarios and show their impact. It was quite interesting to see how much damage could be done.�

“You’re toast,� says Winn Schwartau, of The Security Awareness Company, who wrote about the threat in his 2000 book CyberShock.

Currently, there’s no real countermeasure for a deliberate, focused jamming attack, except to quickly detect it, with a tool like Cognio Spectrum Analyzer, which Cisco is offering as part of its wireless LAN management tool set. Once it’s located, you can use “crowbar remediation, to beat the crap out of it,� says Mathias.

Less amenable to crowbars is the second type of DoS attack, the abuse of the 802.11 media access control (MAC) layer protocols by creating changes in drivers or firmware. “It causes the network card to misbehave with respect to the MAC protocols,� says David Kotz, professor of computer science at Dartmouth College , where this is one of the areas under study by Kotz’s MAP Project (for measure, analyze, and protect), a joint effort with Aruba Networks. “Because the card isn’t being ‘fair’ in following the rules, it makes the net unusable to others.�

One example would be to send de-authentication frames to a specific client, or broadcast them to all the clients, of a given access point. Obediently, the clients will disconnect from the access point. “Now most of them re-authenticate right away,� Kotz says. “But if the attack repeats, you’re getting these interruptions on your [Wi-Fi] phone or video stream.�

For now, the response is the same as for jamming attacks: detect the problem as quickly as possible, find the offender as quickly as possible, and send in “police with guns,� says Kotz.

“But fundamentally, the long-term solution is to fix the protocol itself,� he says.

The government is more worried about political, economic and technical espionage than terrorists when it comes to cyberattacks, the government’s Centre for the Protection of the National Infrastructure (CPNI) revealed last week.

A spokesman for CPNI said the centre was particularly concerned that cyberspies were using social engineering tricks to persuade people to give them sensitive data, circumventing IT security systems.

According to reports, the CPNI has written to 300 top businesses warning that Chinese hackers are particularly active and to take special precautions against them.

In a speech to journalists in November, the director general of MI5, Jonathan Evans, said, “Despite the Cold War ending nearly two decades ago, my service is still expending resources to defend the UK against unreconstructed attempts by Russia, China and others to spy on us. A number of countries continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects, and trying to obtain political and economic intelligence at our expense.

“They do not only use traditional methods to collect intelligence but increasingly deploy sophisticated technical attacks, using the internet to penetrate computer networks.

“It is a matter of some disappointment to me that I still have to devote significant amounts of equipment, money and staff to countering this threat. They are resources which I would far rather devote to countering the threat from international terrorism - a threat to the whole international community, not just the UK .

Security software house McAfee warned last week that it expected industrial espionage to be the major threat to businesses in the coming year, Some 120 countries are testing one anothers’ network and database defences, it said.

Speaking at the launch of the annual Sans Institute report on the top 20 threats to IT last week, a spokesman for CPNI said defending against social engineering attacks was difficult because it required users to have a balance between naivete and cynicism.

A spokesman for CPNI said attackers often pretended to be in authority over the victim, and used tricks such as threatening to fire them. In a likes and similarities attack, the attacker pretended to see the victim as a kindred spirit and groomed them.

A reciprocation attack involves “doing favours” for each other, and a social validation attack uses the approach that “your friend or boss did me this favour, please will you help me”. Scarcity attacks put pressure on the victim to rush them into insecure behaviour.

Awareness and training were good defences, but a spokesman for CPNI said people need to practise to overcome their shyness in confronting requests for insecure acts.

“There are also times when an attacker can exploit your actions even when you are just doing you job,” he said. “This can happen when you feel you are just a cog in a broken machine,” he said.
 

Why IT must attract more women

 

Senior female executives explain why the IT industry is failing to attract women, what must be done to remedy the situation, and the benefits this would bring

It is crucial that more work is done to attract women into the IT profession; senior female IT executives in the IT industry told an Intellect roundtable event last month.

The group said that if the UK is to remain competitive, employers will have to work harder to plug the IT skills gap with talented female developers and project managers - who must be paid the same as their male counterparts.

Gillian Arnold, hardware outsourcing executive at IBM, said more resources should be ploughed into tackling the issue. “The IT sector should put forward a group of people, funding, and a location to work on this full-time for a couple of years. There are issues that need desperate attention, and while the current army of part-timers is well-meaning, progress is too slow if we are to make any headway.”

(more…)

Revealed: Top Two Google Ranking Factors

In this article I reveal what I believe are the two most important ranking factors used by Google.

My findings are as a result of my ongoing optimization experiments of my network of web sites on Google.

The top two Google ranking factors are:

1. PageRank
2. Incoming Text Link Keywords

I’ll explain each in more detail and what you MUST do to maximize the effectiveness of each element.
1. PageRank

PageRank is determined by the number and quality of links to a page. Both the quantity and quality of text links are important. Always try to get links from web pages with a PageRank rating of at least four.

Concentrate on getting as many different quality sites as possible to link to one page on your site, usually your home page. Do not spread the links to different pages. This will maximize the PageRank of your main page, plus those of the subpages.
2. Incoming Text Link Keywords

ALWAYS provide text links for linking to your site. Avoid image links.

Google does index image links, but without any text for it to index, it won’t help your link popularity rating for your important keywords.
In addition:

1. Include the most important keyword phrase in the text link, using the EXACT spelling.
2. Do not pluralize the keyword phrase, if people usually search the singular version of the phrase. And vice versa.
3. Avoid excess words, where possible.
4. The linked to page MUST have the text link keywords in the body of the page, otherwise Google will discount the page.
5. Include the text link keywords within the title tag of the linked to page. It is possible for a page without the text link keywords in the title tag to get top rankings. But I have discovered that around 80% of top 10 rankings have the text link keywords in the title tag, so always include it.

Well, there you have it. Those are what I consider the two most important ranking factors used by Google. Other factors are considered by Google, but their importance pales in comparison to the two I have discussed in this article.

Follow these tips whenever you optimize your web pages and they will quickly shoot up the Google rankings.

 

How Proxy Works?

The following is a list of various documents and articles relating to proxies and their usage. Feel free to browser through and take what you want.

Basics
In the simplest form, a proxy is just a courier of information. You give it information, it takes it to someone, that person gives you information back, and the proxy brings it to you. There are multiple diferent types of proxies, from HTTP to IRC to Socks. However they all essentially do the same thing, and that is act as a middleman for your connections.

You may wonder why this is of any use. Well a proxy acts as a buffer between you and whatever server your computer is interacting with. This can be extremely useful for a number of reasons, first and foremost, it protects your privacy, secondly it can allow you to surf wherever you like unhindered by local restrictions. In some countries like china certain sites are blocked from public view, however proxies arent, so the proxy can provide a way to retreive the information you are stopped from accessing.

(more…)

Options are Good.

In life. And in your career.
 

What fuels your passion?

So, you’ve got your diploma—or you will soon enough. Now it’s time to take on the working world. We know deciding where to start your career can be as nerve-wracking as it is exciting. Maybe you don’t know exactly what you want to do. Maybe you don’t even have a technology background. The good thing is, at Microsoft, you have lots of options. Nowhere else will you have such a variety of products and technologies to get behind—or so many career paths to choose from. you’ll learn from people who have been in the industry for over 30 years. And most of all, you’ll have the resources to reach people all over the world with your work. It’s about taking your career as far as you want it to go—in any direction you choose.

“The variety of products that Microsoft develops greatly influenced my decision to work here. As my career develops I can follow my passion to apply myself to different technologies without having to leave the company.”
- David, Software Design Engineer in Test, Live Meeting
 
Take the Leap, It’s Cool Inside

As a Microsoft employee in a full-time technical position, you’ll dive head first into meaningful work. The kind that inspires you. This is the kind of place where your goals are limited only by your imagination and motivation. What’s more, you’ll be backed by a multi-billion dollar company at the top of its game. It’s in your blood to innovate, so join others who share your passion, your talent, and your limitless energy.

“You will find no other company with the sheer breadth of technologies, from Windows kernel, to Office applications, to servers, to Live Web services, to Xbox, to games, to business solutions, to hardware. The things you get to see and learn from other people are amazing.”
- John, Software Development Lead, Windows Server Performance
 

Not sure what full-time position at Microsoft fits you best? Have a look at the Product Development Process to get an idea where your contributions could make the most difference.
 

Current open opportunities within Microsoft:

1)  Software Design Engineer (SDE)
Work at the Core of Every Product We Build - This is where the fun begins for code gurus like you. As a hands-on Software Design Engineer, you’ll make decisions about design and feature implementation, using your mastery of technical tools to make a product vision a reality. If you like to write code and design efficient data structures and algorithms to develop next-generation applications or operating systems, this is the position for you. As an SDE, you’ll bring products to life by working with Program Managers to ensure strong design and Software Design Engineers in Test to ensure quality through testing. Ultimately for the SDE, it’s your code that turns concepts into new technologies and services.
Qualifications:
• Be available to relocate to one of Microsoft’s Development Centers around the world.   (Microsoft Corporation pays all costs associated with relocation)
• Fluency in C/C++/C# and a passion for writing quality code using computer science fundamentals
• Functional level English language skills, written and spoken requirement
• Ability to derive creative and innovative solutions by thinking “outside the box”
• Ability to solve complex problems, sometimes by testing and debugging code
• Experience in feature definition, design, and feasibility
• Demonstrated skill in estimating development time
2)  Software Design Engineer in Test (SDET)
Discover Life on the Last Line of Defense  - As a Software Design Engineer in Test (SDET), you’ll own it, break it, fix it, and own it again. You’ll ensure a product’s quality by making sure it performs as users expect it to. Part of the fun is how creative you can be devising ways to manipulate, crush, and sabotage software into submission—while creating innovative testing technologies along the way.

Ultimately, as an SDET it’s your input that can make the difference between joy and frustration for the customers. Since you’re keen on how things work, and making them work better, you’ll work hand in hand with the Program Managers and Software Design Engineers to design, develop, and maintain automation systems for use in development and testing cycles. Using the tools you create, you’ll pour over source code for trouble spots, debugging and isolating problems, and executing creative tests to find new bugs while regression testing recent fixes.
Qualifications:
• Be available to relocate to one of our Development Centers around the world (Microsoft Corporation pays all costs associated with relocation)
• Fluency in C/C++/C#
• Functional level English language skills, written and spoken requirement
• Ability to solve complex problems and write automation systems and device drivers
• Ability to learn to author test plans and cases, conduct security and stress tests, and debug at source level after identifying, investigating, and prioritizing bugs
• Demonstrated skills in negotiation and conflict management
 

Whatever position you choose, you’ll make a real impact in the dynamic world of product development at Microsoft. Microsoft has an ongoing need for exceptional recent graduates to management level from around the world to help us build the next generation of software products.

 

Send Us Your CV
Submitting a C.V. is the only way to get to the next stage of consideration, the interview.  Our recruiting team travels to your region regularly to meet bright and enthusiastic people like you, and we look forward to receiving your CV.   Here are a few things to keep in mind when you are updating your C.V. to send to us:

• Include your military status if your country mandates it. This will help us know if you are allowed to leave your country to work in the United States
• Clearly state your graduation date, degree/major and the university you attended or are attending
• Specify your technical skills (including programming languages and other development tools you know well), project details (both within university and at any jobs or internships you have held), and technologies you have used on those projects
• Describe your role in the projects that you worked on, and what you personally achieved
• Provide an active e-mail address, physical address, and current phone number where we can reach you

Send your resume to: pakcv@microsoft. com by October 1

A recruiter will review it, and if interested will set up a phone interview as a first step.   And, by the way, we have many positions available, so if there is someone else you think we should know about; please share this information with them.   For more information, please see http://www.microsoft.com/college/overseas.mspx

NOTE: If we invite you to an interview somewhere in your region, we will cover any travel expenses you may have.  All non-U.S. residents will require a U.S. work visa (H1B). If you receive an offer from Microsoft, we will cover all costs for visa processing and approval.  Microsoft is an equal opportunity employer and supports workforce diversity.

GC University got the honour that it make people’s life. But in my case its opposite, here its ruining my life

Ok after hard times I’m going back to university … I hope I am able to do well this time …