• How to propose Drupal as a solution to meet collaboration technology platform requirements for the Open Government Directive plan
• Training and support for setting up a Drupal site at http://www.[agency].gov/open
• Planning for security and scalability of  an organization’s OGD Drupal site
• Design and implementation of Drupal sites to meet specific OGD requirements
• How to get Drupal Certification and Accreditation for Drupal for your agency

Acquia’s vice president of business development, Tim Bertrand, explains:

“Drupal has always seen great success in the government sector and now with the OGD in play, we expect that even more agencies will see the value of Social Publishing in meeting these requirements.”

Acquia will also offer a seminar series for U.S. federal, state and local governments to discuss adoptions and best practices for government use.  This is definitely a smart move as risk averse government agency IT decision makers will take comfort in the successes of their peers with Drupal Social Publishing.

Acquia appears poised to take advantage of the growing interest in open source and social media.  Increased use of Drupal will open the door further to open source usage within governments, in the U.S. and worldwide.  In doing so, Acquia is definitely playing its part as a founding member of Open Source for America.

Comments

1.Detect garbage objects
2.Deallocate the memory of garbage objects and make it available for the program.

There are four approaches that a garbage collector may adopt to detect the garbage objects.

A) Reference -counting Collectors :-Reference counting garbage collectors keep a count of the references for the each live object.When an object is created ,the reference count of each object is set to one.When you reference the object ,the reference count is incremented by one.Similarly when a reference to an object is eliminated ,the reference count is decremented by one.An object which has reference count zero is a garbage object when the object is garbage collected ,the references of the object that it refers to are decremented.Therefore garbage collection of the one may lead to the creation of other garbage objects.This method can be executed in small parts with the program ,and the program need not to be interrupted for a long time. However ,there is an overhead of incrementing and decrementing the counter everytime something happens on the references side.

B) Tracing Collectors :-In this technique ,a set of root is defined from where objects are traced. An object is reachable if there are objects that referenced and cannot ,therefore be accessed in the program.Objects that are reachable are marked. At the end of the trace ,all marked objects can be garbage collected.
This is also known as the mark and sweep algorithm. The mark phase marks all the referenced objects. The sweep phase garbage collects the memory of unreachable and unreferenced objects.

C) Compacting Collectors :-These collectors reduce the degree of memory fragmentation by moving the all unused and free space on one side during garbage collection.The free memory is then available as one huge chunk.All references need to be shifted ,objects are the updated to refer to the new memory locations.

D)Adaptive Collectors :-This algorithm makes the use of the fact that different garbage collectors algorithm works better in different situations. The adaptive algorithm monitors the situation and uses the garbage technique that best suits the situation. It may switch from one technique to the other according to the need.

Comments

General Syntax :-

expression 1 ? expression 2 : expression 3

Here expression 1 can be any expression that evaluates to a Boolean value.If expression 1 is true then expression 2 is evaluated else expression 3 is evaluated.Both the expressions expression 1 and expression 2 must have a return type,they can never be void.Make it more clear by understanding below example.

Example:-

public class optest
{
public static void main(String a[])
{
int ratio=0,num=20,denom=10;

/* The ” ? ” operator assignes 0 if condition denom==0 is true else it assigns num/denom to ratio if condituion is false*/

ratio=denom==0?0:num/denom;

System.out.println(“The ratio is “+ratio);
}
}

Output:-
The ratio is 2

Explanation:-When Java evaluates this assignment expression ,it first looks at the expression to the left of the question mark.If denom equals to zero then expression 2 between ? and : is evaluated else last expression is evaluated.The resultant is then assigned to the ratio variable used in expression 1.

Comments

Try to answer these questions on your own but if you cannot recall the concept go refer book,any core Java book will do.

Important Core Java Questions :-

1.How many access modifiers a class can use and which are they?

2.What are the Instance variables?

3.What are local variables?

4.What is the default access modifier and how it is different from protected access modifier?

5.Can you ever mark a class as final?

6.Is it true that we can use abstract and final both on same time and same Java entity?

7.What is the IS-A and HAS-A relationship in Java?

8.What is multiple inheritance and how you can implement multiple inheritance in Java?

9.What is the size of compiler generated Java Bytecode?

10.Does Interfaces follow the Inheritance?

11.A subclass can inherit the private member of superclass is this statement true,give reason?

12.What is the bit depth of Boolean variable in Java?

13.What will happen if finally block itself generates an Exception?

14.What is exception propagation?

15.How Inheritance is affected by object serialization?

These are a few questions which I thought as Important.Further there are some references I am giving in order to solve these questions.

Comments

1.Attempting to access an instance variable from a static context (i.e. from main() method)

Since static variable can only be accessed from static context thus there is no way you can access the non-static instance variable in static context without a reference.For example:-

Class Scopetest{
int x=10;
public static void main(String a[]){
System.out.println(x++);
}
}

This will result in an error
Scopetest.java:4: non-static variable x cannot be referenced from a static context
System.out.println(x++);

Despite this you can use the instance of Scopetest class to access the variable as shown below:-

class Scopetest{
int x=10;
public static void main(String a[]){
System.out.println(new Scopetest().x++);
}
}

This will produce output as 10.
So,remember you can never ever access a non-static instance variable within a static context alone.You have to use the enclosing class instance.

2.Attempting to use a block variable after the code block is completed.
How often we commit this error,I guess everyone of us has faced it.So remember never ever try to invoke a variable which is ended its life.That is block variable lifetime is until the code block completes.As block finished execution the variable will also perish from memory,thus any reference out of this block result in a compiler slap!!!
Lets take a look at following example:-

class Scopetest{
public static void main(String a[]){
for(i=0;i<2;i++) style=”font-style: italic;”>.java:5: cannot find symbol
symbol : variable i
location: class Scopetest
if(i<3)>

3.Attempting to access a local variable from nested method.
When a method invokes another method then the calling method does not have access to the called methods variables and vice versa.For example:-If we have a method do1() which called by another method do2() then do1() cannot access the variables local to do2().It is evident from the following example:-

class Scopetest{
public static void main(String[] a){
Scopetest s = new Scopetest();
s.do2();
}
public void do2(){
int x = 4;
do1();
++x;
}
public void do1(){
x++;
}
}

The error which appears is:-
Scopetest.java:12: cannot find symbol
symbol : variable x
location: class Scopetest
x++;

So next time you go to the battlefield(programming) keep yourself armed with better knowledge and strategies of course here is to reduce the bug and make your program more readable.Keep in mind above mentioned errors and be a good programmer,and keep firing on the COMPILER!!!.

Comments

Redirecting pages on a Windows Server can be complex, but it is still highly recommended to solve duplicate content, canonicalization, and link popularity issues. It is very imporant that a 301 (permanent) redirect be used for the redirection of old pages, or whole domains, since search engines do not pass value for 302 (temporary) redirects, meta refreshes, or domain forwarding. Ideally, redirects should be done by someone who is very familiar with the Windows Server Environment. Whenever possible, original configurations should either be noted or backed up, should any difficulties arise.

Overview

301 redirects for sites hosted on Windows servers are generally created within IIS, which is the administrative management system for Windows servers. Most sites on shared hosting accounts will not come with access to IIS, so 301 redirects for these sites will generally need to be set up by the hosting company or administrator.

If this is the case, simply send a request to the hosting company’s support department and ask them to set up a permanent redirect from http://domain.com to http://www.domain.com or from www.olddomain.com to www.newdomain.com, etc.

Creating a 301 Redirect from One Internal Page to Another

1. Login to the Windows 2000 (or higher) server and access the desktop.
2. Select Start > Programs > Administrative Tools > Internet Services Manager.
3. Select the server with the site whose page you want to redirect.
4. Select the site with the page you want to redirect.
5. Right click on the page you want to redirect FROM and choose Properties. The Properties box will now appear. (See below this list for an example.)
6. Change the redirect option to “A redirection to a URL” and type in the new URL in the box provided.
7. Be sure to check the box marked “A permanent redirection for this resource”. If you leave this box unchecked, you will create a 302 (temporary) redirect, which is not permanent or beneficial from an SEO standpoint in this situation.

Creating a 301 Redirect from an Old Domain to a New One

1. Login to the Windows 2000 (or higher) server and access the desktop.
2. Select Start > Programs > Administrative Tools > Internet Services Manager.
3. Select the server with the site whose page you want to redirect.
4. Right click on the site you want to redirect FROM and choose Properties > Home Directory. The Default Web Site Properties box will now appear as shown in the image below this list.
5. Change the redirect option to “A redirection to a URL” and type in the new URL in the box provided.
6. Be sure to check the box marked “A permanent redirection for this resource”. If you leave this box unchecked, you will create a 302 (temporary) redirect, which is not permanent or beneficial from an SEO standpoint in this situation.

Creating a 301 Redirect to Solve Canonicalization Duplicate Content

When setting up a site in IIS, the normal process is to create one account for the site and add both www and non-www versions of the domain name to the host headers for the account. This creates a canonicalization issue, however, as the site will then be available at both www and non-www URLs.

The duplicate content issues associated with this setup can be eliminated by creating 2 accounts for the site within IIS: one with the www version of the domain in the host header and one with the non-www version of the domain. All of the site files can be placed in the preferred version and a single page in the other. The single page can then be redirected to the preferred version as if it was redirecting to a separate domain (using the process in the previous section).

Special note: As stated above, try to backup or note every change, in case you need to revert to your old code or setup. Make sure to test your site after the redirect is finished to ensure that all of your elements are working correctly.

Comments

Anna King has penned an article that I was interviewed for along with a number of other industry leaders here in the Seattle area about how we view information security, where it is going, and what the general approaches have to be for our industry, the information security industry to be successful. The good part is that I got to mention my favorite information security leaders, Clement DuPuis, Kees Lune, and Nathan Lambert along the way.

Seattle is really becoming a hot bed of how information is changing, not just here at CityU, but also at the University of Washington, the ISSA group, the Agora, Watcom Community College, and a host of other institutions. Beyond education, the collection of people and organizations that are addressing the real world educational needs of information security is slowly but surely changing for the better, from risk management to reverse engineering malware, to policy, networks, and general information security, the programs that are being built around the region to address all income and education levels are pretty outstanding. That is what makes this second interview so important, it really gave me an opportunity to address one of the issues that I think we have as an industry.

“Computer science is sexy. We no longer hold true to the older stereotype of an out of shape, Mountain Dew drinking, pizza eating nerd like you see portrayed in the popular media,” Morrill says. “Today’s computer science graduate is just like everyone else who follows their passion and wants to help protect people from cyber criminals. Our modern day leaders like Kees Lune, Clement Dupuis and Nathan Lambert are all smart, savvy people who live real lives and are changing the face of information security as we know it.”

What was also good was that Barbara and Karen also chimed in on the same views in the interview. Both Barbara and Karen are phenomenally cool people in the Information Security industry.

Globally, Worstell says importance of cyber security became apparent after violent protests over Iran’s presidential leadership broke out and sparked a flood of social networking that was eventually policed by the ruling Iranian government. The political group limited the free flow of information over social media sites, such as Facebook, Twitter and YouTube. Keeping information flowing freely on the Internet and preventing cyber warfare will only become more complicated as time goes on, Worstell says.

Barbara Endicott-Popovsky, director of the Center of Information Assurance and Cybersecurity at the University of Washington, agrees with Worstell’s concerns. She says targeted acts by the government could lead to other problems, such as hackers or other organized forces, which may use the Internet to intentionally harm people.

You can read the whole interview here, and it is worth reading because it really takes a review not just of my viewpoint on where we need to go with information security, but what we are doing to solve the problems we face as an industry. Not just one person, but a whole region of colleges, groups, support groups, and other mechanisms to help people become smarter information security practitioners. Well worth reading.

Comments

Wired threat level is running a must read article for anyone who does PCI, PCS-DSS certification for companies. Card Solutions was hacked in 2004, and while they passed their CISP, they still ended up getting hacked. While most information security environments are fluid, and most networks change on a regular basis, CISP auditing is expensive, and not something companies can afford to do every time they slot a new system into place. What is at stake here is the liability that auditors have when they have certified someone compliant, but they still get breached by hackers anyways.

The case, which appears to be among the first of its kind against a security auditing firm, highlights flaws in the standards that were established by the financial industry to protect consumer bank data. It also exposes the ineffectiveness of an auditing system that was supposed to guarantee that card processors and other businesses complied with the standards. Credit card companies have touted the standards and the auditing process as evidence that financial transactions conducted under their purview are secure and trustworthy. Yet Heartland Payment Systems and RBS WorldPay, two processors that recently experienced large breaches, were certified compliant before they were breached. And Hannaford Bros. was certified in February 2008 while an ongoing breach of the company’s system was underway. Source: Wired

While you can purchase information security insurance, and over time this will become something that any company is going to need, this case is in a class of its own as it is trying to settle out by law who is responsible for the opinion of an expert brought in to certify something as secure. The various meanings of the word secure, the various ways to interpret even the most simple check sheet of standards, and the qualifications of the people doing the audit all are being brought into question. This case regardless of who prevails is going to alter how we approach compliance with an information security regulation (even if it does not have the force of law in the case of HIPAA or SOX).

Auditors are just as prone to making errors as security engineers and indeed any person in any role. It is very simple to misconfigure a system and accidentally give a hacker a toe hold into a company network. Not so much by failing to take security into account, but by being rushed or an error of omission. In these cases, who really is liable, and how that liability will result in compensation to the wronged party. This is a case that many people need to be following, as it is going to set precedence, one that will be used repeatedly in the future to help determine liability for hacker breaches, when a system or an organization has been certified compliant.

Comments