- 93% of online experiences begin with a search engine.
- Google owns 65-70% of the search engine market share.
- 70% of the links search users click on are organic.
- 70-80% of users ignore the paid ads, focusing on the organic results.
- 75% of users never scroll past the first page of search results.
- Search is the #1 driver of traffic to content sites, beating social media by more than 300%
- SEO leads have a 14.6% close rate, while outbound leads (such as direct mail or print advertising) have a 1.7% close rate
- For Google, 18% of organic clicks go to the #1 position, 10% of organic clicks go to the #2 position, and 7% of organic clicks go to the #3 position.
Laliwala IT services offers 35+ enterprise open source online Training and Website Development Services. We offer various Training from popular open source stack like JBoss SOA Training, Alfresco Training, JBoss JBPM Training, Mule ESB Training, Activiti BPM Training, Apache Solr Training, Spring Training Course, Cloud Computing AWS Training, Apache Camel Training, Jboss ESB Training and many more.....(Call Now +91 9904245322)
Tuesday, June 4, 2013
WHY SEO?
Drupal.org Hacked
Another day, another big site hacked. 2013 really just hasn’t been a good year for web security.
This time around, the site writing the email that noone wants to write is Drupal.org, home of the popular content management platform, Drupal. Though no exact number was shared, it appears that nearly one million user accounts are affected.
Also affected are the user accounts of groups.drupal.org, a sub-site meant to help Drupal users establish meetup groups in the real world.
Word of the break-in went out this evening, when Drupal began to email affected users.
In an FAQ about the hack on their site, Drupal says that they currently have no idea who might be behind the attack. So far, it seems like the hackers had access to usernames, email addresses, and hashed passwords.
As is par for the course at this point, Drupal has immediately reset the passwords for every user in the system. If you’re one of the million-or-so users on Drupal.org, you’ll need to confirm your email and pick a new password before regaining access.
While you’re at it, you’ll probably want to change your password on any sites where you’ve used a password similar to the one you might’ve used on Drupal.org. While Drupal seems to have done a pretty good job of ensuring that passwords were stored safely (most were both salted and given multiple passes through a hash filter), it’s just good practice. You’d be surprised at how insanely fast password cracking has become.
It’s important to note that this hack affects Drupal.org, the website itself, and is not the result of a vulnerability in Drupal, the CMS. In other words: if you’ve got a Drupal-powered site, don’t freak out. According to Drupal Executive Director Holly Ross, the hackers gained access through an exploit in an unnamed third-party tool that Drupal.org was running on their server.
Also important to note: Drupal says they store no credit card details on their servers, but they’re still making sure there wasn’t any malicious code put in place to quietly intercept’em without them noticing. They’re recommending that anyone who’s made a transaction on Drupal.org keeps an eye on their statements, just in case.
This time around, the site writing the email that noone wants to write is Drupal.org, home of the popular content management platform, Drupal. Though no exact number was shared, it appears that nearly one million user accounts are affected.
Also affected are the user accounts of groups.drupal.org, a sub-site meant to help Drupal users establish meetup groups in the real world.
Word of the break-in went out this evening, when Drupal began to email affected users.
In an FAQ about the hack on their site, Drupal says that they currently have no idea who might be behind the attack. So far, it seems like the hackers had access to usernames, email addresses, and hashed passwords.
As is par for the course at this point, Drupal has immediately reset the passwords for every user in the system. If you’re one of the million-or-so users on Drupal.org, you’ll need to confirm your email and pick a new password before regaining access.
While you’re at it, you’ll probably want to change your password on any sites where you’ve used a password similar to the one you might’ve used on Drupal.org. While Drupal seems to have done a pretty good job of ensuring that passwords were stored safely (most were both salted and given multiple passes through a hash filter), it’s just good practice. You’d be surprised at how insanely fast password cracking has become.
It’s important to note that this hack affects Drupal.org, the website itself, and is not the result of a vulnerability in Drupal, the CMS. In other words: if you’ve got a Drupal-powered site, don’t freak out. According to Drupal Executive Director Holly Ross, the hackers gained access through an exploit in an unnamed third-party tool that Drupal.org was running on their server.
Also important to note: Drupal says they store no credit card details on their servers, but they’re still making sure there wasn’t any malicious code put in place to quietly intercept’em without them noticing. They’re recommending that anyone who’s made a transaction on Drupal.org keeps an eye on their statements, just in case.
Monday, June 3, 2013
Magento Introduction
Introduction of Magento Ecommerce Platform Solutions
Laliwala IT is a experienced web portal development and training provider company, We are specializing in web portal and web app development, online training and corporate training.
Register Now
Address
: Mangal Girdhar Compund,
Nr.
B.G.Tower, Dehli Darwaja,
Ahmedabad
- 380004. Gujarat, India.
WHAT UNITED STATES IMPORT FROM INDIA.
The Indian Institutes of Technology (IITs) are a group of
autonomous public engineering institutes of India. The IITs are governed
by the Institutes of Technology Act, 1961 which has declared them as
“institutions of national importance”, and lays down their powers,
duties, framework for governance etc.[1] The
Institutes of Technology Act, 1961 lists sixteen institutes located at
Bhubaneswar, Chennai, Delhi, Gandhinagar, Guwahati, Hyderabad, Indore,
Jodhpur, Kanpur, Kharagpur, Mandi, Mumbai, Patna, Ropar, Roorkee and
Varanasi. Each IIT is an autonomous institution, linked to the others
through a common IIT Council, which oversees their administration.
_____________________________________________________________________________
This online training course is designed for Developers, System Admin and Project Managers to manage a complete cloud solution for their respective clients on IAAS, PAAS and SAAS models. Weather these people are working on cloud deployment and security, will learn how to build, launch, and scale an application using Amazon Web Services and Java development tools.
_____________________________________________________________________________
Cloud Computing AWS Online Training
Cloud computing term is the use of computing resources, it could be in form of hardware or software or network or database those are distributed as a service over a globe. Cloud Computing is a broad term for everything that involves distributing hosted services over the Internet.This online training course is designed for Developers, System Admin and Project Managers to manage a complete cloud solution for their respective clients on IAAS, PAAS and SAAS models. Weather these people are working on cloud deployment and security, will learn how to build, launch, and scale an application using Amazon Web Services and Java development tools.
Day 1
- What is AWS?
- Getting Started with AWS
- Introducing Amazon EC2
- Launch EC2 Instance
- Deploy First Web Application
- Amazon Management Console
- Elastic Load Balancer
- Auto Scaling
- Monitoring using CloudWatch
- Deployment & Automation using AWS CloudFormation
- Clean Up
- Cost Breakdown
Day 2
- Amazon S3
- Amazon RDS
- Amazon Route 53
- Amazon CloudFront
- Amazon SimpleDB
- Amazon DynamoDB
- Elastic MapReduce
- Big Data with AWS
- Amazon EMR
- Amazon CloudSearch
Day 3
- Identity & Access Management
- AWS Import/Export
- AWS Elastic Beanstalk
- Amazon VPC
- Amazon Direct Connect
- Amazon EBS
- AWS Storage Gateway
- Amazon SWF
- Amazon ElastiCache
- Messaging using SNS, SQS, SES
- Amazon Giacier
- Libraries & SDKs
www.laliwalait.com
Office Address :
Mangal Girdhar Compund,
Nr. B.G.Tower, Out Side Dehli Darwaja,
Shahibaug Road, Dehli Darwaja,
Ahmedabad - 380004, Gujarat, India.
Please send us for Business Inquiry to :
E-mail : contact@laliwalait.com
E-mail : training@laliwalait.com
Mobile No. : +91-09904245322
Office Address :
Mangal Girdhar Compund,
Nr. B.G.Tower, Out Side Dehli Darwaja,
Shahibaug Road, Dehli Darwaja,
Ahmedabad - 380004, Gujarat, India.
Please send us for Business Inquiry to :
E-mail : contact@laliwalait.com
E-mail : training@laliwalait.com
Ten Reasons Why Your Programmer Might Kill You
You can do away with the bulletproof vest, it won’t save you. There
are a few things that a programmer hates more than dividing by zero, and
one of them is a manager that they perceive as being annoying and
incompetent (we’re sure you’re not, but read on anyway!). As a
non-programmer manager, the last thing you want to do is anger your
programmers. They’re a very special kind of species; they don’t conform
to the laws of society since they’re bound to the rules of programming,
they enjoy jokes to the tune of “If at first you don’t succeed, name it
Version 1.0” and they carry a comic book under their arm everywhere they
go.
We caught up with a team of programmers and developers and asked them what about their managers irked them the most. They threw entire books that they’d written about the topic at me, so once I got out of the Emergency Room, I decided to put pen to paper (finger to keyboard – it’s 2013, gimme a break) and decided to put down some of the most common and interesting points.
For those of you taking this lightly, you should know that programmers do spend a fair amount of time playing Call of Duty, have excellent hand-eye co-ordination and the last thing you want to do is be at the end of their custom made and 3D-printed gun.
A few days ago, we had a fairly nerve-wracking incident when our Solutions Architect leapt across his table, screamed “KILL FUNCTION INVOKED” and threw a mousepad at the Business Developer. Since then, we’ve ensured that they’re both on the same page using these ten “principles”! The result? Our stunning showcase is a live example!
We caught up with a team of programmers and developers and asked them what about their managers irked them the most. They threw entire books that they’d written about the topic at me, so once I got out of the Emergency Room, I decided to put pen to paper (finger to keyboard – it’s 2013, gimme a break) and decided to put down some of the most common and interesting points.
Not surprisingly, they all agreed that they love clear and concise instructions about what needs to be done. They enjoy building things exactly as specified, and feel that more in-depth the instructions for the functionality of the program at hand, the easier and faster it will be for them to build it.1. “Just tell me exactly what you want, dammit. None of this creative crap.”
Another unanimous cry of anguish came when I asked about communication. Apparently programmers and their managers tend to speak different languages, and it’s hard to make a point if the two can’t find a common platform.2. “It would help if my manager understood the difference between an event and an action.”
Programmers do their own research. As hard as it may be to believe, between their marathon video game and comic book sessions and rattling out code in NetBeans and Eclipse, programmers find a lot of time to go through the latest programming techniques and pick up new concepts that they’re doing to share with their managers and use in projects.3. “Given that I’m adding such value to your business, you might as well ask me every now and then for some input! I have some good ideas!”
Ever said, “Could you just make a slight change?” Chances are, that the slight change will involve them working with 100 lines of code. Instead, think of it as a new feature and be prepared to wait longer than 2 minutes for it to be in place.4. “There’s no such thing as a simple modification. If you ask a builder to add a window to an already completed wall, he might use your head to knock out the bricks to make space for it.”
Want to avoid facing the wrath of your programmers? Avoid treating them like robots, or expecting them to simply churn out lines of code. Just avoid the word “churn” completely. Each programmer has his own style of coding and takes pride in it.5. “I have a style of programming, and there’s no such thing as ‘churning out code’, alright? I craft my code, I’m an artist of instructions.”
With grumpy faces, they admitted that managers were very disconnected from what programmers were doing and going through, and therefore if they made an attempt to attend programmer meetings – a large gap would be bridged.6. “Maybe he should show his face during developer meetings to understand what we’re doing.”
Programmers don’t like giving status reports. Period. If you want to ask him something, do it verbally, don’t ask him to send e-mails. It drives them paranoid.7. “You want the status report or you want the application finished? Make up your mind.”
Programming is a complex task, and every manager understands that. Don’t try to make their work sound trivial and don’t over-simplify it, understand that the more you appreciate their effort and level of work they’re putting in, the more they’ll give back to you!8. “So all that needs to be done is move this box here and that box there is it? Well why don’t you do it?”
Given that programmers are analytical, it would make sense to trust their sense of judgment when it comes to timelines. When you’re looking at setting a timeline for a project don’t just set it, ask them to!9. “I never said that this needs to be done in four days, you did. There’s a difference.”
While at times this might be out of your hands, it makes sense to ensure that the clients you’re forcing the programmer to work with are using the latest tools and software – if not, it becomes a big problem to work with them.10. “The client is using software that was made before I was born. I don’t make you write with a feather pen do I?”
For those of you taking this lightly, you should know that programmers do spend a fair amount of time playing Call of Duty, have excellent hand-eye co-ordination and the last thing you want to do is be at the end of their custom made and 3D-printed gun.
A few days ago, we had a fairly nerve-wracking incident when our Solutions Architect leapt across his table, screamed “KILL FUNCTION INVOKED” and threw a mousepad at the Business Developer. Since then, we’ve ensured that they’re both on the same page using these ten “principles”! The result? Our stunning showcase is a live example!
How to increase Referral Traffic? http://www.laliwalait.com/
Generally speaking there are three kinds of website traffic:
direct traffic, search engine traffic, and referral traffic. All are
valuable and serve different purposes, but this post focuses on the
third kind, referral traffic.
Referral traffic is valuable in online marketing because it sends interested readers and qualified potential customers to your site from new domains. It also provides added SEO benefits, since by definition referral traffic is driven either by an inbound link or social activity, both of which send positive signals to the search engines about your site.
Need some of that sweet ol’ referral traffic? We’ve got you covered with five simple referral traffic strategies to help.
The first step in guest posting is getting a feel for the blogs you’d like to post on: Are the blog posts professional and formal or more relaxed and laid-back? Is their reader base advanced or beginner? Many blogs have strict guidelines for guest posts with specific word counts and a certain number of links you are allowed to embed, so always read the guidelines first and keep those restrictions in mind while writing.
Pinterest
Pinterest has been all the rage lately and it’s no surprise why – Shareholic recently released a new study showing that Pinterest drives more referral traffic than Twitter. Heck, Pinterest beats Google Plus, LinkedIn and YouTube combined for referral traffic.
If you’re not pinning yet, you better get to it! Check out our new Pinterest Guide for Marketers to get started.
Reddit is another great social bookmarking site ideal for sharing compelling content. With over 2 billion page views a month, Reddit has incredible social bookmarking potential, but marketers should be warned that only truly unique, interesting content will be welcomed. Posting on Reddit is playing with fire—submit spammy or overtly sales-focused content and your business could get berated by this extremely tech-savvy community.
If you have content you believe the Reddit community (majority is young, geeky, liberal, and internet-obsessed) would enjoy, you could reap tremendous benefits and earn valuable referral traffic. I’d recommend trying funny cat videos—works every time.
Share your latest blog posts, events, or even favorite blog comments. It’s fine to share a link to a page that simply needs a bump in traffic now and again, but be aware these attempts can sometimes appear spammy – your followers’ tolerance may vary.
Do you have any additional tips for building up referral traffic? We’d love to hear them!
----------------------------------------------------------------------------------------------------------
Referral traffic is valuable in online marketing because it sends interested readers and qualified potential customers to your site from new domains. It also provides added SEO benefits, since by definition referral traffic is driven either by an inbound link or social activity, both of which send positive signals to the search engines about your site.
Need some of that sweet ol’ referral traffic? We’ve got you covered with five simple referral traffic strategies to help.
Guest Posts
Guest posts are a great way to build up referral traffic. Especially in light of the Penguin update, it’s best to focus your guest posting efforts on sites that are related to your business, which means your content will be in front of a relevant audience providing top-notch referral traffic. If you can set up a regular guest posting schedule, all the better, because that allows you to keep your referral traffic from those sources steady over time.The first step in guest posting is getting a feel for the blogs you’d like to post on: Are the blog posts professional and formal or more relaxed and laid-back? Is their reader base advanced or beginner? Many blogs have strict guidelines for guest posts with specific word counts and a certain number of links you are allowed to embed, so always read the guidelines first and keep those restrictions in mind while writing.
If you’re not pinning yet, you better get to it! Check out our new Pinterest Guide for Marketers to get started.
Press Releases
Press releases are a quick and easy way to get a wave of fresh referral traffic. It’s a great idea to do a press release for an event you’ll be hosting or to announce milestones like executive changes, earnings releases, acquisitions, and product launches. But to be honest, if you are paying for a press release, you can write about pretty much anything and pretend it’s newsworthy. Some businesses even send out press releases whenever they get a new client.Social Bookmarking
Social bookmarking sites, or sites that allow you to bookmark and tag various online resources, are another easy fix for your referral traffic cravings. We get a ton of referral traffic from Stumble Upon, which lets you stumble about the internet like a drunken college student out at 2am on a Friday night. Stumble Upon allows visitors to serendipitously discover your awesome content and share it easily with others.Reddit is another great social bookmarking site ideal for sharing compelling content. With over 2 billion page views a month, Reddit has incredible social bookmarking potential, but marketers should be warned that only truly unique, interesting content will be welcomed. Posting on Reddit is playing with fire—submit spammy or overtly sales-focused content and your business could get berated by this extremely tech-savvy community.
If you have content you believe the Reddit community (majority is young, geeky, liberal, and internet-obsessed) would enjoy, you could reap tremendous benefits and earn valuable referral traffic. I’d recommend trying funny cat videos—works every time.
Social Networks: Facebook, Linked In, and Google+
Social networking sites like Facebook, LinkedIn, and Google+ are also natural contenders for bringing in referral traffic. Just remember your platform—Facebook and Google+ tend to promote a more casual, friendly atmosphere while LinkedIn is more professional.Share your latest blog posts, events, or even favorite blog comments. It’s fine to share a link to a page that simply needs a bump in traffic now and again, but be aware these attempts can sometimes appear spammy – your followers’ tolerance may vary.
Do you have any additional tips for building up referral traffic? We’d love to hear them!
----------------------------------------------------------------------------------------------------------
Laliwala IT Services is a experienced web development company specializing in website design and development. Laliwala IT Services create web that appeal to your sense of style, with intuitive
layouts and navigation. Laliwala IT Services also ensure that your company website is search
engine (google, yahoo, etc.) friendly so that it attracts customers and sales. After all,
sales are the prime objective of every business. Our company developed
hundreds of successful websites for several different types of
businesses around the world. |
Ubuntu Founder Officially Gives up Trying to Topple Microsoft
Canonical founder Mark Shuttleworth announced on Thursday that Ubuntu Linux bug #1 – "Microsoft has a majority market share" – is now officially closed. Rather than boasting about his victory, he gives much of the credit to iOS and Android. “Android may not be my or your first choice of Linux, but it is without doubt an open source platform that offers both practical and economic benefits to users and industry. So we have both competition, and good representation for open source, in personal computing.”
We use the term “victory” above very loosely since it’s quite clear Shuttleworth didn’t achieve his overarching goals of dominating the PC industry. Back in 2004 he believed pretty strongly that all PC’s should ship with primarily free and open operating systems, a goal which quite clearly hasn’t played out like he expected. Even Android phones for the most part ship with locked boot loaders, and OEM’s do everything possible to restrict access.
Despite the technicalities, Shuttleworth notes that the Microsoft of 2013 is nothing like the company he declared war on back in 2004. He writes that Microsoft Azure in particular is "a pleasure to work with" on Linux, and that today "circumstances have changed.”
U.S. Goverment Texas cops will soon need a warrant to search your e-mail
Texas is poised to become the first state in the
U.S. to require law enforcement officers to get a search warrant based
on probable cause before they access any electronic communications and
customer data stored by a third-party service provider.
The Texas legislature this week passed a bill (H.B. 2268) mandating
the warrant. The measure now only needs a signature by Gov. Rick Perry
to become law.The bill would be the first to address what many, including courts, say are glaring shortcomings in the Electronic Communications Privacy Act. The ECPA was drafted in 1986 and does not always require law enforcement authorities to obtain a search warrant to access email, instant messages and other customer data stored by Internet service providers and online storage services.
In many instances, the ECPA only requires them to give prior notice and obtain an administrative subpoena to access customer data. The only situation where existing federal law mandates a search warrant is for unopened email messages that are less than 180 days old.
Concerns over warrantless email searches by police have prompted sweeping calls for ECPA reforms, both at the state and federal level.
Just last week, for instance, Sen. Rand Paul (R-KY) introduced the Fourth Amendment Preservation and Protection Act of 2013, which stipulates a search warrant requirement similar to the Texas bill. In March, three lawmakers introduced an ECPA reform bill that would require law enforcement agencies to obtain a warrant to intercept or access stored electronic communications and geolocation data.
Similar bills have been proposed by others in recent years, but the Texas statute looks to be the first effort to actually become law.
The measure requires a warrant for all law enforcement access to stored electronic data, regardless of how long it has been stored, who is storing it or how it is being stored. All applications for search warrants would need probable case and have to be supported by an oath by the officer making the request.
In most cases, companies served with such warrants would be required to comply with them within 10 days. In some instances, a judge could require compliance in as little as four days if police are able to prove than a delay would jeopardize an investigation, put someone's life at risk or let someone to escape prosecution.
The bill is important for two reasons, said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation (EFF). First, it creates stronger privacy protections by updating the state's electronic privacy laws.
"Second, although this bill only covers Texas, it will hopefully spur other states to do the same and for Congress to update ECPA, too," Fakhoury said.
California, for instance, is currently considering a similar bill (SB 467) sponsored by the EFF. It has been passed by the California Senate and is now awaiting action in the Assembly, he said.
Separately, ECPA reform has been steadily moving through Congress, with entities as varied as Google and the U.S. Department of Justice now backing a warrant requirement, he noted. "Having individual states demonstrate to Congress that email privacy legislation is both politically and practically feasible, necessary and desired is only going to make the law better for everyone, no matter what state they're in."
The Texas law would only apply to state investigations -- not federal investigations, which will still be governed by ECPA requirements.
Dropbox goes down for more than an hour
Cloud storage service Dropbox users were hit with a widespread
service outage this morning that lasted a little more than an hour.
Tweets from outraged users around the world appeared to show the breadth of the service outage.
According to the web monitoring site Is It Down Right Now, Dropbox's servers were unresponsive at 6:32 a.m. Pacific Time and appeared to be down for a little more than an hour. During that time, the Dropbox website was displaying 404 server error messages.
After coming back online, Dropbox Support tweeted the statement: "We apologize for any inconvenience that might have been caused. Dropbox is back to normal."
When contacted by Computerworld, a spokeswoman didn't elaborate on the reasons for the outage.
Web monitoring site Isitdownnow.com shows Dropbox servers as unresponsive on the morning of May 30
Dropbox's last service disruption in January lasted more than 15 hours.
Tweets from outraged users around the world appeared to show the breadth of the service outage.
According to the web monitoring site Is It Down Right Now, Dropbox's servers were unresponsive at 6:32 a.m. Pacific Time and appeared to be down for a little more than an hour. During that time, the Dropbox website was displaying 404 server error messages.
When contacted by Computerworld, a spokeswoman didn't elaborate on the reasons for the outage.
Web monitoring site Isitdownnow.com shows Dropbox servers as unresponsive on the morning of May 30
Dropbox's last service disruption in January lasted more than 15 hours.
Computer scientists oppose Oracle's bid to copyright Java APIs
Some prominent scientists, including the inventor of JavaScript, have backed Google in its court battle with Oracle
Nearly three dozen computer scientists have
signed off on a court brief opposing Oracle's effort to copyright its
Java APIs, a move they say would hold back the computer industry and
deny affordable technology to end users.
The group, which includes prominent names such as MS-DOS author Tim Paterson and ARPANET developer Larry Roberts, signed the amicus brief in support of Google in its copyright lawsuit with Oracle.Oracle accuses Google of infringing the copyright on its Java APIs (application programming interfaces) in the development of Google's Android OS, and it is seeking billions of dollars in damages. Google denies any wrongdoing and has argued, in part, that software APIs aren't eligible for copyright protection under U.S. law.
Last year, a district court in California largely agreed with Google and ruled against Oracle in the case. Judge William Alsup determined that the Java APIs in the case can't be covered by copyright because they're a functional part of the Java platform and required by others to use the Java language. Copyright law typically does not extend to works that are functional in nature.
Oracle appealed the decision, and Thursday's brief aims to sway the court that will eventually decide that appeal. It was filed by the Electronic Frontier Foundation on behalf of 32 computer scientists and software developers. Other signatories are Brendan Eich, inventor of JavaScript and the CTO of Mozilla; Michael Tiemann, author of the GNU C++ compiler and an executive at Red Hat; and Samba developer Andrew Tridgell.
"The freedom to reimplement and extend existing APIs has been the key to competition and progress in the computer field -- both hardware and software," the brief states.
"It made possible the emergence and success of many robust industries we now take for granted -- such as industries for mainframes, PCs, peripherals (storage, modems, sound cards, printers, etc), workstations/servers, and so on -- by ensuring that competitors could challenge established players and advance the state of the art."
For instance, the brief argues, the spread of affordable PCs was made possible because IBM held no copyright on its BIOS system, allowing competitors such as Compaq and Phoenix to create their own BIOS implementations and build PC clones. The open nature of APIs was also essential to the development of the Unix OS, the C programming language and the open protocols on the Internet, the brief says.
"Should the court reverse Judge Alsup's well-reasoned opinion, it will hand Oracle and others the ability to monopolize any and all uses of systems that share their APIs. API creators would have veto power over any developer who wants to create a compatible program," the brief states.
Oracle responded sharply. "I guess everyone is having collective amnesia about the uncontroverted testimony that Android is not compatible with Java," said spokeswoman Deborah Hellinger.
At trial, Oracle argued that the complex structure and syntax of the Java APIs make them a creative work worthy of protection. Google knowingly copied the APIs, it said, and has since made billions of dollars from the success of Android, which is now the world's top-selling smartphone operating system.
James Niccolai covers data centers and general technology news for IDG News Service. Follow James on Twitter at @jniccolai. James's e-mail address is james_niccolai@idg.com
More
Oracle Company changes plans for Java security improvements
Oracle Company plans to make changes
to strengthen the security of Java, including fixing its certificate
revocation checking feature, preventing unsigned applets from being
executed by default and adding centralized management options with
whitelisting capabilities for enterprise environments.
These changes, along with other security-related efforts, are
intended to "decrease the exploitability and severity of potential Java
vulnerabilities in the desktop environment and provide additional
security protections for Java operating in the server environment," said
Nandini Ramani, vice president of engineering for Java Client and
Mobile Platforms at Oracle, in a blog post on Thursday.
Ramani's blog post, which discusses "the security worthiness of Java," indirectly addresses some of the criticism and concerns raised by security researchers this year following a string of successful and widespread attacks that exploited zero-day -- previously unpatched -- vulnerabilities in the Java browser plug-in to compromise computers.
Ramani reiterated Oracle's plans to
accelerate the Java patching schedule starting from October, aligning it
with the patching schedule for the company's other products, and
revealed some of the company's efforts to perform Java security code
reviews.
"The Java development team has expanded the use of automated security testing tools, facilitating regular coverage over large sections of Java platform code," she said. The team worked with Oracle's primary provider of source code analysis services to make these tools more effective in the Java environment and also developed so-called "fuzzing" analysis tools to weed out certain types of vulnerabilities.
The apparent lack of proper source code security reviews and quality assurance testing for Java 7 was one of the criticisms brought by security researchers in light of the large number of critical vulnerabilities that were found in the platform.
Ramani also noted the new security levels and warnings for Java applets -- Web-based Java applications -- that were introduced in Java 7 Update 10 and Java 7 Update 21 respectively.
These changes were meant to discourage the execution of unsigned or self-signed applets, she said. "In the near future, by default, Java will no longer allow the execution of self-signed or unsigned code."
Ramani's blog post, which discusses "the security worthiness of Java," indirectly addresses some of the criticism and concerns raised by security researchers this year following a string of successful and widespread attacks that exploited zero-day -- previously unpatched -- vulnerabilities in the Java browser plug-in to compromise computers.
"The Java development team has expanded the use of automated security testing tools, facilitating regular coverage over large sections of Java platform code," she said. The team worked with Oracle's primary provider of source code analysis services to make these tools more effective in the Java environment and also developed so-called "fuzzing" analysis tools to weed out certain types of vulnerabilities.
The apparent lack of proper source code security reviews and quality assurance testing for Java 7 was one of the criticisms brought by security researchers in light of the large number of critical vulnerabilities that were found in the platform.
Ramani also noted the new security levels and warnings for Java applets -- Web-based Java applications -- that were introduced in Java 7 Update 10 and Java 7 Update 21 respectively.
These changes were meant to discourage the execution of unsigned or self-signed applets, she said. "In the near future, by default, Java will no longer allow the execution of self-signed or unsigned code."
Such default behavior makes sense from a
security standpoint considering that most Java exploits are delivered as
unsigned Java applets. However, there have been cases of digitally signed Java exploits being used in the past and security researchers expect their number to increase.
Because of this it's important for the Java client to be able to check in real time the validity of digital certificates that were used to sign applets. At the moment Java supports certificate revocation checking through both certificate revocation lists (CRLs) and the Online Certificate Status Protocol (OCSP), but this feature is disabled by default.
"The feature is not enabled by default because of a potential negative performance impact," Ramani said. "Oracle is making improvements to standardized revocation services to enable them by default in a future release."
The company is also working on adding
centrally managed whitelisting capabilities to Java, which will help
businesses control what websites are allowed to execute Java applets
inside browsers running on their computers.
Unlike most home users, many organizations can't afford to disable the Java browser plug-in because they need it to access Web-based business-critical applications created in Java.
"Local Security Policy features will soon be added to Java and system administrators will gain additional control over security policy settings during Java installation and deployment of Java in their organization," Ramani said. "The policy feature will, for example, allow system administrators to restrict execution of Java applets to those found on specific hosts (e.g., corporate server assets, partners, etc.) and thus reduce the risk of malware infection resulting from desktops accessing unauthorized and malicious hosts."
Even though the recent Java security issues have generally only impacted Java running inside browsers, the public coverage of them has also caused concern among organizations that use Java on servers, Ramani said.
As a result, the company has already started to separate Java client from server distributions with the release of the Server JRE (Java Runtime Environment) for Java 7 Update 21 that doesn't contain the browser plug-in.
"In the future, Oracle will explore stronger measures to further reduce attack surface including the removal of certain libraries typically unnecessary for server operation," Ramani said. However, those changes are likely to come in future major versions of Java since introducing them now would violate current Java specifications, she said.
_______________________________________________________________________
This online training course is designed for Developers, System Admin and Project Managers to manage a complete cloud solution for their respective clients on IAAS, PAAS and SAAS models. Weather these people are working on cloud deployment and security, will learn how to build, launch, and scale an application using Amazon Web Services and Java development tools.
www.laliwalait.com
Office Address :
Mangal Girdhar Compund,
Nr. B.G.Tower, Out Side Dehli Darwaja,
Shahibaug Road, Dehli Darwaja,
Ahmedabad - 380004, Gujarat, India.
Please send us for Business Inquiry to :
E-mail : contact@laliwalait.com
E-mail : training@laliwalait.com
Mobile No. : +91-09904245322
Because of this it's important for the Java client to be able to check in real time the validity of digital certificates that were used to sign applets. At the moment Java supports certificate revocation checking through both certificate revocation lists (CRLs) and the Online Certificate Status Protocol (OCSP), but this feature is disabled by default.
"The feature is not enabled by default because of a potential negative performance impact," Ramani said. "Oracle is making improvements to standardized revocation services to enable them by default in a future release."
Unlike most home users, many organizations can't afford to disable the Java browser plug-in because they need it to access Web-based business-critical applications created in Java.
"Local Security Policy features will soon be added to Java and system administrators will gain additional control over security policy settings during Java installation and deployment of Java in their organization," Ramani said. "The policy feature will, for example, allow system administrators to restrict execution of Java applets to those found on specific hosts (e.g., corporate server assets, partners, etc.) and thus reduce the risk of malware infection resulting from desktops accessing unauthorized and malicious hosts."
Even though the recent Java security issues have generally only impacted Java running inside browsers, the public coverage of them has also caused concern among organizations that use Java on servers, Ramani said.
As a result, the company has already started to separate Java client from server distributions with the release of the Server JRE (Java Runtime Environment) for Java 7 Update 21 that doesn't contain the browser plug-in.
"In the future, Oracle will explore stronger measures to further reduce attack surface including the removal of certain libraries typically unnecessary for server operation," Ramani said. However, those changes are likely to come in future major versions of Java since introducing them now would violate current Java specifications, she said.
_______________________________________________________________________
Cloud Computing AWS Online Training
Cloud computing term is the use of computing resources, it could be in form of hardware or software or network or database those are distributed as a service over a globe. Cloud Computing is a broad term for everything that involves distributing hosted services over the Internet.This online training course is designed for Developers, System Admin and Project Managers to manage a complete cloud solution for their respective clients on IAAS, PAAS and SAAS models. Weather these people are working on cloud deployment and security, will learn how to build, launch, and scale an application using Amazon Web Services and Java development tools.
Day 1
- What is AWS?
- Getting Started with AWS
- Introducing Amazon EC2
- Launch EC2 Instance
- Deploy First Web Application
- Amazon Management Console
- Elastic Load Balancer
- Auto Scaling
- Monitoring using CloudWatch
- Deployment & Automation using AWS CloudFormation
- Clean Up
- Cost Breakdown
Day 2
- Amazon S3
- Amazon RDS
- Amazon Route 53
- Amazon CloudFront
- Amazon SimpleDB
- Amazon DynamoDB
- Elastic MapReduce
- Big Data with AWS
- Amazon EMR
- Amazon CloudSearch
Day 3
- Identity & Access Management
- AWS Import/Export
- AWS Elastic Beanstalk
- Amazon VPC
- Amazon Direct Connect
- Amazon EBS
- AWS Storage Gateway
- Amazon SWF
- Amazon ElastiCache
- Messaging using SNS, SQS, SES
- Amazon Giacier
- Libraries & SDKs
www.laliwalait.com
Office Address :
Mangal Girdhar Compund,
Nr. B.G.Tower, Out Side Dehli Darwaja,
Shahibaug Road, Dehli Darwaja,
Ahmedabad - 380004, Gujarat, India.
Please send us for Business Inquiry to :
E-mail : contact@laliwalait.com
E-mail : training@laliwalait.com
LinkedIn trying to make themselves safer from hackers : Login and Password
Once the feature is enabled, users will get a code sent to them when logging in from a new device
Add LinkedIn to the list of Internet companies trying to make
themselves safer from cyberattacks by adding two-step authentication.
Users of the professional social-networking site now have the option to add two-step verification to their accounts, which is designed to add another layer to the sign-in process when logging in from a new or unknown device. With the feature enabled, users will be prompted to type a numeric code sent to their phone via SMS when logging in from an unrecognized computer or device for the first time.
Most Internet accounts that have become compromised are illegitimately accessed from a new computer or device, LinkedIn said Friday in a blog post. When enabled, the new feature makes it more difficult for unauthorized people to access users' accounts because both their password and mobile phone are needed to log in, LinkedIn said.
Two-step verification can be turned on
using the site's settings page for users' security options. After the
feature is enabled, the site will send the code upon sign-in once per
device. A user will be notified via email each time his or her account
is signed into using a new device.
The changes come one week after Twitter introduced two-factor authentication following a series of recent hacks targeting high-profile businesses on the blogging site. Security experts had long been calling for the company to make two-factor logins an option.
Last year, LinkedIn users were advised to change their passwords after it was reported that millions of "unsalted" hashed passwords had turned up on a Russian hacker website.
Apple, Facebook and Google are among other companies that also offer two-step authentication as an option for users.
But while two-factor login does add an extra layer of security, it is not a panacea, some security experts have said. With an email phishing attack, for instance, a hacker could fake a login page to ask for the code the user just received, it has been argued.
Aside from two-factor logins, Google on Thursday laid out several safe password tips for users to follow, though some of the advice was fairly basic. "Use a different password for each important service" and "make your password hard to guess," the company said.
Users of the professional social-networking site now have the option to add two-step verification to their accounts, which is designed to add another layer to the sign-in process when logging in from a new or unknown device. With the feature enabled, users will be prompted to type a numeric code sent to their phone via SMS when logging in from an unrecognized computer or device for the first time.
Most Internet accounts that have become compromised are illegitimately accessed from a new computer or device, LinkedIn said Friday in a blog post. When enabled, the new feature makes it more difficult for unauthorized people to access users' accounts because both their password and mobile phone are needed to log in, LinkedIn said.
The changes come one week after Twitter introduced two-factor authentication following a series of recent hacks targeting high-profile businesses on the blogging site. Security experts had long been calling for the company to make two-factor logins an option.
Last year, LinkedIn users were advised to change their passwords after it was reported that millions of "unsalted" hashed passwords had turned up on a Russian hacker website.
Apple, Facebook and Google are among other companies that also offer two-step authentication as an option for users.
But while two-factor login does add an extra layer of security, it is not a panacea, some security experts have said. With an email phishing attack, for instance, a hacker could fake a login page to ask for the code the user just received, it has been argued.
Aside from two-factor logins, Google on Thursday laid out several safe password tips for users to follow, though some of the advice was fairly basic. "Use a different password for each important service" and "make your password hard to guess," the company said.
Google Company Launches Display Benchmarks Tool for Advertiser
Google is offering advertisers the chance to instantly check how
their ads are performing with the latest addition to its arsenal – the
Display Benchmarks Tool. It will show how display ads are faring
relative to aggregated campaigns, which will allow marketers to see
their marketing activity in context and to compare their own
performance, Google´s DoubleClick Advertiser Blog informed.
Users of the tool have the option to select the criteria with which their ads will be compared, according to geographical coverage, type of media, size and formats. After the analysis has been completed, the tool prepares a report that can either reveal current information, or look at trends going back more than a year.
What the Display Benchmarks Tool tracks is the average interaction rate, average duration of interaction and the expansion rate for rich media ads. In addition, it also gives marketers the opportunity to compare the overall click-through rate with those recorded for standard media and rich media, Google explained. Information regarding the length of time during which expander ads stay expanded and video completion rates, as well as the average amount of time that rich media impressions were displayed, can be also be obtained.
While utilising the tool, Google noticed certain trends that have evolved over the past few months. Since last summer, users interact with ads 50% to 60% more frequently. Meanwhile, video completion rates grew almost 24% and reached a 60% completion rate, the blog post said.
Users of the tool have the option to select the criteria with which their ads will be compared, according to geographical coverage, type of media, size and formats. After the analysis has been completed, the tool prepares a report that can either reveal current information, or look at trends going back more than a year.
What the Display Benchmarks Tool tracks is the average interaction rate, average duration of interaction and the expansion rate for rich media ads. In addition, it also gives marketers the opportunity to compare the overall click-through rate with those recorded for standard media and rich media, Google explained. Information regarding the length of time during which expander ads stay expanded and video completion rates, as well as the average amount of time that rich media impressions were displayed, can be also be obtained.
While utilising the tool, Google noticed certain trends that have evolved over the past few months. Since last summer, users interact with ads 50% to 60% more frequently. Meanwhile, video completion rates grew almost 24% and reached a 60% completion rate, the blog post said.
Nagavara Ramarao Narayana Murthy returns Infosys'
Infosys' co-founder and first
CEO N. R. Narayana Murthy has returned to the company as executive
chairman, amid concerns that the outsourcer's performance has not been
as good as that of some of its Indian peers.
Murthy, 67, said he would be "adding value" to CEO S.D. Shibulal, who has initiated a strategy called Infosys 3.0, which aims to focus the company on high-margin businesses like consultancy, reusable platforms and products.
Once the darling of investors, Infosys has seen lackluster growth in revenue and profits in comparison to some of its Indian competitors such as Tata Consultancy Services. Murthy could now help Infosys recover from problems it has had in executing on its strategy, analysts said.
Murthy was chairman and CEO of Infosys
from its founding in 1981 to 2002, and remained as chairman until 2011,
when he was appointed chairman emeritus, largely an honorific position.
He brings to Infosys his son Rohan Murthy, as executive assistant in the chairman's office, ending an over 30-year-old corporate policy not to employ family members of the company founders.
Shibulal is also a founder of the company. The CEO's has remained among the founders, which has been criticized by analysts who said the company was not giving an opportunity to high-performing insiders or to outside recruits for that job.
Shareholder approval is required Murthy's appointment as executive chairman and director for a period of five years, the board said Saturday.
Besides Murthy and Shibulal, former CEO S. Gopalakrishnan will steer the company as executive vice chairman. Gopalakrishnan was co-chairman of the company until the changes announced Saturday. Chairman K.V. Kamath returned to being an independent director on the board.
Murthy, 67, said he would be "adding value" to CEO S.D. Shibulal, who has initiated a strategy called Infosys 3.0, which aims to focus the company on high-margin businesses like consultancy, reusable platforms and products.
Once the darling of investors, Infosys has seen lackluster growth in revenue and profits in comparison to some of its Indian competitors such as Tata Consultancy Services. Murthy could now help Infosys recover from problems it has had in executing on its strategy, analysts said.
He brings to Infosys his son Rohan Murthy, as executive assistant in the chairman's office, ending an over 30-year-old corporate policy not to employ family members of the company founders.
Shibulal is also a founder of the company. The CEO's has remained among the founders, which has been criticized by analysts who said the company was not giving an opportunity to high-performing insiders or to outside recruits for that job.
Shareholder approval is required Murthy's appointment as executive chairman and director for a period of five years, the board said Saturday.
Besides Murthy and Shibulal, former CEO S. Gopalakrishnan will steer the company as executive vice chairman. Gopalakrishnan was co-chairman of the company until the changes announced Saturday. Chairman K.V. Kamath returned to being an independent director on the board.
Subscribe to:
Posts (Atom)