'IT'에 해당되는 글 215건

  1. 2016.08.18 How to compare two Excel sheets for differences in values by CEOinIRVINE
  2. 2012.11.01 basketball by CEOinIRVINE
  3. 2011.12.23 The Best AirPrint Compatible Printers by CEOinIRVINE
  4. 2011.12.10 Setting the secure flag in the cookie is easy by CEOinIRVINE
  5. 2011.12.09 Why Java Will Always Be Slower than C++ by CEOinIRVINE
  6. 2011.12.09 a by CEOinIRVINE
  7. 2011.12.05 Information Security Interview Questions by CEOinIRVINE
  8. 2011.12.02 Endpoint Buyers Guide (Anti Virus) by CEOinIRVINE
  9. 2011.12.01 New Fee is your chance to break Verizon Contract Without Paying Early Termination Fee by CEOinIRVINE
  10. 2011.09.16 To use a port scan tool to determine listening ports of active hosts: by CEOinIRVINE 1

How to compare two Excel sheets for differences in values

It is the simplest way to compare data in Excel that lets you identify cells with different values. As the result, you will have a difference report in a new worksheet.

To compare two Excel worksheets for differences, just open a new empty sheet, enter the following formula in cell A1, and then copy it down and to the right:

=IF(Sheet1!A1<> Sheet2!A1, "Sheet1:"&Sheet1!A1&" vs Sheet2:"&Sheet2!A1, "")

The result will look similar to this:
Comparing two Excel sheets for differences in values

As you can see in the above screenshot, the formula compares 2 sheets, identifies cells with deferent values and displays the differences in corresponding cells. Please note that in the difference report, dates (cell C4) are presented by serial numbers as they are stored in the internal Excel system, which is not very convenient for analyzing differences between them.

Highlight differences between 2 sheets with conditional formatting

To highlight cells that have different values in two sheets with the color of your choosing, use the Excel conditional formatting feature:

  • In the worksheet where you want to highlight differences, select all used cells. For this, click the upper left cell of the used range, usually A1, and press Ctrl + Shift + End to extend the selection to the last used cell.
  • On the Home tab, in the Styles group, click Conditional Formatting > New rule, and create a rule with the following formula:

    =A1<>Sheet2!A1

    Where Sheet2 is the name of the other sheet you are comparing.

As the result, the cells with different values will get highlighted with the selected color:
Create a conditional formatting rule to highlight differences between 2 sheets.

If you are not very familiar with Excel conditional formatting, you can find the detailed steps to create a rule in the following tutorial: Excel conditional formatting based on another cell value.

As you see, it's very easy to compare two Excel sheets by using formulas or conditional formats. However, these methods are not well suited for all-round comparison because of the following limitations:

  • They find differences only in values, but cannot compare formulas or cell formatting.
  • They cannot identify added or deleted rows and columns. As soon as you add or delete a row / column in one sheet, all subsequent rows / columns will be marked as differences.
  • They work on a sheet level, but cannot detect workbook-level structural differences such as sheet additions and deletions.

Compare and merge copies of a shared workbook

When it comes to merging different versions of the same Excel file, the Compare and Mergefeature comes in handy. It is especially useful when several users collaborate on the same Excel workbook because it lets you view the changes and comments of all users at a time. To leverage this feature, be sure to do the following preparations:

  • Share your Excel workbook before you make it available to other users.

    To share a workbook, just click the Share Workbook button on the Review tab, in the Changesgroup, select the Allow Changes by More Than One User...box, and click OK. Allow Excel to save the workbook if prompted. Turning on the Track Changes feature shares the workbook automatically.

  • Each person who makes any edits to the shared workbook must save a copy (.xls or xlsx file) using a unique file name.

Now that all initial preparations are done properly, you are ready to combine the copies of a shared workbook.

1. Enable the Compare and Merge Workbooks feature in your Excel

Although, the Compare and Merge Workbooks feature is available in all versions of Excel 2016, Excel 2013, Excel 2010 and lower, this command is not displayed anywhere in Excel by default. To add it to the Quick Access toolbar, perform the following steps:

  • Open the Quick Access drop down menu and select More Commands.
  • In the Excel Options dialog box, select All Commands under Choose commands from.
  • In the list of commands, scroll down to Compare and Merge Workbooks, select it and click theAdd button to move it to the right-hand section.
  • Click OK.

Add the Compare and Merge Workbooks feature to the Quick Access toolbar.

2. Compare and merge workbooks

When all of the users have finished working with your shared Excel workbook, you can merge all the copies into one file.

  • Open the primary version the shared workbook.
  • Click the Compare and Merge Workbooks command on the Quick Access toolbar.
    Click the Compare and Merge Workbooks command on the Quick Access toolbar
  • In the dialog box that appears, select a copy of the shared workbook that you want to merge. To select several copies, hold the Shift key while clicking the file names, and then click OK.
    Select a copy of the shared workbook that you want to merge.

Done! The changes from each copy are merged into a single workbook, and you can review all the edits at a time. To point out the row and columns with differences, Excel highlights the column letters and row numbers in a dark red color. At the cell level, edits from different users are marked with different colors, so you can see at a glance who made a particular change.
Edits from different users are marked with different colors.

Note. If the Compare and Merge Workbooks command is greyed out in your Excel, most likely you are trying to combine different Excel files. Please remember, the Compare and Merge Workbooks feature allows merging only copies of the same shared workbook.

Third-party tools to compare Excel files

As you have just seen, Microsoft Excel provides a handful of features to compare data in two or more workbooks. But none of the built-in options is sufficient to comprehensively compare Excel sheets, let alone entire workbooks, spotting all the differences in values, formulas or formatting.

So, if you need advanced and really efficient means to compare two Excel files, then most likely you would have to use one of the third-party tools specially designed for comparing, updating and merging Excel sheets and workbooks. Below you will find a quick overview of a few tools that, in my opinion, are best performers in this area.

Synkronizer Excel Compare: 3-in-1 tool to compare, merge and update Excel files

The Synkronizer Excel Compare add-in can quickly compare, merge and update two Excel files saving you the trouble of searching for differences manually.

If you are looking for a quick and reliable method to compare two Excel sheets or workbooks, you will certainly find helpful the following features of Synkronizer Excel Compare:

  • Identifying the differences between two Excel sheets.
  • Combining multiple Excel files into a single version without producing unwanted duplicates.
  • Highlighting the differences in both sheets.
  • Showing only the differences that are relevant to your task.
  • Merging and updating the sheets.
  • Presenting detailed and easy to read difference reports.

To get some basic idea about Synkronizer Excel Compare's capabilities and performance, let's carry out a couple of field tests.

Compare two Excel files for differences

Supposing you are organizing some event and, in your Excel table, you gather information about the participants such as a participant name, arrival date, number of seats and other details. Also, you have a couple of managers in direct contact with participants and the database, and as a result, you have 2 versions of the same Excel file.

Okay, let's see how efficiently Synkronizer can compare our two sheets and identify differences between them.

To run Synkronizer Excel Compare, go to the Add-ins tab, and click the Synchronizer 11 icon.
Run the Synkronizer Excel Compare add-in.

The Synkronizer pane will show up in the left part of your Excel window, where you perform 5 quick steps:

  1. Select 2 workbooks to compare:
    Select 2 workbooks to compare.
  2. Select sheets to compare.

    If the selected workbooks have any sheets with the same names, all those sheets will be matched and automatically selected for comparison (like Participants sheets in the below screenshot).

    Also, you can manually select worksheets you want to compare, or instruct the add-in to match sheets by other criteria, for example by worksheet type - all, protected, or hidden.

    Select the sheets to compare.

    Once you've selected the sheets, the Synkronizer add-in will open them side by side, arranged vertically or horizontally, like in Excel's View Side by Side mode.

  3. Select one of the following comparison options:
    • Compare as normal worksheets - the default option that works in most cases.
    • Compare with link options - if the selected sheets do not contain any new or deleted rows and columns, you can compare them "1 on 1".
    • Compare as database - recommended for comparing sheets that have a database structure.
    • Compare selected ranges - if you do not want to compare the entire sheets, define the ranges to be compared.
  4. Choose the content types to be compared (optional).

    On the Select tab, in the Compare group, you can choose the content type(s) relevant to your current task:

    Select the content type(s) you want to compare.

    • Under Content, you can select comments and names (in addition to cell values, formulas and calculated values that are compared by default).
    • Under Formats, you choose what cell formats such as alignment, fill, font, border etc.
    • The Filters option lets you filter out differences that you don't want to display. For example, you can ignore case, leading or trailing spaces, all formulas or different formulas with the same result, hidden rows or column, and more.
  5. Finally, click the big red Start button on the ribbon and proceed to examining the results.

Visualizing and analyzing the differences

Usually it takes Synkronizer only a few seconds to compare 2 sheets and present a brief summary report and detailed difference report on the Results tab.

In a summary report, you can see all difference types at a glance: changes in columns, rows, cells, comments, formats, and names.

To view the detailed difference report, just click a specific difference type on the summary report.

The following screenshot shows the summary report (in the upper part of the Results pane), and cell difference report (in the lower part of the pane) that were created for our sample sheets:
A brief summary report and detailed difference report are created.

As soon as you click on a difference, you will immediately be taken to the corresponding cells on both sheets you are comparing (the below screenshot shows just one sheet because there's enough room on this page to show both :)
As soon as you click on a difference, you will jump to the corresponding cells on both sheets.

In addition, you can create a difference repot in a separate workbook, either standard or hyperlinked, and jump to a specific difference with a mouse click:
A detailed difference repot in a separate workbook

Compare all sheets in two workbooks at a time

If the two Excel files you are comparing contain multiple sheets, all matching worksheet pairs will be presented in the summary report for your perusal:
Compare all sheets in two workbooks at a time

Highlighting differences between sheets

By default, the Synkronizer Excel Compare add-in highlights all found differences, like in the following screenshot:

  • Yellow - differences in cell values
  • Lilac - differences in cell formats
  • Green - inserted rows

Highlighting differences between sheets

To highlight only the relevant differences, click the Outline button on the Results tab, and select the required options:
Highlight only the relevant differences.

Update and merge sheets

The merge function is definitely one of the most useful functions of the Synkronizer Excel Compare add-in. It lets you transfer values from sheet 1 to sheet 2 and vice versa. You can merge individual cells values or move different columns/rows from the source to target sheet, and have your primary sheet updated in seconds.

To update one or more differences, select them on the Synkronizer's pane and click one of the 4 update buttons - the first and last buttons update all differences, while the 2nd and 3rd buttonsupdate selected differences only (the button arrows indicate the transfer direction):
Update and merge sheets.

Well, these are the key features of the Synkronizer add-in, but there is certainly much more to it. If you are curious to give it a shot, here's a trial version.

In my opinion, Synkronizer is one of the best tools to compare files in Excel, but it's not the only option available to you. A handful of other comparison tools exist, which basically provide the same set of features in different implementations.

xlCompare: compare and merge workbooks, sheets and VBA projects

Using the xlCompare utility, you can compare two Excel files, worksheets, names and VBA Projects. It identifies added, deleted and changed data and allows you to quickly merge differences. In addition, it provides the following options:

  • Find duplicate records between two worksheets and remove them.
  • Update all existing records in one sheet with values from another sheet.
  • Add unique (new) rows and columns from one sheet to another.
  • Merge all updated records from one workbook to another.
  • Sort data on the sheets by the key column.
  • Filter the comparison results to display differences or identical records.
  • Highlight comparison results with colors.

Florencesoft DiffEngineX: compare Excel workbooks for differences

DiffEngineX is another utility that can help you identify differences between cell values, formulas, comments, Excel names, and VBA code. It can compare two Excel workbooks or selected sheets.

DiffEngineX works with xls, xlsx, xlsm and xlsb files, and supports Excel 2013, Excel 2010, Excel 2007 and Excel 2003.

Change pro for Excel: compare Excel sheets on desktop and mobile devices

With Change pro for Excel, you can compare two sheets in desktop Excel as well as on mobile devices with optional server-based comparison. The key features of this tool are:

  • Find differences between 2 sheets in formulas and values.
  • Identify layout changes, including added / deleted rows and columns.
  • Recognize embedded objects such as charts, graphs and images.
  • Create and print difference reports of formula, value and layout differences.
  • Filter, sort, and search the difference report on key changes.
  • Compare files directly from Outlook or document management systems.
  • Support for all languages, including multi-byte.

Online services to compare Excel files

Apart from desktop tools and utilities, there exist a number of online services that let you quickly compare two Excel sheets for differences without installing any software on your computer. Probably it's not the best solution in terms of security, but if your Excel files do not contain any sensitive information why not use some free online service for immediate results?

For example, you can try XLComparator or CloudyExcel, or find some other similar services on the net. This is how the CloudyExcel service looks like:
Online service to compare Excel files

You just upload the two Excel workbooks you want to compare, and click the Find Differencebutton at the bottom of the screen. In a moment, the differences in two active sheets will get highlighted with different colors:
The differences in two active sheets are highlighted with different colors.

Well, this is how you can compare Excel files for differences. If none of the solutions described in this tutorial is suitable for your task, check out the following resources that cover other aspects of Excel file comparison. And if you know any other ways to compare two Excel files, your comments will be greatly appreciated. I thank you for reading and hope to see you on our blog next week!

Other ways to compare and merge data in Excel


'IT' 카테고리의 다른 글

basketball  (0) 2012.11.01
The Best AirPrint Compatible Printers  (0) 2011.12.23
Setting the secure flag in the cookie is easy  (0) 2011.12.10
Why Java Will Always Be Slower than C++  (0) 2011.12.09
a  (0) 2011.12.09
Posted by CEOinIRVINE
l

basketball

IT 2012. 11. 1. 07:16
Basketball today?
  
pollcode.com free polls 

'IT' 카테고리의 다른 글

How to compare two Excel sheets for differences in values  (0) 2016.08.18
The Best AirPrint Compatible Printers  (0) 2011.12.23
Setting the secure flag in the cookie is easy  (0) 2011.12.10
Why Java Will Always Be Slower than C++  (0) 2011.12.09
a  (0) 2011.12.09
Posted by CEOinIRVINE
l

Don’t go wild when you hear you can print wirelessly from your iPod, iPad or iPhone without installing any print drivers or even setting up any printer configurations. Yes, there is a Print icon among all the new standard apps on your i-device, but not only do you have to be running iOS 4.2 or higher, you also have to be within range of a wireless AirPrint compatible printer. And the only printers that fall in that category of being AirPrint compatible add up to less than a dozen models, all from HP. Once you realize that these are the limits within which you’ll be able to print, and you still want to go wild, then go right ahead.

Are you back? Good. The Print icon is beneath the Send To icon — when you tap it, a list of printers you can print to will appear. And, while there are ways to use AirPrint capabilities without an AirPrint compatible printer, which we will get to at the end of this article, let’s stay here a while and take a look at the printers that will be appearing in your AirPrint list on your i-device.

The first set of AirPrint-compatible HP printers are the Photosmart line, basic all-in-one inkjet printers intended for home use.

HP Photosmart e-AiO (D110A)

This basic printer was the first one released as AirPrint-enabled. Still priced well under $100, you can plug it in and immediately print documents, photos or fliers remotely.

HP Photosmart Plus e-AiO (B210a)

Think of this printer as an enhanced D110A that also lets you scan photos and make copies, besides printing remotely via AirPrint and from attached computers.

The next set of HP printers enabled for AirPrint out of the box is the premium Photosmart line.

  • HP Photosmart Premium e-AiO (C310a)
  • HP Photosmart Premium Fax e-AiO (C410a)
  • HP Photosmart eStation All-in-One (C510)

The C310A adds speed and capacity, while the C410a adds faxing capability. With the C510, you get full web browsing from the printer itself, a detachable full-color touchscreen, integrated wireless 802.11b/g/n and a flatbed scanner that lets you scan 3D objects and documents. Individual high-capacity ink cartridges cut down on printing costs. The C510 can even have its own email address, meaning you can email anything to the printer and have it printed immediately or stored for printing, depending on how you configure this feature..

The last set of HP AirPrint-ready printers is the LaserJet Pro line. Though all four of these printers are AirPrint capable, they do require an AirPrint firmware upgrade before becoming fully AirPrint compatible.

  • HP LaserJet Pro CP1525nw
  • HP LaserJet Pro M1536dnf
  • HP LaserJet Pro CM1415FNW
  • HP LaserJet Pro CP1525nw

Equipped with both wireless 802.11b/g/n and Ethernet networking, these energy-saving printers produce high-quality color in both photos and documents. Priced much lower than other laser-jet printers, these HP printers are a bargain, especially when you add in the AirPrint functionality for i-devices and HP’s own ePrint, which works the same as AirPrint for other mobile devices.

Now that we’ve shown you the short list of HP printers capable of AirPrint printing, we’ll turn this whole article on its head by describing how an i-device can print to any printer via use of AirPrint. AirPrint is based on Apple’s own networking protocol Bonjour/Zeroconf, the nature of which allowed reverse-engineering of the AirPrint function in the Linux world to create AirPrint Activator, software that enables AirPrint printing to any printer connected to a Mac.

There’s also an application called Printopia for Mac. This app shares any printer connected to your Mac wirelessly, allowing printing from an iPad or an iPhone. Let me repeat that: “any printer.” You can even print out to a PDF or JPG file, and save it.

So, if the question is, “What printers using AirPrint are the best?,” then the answer has to be, for any Mac user, any printer you consider the best, because you can now use AirPrint to print to any printer. PC and Windows users, however, are not that lucky — if you have an i-device, but no Mac, you’ll have to print directly via AirPrint to the HP printers listed above.

'IT' 카테고리의 다른 글

How to compare two Excel sheets for differences in values  (0) 2016.08.18
basketball  (0) 2012.11.01
Setting the secure flag in the cookie is easy  (0) 2011.12.10
Why Java Will Always Be Slower than C++  (0) 2011.12.09
a  (0) 2011.12.09
Posted by CEOinIRVINE
l
TechRepublic had an interesting article about the Surf Jack attack. Many people commented, some giving their own solution to the problem. However many of these solutions do not prevent the attack because they do not really address it. Of course, who ever missed the details should check out the paper.

The attack has been addressed quite a while ago, and the solution is easy to implement in many occasions. So no need to reinvent the wheel or create a new solution which has not been peer reviewed yet. Here I'll indicate how to set the secure flag in various languages / web application technologies. The idea is that besides making use of HTTPS instead of HTTP, one needs to set a flag in the cookie so that it cannot be leaked out in clear text.

PHP

bool setcookie ( string $name [, string $value [, int $expire [, string $path [, string $domain [, bool $secure [, bool $httponly ]]]]]] )

Note that the $secure boolean should be set to true.



Cookie helloCookie = new Cookie("name",text);
helloCookie.setSecure(true);

ASP.NET
HttpCookie cookie = new HttpCookie('name');
cookie.Secure = True;
cookie.Value = 'Joe';

Perl with CGI.pm

(added by Noam)
$cookie = cookie(-name=>’sessionID’,
-value=>’xyzzy’,
-expires=>’+1h’,
-path=>’/cgi-bin/database’,
-domain=>’.capricorn.org’,
-secure=>1);

'IT' 카테고리의 다른 글

basketball  (0) 2012.11.01
The Best AirPrint Compatible Printers  (0) 2011.12.23
Why Java Will Always Be Slower than C++  (0) 2011.12.09
a  (0) 2011.12.09
Information Security Interview Questions  (0) 2011.12.05
Posted by CEOinIRVINE
l

by Dejan Jelovic

"Java is high performance. By high performance we mean adequate. By adequate we mean slow." - Mr. Bunny

Anybody that has ever used a non-trivial Java program or has programmed in Java knows that Java is slower than native programs written in C++. This is a fact of life, something that we accept when we use Java.

However, many folks would like to convince us that this is just a temporary condition. Java is not slow by design, they say. Instead, it is slow because today's JIT implementations are relatively young and don't do all the optimizations they could.

This is incorrect. No matter how good the JITs get, Java will always be slower than C++.

The Idea

People who claim that Java can be as fast as C++ or even faster often base their opinion on the idea that more disciplined languages give the compiler more room for optimization. So, unless you are going to hand-optimize the whole program, the compiler will do a better job overall.

This is true. Fortran still kicks C++'s ass in numeric computing because it is more disciplined. With no fear of pointer aliasing the compiler can optimize better. The only way that C++ can rival the speed of Fortran is with a cleverly designed active library like Blitz++.

However, in order to achieve overall results like that, the language must be designed to give the compiler room for optimization. Unfortunately, Java was not designed that way. So no matter how smart the compilers get, Java will never approach the speed of C++.

The Benchmarks

Perversely, the only area in which Java can be as fast as C++ is a typical benchmark. If you need to calculate Nth Fibonacci number or run Linpack, there is no reason why Java cannot be as fast as C++. As long as all the computation stays in one class and uses only primitive data types like int and double, the Java compiler is on equal footing with the C++ compiler.

The Real World

The moment you start using objects in your program, Java looses the potential for optimization. This section lists some of the reasons why.

1. All Objects are Allocated on the Heap

Java only allocates primitive data types like int and double and object references on the stack. All objects are allocated on the heap.

For large objects which usually have identity semantics, this is not a handicap. C++ programmers will also allocate these objects on the heap. However, for small objects with value semantics, this is a major performance killer.

What small objects? For me these are iterators. I use a lot of them in my designs. Someone else may use complex numbers. A 3D programmer may use a vector or a point class. People dealing with time series data will use a time class. Anybody using these will definitely hate trading a zero-time stack allocation for a constant-time heap allocation. Put that in a loop and that becomes O (n) vs. zero. Add another loop and you get O (n^2) vs. again, zero.

2. Lots of Casts

With the advent of templates, good C++ programmers have been able to avoid casts almost completely in high-level programs. Unfortunately, Java doesn't have templates, so Java code is typically full of casts.

What does that mean for performance? Well, all casts in Java are dynamic casts, which are expensive. How expensive? Consider how you would implement a dynamic cast:

The fastest thing you could do is assign a number to each class and then have a matrix that tells if any two classes are related, and if they are, what is the offset that needs to be added to the pointer in order to make the cast. In that case, the pseudo-code for the cast would look something like this:

DestinationClass makeCast (Object o, Class destinationClass) {
    Class sourceClass = o.getClass (); // JIT compile-time
    int sourceClassId = sourceClass.getId (); // JIT compile-time

    int destinationId = destinationClass.getId ();

    int offset = ourTable [sourceClassId][destinationClassId];

    if (offset != ILLEGAL_OFFSET_VALUE) {
        return <object o adjusted for offset>;
    }
    else {
        throw new IllegalCastException ();
    }
}

Quite a lot of code, this little cast! And this here is a rosy picture - using a matrix to represent class relationships takes up a lot of memory and no sane compiler out there would do that. Instead, they will either use a map or walk the inheritance hierarchy - both of which will slow things down even further.

3. Increased Memory Use

Java programs use about double the memory of comparable C++ programs to store the data. There are three reasons for this:

  1. Programs that utilize automatic garbage collection typically use about 50% more memory that programs that do manual memory management.
  2. Many of the objects that would be allocated on stack in C++ will be allocated on the heap in Java.
  3. Java objects will be larger, due to all objects having a virtual table plus support for synchronization primitives.

A larger memory footprint increases the probability that parts of the program will be swapped out to the disk. And swap file usage kills the speed like nothing else.

4. Lack of Control over Details

Java was intentionally designed to be a simple language. Many of the features available in C++ that give the programmer control over details were intentionally stripped away.

For example, in C++ one can implement schemes that improve the locality of reference. Or allocate and free many objects at once. Or play pointer tricks to make member access faster. Etc.

None of these schemes are available in Java.

5. No High-Level Optimizations

Programmers deal with high-level concepts. Unlike them, compilers deal exclusively with low-level ones. To a programmer, a class named Matrix represents a different high-level concept from a class named Vector. To a compiler, those names are only entries in the symbol table. What it cares about are the functions that those classes contain, and the statements inside those functions.

Now think about this: say you implement the function exp (double x, double y) that raises x to the exponent y. Can a compiler, just by looking at the statements in that function, figure out that exp (exp (x, 2), 0.5) can be optimized by simply replacing it with x? Of course not!

All the optimizations that a compiler can do are done at the statement level, and they are built into the compiler. So although the programmer might know that two functions are symmetric and cancel each other now, or that the order of some function calls is irrelevant in some place, unless the compiler can figure it out by looking at the statements, the optimization will not be done.

So, if a high-level optimization is to be done, there has to be a way for the programmer to specify the high-level optimization rules for the compiler.

No popular programming language/system does this today. At least not in the totally open sense, like what the Microsoft's Intentional Programming project promises. However, in C++ you can do template metaprogramming to implement optimizations that deal with high-level objects. Temporary elimination, partial evaluation, symmetric function call removal and other optimizations can be implemented using templates. Of course, not all high-level optimizations can be done this way. And implementing some of these things can be cumbersome. But a lot can be done, and people have implemented some snazzy libraries using these techniques.

Unfortunately, Java doesn't have any metaprogramming facilities, and thus high-level optimizations are not possible in Java.

So...

Java, with the current language features, will never be as fast as C++. This pretty much means that it's not a sensible choice for high-performance software and the highly competitive COTS arena. But its small learning curve, its forgiveness, and its large standard library make it a good choice for some small and medium-sized in-house and custom-built software.

Notes

1. James Gosling has proposed a number of language features that would help improve Java performance. You can find the text here. Unfortunately, the Java language has not changed for four years, so it doesn't seem like these will be implemented any time soon.

2. The most promising effort to bring generic types to Java is Generic Java. Unfortunately, GJ works by removing all type information when it compiles the program, so what the execution environment sees is the end is again the slow casts.

3. The Garbage Collection FAQ contains the information that garbage collections is slower than customized allocator (point 4 in the above text).

4. There is a paper that claims that Garbage Collection Can Be Faster than Stack Allocation. But the requirement is that there is seven times more physical memory than what the program actually uses. Plus, it describes a stop-and-copy collector and doesn't take concurrency into account. [Peter Drayton: FWIW, this is an over-simplification of the paper, which provides a means of calculating what the cross-over point is, but doesn't claim that 7 is a universal cross-over point: it is merely the crossover point he derives using the sample inputs in the paper.]

Feedback

I received a lot of feedback about this article. Here are the typical comments, together with my answers:

"You forgot to mention that all methods in Java are virtual, because nobody is using the final keyword."

The fact that people are not using the final keyword is not a problem with the language, but with the programmers using it. Also, virtual functions calls in general are not problematic because of the call overhead, but because of lost optimization opportunities. But since JITs know how to inline across virtual function boundaries, this is not a big deal.

Java can be faster than C++ because JITs can inline over virtual function boundaries.

C++ can also be compiled using JITs. Check out the C++ compiler in .NET.

In the end, speed doesn't matter. Computers spend most of their time waiting on our input.

Speed still maters. I still wait for my laptop to boot up. I wait for my compiler. I wait on Word when I have a long document.

I work in the financial markets industry. Sometimes I have to run a simulation over a huge data set. Speed matters in those cases.

It is possible for a JIT to allocate some objects on a stack.

Sure. Some.

Your casting pseudo-code is naive. For classes a check can be made based on inheritance depth.

First, that's only a tad faster than the matrix lookup.

Second, that works only for classes, which make up what percentage of casts? Low-level details are usually implemented through interfaces.

So we should all use assembly, ha!?

No. We should all use languages that make sense for a given project. Java is great because it has a large standard library that makes many common tasks easy. It's more portable than any other popular language (but not 100% portable - different platforms fire events at different times and in different order). It has garbage collection that makes memory management simpler and some constructs like closures possible.

But, at the same time, Java, just like any other language, has some deficiencies. It has no support for types with value semantics. Its synchronization constructs are not efficient enough. Its standard library relies on checked exceptions which are evil because they push implementation details into interfaces. Its performance could be better. The math library has some annoying problems. Etc.

Are these deficiencies a big deal? It depends on what you are building. So know a few languages and pick the one that, together with the compiler and available libraries, makes sense for a given project.

Read more...


Content of this site is © Dejan Jelovic. All rights reserved.

'IT' 카테고리의 다른 글

The Best AirPrint Compatible Printers  (0) 2011.12.23
Setting the secure flag in the cookie is easy  (0) 2011.12.10
a  (0) 2011.12.09
Information Security Interview Questions  (0) 2011.12.05
Endpoint Buyers Guide (Anti Virus)  (0) 2011.12.02
Posted by CEOinIRVINE
l

a

IT 2011. 12. 9. 04:07

 

Posted by CEOinIRVINE
l

Information Security Interview Questions

websec

What follows is a list of questions for use in vetting candidates for positions in Information Security. Many of the questions are designed to get the candidate to think, and to articulate that thought process in a scenario where preparation was not possible. Observing these types of responses is often as important as the actual answers.

I’ve mixed technical questions with those that are more theory and opinion-based, and they are also mixed in terms of difficulty. A number of trick questions are included, but the goal there is to expose glaring technical weakness, not to be cute. I also include with each question a few words on expected responses.

Where do you get your security news from?

Here I’m looking to see how in tune they are with the security community. Answers I’m looking for include syndication feeds for solid sites like liquidmatrix, packetstorm, rootsecure, secguru, astalavista, whitedust, internet storm center, etc. The exact sources don’t really matter. What does matter is that he doesn’t respond with, “I go to the CNET website.”, or, “Steve Gibson’s home page”. It’s these types of answers that will tell you he’s likely not on top of things.

If you had to both encrypt and compress data during transmission, which would you do first, and why?

If they don’t know the answer immediately it’s ok. The key is how they react. Do they panic, or do they enjoy the challenge and think through it? I was asked this question during an interview at Cisco. I told the interviewer that I didn’t know the answer but that I needed just a few seconds to figure it out. I thought out loud and within 10 seconds gave him my answer: “Compress then encrypt. If you encrypt first you’ll have nothing but random data to work with, which will destroy any potential benefit from compression.”

What’s the difference between HTTP and HTML?

Obviously the answer is that one is the networking/application protocol and the other is the markup language, but again–the main thing you’re looking for is for him not to panic.

How does HTTP handle state?

It doesn’t, of course. Not natively. Good answers are things like “cookies”, but the best answer is that cookies are a hack to make up for the fact that HTTP doesn’t do it itself.

What exactly is Cross Site Scripting?

You’d be amazed at how many security people don’t know even the basics of this immensely important topic. We’re looking for them to say anything regarding an attacker getting a victim to run script content (usually Javascript) within their browser.

What’s the difference between stored and reflected XSS?

Stored is on a static page or pulled from a database and displayed to the user directly. Reflected comes from the user in the form of a request (usually constructed by an attacker), and then gets run in the victim’s browser when the results are returned from the site.

What are the common defenses against XSS?

Input Validation/Output Sanitization, with focus on the latter.

What’s the difference between symmetric and public-key cryptography

Standard stuff here–single key vs. two keys, etc, etc.

In public-key cryptography you have a public and a private key, and you often perform both encryption and signing functions. Which key is used for which function?

You encrypt with the other person’s public key, and you sign with your own private. If they confuse the two, don’t put them in charge of your PKI project.

What kind of network do you have at home?

Good answers here are anything that shows you he’s a computer/technology/security enthusiast and not just someone looking for a paycheck. So if he’s got multiple systems running multiple operating systems you’re probably in good shape. What you don’t want to hear is, “I get enough computers when I’m at work..” I’ve yet to meet a serious security guy who doesn’t have a considerable home network.

What is Cross-Site Request Forgery?

Not knowing this is more forgivable than not knowing what XSS is, but only for junior positions. Desired answer: when an attacker gets a victim’s browser to make requests, ideally with their credentials included, without their knowing. A solid example of this is when an IMG tag points to a URL associated with an action, e.g. http://foo.com/logout/. A victim just loading that page could potentially get logged out from foo.com, and their browser would have made the action, not them (since browsers load all IMG tags automatically).

How does one defend against CSRF?

Nonces required by the server for each page or each request is an accepted, albeit not foolproof, method. Again, we’re looking for recognition and basic understanding here–not a full, expert level dissertation on the subject. Adjust expectations according to the position you’re hiring for.

What port does ping work over?

A trick question, to be sure, but an important one. If he starts throwing out port numbers you may want to immediately move to the next candidate. Hint: ICMP is a layer 3 protocol (it doesn’t work over a port) A good variation of this question is to ask whether ping uses TCP or UDP. An answer of either is a fail, as those are layer 4 protocols.

How exactly does traceroute/tracert work at the protocol level?

This is a fairly technical question but it’s an important concept to understand. It’s not natively a “security” question really, but it shows you whether or not they like to understand how things work, which is crucial for an Infosec professional. If they get it right you can lighten up and offer extra credit for the difference between Linux and Windows versions.

The key point people usually miss is that each packet that’s sent out doesn’t go to a different place. Many people think that it first sends a packet to the first hop, gets a time. Then it sends a packet to the second hop, gets a time, and keeps going until it gets done. That’s incorrect. It actually keeps sending packets to the final destination; the only change is the TTL that’s used. The extra credit is the fact that Windows uses ICMP by default while Linux uses UDP.

If you were to start a job as head engineer or CSO at a Fortune 500 company due to the previous guy being fired for incompetence, what would your priorities be? [Imagine you start on day one with no knowledge of the environment]

We don’t need a list here; we’re looking for the basics. Where is the important data? Who interacts with it? Network diagrams. Visibility touch points. Ingress and egress filtering. Previous vulnerability assessments. What’s being logged an audited? Etc. The key is to see that they could quickly prioritize, in just a few seconds, what would be the most important things to learn in an unknown situation.

As a corporate Information Security professional, what’s more important to focus on: threats or vulnerabilities?

This one is opinion-based, and we all have opinions. Focus on the quality of the argument put forth rather than whether or not they they chose the same as you, necessarily. My answer to this is that vulnerabilities should usually be the main focus since we in the corporate world usually have little control over the threats.

Another way to take that, however, is to say that the threats (in terms of vectors) will always remain the same, and that the vulnerabilities we are fixing are only the known ones. Therefore we should be applying defense-in-depth based on threat modeling in addition to just keeping ourselves up to date.

Both are true, of course; the key is to hear what they have to say on the matter.

Describe the last program or script that you wrote. What problem did it solve?

All we want to see here is if the color drains from the guy’s face. If he panics then we not only know he’s not a programmer (not necessarily bad), but that he’s afraid of programming (bad). I know it’s controversial, but I think that any high-level security guy needs some programming skills. They don’t need to be a God at it, but they need to understand the concepts and at least be able to muddle through some scripting when required.

What are Linux’s strengths and weaknesses vs. Windows?

Look for biases. Does he absolutely hate Windows and refuse to work with it? This is a sign of an immature hobbyist who will cause you problems in the future. Is he a Windows fanboy who hates Linux with a passion? If so just thank him for his time and show him out. Linux is everywhere in the security world.

What’s the difference between a threat, vulnerability, and a risk?

As weak as the CISSP is as a security certification it does teach some good concepts. Knowing basics like risk, vulnerability, threat, exposure, etc. (and being able to differentiate them) is important for a security professional. Ask as many of these as you’d like, but keep in mind that there are a few differing schools on this. Just look for solid answers that are self-consistent.

Cryptographically speaking, what is the main method of building a shared secret over a public medium?

Diffie-Hellman. And if they get that right you can follow-up with the next one.

What’s the difference between Diffie-Hellman and RSA?

Diffie-Hellman is a key-exchange protocol, and RSA is an encryption/signing protocol. If they get that far, make sure they can elaborate on the actual difference, which is that one requeres you to have key material beforehand (RSA), while the other does not (DH). Blank stares are undesirable.

What kind of attack is a standard Diffie-Hellman exchange vulnerable to?

Man-in-the-middle, as neither side is authenticated.

What’s the goal of information security within an organization?

This is a big one. What I look for is one of two approaches; the first is the über-lockdown approach, i.e. “To control access to information as much as possible, sir!” While admirable, this again shows a bit of immaturity. Not really in a bad way, just not quite what I’m looking for. A much better answer in my view is something along the lines of, “To help the organization succeed. ”This type of response shows that the individual understands that business is there to make money, and that we are there to help them do that. It is this sort of perspective that I think represents the highest level of security understanding—-a realization that security is there for the company and not the other way around.

Are open-source projects more or less secure than proprietary ones?

The answer to this question is often very telling about a given candidate. It shows 1) whether or not they know what they’re talking about in terms of development, and 2) it really illustrates the maturity of the individual (a common theme among my questions). My main goal here is to get them to show me pros and cons for each. If I just get the “many eyes” regurgitation then I’ll know he’s read Slashdot and not much else. And if I just get the “people in China can put anything in the kernel” routine then I’ll know he’s not so good at looking at the complete picture.

The ideal answer involves the size of the project, how many developers are working on it (and what their backgrounds are), and most importantly — quality control. In short, there’s no way to tell the quality of a project simply by knowing that it’s either open-source or proprietary. There are many examples of horribly insecure applications that came from both camps.

What’s the difference between encoding, encryption, and hashing?

Encoding is designed to protect the integrity of data as it crosses networks and systems, i.e. to keep its original message upon arriving, and it isn’t primarily a security function. It is easily reversible because the system for encoding is almost necessarily and by definition in wide use. Encryption is designed purely for confidentiality and is reversible only if you have the appropriate key/keys. With hashing the operation is one-way (non-reversible), and the output is of a fixed length that is usually much smaller than the input.

Who do you look up to within the field of Information Security? Why?

A standard question type. All we’re looking for here is to see if they pay attention to the industry leaders, and to possibly glean some more insight into how they approach security. If they name a bunch of hackers/criminals that’ll tell you one thing, and if they name a few of the pioneers that’ll say another. If they don’t know anyone in Security, well…consider closely what position you’re hiring them for. Hopefully it’s a junior position.

Advanced

Ok, now for some more advanced questions:

  1. If I’m on my laptop, here inside my company, and I have just plugged in my network cable. How many packets must leave my NIC in order to complete a traceroute to twitter.com?

    The key here is that they need to factor in all layers: Ethernet, IP, DNS, ICMP/UDP, etc. And they need to consider round-trip times. What you’re looking for is a realization that this is the way to approach it, and an attempt to knock it out. A bad answer is the look of WTF on the fact of the interviewee.


  2. How would you build the ultimate botnet?

    Answers here can vary widely; you want to see them cover the basics: encryption, DNS rotation, the use of common protocols, obscuring the heartbeat, the mechanism for providing updates, etc. Again, poor answers are things like, “I don’t make them; I stop them.”

Bonus: Scenario Role-Play

For special situations you may want to do the ultimate interview question. This is a role-played scenario, where the candidate is a consultant and you control the environment. I had one of these during an interview and it was quite valuable.

So you tell them, for example, that they’ve been called in to help a client who’s received a call from their ISP stating that one or more computers on their network have been compromised. And it’s their job to fix it. They are now at the client site and are free to talk to you as the client (interviewing them), or to ask you as the controller of the environment, e.g. “I sniff the external connection using tcpdump on port 80. Do I see any connections to IP 4.2.2.2?” And you can then say yes or no, etc.

From there they continue to troubleshooting/investigating until they solve the problem or you discontinue the exercise due to frustration or pity.

Feel free to contact me if you have any comments on the questions, or if you have an ideas for additions.

Posted by CEOinIRVINE
l

Posted by CEOinIRVINE
l

It's possible to break out of your Verizon Wireless contract in the next 60 days without paying an early termination fee because they're increasing the "regulatory fee" they charge customers from $.13 to $.16. This is what is known as a "materially adverse change of contract" and by standard contract law, it renders the contract void if one of the parties doesn't like the change.

First you'll want to bone up on what materially adverse change of contract means. Basically you signed a contract to get a given service at a given price, and after you signed it, they made it cost more. It doesn't matter if it's $50, a penny, or in this case, 3 cents. It's still materially adverse.

Then you'll have to call up Verizon and ask to be transferred to the retentions department. There you will pitch your case that this fee is a materially adverse change of contract, it voids the contract, and you demand to be let out of your contract without paying an early termination fee.

If they offer you freebies, turn them down. If they ask you if there is any other reason whatsoever, like your satisfaction with the service or the quality of it, that is making you leave, say no. Be single-mindedly focused on how this fee increase is the reason why you want to leave. And don't be scared. Despite its important-sounding name, the "Regulatory fee" is not charged by the government, it's just another fee Verizon assesses.

The reps may argue with you, they may tell you information that is not accurate, they may give you the runaround. Sometimes they're misinformed, other times they're just under extreme pressure not to let anyone leave without paying the toll. Don't be afraid to hang up and try someone else or escalate to a supervisor.

Worst comes to worst and they refuse to abide by standard contract law, you can take them to small claims court.

You only have 60 days from July 1st to make the cancellation because after that it is assumed that you have accepted any change to the contract.

Here's the relevant information from Verizon's customer agreement

Can Verizon Wireless Change This Agreement or My Service?

We may change prices or any other term of your Service or this agreement at any time,but we'll provide notice first, including written notice if you have Postpay Service. If you use your Service after the change takes effect, that means you're accepting the change. If you're a Postpay customer and a change to your Plan or this agreement has a material adverse effect on you, you can cancel the line of Service that has been affected within 60 days of receiving the notice with no early termination fee.

To help buck up your confidence, here are a few success stories and tactics from people who have successfully used these fees to get out of their wireless contracts without paying an early termination fee:

 

 

The information contained in this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by replying to the message and deleting it from your computer.

 

Notice required by law: This e-mail may constitute an advertisement or solicitation under U.S. law, if its primary purpose is to advertise or promote a commercial product or service. You may choose not to receive advertising and promotional messages from NHN USA Inc. (except for NHN USA Inc. Online and the nhnusainc.com website, which track e-mail preferences through a separate process) at this e-mail address by forwarding this message to cybercop@ijji.com If you do so, the sender of this message will be notified promptly. Our principal postal address is 5161 California Avenue Suite 250, Irvine, CA 92617

 

Justin Choi IT Security Manager

5161 California Avenue Suite 250 , Irvine CA 92612

E-mail justin.choi@nhnusainc.com

Tel 949 863 1292 ext 234 Mobile 949 954 0079 fax 949 863 9418

http://www.ijji.com/

 

 

Posted by CEOinIRVINE
l
To use a port scan tool to determine listening ports of active hosts:
  1. Download Angry IP Scanner from www.angryip.org/w/Download.

  2. Enter the IP address of the target system in the Host or IP Address field or enter a range or IP address for your lab systems and click Start to perform a conventional (full connect) scan of standard ports.


Posted by CEOinIRVINE
l