12 common mistakes done by programmers

Most often, software developers seem locked into certain failure modes that can't be avoided and such is the frequency with which they fall prey to a particular poor programming practice.Peter Wayner of Computerworld writes about twelve most common programming mistakes, each of which is accompanied by its opposing pair. Below are the twelve programming pitfalls developers should stay away from.

Playing it fast and loose
Failing to prop up the basics is the easiest way to make errors in coding. There are a lot of small places where a developer may make a mistake which causes software to fail. And the worst part about sloppy programming is that advances in language design aimed to fix these problems don't do their job. There have been improvements in syntax in programming languages. For instance, the latest version of Java tries to make null-pointer checking easier by offering shorthand syntax for the endless pointer testing. But such syntax improvements can only prevent code from crashing. They don't eliminate the root of the problem: the proliferation of null values due to fast and loose programming.

Overcommitting to details
On the flip side, overly buttoned-up software can slow to a crawl. Relentless devotion to detail can even lock up software if the obsessive checking requires communicating with a distant website over the network. Here, the challenge is to design the layers of code to check the data when it first appears, which is much easier said than done.

Not simplifying control
Not simplifying control over tasks in their code may invite disaster for developers. The software assumes that if someone creates an object of type Name with two fields first and last, then it should immediately create a database table called Name with two columns, first and last. The names are specified in only one place, avoiding any problems that might come if someone fails to keep all of the layers of configuration in sync.

Delegating too much to frameworks
Sometimes the magic tools lead only to confusion. By abstracting functionality and assuming what we want, frameworks can all too often leave developers at a loss for what's gone wrong in their code. The rules are, while quite reasonable, not entirely trivial. As the app grows, it depends on more and more of these almost-trivial bits of external knowledge.

Trusting the client
Many of the worst security bugs appear when developers assume the client device will do the right thing. For example, code written to run in a browser can be rewritten by the browser to execute any arbitrary action. If the developer doesn't double-check all of the data coming back, anything can go wrong.

Not trusting the client enough
Sometimes too much security can lead paradoxically to gaping holes. Because of this, many Web developers are looking to reduce security as much as possible, not only to make it easy for people to engage with their products but also to save them the trouble of defending more than the minimum amount of data necessary to set up an account.

Relying too heavily on magic boxes
Many programmers assume they can link in the encryption library, push a button, and have iron-clad security. But many of these magic algorithms have subtle weaknesses, and avoiding these weaknesses requires learning more than what's in the Quick Start section of the manual.

Reinventing the wheel
Then again, writing your own libraries just because you think you know a better way to code can come back to haunt you. But grow-your-own cryptography is a welcome sight to attackers. Many libraries don't need to be perfect, so grabbing a magic box is more likely to be better than the code you write yourself.

Opening up too much to the user
Placing the onus on users to customize functionality they do not fully understand can invite disaster in the form of inadvertent security holes and privacy violations. When making purchasing decisions, most users can't handle the breadth of features offered by any given piece of software.

Overdetermining the user experience
Some developers decide to avoid the trouble of too many features by offering exactly one solution. But if users don't like the idea, they will look for ways to work around these limitations, and it will lead to an outcome that could translate into security vulnerabilities.

Closing the source
The decision to not distribute code works against the integrity of that code and it can discourage innovation and fixing bugs. Just opening up the code forces you to make the info more accessible, understandable, and thus better.

Assuming openness is a cure-all
While openness can make it possible for others to pitch in and, thus, improve your code, the mere fact that it's open won't do much unless there's another incentive for outside contributors to put in the work. Opening up a project can also add new overhead for communications and documentation. Moreover, a good open source project comes with extensive documentation of the API and road maps for future development.

Top 10 IT certifications in demand today

With the global economy moved out of the great recession, technology jobs are playing a significant role in the recovery. There are a number of technology certification programs. Some of them are sponsored by software vendors, some by vendor-neutral organizations, and some by educational institutions. But which are the skills and certifications that can give you an edge over the others on getting the job?

Microsoft Certified Technology Specialist (MCTS)
MCTS helps IT staff validate skills in installing, maintaining, and troubleshooting a specific Microsoft technology. The MCTS certifications are designed to communicate the skills and expertise a holder possesses on a specific platform. For example, candidates won't earn an MCTS on SQL Server 2008. Instead, they'll earn an MCTS covering SQL Server business intelligence, database creation or SQL server. MCTS credential enables professionals to target specific technologies, and is generally the first step toward the Professional-level certifications.

Cisco Certified Internetwork Expert (CCIE)
CCIE is a vendor-sponsored certification, focusing on Cisco's products. It requires that the candidate passes both a written exam and a hands-on lab. Candidates have to choose from one of several tracks: Routing and Switching, Security, Storage Networking, Voice, and Service Provider. CCIEs must recertify every two years or the certification is suspended. CCIE accreditation captures most of the networking company's certification glory.

Cisco Certified Security Professional (CCSP)
CCSP focuses on skills related to securing networks that run Cisco routers and other equipment. Candidates are required to pass five written exams and must recertify every three years by passing one current exam. Before a candidate can take the CCSP exams, he must meet the prerequisites by obtaining one of Cisco's lower-level certifications, either the Cisco Certified Network Associate (CCNA) or the Cisco Certified Internetwork Specialist (CCIP). It focuses on skills related to securing networks that run Cisco routers and other equipment.

Red Hat Certified Engineer (RHCE)/Red Hat Certified Architect (RHCA)
RHCE is one of the well respected Linux certifications in the industry. The exam is performance-based. Candidates are required to perform actual network installation, configuration, troubleshooting, and administration tasks on a live system.

RHCA is an advanced certification that requires completion of five endorsement exams, each of which costs $749. Like the RHCE exam, they are hands-on skills tests. Candidates must have the RHCE certification to take the RHCA exams.

Technology Infrastructure Library (ITIL)
ITIL certifications provide demonstration of knowledge and skills involved in management positions in IT services. There are three certification levels: Foundation, Practitioner, and Manager. The Manager level certification requires completion of a two-week training program, and candidates must have the Foundation certification and five years of IT management experience. Then, they must pass two three-hour exams consisting of essay questions. ITIL is intended to assist organizations in developing a framework for IT service management. Worldwide, ITIL is the most widely recognized qualification in IT service management.

International Software Testing Qualifications Board (ISTQB)
ISTQB is a software testing qualification certification organization. It is responsible for the international qualification scheme called "ISTQB Certified Tester". The qualifications are based on a syllabus, and there is a hierarchy of qualifications and guidelines for accreditation and examination. It is the ISTQB's role to support a single, universally accepted, international qualification scheme, aimed at software and system testing professionals, by providing the core syllabi and by setting guidelines for accreditation and examination for national boards.
Project Management Professional (PMP)
The Project Management Institute (PMI), a nonprofit organization that serves as a leading membership association for project management practitioners, maintains the PMP exam. The certification measures a candidate's project management expertise by validating skills and knowledge required to plan, execute, budget, and lead a technology project. Eligible candidates must have five years of project management experience or three years of project management experience and 35 hours of related education.

Microsoft Certified Professional Developer (MCPD)
MCPD accreditation measures a developer's ability to build and maintain software solutions using Visual Studio 2008 and Microsoft .NET Framework 3.5. Split into three certification paths (Windows Developer 3.5, ASP.NET Developer 3.5, and Enterprise Applications Developer 3.5), MCPD targets IT professionals tasked with designing, optimizing, and operating those Microsoft technologies to fulfill business needs.

Sun certified system administrator (SCSA)
SCSA gives the wide opportunity to professionals interested in imparting knowledge related to the Solaris operating system administrator. It's beneficial for all system administration professionals and linked with performing an essential system administration tasks on Solaris system. The basic requirements for SCSA certification is, to have deep knowledge of Solaris system and involves two examinations related to different versions of this operating system.

Oracle's Database administration (DBA)
Oracle has introduced a wide range of certification programs for entry level to experienced professionals and for domains ranging from database administration and database management to programming.

Oracle's OCA DBA 11g is an entry-level certification specifically designed to certify foundation skills required for database administration or application development. Its objectives are intended to measure a candidate's ability to work as a junior team member with database administrators or application developers. OCP DBA 11g develops, within the candidate, the skills of managing a large scale database and enhances the knowledge regarding the concepts and architecture relating to database, backup and recovery procedures. OCA DBA 10g is an entry-level certification specifically designed to certify foundation skills required for database administration or application development. OCP Certification DBA 10g validates a candidate's skills that include implementing and managing complex Oracle Database 10g functions, and recovering and tuning the database using advanced tools and technologies. OCA DBA 9i is an entry-level certification specifically designed to certify foundation skills required for database administration or application development.

Top 5 Security Suites for your PC

Thanks to the various malicious software and phishing scams, today no one can stay online without having the threat of stealing of personal details, hijacking of browser, malware attacks and many other security issues. A mere antivirus program is not just well enough to stop malicious software like malwares from infiltrating your computer. We need multi-functional security suites that target not only viruses, but all types of attacks. A number of security firms are offering much improved multi-functional security suites these days. Below are the top five security suites that are capable of securing your PC from multiple security threats.

Symantec Norton Internet Security 2011

Symantec Norton Internet Security 2011 meliorates its already-excellent protection. The edition is very easy to install and use. Most of the tasks run in idle time. It is loaded with additional virus cleanup tool and an intelligent firewall. It also offers many Web-based products and services like online backup and parental controls. There is a new interactive panel in its main window makes Norton Internet Security 2011 a manager for these online services.

Symantec Norton Internet Security 2011 extends the "Download Insight" feature introduced by the earlier edition. In the latest edition Norton also has introduced a free stand-alone application, Norton Power Eraser that discovers and kills hard-to-find scareware that cannot be detected by traditional antivirus software.

Symantec Norton Internet Security 2011 runs on Windows 7/XP/Vista (32-bit and 64-bit) and supports browsers like Internet Explorer 6.0 or higher (32-bit only), Firefox 3.0 and later. It requires minimum 256 MB RAM and minimum 300 MB free hard disk space. It is available at 1,200.

Kaspersky Internet Security 2010

With a well-designed interface, Kaspersky Internet Security 2010 finishes second in the list for strong malware detection and efficient performance. Kaspersky is good in detecting active malware infections on a PC. It is a top performer in rootkit detection, finding and removing all inactive and active rootkits. In detection and disinfection of malware through behavioral scanning, Kaspersky Internet Security 2010 is very effective.

Kaspersky Internet Security's impact on system performance is minimal. A PC with Kaspersky's suite installed booted in 43.4 seconds on average, beating the average starting time by 3.5 seconds. The same PC running the McAfee or Norton suites, by comparison, took about 50 seconds to start up.

Kaspersky Internet Security 2010 runs on Windows 7/XP/Vista (32-bit and 64-bit) and supports browsers like Internet Explorer 6.0 or higher (32-bit only) for downloading updates. It requires minimum 256 MB RAM and minimum 375 MB free hard disk space. It is available at 890.

McAfee Total Protection 2010

With excellent malware protection, McAfee Total Protection 2010 provides effective and real-time anti-phishing protection. The anti-spam is also great. This security suite has a very user friendly interface and it is an efficient solution which won't slow your system down. The firewall includes a useful feature called Attack Detection, which is used to detect popular exploits and attacks on the Web.

It also features malware protection that works to remove malware and spyware that could potentially give out sensitive information to thieves. McAfee Total Protection 2010 installs a browser toolbar called SiteAdvisor Plus, which helps users avoid malicious Web sites.

McAfee Total Protection 2010 runs on Windows 7/XP/Vista (32-bit and 64-bit) and supports browsers like Internet Explorer 6.0 or higher (32-bit only), Firefox 3.0 and later. It requires minimum 512 MB RAM and minimum 200 MB free hard disk space. It is available at 1,220.

BitDefender Total Security 2010

BitDefender Total Security 2010 offers effective malware protection, anti-phishing coverage, a good spam filter and excellent parental controls. BitDefender gets a new interface that comes in three variations: a basic display with only three large icons and simple text, an intermediate design showing more detail, and an advanced interface for those who want to see granular details.

In detecting and disabling active infections, BitDefender Total Security 2010 is quite effective. It is also good at detection and disinfection of rootkits. BitDefender has improved the average startup time by roughly 3.5 seconds for a total of 43.46 seconds at startup.

BitDefender Total Security 2010 runs on Windows 7/XP/Vista (32-bit and 64-bit) and supports browsers like Internet Explorer 6.0 or higher (32-bit only), Firefox 3.0 and later. It requires minimum 512 MB RAM and minimum 450 MB free hard disk space. It is available at 1,790.

PC Tools Internet Security 2010

PC Tools, which is better known for Spyware Doctor, also offers this complete security suite with firewall, anti-virus, anti-spyware, anti-phishing, and spam filter protection. The software is easy to use but the spam filter is slow and the package does significantly increase your system boot time.

Although the interface has very little change from last year, it's very user friendly. In rootkit detection PC Tools Internet Security 2010 is capable of scoring high. In detecting, blocking, and removing unknown malware, PC Tools is quite effective. The program gets installed quickly, but it does require a system reboot.

PC Tools Internet Security 2010 runs on Windows 7/XP/Vista (32-bit and 64-bit) and supports browsers like Internet Explorer 6.0 or higher (32-bit only), Firefox 3.0 and later. It requires minimum 256 MB RAM and minimum 150 MB free hard disk space. It is available at 1,890.

Software to stop you writing e-mails when drunk

A new software can now stop you writing e-mails or posting messages when you are drunk. The Social Media Sobriety Test poses a series of simple problems that are intended to be fiendishly difficult to complete when intoxicated.

The test is designed to prevent alcohol-related posting to social media sites like
Facebook, MySpace, Twitter, YouTube and Flickr.

It also stops people from using custom sites like Foursquare or blogs and web-based
e-mail accounts such as gmail or hotmail, the Daily Mail reported.

If the inebriated user fails one of the simple tests, a message can be posted on their Facebook or Twitter page that tells their friends that they are "too drunk to post right now".

Developed by web security firm Webroot, the test's tagline is "Nothing good happens online after 1 a.m." And it is free to download.

Users are able to personalise it to choose which sites to block and then select the hours of the day when they are most likely to have enjoyed a few drinks.

If you want to access social media sites during these times, you will have to pass a randomly selected sobriety test such as 'drag your mouse in a straight line', 'type the alphabet backwards', or 'follow the finger'.

A Webroot spokesman said: "We saw an opportunity to remind people to be responsible on social networks, and to be humorous while talking about Internet security."

Top 10 ways your network can be attacked

Network security appliances do a great job of keeping the cyber monsters from invading your business. But what do you do when the monster is actually inside the security perimeter? Some of the major ways to attack your networks are mentioned below.

1. USB thumb drives: It is one of the common or the easiest ways to infect a network from inside a firewall. The ubiquity of thumb drives has driven hackers to develop targeted malware, such as the notorious Conficker worm, that can automatically execute upon connecting with a live USB port. Changes in the computer's default autorun policies can be said as one of the solution to this treat.

2. Laptop and netbooks: A notebook may already have malicious code running in the background that is tasked to scour the network and find additional systems to infect. This notebook could belong to an internal employee or guest who's visiting and working from an open cube or office. Laptops are also really handy Ethernet port for tapping directly into a network. Implement an encrypted file system for sensitive data can be a precaution.

3. Wireless access points: Wireless attacks by wardrivers are common and have caused significant damage in the past. It can provide immediate connectivity to any user within proximity of the network. Wireless APs are naturally insecure, regardless if encryption is used or not. Strong, mixed passwords should be used and changed on a fairly frequent basis to prevent this.

4. Miscellaneous USB devices:Devices like digital cameras, MP3 players, printers, scanners, fax machines and even digital picture frames are also included in the list besides the common USB devices. Since the primary functions of these devices are different we often forget their potential to cause threats. Therefore it is important to implement and enforce asset control and policies around what devices can enter the environment and when.

5. Inside connections: Internal company employees can also inadvertently or intentionally access areas of the network that they wouldn't or shouldn't otherwise have access to and compromise endpoints using any of the means outlined in this article. Passwords should be changed regularly. Authentication and access levels are a must for any employee - he should only have access to systems, file shares, etc. are some of the important steps to prevent this.

6. The Trojan human: It can take less than a minute for an unsupervised person in a server room to infect the network. Avoid assumptions and identify the source by asking questions can be said as one of the major steps.

7. Optical media: Recordable media that appear to be legitimate can and has been used to piggyback data in and out of networks. And, like the thumb drives mentioned above, they can be used as a source for network infection. As with the USB tip, it's important to implement and enforce asset control and policies around what devices can enter the environment and when. And then follow that up with frequent policy reminders.

8. Hindsight is 20/20: The human mind is also very effective at storing information. Who is watching you when you log into your desktop? Where are your hard copies stored? What confidential documents are you reading on your laptop at the coffee shop, airplane, etc.? The best safeguard is being conscious and alert about this threat whenever working on sensitive material -- even if it means stopping what you're doing momentarily to observe your surroundings.

9. Smartphones and other digital devices: phones do more than just allow you to call anyone in the world from anywhere; they're full-functioning computers, complete with Wi-Fi connectivity, multithreaded operating systems, high storage capacity, high-resolution cameras and vast application support. And they, along with other portable tablet-like devices, are starting to be given the green light in business environments. Therefore it is important to implement and enforce asset control and policies around what devices can enter the environment and when.

10. Email: Email is frequently used within businesses to send and receive data; however, it's often misused. Messages with confidential information can easily be forwarded to any external target. Therefore source identification should be made compulsory.

Logitech introduces solar-powered keyboard

Logitech has unveiled a solar-powered keyboard K750 that allows users to enjoy computing for longer durations. The company claimed that the new Wireless Solar Keyboard K750 is powers itself whenever there is light, even indoors.

The keyboard powers itself through integrated solar panels and includes an integrated power-indicator light. The device is a third of an inch thick, and incurve keys that support the shape of fingertips. In addition, the keys have rounded edges that make it easier for fingers to glide from key to key.

The Solar Keyboard requires a receiver that plugs into a computer's USB port. Using the 2.4GHz wireless connectivity, this Logitech Wireless Solar Keyboard is available for pre-orders at $80 (around 3550) in U.S. As of now, it is not clear about its availability and price in India.

Innovations that herald a new tech era

"Creativity is thinking up new things. Innovation is doing new things" and hence, innovative ideas are always critical for survival and growth today. Every other day we come across new technologies focusing on solving a variety of complexities. But very few of them we can tag as true innovations. Let's take a look at some of the important innovative technologies in key areas like computing systems, network security, software and wireless.

Software:
Simplifying the process of building 3D games, San Francisco-based Unity Technologies has brought out software with the help of which one can easily create 3D interactive content like games, training simulations and medical visualizations for various device including cell phones to game systems. The software has an editor that can take prefabricated components and combine them with other features to create full game environments. It has the best innovation award in the Software category of The Wall Street Journal 2010 Technology Innovation Awards.

Wireless:
Addressing two of the key problems - poor cellphone coverage inside a house and the growing congestion on cellular networks, Ubiquisys, a UK-based firm has introduced a small cellular base station for use indoors named Femtocells. The company's first femtocell to be sold at a wholesale price under $100 was G3-mini. The technology has won the best innovation award in the Wireless category of The Wall Street Journal 2010 Technology Innovation Awards.

iSIM, developed by Motorola is another key innovation in the world of wireless technologies. Motorola's iSIM (Intelligent SIM) is based on a flexible wafer that can be attached to the subscriber's original SIM providing additional services that can be controlled via SIM tool kit (STK) allowing third party developers to build applications and services.

Now, let's come to Pyxis Mobile's Application Studio. It is a platform that allows creating applications for mobile devices without coding. Companies can build apps with Pyxis Mobile without any hard coding, which enables to cut development time by as much as 80 percent.

Computing Systems:
U.S.-based Lightfleet has come up with a new way of connecting computer processors that uses beamed light instead of copper or fiber-optic wires. The key difference that this new technology from Lightfleet brings is that the traditional wired switches used to manage connections between microprocessors will be replaced by a device that will send a data-carrying beam of light to all the nodes at once. The technology has won the best innovation award in the Computing Systems category of The Wall Street Journal 2010 Technology Innovation Awards.

Another U.S.-based firm named Marvell Semiconductor has introduced Plug Computer, a small and low-power networked home server, which is capable of delivering data and applications to a variety of devices. At a time when consumers expect always- on and always- connected computing, this innovation from Marvell can find traction among the users. Unlike other embedded devices in the home, it contains a gigahertz- class processor designed to offer PC- class performance.

Network Security:
No matter how important the Internet is for us, it is true that it has gradually turned out to be the 'sweet home' for viruses, worms, spyware, Trojan horses and many other malicious software. But there are new ways coming out every day with the focus of heading off these threats.

Symantec's "reputation-based" technology is one of the most innovative ones in this category. In order to spot dangers that the traditional security products are unable to tap, this new technology examines the usage patterns of millions of computers. On the basis of data these patterns give about a particular program's characteristics like source, age and prevalence, the technology from Symantec assigns a "reputation rating" to each of the software that it examines. Since there are so many new malware variants constantly appearing, this new security solution can be effective to spot them. It has won the best innovation award in the Network Security category of The Wall Street Journal 2010 Technology Innovation Awards.

With the increasing demand for cloud computing, cloud-based security solutions are also gaining momentum. Spain-based Panda Security has introduced a free, cloud-based antivirus solution with 50 percent less impact on PC performance compared to the industry average. It utilizes a thin-client agent and server architecture which processes and blocks malware more efficiently than locally installed signature-based products.

SinglePoint is another key innovation by the U.S.-based cloud security company Symplified,that provides a cloud-native unified identity and access management platform allowing companies to extend and enforce IT security policies for access control, authentication, administration of users, and auditing to cloud applications.