ATI Radeon HD 5970 Review: Dual-GPU Graphics

ATI revealed its last generation Radeon 5000 graphics family last September, when we got the chance to review the ATI Radeon HD 5870, and what a treat that was.

In a few tests the single-GPU Radeon HD 5870 was able to outgun the mighty GeForce GTX 295, while in most it managed to match or improve upon the Radeon HD 4870 X2. As you are likely aware, both of these products carry dual GPUs, which bring a number of implications, not to mention bigger price tags.

Looking forward we knew Nvidia would have no immediate response to the new Radeons, while on the other hand ATI was not done unleashing its full series of products. Subsequently we looked at two more products that were meant to underperform the flagship HD 5870: the slightly cut down Radeon HD 5850 and the mainstream aimed HD 5770.

From left to right: Radeon HD 5770, HD 5850, HD 5870, and HD 5970.

But as we discussed in our preliminary Radeon 5870 review, on the horizon was also a follow-up to the Radeon HD 4870 X2, code-named "Hemlock XT", which in essence would put together a pair of Radeon HD 5870 GPUs on a single PCB.

Today AMD is officially unveiling the Hemlock as the new ATI Radeon HD 5970, hoping to expand its current dominance in single-GPU performance with the fastest single-slot graphics card on the market -- a title that until today was reserved for Nvidia's dual-GPU GeForce GTX 295.

The Radeon HD 5970 looks to be well suited for the job. The GPUs used in this card use exactly the same configuration found on the Radeon HD 5870, while core and memory frequencies match those of the Radeon HD 5850. This provides the HD 5970 with an unmatched memory bandwidth of 256GB/s.

All this horsepower will come at a hefty price, as AMD expects to charge as much as $600 for it. This is a bit hard to swallow, but all things considered it's about where we expected it to stand among the rest of high-end graphics offerings. 

Full exposure: A "naked" Radeon HD 5970 graphics card.

The $400 Radeon HD 5870 is still sold out virtually everywhere due to extreme shortages. The Radeon HD 5850 version still costs $300, meaning that a pair of them would cost the same amount as a single Radeon HD 5970, and we do not expect the performance to be nearly as good. On the other side of the equation, Nvidia's top performer, the GeForce GTX 295 is selling for around $500. 

As we see it, only extreme users looking for the best possible gaming experience - or the bragging rights attached to the label - will find the Radeon HD 5970 to make complete sense. 

Knowing this is the 5970's intended market, AMD has stamped a big "unlocked" label over the card in our press kit. Perhaps more marketing buzz than actual functionality, the Radeon HD 5970 allows you to jack core and memory frequencies as high as you like -- or at least as high as they will go without compromising stability. This in itself is far from exciting news as there's been software available to do just that for ages.

The most interesting part should come from the ability to adjust voltages and thus increase the card's overclocking room, something we'll be checking in detail next.

Nvidia GeForce GTX 260/280 Review

Over a year and a half – that’s how long the GeForce 8800 GTX remained in the position of what could be called Nvidia’s high-end GPU. Oh of course, six months after its release and – just a coincidence – just before the arrival of the R600, we did get an 8800 Ultra with slightly higher clock speeds, but it was nothing revolutionary. Then two and a half months ago, the arrival of the 9800GTX awakened hopes of substantial performance increases, but in the end the card offered only limited gains over the good old GTX, and was behind the Ultra version. For owners of these cards to be really happy with their investment, it was high time for Nvidia to offer more than a few extra megahertz or to rely on pairing two GPUs on the same card.

 

Finally Nvidia has heard our pleas: The GTX 280 is the first real reworking of the G8x architecture. And, yes, breaking with tradition, "GTX" is a prefix for this new architecture. Now we know the company’s modus operandi: Introduce a new architecture on a proven engraving process. Due to the often very high number of transistors, the chip is expensive to produce and the cards that use it remain expensive, but it stakes out the territory. Then during the ensuing years, Nvidia develops its architecture on all segments of the scale, using finer engraving, but it is less optimized for high clock speeds. Finally, when the new process is under control, Nvidia moves it into the high end, which then becomes much more affordable. We saw it with the G70/G71 and the G80/G92, and now history repeats itself with the GT200 – a true killer with 1.4 billion transistors engraved at 0.65 µm.

See our video of the GTX 280 (running) and the GTX 260 (shown).

The Types of Computer Mice

Computer mice some in a number of varieties. You can find a computer mouse for just about any use. To figure out what kind of mouse would work best with your PC, you need to know your mouse options:

• Mechanical mouse: Houses a hard rubber ball that rolls as the mouse is moved. Sensors inside the mouse body detect the movement and translate it into information that the computer interprets.
• Optical mouse: Uses an LED sensor to detect tabletop movement and then sends off that information to the computer for merry munching.
   
• Infrared (IR) or radio frequency cordless mouse: With both these types, the mouse relays a signal to a base station wired to the computer's mouse port. The cordless mouse requires power, which comes in the form of batteries.
• A mouse with many buttons: The extra buttons can be programmed to do specific things, such as navigate the Web or turn pages when you’re reading a document. The typical button-ified mouse has about five buttons.
  
  
  
• Trackball mouse: Like an upside-down mouse. Rather than roll the mouse around, you use your thumb or index finger to roll a ball on top of the mouse. The whole contraption stays stationary, so it doesn’t need a lot of room, and its cord never gets tangled.
  
• Stylus mouse: Another mouse mutation enjoyed by the artistic type is the stylus mouse, which looks like a pen and draws on a special pad.
• Cordless 3-D mouse: This kind of mouse can be pointed at the computer screen like a TV remote.

Top Five Budget Laptops 2011

Are you are thinking of buying a budget laptop to save money? Well, you've come to the right place!

I'm sure you know that buying a budget laptop can be tricky. How do you buy a laptop that has the minimal features you want and yet does not burn a hole in your pocket?

Well, it turns out that many laptop manufacturers target this market segment, so you have a huge variety of models to choose from.

Typically, a budget range laptop should be priced below $850. They tend to tradeoff some hardware or software features but that reduces the overall prices.

I've written this article to help you sieve out the top 5 budget laptops in the market. So let's get started right away ...

	Toshiba Satellite A215-S4747 Toshiba has always been manufacturing laptops and they have a lot of budget models. I find that the Toshiba Satellite A215-S4747 to be one of the best, with its AMD based dual core CPU, 1 GB or RAM and a generous 200GB hard drive. If you have some spare cash, it wouldn't hurt to upgrade the RAM to 2GB.
	Sony VGN-NR160E/S The Sony VGN-NR160E/S is a surprising entry in this list. The reason being that Sony is not usually considered a 'budget' laptop manufacturer. The VGN-NR160E/S is an exception. It contains an Intel Core 2 Duo CPU, 1 GB of RAM and a sizable 160GB hard drive. Highly recommended as it is a brand name machine at a very good price.
	Gateway M-6823 The Gateway M-6823 is an exclusive model that has recently been launched. It uses an Intel Core 2 Duo processor, 1 GB or RAM and a whopping 250GB hard drive. What's interesting is that you also get a LabelFlash drive used for burning labels to DVDs and CD. Unfortunately, it is not easy to find label media for the drive. On the whole, it is still a great laptop.
	HP Pavilion dv6605us The HP Pavilion dv6605us has much of the same features you saw in the other laptops. However, it is a budget laptop in every sense of the word -  with a price that is very hard to beat. The dv6605us comes with an AMD dual core processor,  1GB of RAM and a large 160GB hard drive. There's also a LightScribe compatible dual layer DVD burner.
	Compaq Presario V6620US The Compaq Presario V6620US is almost identical to the HP Pavilion dv6605us. Whatever features and problems you find on the HP Pavilion, you will find in this Compaq Presario. The only problem with this Compaq laptop is that the brand name is a bit less well known compared to HP. Hence, obtaining advice and support on the Compaq Presario V6620US might pose a problem for some people.

Conclusion

I certainly hope this article has shown some of the best budget laptop computers that money can buy. If you're in the market for a budget laptop, be sure to check out the above models before making the final purchase decision. Until next time, happy shopping!

How to Choose Laptop Computer for College Student

Which laptops are most suitable for college students? If you have a child who is about to enter college, or if you're a college student yourself, you might be in the market for a laptop.
There is a huge variety of laptops available in the market. It definitely confuses anyone trying to settle on a good, functional laptop for college classes.
In this article, I will try to help you understand which are the best value laptops for college students.
1. Overview
Before we look at the laptops most suitable for college students, we should understand what makes a good student laptop. Typically, a student would want a laptop that's lightweight and comfortable enough to lug to and from their various classes. In addition, the laptop has to have great battery life and performance. And price is sometimes a concern, so the above features need to be packed into an affordable package.

A college student's laptop needs to be powerful and light
 

After considering the types of laptops suitable for college students, I've decided to split them into three categories: budget, thin and light and ultraportable. So let's take a look at them now ...
 
2. Budget Laptops
For a college student who is short on cash, a budget laptop is a good buy. Some of the best budget laptops include those from Dell, Toshiba and HP. I personally find the Toshiba Satellite A215-S4747 to be a great budget laptop. You get an AMD based dual core CPU, which perfroms very well with most applications. You also get a huge 200GB hard drive and a large number of peripheral ports.
 

The Toshiba Satellite A215-S4747 budget laptop
 

There's also a nice Sony VGN-NR160E/S model that is (surprisingly) within the budget category. Out of the box, this machine gives you the Intel Core 2 Duo T5250 processor, 1 GB of RAM and a large 160GB hard drive - that's a lot of computing power at budget price.
 

3. Thin and Light Laptops
If you prefer a more powerful laptop and don't mind a little bit of weight, then try going for a thin and light laptop. Some of the models I can think of include those from Lenovo, HP and Sony.
The Sony VAIO VGN-FZ280E is a pretty good choice for a thin and light notebook. This system comes with a Bluray compatible writer that can also burn CDs and DVDs. You also get an Intel Core 2 Duo 2.0GHz CPU, 2GB RAM and a very large 250GB hard drive.
 

The Sony VAIO VGN-FZ280E thin and light laptop
 

Another model I'd consider is the HP Pavilion dv6675us. You will get an Intel Core 2 Duo 2.0GHz CPU, 4GB RAM and 250GB of hard drive space. The 4GB of RAM is a great feature which will come in handy if you're a student of finance or science and need to run intensive computational applications.
 
4. Ultraportable Laptops
If the size and weight of the laptop is of high importance to you, then go for an ultraportable laptop. These laptops give very good computing performance in a very small, compact package.
In this category, I think the Lenovo ThinkPad X61 is a great choice for students. It is slightly pricey (but not outrageously so) but it is one of the best performing laptops around. It weighs only about 3 pounds and is hence an extremely portable piece of hardware. You also get an Intel Core 2 Duo 2.0GHz CPU, 2GB RAM and an ample 100GB hard drive. You don't get a built-in DVD writer though - that unit is external to the laptop.
 

The Lenovo ThinkPad X61 ultraportable laptop
 

Another good choice is the Toshiba Portege R500-S5001X. It weights 2.4 pounds and is less than an inch thick. This is one of the thinnest and lightest notebooks you will find in the market. It's also very reasonably priced.
 

Conclusion

Well! I hope this article has shown you the various types of laptops which are suitable for college students. Regardless of your needs and budget, make sure that you do proper research before shelling out any cash. Until next time, best of luck and happy shopping!

How to Choose The Best Laptop For You

Looking for a laptop computer but not sure which model to pick? How do you choose laptop that will meet your computing needs and budget?

As you know, a laptop is an expensive machine. You certainly don't want to fork out a ton of cash and later find that the laptop is not the one you want.

However, laptops come in so many shapes and sizes - it can be difficult to decide which is the perfect model for you.

Can't decide which model of laptop to buy? How do you choose a laptop that will meet your computing needs and yet does not burst your budget?

Choosing a good laptop computer can be very difficult. You are faced with so many models and specs that you don't know where to begin!

Well, help is here! Read on and find out what you need to consider before buying a laptop. Once you go through the points below, you will have a much clearer picture.

How do you choose laptop that's just right for you? Well, when buying a laptop, you need to consider factors beyond performance and weight. There are many additional things like screen dimensions, battery life, and keyboard and connection options which you have to think about.

aptops come in a variety of shapes and sizes
 

Let's look at some of the factors one should consider when buying a laptop.
 

1. Processor

One of the first things you need to consider in a laptop is the CPU. The latest laptop CPUs include Intel's Core Duo and Core 2 Duo processors which outperform older single-core Intel processors (e.g. Pentium M). Other laptops use the AMD Athlon Turion 64 X2 dual-core processor - which is also a good performer. In general, however, if you're looking for a laptop, I'd advise you to look for one with an Intel Core Duo processor. You can also read this guide to find out more.
 

2. System memory

The amount of RAM in the laptop is very important. If you're not short of cash, my advice is to get at least 1GB of RAM - that is the minimum you need to get newer PC applications to run fast. Also remember that you can always add more memory to your existing laptop. You may be interested in this short guide on how to install new memory modules into a laptop.
 

3. Graphics memory

Laptop graphics are another feature you will want to consider. Typically, I'd say you should go for 128MB of dedicated video RAM. Also, ensure that the graphics memory is used solely for graphics use and not shared with the main memory. If you intend to play games on the laptop, then look for advanced 3D graphics chips with about 256MB to 512MB of dedicated graphics memory. Be prepared to fork out a lot more cash though.
 

4. Screen

You will also want to take a look at the laptop screen. Laptop screens have recently become bigger. Most of them have gone widescreen so you can watch movies or edit spreadsheets more comfortably.

If you intend to use the laptop from home a lot, then I'd go for a 17-inch wide screen. If you are more concerned about portability or if you travel a lot, then laptops with screen sizes of 12.1 or 13.3 inches might suit you better. There are also 14.1- or 15-inch screens for laptops, but I believe manufacturers are shifting away from these models.
 

5. Battery

Here's another critical factor - laptop battery life. I personally find it very frustrating to have my notebook power run out after 15 minutes at Starbucks. What you need to do is to buy a laptop that has about 3.5 hours of battery life, running on a Core Duo or Core 2 Duo processor. Make sure you question the retailer on how long the battery can last - a short battery life is usually a deal breaker for me.
 

6. Keyboard and Pointing Device

Some people believe that the keyboard and pointing device on a laptop is important. If you have big fingers, you might be more comfortable typing on a larger notebook keyboard than a small one. Make sure you try the laptop out - get the feel of typing and navigation before you buy the laptop.
 

7. Optical drives

I'd usually recommend getting a laptop with a rewritable DVD drive as a minimum. One thing you need to know is that some laptops sacrifice a DVD drive in exchange for a lighter weight and portability. If you don't think you need a DVD drive all the time, then you might want to get a model that doesn't have one.
 

8. Hard drive

In the laptop hard drive department, what can I say? More is better. These days, you can get a notebook hard drives coming in sizes of 160GB or more. You can also get SATA hard drives if you have more cash.
 

9. Weight

Another thing to note is the weight of the laptop. Now, when you buy a laptop, always remember that the total weight includes the notebook AND the AC adapter, any external modules, and their cables. These can add up to quite a bit of weight.
 

10. Communications

These days, you will find that most laptops come with at least two USB 2.0 ports - I'd recommend that as a minimum. If you do a lot of video editing, then a FireWire (IEEE 1394) port also becomes essential.

You should also check for good network capabilities. Make sure your new laptop has built-in ethernet capability, a built-in wireless connection and also built-in Bluetooth (if you need to transfer data between your mobile phone and the laptop).

Some of the laptops also include card slots for removable media such as CompactFlash, Secure Digital and MultiMediaCard. If you take a lot of digital photos, then this feature might matter to you.
 

11. Laptop Shopping Tips

Whew! That sure is a long list of features to consider when buying a laptop. In addition to understanding the features, there are three important laptop shopping tips you should bear in mind.

• Tip #1: How will you use the laptop?
  One of the problems when you buy a laptop is that you pay for features you don't really need. One of the best ways to avoid paying too much is to consider how you will use the laptop. If it is mostly for word processing, then settle for a cheaper machine. If it is for gaming, then you need a more powerful one.
   
• Tip #2: Think of features you will not compromise
  You should also be aware that there are some basic features in a laptop you should NOT sacrifice. For example, for me, if I were buying a laptop, I'd choose (as a minimum) - an Intel Core Duo or Core 2 Duo processor, 2GB of RAM, 160GB of hard drive, a very small screen size and a super long lasting battery. Your list of critical feature may vary.
   
• Tip #3: Remember you can pick and choose
  Most vendors will let you custom-build your own laptop. This is a good thing, because you can just pick those features you need and not pay any extra. You can easily purchase a faster notebook by accepting a smaller hard drive or DVD drive, for example.

Conclusion

I hope this article has shown you that ins and outs of buying a laptop. Remember, a laptop is an expensive device. It will also be something you bring along anywhere you go. Hence, it is critical that you do proper research and find the correct laptop to suit your needs. Remember the above tips the next time you're in the market for a laptop, and happy shopping!

SQL injection - The Definition

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution. Any procedure that constructs SQL statements should be reviewed for injection vulnerabilities because SQL Server will execute all syntactically valid queries that it receives. Even parameterized data can be manipulated by a skilled and determined attacker.

The primary form of SQL injection consists of direct insertion of code into user-input variables that are concatenated with SQL commands and executed. A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. When the stored strings are subsequently concatenated into a dynamic SQL command, the malicious code is executed.

The injection process works by prematurely terminating a text string and appending a new command. Because the inserted command may have additional strings appended to it before it is executed, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time.
The following script shows a simple SQL injection. The script builds an SQL query by concatenating hard-coded strings together with a string entered by the user:

var Shipcity;
ShipCity = Request.form ("ShipCity");
var sql = "select * from OrdersTable where ShipCity = '" + ShipCity + "'";

The user is prompted to enter the name of a city. If she enters Redmond, the query assembled by the script looks similar to the following:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond'

However, assume that the user enters the following:

Redmond'; drop table OrdersTable--

In this case, the following query is assembled by the script:

SELECT * FROM OrdersTable WHERE ShipCity = 'Redmond';drop table OrdersTable--' 

The semicolon (;) denotes the end of one query and the start of another. The double hyphen (--) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When SQL Server processes this statement, SQL Server will first select all records in OrdersTable where ShipCity is Redmond. Then, SQL Server will drop OrdersTable.
As long as injected SQL code is syntactically correct, tampering cannot be detected programmatically. Therefore, you must validate all user input and carefully review code that executes constructed SQL commands in the server that you are using. Coding best practices are described in the following sections in this topic.

Always validate user input by testing type, length, format, and range. When you are implementing precautions against malicious input, consider the architecture and deployment scenarios of your application. Remember that programs designed to run in a secure environment can be copied to an nonsecure environment. The following suggestions should be considered best practices:

• Make no assumptions about the size, type, or content of the data that is received by your application. For example, you should make the following evaluation:
  
  • How will your application behave if an errant or malicious user enters a 10-megabyte MPEG file where your application expects a postal code?
    
  • How will your application behave if a DROP TABLE statement is embedded in a text field?
    
• Test the size and data type of input and enforce appropriate limits. This can help prevent deliberate buffer overruns.
  
• Test the content of string variables and accept only expected values. Reject entries that contain binary data, escape sequences, and comment characters. This can help prevent script injection and can protect against some buffer overrun exploits.
  
• When you are working with XML documents, validate all data against its schema as it is entered.
  
• Never build Transact-SQL statements directly from user input.
  
• Use stored procedures to validate user input.
  
• In multitiered environments, all data should be validated before admission to the trusted zone. Data that does not pass the validation process should be rejected and an error should be returned to the previous tier.
  
• Implement multiple layers of validation. Precautions you take against casually malicious users may be ineffective against determined attackers. A better practice is to validate input in the user interface and at all subsequent points where it crosses a trust boundary.
  For example, data validation in a client-side application can prevent simple script injection. However, if the next tier assumes that its input has already been validated, any malicious user who can bypass a client can have unrestricted access to a system.
  
• Never concatenate user input that is not validated. String concatenation is the primary point of entry for script injection.
  
• Do not accept the following strings in fields from which file names can be constructed: AUX, CLOCK$, COM1 through COM8, CON, CONFIG$, LPT1 through LPT8, NUL, and PRN.
  

When you can, reject input that contains the following characters.

Input character	Meaning in Transact-SQL
;	Query delimiter.
'	Character data string delimiter.
--	Comment delimiter.
/* ... */	Comment delimiters. Text between /* and */ is not evaluated by the server.
xp_	Used at the start of the name of catalog-extended stored procedures, such as xp_cmdshell.

Use Type-Safe SQL Parameters

The Parameters collection in SQL Server provides type checking and length validation. If you use the Parameters collection, input is treated as a literal value instead of as executable code. An additional benefit of using the Parameters collection is that you can enforce type and length checks. Values outside the range will trigger an exception. The following code fragment shows using the Parameters collection:

SqlDataAdapter myCommand = new SqlDataAdapter("AuthorLogin", conn);
myCommand.SelectCommand.CommandType = CommandType.StoredProcedure;
SqlParameter parm = myCommand.SelectCommand.Parameters.Add("@au_id",
     SqlDbType.VarChar, 11);
parm.Value = Login.Text;

In this example, the @au_id parameter is treated as a literal value instead of as executable code. This value is checked for type and length. If the value of @au_id does not comply with the specified type and length constraints, an exception will be thrown.

Use Parameterized Input with Stored Procedures

Stored procedures may be susceptible to SQL injection if they use unfiltered input. For example, the following code is vulnerable:

SqlDataAdapter myCommand = 
new SqlDataAdapter("LoginStoredProcedure '" + 
                               Login.Text + "'", conn);

If you use stored procedures, you should use parameters as their input.

Use the Parameters Collection with Dynamic SQL

If you cannot use stored procedures, you can still use parameters, as shown in the following code example:

SqlDataAdapter myCommand = new SqlDataAdapter(
"SELECT au_lname, au_fname FROM Authors WHERE au_id = @au_id", conn);
SQLParameter parm = myCommand.SelectCommand.Parameters.Add("@au_id", 
                        SqlDbType.VarChar, 11);
Parm.Value = Login.Text;

Filtering Input

Filtering input may also be helpful in protecting against SQL injection by removing escape characters. However, because of the large number of characters that may pose problems, this is not a reliable defense. The following example searches for the character string delimiter.

private string SafeSqlLiteral(string inputSQL)
{
  return inputSQL.Replace("'", "''");
}

LIKE Clauses

Note that if you are using a LIKE clause, wildcard characters still must be escaped:

s = s.Replace("[", "[[]");
s = s.Replace("%", "[%]");
s = s.Replace("_", "[_]");

Reviewing Code for SQL Injection

---

You should review all code that calls EXECUTE, EXEC, or sp_executesql. You can use queries similar to the following to help you identify procedures that contain these statements. This query checks for 1, 2, 3, or 4 spaces after the words EXECUTE or EXEC.

SELECT object_Name(id) FROM syscomments

WHERE UPPER(text) LIKE '%EXECUTE  (%'

OR UPPER(text) LIKE '%EXECUTE  (%'

OR UPPER(text) LIKE '%EXECUTE   (%'

OR UPPER(text) LIKE '%EXECUTE    (%'

OR UPPER(text) LIKE '%EXEC (%'

OR UPPER(text) LIKE '%EXEC  (%'

OR UPPER(text) LIKE '%EXEC   (%'

OR UPPER(text) LIKE '%EXEC    (%'

OR UPPER(text) LIKE '%SP_EXECUTESQL%'

Wrapping Parameters with QUOTENAME() and REPLACE()

In each selected stored procedure, verify that all variables that are used in dynamic Transact-SQL are handled correctly. Data that comes from the input parameters of the stored procedure or that is read from a table should be wrapped in QUOTENAME() or REPLACE(). Remember that the value of @variable that is passed to QUOTENAME() is of sysname, and has a maximum length of 128 characters.

@variable	Recommended wrapper
Name of a securable	QUOTENAME(@variable)
String of ≤ 128 characters	QUOTENAME(@variable, '''')
String of > 128 characters	REPLACE(@variable,'''', '''''')

When you use this technique, a SET statement can be revised as follows:
--Before:
SET @temp = N'select * from authors where au_lname='''
+ @au_lname + N''''
--After:
SET @temp = N'select * from authors where au_lname='''
+ REPLACE(@au_lname,'''','''''') + N''''

Injection Enabled by Data Truncation

Any dynamic Transact-SQL that is assigned to a variable will be truncated if it is larger than the buffer allocated for that variable. An attacker who is able to force statement truncation by passing unexpectedly long strings to a stored procedure can manipulate the result. For example, the stored procedure that is created by the following script is vulnerable to injection enabled by truncation.
CREATE PROCEDURE sp_MySetPassword
@loginname sysname,
@old sysname,
@new sysname
AS
-- Declare variable.
-- Note that the buffer here is only 200 characters long.
DECLARE @command varchar(200)
-- Construct the dynamic Transact-SQL.
-- In the following statement, we need a total of 154 characters
-- to set the password of 'sa'.
-- 26 for UPDATE statement, 16 for WHERE clause, 4 for 'sa', and 2 for
-- quotation marks surrounded by QUOTENAME(@loginname):
-- 200 – 26 – 16 – 4 – 2 = 154.
-- But because @new is declared as a sysname, this variable can only hold
-- 128 characters.
-- We can overcome this by passing some single quotation marks in @new.
SET @command= 'update Users set password=' + QUOTENAME(@new, '''') + ' where username=' + QUOTENAME(@loginname, '''') + ' AND password = ' + QUOTENAME(@old, '''')

-- Execute the command.
EXEC (@command)
GO
By passing 154 characters into a 128 character buffer, an attacker can set a new password for sa without knowing the old password.
EXEC sp_MySetPassword 'sa', 'dummy', '123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012'''''''''''''''''''''''''''''''''''''''''''''''''''
For this reason, you should use a large buffer for a command variable or directly execute the dynamic Transact-SQL inside the EXECUTE statement.

Truncation When QUOTENAME(@variable, '''') and REPLACE() Are Used

Strings that are returned by QUOTENAME() and REPLACE() will be silently truncated if they exceed the space that is allocated. The stored procedure that is created in the following example shows what can happen.
CREATE PROCEDURE sp_MySetPassword
@loginname sysname,
@old sysname,
@new sysname
AS

-- Declare variables.
DECLARE @login sysname
DECLARE @newpassword sysname
DECLARE @oldpassword sysname
DECLARE @command varchar(2000)

-- In the following statements, the data stored in temp variables
-- will be truncated because the buffer size of @login, @oldpassword,
-- and @newpassword is only 128 characters, but QUOTENAME() can return
-- up to 258 characters.

SET @login = QUOTENAME(@loginname, '''')
SET @oldpassword = QUOTENAME(@old, '''')
SET @newpassword = QUOTENAME(@new, '''')

-- Construct the dynamic Transact-SQL.
-- If @new contains 128 characters, then @newpassword will be '123... n
-- where n is the 127th character.
-- Because the string returned by QUOTENAME() will be truncated,
-- it can be made to look like the following statement:
-- UPDATE Users SET password ='1234. . .[127] WHERE username=' -- other stuff here

SET @command = 'UPDATE Users set password = ' + @newpassword
+ ' where username =' + @login + ' AND password = ' + @oldpassword;

-- Execute the command.
EXEC (@command)
GO
Therefore, the following statement will set the passwords of all users to the value that was passed in the previous code.
EXEC sp_MyProc '--', 'dummy', '12345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678'
You can force string truncation by exceeding the allocated buffer space when you use REPLACE(). The stored procedure that is created in the following example shows what can happen.
CREATE PROCEDURE sp_MySetPassword
@loginname sysname,
@old sysname,
@new sysname
AS
-- Declare variables.
DECLARE @login sysname
DECLARE @newpassword sysname
DECLARE @oldpassword sysname
DECLARE @command varchar(2000)
-- In the following statements, data will be truncated because
-- the buffers allocated for @login, @oldpassword and @newpassword
-- can hold only 128 characters, but QUOTENAME() can return
-- up to 258 characters.

SET @login = REPLACE(@loginname, '''', '''''')
SET @oldpassword = REPLACE(@old, '''', '''''')
SET @newpassword = REPLACE(@new, '''', '''''')

-- Construct the dynamic Transact-SQL.
-- If @new contains 128 characters, @newpassword will be '123...n
-- where n is the 127th character.
-- Because the string returned by QUOTENAME() will be truncated, it
-- can be made to look like the following statement:
-- UPDATE Users SET password='1234…[127] WHERE username=' -- other stuff here

SET @command= 'update Users set password = ''' + @newpassword + ''' where username='''
+ @login + ''' AND password = ''' + @oldpassword + '''';

-- Execute the command.
EXEC (@command)
GO
As with QUOTENAME(), string truncation by REPLACE() can be avoided by declaring temporary variables that are large enough for all cases. When possible, you should call QUOTENAME() or REPLACE() directly inside the dynamic Transact-SQL. Otherwise, you can calculate the required buffer size as follows. For @outbuffer = QUOTENAME(@input), the size of @outbuffer should be 2*(len(@input)+1). When you use REPLACE() and doubling quotation marks, as in the previous example, a buffer of 2*len(@input) is enough.
The following calculation covers all cases:
While len(@find_string) > 0, required buffer size =
round(len(@input)/len(@find_string),0) * len(@new_string)
+ (len(@input) % len(@find_string))

Truncation When QUOTENAME(@variable, ']') Is Used

Truncation can occur when the name of a SQL Server securable is passed to statements that use the form QUOTENAME(@variable, ']'). The following example shows this.
CREATE PROCEDURE sp_MyProc
@schemaname sysname,
@tablename sysname,
AS
-- Declare a variable as sysname. The variable will be 128 characters.
-- But @objectname actually must allow for 2*258+1 characters.
DECLARE @objectname sysname
SET @objectname = QUOTENAME(@schemaname)+'.'+ QUOTENAME(@tablename)
-- Do some operations.
GO
When you are concatenating values of type sysname, you should use temporary variables large enough to hold the maximum 128 characters per value. If possible, call QUOTENAME() directly inside the dynamic Transact-SQL. Otherwise, you can calculate the required buffer size as explained in the previous section.

Make A Quick Website

Building a website can be one of the major hold ups in trying run a successful online business. In fact a lot of could be internet entrepreneurs stumble badly at this hurdle. For some this is even where their dream ends.
But is there a way to make a website quickly and still have the functionality and look you desire?
Is there a way to have your website built from scratch to up and running and fully functional in less than 1 day?
Well....yes!! I actually know of 2 ways to do this!

Method one is as follows:
Find an internet marketing platform that can provide you with everything you need to get set up with an online business. You will have to look in the right places, but there are some fantastic services out there. You should quite easily be able to find an internet marketing platform that can provide you with extremely easy to follow video's, support and services that will take you from buying your domain name, setting up hosting, then right through the whole website set up. I can't name names, but there are platforms out there that have the easiest of web design software integrated into their complete internet marketing platform. When you find a service like this you will easily be able to have your own website up and running well within 1 day

Method two is even easier:
This method is known as the lazy way or the smart as hell way, you decided. It goes like this, get someone else who knows exactly what they are doing to do it for you.
Will you have to pay for a service like this? Of course you will.
Will it be expensive? It actually shouldn't be, not if you are asking the right people any way.
Will it be worth it? Absolutely. Business is moving faster than ever these days, especially online business. Do not get all stuck up on building the most perfect site in the world, or be too proud to let someone else have a significant input on your business. As a budding online business person or internet marketer it is your responsibility to get this part of your online business dealt with quickly and efficiently, so you can really get down to business and start making money online.

Big Approach to Setting Up Your Website

Trying to decide whether to set up a new website for your business or for your hobby? Whether your planned website is for business or for pleasure, there are some practical steps you will need to consider before you get started.

Website address
First of all, you will need to set up a website address (known as a domain name) that is unique, memorable and relevant to your website. Once, you have decided on a website name, chosen and bought a domain name, you are ready to move to the next step.

Content is king
What is your website about? Can you write the content - the words that go on the pages - yourself, or would you prefer to have them written for you by a professional? A skilled web copywriter can turn your ideas into the kind of online information that your customers will want to read - and act on.
A copywriter can also rewrite what you have already written and make sure that your website sends the right messages to your readers, whether they are your friends, fellow hobbyists or business contacts.

D is for designer
If you have a particular design or colour scheme in mind and would like to have full control over the way your website looks, hire a designer to do the work for you. Get a referral from friends or family - and be sure to agree a price from the outset. Remember that your designer will give you all the creative ideas you need. It does help if you have a clear idea about what you would like your website to achieve, and to have your content ready so that your designer can focus on the look and feel of your website.
When using a copywriter or designer, be sure to see examples of their previous work - or get a personal referral from someone you trust.

Do-it-Yourself!
There are now a huge number of DIY (do-it-yourself) website packages out there and they can vary from the very easy to the highly customisable. Remember to do your research and look at examples of a range of websites created using different tools before you sign up to a website service provider or a contract.

Explore your options fully
Do take your time to explore all your options when setting up your website.
For example, you may decide to add special functionality to your website or have the entire site built by a web developer who specialises in a particular programming language or specialist functionality tool.
You may decide that you want to do it all yourself, but need to work out which of the web publishing tools is right for you. As an alternative, you may even decide to do some of the work yourself, and call in web experts to do a part of the work.
Any of these options is perfectly valid and will very much depend on your own skills and talents, your time, other commitments and budget.
Debbie Legall is a highly experienced content producer and web copywriter and has over ten years' experience of managing and overhauling business and personal websites.

Want to create your own website from scratch? Debbie Legall shares tried and tested ways to run and launch your website in her ebook: Website Wonder: the easy guide to creating your own website. Debbie has more than 10 years' experience of managing and overhauling websites, and shows you how to to get online using a clear, easy-to-follow, step-by-step approach.

Maximize Sales with Designing Your Website

One of the most important resources that can be provided by an IT services unit in any company is web design. It goes without saying that if your company has a presence on the web and it is not used to its fullest potential, then you are missing out on huge volumes of business. As you are probably aware, the Internet abounds with hundreds of millions of websites and, depending on your business, there is an increasing number of competitors entering your market every day around the world. But you might be surprised to discover that many websites fail to capitalise on their potential by not adhering to principles of good design and visitor usability.
It's easy to draw a parallel with a physical store in that if you don't display your goods properly and have a welcoming entrance, you are unlikely to attract even the most casual passerby. It is the same with a website: you have to provide an easily navigable entrance and grab a visitor's attention immediately to entice them further.
Design is not simply a thing of beauty, it is a matter of functionality and, unfortunately, many Web designers fall into the trap of producing a beautiful design which falls short when it comes to ease of navigation.
It is important to get the blend absolutely perfect in order to maximise your online sales and there are some important issues which need to be covered.

• Apart from having an in-depth knowledge of code, a good web designer will build a site with a simple architecture. This means that your page will load quickly and that visitors will be instantly presented with an easy to understand interface that enables them to find what they are looking for as quickly as possible. It doesn't matter whether you have a huge variety of products or not, you must think of your design in terms of how well it serves the needs of your visitor.
• Layout is the next most important thing that any business needs to consider. In keeping with the principles mentioned above, your site needs to be logically laid out and colour-coded so that visitors are left in no doubt as to the range of products you have available which can be easily found through a simple menu system.
• Navigability is something which many web designs sadly lack. The navigation of your site should be prominently placed either at the top of the page or easily seen in a sidebar so that visitors can logically detect the layout of your site and go straight to the area they wish.
• Most importantly perhaps is the element of content. It should be a no-brainer but your content must be written for both human visitors and for search engines. This means you have to strike a neat balance between using keywords that allow search engines to understand the content of your site and so rank it accordingly, as well as providing information which is relevant to web surfers so they can find the information they were seeking.

These few tips are only the start and your IT services department should be given full rein to provide a design that satisfies every criteria.

Criterias That Makes a Good Web Site

Providing you site with the essential that keep visitors coming back

When working on a new Web site for your company, whether it large or small, it is important to remember that a good Web site is one that will keep people coming back. What makes a Web site "good" varies from person to person. Some might put an importance on appearance while others prefer a strong usability. If you can meet all the criteria for what is important to a good Web site then yours can be great.
1. Appearance
Nobody wants to look at a boring Web site but if it is too flashy some might be turned away. Finding a good balance between too fancy and boring is the key to unlocking great Web site design. Colors can be used to draw an emotional feeling from people, which in turn can enhance their willingness to buy. The psychology of colors is proven to work and is used by professional web designers to manipulate different messages to the users. A design should never be too complex or confusing. It should also resemble the business and what products or services you offer.

2. Site Purpose
Before developing a Web site you need to set objectives and ask yourself how you want people to benefit from your Web site. The content of your Web site should always be kept up to date. It is easy to tell when a Web-site has not been updated. This reflects poorly on the company because a homepage is like its resume. You also want the content of your Web site to reflect the main goal and what it is you are trying to do for the world.

3 Usability
Since the internet provides so much information, it's hard to grasp people's attention and keep them on your site. One of the biggest turn-offs for site visitors is poor usability. A web site should be simple and easy to use. The navigation should be easily accessed on every page of your site. Visitors should never have to click more than 4 times reach a specific page. A general rule understood by most professional Web site designers is that no more than two clicks should be required for visitors to reach any page of the site. Complicated navigation structure will hastily frustrate your visitors and they will break off quickly if they can't find what they are looking for. Another thing to keep in mind is your service provider. Your host should have great uptime (99.9%+) and boast fast transfer speeds.
No matter what you are trying to accomplish with a Web site, whether if be company buzz or product sales, the main goal is to acquire traffic. The three strategies listed above are proven ways for your company to excel on the Web.

Let's Find How Bluetooth Works

Bluetooth is a proprietary open wireless technology standard for exchanging data over short distances (using short wavelength radio transmissions) from fixed and mobile devices, creating personal area networks (PANs) with high levels of security. Created by telecoms vendor Ericsson in 1994, it was originally conceived as a wireless alternative to RS-232 data cables. It can connect several devices, overcoming problems of synchronization. Today Bluetooth is managed by the Bluetooth Special Interest Group.

When you use computers, entertainment systems or telephones, the various pieces and parts of the systems make up a community of electronic devices. These devices communicate with each other using a variety of wires, cables, radio signals and infrared light beams, and an even greater variety of connectors, plugs and protocols.

There are lots of different ways that electronic devices can connect to one another. For example:

• Component cables
• Electrical wires
• Ethernet cables
• ­WiFi
• Infrared signals

­­The art of connecting things is becoming more and more complex every day. In this article, we will look at a method of connecting devices, called Bluetooth, that can streamline the process. A Bluetooth connection is wireless and automatic, and it has a number of interesting features that can simplify our daily lives. 

The Problem
When any two devices need to talk to each other, they have to agree on a number of points before the conversation can begin. The first point of agreement is physical: Will they talk over wires, or through some form of wireless signals? If they use wires, how many are required -- one, two, eight, 25? Once the physical attributes are decided, several more questions arise:

• How much data will be sent at a time? For instance, serial ports send data 1 bit at a time, whil­e parallel ports send several bits at once.
  
• How will they speak to each other? All of the parties in an electronic discussion need to know what the bits mean and whether the message they receive is the same message that was sent. This means developing a set of commands and responses known as a protocol.

Bluetooth offers a solution to the problem.

What definition and How USB Ports work?

A USB port is a standard cable connection interface on personal computers and consumer electronics. USB ports allow stand-alone electronic devices to be connected via cables to a computer (or to each other).

USB stands for Universal Serial Bus, an industry standard for short-distance digital data communications. USB allows data to be transferred between devices. USB ports can also supply electric power across the cable to devices without their own power source.

 

Just about any computer that you buy today comes with one or more Universal Serial Bus connectors on the back. These USB connectors let you attach everything from mice to printers to your computer quickly and easily. The operating system supports USB as well, so the installation of the device drivers is quick and easy, too. Compared to other ways of connecting devices to your computer (including parallel ports, serial ports and special cards that you install inside the computer's case), USB devices are incredibly simple! 

Both wired and wireless versions of the USB standard exist, although only the wired version involves USB ports and cables.

What Can You Plug Into a USB Port?:

Many types of consumer electronics support USB interfaces. These types of equipment are most commonly used for computer networking:

• USB network adapters
• USB broadband and cellular modems for Internet access
• USB printers to be shared on a home network

For computer-to-computer file transfers without a network, USB keys are also sometimes used to copy files between devices. Multiple USB devices can also be connected to each other using a USB hub. A USB hub plugs into one USB port and contains additional ports for other devices to connect subsequently.

 

Usage Model:

Connect two devices directly with one USB cable by plugging each end into a USB port. If using a USB hub, plug a separate cable into each device and connect them to the hub individually. You may plug cables into a USB port at any time regardless of whether the devices involved are powered on or off. However, do not remove cables from a USB port arbitrarily, as this can lose or corrupt data. Follow instructions provided with your equipment before unplugging USB cables.
Many PCs feature more than one USB port, but do not plug both ends of a cable into the same device, as this can cause electrical damage.

 

USB-B and Other Types of Ports:

A few different types of physical layouts exist for USB ports. The standard layout for computers, called USB-B, is a rectangular connection point approximately 1.4 cm (9/16 in) length by 0.65 cm (1/4 in) height. Printers and some other devices may use smaller types of USB ports including a standard called USB-A. To connect a device having USB-B ports to a device with another type, simply use the correct type of cable with appropriate interfaces on each end.

Versions of USB:

The USB industry standard exists in multiple versions including 1.1, 2.0 and 3.0. However, USB ports feature identical physical layouts no matter the version of USB supported.

Alternative Technologies:

USB ports are an alternative to the serial and parallel ports available on older PCs. USB ports support much faster (often 100x or greater) data transfers than serial or parallel. For computer networking, Ethernet ports are sometimes used instead of USB. For some types of computer peripherals, FIreWire ports are also sometimes available. Both Ethernet and FireWire can offer faster performance than USB, although these interfaces do not supply any power across the wire.

• Printers connected to parallel printer ports, and most computers only came with one. Things like Zip drives, which need a high-speed connection into the computer, would use the parallel port as well, often with limited success and not much speed.
• Modems used the serial port, but so did some printers and a variety of odd things like Palm Pilots and digital cameras. Most computers have at most two serial ports, and they are very slow in most cases.
• Devices that needed faster connections came with their own cards, which had to fit in a card slot inside the computer's case. Unfortunately, the number of card slots is limited and you needed a Ph.D. to install the software for some of the cards.

The goal of USB is to end all of these headaches. The Universal Serial Bus gives you a single, standardized, easy-to-use way to connect up to 127 devices to a computer.

Just about every peripheral made now comes in a USB version. A sample list of USB devices that you can buy today includes:

• Printers
• Scanners
• Mice
• Joysticks
• Flight yokes
• Digital cameras
• Webcams
• Scientific data acquisition devices
• Modems
• Speakers
• Telephones
• Video phones
• Storage devices such as Zip drives
• Network connections

What is RAM?

RAM (random access memory) is the place in a computer where the operating system, application programs, and data in current use are kept so that they can be quickly reached by the computer's processor. RAM is much faster to read from and write to than the other kinds of storage in a computer, the hard disk, floppy disk, and CD-ROM. However, the data in RAM stays there only as long as your computer is running. When you turn the computer off, RAM loses its data. When you turn your computer on again, your operating system and other files are once again loaded into RAM, usually from your hard disk.

RAM can be compared to a person's short-term memory and the hard disk to the long-term memory. The short-term memory focuses on work at hand, but can only keep so many facts in view at one time. If short-term memory fills up, your brain sometimes is able to refresh it from facts stored in long-term memory. A computer also works this way. If RAM fills up, the processor needs to continually go to the hard disk to overlay old data in RAM with new, slowing down the computer's operation. Unlike the hard disk which can become completely full of data so that it won't accept any more, RAM never runs out of memory. It keeps operating, but much more slowly than you may want it to.

How Big is RAM?

RAM is small, both in physical size (it's stored in microchips) and in the amount of data it can hold. It's much smaller than your hard disk. A typical computer may come with 256 million bytes of RAM and a hard disk that can hold 40 billion bytes. RAM comes in the form of "discrete" (meaning separate) microchips and also in the form of modules that plug into holes in the computer's motherboard. These holes connect through a bus or set of electrical paths to the processor. The hard drive, on the other hand, stores data on a magnetized surface that looks like a phonograph record.

Most personal computers are designed to allow you to add additional RAM modules up to a certain limit. Having more RAM in your computer reduces the number of times that the computer processor has to read data in from your hard disk, an operation that takes much longer than reading data from RAM. (RAM access time is in nanoseconds; hard disk access time is in milliseconds.)

Why Random Access?

RAM is called "random access" because any storage location can be accessed directly. Originally, the term distinguished regular core memory from offline memory, usually on magnetic tape in which an item of data could only be accessed by starting from the beginning of the tape and finding an address sequentially. Perhaps it should have been called "nonsequential memory" because RAM access is hardly random. RAM is organized and controlled in a way that enables data to be stored and retrieved directly to specific locations. Note that other forms of storage such as the hard disk and CD-ROM are also accessed directly (or "randomly") but the term random access is not applied to these forms of storage.

In addition to disk, floppy disk, and CD-ROM storage, another important form of storage is read-only memory (ROM), a more expensive kind of memory that retains data even when the computer is turned off. Every computer comes with a small amount of ROM that holds just enough programming so that the operating system can be loaded into RAM each time the computer is turned on.

Safari 4 by Apple is now available

Safari 4 by Apple is now available. According to iBench it is the fastest browser in the market. Based on my own experience, it doesn’t feel any faster than my Firefox 3, neither am I experiencing a faster browsing speed over my Internet Explorer 7 or my Opera 9. In all honesty, the browsing speed feels the same, just like any other browser.

On the interface, there are some cosmetic changes, minor.

However, the biggest change is none other than the text rendering engine. Apple has finally decided to please Windows user knowing very well they are unable to gain any market share among Windows user because of the text rendering engine used in previous Safari. Read this post on the text rendering engine comparison between IE and Safari.

It is unlike for Safari to gain any new converts from Firefox and IE due to their way Safari handles font rendering. The way Apple does fonts is very different from the way Microsoft does fonts, and there seems to be little to no common ground.

Its sharper now, and easier on the eyes. I have to admit that the text rendering engine is one of the biggest reason why I decided not to use Safari. Download Safari 4 now.