How-To Tutorials

1.    Packt: Firstly, I would like to thank you for taking part in this Q&A and we expect great things from the Sencha community for 2011. How important do you think the various communities of Open Source projects are to the progression and growth of its software? James Pearce: We have a fantastic community – something over 1 million developers worldwide – and we’re proud to work with them. Our libraries are specifically designed to be extensible in an OO-style way (with community-authored controls, widgets and so on), and we use GPL and MIT licensing throughout (although we do also provide dual commercial and OEM licenses on certain products). And importantly, our JavaScript libraries are often used in conjunction with other web software – content management systems, design systems, mobile frameworks and so on – so we are very comfortable in working with other communities that need to interact with ours.    2.    Packt: For those that do not know, how long has Sencha been around? How did the creation of Sencha come about? James Pearce: Sencha was previously known as Ext JS, a company formed several years ago with a fork of Yahoo’s YUI JavaScript library, and providing product support and professional services for developers creating rich internet applications. In 2010, the company earned VC funding from Sequoia Capital and Radar Partners, and was renamed to Sencha. At the same time the company launched Sencha Touch – the world’s first HTML5, CSS3, and JavaScript framework for building rich web applications for modern mobile devices. These are now our flagship framework products, and are complemented with tools, services and a range of exciting, world-class open-source lab projects 3.    Packt: How would you describe the Sencha community? James Pearce: Very vibrant, and very loyal. Our forums are always a busy place, with tips, advice, problem solving and – yes – bug reports :) Our annual SenchaCon event is a sell-out, and we’re looking at more regular events to cater for the worldwide demand. Groups all over the world run local meetups, and our SenchaDevs developer directory grew incredibly quickly beyond our wildest expectations. Generally our community is very professional and polite. We have a strong following in the enterprise space, where our frameworks are very popular – so perhaps we’re a little different from a lot of regular Open Source communities in this respect. 4.    Packt: What would you describe as the current strengths and weaknesses of the Sencha community? James Pearce: One challenge we face is the huge bell-curve in skill sets. Sencha Touch and Ext JS can be very powerful and experienced developers do astonishing things with them. But at the other end of the spectrum, we want to make it easy for new entrants to the web application world. One of our challenges is working out how to smooth this learning curve and use the existing skills of the ‘advanced’ community to bring newcomers up to speed. But it’s happening around the world, with meetups, training and workshops and so on, so I’m very optimistic. 5.    Packt: How many code contributions does the Sencha project receive on a monthly basis? James Pearce: It’s hard to generalize. We use GitHub for all our projects, and for several projects, we have thousands of followers and hundreds of forks. It’s also a tricky question because we’re avidly hiring at the moment. Several core community members are in the midst of joining the team as employees – and of course their contributions are going through the roof! 6.    Packt: How has Sencha encouraged its community to evangelize the software? James Pearce: I'm always amazed by how fervent our developers are without any prompting. I think it might be something to do with the satisfaction of being able to build incredible apps with web technology – once you’ve seen what can actually be done with HTML5, CSS3 and JavaScript, you want to tell as many people as possible about it. We do also provide assistance and shwag for local community groups who want to get meetups off the ground and run their own training workshops, but frankly our community doesn’t need much encouragement! 7.    Packt: 2010 was a big year for the Sencha community, how does the project expect to improve in 2011 and build on the growth experienced? James Pearce: Good question. In 2010 we had to work with the community to understand how and why we were evolving our business and embracing mobile as the next big frontier for the web. In 2011, the reality that the mobile web is a great long-term future is starting to be well accepted, and we need to make sure we help our users (Sencha Touch in particular) work with that opportunity. The Ext JS project is about to reach a significant milestone too: v4, and we’ll need to work sympathetically with our users and community members to go through the upgrade and re-education process that that will bring. 8.    Packt: as you may know, we’ve recently announced that we’ve hit the landmark of over $300k donated to Open Source projects, how important are donations of this kind to the Sencha community? James Pearce: We’re in a fortunate position: since we provide commercial services (such as training and support) for our software, we are able to maintain the project and support the community ourselves. For us, it is our community’s time and enthusiasm that are the most valuable donation. Nevertheless, your support is invaluable for many types of project and you’re doing a great job helping keep the Open Source ecosystem healthy. 9.    Packt: We specialize in refining and distilling advice, provided by the community around Open Source projects, into easy to follow specialist information. How important is the sharing of information for the Sencha community? How do you plan to improve on your role as the hub of distributing information for the Sencha community in 2011? James Pearce: Yes, this is a big area for us. We want to make our projects as approachable as possible to newcomers to web technology in general – and you can never have too many getting-started guides and introductory stuff. That said, there is so much going on in the mobile and HTML5 space right now, that a lot of our work is just about educating users about what’s possible in contemporary web environments. We live in exciting times!10.    Packt: Thanks for your time James, lastly what projects, if any, are you/Sencha working on at the moment? James Pearce: Ah… you really need to check out some of the cool stuff in our Sencha Labs area! My favorite right now is the PhiloGL project that makes it easy for JavaScript developers to hook into WebGL and hardcore graphics capabilities – there are some cool demos. But some of the vector-graphics stuff is fantastic too (e.g. Raphael and InfoVis) – together with CSS3, these sorts of things demonstrate possibilities that previously required proprietary browser plugins. The web is a changing place and we hope we can be a helpful part of its evolution. To read more about Sencha, go to www.sencha.com

Core Data iOS Essentials A fast-paced, example-driven guide guide to data-drive iPhone, iPad, and iPod Touch applications        Core Data Core Data is Apple's persistence framework, which is used to persist—store our application's data in a persistent store, which may be memory or a flat file database. It helps us represent our data model in terms of an object graph, establish relationships among objects, and it can also store object graphs on the disk. It also allows us to use the entities of our data model in the form of objects, that is, it maps our data into a form that can be easily stored in a database, such as SQLite, or into a flat file. Also, the Core Data reduces a lot of coding. On using Xcode's templates for Core Data applications, we automatically get the boilerplate code that does several complex tasks such as generating XML files, binary files, SQLite files automatically for us without writing a single code, allowing us to focus on the business logic of our application. Besides this, Core Data also provides several features that are required in data manipulation, which includes filtering data, querying data, sorting data, establishing relationships with other data, and persisting data in different repositories. Core Data features The Core Data framework provides lots of features that include the following: Supports migrating and versioning: It means we can modify our data model, that is, entities of the application, whenever desired. The Core Data will replace the older persistent store with the revised data model. Supports Key-Value Coding (KVC): It is used to store and retrieve data from the managed objects. Core Data provides the methods required for setting and retrieving attribute values from the managed object, respectively. We will be using this feature in our application to display the information of customers and the products sold to them through the table view. Tracks the modifications: Core Data keeps track of the modifications performed on managed objects thus allowing us to undo any changes if required. We will be using this feature in our application while modifying the information of a customer or product to know what the earlier value was and what the new value entered for it is. Supports lazy loading: It's a situation that arises when all the property values of a managed object are not loaded from the data store and the property values are accessed by the application. In such situations, faulting occurs and the data is retrieved from the store automatically. Efficient database retrievals: Core Data queries are optimized for this, though the execution of query is dependent on the data store. Multi-threading: Core Data supports multi-threading in an application, that is, more than one thread can be executed in parallel to increase performance. Even some tasks can be performed in the background using a separate thread. Inverse relationship: Core Data maintains an inverse relationship for consistency. If we add an object to a relationship, Core Data will automatically take care of adding the correct object to the inverse relationship. Also, if we remove an object from a relationship, Core Data will automatically remove it from the inverse relationship. In our application, we will be using an inverse relationship between the Customer and Product entities, so that if a customer is deleted, the information of all the products purchased by him/her should also be automatically deleted. External data repositories: Core Data supports storing objects in external data repositories in different formats. Data Model Core Data describes the data in terms of a data model. A data model is used to define the structure of the data in terms of entities, properties, and their relationships. Entities Because Core Data maintains data in terms of objects, an entity is an individual data object to represent complete information of the person, item, object, and so on. For example, customer is an entity, which represents information of customers, such as name, address, e-mail ID, contact number, products purchased, date of purchase, and so on. Similarly, the product is an entity, which represents the information of a product, such as name of the product, price, weight, and so on. An entity consists of properties that are a combination of attributes and relationships. An entity in Xcode's Data Model Editor may appear as shown in the following screenshot: Properties Properties of an entity give detailed information about it, such as what are its attributes and how it is related to other entities. A property of an entity refers to its attributes and relationships. Attributes are scalar values and relationships are pointers to or collections of other entities at the object level. A property is represented by a name and a type. Attributes Attributes are the variables within an object (entity). In fact, a collection of attributes makes an entity. In database language, they are known as columns of the table. For example, the customer's entity may consist of attributes such as name, address, contact number, items purchased, and so on. Similarly, the attributes in the products table may be item code, item name, quantity, and so on. While creating attributes of an entity, we have to specify its name and its data type to declare the kind of information (whether integer, float, string, and so on) that will be stored in the attribute. Also, we can define the constraints on the information that can be stored in the column. For example, we can specify the maximum, minimum value (range) that can be stored in that attribute, or whether the attribute can or cannot store certain special symbols, and so on. Also, we can specify the default value of an attribute. Relationships Besides attributes, an entity may also contain relationships (which define how an entity is related to other entities). The attributes and relationships of an entity are collectively known as properties. The relationships are of many types (To-One, To-Many, and Many-to-Many) and play a major role in defining connection among the entities and what will be the impact of insertion or deletion of a row in one entity on the connected entities. Examples of relationship types: The relationship from a child entity to a parent entity is a To-One relationship as a child can have only one parent The relationship from a customer to a product entity is a To-Many relationship as a customer can purchase several products The relationship from an employee to a project entity is of Many-to-Many type as several employees can work on one project and an employee can work on several projects simultaneously To define a many-to-many relationship in Core Data, we have to use two To-many relationships. The first To-many relationship is set from the first entity to the second entity. The second To-many relationship is set from the second entity to the first entity. In Xcode's Data Model Editor, the relationship from Customer to Product—a To-Many relationship—is represented by a line that appears pointing from the Customer entity to the Product entity with two arrows, (designating a One-to-Many relationship) as shown in the subsequent screenshot, whereas the To-One relationship is represented by a line with a single arrow: When defining relationships in Core Data we may use inverse relationships, though it's optional. Inverse relationship In Core Data, every relationship can have an inverse relationship. Like, if there is a relationship from Customer to Product, there will be a relationship from Product to Customer too. A relationship does not need to be the same kind as its inverse; for example, a To-One relationship can have an inverse relationship of type To-Many. Although relationships are not required to have an inverse, Apple generally recommends that you always create and specify the inverse, (even if you won't need) as it helps Core Data to ensure data integrity. For example, consider a situation when a Customer entity has a relationship of the To-Many type to a Product entity and some information of a customer is changed or a row of a customer is deleted. Then it will be easier for Core Data to ensure consistency; that is, by inverse relationship, Core Data can automatically find the products related to the deleted customer and hence, delete them too. Before we go further, let us have a quick look at the architecture that is used in iPhone application development: MVC. Model View Controller (MVC) iPhone application development uses MVC architecture where M stands for Model, V stands for View, and C for Controller. Model represents the backend data—data model View represents the user interface elements through which the user looks at the contents displayed by the application and can interact with them Controller represents the application logic that decides the type of view to be displayed on the basis of actions taken by the user Core Data organizes the data model in terms of objects that are easy to handle and manipulate. The finalized objects are stored on a persistent storage. The usual way of representing data models is through classes that contains variables and accessor methods. We don't have to create classes by hand, (for our data models) as Core Data framework provides a special Data Model Design tool (also known as Data Model Editor) for quickly creating an entity relationship model. The terms that we will be frequently using from now onwards are Managed Object Model, Managed Objects, and Managed Object Context. Let us see what these terms mean: Managed Object Model: The data model created by the Data Model Design tool (Data Model Editor) is also known as Managed Object Model. Managed Objects: Managed objects are instances of the NSManagedObject class (or its subclass) that represent instances of an entity that are maintained (managed) by the Core Data framework. In a managed object model, an entity is defined by an entity name and the name of the class that is used at runtime to represent it. The NSManagedObject class implements all of the functionality required by a managed object. A managed object is associated with an entity description (an instance of NSEntityDescription) that describes the object; for example, the name of the entity, its attributes, relationships, and so on. In other words, an NSEntityDescription object may consist of NSAttributeDescription and NSRelationshipDescription objects that represent the properties of the entity. At runtime, the managed object is associated with a managed object context. Managed Object Context: The objects when fetched from the persistent storage are placed in managed object context. It performs validations and keeps track of the changes made to the object's attributes so that undo and redo operations can be applied to it, if required. In a given context, a managed object provides a representation of a record in a persistent store. Depending on a situation, there may be multiple contexts—each containing a separate managed object representing that record. All managed objects are registered with managed object context. For an application, we need the information represented by the Managed Object (instance of an entity) to be stored on the disk (persistent store) via managed object context. To understand the concepts of managed object context and its relation with data persistence, we need to understand the components of Core Data API, so let us go ahead and look at what Core Data API is all about. Core Data API The Core Data API, also called the stack, consists of three main components: NSPersistentStoreCoordinator NSManagedObjectModel NSManagedObjectContext The PersistentStoreCoordinator plays a major role in storing and retrieving managed objects from the Persistent Store via ManagedObjectContext. We can see in the following figure how the three are related: The Managed Object Model (an instance of NSManagedObjectModel class) is created from the data model of our application. If there is more than one data model in our application, the Managed Object Model is created by merging all of the data models found in the application bundle. The managed object (instance of the NSManagedObject class or its subclass) represents an instance of an entity that is maintained (managed) by the Core Data framework. A managed object is an instance of an Objective-C class, but it differs from other objects in three main ways: A managed object must be an instance of NSManagedObject or of a class that inherits from NSManagedObject The state of managed object is maintained by its managed object context A managed object has an associated entity description that describes the properties of the object For working with a managed object, it is loaded into memory. The managed object context maintains the state of the managed object after it is loaded in memory. The Managed Object Context tracks in-memory changes that have yet to be persisted to the data store. Any changes made to the state of an NSManagedObject do actually affect the state of the object in memory, not just the persistent representation of that object in the data store. When we want to commit the modifications made to the managed object, we save the managed object context to the persistent store. In order to deal with persistent store, the managed object context needs a reference to a PersistentStoreCoordinator. In other words, a pointer to the PersistentStoreCoordinator is required for creating a Managed Object Context. Remember, the PersistentStoreCoordinator is the essential middle layer in the stack that helps in storing and retrieving the managed object model from the persistent store. The managed object context is an object that plays a major role in the life cycle of managed objects. It handles all the aspects of managed object from faulting to validation including undo/redo. To modify managed objects, they are fetched from a persistent store through managed context. The modified managed objects are committed to the persistent store through context only. The managed objects represent data held in a persistent store. Faulting is considered to occur for an object whose property values have not yet been loaded from the external data store. To access the objects (entity) in managed object context, FetchRequest, an instance of NSFetchRequest class, is used. To define the entity to be retrieved via NSFetchRequest, we pass the appropriate NSEntityDescription to the NSFetchRequest. The result, that is, the set of entities retrieved from the managed object context (on the basis of FetchRequest) are managed by FetchedResultsController—an instance of NSFetchedResultsController. In fact, FetchRequest is passed to the FetchedResultsController along with a reference to the managed object context. Once the NSFetchedResultsController class has been initialized, we can perform a fetch operation to load the entities (stored in it) into memory. The managed object context keeps track of all the changes made to the managed object since the last time it was loaded in memory and hence helps in undoing any changes made to the managed object (if required).The Persistent Store Coordinator helps in avoiding redundancy if multiple calls are made by different classes on the same file at the same time, that is, the multiple calls are serialized by the NSPersistentStoreCoordinator class to avoid redundancy. Let us now get a detailed understanding of the terms used above.

Blender 2.5 Materials and Textures Cookbook Over 80 great recipes to create life-like Blender objects Creating metals Of all material surfaces, metals must be one of the most popular to appear in 3D design projects. Metals tend to be visually pleasing with brightly colored surfaces that will gleam when polished. They also exhibit fascinating surface detail due to oxidization and age-related weathering. Being malleable, these surfaces will dent and scratch to display their human interaction. All these issues mean that man-made metal objects are great objects to design outstanding material and texture surfaces within Blender. It is possible in Blender to design metal surfaces using quite simple material setups. Although it may seem logical to create complex node-based solutions to capture all the complexity apparent within a metal surface, the standard Blender material arrangement can achieve all that is necessary to represent almost any metal. Metals have their own set of unique criteria that need application within a material simulation. These include: Wide specularity due to the nature of metals being polished or dulled by interaction Unique bump maps, either representing the construction, and/ or as a result of interaction Reflection – metals, more than many other surfaces, can display reflection. Normally, this can be simulated by careful use of the specular settings in simulation but, occasionally, we will need to have other objects and environments reflected in a metal surface. Blender has a vast array of tools to help you simulate almost any metal surface. Some of these mimic real-world metal tooling effects like anisotropic blend types to simulate brushed metal surfaces, or blurred reflections sometimes seen on sandblasted metal surfaces. All these techniques, while producing realistic metal effects, tend to be very render intensive. We will work with some of the simpler tools in Blender to not only produce realistic results but also conserve memory usage and render times. We will start with a simple but pleasing copper surface. Copper has the unique ability to be used in everything from building materials, through cooking, to money. Keeping up with a building theme, we will create a copper turret material of the type of large copper usage that might be seen on anything from a fairy castle to a modern-day embellishment of a corporate building. One of the pleasant features of such a large structural use of copper is its surface color. A brown/orange predominant color, when new, is changed to a complementary color, light green/blue when oxidized. This oxidization also varies the specularity of its surface and in combination with its man-made construction, using plating creates a very pleasing material. Getting ready To prepare for this recipe, you will need to create a simple mesh to represent a copper-plated turret-like roof. You can be as extravagant as you wish in designing an interesting shape. Give the mesh a few curves, and variations in scale, so that you can see how the textures deform to the shape. The overall scale of this should be about 2.5 times larger than the default cube and about 1.5 times in width at its widest point. If you would prefer to use the same mesh as used in the recipe, you can download it as a pre-created blendfile from the Packtpub website. If you create a turret-like object yourself, ensure that all the normals are facing outwards. You can do this by selecting all of the vertices in edit mode, and then clicking on Normals/ Recalculate in the Tools Shelf. Also, set the surface shading to Smooth in the same menu. Depending on how many vertices you use to create your mesh, you may want to add a Sub-surface modifier to ensure that the model renders to give a nice smooth surface on which we will create the copper-plating material simulation. In the scene used in the example blendfile, three lights have been used. A Sun type lamp at location X 7.321, Y 1.409, Z 11.352 with a color of white and Energy of 1.00. However, it should only be set to provide specular lighting. It is positioned to create a nice specular reflection of the curved part of the turret. A Point lamp type set at X 9.286, Y -3.631, Z 5.904 with a color of white and Energy of 1.00. A Hemi type lamp at location X -9.208, Y 6.059, Z 5.904 with a color of R 1.00, B 0.97, B 0.66 and an Energy of 1.00. These will help simulate daylight and a nice specular reflection as you might see on a bright day. Now would be a good time to save your work. If you have downloaded the pre-created blendfile, or produced one yourself, save it with an incremented filename as copperturret- 01.blend. It will also be necessary for you to download, three images that will provide a color map, a bump map, and a specular map for the plated surface of our turret. They are simple grayscale images that are relatively easily created in a paint package. Essentially, one image is a tiled collection of metal plates with some surface detail, and the other is derived from this image by creating a higher contrast image from the first. This will be used as a specularity map. The third has the same outline as each tile edge but with simple blends from black to white. This will provide a bump map to give the general slope of each metal plate. All three, separate, are available for download from Packtpub website as: Chapt-02/textures/plating.png Chapt-02/textures/plating-bump-1.png Chapt-02/textures/plating-spec-pos.png Once downloaded, save these files into a textures subdirectory below where you have saved the blendfile. How to do it... We are going to create the effect of plating on the turret object, tiling an image around its surface to make it look as though it has been fashioned by master coppersmiths decades ago. Open the copper-turret-01.blend. This file currently has no materials or textures associated with it. With your turret mesh selected, create a new material in the Materials panel. Name your new material copper-roof. Change the Diffuse color to R 1.00, G 0.50, B 0.21. You can use the default diffuse shading type as Lambert. Set the Specular color to R 1.00, G 0.93, B 0.78 and the type to Wardiso with Intensity 0.534, and Slope 0.300. That's the general color set for our material, we now need to create some textures to add the magic. Move over to the Texture panel and select the first texture slot. Create a new texture of type Image or Movie, and name it color-map. From the Image tab, Open the image plating.png that should be in the textures subfolder where you saved the blendfile. This is a grayscale image composed from a number of photographs with grime maps applied within a paint package. Each plate has been scaled and repositioned to produce a random-looking, but tileable texture. Creating such textures is not a quick process. However, the time spent in producing a good image will make your materials look so much better. Under the Mapping tab, select Coordinates of type Generated Projection and of type Tube. Under Image Mapping, select Extension/ Repeat, and set the Repeat values of X 3 and Y 2. This will repeat the texture three times around the circumference of the turret and two times on its height. In the Influence tab, select Diffuse/Color and set to 0.500. Also, set Geometry/ Normal to 5.00. Finally, select Blend type Multiply, RGB to Intensity, and set the color to a nice bright orange with R 0.94, G 0.56, and B 0.00. Save your work as copper-turret-02.blend, and perform a test render. If necessary, you can perform a partial render of just one area of your camera view by using the SHIFT+B shortcut and dragging the border around just an area of the camera view. An orange-dashed border will show what area of the image will be rendered. If you also set the Crop selector in the Render panel under Dimensions, it will only render that bordered area and not the black un-rendered portion. You should see that both the color and bump have produced a subtle change in appearance of the copper turret simulation. However, the bump map is all rather even with each plate looking as though they are all the same thickness rather than one laid on top of another. Time to employ another bump map to create that overlapped look. With the turret object selected, move to the Texture panel and in the next free texture slot, create a new texture of type Image or Movie, and name it plate-bumps. In the Image tab, open the image plating-bump-1.png. Under the Image Mapping tab, select Extension of type Repeat and set the Repeat to X 3, Y 2. In the Mapping tab, ensure the Coordinates are set to Generated and the Projection to Tube. Finally, under the Influence tab, only have the Geometry/Normal set with a value of 10.000. Save your work, naming the file copper-turret-03.blend, and perform another test render. Renders of this model will be quite quick, so don't be afraid to regularly render to examine your progress. Your work should have a more pleasing sloped tiled copper look. However, the surface is still a little dull. Let us add some weather-beaten damage to help bind the images tiled on the surface to the structure below. With the turret object selected, choose the next free texture slot in the Texture panel. Create a new texture of Type Clouds and name it beaten-bumps. In the Clouds tab, set Grayscale and Noise/Hard, and set the Basis to Blender Original with Size 0.11, and Depth 6. Under the Mapping tab, set the Coordinates to Generated, and Projection to Tube. Below projection, change the X,Y,Z to Z, Y, X. Finally, under the Influence tab only, select Geometry/Normal and set to -0.200. Save your work again, incrementing the filename to copper-turret-04.blend. A test render at this point will not produce an enormous difference from the previous render but the effect is there. If you examine each stage render of the recipe so far you will see the subtle but important changes the textures have made. How it works... Creating metal surfaces, in 3D packages like Blender, will almost always require a photographic image to map the man-made nature of the material. Images can add color, bump, or normal maps, as well as specular variety, to show these man-made structures. Because metals can have so much variety in their surface appearance, more than one map will be required. In our example, we used three images that were created in a paint package. They have been designed to give a tileable texture so that the effect can be repeated across the surface without producing discernible repeats. Producing such images can be ttime-consuming but producing a good image map will make your materials much more believable. Occasionally, it will be possible to combine color, bump, and specularity maps into a single image but try to avoid this as it will undoubtedly lead to unnatural-looking metals. Sometimes, the simplest of bump maps can make all the difference to a material. In the middle image shown previously, we see a series of simple blends marking the high and low points of overlapping copper plates. It's working in a very similar way to the recipe on slate roof tiles. However, it is also being used in conjunction with the plating image that supplies the color and just a little bump. We have also supplied a third bump map using a procedural texture, Clouds. Procedurals have the effect of creating random variation across a surface, so here it is used to help tie together and break any repeats formed by the tiled images. Using multiple bump maps is an extremely efficient way of adding subtle detail to any material and here, you can almost see the builders of this turret leaning against it to hammer down the rivets.

  OpenCart 1.4 Template Design Cookbook Over 50 incredibly effective and quick recipes for building modern eye-catching OpenCart templates         Installing jQuery and jCarousel In this recipe, we will download jQuery and jCarousel and also install them into our store. By default, OpenCart comes with jQuery installed. Carousels have become a popular means to display products. There are many different types of carousels. But, we will use jCarousel for this recipe. You can use your favourite one. Getting started We need jQuery for our dynamic content throughout the site. jQuery is added by default with OpenCart. But here, we will also see how to download it and install it. We will download and install jQuery and jCarousel. First, we will go to the sites from where we can download them. If jQuery is not present in your site, you can download it from http://docs.jquery.com/Downloading_jquery. We will download the latest jQuery JavaScript file. How to do it First, we need to download the required files to use jCarousel. We need the jQuery JavaScript file and jCarousel JavaScript and css files. To check whether our site is jQuery-enabled or not, we can use web developer Firefox addons. Click on the information tab of Web Developer: It will display many sub-menus. Every sub-menu has its own importance. We select View JavaScript. Then, a new tab will open containing all the JavaScripts for the web page in it. You can contract or expand the links. If our store already has jQuery, then we can find it in this page. Otherwise, it won't be in this page or it will show a 404 error. Since our store is jQuery-enabled by default, we don't need to install jQuery. We have shown the installation of jQuery so that you can have full control of the process. There are several releases available to download. After downloading jQuery, we will place it under the catalogviewJavascriptjQuery folder. Now, we will download jCarousel. We can download it from http://sorgalla.com/projects/jCarousel/. Then, extract the compressed file. There will be many files in the extracted folder. Under the lib folder, we have an uncompressed and minified version of jCarousel. We create a folder named jCarousel under catalogviewiavascriptjquery. Then, in the jCarousel folder, create another folder named js. We will place any one of the two files under catalogviewjavascriptjqueryjcarouseljs. And bring the skins folder under the catalogviewjavascriptjqueryjcarousel. Displaying products using jCarousel We have installed jQuery and jCarousel in the previous recipe. Here, we will see how we can display products with jCarousel. In this recipe, we are going use jCarousel for the latest products, but you can use it for other modules as well. Getting started First, we will open the header.tpl file under catalogviewthemeshoptemplatecommon. If we don't have jQuery in our site, then we need to add it here. See the following code block: <script type="text/javascript" src="catalog/view/javascript/jquery/jquery-1.3.2.min.js"></script> How to do it We will follow the steps below for jCarousel addition to our store: First, we need to add the links for jCarousel JavaScript and css files to work with jCarousel. As we are using jCarousel for displaying the latest products, we place the links for those files in the latest_home.tpl under catalogviewthemeshoptemplatemodule. We add the following links: <script type="text/javascript" src="catalog/view/javascript/jquery/jcarousel/lib/jquery.jcarousel.js"></script> <link rel="stylesheet" type="text/css" href="catalog/view/javascript/jquery/jcarousel/skins/tango/skin.css" /> Now, we modify some HTML element structure to place the products in jCarousel. The current structure is table based. We will use <ul> <li> instead of the table structure. We remove the following tag: <table class="list"> //... </table> And write the following code, here by the three dots, we mean other inner codes: <ul id="latestcarousel" class="jCarousel-skin-tango"> //... </ul> Here latestcarousel ID is our carousel container ID. There are two skins available for jCarousel, one is tango and the other is ie7. Here, we are using tango. We also remove the tr tag: <tr> //... </tr> Now, remove the td tag and the following: <td style="width: 25%;"><?php if (isset($products[$j])) { ?> //... <?php } ?></td> And, we replace it with the following code: <li> //... </li> Now, we will initialize jCarousel. <script type="text/javascript"> jQuery(document).ready(function() { jQuery('#latestcarousel').jcarouseljcarousel(); }); </script> If we see our changes in the browser, then we will find it as: Here, we need to adjust the height and width of the carousel. To change the width of the carousel, open the skin.css file under catalogiewJavascriptjQueryjCarouselskins. We are going to change the following code: .jcarousel-skin-tango .jcarousel-container-horizontal { width: 245px; padding: 20px 40px; } To the following code: .jcarousel-skin-tango .jcarousel-container-horizontal { width: auto; padding: 20px 40px; } Again, if we are going to use jCarousel in some other places as well, it is not smart to change the skin.css. Instead we can override it in our theme-css for a specific region. For example, #content .middle .jcarousel-skin-tango .jcarousel-container-horizontal. Here, we have just shown you one instance of jCarousel usage. We changed the width to auto. So, in the browser, the carousel will be like this: There is style for both vertical and horizontal carousel in the stylesheet. As we are now using the horizontal carousel, we adjust the styles for horizontal only. The area showing the images of the products is smaller compared to the carousel width. So, we will adjust the width. We set the width to auto. .jcarousel-skin-tango .jcarousel-clip-horizontal { width: auto; height: 75px; } Now, the carousel is displaying products along the full width of the carousel. See the following image: Our height for the carousel is small. Let's change the height of it. We change the height to 200px: .jcarousel-skin-tango .jcarousel-clip-horizontal { width: auto; height: 200px; } This makes our carousel look like the following: To enlarge the height of the product image display area, we need to change the following code: .jcarousel-skin-tango .jcarousel-item { width: 75px; height: 200px; } We change the height to 200px. In the browser, now our carousel looks like this: We need to adjust the margin property for our product images. We change the margin-right property to 50px. .jcarousel-skin-tango .jcarousel-item-horizontal { margin-left: 0; margin-right: 50px; } This makes spacing between the product images. You need to refresh the browser to view the changes: We will set options for the carousel. There are several options. You can see the available options in this link: http://sorgalla.com/projects/jcarousel/. We used the following options and placed it in the latest_home.tpl, the page in which we are showing jCarousel: <script type="text/javascript"> jQuery(document).ready(function() { jQuery('#latestcarousel').jcarousel({ scroll: 1, visible: 3, auto: 3, rtl: true, wrap: 'circular' }); }); </script>  

ZBrush 4 Sculpting for Games: Beginner's Guide Sculpt machines, environments, and creatures for your game development projects Q: Why do we use ZBrush and why is it so widely used in the game and film industry? A: ZBrush is very good for creating highly detailed models in a very short time. This may sound trivial, but it is very sought-after and if you have seen the amazing detail on some creatures in Avatar (film), The Lord of the Rings (film) or Gears of War (game), you'll know how much this adds to the experience. Without the possibilities of ZBrush, we weren't able to achieve such an incredible level of detail that looks almost real, like this detailed close-up of an arm: But apart from creating hyper-realistic models in games or films, ZBrush also focuses on making model creation easier and more lifelike. For these reasons, it essentially tries to mimic working with real clay, which is easy to understand. So it's all about adding and removing digital clay, which is quite a fun and intuitive way of creating 3D-models. Q: Where can one get more information on ZBrush? A: Now that you're digging into ZBrush, these websites are worth a visit: http://www.pixologic.com. As the developers of ZBrush, this site features many customer stories, tutorials, and most interestingly the turntable gallery, where you can rotate freely around ZBrush models from others. http://www.ZBrushcentral.com. The main forum with answers for all ZBrush-related questions and a nice "top-row-gallery". http://www.ZBrush.info. This is a wiki, hosted by pixologic, containing the online documentation for ZBrush. Q: What are the most important hotkeys in ZBrush? A: The following are some of the most important hotkeys in ZBrush: To Rotate your model, left-click anywhere on an unoccupied area of the canvas and drag the mouse. To Move your model, hold Alt while left-clicking anywhere on an unoccupied area of the canvas and drag the mouse. To Scale your model, Press Alt while left-clicking anywhere on an unoccupied area of the canvas, which is moving. Now release the Alt key while keeping the mouse button pressed and drag. Q: What is the difference between 2D, 2.5D, and 3D images in ZBrush? A: 2D digital Images are a flat representation of color, consisting of pixels. Each pixel holds color information. Opposed to that, 3D models—as the name says—can hold 3-dimensional information. A 2.5D image stores the color information like an image, but additionally knows how far away the pixels in the image are from the viewer and in which direction they are pointing. With this information you can, for example, change the lighting in your 2.5D image, without having to repaint it, which can be a real time-saver. To make this even clearer, the next list shows some of the actions we can perform, depending if we're working in 2D, 2.5D, or 3D: 3D – Rotation, deformation, lighting, 2.5D – Deformation, lighting, pixel-based effects 2D – Pixel-based effects A pixel-based effect, for example, could be the contrast brush or the glow brush, which can't be applied to a 3D-model. Q: How can we switch between 2.5D and 3D mode? A: We can switch between 2.5D and 3D mode by using the Edit button.

A robust penetration testing methodology needs a roadmap. This will provide practical ideas and proven practices which should be handled with great care in order to assess the system security correctly. Let's take a look at what this methodology looks like. It will help ensure you're using BackTrack effectively and that you're tests are thorough and reliable. Penetration testing can be carried out independently or as a part of an IT security risk management process that may be incorporated into a regular development lifecycle (for example, Microsoft SDLC). It is vital to notice that the security of a product not only depends on the factors relating to the IT environment, but also relies on product specific security's best practices. This involves implementation of appropriate security requirements, performing risk analysis, threat modeling, code reviews, and operational security measurement. PenTesting is considered to be the last and most aggressive form of security assessment handled by qualified professionals with or without prior knowledge of a system under examination. It can be used to assess all the IT infrastructure components including applications, network devices, operating systems, communication medium, physical security, and human psychology. The output of penetration testing usually contains a report which is divided into several sections addressing the weaknesses found in the current state of a system following their countermeasures and recommendations. Thus, the use of a methodological process provides extensive benefits to the pentester to understand and critically analyze the integrity of current defenses during each stage of the testing process. Different types of penetration testing Although there are different types of penetration testing, the two most general approaches that are widely accepted by the industry are Black-Box and White-Box. These approaches will be discussed in the following sections. Black-box testing The black-box approach is also known as external testing. While applying this approach, the security auditor will be assessing the network infrastructure from a remote location and will not be aware of any internal technologies deployed by the concerning organization. By employing the number of real world hacker techniques and following through organized test phases, it may reveal some known and unknown set of vulnerabilities which may otherwise exist on the network. An auditor dealing with black-box testing is also known as black-hat. It is important for an auditor to understand and classify these vulnerabilities according to their level of risk (low, medium, or high). The risk in general can be measured according to the threat imposed by the vulnerability and the financial loss that would have occurred following a successful penetration. An ideal penetration tester would undermine any possible information that could lead him to compromise his target. Once the test process is completed, a report is generated with all the necessary information regarding the target security assessment, categorizing and translating the identified risks into business context. White-box testing The white-box approach is also referred to as internal testing. An auditor involved in this kind of penetration testing process should be aware of all the internal and underlying technologies used by the target environment. Hence, it opens a wide gate for an auditor to view and critically evaluate the security vulnerabilities with minimum possible efforts. An auditor engaged with white-box testing is also known as white-hat. It does bring more value to the organization as compared to the blackbox approach in the sense that it will eliminate any internal security issues lying at the target infrastructure environment, thus, making it more tightened for malicious adversary to infiltrate from the outside. The number of steps involved in white-box testing is a bit more similar to that of black-box, except the use of the target scoping, information gathering, and identification phases can be excluded. Moreover, the white-box approach can easily be integrated into a regular development lifecycle to eradicate any possible security issues at its early stage before they get disclosed and exploited by intruders. The time and cost required to find and resolve the security vulnerabilities is comparably less than the black-box approach. The combination of both types of penetration testing provides a powerful insight for internal and external security viewpoints. This combination is known as Grey-Box testing, and the auditor engaged with gray-box testing is also known as grey-hat. The key benefit in devising and practicing a gray-box approach is a set of advantages posed by both approaches mentioned earlier. However, it does require an auditor with limited knowledge of an internal system to choose the best way to assess its overall security. On the other side, the external testing scenarios geared by the graybox approach are similar to that of the black-box approach itself, but can help in making better decisions and test choices because the auditor is informed and aware of the underlying technology. Vulnerability assessment versus penetration testing Since the exponential growth of an IT security industry, there are always an intensive number of diversities found in understanding and practicing the correct terminology for security assessment. This involves commercial grade companies and non-commercial organizations who always misinterpret the term while contracting for the specific type of security assessment. For this obvious reason, we decided to include a brief description on vulnerability assessment and differentiate its core features with penetration testing. Vulnerability assessment is a process for assessing the internal and external security controls by identifying the threats that pose serious exposure to the organizations assets. This technical infrastructure evaluation not only points the risks in the existing defenses but also recommends and prioritizes the remediation strategies. The internal vulnerability assessment provides an assurance for securing the internal systems, while the external vulnerability assessment demonstrates the security of the perimeter defenses. In both testing criteria, each asset on the network is rigorously tested against multiple attack vectors to identify unattended threats and quantify the reactive measures. Depending on the type of assessment being carried out, a unique set of testing process, tools, and techniques are followed to detect and identify vulnerabilities in the information assets in an automated fashion. This can be achieved by using an integrated vulnerability management platform that manages an up-to-date vulnerabilities database and is capable of testing different types of network devices while maintaining the integrity of configuration and change management. A key difference between vulnerability assessment and penetration testing is that penetration testing goes beyond the level of identifying vulnerabilities and hooks into the process of exploitation, privilege escalation, and maintaining access to the target system. On the other hand, vulnerability assessment provides a broad view of any existing flaws in the system without measuring the impact of these flaws to the system under consideration. Another major difference between both of these terms is that the penetration testing is considerably more intrusive than vulnerability assessment and aggressively applies all the technical methods to exploit the live production environment. However, the vulnerability assessment process carefully identifies and quantifies all the vulnerabilities in a non-invasive manner. This perception of an industry, while dealing with both of these assessment types, may confuse and overlap the terms interchangeably, which is absolutely wrong. A qualified consultant always makes an exception to workout the best type of assessment based on the client's business requirement rather than misleading them from one over the other. It is also a duty of the contracting party to look into the core details of the selected security assessment program before taking any final decision. Penetration testing is an expensive service when compared to vulnerability assessment. Security testing methodologies There have been various open source methodologies introduced to address security assessment needs. Using these assessment methodologies, one can easily pass the time-critical and challenging task of assessing the system security depending on its size and complexity. Some of these methodologies focus on the technical aspect of security testing, while others focus on managerial criteria, and very few address both sides. The basic idea behind formalizing these methodologies with your assessment is to execute different types of tests step-by-step in order to judge the security of a system accurately. Therefore, we have introduced four such well-known security assessment methodologies to provide an extended view of assessing the network and application security by highlighting their key features and benefits. These include: Open Source Security Testing Methodology Manual (OSSTMM) Information Systems Security Assessment Framework (ISSAF) Open Web Application Security Project (OWASP) Top Ten Web Application Security Consortium Threat Classification (WASC-TC) All of these testing frameworks and methodologies will assist the security professionals to choose the best strategy that could fit into their client's requirements and qualify the suitable testing prototype. The first two provide general guidelines and methods adhering security testing for almost any information assets. The last two mainly deal with the assessment of an application security domain. It is, however, important to note that the security in itself is an on-going process. Any minor change in the target environment can affect the whole process of security testing and may introduce errors in the final results. Thus, before complementing any of the above testing methods, the integrity of the target environment should be assured. Additionally, adapting any single methodology does not necessarily provide a complete picture of the risk assessment process. Hence, it is left up to the security auditor to select the best strategy that can address the target testing criteria and remains consistent with its network or application environment. There are many security testing methodologies which claim to be perfect in finding all security issues, but choosing the best one still requires a careful selection process under which one can determine the accountability, cost, and effectiveness of the assessment at optimum level. Thus, determining the right assessment strategy depends on several factors, including the technical details provided about the target environment, resource availability, PenTester's knowledge, business objectives, and regulatory concerns. From a business standpoint, investing blind capital and serving unwanted resources to a security testing process can put the whole business economy in danger. Open Source Security Testing Methodology Manual (OSSTMM) The OSSTMM is a recognized international standard for security testing and analysis and is being used by many organizations in their day-to-day assessment cycle. It is purely based on scientific method which assists in quantifying the operational security and its cost requirements in concern with the business objectives. From a technical perspective, its methodology is divided into four key groups, that is, Scope, Channel, Index, and Vector. The scope defines a process of collecting information on all assets operating in the target environment. A channel determines the type of communication and interaction with these assets, which can be physical, spectrum, and communication. All of these channels depict a unique set of security components that has to be tested and verified during the assessment period. These components comprise of physical security, human psychology, data networks, wireless communication medium, and telecommunication. The index is a method which is considerably useful while classifying these target assets corresponding to their particular identifications, such as, MAC Address, and IP Address. At the end, a vector concludes the direction by which an auditor can assess and analyze each functional asset. This whole process initiates a technical roadmap towards evaluating the target environment thoroughly and is known as Audit Scope. There are different forms of security testing which have been classified under OSSTMM methodology and their organization is presented within six standard security test types: Blind: The blind testing does not require any prior knowledge about the target system. But the target is informed before the execution of an audit scope. Ethical hacking and war gaming are examples of blind type testing. This kind of testing is also widely accepted because of its ethical vision of informing a target in advance. Double blind: In double blind testing, an auditor does not require any knowledge about the target system nor is the target informed before the test execution. Black-box auditing and penetration testing are examples of double blind testing. Most of the security assessments today are carried out using this strategy, thus, putting a real challenge for auditors to select the best of breed tools and techniques in order to achieve their required goal. Gray box: In gray box testing, an auditor holds limited knowledge about the target system and the target is also informed before the test is executed. Vulnerability assessment is one of the basic examples of gray box testing. Double gray box: The double gray box testing works in a similar way to gray box testing, except the time frame for an audit is defined and there are no channels and vectors being tested. White-box audit is an example of double gray box testing. Tandem: In tandem testing, the auditor holds minimum knowledge to assess the target system and the target is also notified in advance before the test is executed. It is fairly noted that the tandem testing is conducted thoroughly. Crystal box and in-house audit are examples of tandem testing. Reversal: In reversal testing, an auditor holds full knowledge about the target system and the target will never be informed of how and when the test will be conducted. Red-teaming is an example of reversal type testing. Which OSSTMM test type follows the rules of Penetration Testing? Double blind testing The technical assessment framework provided by OSSTMM is flexible and capable of deriving certain test cases which are logically divided into five security components of three consecutive channels, as mentioned previously. These test cases generally examine the target by assessing its access control security, process security, data controls, physical location, perimeter protection, security awareness level, trust level, fraud control protection, and many other procedures. The overall testing procedures focus on what has to be tested, how it should be tested, what tactics should be applied before, during and after the test, and how to interpret and correlate the final results. Capturing the current state of protection of a target system by using security metrics is considerably useful and invaluable. Thus, the OSSTMM methodology has introduced this terminology in the form of RAV (Risk Assessment Values). The basic function of RAV is to analyze the test results and compute the actual security value based on three factors, which are operational security, loss controls, and limitations. This final security value is known as RAV Score. By using RAV score an auditor can easily extract and define the milestones based on the current security posture to accomplish better protection. From a business perspective, RAV can optimize the amount of investment required on security and may help in the justification of better available solutions. Key features and benefits Practicing the OSSTMM methodology substantially reduces the occurrence of false negatives and false positives and provides accurate measurement for the security. Its framework is adaptable to many types of security tests, such as penetration testing, white-box audit, vulnerability assessment, and so forth. It ensures the assessment should be carried out thoroughly and that of the results can be aggregated into consistent, quantifiable, and reliable manner. The methodology itself follows a process of four individually connected phases, namely definition phase, information phase, regulatory phase, and controls test phase. Each of which obtain, assess, and verify the information regarding the target environment. Evaluating security metrics can be achieved using the RAV method. The RAV calculates the actual security value based on operational security, loss controls, and limitations. The given output known as the RAV score represents the current state of target security. Formalizing the assessment report using the Security Test Audit Report (STAR) template can be advantageous to management, as well as the technical team to review the testing objectives, risk assessment values, and the output from each test phase. The methodology is regularly updated with new trends of security testing, regulations, and ethical concerns. The OSSTMM process can easily be coordinated with industry regulations, business policy, and government legislations. Additionally, a certified audit can also be eligible for accreditation from ISECOM (Institute for Security and Open Methodologies) directly.

While brilliant gameplay is the key to a fun and successful game, it is essential to deliver beautiful visuals to provide a pleasing experience and immerse the player in the game world. The looks of many modern productions are massively dominated by all sorts of visual magic to create the jaw-dropping visual density that is soaked up by players with joy and makes them feel connected to the action and the gameplay they are experiencing. The appearance of your game matters a lot to its reception by players. Therefore it is important to know how to leverage your technology to get the best possible looks out of it. This is why this article will show you how Panda3D allows you to create great looking games using lights, shaders, and particles. Adding lights and shadows in Panda3d Lights and shadows are very important techniques for producing a great presentation. Proper scene lighting sets the mood and also adds depth to an otherwise flat-looking scene, while shadows add more realism, and more importantly, root the shadow-casting objects to the ground, destroying the impression of models floating in mid-air. This recipe will show you how to add lights to your game scenes and make objects cast shadows to boost your visuals. Getting ready You need to create the setup presented in Setting up the game structure before proceeding, as this recipe continues and builds upon this base code. How to do it... This recipe consists of these tasks: Add the following code to Application.py: from direct.showbase.ShowBase import ShowBase from direct.actor.Actor import Actor from panda3d.core import * class Application(ShowBase): def __init__(self): ShowBase.__init__(self) self.panda = Actor("panda", {"walk": "panda-walk"}) self.panda.reparentTo(render) self.panda.loop("walk") cm = CardMaker("plane") cm.setFrame(-10, 10, -10, 10) plane = render.attachNewNode(cm.generate()) plane.setP(270) self.cam.setPos(0, -40, 6) ambLight = AmbientLight("ambient") ambLight.setColor(Vec4(0.2, 0.1, 0.1, 1.0)) ambNode = render.attachNewNode(ambLight) render.setLight(ambNode) dirLight = DirectionalLight("directional") dirLight.setColor(Vec4(0.1, 0.4, 0.1, 1.0)) dirNode = render.attachNewNode(dirLight) dirNode.setHpr(60, 0, 90) render.setLight(dirNode) pntLight = PointLight("point") pntLight.setColor(Vec4(0.8, 0.8, 0.8, 1.0)) pntNode = render.attachNewNode(pntLight) pntNode.setPos(0, 0, 15) self.panda.setLight(pntNode) sptLight = Spotlight("spot") sptLens = PerspectiveLens() sptLight.setLens(sptLens) sptLight.setColor(Vec4(1.0, 0.0, 0.0, 1.0)) sptLight.setShadowCaster(True) sptNode = render.attachNewNode(sptLight) sptNode.setPos(-10, -10, 20) sptNode.lookAt(self.panda) render.setLight(sptNode) render.setShaderAuto() Start the program with the F6 key. You will see the following scene: How it works... As we can see when starting our program, the panda is lit by multiple lights, casting shadows onto itself and the ground plane. Let's see how we achieved this effect. After setting up the scene containing our panda and a ground plane, one of each possible light type is added to the scene. The general pattern we follow is to create new light instances before adding them to the scene using the attachNewNode() method. Finally, the light is turned on with setLight(), which causes the calling object and all of its children in the scene graph to receive light. We use this to make the point light only affect the panda but not the ground plane. Shadows are very simple to enable and disable by using the setShadowCaster() method, as we can see in the code that initializes the spotlight. The line render.setShaderAuto() enables the shader generator, which causes the lighting to be calculated pixel perfect. Additionally, for using shadows, the shader generator needs to be enabled. If this line is removed, lighting will look coarser and no shadows will be visible at all. Watch the amount of lights you are adding to your scene! Every light that contributes to the scene adds additional computation cost, which will hit you if you intend to use hundreds of lights in a scene! Always try to detect the nearest lights in the level to use for lighting and disable the rest to save performance. There's more... In the sample code, we add several types of lights with different properties, which may need some further explanation. Ambient light sets the base tone of a scene. It has no position or direction—the light color is just added to all surface colors in the scene, which avoids unlit parts of the scene to appear completely black. You shouldn't set the ambient color to very high intensities. This will decrease the effect of other lights and make the scene appear flat and washed out. Directional lights do not have a position, as only their orientation counts. This light type is generally used to simulate sunlight—it comes from a general direction and affects all light-receiving objects equally. A point light illuminates the scene from a point of origin from which light spreads towards all directions. You can think of it as a (very abstract) light bulb. Spotlights, just like the headlights of a car or a flashlight, create a cone of light that originates from a given position and points towards a direction. The way the light spreads is determined by a lens, just like the viewing frustum of a camera. Using light ramps The lighting system of Panda3D allows you to pull off some additional tricks to create some dramatic effects with scene lights. In this recipe, you will learn how to use light ramps to modify the lights affect on the models and actors in your game scenes. Getting ready In this recipe we will extend the code created in Adding lights and shadows found in this article. Please review this recipe before proceeding if you haven't done so yet. How to do it... Light ramps can be used like this: Open Application.py and add and modify the existing code as shown: from direct.showbase.ShowBase import ShowBase from direct.actor.Actor import Actor from panda3d.core import * from direct.interval.IntervalGlobal import * class Application(ShowBase): def __init__(self): ShowBase.__init__(self) self.panda = Actor("panda", {"walk": "panda-walk"}) self.panda.reparentTo(render) self.panda.loop("walk") cm = CardMaker("plane") cm.setFrame(-10, 10, -10, 10) plane = render.attachNewNode(cm.generate()) plane.setP(270) self.cam.setPos(0, -40, 6) ambLight = AmbientLight("ambient") ambLight.setColor(Vec4(0.3, 0.2, 0.2, 1.0)) ambNode = render.attachNewNode(ambLight) render.setLight(ambNode) dirLight = DirectionalLight("directional") dirLight.setColor(Vec4(0.3, 0.9, 0.3, 1.0)) dirNode = render.attachNewNode(dirLight) dirNode.setHpr(60, 0, 90) render.setLight(dirNode) pntLight = PointLight("point") pntLight.setColor(Vec4(3.9, 3.9, 3.8, 1.0)) pntNode = render.attachNewNode(pntLight) pntNode.setPos(0, 0, 15) self.panda.setLight(pntNode) sptLight = Spotlight("spot") sptLens = PerspectiveLens() sptLight.setLens(sptLens) sptLight.setColor(Vec4(1.0, 0.4, 0.4, 1.0)) sptLight.setShadowCaster(True) sptNode = render.attachNewNode(sptLight) sptNode.setPos(-10, -10, 20) sptNode.lookAt(self.panda) render.setLight(sptNode) render.setShaderAuto() self.activeRamp = 0 toggle = Func(self.toggleRamp) switcher = Sequence(toggle, Wait(3)) switcher.loop() def toggleRamp(self): if self.activeRamp == 0: render.setAttrib(LightRampAttrib.makeDefault()) elif self.activeRamp == 1: render.setAttrib(LightRampAttrib.makeHdr0()) elif self.activeRamp == 2: render.setAttrib(LightRampAttrib.makeHdr1()) elif self.activeRamp == 3: render.setAttrib(LightRampAttrib.makeHdr2()) elif self.activeRamp == 4: render.setAttrib(LightRampAttrib. makeSingleThreshold(0.1, 0.3)) elif self.activeRamp == 5: render.setAttrib(LightRampAttrib. makeDoubleThreshold(0, 0.1, 0.3, 0.8)) self.activeRamp += 1 if self.activeRamp > 5: self.activeRamp = 0 Press F6 to start the sample and see it switch through the available light ramps as shown in this screenshot: How it works... The original lighting equation that is used by Panda3D to calculate the final screen color of a lit pixel limits color intensities to values within a range from zero to one. By using light ramps we are able to go beyond these limits or even define our own ones to create dramatic effects just like the ones we can see in the sample program. In the sample code, we increase the lighting intensity and add a method that switches between the available light ramps, beginning with LightRampAttrib.makeDefault() which sets the default clamping thresholds for the lighting calculations. Then, the high dynamic range ramps are enabled one after another. These light ramps allow you to have a higher range of color intensities that go beyond the standard range between zero and one. These high intensities are then mapped back into the displayable range, allocating different amounts of values within it to displaying brightness. By using makeHdr0(), we allocate a quarter of the displayable range to brightness values that are greater than one. With makeHdr1() it is a third and with makeHdr2() we are causing Panda3D to use half of the color range for overly bright values. This doesn't come without any side effects, though. By increasing the range used for high intensities, we are decreasing the range of color intensities available for displaying colors that are within the limits of 0 and 1, thus losing contrast and making the scene look grey and washed out. Finally, with the makeSingleThreshold() and makeDoubleThreshold() methods, we are able to create very interesting lighting effects. With a single threshold, lighting values below the given limit will be ignored, while anything that exceeds the threshold will be set to the intensity given in the second parameter of the method. The double threshold system works analogous to the single threshold, but lighting intensity will be normalized to two possible values, depending on which of the two thresholds was exceeded.

  OpenCart 1.4 Template Design Cookbook Over 50 incredibly effective and quick recipes for building modern eye-catching OpenCart templates         Read more about this book       (For more resources on Opencart, see here.) Customizing the cycle plugin In this recipe, we use the jQuery cycle plugin with our products. We first download the jQuery cycle plugin. Getting started We need jQuery enabled for jQuery cycle to work with our store shop. How to do it Go through the following steps to customize the jQuery cycle plugin: First, download the jQuery cycle JavaScript files from http://jquery.malsup.com/cycle/download.html. We extract the downloaded compressed file. We will use the jquery.cycle.min.js. We copy this file to catalogviewjavascriptjquery. We need to add jQuery and the jQuery cycle JavaScript file into our file. For this recipe, we will add this plugin for the latest products in the home section. So, we add the following code in latest_home.tpl as we are not using the jQuery cycle plugin throughout the site: <script type="text/Javascript" src="catalog/view/javascript/jquery/ jquery.cycle.min.js"></script> Then, we will modify the existing table-based structure to div-based. We remove the following code: <table class="list">//...</table> And in place of that we write the following: <div class="slideshow">//...</div> We also again remove the tr tag: <tr>//...</tr> And replace the td HTML tag with the following div tag: <td style="width: 25%;">//...</td> The required div tag is: <div class="slideshow-image-container">//...</div> We will initialize the jQuery cycle plugin with the following code: <script type="text/Javascript">$(document).ready(function() { $('.slideshow').cycle({ fx: 'fade' });});</script> Now, go to the browser and refresh to see the effect of our change: We center the product image. So, we add the following margin-left property to our image in the stylesheets.css file: .slideshow .slideshow-image-container {margin-left: 200px;} Then, the image container moves to the center of the latest product area. See the following image: We need to do some styling to our product images. We will have a thick border around our image. So, we add these styling attributes: .slideshow .slideshow-image-container { margin-left: 200px; border: 10px solid #ddd;} This creates a border around the product image like the following: The product image and the descriptions are all left aligned. So, we make it centered by adding the following style tag: .slideshow .slideshow-image-container { margin-left: 200px; text-align: center; padding: 10px; border:10px solid #ddd;} Now, our jQuery cycle looks like this: There's more... You can also see the Accordion jQuery plugin. It is also a very popular jQuery plugin. You can add and initialize it in almost the same way. You can read the documentation of the plugin at http://plugins.jquery.com/project/accordion. Modifying the side column with the cycle plugin We modified the latest product block in the center column with the jQuery cycle plugin. Now, if we want to show our products on the side columns with the jQuery cycle, then this recipe will guide us to our destination. Getting started We need jQuery enabled for jQuery cycle to work with our store shop. How to do it Go through the following steps to customize the jQuery cycle plugin: To use the plugin, first, we need to add the required file links to the latest.tpl file as we are using the jQuery cycle for latest products. We add the following line in our latest.tpl file: <script type="text/Javascript" src="catalog/view/javascript/jquery/jquery.cycle.all.min.js"></script> Then, like our previous recipes, we will remove the table-based style and instead, use div-based styles: <table cellpadding="2" cellspacing="0" style="width: 100%;">//...<tr>//...</tr>//..</table> And, we write the following tag in place of the table element: <div class="slideshow">//...</div> We also li tag with a div element. See the following code: //remove this tags<li>//...</li>//replace with the following element<div class="slideshow-image-container">//...</div> Now, we initialize the cycle plugin with the code below: <script type="text/Javascript">$(document).ready(function() { $('.slideshow').cycle({ fx: 'fade' });});</script> If we go to the browser, then we can see the following changes: We will add some styling to the above display. The products are displaying on the left side of the side column. To make it centered, we add margin to the style: .slideshow .slideshow-image-container { margin-left: 60px; } Our right column changes like this: We add a border to our image. We do the following styling addition: .slideshow .slideshow-image-container { margin-left: 60px; border: 5px solid #ddd;} When we go to the browser, we find the following state of our right side bar: We need to add some padding and make our text aligned to the center. So, we also add the following styles: .slideshow .slideshow-image-container { margin-left: 60px; border: 5px solid #ddd; padding:5px; text-align: center;} We refresh our browser and see our changes in action: There is more You can also add this plugin on the left side of our OpenCart store. Just change the position of the module from the module section of the admin panel.  

AJAX (Asynchronous JavaScript and XML), a term coined by Jesse James Garrett of Adaptive Path, stands for a combination of different technologies that help to communicate seamlessly with the server without the need for a page refresh. AJAX applications involve the following technologies: JavaScript for running the core AJAX engine XmlHttpRequest object to communicate with the server Web presentation using XHTML and CSS or XSLT DOM to work with the HTML structure XML and JSON for data interchange The XmlHttpRequest object is used for posting HTTP/HTTPS requests to the server. Most modern browsers have a built-in XmlHttpRequest object. JSON (JavaScript Object Notation) is a lightweight data interchange format and is increasingly used in AJAX applications today. It is basically a collection of name/value pairs. In classic web applications, the client submits data to the server for processing and the server sends back refreshed content to the client. This causes a visible page refresh and the web user must wait for a page reload before further interaction with the web application. AJAX, however, eliminates the need for an explicit page refresh by communicating with the server behind the scenes. It uses the power of XmlHttpRequest object to post a request to the server. Thus, the backend communication with the server is transparent to the end user. In addition, using AJAX, only the data that is required to be updated can be selectively refreshed on the page. The previous figure is the traditional model for web applications (left) compared to the AJAX model (right). The previous figure shows the basic difference between traditional and AJAX-enabled applications. In traditional web applications, the client sends requests directly to the server and waits to receive the corresponding response. In AJAX-based applications, however, this is replaced by a JavaScript call to the AJAX engine instead, which sends the request asynchronously to the server. As a result, web users' interaction with the application is not interrupted and users can continue to work with the application. The jQuery library provides many methods for working with AJAX. In this article, we will explore the use of the following methods: $.ajax(settings): This is a generic low level function that helps to create any type of AJAX request. There are a number of configuration settings that can be applied using this function to customize an AJAX call. It helps to set the type of HTTP request (GET/ POST), the URL, parameters, datatype, as well as the callback functions to execute successful/unsuccessful invocation of the AJAX call. $.ajaxSetup(options): This method helps to define default settings for making AJAX calls on the page. The setup is done one time and all the subsequent AJAX calls on the page are made using the default settings. Getting started Let's start by creating a new ASP.NET website in Visual Studio and name it Chapter6. Save the jQuery library in a script folder js in the project. To enable jQuery on any web form, drag-and-drop the library to add the following to the page: <script src="js/jquery-1.4.1.js" type="text/javascript"></script> Now let's move on to the recipes where we will see how jQuery can be used to make AJAX calls to ASP.NET code-behind. Basically, in this article, we will explore three possible approaches of communicating with the server: Using page methods Using web services Using HTTP Handlers So, let's get started. Setting up AJAX with ASP.NET using jQuery In this recipe, we will set up our ASP.NET web page to execute an AJAX call. We will also see how to set the default AJAX properties. Getting ready Create an HTML file Content.html in the project and add the following contents: <html > <head> <title>Content Page</title> <link href="css/content.css" rel="stylesheet" type="text/css" /> </head> <body> <p> <table cellpadding="3" cellspacing="3" id="box-table-a"> <tr><td>Title</td><td>Author</td><td>Genre</td></tr> <tr><td>Alchemist</td><td>Paulo Coelho</td><td>Fiction</td></tr> <tr><td>Heart of Darkness</td><td>Joseph Conrad</td><td>Classic</ td></tr> <tr><td>David Copperfield</td><td>Charles Dickens</ td><td>Classic</td></tr> <tr><td>Have a Little Faith</td><td>Mitch Albom</td><td>Fiction</ td></tr> </table> </p> </body> </html> Add a new web form Recipe1.aspx to the current project. Add a button control to the web form to trigger the AJAX request. <asp:Button ID="btnSubmit" runat="server" Text="Click Here" /> Thus, the ASPX markup of the web form is as follows: <form id="form1" runat="server"> <div align="center"> <fieldset style="width:400px;height:200px;"> <div id="contentArea"> <asp:Button ID="btnSubmit" runat="server" Text="Click Here" /> </div> </fieldset> </div> </form> On page load, the form will appear as shown in the following screenshot: When the button is clicked, we will retrieve the contents of the HTML file using AJAX and display it on the page. How to do it… In the document.ready() function of the jQuery script block, call the ajaxSetup() method to set the default properties of all AJAX calls on the page: $.ajaxSetup({ Turn off the cache so that the contents are not cached by the browser: cache: false, Set the data type of the response. In this case, since we are going to load the contents from the HTML file, the dataType is HTML: dataType: "html", Define the callback function if the AJAX request fails. The callback function takes in three parameters: the XMLHttpRequest object, the error status, and an exception object: error: function(xhr, status, error) { alert('An error occurred: ' + error); }, Define the global timeout in milliseconds: timeout: 30000, Set the type of HTTP request (GET/POST): type: "GET", Define the callback function to be called before the AJAX request is initiated. This function can be used to modify the Xml HttpRequest object: beforeSend: function() { console.log('In Ajax beforeSend function'); }, Define the function to be called when the AJAX request is completed: complete: function() { console.log('In Ajax complete function'); } }); Now, having set the default properties in the previous code block, we will now invoke the actual AJAX call on clicking the button control on the form. Attach a handler for the click event of the button control: $("#btnSubmit").click(function(e) { Prevent default form submission: e.preventDefault(); Initiate the AJAX call using the .ajax() method: $.ajax({ Specify the URL to send the request to. In this case, we're sending the request to the HTML file: url: "Content.htm", Define the callback function for successful execution of the AJAX call: success: function(data) { The HTML response from the server is received in the data parameter in the preceding callback function. Clear the contents of the containing div area to remove the button control and append the received HTML response: $("#contentArea").html("").append(data); } }); }); Thus, the complete jQuery solution is as follows: <script language="javascript" type="text/javascript"> $(document).ready(function() { $.ajaxSetup({ cache: false, dataType: "html", error: function(xhr, status, error) { alert('An error occurred: ' + error); }, timeout: 30000, type: "GET", beforeSend: function() { console.log('In Ajax beforeSend function'); }, complete: function() { console.log('In Ajax complete function'); } }); $("#btnSubmit").click(function(e) { e.preventDefault(); $.ajax({ url: "Content.htm", success: function(data) { $("#contentArea").html("").append(data); } }); }); }); </script> How it works… Run the web form. Click on the button to initiate the AJAX request. You will see that the page content is updated without any visible page refresh as follows:

In order to create the file management software for our website, we need to consider topics such as a single or multi-file upload, file system management, and image manipulation in the case of photos. In addition to this we will cover creation of pages for displaying the user's photo albums, their friends' photo albums, as well as a few data management pages. What's the problem? Apart from the standard infrastructure issues that we have to consider when building a system such as this, one of the core issues in any web-based file management system is file upload. As we all know, most server side technologies allow only one file to be uploaded at a time and ASP.NET is no different. And while we could easily buy a third-party plug-in to handle multiple files at once, we decided to provide for options to upload the files either via Silverlight or via Flash. Once we get our file upload process working we are only one-third of the way there! As we are going to be mostly concerned with uploading images, we need to consider that we will need to provide some image manipulation. With each file that is uploaded to our system we need to create a handful of different sizes of each image to be used in various scenarios across our site. To start with, we will create thumbnail, small, medium, large, and original size photos. Now while creating different size files is technically working with the file storage system, we wanted to take an extra breath with regards to the file storage concepts. We can choose to store the files on the file system or in a database. For avatars it made sense to store each with the profile data whereas for image galleries it makes more sense to store the file on the file system. While storing files to the file system we need to be very cautious as to how the file structure is defined and where and how the individual files are stored. In our case we will use system-generated GUIDs as our file names with extensions to define the different sizes that we are storing. We will dig into this more as we start to understand the details of this system. Once we have uploaded the files to the server and they are ready for our use across the system, we will take up the concept of user files versus system files. If we build the system with some forethought regarding this topic we can have a very generic file management system that can be extended for future use. We will build a personal system in this article. But as you will see with some flags in just the right places, we could just as easily build a system file manager or a group file manager. Design Let's take a look at the design for this feature. Files For our site, as we are not storing our files in the database, we need to take a closer look at what actually needs to be managed in the database so as to keep track of what is going on in the file system. In addition to standard file metadata, we need to keep a close eye on where the file actually lives—specifically which file system folder (directory on the hard drive) the file will reside in. We also need to be able to maintain which accounts own which files, or in the case of system files, which files can be viewed by anyone. Folders You may be wondering why we have a separate section regarding folders when we just touched upon the fact that we will be managing which file system folder we will be storing files in. In this section we are going to discuss folder management from a site perspective rather than a file system perspective—user folders or virtual folders if you desire. Very similar to file storage, we will be storing various metadata about each folder. We will also have to keep track of who owns which folder, who can see which folder, or in the case of system folders whether everyone can see that folder. And of course as each folder is a virtual container for a file, we will have to maintain the relationship between folders and files. File upload The file upload process will be handled by a Silverlight/Flash client. While this is not really an article about either Silverlight or Flash, we will show you how simple it is to create this Flash client, that is really just providing a way to store many files that need to be uploaded, and then uploading them one at a time in a way that the server can handle each file. For the Silverlight option, we are using code from Codeplex—http://silverlightfileupld.codeplex.com/. File system management Managing the file system may seem like a non-issue to begin with. However, keep in mind that for a community site to be successful we will need at least 10,000 or so unique users. Given that sharing photos and other files is such a popular feature of most of today's community sites, this could easily translate into a lot of uploaded files. While you could technically store a large number of files in one directory on your web server, you will find that over time your application becomes more and more sluggish. You might also run into files being uploaded with the same name using this approach. Also, you may find that you will have storage issues and need to split off some of your files to another disk or another server. Many of these issues are easily handled if we think about and address them up front. In our case we will use a unique file name for each uploaded file. We will store each file in subdirectories that are also uniquely named based on the year and month in which the file was uploaded. If you find that you have a high volume of files being uploaded each day, you may want to store your files in a folder with the year and month in the name of the folder and then in another subdirectory for each day of that month. In addition to a good naming convention on the file system, we will store the root directory for each file in the database. Initially you may only have one root for your photos, one for videos, and so on. But storing it now will allow you to have multiple roots for your file storage—one root location per file. This gives you a lot of extensibility points over time meaning that you could easily relocate entire sections of your file gallery to a separate disk or even a separate server. Data management screens Once we have all of the infrastructure in place we will need to discuss all the data management screens that will be needed—everything from the UI for uploading files to the screens for managing file metadata, to screens for creating new albums. Then we will need to tie into the rest of the framework and allow users to view their friends' uploaded file albums. The solution Let's take a look at our solution. Implementing the database First let's take a look at the tables required for these features (see the following screenshot). Files The most important thing to consider storing while in the database is of course our primary interest files. As with most other conversations regarding a physical binary file we always have to consider if we want to store the file in the database or on the file system. In this case we think it makes sense to store the file (and in the case of a photo, its various generated sizes) on the file system. This means that we will only be storing metadata about each file in our database. The most important field here to discuss is the FileSystemName. As you can see this is a GUID value. We will be renaming uploaded files to GUIDs in addition to the original extension. This allows us to ensure that all the files in any given folder are uniquely named. This removes the need for us to have to worry about overwriting other files. Then we see the FileSystemFolderID. This is a reference to the FileSystemFolders table, that lets us know the root folder location where the file is stored. Next on our list of items to discuss is the IsPublicResource flag. By its name it is quite clear that this flag will set a file as public or private and can therefore be seen by all or by its owner (AccountID). We then come to a field that may be somewhat confusing: DefaultFolderID. This has nothing to do with the file system folders. This is a user created folder. When files are uploaded initially they are put in a virtual folder. That initial virtual folder becomes the file's permanent home. This doesn't mean that it is the file's only home. As you will see later we have the concept that files can live in many virtual folders by way of subscription to the other folders. File system folders As mentioned previously, the FileSystemFolders table is responsible for letting us know where our file's root directory is. This allows us to expand our system down the road to have multiple roots, that could live on the same server but different disks, or on totally different servers. The fields in the table are Key, Path (URL), and a Timestamp. File types The FileTypes table will help us to keep track of what sort of files we are storing and working with. This is a simple lookup table that tells us the extension of a given file. Folders Folders are virtual in this case. They provide us with a way to specify a container of files. In our case we will be containing photos, in which case folders will act as photo albums. The only field worth explaining here is the flag IsPublicResource, which allows us to specify whether a folder and its resources are public or private, that is, viewable by all or viewable only by the owner. Folder types The FolderTypes table allows us a way to specify the type of folder. Currently this will simply be Name, photos, movies, and so on. However, down the road you may want to specify an icon for each folder type in which case this is the place where you would want to assign that specification. Account folders In the AccountFolders table we are able to specify additional ownership of a folder. So in the case that a folder is a public resource and external resources can own folders, we simply create the new ownership relationship here. This is not permanent ownership. It is still specified with the Folders table's AccountID. This is a temporary ownership across many Accounts. As you can see in the previous screenshot we have the owner (AccountID) and the folder that is to be owned (FolderID). Account files Similar to the AccountFolders table, the AccountFiles table allows someone to subscribe to a specific file. This could be used for the purposes of Favorites or similar concepts. The makeup of this table is identical to AccountFolders. You have the owner and the file being owned. Folder files The FolderFiles table allows an Account to not only subscribe to a file, similar to the Favorites concept, but it also allows a user to take one of my files and put it into one of their folders as though the file itself belonged to them. As you can see in the previous screenshot this is primarily a table that holds the keys to the other tables. We have the FolderID, FileID, and AccountID for each file. This clearly specifies who is taking ownership of what and where they want it to be placed. Creating the relationships Once all the tables are created we can then create all the relationships. For this set of tables we have relationships between the following tables: Files and FileSystemFolders Files and FileTypes Files and Folders Files and Accounts Folders and Accounts Folders and FolderTypes AccountFolders and Accounts AccountFolders and Folders AccountFiles and Accounts AccountFiles and Files FolderFiles and Accounts FolderFiles and Folders FolderFiles and Files

  Open Text Metastorm ProVision® 6.2 Strategy Implementation Create and implement a successful business strategy for improved performance throughout the whole enterprise         Read more about this book       (For more resources on this subject, see here.) Recently, I had a meeting with the directors of a major household brand. They had just finished completing a strategic review of the business, which had been signed off by the board. They had numerous stakeholders to satisfy, and naturally the final result was a compromise, which was reached after months of meetings. I was with an experienced business coach who asked the CEO, "So, how will you know if you have succeeded?". The CEO had difficulty in answering the question. One of his senior managers in the room jumped to his rescue: "Oh, we are working out what we want to measure. We have agreed on some of the measures, but haven't yet put any numbers against them." The coach asked: "How do people in the organization feel about the new strategy?" The manager replied saying, "It's a good question. There are a lot of people who feel that it was a waste of time and they just want to get back to the real work. We have a team of very passionate and committed people, but they see strategy as navel gazing." We realized that the strategy was doomed. It seems logical to define the goals and then identify the measures. In practice, it is often easier to do it the other way round, even though that is counter-intuitive. First, define the measures of success and then articulate these measures as goals. The employees were right to be dubious. There are various ways to create, read, update, and delete information. These solutions fall into two major approaches—drawing and modeling. Drawing is still the approach adopted by many organizations because it is cheaper. Most companies that have considered using ProVision® have Microsoft Visio installed on every user desktop. As far as a project manager is concerned, Visio is a free resource. The project manager doesn't need to ask for funds, and if they do, then the manager will ask why they aren't using Visio. This article explains the limitations of drawing and why modeling is best practice and essential to support a sustainable strategy. The reader can use this information to make their business case compelling and get the funds that they need to do the job properly. Areas covered also include: The benefits of moving to a central repository. (What needs to be stored and how users can access it.) Are we building architecture or doing design? (The importance of language in getting your message across.) Better decisions now. (The purpose and notion of good enough architecture.) ProVision® and Metastorm BPM. (Is this Metastorm's unique selling point?) The benefits of moving to a central repository It is important to understand the difference between a drawing tool and a visual relational database such as ProVision®. The outputs can look identical. Because drawing tools are so much cheaper, why would you invest in ProVision®? There are a number of drawing packages available, Microsoft Visio is the key player in this market. It is a drawing package that is optimized for business diagrams. Modelers can select pre-built stencils to create models rapidly. As Visio is often installed already, it is the tool of choice of many business analysts. Designed to scale If all you need to do is visually represent an aspect of a business, then there is nothing wrong with Visio. However, its limitations soon become apparent. To understand the key differences, I need to explain some basic concepts about ProVision®. These concepts are the reason why you can manage hundreds of models in ProVision®. It has been designed to scale. The core concepts are: Object Link Model Notebook/File Repository Object ProVision® uses objects to represent business concepts. Everything you see—a role, system, process, or a goal is an object. Every object has a name and an icon. After that, it is up to you how much more detail you want to add. All objects can have associations with other objects. These associations will vary, according to the type of object. Link A link is a special type of object. It is displayed as a line that connects two objects. You can modify the way the line displays, that is, change its color, thickness, or arrow shape. Links appear in their own area in the object inventory. Some types of link can have a payload (a deliverable) and events associated with them. For example, the link between two activities is called a workflow link. This link can display the deliverable that is passed as an output from one activity to the other. It can also display the event that triggers the deliverable. Both deliverables and events are optional. In many cases, it is obvious what the deliverable or event would be. To distinguish between an event and a deliverable, ProVision® places the name of the event inside double quotation marks. In the example shown in the following figure, once the event named "Model ready to review" is triggered, the deliverable called Draft Model becomes the input for the Review Model activity: Model A model is a special kind of object that contains other objects. Every model must have an object that is designated as the subject of the model. ProVision® provides three types of model—hierarchical, non-hierarchical, and navigator. Hierarchical models typically allow only one object type to appear. For example, a Systems model can be used to create only the hierarchical relationships of systems. No other object type can be added. Even if you create a custom object, you will not be permitted to add it to a hierarchical model. Non-hierarchical models permit more than one object type to appear, so that you can show predefined relationships other than parent-child relationships between these objects. For example, a Systems Interaction model will allow you to demonstrate relationships between systems and hardware. The Navigator model is a special model that you can use when you are unable to express the relationships that you want using one of the other model types. You can use virtually any object type on a Navigator model. This is both its strength and weakness. As any object can be used, you can become overwhelmed by the choices. The Navigator model is the only model type that allows you to display models as well as objects. By default, these display as thumbnails of the full model. In the following example, a Navigator model shows a thumbnail of the Approval Process workflow model. The subject of the workflow model is the activity called Approval Process. It has been placed to the right to demonstrate the difference. The Navigator model has one more purpose. You can use it to visually express indirect relationships. For example, a goal may be realized by delivering a product or service to a customer group. The product requires processes. Each process decomposes down into a series of activities, some of which might require certain computer systems to be in a running state. There is no direct relationship between the goal and the computer system. There is an indirect relationship, which you can visualize using a Navigator model. Notebook and file Objects, links, and models are stored in Notebooks. If you think of a Notebook as a physical book, then the models are equivalent to chapters. Each model tells a story. Inside each story, there are words. Objects are equivalent to words. Links create phrases. Several Notebooks can be stored together. They share a common modeling language that changes the look and feel of objects, links, and models. Other than that, each Notebook is independent. So, it is possible to have two objects in different notebooks that have the same name and type but are completely different. Objects and models can be dragged from one Notebook to another. You can save a Notebook under a different name and thus use the first Notebook as a template for the second. A File is the logical equivalent of a Notebook. The main difference is that a File can be saved anywhere on a computer and then e-mailed or copied onto a memory stick for transfer. So, Files are used to share and exchange Notebooks with other users. Only one Repository can be open at any one time. Only one Notebook can be open within the Repository. In the example shown in the next diagram, the Sample Repository appears in bold writing to highlight that it is open. Also, the PackT Notebook has a different icon to distinguish that it is the Notebook being viewed. Repository All Notebooks are stored in Repositories. A Repository can contain many Notebooks (in practice most users would be unlikely to have more than 50, and typically around 10). The modeling language is associated with a Repository, and once it is made the default language, it changes the names, look and feel of all objects, links, and models, irrespective of which Notebook they are in. In the following example, the Sample Repository is bold to indicate that it is open. The POC Repository has a world icon to represent that it is stored on a remote server and accessed via Knowledge Exchange®. By contrast, local Repositories have a pyramid icon. Now that you have understood these basic concepts, let's see how ProVision® varies from a drawing package such as Visio.

jQuery 1.4 Animation Techniques: Beginners Guide Quickly master all of jQuery’s animation methods and build a toolkit of ready-to-use animations using jQuery 1.4 The animate method All custom animations with jQuery are driven with the animate() method. Despite the ability to animate almost any style property that has a numeric value, the method is simple to use and takes just a few arguments. The method may be used in the following way: jQuery(elements).animate(properties to animate, [duration], [easing], [callback] ); The first argument should take the form of an object where each property of the object is a style that we'd like to animate, very similar to how we would use jQuery's css() method. As I mentioned before, this can be any CSS style that takes a purely numerical argument (with the exception of colors, although with the jQuery UI library we can animate colors as well. Background positions cannot be animated by jQuery natively, but it is quite easy to animate this property manually. Per-property easing As of the 1.4 version of jQuery, we can apply different types of easing to each style property we are animating when using the animate() method. So if we are animating both the width and height of an element for example, we can use linear easing for the width animation, and swing easing for the height animation. This applies to the standard easing functions built into jQuery To supply easing types to the animate() method on a per-property basis, we need to provide an array as the value of the property we are animating. This can be done using the following syntax: jQuery(elements).animate({ property: [value, easingType] }); An alternative syntax for animate() Instead of using the duration, easing, and callback arguments individually, we may alternatively pass a configuration object to the animate() method containing the following configuration options: duration easing complete step queue specialEasing The first three options are the same as the arguments would be if we passed them into the method in the standard way. The last three are interesting, however, in that we do not have access to them in any other way. The step option allows us to specify a callback function that will be executed on each step of the animation. The queue option accepts a Boolean that controls whether the animation is executed immediately or placed into the selected element's queue. The specialEasing option allows us to specify an easing function for each individual style property that is being animated, giving us easing on a per-property basis using the alternative syntax. The pattern for this second method of usage is as follows: jQuery(elements).animate(properties to animate, [configuration options]); Like most (but not all) jQuery methods, the animate() method returns a jQuery object so that additional methods can be chained to it. Like the other effect methods, multiple calls to animate() on the same element will result in an animation queue being created for the element. If we want to animate two different style properties at the same time, we can pass all required properties within the object passed to the animate() method as the first argument. Animating an element's position The animate() method is able to animate changes made to any CSS style property that has a numeric value, with the exception of colors and background-positions. In this example, we'll create a content viewer that shows different panels of content by sliding them in and out of view using the animate() method. This type of widget is commonly used on portfolio or showcase sites and is an attractive way to show a lot of content without cluttering a single page. In this example, we'll be animating the element's position. Time for action – creating an animated content viewer We'll start again by adding the underlying markup and styling. The underlying markup for the content viewer should be as follows: <div id="slider"> <div id="viewer"> <img id="image1" src="img/amstrad.jpg" alt="Amstrad CPC 472"> <img id="image2" src="img/atari.jpg" alt="Atari TT030"> <img id="image3" src="img/commodore16.jpg" alt="Commodore 64"> <img id="image4" src="img/commodore128.jpg" alt="Commodore 128"> <img id="image5" src="img/spectrum.jpg" alt="Sinclair ZX Spectrum +2"> </div> <ul id="ui"> <li class="hidden" id="prev"> <a href="" title="Previous">&laquo;</a></li> <li><a href="#image1" title="Image 1" class="active">Image 1</a></li> <li><a href="#image2" title="Image 2">Image 2</a></li> <li><a href="#image3" title="Image 3">Image 3</a></li> <li><a href="#image4" title="Image 4">Image 4</a></li> <li><a href="#image5" title="Image 5">Image 5</a></li> <li class="hidden" id="next"> <a href="" title="Next">&raquo;</a></li> </ul> </div> Save the file as animate-position.html. Next we should create the base CSS. By that I mean that we should add the CSS which is essential for the content-viewer to function as intended, as opposed to styling that gives the widget a theme or skin. It's good practice to separate out the styling in this way when creating plugins so that the widget is compatible with jQuery UI's Themeroller theming mechanism. In a new file in your text editor add the following code: #slider { width:500px; position:relative; } #viewer { width:400px; height:300px; margin:auto; position:relative; overflow:hidden; } #slider ul { width:295px; margin:0 auto; padding:0; list-style-type:none; } #slider ul:after { content:"."; visibility:hidden; display:block; height:0; clear:both; } #slider li { margin-right:10px; float:left; } #prev, #next { position:absolute; top:175px; } #prev { left:20px; } #next { position:absolute; right:10px; } .hidden { display:none; } #slide { width:2000px; height:300px; position:absolute; top:0; left:0; } #slide img { float:left; } #title { margin:0; text-align:center; } Save this in the css folder as animate-position.css, and don't forget to link to the new stylesheet from the <head> of our page. Run the page in your browser now, before we get into the scripting, so that you can see how the widget behaves without the accompanying script. You should find that any image can be viewed by clicking its corresponding link using only CSS, and this will work in any browser. The previous and next arrows are hidden with our CSS because these will simply not work with JS turned off and the image titles are not displayed, but the widget's core functionality is still fully accessible. What just happened? The underlying HTML in this example is very straightforward. We have an outer container for the content-viewer as a whole, then within this, we have a container for our content panels (simple images in this example) and a navigation structure to allow the different panels to be viewed. Some of the elements we've added style rules for in our CSS file aren't hardcoded into the underlying markup but will be created as necessary when needed. Doing it this way ensures that the content-viewer is still usable even when the visitor has JavaScript disabled. One important point to note is that the #slide wrapper element that we create and wrap around the images has a height equal to a single image and a width equal to the sum of all image widths. The #viewer element, on the other hand, has both a width and a height equal to a single image so that only one image is visible at any one time. With JavaScript disabled, the images will appear to stack up on top of each other, but once the #slide wrapper element has been created the images are set to float in order to stack up horizontally. We'll use easing in this example, so be sure to link to the easing plugin directly after the jQuery reference at the end of the <body>: <script src="js/jquery.easing.1.3.js"></script>

  jQuery 1.4 Animation Techniques: Beginners Guide Quickly master all of jQuery’s animation methods and build a toolkit of ready-to-use animations using jQuery 1.4         Read more about this book       (For more resources on jQuery, see here.) Time for action – adding a new skin At the bottom of the animate-position.css file, add the following code: a { outline:0 none; }#slider { border:1px solid #999; -moz-border-radius:8px; -webkit-border-radius:8px; border-radius:8px; background-color:#ededed; -moz-box-shadow:0px 2px 7px #aaa; -webkit-box-shadow:0px 2px 7px #aaa; box-shadow:0px 2px 7px #aaa;}#title, #slider ul { margin-top:10px; margin-bottom:12px; }#title { font:normal 22px "Nimbus Sans L", "Helvetica Neue", "Franklin Gothic Medium", Sans-serif; color:#444;}#viewer { border:1px solid #999; background-color:#fff; }#slider ul { width:120px; }#slider ul li a { display:block; width:10px; height:10px; text-indent:-5000px; text-decoration:none; border:2px solid #666; -moz-border-radius:17px; -webkit-border-radius:17px; border-radius:17px; background-color:#fff; text-align:center;}#slider #prev, #slider #next { margin:0; text-align:center; }#slider #prev { left:10px; }#slider #prev a, #slider #next a { display:block; height:28px; width:28px; line-height:22px; text-indent:0; border:1px solid #666; -moz-border-radius:17px; -webkit-border-radius:17px; border-radius:17px; background-color:#fff;}#prev a, #next a { font:bold 40px "Trebuchet MS"; color:#666; }#slider ul li a.active { background-color:#F93; } What just happened? With this code we style all of the visual aspects of the widget without interfering with anything that controls how it works. We give it some nice rounded corners and add a drop-shadow to the widget, turn the numeric links into little clickable icons, and style the previous and next links. Colors and fonts are also set in this section as they too are obviously highly dependent on the theme. These styles add a basic, neutral theme to the widget, as shown in the following screenshot: The styles we used to create the theme are purely arbitrary and simply for the purpose of the example. They can be changed to whatever we need in any given implementation to suit other elements on the page, or the overall theme of the site. Have a go hero – making the image viewer more scalable In our animated content viewer, we had a fixed number of images and a hardcoded navigation structure to access them. Extend the content viewer so that it will work with an indeterminate number of images. To do this, you will need to complete the following tasks: Determine the number of images in the content viewer at run time and set the width of the #slide wrapper element based on the number of images Build the navigation links dynamically based on the number of images Create the details object dynamically based on the number of images and set the correct left properties to show each image Animating an element's size Almost any style property that contains a purely numeric value may be animated with the animate() method. We looked at animating an element's position by manipulating its left style property, so let's move on to look at animating an element's size by manipulating its height and width style properties. In this example, we'll create image wrappers that can be used to display larger versions of any images on the page by manipulating the element's size. Time for action – creating the underlying page and basic styling First, we'll create the underlying page on which the example will run. Add the following HTML to the <body> of our template file: <article> <h1>The Article Title</h1> <p><img id="image1-thumb" class="expander" alt="An ASCII Zebra" src="img/ascii.gif" width="150" height="100">Lorem ipsum dolor...</p> <p><img id="image2-thumb" class="expander" alt="An ASCII Zebra" src="img/ascii2.gif" width="100" height="100">Lorem ipsum dolor...</p></article> Save the example page as animate-size.html. We'll keep the styling light in this example; in a new file in your text editor, add the following code: article { display:block; width:800px; margin:auto; z-index:0; font:normal 18px "Nimbus Sans L", "Helvetica Neue", "Franklin Gothic Medium", sans-serif;}article p { margin:0 0 20px; width:800px; font:15px Verdana, sans-serif; line-height:20px;}article p #image2-thumb { float:right; margin:6px 0 0 30px; }img.expander { margin:6px 30px 1px 0; float:left; }.expander-wrapper { position:absolute; z-index:999; }.expander-wrapper img { cursor:pointer; margin:0; position:absolute;}.expander-wrapper .expanded { z-index:9999; } Save this file as animate-size.css in the css folder. What just happened? The HTML could be any simple blog post consisting of some text and a couple of images. The points to note are that each image is given an id attribute so that it can be easily referenced, and that each image is actually the full-sized version of the image, scaled down with width and height attributes. The styles used are purely to lay out the example; very little of the code is actually required to make the example work. The expander-wrapper styles are needed to position the overlaid images correctly, but other than that the styling is purely arbitrary. We're floating the second image to the right. Again this isn't strictly necessary; it's used just to make the example a little more interesting. Time for action – defining the full and small sizes of the images First we need to specify the full and small sizes of each image: var dims = { image1: { small: { width: 150, height: 100 }, big: { width: 600, height: 400 } }, image2: { small: { width: 100, height: 100 }, big: { width: 400, height: 400 } }},webkit = ($("body").css("-webkit-appearance") !== "" && $("body").css("-webkit-appearance") !== undefined) ? true : false; What just happened? We create an object which itself contains properties matching each image's filename. Each property contains another nested object which has small and big properties and the relevant integers as values. This is a convenient way to store structured information that can easily be accessed at different points in our script. We also create a variable called webkit. There is a slight bug in how images floated to the right are treated in Webkit-based browsers such as Safari or Chrome. This variable will hold a Boolean that will indicate whether Webkit is in use. A test is performed which tries to read the -webkit-appearance CSS property. In Webkit browsers, the test will return none as the property is not set, but other browsers will either return an empty string or the value undefined.

  Linux Shell Scripting Cookbook Solve real-world shell scripting problems with over 110 simple but incredibly effective recipes  In this article, we took a look at some tips and tricks on working with Linux shell script.    Successful and unsuccessful command Tip: When a command returns after error, it returns a non-zero exit status. The command returns zero when it terminates after successful completion. Return status can be read from special variable $? (run echo $? immediately after the command execution statement to print the exit status). Fork bomb :(){ :|:& };: Tip: This recursive function is a function that calls itself. It infinitely spawns processes and ends up in a denial of service attack. & is postfixed with the function call to bring the subprocess into the background. This is a dangerous code as it forks processes and, therefore, it is called a fork bomb. You may find it difficult to interpret the above code. See Wikipedia page http://en.wikipedia.org/wiki/Fork_bomb for more details and interpretation of the fork bomb. It can be prevented by restricting the maximum number of processes that can be spawned from the config file /etc/security/limits.conf. Specify -maxdepth and –mindepth as the third argument Tip: -maxdepth and –mindepth should be specified as the third argument to the find. If they are specified as the fourth or further arguments, it may affect the efficiency of the find as it has to do unnecessary checks (for example, if –maxdepth is specified as the fourth argument and –type as the third argument, the find command first finds out all the files having the specified –type and then finds all of the matched files having the specified depth. However, if the depth were specified as the third argument and –type as the fourth, find could collect all the files having at most the specified depth and then check for the file type, which is the most efficient way of searching. -exec with multiple commands Tip: We cannot use multiple commands along with the –exec parameter. It accepts only a single command, but we can use a trick. Write multiple commands in a shell script (for example, commands.sh) and use it with –exec as follows: -exec ./commands.sh {} ; -n option for numeric sort Tip: Always be careful about the -n option for numeric sort. The sort command treats alphabetical sort and numeric sort differently. Hence, in order to specify numeric sort the –n option should be provided. The ## operator Tip: The ## operator is more preferred over the # operator to extract an extension from a filename since the filename may contain multiple '.' characters. Since ## makes greedy match, it always extract extensions only. Recursively search many files Tip: To recursively search for a text over many directories of descendants use: $ grep "text" . -R -n This is one of the most frequently used commands by developers. It is used to find the file of source code in which a certain text exists. Placing variable assignments Tip: Usually, we place initial variable assignments, such as var=0; and statements to print the file header in the BEGIN block. In the END{} block, we place statements such as printing results and so on. -d argument Tip: The -d argument should always be given in quotes. If quotes are not used, & is interpreted by the shell to indicate this should be a background process. Excluding a set of files from archiving Tip: It is possible to exclude a set of files from archiving by specifying patterns. Use --exclude [PATTERN] for excluding files matched by wildcard patterns. For example, to exclude all .txt files from archiving use: $ tar -cf arch.tar * --exclude "*.txt" Note that the pattern should be enclosed in double quotes. Using cpio command for absolute paths Tip: By using cpio, we can also archive using files as absolute paths. /usr/somedir is an absolute path as it contains the full path starting from root (/). A relative path will not start with / but it starts the path from the current directory. For example, test/file means that there is a directory test and the file is inside the test directory. While extracting, cpio extracts to the absolute path itself. But incase of tar it removes the / in the absolute path and converts it as relative path. PATH format Tip: For the PATH format, if we use / at the end of the source, rsync will copy contents of that end directory specified in the source_path to the destination. If / not at the end of the source, rsync will copy that end directory itself to the destination. / at the end of destination_path Tip: If / is at the end of destination_path, rsync will copy the source to the destination directory. If / is not used at the end of the destination path, rsync will create a folder, named similar to the source directory, at the end of the destination path and copy the source into that directory. wait command Tip: The wait command enables a script to be terminated only after all its child process or background processes terminate or complete. First argument of the sftp command Tip: -oPort should be the first argument of the sftp command. Running du DIRECTORY Tip: Running du DIRECTORY will output a similar result, but it will show only the size consumed by subdirectories. However, they do not show the disk usage for each of the files. For printing the disk usage by files, -a is mandatory. du DIRECTORY commands traversal Tip: du can be restricted to traverse only a single file system by using the –x argument. Suppose du DIRECTORY is run, it will traverse through every possible subdirectory of DIRECTORY recursively. A subdirectory in the directory hierarchy may be a mount point (for example, /mnt/sda1 is a subdirectory of /mnt and it is a mount point for the device /dev/sda1). du will traverse that mount point and calculate the sum of disk usage for that device filesystem also. In order to prevent du from traversing and to calculate from other mount points or filesystems, use the -x flag along with other du options. du –x / will exclude all mount points in /mnt/ for disk usage calculation. Use an absolute path for the executable Tip: An executable binary of the time command is available at /usr/bin/time as well as a shell built-in named time exists. When we run time, it calls the shell built-in by default. The shell built-in time has limited options. Hence, we should use an absolute path for the executable (/usr/bin/time) for performing additional functionalities. -x argument Tip: The -x argument along with -a specifies to remove the TTY restriction imparted, by default, by ps. Usually, using ps without arguments prints processes that are attached to terminal only. Parameters for -o Tip: Parameters for -o are delimited by using the comma (,) operator. It should be noted that there is no space in between the comma operator and next parameter. Mostly, the -o option is combined with the -e (every) option (-oe) since it should list every process running in the system. However, when certain filters are used along with –o, such as those used for listing the processes owned by specified users, -e is not used along with –o. Usage of -e with a filter will nullify the filter and it will show all process entries. pgrep command Tip: pgrep requires only a portion of the command name as its input argument to extract a Bash command, for example, pgrep ash or pgrep bas will also work. But ps requires you to type the exact command. apropos Tip: Sometimes we need to search if some command related to a word exists. Then we can search the manpages for strings in the command. For this we can use: apropos COMMAND   In this article, we took a look at some tips and tricks on working with Linux shell script.Further resources on this subject: Linux Email [Book] Installing VirtualBox on Linux [Article] Linux Shell Script: Logging Tasks [Article] Linux Shell Script: Monitoring Activities [Article] Compression Formats in Linux Shell Script [Article] Making a Complete yet Small Linux Distribution [Article]

What is target scoping? Target Scoping is defined as an empirical process for gathering target assessment requirements and characterizing each of its parameters to generate a test plan, limitations, business objectives, and time schedule. This process plays an important role in defining clear objectives towards any kind of security assessment. By determining these key objectives one can easily draw a practical roadmap of what will be tested, how it should be tested, what resources will be allocated, what limitations will be applied, what business objectives will be achieved, and how the test project will be planned and scheduled. Thus, we have combined all of these elements and presented them in a formalized scope process to achieve the required goal. Following are the key concepts which will be discussed in this article: Gathering client requirements deals with accumulating information about the target environment through verbal or written communication. Preparing test plan depends on different sets of variables. These may include shaping the actual requirements into structured testing process, legal agreements, cost analysis, and resource allocation. Profiling test boundaries determines the limitations associated with the penetration testing assignment. These can be a limitation of technology, knowledge, or a formal restriction on the client's IT environment. Defining business objectives is a process of aligning business view with technical objectives of the penetration testing program. Project management and scheduling directs every other step of the penetration testing process with a proper timeline for test execution. This can be achieved by using a number of advanced project management tools. It is highly recommended to follow the scope process in order to ensure test consistency and greater probability of success. Additionally, this process can also be adjusted according to the given situation and test factors. Without using any such process, there will be a greater chance of failure, as the requirements gathered will have no proper definitions and procedures to follow. This can lead the whole penetration testing project into danger and may result in unexpected business interruption. Paying special attention at this stage to the penetration testing process would make an excellent contribution towards the rest of the test phases and clear the perspectives of both technical and management areas. The key is to acquire as much information beforehand as possible from the client to formulate a strategic path that reflects multiple aspects of penetration testing. These may include negotiable legal terms, contractual agreement, resource allocation, test limitations, core competencies, infrastructure information, timescales, and rules of engagement. As a part of best practices, the scope process addresses each of the attributes necessary to kickstart our penetration testing project in a professional manner. As we can see in the preceding screenshot, each step constitutes unique information that is aligned in a logical order to pursue the test execution successfully. Remember, the more information that is gathered and managed properly, the easier it will be for both the client and the penetration testing consultant to further understand the process of testing. This also governs any legal matters to be resolved at an early stage. Hence, we will explain each of these steps in more detail in the following section. Gathering client requirements This step provides a generic guideline that can be drawn in the form of a questionnaire to devise all information about target infrastructure from a client. A client can be any subject who is legally and commercially bounded to the target organization. Such that, it is critical for the success of the penetration testing project to identify all internal and external stakeholders at an early stage of a project and analyze their levels of interest, expectations, importance, and influence. A strategy can then be developed for approaching each stakeholder with their requirements and involvement in the penetration testing project to maximize positive influences and mitigate potential negative impacts. It is solely the duty of the penetration tester to verify the identity of the contracting party before taking any further steps. The basic purpose of gathering client requirements is to open a true and authentic channel by which the pentester can obtain any information that may be necessary for the testing process. Once the test requirements have been identified, they should be validated by a client in order to remove any misleading information. This will ensure that the developed test plan is consistent and complete. We have listed some of the commonly asked questions that can be used in a conventional customer requirements form and the deliverables assessment form. It is important to note that this list can be extended or shortened according to the goal of a client and that the client must retain enough knowledge about the target environment. Customer requirements form Collecting company's information such as company name, address, website, contact person details, e-mail address, and telephone number. What are your key objectives behind the penetration testing project? Determining the penetration test type (with or without specific criteria): Black-box testing or external testing White-box testing or internal testing Informed testing Uninformed testing Social engineering included Social engineering excluded Investigate employees background information Adopt employee's fake identity Denial of Service included Denial of Service excluded Penetrate business partner systems How many servers, workstations, and network devices need to be tested? What operating system technologies are supported by your infrastructure? Which network devices need to be tested? Firewalls, routers, switches, modems, load balancers, IDS, IPS, or any other appliance? Is there any disaster recovery plan in place? If yes, who is managing it? Are there any security administrators currently managing your network? Is there any specific requirement to comply with industry standards? If yes, please list them. Who will be the point of contact for this project? What is the timeline allocated for this project? In weeks or days. What is your budget for this project? List any other requirements as necessary. Deliverables assessment form What types of reports are expected? Executive reports Technical assessment reports Developer reports In which format do you want the report to be delivered? PDF, HTML, or DOC. How should the report be submitted? E-mail or printed. Who is responsible for receiving these reports? Employee Shareholder Stakeholder By using such a concise and comprehensive inquiry form, you can easily extract the customer requirements and fulfill the test plan accordingly. Preparing the test plan As the requirements have been gathered and verified by a client, it is now time to draw a formal test plan that should reflect all of these requirements, in addition to other necessary information on legal and commercial grounds of the testing process. The key variables involved in preparing a test plan are a structured testing process, resource allocation, cost analysis, non-disclosure agreement, penetration testing contract, and rules of engagement. Each of these areas will be addressed with their short descriptions below: Structured testing process: After analyzing the details provided by our customer, it may be important to re-structure the BackTrack testing methodology. For instance, if the social engineering service was excluded then we would have to remove it from our formal testing process. This practice is sometimes known as Test Process Validation. It is a repetitive task that has to be visited whenever there is a change in client requirements. If there are any unnecessary steps involved during the test execution then it may result in a violation of the organization's policies and incur serious penalties. Additionally, based on the test type there would be a number of changes to the test process. Such that, white-box testing does not require information gathering and target discovery phase because the auditor is already aware of the internal infrastructure. Resource allocation: Determining the expertise knowledge required to achieve completeness of a test is one of the substantial areas. Thus, assigning a skilled penetration tester for a certain task may result in better security assessment. For instance, an application penetration testing requires a dedicated application security tester. This activity plays a significant role in the success of penetration testing assignment. Cost analysis: The cost for penetration testing depends on several factors. This may involve the number of days allocated to fulfill the scope of a project, additional service requirements such as social engineering and physical security assessment, and the expertise knowledge required to assess the specific technology. From the industry viewpoint, this should combine a qualitative and quantitative value. Non-disclosure Agreement (NDA): Before starting the test process it is necessary to sign the agreement which may reflect the interests of both parties "client" and "penetration tester". Using such a mutual non-disclosure agreement should clear the terms and conditions under which the test should be aligned. It is important for the penetration tester to comply with these terms throughout the test process. Violating any single term of agreement can result in serious penalties or permanent exemption from the job. Penetration testing contract: There is always a need for a legal contract which will reflect all the technical matters between the "client" and "penetration tester". This is where the penetration testing contract comes in. The basic information inside such contracts focus on what testing services are being offered, what their main objectives are, how they will be conducted, payment declaration, and maintaining the confidentiality of a whole project. Rules of engagement: The process of penetration testing can be invasive and requires clear understanding of what the assessment demands, what support will be provided by the client, and what type of potential impact or effect each assessment technique may have. Moreover, the tools used in the penetration testing processes should clearly state their purpose so that the tester can use them accordingly. The rules of engagement define all of these statements in a more detailed fashion to address the necessity of technical criteria that should be followed during the test execution. By preparing each of these subparts of the test plan, you can ensure the consistent view of a penetration testing process. This will provide a penetration tester with more specific assessment details that has been processed from the client requirements. It is always recommended to prepare a test plan checklist which can be used to verify the assessmnt criteria and its underlying terms with the contracting party.