Monthly Archives

Articles indexed in March 2010

Page 1138/2613 | < Previous Page | 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 | Next Page >

Website Vulnerabilities

- by Ben Griswold

The folks at the Open Web Application Security Project publish a list of the top 10 vulnerabilities. In a recent CodeBrew I provided a quick overview of them all and spent a good amount of time focusing on the most prevalent vulnerability, Cross Site Scripting (XSS). I gave an overview of XSS, stepped through a quick demo (sorry vulnerable site), reviewed the three XSS variations and talked a bit about how to protect one’s site. References and reading materials were also included in the presentation and, look at that, they are provided here too. Open Web Application Security Project The OWASP Top Ten Vulnerabilities (pdf) OWASP List of Vulnerabilities The 56 Geeks Project by Scott Johnson ha.ckers.org OWASP XSS Prevention Cheat Sheet Wikipedia Is XSS Solvable?, Don Ankney The Anatomy of Cross Site Scripting, Gavin Zuchlinski

Read the article
Language Club

- by Ben Griswold

We started a language club at work this week. Thus far, we have a collective interest in a number of languages: Python, Ruby, F#, Erlang, Objective-C, Scala, Clojure, Haskell and Go. There are more but these 9 received the most votes. During the first few meetings we are going to determine which language we should tackle first. To help make our selection, each member will provide a quick overview of their favored language by answering the following set of questions: Why are you interested in learning “your” language(s). (There’s lots of work, I’m an MS shill, It’s hip and fun, etc) What type of language is it? (OO, dynamic, functional, procedural, declarative, etc) What types of problems is your language best suited to solve? (Algorithms over big data, rapid application development, modeling, merely academic, etc) Can you provide examples of where/how it is being used? If it isn’t being used, why not? (Erlang was invented at Ericsson to provide an extremely fault tolerant, concurrent system.) Quick history – Who created/sponsored the language? When was it created? Is it currently active? Does the language have hardware support (an attempt was made at one point to create processor instruction sets specific to Prolog), or can it run as an interpreted language inside another language (like Ruby in the JVM)? Are there facilities for programs written in this language to communicate with other languages? How does this affect its utility? Does the language have a IDE tool support? (Think Eclipse or Visual Studio) How well is the language supported in terms of books, community and documentation? What’s the number one things which differentiates the language from others? (i.e. Why is it cool?) How is the language applicability to us as consultants? What would the impact be of using the language in terms of cost, maintainability, personnel costs, etc.? What’s the number one things which differentiates the language from others? (i.e. Why is it cool?) This should provide an decent introduction into nearly a dozen languages and give us enough context to decide which single language deserves our undivided attention for the weeks to come. Stay tuned for the winner…

Read the article
Learn Lean Software Development and Kanban Systems

- by Ben Griswold

I did an in-house presentation on Lean Software Development (LSD) and Kanban Systems this week. Beyond what I had previously learned from various podcasts, I knew little about either topic prior to compiling my slide deck. In the process of building my presentation, I learned a ton. I found the concepts weren’t very difficult to grok; however, I found little detailed information was available online. Hence this post which is merely a list of valuable resources. Principles of Lean Thinking, Mary Poppendieck Lean Software Development, May Poppendieck Lean Programming, Mary Poppendieck Lean Software Development, Wikipedia Implementing Lean Software Thinking: From Concept to Cash, Poppendieck Lean Software Development Overview, Darrell Norton Lean Thinking: Banish Waste and Create Wealth in Your Corporation The Goal: A Process of Ongoing Improvement The Toyota Way Extreme Toyota: Radical Contradictions That Drive Success at the World’s Best Manufacturer Elegant Code Cast 17 – David Laribee on Lean / Kanban Herding Code Episode 42: Scott Bellware on BDD and Lean Development Seven Principles of Lean Software Development, Przemys?aw Bielicki Kanban Boards for Agile Project Management with Zen Author Nate Kohari Herding Code 55: Nate Kohari brings Your Moment of Zen James Shore on Kanban Systems Agile Zen Product Site A Leaner Form of Agile, David Laribee Kanban as Alternative Agile Implementation, Mark Levison Lean Software Development, Dr. Christoph Steindl Glossary of Lean Manufacturing Terms Why Pull? Why Kanban?, Corey Ladas

Read the article
Empty Postbacks on ASP.NET pages

- by AaronLS

We are having a problem that seems to only be a problem when accessing our websites from internal intranet machines. When logged into the domain, and accessing our websites, postbacks are not working. Basically the page behaves as if it were refreshed and nothing was changed. When logging the GETs and POSTs with an HTTP analyzer, the post is complete empty and the ContentLength is 0. It is also very sporadic, but seems to be happening fairly often. In the case where it failed, we could see that there was an extra item in the Header for the POST, it was "Authorization" and the value was the word "Negotiate " followed by a space and then a bunch of characters and two equal symbols at the end, which looked like some kind of base64 encoded value. In a case where it succeeded, this Authorization item was no in the header, but I have logged more than one successful cases to know if that is consistent. We have seen this occur only with IE8 so far, and when it occurs it is sometimes sporadic. I can close and open the browser and it will begin working sometimes, and other times it is still broken. What might be causing the postback to be empty? This means the viewstate is not sent to the server which makes the page basically broken. It seems to certainly be a client side issue, but not sure if it's not aggravated by some server settings. Thanks in advance.

Read the article
Windows 7 Missing Shortnames

- by Aaron Bush

I noticed that if you get a Scripting.File object from certain windows files (Example: any wav in C:\Windows\Media) the Scripting.File.ShortPath property shows the long path. Curious I dropped to the command prompt and tried Dir /A /X and sure enough the short paths were missing from all the files in that directory. Anyone know: A.) What that's all about? B.) How to get the short path of a file that doesn't seem to have one?

Read the article
Why won't this static_cast in C++ work?

- by samoz

When I try to use a static_cast to cast a double* to an int*, I get the following error: invalid static_cast from type ‘double*’ to type ‘int*’ Here is the code: #include <iostream> int main() { double* p = new double(2); int* r; r=static_cast<int*>(p); std::cout << *r << std::endl; } I understand that there would be problems converting between a double and an int, but why is there a problem converting between a double* and an int*?

Read the article
IDs necessary in update script not being stored (or even seen!?) (PHP MySQL)

- by Derek

Hi guys, I really need help with this one...have spent 3 hours trying to figure it out... Basically, I have 3 tables necessary for this function to work (the query and PHP)... Authors, Books and Users. An author can have many books, and a user can have many books - that's it. When the admin user selects to update a book, they are presented with a form, displaying the current data within the fields, very straight forward... However there is one tricky part, the admin user can change the author for a book (incase they make a mistake) and also change the user for which the book is associated with. When I select to update the single book information I am not getting any values what so ever for author_id or user_id. Meaning that when the user updates the book info, the associations with the user and author is being scrapped altogether (when before there was an association)... I cannot see why this is happening because I can clearly see the IDs for the users and authors for my option values (this is because they are in select dropdowns). Here is what my sql to retrieve the user ID is: SELECT user_id, name FROM users and then i have my select options which brings up all the users in the system: <label>This book belongs to:</label> <select name="name" id="name"> <option value="<?php echo $row['user_id']?>" SELECTED><?php echo $row['name']?> - Current</option> <?php while($row = mysql_fetch_array($result)) { ?> <option value="<?php echo $row['user_id']; if (isset($_POST['user_id']));?>"><?php echo $row['name']?></option> <?php } ?> In the presented HTML form, I can select the users (by name) and within the source code I can see the IDs (for the value) matching against the names of the users. Finally, in my script that performs the update, I have this: $book_id = $_POST['book_id']; $bookname = $_POST['bookname']; $booklevel = $_POST['booklevel']; $author_id = $_POST['author_id']; $user_id = $_POST['user_id']; $sql = "UPDATE books SET bookname= '".$bookname."', booklevel= '".$booklevel."', author_id='".$author_id."', user_id= '".$user_id."' WHERE book_id = ".$book_id; The result of this query returns no value for either author_id or user_id... Obviously in this question I have given the information for the user stuff (with the HTML being displayed) but im guessing that I have the same problem with authors aswell... How can I get these ID's passed to the script so that the change can be acknowledge!! :(

Read the article
Binding DynamicObject to a DataGrid with automatic column generation?

- by SeveQ

I'm still experimenting with DynamicObjects. Now I need some information: I'm trying to bind an object inheriting from DynamicObject to a WPF DataGrid (not Silverlight). How do I get the DataGrid to automatically create its columns from the available public properties of the object that are typically generated at runtime? Is that possible actually?

Read the article
Is loading libraries within models in CodeIgniter a good idea?

- by user281434

I'm using a customly created MySQL input sanitization library in one of my controllers, which makes a mess, using it in the model would be much easier, but I don't wan't to defy any best-practice principles out there either. So is it a good idea?

Read the article
Adding search for a private website

- by Vitor Py

I have a login-protected website. It's an internal application and it's not avaiable to the general public hence it's not indexed by any search engine. My application is developed on the Google App Engine. I would like to add a search engine but obviously without the need to public index it. There's any solution avaiable from Google/Bing/Others for a situation like this? Have you done this before? What solution did you chose and what are yours results?

Read the article
How to skip parentheses on Netbeans with enter?

- by nunos

So I have been programming in C++ with Eclipse and have the habit of hitting enter to skip parentheses (anyone who has ever used eclipse probably knows what I am talking about). I have recently started learning Java and decided to use NetBeans, mostly due to the much more simple interface. However, I would like to know if there a way to skip the (), [], < and "" on enter just like what happens in Eclipse in NetBeans. Thanks.

Read the article
Mapping a URL to a service inside a class library

- by johnk82swe

I'm developing a small content management solution than can be used in any ASP.NET 3.5 website. The website references some dll's and then lets the aspx's inherit my page baseclass. Some configuration in web.config is also needed, but thats it. Now I'm building a standalone Silverlight editor for the CMS. My idea is that it should communicate with the server using web services. But the question is how to make this service available to the editor? I don't want the website developers having to bother with it. If I used a REST API rather than SOAP I could just create an HttpHandler in my class library and let the website developers add a handler to it in web.config with the path "editor" and then the editor could communicate with that handler on mywebsite.com/editor. Is there any way to achieve the same with a asmx or wcf service? The important thing is that the website developers never have to set up any asmx files or anything. They should only have to specify a url and map that url to a service inside my class library. Thanks in advance!

Read the article
UIView subclass draws background despite completely empty drawRect: - why?

- by Pascal

So, I have a custom UIView subclass which enables drawing of rounded edges. The thing draws perfectly, however the background always fills the whole bounds, despite clipping to a path first. The border also draws above the rectangular background, despite the fact that I draw the border in drawRect: before the background. So I removed the whole content of drawRect:, which is now virtually empty - nevertheless the background gets drawn! Anybody an explanation for this? I set the backgroundColor in Interface Builder. Thanks!

Read the article
How to make a call to an executable from Python script?

- by fx

I need to execute this script from my Python script. Is it possible? The script generate some outputs with some files being written. How do I access these files? I have tried with subprocess call function but without success. fx@fx-ubuntu:~/Documents/projects/foo$ bin/bar -c somefile.xml -d text.txt -r aString -f anotherString >output The application "bar" also references to some libraries, it also creates some files besides the output. How do I get access to these files? Just by using open()? Thank you,

Read the article
What is the easiest way to have a local LAMP installation for web development on mac OS X ?

- by pixeline

I'm new to mac os x. In the Windows XP world, there are packages available, like easyPHP, wampserver, uniformserver, that enable you to have a local webserver complete with php, mysql configured via an automatic installer. Really handy. I need the same on my new mac. I know mac os x comes with a local webserver. Is this already with php, mysql preinstalled? I'd like to have you guys advise on the easiest way to have this local lamp so that i can continue developing on this nice and shiny machine. thanks!

Read the article
ListView FocusedItem Becomes NULL

- by Andy and Tyler

When the program runs, there is a series of ListView forms. We populated one of them with items (as strings) and we check whether the state of selection has changed. Once it's changed, we grab the text of the selected item using FocusedItem.Text. The first time works just fine but when another selection is made, the selected item returns as null. The only way we can temporarily get around this issue is to clear and repopulate the form. The disadvantage is that we lose the highlighted item. There got to be another way around this. Maybe we're not clear on how ListView really works? Any ideas?

Read the article
R: What are the best functions to deal with concatenating and averaging values in a data.frame?

- by John

I have a data.frame from this code: my_df = data.frame("read_time" = c("2010-02-15", "2010-02-15", "2010-02-16", "2010-02-16", "2010-02-16", "2010-02-17"), "OD" = c(0.1, 0.2, 0.1, 0.2, 0.4, 0.5) ) which produces this: > my_df read_time OD 1 2010-02-15 0.1 2 2010-02-15 0.2 3 2010-02-16 0.1 4 2010-02-16 0.2 5 2010-02-16 0.4 6 2010-02-17 0.5 I want to average the OD column over each distinct read_time (notice some are replicated others are not) and I also would like to calculate the standard deviation, producing a table like this: > my_df read_time OD stdev 1 2010-02-15 0.15 0.05 5 2010-02-16 0.3 0.1 6 2010-02-17 0.5 0 Which are the best functions to deal with concatenating such values in a data.frame?

Read the article
SNMP Broadcast on Windows

- by SNMP Dev

I'm writing an SNMP agent in windows. The agent responds fine simple get and get-next request sent directly to computer's ip address. But when I do a SNMP broadcast, the computer receives the packet but does not anwer that. Why is that? The firewall is off and the antivirus too.

Read the article
Server OS: put it on a separate drive? Yes, no, or depends on the situation?

- by captainentropy

Hi, I would like opinions, or facts, both preferably, on whether it's ok to install a server's OS on the RAID array or not. I would predict installation on separate drives is the best but I'm interested in the performance. The server in question will have 8 cores (2.4GHz ea.), 24GB RAM, and ~16TB of usable space of server-class drives in RAID10. There is also a subsytem of an ~equivalent size for backup. I will be running CPU/memory intesive applications on this server in addition to it being file storage for my work (research lab). IF I install the OS (haven't decided which one, probably Ubuntu or Fedora or some other good linux distro) on separate drives will there be any performance problems if they aren't configured in RAID10? IF it is better to have the OS on separate drives should I go for 150GB velociraptors in RAID1 or smallish SSD drives in RAID1? Money is unfortunately a factor as I think I'm close to maxing my budget as it is. Thanks!

Read the article
Retrieve MS SQL database or table structure in XML

- by clutch

Is there a way to export the database schema in well formed XML of a MS 2000 SQL Server. I'm looking for just the structure not the data and the more detailed the better. The XML may be used in a migration processes. I'm more familiar with MySQL then with SQL Server so please be detailed if you have time. Thanks

Read the article
Is ext4 ready for a production usage ?

- by Konstantin

Hi What do you think about ext4 filesystem in the production enviroment ? We are very close to launching our project that will use tens of millions quite often updated not very big files and we need to decide which FS to use. For a while our considerations about other linux FS are: Ext3 is rock stable, but not very well suited for handling millions small files XFS looks very nice, probably we'll use it ReiserFS ... well...vague future, who will end up fixing bugs ?

Read the article
MySQL Unique hash insertion

- by Jesse

So, imagine a mysql table with a few simple columns, an auto increment, and a hash (varchar, UNIQUE). Is it possible to give mysql a query that will add a column, and generate a unique hash without multiple queries? Currently, the only way I can think of to achieve this is with a while, which I worry would become more and more processor intensive the more entries were in the db. Here's some pseudo-php, obviously untested, but gets the general idea across: while(!query("INSERT INTO table (hash) VALUES (".generate_hash().");")){ //found conflict, try again. } In the above example, the hash column would be UNIQUE, and so the query would fail. The problem is, say there's 500,000 entries in the db and I'm working off of a base36 hash generator, with 4 characters. The likelyhood of a conflict would be almost 1 in 3, and I definitely can't be running 160,000 queries. In fact, any more than 5 I would consider unacceptable. So, can I do this with pure SQL? I would need to generate a base62, 6 char string (like: "j8Du7X", chars a-z, A-Z, and 0-9), and either update the last_insert_id with it, or even better, generate it during the insert. I can handle basic CRUD with MySQL, but even JOINs are a little outside of my MySQL comfort zone, so excuse my ignorance if this is cake. Any ideas? I'd prefer to use either pure MySQL or PHP & MySQL, but hell, if another language can get this done cleanly, I'd build a script and AJAX it too. Thanks!

Read the article
Insert rows into MySQL table while changing one value

- by Jonathan

Hey all- I have a MySQL table that defines values for a specific customer type. | CustomerType | Key Field 1 | Key Field 2 | Value | Each customer type has 10 values associated with it (based on the other two key fields). I am creating a new customer type (TypeB) that is exactly the same as another customer type (TypeA). I want to insert "TypeB" as the CustomerType but then just copy the values from TypeA's rows for the other three fields. Is there an SQL insert statement to make this happen? Somthing like: insert into customers(customer_type, key1, key2, value) values "TypeB" union select key1, key2, value from customers where customer_type = "TypeA" Thanks- Jonathan

Read the article
What is the best way to reject messages with the same body in AMQ queue?

- by archer

I have a single AMQ queue that receives simple messages with string body. Consider I'm sending CLSIDs as message bodies. CLSIDs could be not unique, but I'd like to reject all messages with not unique bodies and keep only single instance of such messages in the queue. Is there any simple way to do it? Currently I'm using a workaround. Messages from the queue are consumed by some processor that tries to insert bodies into a simple DB table with UNIQUE constraint applied to message_body field. If processor inserts the messages succesfuly - it's assigned to exchange.out.body and sent to other queue. If ConstraintViolationException is thrown - nothing is resent to other queue. I would like to know does AMQ support something similar out of the box?

Read the article
Is there a way to circumvent Python list.append() becoming progressively slower in a loop as the lis

- by Deniz

I have a big file I'm reading from, and convert every few lines to an instance of an Object. Since I'm looping through the file, I stash the instance to a list using list.append(instance), and then continue looping. This is a file that's around ~100MB so it isn't too large, but as the list grows larger, the looping slows down progressively. (I print the time for each lap in the loop). This is not intrinsic to the loop ~ when I print every new instance as I loop through the file, the program progresses at constant speed ~ it is only when I append them to a list it gets slow. My friend suggested disabling garbage collection before the while loop and enabling it afterward & making a garbage collection call. Did anyone else observe a similar problem with list.append getting slower? Is there any other way to circumvent this?

Read the article

< Previous Page | 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 | Next Page >