Daily Archives

Articles indexed Sunday January 30 2011

Page 8/9 | < Previous Page | 4 5 6 7 8 9  | Next Page >

• What do you do when a client requires Rich Text Editing on their website?

  - by George Stocker

  As we all know by now, XSS attacks are dangerous and really easy to pull off. Various frameworks make it easy to encode HTML, like ASP.NET MVC does: <%= Html.Encode("string"); %> But what happens when your client requires that they be able to upload their content directly from a Microsoft Word document? Here's the scenario: People can copy and paste content from Microsoft word into a WYSIWYG editor (in this case tinyMCE), and then that information is posted to a web page. The website is public, but only members of that organization will have access to post information to a webpage. What is the best way to handle this requirement? Currently there is no checking done on what the client posts (since only 'trusted' users can post), but I'm not particularly happy with that and would like to lock it down further in case an account is hacked. The platform in question is ASP.NET MVC. The only conceptual method that I'm aware of that meets these requirements is to whitelist HTML tags and let those pass through. Is there another way? If not, is the best way to let them store it in the Database in any form, but only display it properly encoded and stripped of bad tags? NB: The questions differ in that he only assumes there's one way. I'm also asking the following questions: 1. Is there a better way that doesn't rely on HTML Whitelists? 2. Is there a better way that relies on a different view engine? 3. Is there a WYSIWYG editor that includes the ability to whitelist on the fly? 4. Should I even worry about this since it will only be for 'private posting' (Much in the same way that a private blog allows HTML From the author, but since only he can post, it's not an issue)? Edit #2: If suggesting a WYSIWYG editor, it must be free (as in speech, or as in beer). Update: All of the suggestions thus far revolve around a specific Rich Text Editor to use: Only provide an editor as a suggestion if it allows for sanitization of HTML tags; and it fulfills the requirement of accepting pasted documents from a WYSIWYG Editor like Microsoft Word. There are three methods that I know of: 1. Not allow HTML. 2. Allow HTML, but sanitize it 3. Find a Rich Text Editor that sanitizes and allows HTML. The previous questions remain (1-4 above). Related Question Preventing Cross Site Scripting (XSS)

  Read the article

• Software Design for Product Verticals and Service Verticals

  - by Rachel

  In every industry there are two verticals Product Vertical and Service Vertical, so my question is: How does design approach changes while designing Software for Product Vertical as compared to developing Software for Service Vertical ? What are the pros and cons for each case ? Also, in case of Product Vertical, How you go about designing Product or Features and what are steps involved ? Lastly, I was reading How Facebook Ships Code article and it appears that Product Managers have very little influence on how Product is developed and responsibility lies mainly with the Developer for the feature. So is this good practice and why one would go for this approach ? What would be your comment on this kind of approach ?

  Read the article

• Reasons to Use a VM For Development

  - by George Stocker

  Background: I work at a start-up company, where one team uses Virtual Machines to connect to a remote server to do their development, and another team (the team I'm on) uses local IIS/SQL Server 2005/Visual Studio installations to conduct work. Team VM is located about 1000 miles from Team Non-VM, and the servers the VMs run off of are located near Team VM (Latency, for those that are wondering, is about 50ms). A person high in the company is pushing for Team Non-VM to use virtual machines for programming, development, and testing. The latter point we agree on -- we want Virtual Machines to test configurations and various aspects of the web application in a 'clean' state. The Problem: What we don't agree on is having developers using RDP to connect to a desktop remotely that contains Visual Studio, SQL Server, and IIS to do the same development we could do locally on our laptops. I've tried the VM set-up, and besides the color issue, there is a latency issue that is rather noticeable, not to mention that since we're a start-up, a good number of employees work from home on occasion with our work laptops, and this move would cut off the laptops. They'd be turned in. Reasons to Use Remote VMs for Development (Not Testing!): Here are the stated reasons that this person wants us to use VMs: They work for TeamVM. They keep the source code "safe". If we want to work from home, we could just use our home PCs. Licenses (I don't know what the argument is, only that it's been used). Reasons not to use Remote VMs for Development: Here are the stated reasons why we don't want to use VMs: We like working from home. We get a lot done on our own time. We're not going to use our Home PCs to do work related stuff. The Latency is noticeable. Support for the VMs (if they go down, or if we need a new VM) takes a while. We don't have administrative privileges on the VM, and are unable to change settings as needed. What I'm looking for from the community is this: What reasons would you give for not using VMs for development? Keep in mind these are remote VMs -- this isn't a VM running on a local desktop. It's using the laptop (or a desktop) as a thin client for a remote VM. Also, on the other side of the coin: Is there something we're missing that makes VMs more palatable for development? Edit: I think 'safe' is used in term of corporate espionage, or more correctly if the Laptop gets stolen, the person who stole would have access to our source code. The former (as we've pointed out, is always going to be a possibility -- companies stop that with litigation, there isn't a technical solution (so far as I can see)). The latter point is ( though I don't know its usefulness in a corporate scenario) mitigated by Truecrypt'ing the entire volume.

  Read the article

• You are or will be a laid off programmer - what do you do a year ago, right now, tomorrow, and next week?

  - by Adam Davis

  Many programmers, software engineers, and other technology professionals are out of work, facing layoffs, or are unprepared for layoffs though they feel secure right now. What should every programmer do right now (even if secure in their current job) to prepare them for layoffs down the road? If your boss came to your cubicle while you read this and laid you off: What would you do immediately after? What would you do tomorrow? What would you do next week? It obvious that one should always have an up to date resume, always get recommendations from people when they see you at your best (not when you're looking for a new job), etc. What are the things, step by step, that every programmer should do (or should consider doing) long before they are laid off, when they're laid off, and shortly after being laid off? This is a question with many possible facets. While I want to encourage discussion to center around programming career based answers, please reconsider before downvoting someone because they're thinking in terms of how they're going to prevent going into debt. Bonus catch-22 type question: You can study a new language or technology while out of work, but most places want you to have more than 1-2 months experience in a working environment, not just from a learning exercise. Is it worthwhile to place a priority on new (ideally in demand) skills, or should you instead hone existing skills?

  Read the article

• How are hybrid VB6/.Net applications functioning in the Real World?

  - by Dabblernl

  I am maintaining a VB6 application and we are studying how to migrate to .Net We are considering doing this gradually by implementing new features in COM visible .Net classes and migrating existing functionality slowly. I found some instructive 'Hello World' examples about how to do this and it works fine with our App. But how is the real world behaviour of these hybrid applications? Are they stable, maintainable? Particular of our program is that more users on the same computer will use it by switching user accounts. EDIT: The VB6 app reads data from a USB connection and stores it in an Access database. The user can call up various views on the data. The data is cached in a hardware device, so interuptions in the reading of it are not fatal.

  Read the article

• Samba fails to install

  - by jschoen

  I am running XBMC, which is built around Ubuntu 10.04. It does not come with samba pre-installed, and I need to share some media with a couple other boxes. I followed the Think Geek directions found here. I had it all set up a couple days ago, and thought I was in the clear. I rebooted this evening and when it came back up Samba was not started. I determined this by trying access the samba shares, and it would return there was an connecting to the server. I can ssh into it, so I know it is connected. In my inifinite wisdom, I figured I just messed something up and would just uninstall and reinstall. So I did: sudo apt-get purge samba and sudo apt-get purge smbfs. Then tried to follow the tutorial above again. The what I get after running sudo apt-get install samba smbfs is Reading package lists... Done Building dependency tree Reading state information... Done Suggested packages: openbsd-inetd inet-superserver smbldap-tools ldb-tools ufw smbclient The following NEW packages will be installed: samba smbfs 0 upgraded, 2 newly installed, 0 to remove and 5 not upgraded. Need to get 0B/8,131kB of archives. After this operation, 22.6MB of additional disk space will be used. Preconfiguring packages ... Selecting previously deselected package samba. (Reading database ... 57098 files and directories currently installed.) Unpacking samba (from .../samba_2%3a3.4.7~dfsg-1ubuntu3.2_i386.deb)... Selecting previously deselected package smbfs. Unpacking smbfs (from .../smbfs_2%3a3.4.7~dfsg-1ubuntu3.2_i386.deb) ... Processing triggers for ureadahead ... Setting up samba (2:3.4.7~dfsg-1ubuntu3.2) ... Generating /etc/default/samba... update-alternatives: using /usr/bin/smbstatus.samba3 to provide /usr/bin/smbstatus (smbstatus) in auto mode. smbd start/running, process 2963 **start: Job failed to start** Setting up smbfs (2:3.4.7~dfsg-1ubuntu3.2) ... The bold is my own emphasis. So I am not sure what I messed up here, or how to get back to where it was. Though I am pretty sure I made it worse than it is. I found where the logs are located, /var/logs, and found this line that seems to be the culprit. Jan 29 11:59:34 XBMCLive smbd[2806]: error opening config file So it seems to not create the configuration files. Is there a way to get samba to try to recreate them again?

  Read the article

• Suspend fails (reboot on resume) and no hibernate option

  - by Matt Kibble

  Upgraded from 10.04 to 10.10 removed hibernate option for me and introduced the problem where by after entering standby (being indicated by blinking amber LED on my laptop) I cannot resume my session. Instead I get a crash and system reboots (crash comes instantly on trying to resume). Tried clean install to eliminate possibility of an upgrade issue but its still persistent. All latest updates installed. Tried looking for an answer to this but still no joy. Laptop is Sony VGN-FW41E.

  Read the article

• How to detect Creative Sound blaster Audigy 2?

  - by Chris

  I have installed a pci 7.1 sound card Creative Sound Blaster Audigy 2, on my 10.10 Ubuntu 64 bit installation. I have disabled the on board sound card from bios. I boot and the system cannot recognize my "new" sound card. When I execute aplay -l I get this responce: aplay: device_list:235: no soundcards found... I take a guess and I think it is probably something wrong with my sound modules.

  Read the article

• Cutting desktop power usage

  - by steevc

  I'm on a general energy saving mission. I've finally swapped my old CRT monitor for a LCD, so the next step it to optimise the PC power usage. It's using an AMD 64 X2 4600+ CPU which I know can trottle down, but seems to be running at a constant 2.4GHz. A while back I heard about Granola. I've installed it, but when I try to run it I get granola[10568]: Error opening scaling governor file '/sys/devices/system/cpu/cpu0/cpufreq/scaling_governor' in read mode granola[10568]: Is cpufreq enabled in this kernel and do you have a CPU which supports DVFS? granola[10568]: Can't manage DVFS for any CPUs I'm happy to use other applications if Granola is not optimal or viable.

  Read the article

• Disable new invisible border feature? (ruins compiz grid)

  - by Ike

  A new feature was added recently that adds an invisible border around the windows to grab for resizing (although i thought the new resize grip solved any big issues). This annoys me because it destroys the usefulness of the grid plugin of compiz.. i'm not sure if the border is part of compiz or gnome, but i'd like to know how to disable it. i couldn't find any options in ccsm or the window settings in gnome. See the screenshot to see how much waste is caused. These windows should match up instead of having blank space surrounding all of them.

  Read the article

• Adding user to chroot environment

  - by Neo

  I've created a chroot system in my Ubuntu using schroot and debrootstrap, based on minimal ubuntu. However whenever I can't seem to add a new user into this chroot environment. Here is what happens. I enter schroot as root and add a new user 'Bob'.(Tried both adduser and useradd commands) The username 'Bob' lists up in /etc/passwd file and I can 'su' into the user 'Bob'. So far so good. When I log out of schroot, and re-enter schroot, the user 'Bob' has vanished!! There is no mention of Bob in /etc/passwd either. How do I make the new user permanent?

  Read the article

• Hangul calligraphy (TTF)

  - by 2x2p1p

  Hi guys. I want a nice hangul font. Can somebody indicate one ? Something elegant and beautiful like this England calligraphy: I would like to apply it using css 3: <!DOCTYPE html> <html> <head> <meta charset = "utf-8"> <style> @font-face { font-family: "hangul"; src: url("hangul.ttf"); } body { font-family: hangul; } </style> <title></title> </head> <body> ? ? ? </body> </html> Thanks

  Read the article

• SEO: many stackoverflow users' pages have got no Google PR and they are not indexed, why?

  - by Marco Demaio

  If you go to my user page on Stack Overflow and you check it with the Gogle bar you can see has got no PR at all (this does happen for almost any user page, even people with much higher reputation, the only exceptions seem to be the users in page 1, and some other users they have PR). My user page's Page Rank is not only zero, but not calculated at all. When PR is 0 or less than 1, but calculated the Google bar shows white, but when the PR is not even calculated like in my user page the Google bar shows in grey. I further more discovered that my user page is NOT EVEN INDEXED on Google, simple test is searching on Google for the exact page url: "http://stackoverflow.com/users/260080/marco-demaio" and you will see no result. The question is how can this be??? This is really weird to me because of the following reason: If you search on Google for "Marco Demaio" on stackoverflow site only (you can do this by searching "site:stackoverflow.com Marco Demaio") the search result shows hundreds of 'asking/answering questions' pages where I was 'tagged'!!! Let's check one of these: the 1st one that appears now (shows one of the question I asked). We can be sure this page is indexed in Google because comes out in a search moreover its PR is calculated, it's probably nearly zero, but still some PR flows there, the PR bar is not grey, but white: The page shown above has got links to my own user page. I checked the source code of the page shown above and the links are not hidden or set with a rel="nofollow", moreover I can't see any meta character excluding the links on the page from being followed. So what's happening? Why Google does not see my user page at all. Did stackoverflow do something to achieve this? If yes what did they do? Any explantion really appreciates (as always). P.S. obviously I checked also the code of my user page, but I could not find meta tags excluding Google search for the page. P.S. 2 in a desperate adventure I also checked StackOverflow robots but it does not seem to exclude user pages. UPDATE 1 following up on some answers, I did some more research. Excluding for a while the PR problem (since PR is not science), and looking only at the user page on StackOverflow NOT BEING INDEXED problem: pages do not seem to be indexed by Google because of the user reputation, this user for instance has got NOW 200 points less reputation than me and his page is indexed (while mine not). It does not seem even to be connected with months you have been on Stackoverflow, this user (almost my same reputation) has been there for 3 months only and his page is indexed (while mine not and I have been a user for 7 months). It's bizzarre! UPDATE February/2011 As of today the page got indexed by Google at least when you search for "site:stackoverflow.com Marco Demaio" it's the 1st page. The amazing thing is that it has still got NO PageRank at all: Google toolbar states loud and clear "No PageRank information available". It's odd!

  Read the article

• Multiple volumetric lights

  - by notabene

  I recently read this GPU GEMS 3 article Volumetric Light Scattering as a Post-Process. I like the idea to add volumetric light property to realtime render i'm working on. Question is will it work for multiple lights? Our renderer uses one render pass per light and uses additive blending to sum incoming light. I'm mostly convinced that it have to work nice. Do you agree? Maybe there can be problem where light rays crosses each other.

  Read the article

• 2D object-aligned bounding-box intersection test

  - by AshleysBrain

  Hi all, I have two object-aligned bounding boxes (i.e. not axis aligned, they rotate with the object). I'd like to know if two object-aligned boxes overlap. (Edit: note - I'm using an axis-aligned bounding box test to quickly discard distant objects, so it doesn't matter if the quad routine is a little slower.) My boxes are stored as four x,y points. I've searched around for answers, but I can't make sense of the variable names and algorithms in examples to apply them to my particular case. Can someone help show me how this would be done, in a clear and simple way? Thanks. (The particular language isn't important, C-style pseudo code is OK.)

  Read the article

< Previous Page | 4 5 6 7 8 9  | Next Page >