Search Results

Search found 97980 results on 3920 pages for 'code security'.

Page 142/3920 | < Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149 | Next Page >

What are some internet trends that you've noticed over the past ~10 years? [closed]

- by Michael

I'll give an example of one that I've noticed: the number of web sites that ask for your email address (GOOG ID, YAHOO! ID, etc.) has skyrocketed. I can come up with no legitimate reason for this other than (1) password reset [other ways to do this], or (2) to remind you that you have an account there, based upon the time of your last visit. Why does a web site need to know your email address (Google ID, etc.) if all you want to do is... download a file (no legit reason whatsoever) play a game (no legit reason whatsoever) take an IQ test or search a database (no legit reason whatsoever) watch a video or view a picture (no legit reason whatsoever) read a forum (no legit reason whatsoever) post on a forum (mildly legit reason: password reset) newsletter (only difference between a newsletter and a blog is that you're more likely to forget about the web site than you are to forget about your email address -- the majority of web sites do not send out newsletters, however, so this can't be the justification) post twitter messages or other instant messaging (mildly legit reason: password reset) buy something (mildly legit reasons: password reset + giving you a copy of a receipt that they can't delete, as receipts stored on their server can be deleted) On the other hand, I can think of plenty of very shady reasons for asking for this information: so the NSA, CIA, FBI, etc. can very easily track what you do by reading your email or asking GOOG, etc. what sites you used your GOOG ID at to use the password that you provide for your account in order to get into your email account (most people use the same password for all of their accounts), find all of your other accounts in your inbox, and then get into all of those accounts sell your email address to spammers These reasons, I believe, are why you are constantly asked to provide your email address. I can come up with no other explanations whatsoever. Question 1: Can anyone think of any legitimate or illegitimate reasons for asking for someone's email address? Question 2: What are some other interesting internet trends of the past ~10 years?

Read the article
Why does Facebook convert PHP code to C++?

- by user72245

I read that Facebook started out in PHP, and then to gain speed, they now compile PHP as C++ code. If that's the case why don't they: Just program in c++? Surely there must be SOME errors/bugs when hitting a magic compiler button that ports PHP to c++ code , right? If this impressive converter works so nicely, why stick to PHP at all? Why not use something like Ruby or Python? Note -- I picked these two at random, but mostly because nearly everyone says coding in those languages is a "joy". So why not develop in a super great language and then hit the magic c++ compile button?

Read the article
Why can't non-admin users install software?

- by fiftyeight

This is probably something I don't understand since I am used to Windows and am only starting out with Ubuntu. I know that software in linux comes in packages what I don't understand is why can't non-admin users install software. I mean, every application is run by a specific user, and that user will only be able to run that applciation with his privilages, so if he has no admin privileges, the application also won't be able to access unauthorized directories etc. I want most of the time to work on my PC with a non-admin user since it seems more safe to me, most of the time I have no need for admin privileges. and even though I know viruses in linux are uncommon I still think the best practice is to work on the computer in a state that you yourself can't make any changes to important files, that way viruses also can't harm any important files, but I need to install software for programming and web-design etc. and first of all I don't want to switch users all the time. But also it sounds safer to me that everything being done on the PC will be done through the non-admin user. I'll be glad to know what misunderstanding I have here, cause something here doesn't sound right.

Read the article
Making Agile and DevOps methodology compatible with PCI requirements

- by kenchew

Would like to hear from those working in a PCI compliance environment and is practicing agile development and devops methodology, how you maintain compliance with PCI requirements. Specifically, what do you do to address: separation of duties between development/test and production alignment of continuous integration / deployment and change control alignment of agile stories to requirement documentation

Read the article
Keeping files private on the internet (.htaccess password or software/php/wordpress password)

- by jiewmeng

I was asked a while ago to setup a server such that only authenticated users can access files. It was like a test server for clients to view WIP sites. More recently, I want to do something similar for some of my files. Tho they are not very confidential, I wish that I am the only one viewing it. I thought of doing the same, Create a robots.txt User-agent: * Disallow: / Setup some password protection, .htpasswd seems like a very ugly way to do it. It will prompt me even when I log into FTP. I wonder if software method like password protected posts in Wordpress will do the trick of locking out the public and hiding content from Search Engines? Or some self made PHP script will do the trick?

Read the article
Anyone code at a treadmill desk? [closed]

- by Sequenzia

have been thinking about getting a treadmill desk for awhile now but I just don't know if it is possible to code at one. I can see doing a normal computer job while walking very slow but I just don't know if you can write code do it. Like a lot of people I could stand to lose weight and I am just not in shape anymore. I sit at my computer for at least 12 hours a day and then I am on my laptop for a few more hours. I need to do something to help my health. I also have been seeing a lot of reports about the long term health issues related to desk jobs. Like this. Before I drop a few hundred dollars on a new desk I am wondering if anyone has tried a treadmill desk and if so which one?

Read the article
What are the pros and cons of non-unique display names?

- by Davy8

I know of at least big title game (Starcraft II) that doesn't require unique display names, so it would seem like it can work in at least some circumstance. Under what situations does allowing non-unique display names work well? When does it not work well? Does it come down to whether or not impersonation of someone else is a problem? The reasons I believe it works for Starcraft II is that there isn't any kind of in-game trading of virtual goods and other than "for kicks" there isn't much incentive to impersonate someone else in the game. There's also ladder rankings so even trying to impersonate a pro is easily detectable unless you're on a similar skill level. What are some other cases where it makes sense to specifically allow or disallow duplicate display names?

Read the article
Steps after SQL Injection detected

- by Zukas

I've come across SQL injection vulnerabilities on my companies ecommerce page. It was fairly poorly put together. I believe I have prevented future attempts however we are getting calls about fraudulent credit card charges on our site and others. This leads me to believe that someone was able to get a list of our credit card numbers. What doesn't make sense is that we don't store that information and we use Authorize.net for the transaction. If someone was able to get the CC#s, what should I do next? Inform ALL of our customers that someone broken into our system and stole their information? I have a feeling that will be bad for business.

Read the article
HackingSilverlight Code Browser

So sometime ago I had been working on a sample browser for all the different samples I had used for hackingsilverlight and for blog posts. After awhile with all the jumping around between projects, and my failing memory I found I needed a quick easy way to remember all the code clips I used often. For me I needed something like a rola-deck for code so after taking my toys and leaving the sandbox as it were regarding the book HackingSilverlight between projects for the 5 minutes here or there I've...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

Read the article
How to protect Ubuntu from fork bomb

- by dblang

I heard someone talking about a fork bomb, I did some research and found some dreadful information about some strange looking characters people can have you type at the command line and as a result do bad things on the computer. I certainly would not issue commands I do not understand but one never knows what can happen. I heard that some OS allows the administrator to place some limit on user processes to mitigate the effects of fork bombs, is this protection in Ubuntu by default or would a person with sudo privilege have to set this? If so, how?

Read the article
Help writing server script to ban IP's from a list

- by Chev_603

I have a VPS that I use as an openvpn and web server. For some reason, my apache log files are filled with thousands of these hack attempts: "POST /xmlrpc.php HTTP/1.0" 404 395 These attack attempts fill up 90% of my logs. I think it's a WordPress vulnerability they're looking for. Obviously they are not successful (I don't even have Wordpress on my server), but it's annoying and probably resource consuming as well. I am trying to write a bash script that will do the following: Search the apache logs and grab the offending IP's (even if they try it once), Sort them into a list with each unique IP on a seperate line, And then block them using the IP table rules. I am a bash newb, and so far my script does everything except Step 3. I can manually block the IP's, but that's tedious and besides, this is Linux and it's perfectly capable of doing it for me. I also want the script to be customizable so that I (or anyone else who wants to use it) can change the variables to suit whatever situation I/they may deal with in the future. Here is the script so far: #!/bin/bash ##IP LIST GENERATOR ##Author Chev Young ##Script to search Apache logs and list IP's based on custom filters ## ##Define our variables: DIRECT=~/Script ##Location of script&where to put results/temp files LOGFILE=/var/log/apache2/access.log ## Logfile to search for offenders TEMPLIST=xml_temp ## Temporary file name IP_LIST=ipstoban ## Name of results file FILTER1=xmlrpc ## What are we looking for? (Requests we want to ban) cd $DIRECT if [ ! -f $TEMPLIST ];then touch $TEMPLIST ##Create temp file fi cat $LOGFILE | grep $FILTER1 >> $DIRECT/$TEMPLIST ## Only interested in the IP's, so: sed -e 's/\([0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+\).*$/\1/' -e t -e d $DIRECT/$TEMPLIST | sort | uniq > $DIRECT/$IP_LIST rm $TEMPLIST ## Clean temp file echo "Done. Results located at $DIRECT/$IP_LIST" So I need help with the next part of the script, which should ban the IP's (incoming and perhaps outgoing too) from the resulting $IP_LIST file. I don't care if it utilizes UFW or IPTables directly, as long as it bans the IP's. I'd probably run it as a cron task. What I'm having trouble with is understanding how to use line of the result file as a seperate variable to do something like: ufw deny $IP1 $IP2 $IP3, ect Any ideas? Thanks.

Read the article
Are code screening services worthwhile?

- by Robert Klubenspies

I've seen websites that screen programmers by their ability to write code. It's a service that you enter a programming question into and then send out a link. Job candidates program their solution to the question as they are timed and recorded. The person who posted the question can then playback a video of their candidate programming the script. This video allows them to see how quickly and neatly their job candidate can code. Are these types of services worth it? What caveats and hangups are there to using such things to screen potential hires?

Read the article
Code maintenance: To add comments in code or to just leave it to the version control?

- by Chillax

We have been asked to add comments with start tags, end tags, description, solution etc for each change that we make to the code as part of fixing a bug / implementing a CR. My concern is, does this provide any added value? As it is, we have all the details in the Version control history, which will help us to track each and every change? But my leads are insisting on having the comments as a "good" programming practice. One of their argument is when a CR has to be de-scoped/changed, it would be cumbersome if comments are not there. Considering that the changes would be largely in between code, would it really help to add comments for each and every change we make? Shouldn't we leave it to the version control?

Read the article
More than one way to skin an Audit

- by BuckWoody

I get asked quite a bit about auditing in SQL Server. By "audit", people mean everything from tracking logins to finding out exactly who ran a particular SELECT statement. In the really early versions of SQL Server, we didn't have a great story for very granular audits, so lots of workarounds were suggested. As time progressed, more and more audit capabilities were added to the product, and in typical database platform fashion, as we added a feature we didn't often take the others away. So now, instead of not having an option to audit actions by users, you might face the opposite problem - too many ways to audit! You can read more about the options you have for tracking users here: http://msdn.microsoft.com/en-us/library/cc280526(v=SQL.100).aspx In SQL Server 2008, we introduced SQL Server Audit, which uses Extended Events to really get a simple way to implement high-level or granular auditing. You can read more about that here: http://msdn.microsoft.com/en-us/library/dd392015.aspx As with any feature, you should understand what your needs are first. Auditing isn't "free" in the performance sense, so you need to make sure you're only auditing what you need to. Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!

Read the article
Do logins by the gdm (or lightdm) user in auth.log mean my system is breached?

- by Pramanshu

Please look at this auth.log (from Ubuntu 14.04) I have provided and tell me who this gdm user is and why there are all these unauthenticated logins? I am freaked out; please help! Here's the /var/log/auth.log file: http://paste.ubuntu.com/8120231/ Update: I know now that "gdm" is gnome desktop manager and it's there because of root. But please look at the log there is more and tell me if my system is breached.

Read the article
My self-generated CA is nearing it's end-of-life; what are the best practices for CA-rollover?

- by Alphager

Some buddies and me banded together to rent a small server to use for email, web-hosting and jabber. Early on we decided to generate our own Certificate Authority(CA) and sign all our certificates with that CA. It worked great! However, the original CA-cert is nearing it's end-of-life (it expires in five months). Obviously, we will have to generate a new cert and install it on all our computers. Are there any best practices we should follow? We have to re-generate all certs and sign them with the new CA, right?

Read the article
Automatically locking screen without shutting it off

- by milkandtang

Hey everyone— I have a home theater PC running Ubuntu 11.10, outputting over HDMI (for audio and video). I'm having an issue: I'd like the screen to lock automatically (when video is not playing, of course) but do not want the screen to turn off automatically, because that kills audio. I can manually lock the screen, of course, but it appears that if you set the "Turn off screen" setting to "never", the screen will never lock, no matter what the "lock screen" timeout is set to. Is there a way to do what I'm asking, or will I have to install xscreensaver?

Read the article
How can I protect my save data from casual hacking?

- by Danran

What options are there for saving game data in a secure manner? I'm interested in solutions specifically tailored for C++. I'm looking for something that is fast and easy to use. I'm only concerned about storing simple information such as Which levels are and are not unlocked The user's score for each level I'm curious again to know what's out there to use, any good libraries to use that give me nice, secure game data files that the average player can't mess with. I just found this here which looks very nice, but it would be great to get some opinions on potential other libraries/options out there.

Read the article
Avoiding "double" subscriptions

- by john smith

I am working on a website that requires a bit of marketing; let me explain. This website is offering a single, say, iTunes 50$ voucher to a lucky winner. To be entered in the draw, you need to invite (and has to join) at least one friend to the website. Pretty straightforward. Now, of course it would be easy for anyone to just create a fake account and invite that account so, I was thinking of some other way to somehow find out of possible cheating. I was thinking of an IP check on the newly subscribed (invited) user, and if there is the same IP logged in the last 24 hours, and if that's the case, investigate more about it. But I was thinking that maybe there is a more clever way around this issue. Has anyone ever though about this? What other solutions did you try? Thanks in advance.

Read the article
Microsoft Office 2013 Takes New Approach

You can check out an article from Computerworld for a good look at the questions and answers about the new software. For instance, you've probably noticed that I'm not giving the full name. That's because Microsoft seems to be using several names. If you go the traditional route and pay the one-time upfront fee for the shrink-wrapped edition, it's Office 2013. There's also a tablet version called Office Home and Student 2013 RT - but that won't include the iPad, or at least not at first. The consumer preview, which I'll be linking to in a minute, is dubbed Office 365 Home Premium. There ...

Read the article
Python Web Applications: What is the way and the method to handle Registrations, Login-Logouts and Cookies? [on hold]

- by Phil

I am working on a simple Python web application for learning purposes. I have chosen a very minimalistic and simple framework. I have done a significant amount of research but I couldn't find a source clearly explaining what I need, which is as follows: I would like to learn more about: User registration User Log-ins User Log-outs User auto-logins I have successfully handled items 1 and 3 due to their simple nature. However, I am confused with item 2 (log-ins) and item 4 (auto-logins). When a user enters username and password, and after hashing with salts and matching it in the DB; What information should I store in the cookies in order to keep the user logged in during the session? Do I keep username+password but encrypt them? Both or just password? Do I keep username and a generated key matching their password? If I want the user to be able to auto-login (when they leave and come back to the web page), what information then is kept in the cookies? I don't want to use modules or libraries that handle these things automatically. I want to learn basics and why something is the way it is. I would also like to point out that I do not mind reading anything you might offer on the topic that explains hows and whys. Possibly with algorithm diagrams to show the process. Some information: I know about setting headers, cookies, encryption (up to some level, obviously not an expert!), request objects, SQLAlchemy etc. I don't want any data kept in a single web application server's store. I want multiple app-servers to be handle a user, and whatever needs to be kept on the server to be done with a Postgres/MySQL via SQLAlchemy (I think, this is called stateless?) Thank you.

Read the article
How to write efficient code despite heavy deadlines

- by gladysbixly

I am working in an environment wherein we have many projects with strict deadlines on deliverables. We even talk directly to the clients so getting the jobs done and fast is a must. My issue is that i'd always write code for the first solution that comes to my mind, which of course I thought as best at that moment. It always ends up ugly though and i'd later realize that there are better ways to do it but can't afford to change due to time restrictions. Are there any tips by which I could make my code efficient yet deliver on time?

Read the article
Site overthrown by Turkish hackers...

- by Jackson Gariety

Go ahead, laugh. I forgot to remove the default admin/admin account on my blog. SOmebody got in and has replaced my homepage with some internet graffiti. I've used .htaccess to replace the page with a 403 error, but no matter what I do, my wordpress homepage is this hacker thing. How can I setup my server so that ONLY MYSELF can view it while I'm fixing this via .htaccess? What steps should I take to eradicate them from my server? If I delete the ENTIRE website and change all the passwords, is he completely gone? Thanks.

Read the article
Sample code and slides for my TechDays10 (Belgium) talks

- by Laurent Bugnion

The source code for my MVVM talk titled “Understanding the MVVM Pattern” given at TechDays 2010 in Antwerpen, Belgium, is available online. It is actually the same code than the MIX10 one, but I added the Windows Phone 7 MVVM Light application (available in the folder titled “Mix10.MvvmDemo2-End”. Note: before unpacking the zip file, you should right click on it, and select properties / Unblock. I also published the slides for my two talks: Understanding the MVVM Pattern A day in the life of a WPF/SL integrator As far as I know, the videos will be online soon, stay tuned and I will announce when it is the case. Get Started page for the MVVM Light Toolkit: http://www.galasoft.ch/mvvm/getstarted Laurent Bugnion (GalaSoft) Subscribe | Twitter | Facebook | Flickr | LinkedIn

Read the article
Fixing a bug while working on a different part of the code base

- by imgx64

This happened at least once to me. I'm working on some part of the code base and find a small bug in a different part, and the bug stops me from completing what I'm currently trying to do. Fixing the bug could be as simple as changing a single statement. What do you do in that situation? Fix the bug and commit it together with your current work Save your current work elsewhere, fix the bug in a separate commit, then continue your work [1] Continue what you're supposed to do, commit the code (even if it breaks the build fails some tests), then fix the bug (and the build make tests pass) in a separate commit [1] In practice, this would mean: clone the original repository elsewhere, fix the bug, commit/push the changes, pull the commit to the repository you're working on, merge the changes, and continue your work. Edit: I changed number three to reflect what I really meant.

Read the article

< Previous Page | 138 139 140 141 142 143 144 145 146 147 148 149 | Next Page >