Search Results

Search found 1775 results on 71 pages for 'aaron smith'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 10/71 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

  • Changes to File Store Provider in UCM PS3

    - by Kevin Smith
    In the recent PS3 release of UCM (11.1.1.4.0) there are some significant changes to the File Store Provider (FSP) configuration. For new PS3 installs (not upgrades from PS2) the FSP default storage rule includes a dispersion rule that will change the web-layout and vault paths by adding dispersion directories to the paths to limit the number of files in the vault and web-layout directories. What that means is that if you install a new PS3 UCM instance and migrate content in from a previous version of UCM the web URL will change. That is a critical problem for web sites and just general document management. See below for some details on the FSP configuration in PS3 and how you can change the default behavior. use the link below to read the rest of this post where I describe the issue in detaill and provide instructions for how to modify a PS3 instance to use the old format for the web-layout path.

    Read the article

  • Simulating an object floating on water

    - by Aaron M
    I'm working on a top down fishing game. I want to implement some physics and collision detection regarding the boat moving around the lake. I would like for be able to implement thrust from either the main motor or trolling motor, the effect of wind on the object, and the drag of the water on the object. I've been looking at the farseer physics engine, but not having any experience using a physics engine, I am not quite sure that farseer is suitable for this type of thing(Most of the demos seem to be the application of gravity to a vertical top/down type model). Would the farseer engine be suitable? or would a different engine be more suitable?

    Read the article

  • What tools exist for assessing an organisation's development capability?

    - by Eric Smith
    I have a bit of a challenge at work at the moment. Presently (and in fact, for some time now), we have been experiencing the following problems with some in-house maintained applications: Defects (sometimes quite serious) being released into production; The Customer (that is, the relevant business unit) perpetually changing their minds (or appearing to do so) about what issue to work on next; A situation where everyone seems to be in a "fire-fighting" mode a lot of the time; Development staff responding to operational requests from business users; ("operational" here means something that needs to be done in order to continue with business, or perhaps just to make a business user's life a little less painful, as opposed to fixing a bug in the application, or enhancing the application); Now I'm sure this doesn't sound particularly new or surprising to most of the participants on this Q&A site and no prizes for identifying the "usual suspects" when it comes to root causes. My challenge is that I have to persuade the higher-ups to do uncomfortable things in order to address all of this. The folk I need to persuade come from a mixture of the following two cultures: Accounting; IT Infrastructure. I have therefore opted for a strategy that draws from things with-which folk from such a culture would be most comfortable (at least, in my estimation), namely: numbers and tangibles. Of course modern development practitioners know all too well that this sort of thing isn't easily solved using an analytical mindset (some would argue that that mindset is, in fact, entirely inappropriate). Never-the-less, this is the dichotomy with-which I am faced, so that's the stake that I've put in the ground. I would like to be able to do research and use the outputs to present findings in the form of metrics and measures. I am finding it quite difficult, though, to find an agreed-upon methodology and set of templates for assessing an organisations development capability--the only thing that seems applicable is the Software Engineering Institute's Capability Maturity Model. The latter, however, seems dated and even then rather vague. So, the question is: Do any tools or methodologies (free or commercial) exist that would assist me in completing this assessment?

    Read the article

  • Working with the new FSP dispersion rules

    - by Kevin Smith
    In a previous post I provided instructions for how you can remove the dispersion directories that are present in the default storage rule in the PS3 release of UCM (11.1.1.4.0). In this post I will describe a suggested approach for working with the new dispersion rules so that new content takes advantage of the dispersion rules but migrated content uses the legacy file paths so it will retain its current web URLs.

    Read the article

  • Dealing with the customer / developer culture mismatch on an agile project

    - by Eric Smith
    One of the tenets of agile is ... Customer collaboration over contract negotiation ... another one is ... Individuals and interactions over processes and tools But the way I see it, at least when it comes to interaction with the customer, there is a fundamental problem: How the customer thinks is fundamentally different to how a software engineer thinks That may be a bit of a generalisation, yes. Arguably, there are business domains where this is not necessarily true---these are few and far between though. In many domains though, the typical customer is: Interested in daily operational concerns--short-range tactics ... not strategy; Only concerned with the immediate solution; Generally one-dimensional, non-abstract thinkers; Primarily interested in "getting the job done" as opposed to coming up with a lasting, quality solution. On the other hand, software engineers who practice agile are: Professionals who value quality; Individuals who understand the notion of "more haste less speed" i.e., spending a little more time to do things properly will save lots of time down the road; Generally, very experienced analytical thinkers. So very clearly, there is a natural culture discrepancy that tends to inhibit "customer collaboration". What's the best way to address this?

    Read the article

  • What's the best way to create animations when doing Android development?

    - by Adam Smith
    I'm trying to create my first Android game and I'm currently trying to figure out (with someone that will do the drawings and another programmer) what the best way to create animation is. (Animations such as a character moving, etc.) At first, the designer said that she could draw objects/characters and animate them with flash so she didn't have to draw every single frame of an action. The other programmer and I don't know Flash too much so I suggested extracting all the images from the Flash animation and making them appear one after the other when the animation is to start. He said that would end up taking too much resource on the CPU and I tend to agree, but I don't really see how we're supposed to make smooth animations without it being too hard on the hardware and, if possible, not have the designer draw every single frame on Adobe Illustrator. Can an experienced Android game developper help me balance this out so we can move on to other parts of the game as I have no idea what the best way to create animations is.

    Read the article

  • Always disable the 8.3 name creation on Windows before installing WebCenter Content or WebLogic Server

    - by Kevin Smith
    You should always disable the 8.3 name creation feature when installing WebCenter Content on a Windows platform. The installs will normally work without it disabled, but you will find the weird 8.3 file and directory names in all the config files. Disabling it can also improve performance. On Windows XP and Windows Server 2003 and above you can do it with this command: fsutil.exe behavior set disable8dot3 1 To make sure it is disabled you can run this command to check: fsutil.exe behavior query disable8dot3 If the 8.3 file name creation is disabled you will see the following output from the command: The registry state of NtfsDisable8dot3NameCreation is 1 (Disable 8dot3 name creation on all volumes). Here is a Microsoft note on how to do this on Windows 2000 and Windows NT. How to Disable the 8.3 Name Creation on NTFS Partitions

    Read the article

  • What is the diffference between "data hiding" and "encapsulation"?

    - by john smith optional
    I'm reading "Java concurrency in practice" and there is said: "Fortunately, the same object-oriented techniques that help you write well-organized, maintainable classes - such as encapsulation and data hiding -can also help you crate thread-safe classes." The problem #1 - I never heard about data hiding and don't know what it is. The problem #2 - I always thought that encapsulation is using private vs public, and is actually the data hiding. Can you please explain what data hiding is and how it differs from encapsulation?

    Read the article

  • Where can you find your first customers as a freelancer?

    - by Adam Smith
    I want to start doing freelance work, but no matter how I look at it, it seems like the best way to get customers and to have work most of the time, you have to already be in the freelancing game. Most freelancers I've talked to have had the same customers over the years or got new customers because their satisfied clients referred them. What I'd like to know from the successful people here that work as freelancers is how do you start doing business when you haven't yet set foot in freelancing? I want to start small, creating websites that won't require me to hire other people other than maybe a designer I already know. (I'd like to create desktop applications as well, but I think I should keep that for later when I'm more experienced) . I thought about localized Google ads or visiting companies and meeting the people in charge there, but I wouldn't know which kind of businesses to look for or if it's even a good way to approach this. Anyone care to share their personal startup experiences / advice that can help future freelancers?

    Read the article

  • Python or Ruby in 2011.

    - by Sleeper Smith
    What I'm really asking is, in the current services and technologies provided, which is a more "useful" language? Which one has more opportunity? Some background info first. I'm a .net C# dev for 5 years. Having done a few projects on Amazon AWS, I'm looking to start a few projects of my own. But Azure's too expensive, and AWS has too much management overhead. My current choice is Google App Engine and Python. Logical enough. But what I want to ask here is this: In Linux world, which is more useful? Recently heard about Heroku for Ruby. How viable is this? Looking at the pricing model indicates that it's more expensive. Which one has more up-to-date and exciting open source projects? For instance Trac is just plain out dated compared to Redmine. One of the big reason pulling me for Ruby is Redmine. Implementations? IronPython/IronRuby/JRuby etc etc. Which one is more standardised and more implementation agnostic? Which one is easier to port between Windows/Linux? Anyway, your input and thoughts are greatly appreciated. thanks.

    Read the article

  • Good resources for language design

    - by Aaron Digulla
    There are lots of books about good web design, UI design, etc. With the advent of Xtext, it's very simple to write your own language. What are good books and resources about language design? I'm not looking for a book about compiler building (like the dragon book) but something that answers: How to create a grammar that is forgiving (like adding optional trailing commas)? Which grammar patterns cause problems for users of a language? How create a compact grammar without introducing ambiguities

    Read the article

  • Can't remove libreoffice3.5-dict-de package

    - by Aaron Digulla
    I just installed the wrong version of LibreOffice (x86 instead of 64bit). So I tried to remove it but I get this error: > aptitude remove libreoffice3.5-dict-de Couldn't find package "libreoffice3.5-dict-de". However, the following packages contain "libreoffice3.5-dict-de" in their name: libreoffice3.5-dict-de Couldn't find package "libreoffice3.5-dict-de". However, the following packages contain "libreoffice3.5-dict-de" in their name: libreoffice3.5-dict-de No packages will be installed, upgraded, or removed. 0 packages upgraded, 0 newly installed, 0 to remove and 2 not upgraded. Need to get 0 B of archives. After unpacking 0 B will be used. The same happens when I try to use "Software Management". What's going on? aptitude: 0.6.4-1ubuntu2 Ubuntu 11.10 oneiric

    Read the article

  • Links for PrDC10 Session Visual Studio 2010 Testing Tools

    - by Aaron Kowall
    Here are the links I promised to post from my session on Visual Studio 2010 Testing Tools. To download and configure the TFS 2010 Virtual Machine the best instructions are here: http://blogs.msdn.com/b/briankel/archive/2010/03/18/now-available-visual-studio-2010-release-candidate-virtual-machines-with-sample-data-and-hands-on-labs.aspx To download and configure the Lab Management Virtual Machine, the best instructions are here: http://blogs.msdn.com/b/lab_management/archive/2010/02/12/one-box-lab-management-walkthrough.aspx Thanks to all that attended my presentation!  Hope you learned a bit. Technorati Tags: PrDC10,TFS 2010,VHD,Lab Management

    Read the article

  • Not Drowning, Being Saved By a Dog

    - by Aaron Lazenby
    Really, there's no dog in this story. Just a week without travel to get some actual work done.I had plans to blog ambitiously from from Collaborate 10 (Wi-Fi was limited; iPad is still untested), but it's a much busier week than your agenda suggests.Scheduling sessions is one thing: you can count on those chunks of time being lost to the universe. It's the bumping into people in the hall and dropping in on an impromptu lunch that really knocks things out of whack.Good think too: I met with some great folks from

    Read the article

  • How a .NET Programmer learn Big Data/Hadoop? [on hold]

    - by Smith Pascal Jr.
    I have been ASP.NET developer for sometime now and I have been reading a lot about Big Data- Hadoop and its future as to how it is the next technology in IT and how it would be useful to create million of jobs in US and elsewhere in the world. Now since Hadoop is an open source big data tool which is managed by Apache Server Foundation Group, I'm assuming I have to be well aware of JAVA - Correct me if I'm wrong. Moreover, How a .NET programmer can learn Big Data and its related technologies and can work professionally full time into this technology? What challenges and opportunities does a .NET professional face while changing the technology platform? Please advice. Thanks

    Read the article

  • SDL 1.2 reports wrong screen size

    - by Aaron Digulla
    I have a multi-monitor setup with two displays, both 1920x1200. In games, I can only select resolutions 1920x1200 (like 2560x1200) which makes games unusable. Full screen doesn't work either because it switches one display to 800x600 which means I can't reach the close button... I have to kill the game and then, I have to restore my desktop because all windows are moved/resized. How can I force SDL to use any resolution that I want?

    Read the article

  • SQL Server-Determine which query is taking a long time to complete

    - by Neil Smith
    Cool little trick to determine which sql query which is taking a long time to execute, first while offending query is running from another machine do EXEC sp_who2 Locate the SPID responsible via Login, DBName and ProgramName columns, then do DBCC INPUTBUFFER (<SPID>) The offending query will be in the EventInfo column.  This is a great little time saver for me, before I found out about this I used to split my concatenated query script in to multiple sql files until I located the problem query

    Read the article

  • A way to return multiple return values from a method: put method inside class representing return value. Is it a good design?

    - by john smith optional
    I need to return 2 values from a method. My approach is as follows: create an inner class with 2 fields that will be used to keep those 2 values put the method inside that class instantiate the class and call the method. The only thing that will be changed in the method is that in the end it will assign those 2 values to the fields of the instance. Then I can address those values by referencing to the fields of that object. Is it a good design and why?

    Read the article

  • Why to avoid SELECT * from tables in your Views

    - by Jeff Smith
    -- clean up any messes left over from before: if OBJECT_ID('AllTeams') is not null  drop view AllTeams go if OBJECT_ID('Teams') is not null  drop table Teams go -- sample table: create table Teams (  id int primary key,  City varchar(20),  TeamName varchar(20) ) go -- sample data: insert into Teams (id, City, TeamName ) select 1,'Boston','Red Sox' union all select 2,'New York','Yankees' go create view AllTeams as  select * from Teams go select * from AllTeams --Results: -- --id          City                 TeamName ------------- -------------------- -------------------- --1           Boston               Red Sox --2           New York             Yankees -- Now, add a new column to the Teams table: alter table Teams add League varchar(10) go -- put some data in there: update Teams set League='AL' -- run it again select * from AllTeams --Results: -- --id          City                 TeamName ------------- -------------------- -------------------- --1           Boston               Red Sox --2           New York             Yankees -- Notice that League is not displayed! -- Here's an even worse scenario, when the table gets altered in ways beyond adding columns: drop table Teams go -- recreate table putting the League column before the City: -- (i.e., simulate re-ordering and/or inserting a column) create table Teams (  id int primary key,  League varchar(10),  City varchar(20),  TeamName varchar(20) ) go -- put in some data: insert into Teams (id,League,City,TeamName) select 1,'AL','Boston','Red Sox' union all select 2,'AL','New York','Yankees' -- Now, Select again for our view: select * from AllTeams --Results: -- --id          City       TeamName ------------- ---------- -------------------- --1           AL         Boston --2           AL         New York -- The column labeled "City" in the View is actually the League, and the column labelled TeamName is actually the City! go -- clean up: drop view AllTeams drop table Teams

    Read the article

  • Runtime analysis

    - by Joe Smith
    can someone please help me with the analysis of the following function (for inputs of size n). The part that confuses me the most is the inner for loop. def prefix_sums(L): # Total cost = ? pSum = [] #cost = 1 for a in range(len(L)+1): # range + body of function = (n+1) + (n+1)*(body) ? s = 0 #cost = 1 for b in range(a): # cost = ? s = s + L[b] #cost = operation + accessing list = 2 pSum.append(s) #cost = 1 return pSum #cost = 1 What I need to do is figure out the cost of each statement.

    Read the article

  • What can you do to decrease the number of live issues with applications?

    - by User Smith
    First off I have seen this post which is slightly similar to my question. : What can you do to decrease the number of deployment bugs of a live website? Let me layout the situation for you. The team of programmers that I belong to have metrics associated with our code. Over the last several months our errors in our live system have increased by a large amount. We require that our updates to applications be tested by at least one other programmer prior to going live. I personally am completely against this as I think that applications should be tested by end users as end users are much better testers than programmers, I am not against programmers testing, obviously programmers need to test code, but they are most of the times too close to the code. The reason I specify that I think end users should test in our scenario is due to the fact that we don't have business analysts, we just have programmers. I come from a background where BAs took care of all the testing once programmers checked off it was ready to go live. We do have a staging environment in place that is a clone of the live environment that we use to ensure that we don't have issues between development and live environments this does catch some bugs. We don't do end user testing really at all, I should say we don't really have anyone testing our code except programmers, which I think gets us into this mess (Ideally, we would have BAs or QA or professional testers test). We don't have a QA team or anything of that nature. We don't have test cases for our projects that are fully laid out. Ok, I am just a peon programmer at the bottom of the rung, but I am probably more tired of these issues than the managers complaining about them. So, I don't have the ability to tell them you are doing it all wrong.....I have tried gentle pushes in the correct direction. Any advice or suggestions on how to alleviate this issue is greatly appreciated. Thanks.

    Read the article

  • Why am I not getting an sRGB default framebuffer?

    - by Aaron Rotenberg
    I'm trying to make my OpenGL Haskell program gamma correct by making appropriate use of sRGB framebuffers and textures, but I'm running into issues making the default framebuffer sRGB. Consider the following Haskell program, compiled for 32-bit Windows using GHC and linked against 32-bit freeglut: import Foreign.Marshal.Alloc(alloca) import Foreign.Ptr(Ptr) import Foreign.Storable(Storable, peek) import Graphics.Rendering.OpenGL.Raw import qualified Graphics.UI.GLUT as GLUT import Graphics.UI.GLUT(($=)) main :: IO () main = do (_progName, _args) <- GLUT.getArgsAndInitialize GLUT.initialDisplayMode $= [GLUT.SRGBMode] _window <- GLUT.createWindow "sRGB Test" -- To prove that I actually have freeglut working correctly. -- This will fail at runtime under classic GLUT. GLUT.closeCallback $= Just (return ()) glEnable gl_FRAMEBUFFER_SRGB colorEncoding <- allocaOut $ glGetFramebufferAttachmentParameteriv gl_FRAMEBUFFER gl_FRONT_LEFT gl_FRAMEBUFFER_ATTACHMENT_COLOR_ENCODING print colorEncoding allocaOut :: Storable a => (Ptr a -> IO b) -> IO a allocaOut f = alloca $ \ptr -> do f ptr peek ptr On my desktop (Windows 8 64-bit with a GeForce GTX 760 graphics card) this program outputs 9729, a.k.a. gl_LINEAR, indicating that the default framebuffer is using linear color space, even though I explicitly requested an sRGB window. This is reflected in the rendering results of the actual program I'm trying to write - everything looks washed out because my linear color values aren't being converted to sRGB before being written to the framebuffer. On the other hand, on my laptop (Windows 7 64-bit with an Intel graphics chip), the program prints 0 (huh?) and I get an sRGB default framebuffer by default whether I request one or not! And on both machines, if I manually create a non-default framebuffer bound to an sRGB texture, the program correctly prints 35904, a.k.a. gl_SRGB. Why am I getting different results on different hardware? Am I doing something wrong? How can I get an sRGB framebuffer consistently on all hardware and target OSes?

    Read the article

  • Kiosk Mode Coding in Chromium

    - by Aaron
    I don't know how easy this would be, since I don't know anything about it, but I need an Ubuntu setup where the machine boots up, displays the login for a few seconds allowing a chance to log in as an admin, and then precedes to automatically log in to a user account which directly opens Chromium (any other browser is acceptable) in a kiosk mode where only the web content is visible, all Chromium keyboard shortcuts are disabled, and all but a select few websites are blocked, redirecting back to the home page after an "Unauthorized web page" warning comes up if the URL constraint is violated. Is it possible to code a kiosk setup like this, or am I asking for too much? If I'm simply uninformed, and there is already much documentation on anything like this, please redirect me to an appropriate page. If you can code or set up something like my description, please reply with step-by-step instructions, and instructions on how to modify the elements of the kiosk mode. Thank you in advance for any help. (Note: I'm currently using Ubuntu 10.04, but any distribution would work.)

    Read the article

  • How to install drivers for NVIDIA GeForce FX 5200 on Precise

    - by Aaron Simmons
    Ok, I'm a total Linux noob. I was able to install 12.4 without issue, except that it says in the system settings that the graphics card/driver is "unknown". I have NVIDIA GeForce FX 5200, and have not been able to get it installed. I've found the driver at NVIDIA but couldn't figure out how to actually install it. I found instructions that used apt-get to automatically find the current driver and install it, and that came close. At least then it showed up in the 3rd party drivers list. It said it was installed but not being used? And I was unable to find out why that might be, or how to get the system to use it Two questions: 1. CAN/SHOULD my graphics card work with 12.4? 2. If so, HOW? I'm running a 100% fresh install, so what's the step-by-step from there?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >