Search Results

Search found 4840 results on 194 pages for 'aquitted mind'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 119/194 | < Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >

  • Reinventing the Paged IEnumerable, Weigert Style!

    - by adweigert
    I am pretty sure someone else has done this, I've seen variations as PagedList<T>, but this is my style of a paged IEnumerable collection. I just store a reference to the collection and generate the paged data when the enumerator is needed, so you could technically add to a list that I'm referencing and the properties and results would be adjusted accordingly. I don't mind reinventing the wheel when I can add some of my own personal flare ... // Extension method for easy use public static PagedEnumerable AsPaged(this IEnumerable collection, int currentPage = 1, int pageSize = 0) { Contract.Requires(collection != null); Contract.Assume(currentPage >= 1); Contract.Assume(pageSize >= 0); return new PagedEnumerable(collection, currentPage, pageSize); } public class PagedEnumerable : IEnumerable { public PagedEnumerable(IEnumerable collection, int currentPage = 1, int pageSize = 0) { Contract.Requires(collection != null); Contract.Assume(currentPage >= 1); Contract.Assume(pageSize >= 0); this.collection = collection; this.PageSize = pageSize; this.CurrentPage = currentPage; } IEnumerable collection; int currentPage; public int CurrentPage { get { if (this.currentPage > this.TotalPages) { return this.TotalPages; } return this.currentPage; } set { if (value < 1) { this.currentPage = 1; } else if (value > this.TotalPages) { this.currentPage = this.TotalPages; } else { this.currentPage = value; } } } int pageSize; public int PageSize { get { if (this.pageSize == 0) { return this.collection.Count(); } return this.pageSize; } set { this.pageSize = (value < 0) ? 0 : value; } } public int TotalPages { get { return (int)Math.Ceiling(this.collection.Count() / (double)this.PageSize); } } public IEnumerator GetEnumerator() { var pageSize = this.PageSize; var currentPage = this.CurrentPage; var startCount = (currentPage - 1) * pageSize; return this.collection.Skip(startCount).Take(pageSize).GetEnumerator(); } IEnumerator IEnumerable.GetEnumerator() { return this.GetEnumerator(); } }

    Read the article

  • Difference between EJB Persist & Merge operation

    - by shantala.sankeshwar
    This article gives the difference between EJB Persist & Merge operations with scenarios.Use Case Description Users working on EJB persist & merge operations often have this question in mind " When merge can create new entity as well as modify existing entity,then why do we have 2 separate operations - persist & merge?" The reason is very simple.If we use merge operation to create new entity & if the entity exists then it does not throw any exception,but persist throws exception if the entity already exists.Merge should be used to modify the existing entity.The sql statement that gets executed on persist operation is insert statement.But in case of merge first select statement gets executed & then update sql statement gets executed.Scenario 1: Persist operation to create new Emp recordLet us suppose that we have a Java EE Web Application created with Entities from Emp table & have created session bean with data control. Drop Emp Object(Expand SessionEJBLocal->Constructors under Data Controls) as ADF Parameter form in jspx pageDrop persistEmp(Emp) as ADF CommandButton & provide #{bindings.EmpIterator.currentRow.dataProvider} as the value for emp parameter.Then run this page & provide values for Emp,click on 'persistEmp' button.New Emp record gets created.So when we execute persist operation only insert sql statement gets executed :INSERT INTO EMP (EMPNO, COMM, HIREDATE, ENAME, JOB, DEPTNO, SAL, MGR) VALUES (?, ?, ?, ?, ?, ?, ?, ?)    bind => [2, null, null, e2, null, 10, null, null]Scenario 2: Merge operation to modify existing Emp recordLet us suppose that we have a Java EE Web Application created with Entities from Emp table & have created session bean with data control.Drop empFindAll() Object as ADF form on jspx page.Drop mergeEmp(Emp) operation as commandButton & provide #{bindings.EmpIterator.currentRow.dataProvider} as the value for emp parameter.Then run this page & modify values for Emp record,click on 'mergeEmp' button.The respective Emp record gets modified.So when we execute merge operation select & update sql statements gets executed :SELECT EMPNO, COMM, HIREDATE, ENAME, JOB, DEPTNO, SAL, MGR FROM EMP WHERE (EMPNO = ?) bind => [7566]UPDATE EMP SET ENAME = ? WHERE (EMPNO = ?) bind => [KINGS, 7839]

    Read the article

  • Is Java viable for serious game development?

    - by tehtros
    Ever since I was a little kid, my dream has been to develop games. Well, now that I am older, more mature, and have some programming experience, I would like to start. However, I would like to turn this into a career. The problem, is that my language of choice is Java. Now, I am not intending this to be a Java vs. C++ question, but rather, is Java an acceptable language for serious game development, instead of lower level languages like C++. By serious, I mean high quality graphics, and being able to play a game with said high quality graphics, without much lag on decent computers. Also, eventually, possible making it to consoles. I have scoured the internet, but there are not very many resources for Java game development, not nearly as many as C++. In fact, most engines are written in C++. Once, I tried to play a made with jMonkeyEngine. The game was terribly slow, to the point where my computer froze. I had no other Java applications running and nothing too resource intensive. Keep in mind, that my computer can play most modern 3D games with ease. So, I am really serious about game development, is Java still a viable choice? I have tried multiple times to learn C++, but I don't really like the language. I don't really know why, but usually, whenever I try to learn, I can never grasp the topics. Also, my most of my friends know Java, and one is even anti-C++, saying that no one knows how to use it right. Then, he goes to say that "there is no right way to use C++, that it can not be used correctly. The nature of the language prevents good code." Also, if I continue to learn and improve Java now, and it turns out that later I am required to learn C++, will making the switch be difficult? So, in short, can Java be taken serious, for serious game development. This includes heavy graphics, fast game play without lag, and possibly, and easy switch to consoles?

    Read the article

  • Somewhere to get inspiration - Pair up the creative with the tech

    - by Morten Bergfall
    I am a somewhat green developer; some work experience, last year of school. As most of you, I am constantly working on an assortment of personal projects. Since my mind often has a somewhat drifting characteristic; I am not always able to keep the projects in check. After some time they all exhibit the moral fiber of Vikings, harlots and chain-letter-knitters. This includes constant forking, round-abouting, eating of school assignments of rather mundane, and hence pretty yawn-inducing, specifications, and of course quite a bit of gathering of folder dust. Well, on to my question....is there a place, forum... or something with the purpose of linking people with ideas to the people actually being able to bring said ideas to life? Of course, I know of the professional ones, like rent-a-coder and such. And there seem to be a lot of open source projects available for participation. What I'm looking for doesn't really fit into any of those categories....the form would be somewhat like rent-a-coder, but this is ideas&inspiration, not bubble-sort-my-quarterly-for-a-buck. The possibilities for developing bonds, spicy code, and plain old fun seem quite possible.As I see it, the main benefit would be that we (that is the tech-flipside of the proverbial eCoin) get something worthwhile to do, rather than squeeze the last creative grain out of our code-heavy brains.To give it some perspective...: My last project consists of an absurd jQuery-plugin that includes animated png-robots migrating from Google Earth to drag a html-element of your choosing onto the map, where it gets color, for so to be dragged back by this poorly animated robot.... Often, the line between the creative and the tech is blurred, to say the least. I wouldn't think that would be a problem. Think someone who has developed a nifty little windows application, then sees possibility for a broader use, perhaps some sort of networking functionality. This fellow sadly lacks the skill to implememet this. So he, she or it would then seek a developer with the know-how and they could complete this project together. So, do any of you know of such a place, or can nudge in the right direction? And yes, I understand completely that I should be dedicating myself to doing school work, or applying for mundane developer positions, so please.... :-) UPDATE Sadly, I'm situated in Oslo, Norway, and the number of developers are somewhat limited...and I have had quite some ahem personality issues with the ones who are available ;-) So I feel I must go deeper; search the multitude of the web...

    Read the article

  • Win7 is not a tablet OS, no matter what the boys in Redmond think.

    - by John Conwell
    Despite what execs at Microsoft think, Windows 7 is NOT a tablet OS.  Just because you can install some software (or OS) on a device, doesn't mean that device is meant to run that software.  This seems to be the step that the non-engineer execs at Microsoft have seem to not understood.  In order to seamlessly work with a device, the software needs to be designed with that device in mind.  That has been the problem with the Windows PDA platform, the Windows Mobil platform, and now with trying to force fit Windows 7 on a tablet.  Its just not designed for that style of interaction.   Windows is designed to be interacted with via a mouse and keyboard.  In fact, it is brilliant at that.  But, It is NOT designed to be interacted with by your fingers.  And that is why the Windows tablet failed 10 years ago, and why it will fail today.  Its not the hardware's fault like Microsoft claimed 10 years ago.  Its the User Interaction design that failed. And this is why the iPhone and Android OS's work wonderfully on a tablet.  The user interaction was designed for small screens, navigated by big fat fingers.  I love these OS's and how I interact with them.  And when I play with a touch screen Windows 7 device, I am feel like I'm playing with a brittle wana-be.  And its not the hardware's fault.  The touchscreen is very responsive.  I actually like the hardware.  But the OS and the software are just not designed to be interacted with, with my big fat fingers.  In order to be successful, Microsoft needs to start from scratch, and build a platform AND SOFTWARE specifically for use by fingers.  Thats why everyone was so excited when they though Microsoft was going to release the Courier tablet.  Because it looked like a totally different platform.  Something that might actually work.  But Windows 7...I hate to burst your bubble, but you are not a touch platform.

    Read the article

  • Friday Fun: Snowball

    - by Asian Angel
    It is Christmas Eve and hopefully you are enjoying the start of an early weekend away from work. This week we have a snowball throwing game for you to try out, so bundle up and get ready to let those snowballs fly! Snowball The object of the game is to use your snowball ammo to harass the drunk businessman and send him flying along distance-wise as far as you can. Simply use your mouse to aim and click the left button to throw snowballs. You can monitor your stats on the silver bar towards the top of the window. The sound can also be disabled if the music is bothering you, but keep in mind that all sound will be disabled if you use the option. Time to get those snowballs flying through the air!! Keep hitting the businessman with your snowballs as you chase after him. Make certain that your aim is good or you will quickly run out of snowballs! You can really get him moving along at a good rate and he can even go high enough in the air to disappear off the screen for a few moments. There is a also chance that your aim will be so wicked with the snowballs that you will literally knock the drunk businessman’s head off! Weird but possible… The game ends when one of these two events occur: 1.) you run out of snowballs or 2.) the businessman literally bounces back at and then drops behind you as seen in the screenshot here. The moment either happens your score will pop up and then you have the opportunity to try again. Have fun! Note: The bounce back event can happen when encountering cars. Play Snowball Latest Features How-To Geek ETC How to Use the Avira Rescue CD to Clean Your Infected PC The Complete List of iPad Tips, Tricks, and Tutorials Is Your Desktop Printer More Expensive Than Printing Services? 20 OS X Keyboard Shortcuts You Might Not Know HTG Explains: Which Linux File System Should You Choose? HTG Explains: Why Does Photo Paper Improve Print Quality? An Alternate Star Wars Christmas Special [Video] Sunset in a Tropical Paradise Wallpaper Natural Wood Grain Icons for Your Desktop and App Launcher Docks My Blackberry Is Not Working! The Apple Too?! [Funny Video] Hidden Tracks Your Stolen Mac; Free Until End of January Why the Other Checkout Line Always Moves Faster

    Read the article

  • New hidden parameters in Oracle 11.2

    - by Mike Dietrich
    We really welcome every external review of our slides. And also recommendations from customers visiting our workshops. So it happened to me more than a week ago that Marco Patzwahl, the owner of MuniqSoft GmbH, had a very lengthy train ride in Germany (as the engine drivers go on strike this week it could have become even worse) and nothing better to do then reviewing our slide set. And he had plenty of recommendations. Besides that he pointed us to something at least I was not aware of and added it to the slides: In patch set 11.2.0.2 a new behaviour for datafile write errors has been implemented. With this release ANY write error to a datafile will cause the instance to abort. Before 11.2.0.2 those errors usually led to an offline datafile if the database operates in archivelog mode (your production database do, don’t they?!) and the datafile does not belong to the SYSTEM tablespace. Internal discussion found this behaviour not up-to-date and alligned with RAC systems and modern storages. Therefore it has been changed and a new underscore parameter got introduced. _DATAFILE_WRITE_ERRORS_CRASH_INSTANCE=TRUE This is the default setting´and the new behaviour beginning with Oracle 11.2.0.2 If you would like to revert to the pre-11.2.0.2 behaviour you’ll have to set in your init.ora/spfile this parameter to false. But keep in mind that there’s a reason why this has been changed. You’ll find more info in MOS Note: 7691270.8 and this topic in the current version of the slides on slide 255. Thanks to Marco for the review!!   And then I received an email from Kurt Van Meerbeeck today. Kurt is pretty well known in the Oracle community. And he’s the owner of jDUL/DUDE, a database unloading tool which bypasses the Oracle database engine and access data direclty from the blocks. Kurt visited the upgrade workshop two weeks ago in Belgium and did highlight to me that since Oracle 11.2.0.1 even though you haven’t set neither SGA_TARGET nor MEMORY_TARGET the database might still do resize operations. Reason why this behaviour has been changed: Prevention of ORA-4031 errors. But on databases with extremly high loads this can cause trouble. Further information can be found in MOS Note:1269139.1 . And the parameter set to TRUE by default is called _MEMORY_IMM_MODE_WITHOUT_AUTOSGA=TRUE This can be found now in the slide set as well on slide number 240. And thanks to Kurt for this information!!

    Read the article

  • SQL SERVER – Storing 64-bit Unsigned Integer Value in Database

    - by Pinal Dave
    Here is a very interesting question I received in an email just another day. Some questions just are so good that it makes me wonder how come I have not faced it first hand. Anyway here is the question - “Pinal, I am migrating my database from MySQL to SQL Server and I have faced unique situation. I have been using Unsigned 64-bit integer in MySQL but when I try to migrate that column to SQL Server, I am facing an issue as there is no datatype which I find appropriate for my column. It is now too late to change the datatype and I need immediate solution. One chain of thought was to change the data type of the column from Unsigned 64-bit (BIGINT) to VARCHAR(n) but that will just change the data type for me such that I will face quite a lot of performance related issues in future. In SQL Server we also have the BIGINT data type but that is Signed 64-bit datatype. BIGINT datatype in SQL Server have range of -2^63 (-9,223,372,036,854,775,808) to 2^63-1 (9,223,372,036,854,775,807). However, my digit is much larger than this number. Is there anyway, I can store my big 64-bit Unsigned Integer without loosing much of the performance of by converting it to VARCHAR.” Very interesting question, for the sake of the argument, we can ask user that there should be no need of such a big number or if you are taking about identity column I really doubt that if your table will grow beyond this table. Here the real question which I found interesting was how to store 64-bit unsigned integer value in SQL Server without converting it to String data type. After thinking a bit, I found a fairly simple answer. I can use NUMERIC data type. I can use NUMERIC(20) datatype for 64-bit unsigned integer value, NUMERIC(10) datatype for 32-bit unsigned integer value and NUMERIC(5) datatype for 16-bit unsigned integer value. Numeric datatype supports 38 maximum of 38 precision. Now here is another thing to keep in mind. Using NUMERIC datatype will indeed accept the 64-bit unsigned integer but in future if you try to enter negative value, it will also allow the same. Hence, you will need to put any additional constraint over column to only accept positive integer there. Here is another big concern, SQL Server will store the number as numeric and will treat that as a positive integer for all the practical purpose. You will have to write in your application logic to interpret that as a 64-bit Unsigned Integer. On another side if you are using unsigned integers in your application, there are good chance that you already have logic taking care of the same. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology Tagged: SQL Datatype

    Read the article

  • Split Internet Explorer into Dual-Panes

    - by Asian Angel
    If you have a wide screen monitor then you may want to make better use of Internet Explorer’s browser window area. Now you can split the browser window into dual-panes as needed with the IE Split browser plugin. Note: Requires .NET Framework 2.0 or higher (link provided below). IE Split in Action If you are using an older version of this software here is something to keep in mind before upgrading to the 2.0 release. Once you have installed IE Split you will notice a new toolbar added to your browser. As seen here, you can condense it down tightly and access it using the drop-down bar. A closer look at the drop-down bar. Notice the address bar…this will be for the left pane when you split the browser window. Here is our browser split into dual-panes. There are two address bars and two tab/title bars each corresponding to their appropriate pane. It may look slightly backwards at first but is not hard to get used to. A better view of the left pane with the IE Split navigation & title bars showing. Note: The title bar can be hidden if desired. And the right pane. You can also have multiple “split” tabs open if needed. There is nothing quite like getting double the value for the same amount of space. When you no longer need dual-panes open just click on the “x” to close IE Split down. All back to normal again. Conclusion While might not be for everyone this can still be useful for those who need side-by-side access to websites without using multiple separate windows. Links Download IE-Split Download the Microsoft .NET Framework 4 (Standalone Installer) Similar Articles Productive Geek Tips Set Up Multi-Pane Viewing in FirefoxWhy Can’t I Turn the Details/Preview Panes On or Off in Windows Vista Explorer?Split a text file in half (or any percentage) on Ubuntu LinuxMysticgeek Blog: A Look at Internet Explorer 8 Beta 1 on Windows XPMake Ctrl+Tab in Internet Explorer 7 Use Most Recent Order TouchFreeze Alternative in AutoHotkey The Icy Undertow Desktop Windows Home Server – Backup to LAN The Clear & Clean Desktop Use This Bookmarklet to Easily Get Albums Use AutoHotkey to Assign a Hotkey to a Specific Window Latest Software Reviews Tinyhacker Random Tips Xobni Plus for Outlook All My Movies 5.9 CloudBerry Online Backup 1.5 for Windows Home Server Snagit 10 Filevo is a Cool File Hosting & Sharing Site Get a free copy of WinUtilities Pro 2010 World Cup Schedule Boot Snooze – Reboot and then Standby or Hibernate Customize Everything Related to Dates, Times, Currency and Measurement in Windows 7 Google Earth replacement Icon (Icons we like)

    Read the article

  • A big flat text file or a HTML site for language documentation?

    - by Bad Sector
    A project of mine is a small embeddable Tcl-like scripting language, LIL. While i'm mostly making it for my own use, i think it is interesting enough for others to use, so i want it to have a nice (but not very "wordy") documentation. So far i'm using a single flat readme.txt file. It explains the language's syntax, features, standard functions, how to use the C API, etc. Also it is easy to scan and read in almost every environment out there, from basic text-only terminals to full-fledged high-end graphical desktop environments. However, while i tried to keep things nicely formatted (as much as this is possible in plain text), i still think that being a big (and growing) wall of text, it isn't as easy on the eyes as it could be. Also i feel that sometimes i'm not writing as much as i want in order to avoid expanding the text too much. So i thought i could use another project of mine, QuHelp, which is basically a help site generator for sites like this one with a sidebar that provides a tree of topics/subtopics and offline full text search. With this i can use HTML to format the documentation and if i use QuHelp for some other project that uses LIL, i can import LIL's documentation as part of the other project's documentation. However converting the existing documentation to QuHelp/HTML isn't a small task, especially when it comes to functions (i'll need to put more detail on them than what currently exists in the readme.txt file). Also it loses the wide range of availability that it currently has (even if QuHelp's generated code degrades gracefully down to console-only web browsers, plain text is readable from everywhere, including from popular editors such as Vim and Emacs - i had someone once telling me that he likes LIL's documentation because it is readable without leaving his editor). So, my question is simply this: should i keep the documentation as it is now in the form of a single readme.txt file or should i convert it to something like the site i mentioned above? There is also the option to do both, but i'm not sure if i'll be able to always keep them in sync or if it is worth the effort. After asking around in IRC i've got mixed answers: some liked the wide availability of the single text file, others said that it is looks as bad as a man page (personally i don't mind that - i can read man pages just fine - but other people might have issues reading them). What do you think?

    Read the article

  • Is there a language or design pattern that allows the *removal* of object behavior or properties in a class hierarchy?

    - by Sebastien Diot
    A well-know shortcoming of traditional class hierarchies is that they are bad when it comes to model the real world. As an example, trying to represent animals species with classes. There are actually several problems when doing that, but one that I never saw a solution to is when a sub-class "looses" a behavior or properties that was defined in a super-class, like a penguin not being able to fly (there are probably better examples, but that's the first one that comes to my mind, having seen "Madagascar 2" recently). On the one hand, you don't want to define for every property and behavior some flag that specifies if it is at all present, and check it every time before accessing that behavior or property. You would just like to say that birds can fly, simply and clearly, in the Bird class. But then it would be nice if one could define "exceptions" afterward, without having to use some horrible hacks everywhere. This often happens when a system has been productive for a while. You suddenly find an "exception" that doesn't fit in the original design at all, and you don't want to change a large portion of your code to accommodate it. So, is there some language or design patterns that can cleanly handle this problem, without requiring major changes to the "super-class", and all the code that uses it? Even if a solution only handle a specific case, several solutions might together form a complete strategy. [EDIT] Forgot about the Liskov Substitution Principle. That is why you can't do it. Assuming you define "traits/interfaces" for all major "feature groups", you can freely implement traits in different branches of the hierarchy, like the Flying trait could be implemented by Birds, and some special kind of squirrels and fish. So my question could amount to "How could I un-implement a trait?" If your super-class is a Java Serializable, you have to be one too, even if there is no way for you to serialize your state, for example if you contained a "Socket". So one way to do it is to always define all your traits in pair from the start: Flying and NotFlying (which would throw UnsupportedOperationExceiption, if not checked against). The Not-trait would not define any new interface, and could be simply checked for. Sounds like a "cheap" solution, in particular if used from the start.

    Read the article

  • Access-based Enumeration (December 04, 2009)

    - by user12612012
    Access-based Enumeration (ABE) is another recent addition to the Solaris CIFS Service - delivered into snv_124.  Designed to be compatible with Windows ABE, which was introduced in Windows Server 2003 SP1, this feature filters directory content based on the user browsing the directory.  Each user can only see the files and directories to which they have access.  This can be useful to implement an out-of-sight, out-of-mind policy or simply to reduce the number of files presented to each user - to make it easier to find files in directories containing a large number of files. ABE is managed on a per share basis by a new boolean share property called, as you might imagine, abe, which is described insharemgr(1M).  When set to true, ABE filtering is enabled on the share and directory entries to which the user has no access will be omitted from directory listings returned to the client.  When set to false or not defined, ABE filtering will not be performed on the share.  The abe property is not defined by default.Administration is straightforward, for example: # zfs sharesmb=abe=true,name=jane tank/home/jane# sharemgr show -vp    zfs       zfs/tank/home/jane nfs=() smb=()          jane=/export/home/jane     smb=(abe="true") ABE is also supported via sharemgr(1M) and on smbautohome(4) shares. Note that even though a file is visible in a share, with ABE enabled, it doesn't automatically mean that the user will always be able to open the file.  If a user has read attribute access to a file ABE will show the it but access will be denied if this user tries to open the file for reading or writing. We considered supporting ABE on NFS shares, as suggested by the name of PSARC/2009/375, but we ran into problems due to NFS client readdir caching.  NFS clients maintain a common directory entry cache for all users, which not only defeats the intent of ABE but can lead to very confusing results.  If multiple users are looking at the content of a directory with ABE enabled, the entries that get cached will depend on who looks at the directory first.  Subsequent users may see files that ABE on the server would have filtered out or files may be missing because they were filtered out for the original user. Although this issue can be resolved by disabling the NFS client readdir cache, this was deemed to be an unsuitable solution because it would create a dependency between a server share property and the configuration on all NFS clients, and there was the potential for differences in behavior across the various NFS clients.  It just seemed to add unnecessary administration complexity so we pulled it out. References for more information PSARC/2009/246 ZFS support for Access Based Enumeration PSARC/2009/375 ABE share property for NFS and SMB 6802734 Support for Access Based Enumeration 6802736 SMB share support for Access Based Enumeration Windows Access-based Enumeration

    Read the article

  • Archbeat Link-O-Rama Top 10 Facebook Faves - June 16-22, 2013

    - by Bob Rhubart
    2,819 people now follow OTN ArchBeat on Facebook. These are the Top 10 most popular items shared there for the week of June 16-22, 2013. Getting started with Java EE 7: Hands-on in 10 minutes | Lucas Jellema Oracle ACE Director and prolific blogger Lucas Jellema offers his take on the Java EE7 release and shares tips and resources to help you on your way. Not ‘how’ but ‘why’ should you upgrade to JDeveloper & ADF 11.1.1.7.0 | Chris Muir Oracle ACE Director Tim Hall and Oracle ADF Product Manager Chris Muir collaborated on this dialog that just might help you in your decision. OTN Architect Day: Cloud Computing - July 9, Redwood Shores, CA You won't need 3D glasses to see the technical sessions at OTN Architect Day: Cloud Computing, July 9, 2013. Redwood Shores, CA. It's free! It's live! Register now! Video: Frédéric Desbiens: Bringing Java to On-Device iOS and Android Apps (QCon NYC 2013) Oracle Application Development Tools product manager Frédéric Desbiens recaps his QCon New York presentation about how Java developers can leverage existing skills to develop enterprise mobile applications. OEPE 12.1.1.2.2 with GlassFish Tools released | Peter Benedikovic Peter Benedikovic's brief post offers an overview of some of the features in the new version of Oracle Enterprise Pack for Eclipse, released in conjunction with the release of Java EE 7. Oracle Enterprise Manager 12c Configuration Best Practices (Part 2 of 3) | Bethany Lapaglia Part 2 of Beth Lapaglia's 3-part series on the most commonly implemented configuration changes to improve performance and operation of a large Enterprise Manager 12c environment focuses on recommended WebLogic Server changes. Video: Doug Clarke: Polyglot Persistence: From NoSQL to HTML5 (QCon NYC 2013) Doug Clarke, EclipseLink Project Lead and Oracle Director of Product Management gives a very condensed version of his QCon New York presentation on "Polyglot Persistence: From NoSQL to HTML5." Podcast Show Notes: DevOps, Cloud, and Role Creep - Part 2 Automation and innovation had a huge impact on the manufacturing jobs of years gone by. Is something similar happening to some IT jobs? Oracle ACE Directors Ron Batra, Basheer Khan, and Cary Millsap discuss what's happening in part 2 of this 3-part podcast. Video: Reza Rahman: Building Java HTML5/WebSocket Applications with JSR 356 (QCon NYC 2013) Java EE/GlassFish evangelist Reza Rahman talks about how WebSocket provides "the basis for a new generation of interactive and live Web applications" for mobile developers. Lessons from Fusion HCM Implementations | Tim Warner Oracle ACE Tim Warner shares summaries of the Fusion HCM implementation experiences of several companies, as detailed in presentations at the 2013 Oracle HCM Users Group Conference. Thought for the Day "If the mind really is the finest computer, then there are a lot of people out there who need to be rebooted." — Tim Bryce Source: softwarequotes.com

    Read the article

  • Commit Review Questions

    - by Wes McClure
    Note: in this article when I refer to a commit, I mean the commit you plan to share with the rest of the team, if you have local commits that you plan to amend/combine, I am referring to the final result. In time you will find these easier to do as you develop, however, all of these are valuable before checking in!  The pre commit review is a nice time to polish what might have been several hours of intense work, during which these things were the last things on your mind!  If you are concerned about losing your work in the process of responding to these questions, first do a check-in and amend it as you go (assuming you are using a tool such as git that supports this), rolling the result into one nice commit for everyone else.  Did you review your commit, change by change, with a diff utility? If not, this is a list of reasons why you might want to start! Did you test your changes? If the test is valuable to be automated, is it? If it’s a manual testing scenario, did you at least try the basics manually? Are the additions/changes formatted consistently with the rest of the project? Lots of automated tools can help here, don’t try to manually format the code, that’s a waste of time and as a human you will fail repeatedly. Are these consistent: tabs versus spaces, indentation, spacing, braces, line breaks, etc Resharper is a great example of a tool that can automate this for you (.net) Are naming conventions respected? Did you accidently use abbreviations, unless you have a good reason to use them? Does capitalization match the conventions in the project/language? Are files partitioned? Sometimes we add new code in existing files in a pinch, it’s a good idea to split these out if they don’t belong ie: are new classes defined in new files, if this is something your project values? Is there commented out code? If you are removing an existing feature, get rid of it, that is why we have VCS If it’s not done yet, then why are you checking it in? Perhaps a stash commit (git)? Did you leave debug or unnecessary changes? Do you understand all of the changes? http://geekswithblogs.net/wesm/archive/2012/04/11/programming-doesnrsquot-have-to-be-magic.aspx Are there spelling mistakes? Including your commit message! Is your commit message concise? Is there follow up work? Are there tasks you didn’t write down that you need to follow up with? Are readability or reorganization changes needed? This might be amended into the final commit, or it might be future work that needs added to the backlog. Are there other things your team values that you should review?

    Read the article

  • Composite-like pattern and SRP violation

    - by jimmy_keen
    Recently I've noticed myself implementing pattern similar to the one described below. Starting with interface: public interface IUserProvider { User GetUser(UserData data); } GetUser method's pure job is to somehow return user (that would be an operation speaking in composite terms). There might be many implementations of IUserProvider, which all do the same thing - return user basing on input data. It doesn't really matter, as they are only leaves in composite terms and that's fairly simple. Now, my leaves are used by one own them all composite class, which at the moment follows this implementation: public interface IUserProviderComposite : IUserProvider { void RegisterProvider(Predicate<UserData> predicate, IUserProvider provider); } public class UserProviderComposite : IUserProviderComposite { public User GetUser(SomeUserData data) ... public void RegisterProvider(Predicate<UserData> predicate, IUserProvider provider) ... } Idea behind UserProviderComposite is simple. You register providers, and this class acts as a reusable entry-point. When calling GetUser, it will use whatever registered provider matches predicate for requested user data (if that helps, it stores key-value map of predicates and providers internally). Now, what confuses me is whether RegisterProvider method (brings to mind composite's add operation) should be a part of that class. It kind of expands its responsibilities from providing user to also managing providers collection. As far as my understanding goes, this violates Single Responsibility Principle... or am I wrong here? I thought about extracting register part into separate entity and inject it to the composite. As long as it looks decent on paper (in terms of SRP), it feels bit awkward because: I would be essentially injecting Dictionary (or other key-value map) ...or silly wrapper around it, doing nothing more than adding entires This won't be following composite anymore (as add won't be part of composite) What exactly is the presented pattern called? Composite felt natural to compare it with, but I realize it's not exactly the one however nothing else rings any bells. Which approach would you take - stick with SRP or stick with "composite"/pattern? Or is the design here flawed and given the problem this can be done in a better way?

    Read the article

  • Why wearing Jeans is considered unprofessional?

    - by Gopinath
    When I started my career 9 years ago I use to wear casual wear to office – Jeans & T-Shirts all the 5 days. The environment at workplace during those days encouraged me to be casual and many of my colleagues use to come in Jeans. We just started our career those days it was perfectly fine to be in casual. As I grow up in the ladder, I started feeling the discomfort of wearing Jeans at work. During clients visits, senior managers meetings and consultations I was an odd man in the crowd as the rest of them are in formals. In order to be one among the professionals I’m forced change my dressing style and start wearing formals. But  the question of “Why wearing jeans to workplace is considered as unprofessional?” use in linger in my mind till today. I got the answer to my question from a discussion thread on Quora When they were invented, jeans were associated with blue-collar work. They were meant to get muddy and gross and take lots of abuse without falling apart, even if you wore the same pair every day. The people who bought them were the ones whose lives required durable clothing. And another commenter says… A professional image is critical to cementing business relationships, and part of that is, for right or wrong, how you dress. Jeans are typically associated with "kicking back", relaxation, leisure, informality,  and even a slightly rebellious flavor. The style and condition of the jeans are a consideration, as we often wear jeans into advanced states of being worn down, with tearing, etc.. that we generally do not do with other clothing items. I agree with this theory even though it may be centuries old. If you want to look like a professional and treated like a professional it’s better to be dress up in formals. These days I make a point to be in formals at workplace. Not everyone is Steve Jobs to wear a Jean & Turtle Neck T-shirt  right? CC Image credit flickr/exey

    Read the article

  • What do you think of the EntLib 5.0 configuration tool?

    Hello again! Its been a while, I know. Ive been busy over the last few months with several projects, some of them software related, and one of them human my son Jesse was born on 26 February 2010. Fun times! Meanwhile, back in Redmond, the p&p team has been busy working on Enterprise Library 5.0 see Grigoris announcement for details on the beta. Theres a ton of new stuff in this release, but theres one big new feature that hasnt received a lot of attention that Im keen to hear your perspectives on. The change is the biggest overhaul to the configuration tool since Enterprise Library was launched. If you havent yet grabbed the EntLib 5.0 beta, heres a before and after shot of the config tool: Enterprise Library 4.1 config tool Enterprise Library 5.0 (beta 1) config tool The tool has been rebuilt from the ground up in response to some feedback and usability studies from the previous version of the tool. But is this a step in the right direction? Id love to hear what you think. If youve downloaded EntLib 5.0 and tried out the tool, please share your thoughts on: First impressions. Is the tool easy to understand? Easy to find what youre looking for? Easy to read existing configuration? Pretty? Ease of use for real life tasks. Rather than make up your own tasks, here are a few sample scenarios you might want to try: Configure the data access block with a SQL Server connection called Audit that points to a database called Audit on a server called DB Configure the logging block so that any log entries in the Audit category are written to both the Event Log and the Audit database (see above) Configure the validation block with a ruleset called Email Address that uses an appropriate regular expression for e-mail addresses Configure the policy injection block such that any calls to classes in the MyCompany.Security namespace are logged before and after the call using the Audit category (see above) Comparison with the old config tool. What do you like better in the new tool? What did you like better in the old tool? How do you rate your level of expertise using the old tool? Keep in mind that I no longer work in the p&p team, so I cant say how any of this feedback will be used (although Im sure the team is listening!). However since Ive invested so much time in Enterprise Library, both in leading the team and using the product on real projects Im very interested to hear what you all think of the tools new direction.Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Oracle at ASMC PDI 2012

    - by jeffrey.waterman
    Recently, I had the pleasure of representing Oracle at the American Society of Military Comptrollers National Professional Development Institute (PDI).  The PDI is the premier training event for resource managers in the Department of Defense and US Coast Guard.  Each year they assemble top presenters and key note speakers to convey their experiences and share the upcoming goals and vision for the Defense Department's financial and resource management community.  This year, the common themes were centered around 'auditability' and 'efficiency'.   What is auditability?  There were many definitions/themes tossed around, but to summarize my notes, it boiled down to:- the proper tracking of funds- audit readiness- proper controls- proper documentation There were sessions regarding entire programs focused on the need for auditability.  For example, FIAR: Financial Improvement and Audit Readiness (http://comptroller.defense.gov/fiar/index.html)   The FIAR stresses the "...improve(ment of) the Department's financial processes, controls and information." The entire conference, one set of solutions kept popping into my head around, "how can Oracle's solutions assist the Department of Defense", or any other Federal Agency, improve their financial processes and controls?   One answer came to mind:  Oracle Governance, Risk, and Compliance Management. Commonly referred to as "GRC". Let me summarize the main components around Oracle's GRC solution: GRC Manager: This solution is the central repository for documenting business processes, policies, and established controls.  All identified risks and issues are documented within the repository as well as action plans necessary for mitigation. GRC Controls:  This solution consists of a set of tools which are embedded with your ERP (financial, human resource, supply chain, etc.) applications to detect, prevent, and/or enforce the policies and procedures established by your Agency.  Components of the solution include:- Application Access Control Governor: a robust tool for managing application roles and responsibilities; simplify segregation of duty maintenance- Configuration Controls Governor: complete audit trail for changes made to configurations- Transactions Control Governor: track violations of internal controls; alert management to suspicious activities; be warned when high dollar transactions are occurring on an irregular basis; - Preventative Controls Governor: prevent sensitive information from being viewed by unauthorized parties; enforce field, block, and form change control If you are in the financial or resource management community and are concerned about auditability within your organization I suggest you follow up this post by reading about Oracle's GRC solutions.  www.oracle.com/grc Please feel free to follow up with thought and questions in the comments section below.  Also, if you have a topic you would like addressed in this blog, just drop me a note at [email protected]  or leave the suggestion in the comment section as well. Thank you for reading.

    Read the article

  • GParted detects entire disk as UNALLOCATED SPACE + hd0 out of disk

    - by msPeachy
    Good day to everyone. I hope someone can help me with my problem. I have a dual boot Windows and Ubuntu system. I recently encountered an hd0 out of disk error and wasn't able to boot Ubuntu. So I booted into Windows. After 2 to 3 times of booting and rebooting Windows, I tried booting Ubuntu again but still I get the same hd0 out of disk error. I decided to run Ubuntu from LIVEUSB to try to fix my Ubuntu partition using GParted, but when I run GParted, it shows my entire disk as UNALLOCATED SPACE! The strange thing is that Nautilus still shows and mounts my partitions. Also every time I boot into Windows , my partitions exists and I am able to read and write to them. I have no idea what is wrong. Please help! I can't stand using Windows since most of the tools I use are in Ubuntu. I don't mind reinstalling Ubuntu. In fact I already tried reinstalling using the LIVEUSB but since GParted or the Ubuntu installer itself does not recognize my partitions and shows the entire disk as unallocated space, I decided not to continue. I am currently running Ubuntu from LIVEUSB. Here's the outpuf of sudo fdisk -l Disk /dev/sda: 320.1 GB, 320072933376 bytes 255 heads, 63 sectors/track, 38913 cylinders, total 625142448 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0xb30ab30a Device Boot Start End Blocks Id System /dev/sda1 * 2048 104869887 52433920 83 Linux /dev/sda2 104869888 105074687 102400 7 HPFS/NTFS/exFAT /dev/sda3 105074688 156149759 25537536 7 HPFS/NTFS/exFAT /dev/sda4 156151800 625153409 234500805 f W95 Ext'd (LBA) /dev/sda5 156151808 169156591 6502392 82 Linux swap / Solaris /dev/sda6 169158656 294991871 62916608 7 HPFS/NTFS/exFAT /dev/sda7 294993920 471037944 88022012+ 7 HPFS/NTFS/exFAT /dev/sda8 471041928 625121152 77039612+ 7 HPFS/NTFS/exFAT When I run, sudo parted -l, I got this error message: ubuntu@ubuntu:~$ sudo parted -l Error: Can't have a partition outside the disk! UPDATE I think I might know the problem. The total sectors of sda is 625142448 but the extended partition (sda4) ends at 625153409. Now, my question is, how do I fix this or modify the extended partition (sda4) to matched the total number of sectors? Anyone, please??? UPDATE I was able to fix the unallocated space issue with the help of Rod Smith's tool called fixparts I am now able to view my partitions via GParted in LiveUSB. But the error: hd0 out of disk. Press any key to continue... still persists on reboot. I still can't boot into Ubuntu. Can someone help me please???

    Read the article

  • Why do some user agents have spam urls in them?

    - by Erx_VB.NExT.Coder
    If you go to (say) the last 100 entries (visits) to the botsvsbrowsers.com website (exact link, feel free to take a look: http://www.botsvsbrowsers.com/recent/listings/index.html ), you'd notice that almost every User Agent that has the keywords "Opera" and "Presto" inside them, will almost certainly have a web link (URL/Web Address) inside it, and it won't just be a normal web address, but a HTML anchor tag/link to that address. Why is this so, I could not even find a single discussion about it on the internet, nowhere, I tried varying my search terms many times. If the user agent contains the words "Opera" and "Presto" it doesnt mean it will have this weblink, but it means there is about an 80% change that it will. A typical anchor tag/link inside a user agent will look like this: Mozilla/4.0 <a href="http://osis-uk.co.uk/disabled-equipment">disability equipment</a> (Windows NT 5.1; U; en) Presto/2.10.229 Version/11.60 If you check it out at the website, http://www.botsvsbrowsers.com/recent/listings/index.html you will notice that the back and forward arrows are in there unescaped format. This isn't just true for botsvsbrowsers, but several other user agent listing sites. I'm really confused and feel line I'm in a room full of 10,000 people and am the only one seeing this ghost :). If I'm doing statistical analysis, should I include or exclude this type of user agent from my listing (ie: are these just normal users who've set their user agents to attempt to drive some traffic to their sites as they browser the web), or is there something else going on? The fact that it is so consistent in terms of its format leads me to believe that it is an automated process (the setting or alteration of the user agent) so I cannot decide or understand the process by which this change is made (I know how to change a user agent), but unsure which program or facility is doing this, especially since it is exclusive to Opera (Presto) user agents that are beyond I think an 8 or 9 point something browser version. I've run some statistical tests, parsing entries from all over the place, writing custom programs, to get a better understanding of this. Keep in mind that I see normal URL's in user agents infrequently, they are just text such as +http://www.someSite.com appended to a user agent normally, especially if its a crawler or bot it provided its service URL, this is normal and isnt done with an embedded link (A HREF=) etc, so I'm not talking about "those".

    Read the article

  • Advantages and disadvantages of building a single page web application

    - by ryanzec
    I'm nearing the end of a prototyping/proof of concept phase for a side project I'm working on, and trying to decide on some larger scale application design decisions. The app is a project management system tailored more towards the agile development process. One of the decisions I need to make is whether or not to go with a traditional multi-page application or a single page application. Currently my prototype is a traditional multi-page setup, however I have been looking at backbone.js to clean up and apply some structure to my Javascript (jQuery) code. It seems like while backbone.js can be used in multi-page applications, it shines more with single page applications. I am trying to come up with a list of advantages and disadvantages of using a single page application design approach. So far I have: Advantages All data has to be available via some sort of API - this is a big advantage for my use case as I want to have an API to my application anyway. Right now about 60-70% of my calls to get/update data are done through a REST API. Doing a single page application will allow me to better test my REST API since the application itself will use it. It also means that as the application grows, the API itself will grow since that is what the application uses; no need to maintain the API as an add-on to the application. More responsive application - since all data loaded after the initial page is kept to a minimum and transmitted in a compact format (like JSON), data requests should generally be faster, and the server will do slightly less processing. Disadvantages Duplication of code - for example, model code. I am going to have to create models both on the server side (PHP in this case) and the client side in Javascript. Business logic in Javascript - I can't give any concrete examples on why this would be bad but it just doesn't feel right to me having business logic in Javascript that anyone can read. Javascript memory leaks - since the page never reloads, Javascript memory leaks can happen, and I would not even know where to begin to debug them. There are also other things that are kind of double edged swords. For example, with single page applications, the data processed for each request can be a lot less since the application will be asking for the minimum data it needs for the particular request, however it also means that there could be a lot more small request to the server. I'm not sure if that is a good or bad thing. What are some of the advantages and disadvantages of single page web applications that I should keep in mind when deciding which way I should go for my project?

    Read the article

  • Game Review: God of Light

    Luckily I came across this title at a very early stage. If I remember correctly, I took notice of God of Light on Twitter right on the weekend it has been published on the Play Store. "Sit back and become immersed into the world of God of Light, the game that rethinks the physics puzzle genre with its unique environment exploration gameplay, amazing graphics and exclusive soundtrack created by electronic music icon UNKLE. Join cute game mascot, Shiny, on his way to saving the universe from the impending darkness. Play through a variety of exciting game worlds and dozens of levels with mind-blowing puzzles. Your goal is to explore game levels, seek for game objects that reflect, split, combine, paint, bend and teleport rays of light energy to activate the Sources of Life and bring light back to the universe." Mastering the various reflection items in God of Light is very easy to learn and new elements are introduced during the game. Amazing puzzle game Here's the initial review I posted on the Play Store: "Great change in puzzles Fantastic and refreshing concept of puzzle solving. The effects and the music match very well, putting the player in the right mood to game. Get enlightened and grow your skills until you are a true God of Light." And it remains true, even after completing the first realm completely. Similar to Quell it took me only a couple of hours during the evening to complete all levels in the available three realms, unfortunately. God of Light currently consists of 75 levels, well it's 25 in each realm to be precise, and the challenges are increasing. Compared to the iOS version from the AppStore, God of Light is available for free on Android - at least the first realm (25 levels). Unlocking the other two remaining realms is done through an in-app purchase. The visual appearance, the sound effects and the background music provided by UNKLE makes God of Light a superb package for any puzzle gamer. Whether it is simply reflecting light over multiple mirrors, or later on bending the rays of light with black holes, or using prisms to either split, enforce, or colourise your beam, God of Light is great fun and offers a good amount of joy. Check out the following screenshots for some impressions. God of Light: Astonishing graphics and visual appeal throughout the game God of Light - Introduction to the game during the first levels. New light items are introduced at each stage during the game play God of Light: Increasing complexity and puzzle fun Hopefully, Playmous is going to provide more astonishing looking realms and interesting gimmicks in future versions. Play Store: God of Light Also, check out the latest game updates on the official web site of Playmous

    Read the article

  • Suggestions for connecting .NET WPF GUI with Java SE Server

    - by Sam Goldberg
    BACKGROUND We are building a Java (SE) trading application which will be monitoring market data and sending trade messages based on the market data, and also on user defined configuration parameters. We are planning to provide the user with a thin client, built in .NET (WPF) for managing the parameters, controlling the server behavior, and viewing the current state of the trading. The client doesn't need real-time updates; it will instead update the view once every few seconds (or whatever interval is configured by the user). The client has about 6 different operations it needs to perform with the server, for example: CRUD with configuration parameters query subset of the data receive updates of current positions from server It is possible that most of the different operations (except for receiving data) are just different flavors of managing the configuration parameters, but it's too early in our analysis for us to be sure. To connect the client with the server, we have been considering using: SOAP Web Service RESTful service building a custom TCP/IP based API (text or xml) (least preferred - but we use this approach with other applications we have) As best as I understand, pros and cons of the different web service flavors are: SOAP pro: totally automated in .NET (and Java), modifying server side interface require no code changes in communication layer, just running refresh on Web Service reference to regenerate the classes. con: more overhead in the communication layer sending more text, etc. We're not using J2EE container so maybe doesn't work so well with J2SE REST pro: lighter weight, less data. Has good .NET and Java support. (I don't have any real experience with this, so don't know what other benefits it has.) con: client will not be automatically aware if there are any new operations or properties added (?), so communication layer needs to be updated by developer if server interface changes. con: (both approaches) Server cannot really push updates to the client at regular intervals (?) (However, we won't mind if client polls the server to get updates.) QUESTION What are your opinions on the above options or suggestions for other ways to connect the 2 parts? (Ideally, we don't want to put much work into the communication layer, because it's not the significant part of the application so the more off-the-shelf and automated the better.)

    Read the article

  • WPF: Reloading app parts to handle persistence as well as memory management.

    - by Ingó Vals
    I created a app using Microsoft's WPF. It mostly handles data reading and input as well as associating relations between data within specific parameters. As a total beginner I made some bad design decision ( not so much decisions as using the first thing I got to work ) but now understanding WPF better I'm getting the urge to refactor my code with better design principles. I had several problems but I guess each deserves it's own question for clarity. Here I'm asking for proper ways to handle the data itself. In the original I wrapped each row in a object when fetched from database ( using LINQ to SQL ) somewhat like Active Record just not active or persistence (each app instance had it's own data handling part). The app has subunits handling different aspects. However as it was setup it loaded everything when started. This creates several problems, for example often it wouldn't be neccesary to load a part unless we were specifically going to work with that part so I wan't some form of lazy loading. Also there was problem with inner persistance because you might create a new object/row in one aspect and perhaps set relation between it and different object but the new object wouldn't appear until the program was restarted. Persistance between instances of the app won't be huge problem because of the small amount of people using the program. While I could solve this now using dirty tricks I would rather refactor the program and do it elegantly, Now the question is how. I know there are several ways and a few come to mind: 1) Each aspect of the program is it's own UserControl that get's reloaded/instanced everytime you navigate to it. This ensures you only load up the data you need and you get some persistancy. DB server located on same LAN and tables are small so that shouldn't be a big problem. Minor drawback is that you would have to remember the state of each aspect so you wouldn't always start at beginners square. 2) Having a ViewModel type object at the base level of the app with lazy loading and some kind of timeout. I would then propegate this object down the visual tree to ensure every aspect is getting it's data from the same instance 3) Semi active record data layer with static load methods. 4) Some other idea What in your opinion is the most practical way in WPF, what does MVVM assume?

    Read the article

  • Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

    - by Austin Smith
    I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 115 116 117 118 119 120 121 122 123 124 125 126  | Next Page >