Search Results

Search found 14074 results on 563 pages for 'programmers'.

Page 153/563 | < Previous Page | 149 150 151 152 153 154 155 156 157 158 159 160  | Next Page >

• Checking for cross-site scripting vulnerabilities in Perl web applications

  - by David Scholefield

  I'm putting together some notes for a dev team on how to write secure Perl code - especially taking into account the current OWASP top 10 web application vulnerabilities. For cross-site scripting I've included information on ensuring that all output to the browser is checked and escaped where necessary, but I'm looking for more automated mechanisms that would mean a developer doesn't have to think about every output statement and, potentially, miss one. Perl's 'taint' function sounds like it should be a help because it distrusts all user input, but it doesn't complain on tainted data being output to the browser. Apart from checking all output statements individually (probably by calling a generic sanitizing function) does anyone have any ideas on how Perl can help with this with existing libraries or techniques?

  Read the article

• Do immutable objects and DDD go together?

  - by SnOrfus

  Consider a system that uses DDD (as well: any system that uses an ORM). The point of any system realistically, in nearly every use case, will be to manipulate those domain objects. Otherwise there's no real effect or purpose. Modifying an immutable object will cause it to generate a new record after the object is persisted which creates massive bloat in the datasource (unless you delete previous records after modifications). I can see the benefit of using immutable objects, but in this sense, I can't ever see a useful case for using immutable objects. Is this wrong?

  Read the article

• Number crunching algo for learning multithreading?

  - by Austin Henley

  I have never really implemented anything dealing with threads; my only experience with them is reading about them in my undergrad. So I want to change that by writing a program that does some number crunching, but splits it up into several threads. My first ideas for this hopefully simple multithreaded program were: Beal's Conjecture brute force based on my SO question. Bailey-Borwein-Plouffe formula for calculating Pi. Prime number brute force search As you can see I have an interest in math and thought it would be fun to incorporate it into this, rather than coding something such as a server which wouldn't be nearly as fun! But the 3 ideas don't seem very appealing and I have already done some work on them in the past so I was curious if anyone had any ideas in the same spirit as these 3 that I could implement?

  Read the article

• A testing feedback/report tool?

  - by Mert

  I'm thinking of developing a pluggable test and assessment module. This tool will be used especially for desktop application projects to report and log errors, bugs, missing features and suggestions from testers. The tool will be plugged to the application by putting a small icon to the application itself. When pressed the tool will be visible where user can create entries about the application. Is there already a tool like that? I am not speaking about UI testing btw. For example, this tool might have a form consisting of Page name Environment information Entry type (can be bug, feature request, suggestion) Message User Info (name, contact etc) Date I think such a tool can greatly help testers prepare reports. Developers can understand the issue better and track all the reports.

  Read the article

• Selecting a JAX-RS implementation for a new project

  - by Fernando Correia

  I'm starting a new Java project which will require a RESTful API. It will be a SaaS business application serving mobile clients. I have developed one project with Java EE 6, but I'm not very familiar with the ecosystem, since most of my experience is on the Microsoft platform. Which would be a sensible choice for a JAX-RS implementation for a new project such as described? Judging by Wikipedia's list, main contenders seem to be Jersey, Apache CXF, RESTeasy and Restlet. But the Comparison of JAX-RS Implementations cited on Wikipedia is from 2008. My first impressings from their respective homepages is that: CXF aims to be a very comprehensive solution (reminds me of WCF in the Microsoft space), which makes me think it can be more complex to understand, setup and debug than what I need; Jersey is the reference implementation and might be a good choice, but it's legacy from Sun and I'm not sure how Oracle is treating it (announcements page doesn't work and last commit notice is from 4 months ago); RESTeasy is from JBoss and probably a solid option, though I'm not sure about learning curve; Restlet seems to be popular but has a lot of history, I'm not sure how up-to-date it is in the Java EE 6 world or if it carries a heavy J2EE mindset (like lots of XML configuration). What would be the merits of each of these alternatives? What about learning curve? Feature support? Tooling (e.g. NetBeans or Eclipse wizards)? What about ease of debugging and also deployment? Is any of these project more up-to-date than the others? How stable are them?

  Read the article

• Constructs for wrapping a hardware state machine

  - by Henry Gomersall

  I am using a piece of hardware with a well defined C API. The hardware is stateful, with the relevant API calls needing to be in the correct order for the hardware to work properly. The API calls themselves will always return, passing back a flag that advises whether the call was successful, or if not, why not. The hardware will not be left in some ill defined state. In effect, the API calls advise indirectly of the current state of the hardware if the state is not correct to perform a given operation. It seems to be a pretty common hardware API style. My question is this: Is there a well established design pattern for wrapping such a hardware state machine in a high level language, such that consistency is maintained? My development is in Python. I ideally wish the hardware state machine to be abstracted to a much simpler state machine and wrapped in an object that represents the hardware. I'm not sure what should happen if an attempt is made to create multiple objects representing the same piece of hardware. I apologies for the slight vagueness, I'm not very knowledgeable in this area and so am fishing for assistance of the description as well!

  Read the article

• Would this be viewed poorly amongst the programming community?

  - by Eric P

  So one of my responsibilities at work is to build an internal tool that helps the workers enter in all their information. It's an enterprise application that is similar to a Windows forms database tool. So it's not much different than like developing a Word + Excel combo application, but the average person in this workgroup is a 20-40 year old woman or a random chatty male type. Plus I know all of these people are heavily involved with Facebook on a daily basis. How bad would it be if I styled my new interface to be similar to what Facebook does. People could get award points and stuff when they fill out different types of forms and basically compete against each other like it was a game. When people had completed one, it would be posted on their wall and everyone could comment/like stuff just like in Facebook. And it would be like they are doing peer reviewing for fun. The rewards would be outstanding I would imagine. These people are so into Facebook and Facebook games that productivity would rise due to them trying to compete and earn points and achievements. Would this be taking advantage of the people by 'tricking them into working harder by giving them a game' or would it be viewed as something that would improve happiness at work?

  Read the article

• Job title inflation and fluffing

  - by Amir Rezaei

  When you work on the same project for a relative long time you get more experienced. You may also master many new technologies. Besides the coding you may also do what would classify other roles. There is however one part of your career that may not get updated. That is your job title. It seems beside all technological hypes there is also job title hype. It all depends on which company you work for. Many companies give employer better job titles because they want to keep them. The employee doesn’t change their job because the current title is much better, even if they would get better working condition and benefits if they changed their job. When you consider changing you job you notice that your job title is kind of “outdated”. People with less skill have a much better title for their job than you. You may very well explain what you did on your project but the fact is that many employers go by the title. So here are the questions: Do you change your current title in your CV? What are other options? Here are some good readings regarding these phenomena: Job title inflation Job title fluffing

  Read the article

• Design pattern for an ASP.NET project using Entity Framework

  - by MPelletier

  I'm building a website in ASP.NET (Web Forms) on top of an engine with business rules (which basically resides in a separate DLL), connected to a database mapped with Entity Framework (in a 3rd, separate project). I designed the Engine first, which has an Entity Framework context, and then went on to work on the website, which presents various reports. I believe I made a terrible design mistake in that the website has its own context (which sounded normal at first). I present this mockup of the engine and a report page's code behind: Engine (in separate DLL): public Engine { DatabaseEntities _engineContext; public Engine() { // Connection string and procedure managed in DB layer _engineContext = DatabaseEntities.Connect(); } public ChangeSomeEntity(SomeEntity someEntity, int newValue) { //Suppose there's some validation too, non trivial stuff SomeEntity.Value = newValue; _engineContext.SaveChanges(); } } And report: public partial class MyReport : Page { Engine _engine; DatabaseEntities _webpageContext; public MyReport() { _engine = new Engine(); _databaseContext = DatabaseEntities.Connect(); } public void ChangeSomeEntityButton_Clicked(object sender, EventArgs e) { SomeEntity someEntity; //Wrong way: //Get the entity from the webpage context someEntity = _webpageContext.SomeEntities.Single(s => s.Id == SomeEntityId); //Send the entity from _webpageContext to the engine _engine.ChangeSomeEntity(someEntity, SomeEntityNewValue); // <- oops, conflict of context //Right(?) way: //Get the entity from the engine context someEntity = _engine.GetSomeEntity(SomeEntityId); //undefined above //Send the entity from the engine's context to the engine _engine.ChangeSomeEntity(someEntity, SomeEntityNewValue); // <- oops, conflict of context } } Because the webpage has its own context, giving the Engine an entity from a different context will cause an error. I happen to know not to do that, to only give the Engine entities from its own context. But this is a very error-prone design. I see the error of my ways now. I just don't know the right path. I'm considering: Creating the connection in the Engine and passing it off to the webpage. Always instantiate an Engine, make its context accessible from a property, sharing it. Possible problems: other conflicts? Slow? Concurrency issues if I want to expand to AJAX? Creating the connection from the webpage and passing it off to the Engine (I believe that's dependency injection?) Only talking through ID's. Creates redundancy, not always practical, sounds archaic. But at the same time, I already recuperate stuff from the page as ID's that I need to fetch anyways. What would be best compromise here for safety, ease-of-use and understanding, stability, and speed?

  Read the article

• Design Patterns: Should I learn them?

  - by prelic

  So it's kinda weird asking two questions back-to-back, but they aren't very related and I didn't want to combine them, but I'm not spamming questions, I promise! Anyway, I'm a recent college grad, and my education only touched on design patterns...we implemented a few simple ones, touched on the fact that there were more complicated ones, and were instructed to turn to the GoF book if we wanted to learn more. My question is, is it worth learning the patterns in the GoF book? To me, it's always seemed counter-intuitive to try and make a problem fit a classic pattern, but obviously the book, and the patterns, are famous for a reason. Do they show up enough that I should be learning them? Thanks again!

  Read the article

• Is it true that first versions of C compilers ran for dozens of minutes and required swapping floppy disks between stages?

  - by sharptooth

  Inspired by this question. I heard that some very very early versions of C compilers for personal computers (I guess it's around 1980) resided on two or three floppy disks and so in order to compile a program one had to first insert the disk with "first pass", run the "first pass", then change to the disk with "second pass", run that, then do the same for the "third pass". Each pass ran for dozens of minutes so the developer lost lots of time in case of even a typo. How realistic is that claim? What were actual figures and details?

  Read the article

• Naming boolean field that is a verb

  - by dnhang

  In Java, by convention getter and setter for boolean fields will be isField() and setField(). This works perfectly fine with field names that are adjectives like active, visible, closed, etc. But how do I name a field that has meaning of a verb, like haveChildren? Add _ing to the verb (havingChildren), maybe? Edit: to clarify, I don't have control of the method names (getter and setter), they are auto-generated by the IDE. So what I need is an appropriate field name so that when the IDE generate a getter for it, it make senses. For example, hasChildren is a perfect field name, but when the IDE generate the getter for the field it would be isHasChildren. How do I solve this?

  Read the article

• Session state provider and atomic operations

  - by vtortola

  Hi, I've been thinking about this and it is blowing my mind... How does a session state provider properly works internally? I mean, I tried to write a custom session state provider based on Azure Tables or Blobs, but quickly I realized that because there is no way to ensure an atomic operation or establish a lock, race conditions are suitable to happen when several web servers do operation on that shared information. I know that there is a SQL Server Session State Provider (SQLS-SSP) and people is happy with it, so I guess that it's using some kind of transaction isolation level in order to accomplish some degree of concurrent safety, like checking is the data is lock (a simple column), locking it if not and returning the data in an atomic operation, but is that so? what does happen if the data is lock? does it returns an error? block the call for a while? returns it in read-only fashion? Cloud computing paradigms could be somehow new, but webfarms have been here for a while, so as I'm pretty new on it... do you recommend any good lecture about the topic? Thanks.

  Read the article

• Why no more macro languages?

  - by Muhammad Alkarouri

  In this answer to a previous question of mine about scripting languages suitability as shells, DigitalRoss identifies the difference between the macro languages and the "parsed typed" languages in terms of string treatment as the main reason that scripting languages are not suitable for shell purposes. Macro languages include nroff and m4 for example. What are the design decisions (or compromises) needed to create a macro programming language? And why are most of the mainstream languages parsed rather than macro? This very similar question (and the accepted answer) covers fairly well why the parsed typed languages, take C for example, suffer from the use of macros. I believe my question here covers different grounds: Macro languages or those working on a textual level are not wholly failures. Arguably, they include bash, Tcl and other shell languages. And they work in a specific niche such as shells as explained in my links above. Even m4 had a fairly long time of success, and some of the web template languages can be regarded as macro languages. It is quite possible that macros and parsed typing do not go well together and that is why macros "break" common languages. In the answer to the linked question, a macro like #define TWO 1+1 would have been covered by the common rules of the language rather than conflicting with those of the host language. And issues like "macros are not typed" and "code doesn't compile" are not relevant in the context of a language designed as untyped and interpreted with little concern for efficiency. The question about the design decisions needed to create a macro language pertain to a hobby project which I am currently working on on designing a new shell. Taking the previous question in context would clarify the difference between adding macros to a parsed language and my objective. I hope the clarification shows that the question linked doesn't cover this question, which is two parts: If I want to create a macro language (for a shell or a web template, for example), what limitations and compromises (and guidelines, if exist) need to be done? (Probably answerable by a link or reference) Why have no macro languages succeed in becoming mainstream except in particular niches? What makes typed languages successful in large programming, while "stringly-typed" languages succeed in shells and one-liner like environments?

  Read the article

• Cuda vs OpenCL - opinions

  - by Martin Beckett

  Interested in peoples opinions of Cuda vs openCL following NVidia's Cuda4 release. I had originally gone with openCL since cross platform, open standards are a good thing(tm). I assumed NVidia would fall into line as they had done with openGL. But having talked to some NVidia people, they (naturaly) claim that they will concentrate on CUDA and openCL is hampered by having committees and having to please everyone - like openGL. And with the new tools and libs in CUDA it's hard to argue with that. -I'm in a fairly technical market so I can require the users to have particular HW.

  Read the article

• CSS naming guildlines with elements with multiple classes

  - by ryanzec

  Its seems like there are 2 ways someone can handle naming classes for elements that are designed to have multiple classes. One way would be: <span class="btn btn-success"></span> This is something that twitter bootstrap uses. Another possibility I would think would be: <span class="btn success"></span> It seems like the zurb foundation uses this method. Now the benefits of the first that I can see is that there less chance of outside css interfering with styling as the class name btn-success would not be as common as the class name success. The benefit of the second as I can see is that there is less typing and potential better style reuse. Are there any other benefits/disadvantages of either option and is one of them more popular than the other?

  Read the article

• Is case after case in a switch efficient?

  - by RandomGuy

  Just a random question regarding switch case efficiency in case after case; is the following code (assume pseudo code): function bool isValid(String myString){ switch(myString){ case "stringA": case "stringB": case "stringC": return true; default: return false; } more efficient than this: function bool isValid(String myString){ switch(myString){ case "stringA": return true; case "stringB": return true; case "stringC": return true; default: return false; } Or is the performance equal? I'm not thinking in a specific language but if needed let's assume it's Java or C (for this case would be needed to use chars instead of strings).

  Read the article

• Resources for Learning CSS [closed]

  - by historicus

  I am a server-side programmer that is proficient in Java. I have fairly good knowledge of client-side scripting - primarily Javascript - but my ability in CSS is lacking. While I have the know-how to modify basic styles, I'd like to understand a bit more about CSS layouts and styling. Can anyone with expert knowledge of CSS provide a good source for diving into the topic? Also, are there any short, online courses that might help in gaining the information I seek?

  Read the article

• Where would my different development rhythm be suitable for the work?

  - by DarenW

  Over the years I have worked on many projects, with some successful and a great benefit to the company, and some total failures with me getting fired or otherwise leaving. What is the difference? Naturally I prefer the former and wish to avoid the latter, so I'm pondering this issue. The key seems to be that my personal approach differs from the norm. I write code first, letting it be all spaghetti and chaos, using whatever tools "fit my hand" that I'm fluent in. I try to organize it, then give up and start over with a better design. I go through cycles, from thinking-design to coding-testing. This may seem to be the same as any other development process, Agile or whatever, cycling between design and coding, but there does seem to be a subtle difference: The methods (ideally) followed by most teams goes design, code; design, code; ... while I'm going code, design; code, design; (if that makes any sense.) Music analogy: some types of music have a strong downbeat while others have prominent syncopation. In practice, I just can't think in terms of UML, specifications and so on, but grok things only by attempting to code and debug and refactor ad-hoc. I need the grounding provided by coding in order to think constructively, then to offer any opinions, advice or solutions to the team and get real work done. In positions where I can initially hack up cowboy code without constraints of tool or language choices, I easily gain a "feel" for the data, requirements etc and eventually do good work. In formalized positions where paperwork and pure "design" comes first and only later any coding (even for small proof-of-concept projects), I am lost at sea and drown. Therefore, I'd like to know how to either 1) change my rhythm to match the more formalized methodology-oriented team ways of doing things, or 2) find positions at organizations where my sense of development rhythm is perfect for the work. It's probably unrealistic for a person to change their fundamental approach to things. So option 2) is preferred. So where I can I find such positions? How common is my approach and where is it seen as viable but different, and not dismissed as undisciplined or cowboy coder ways?

  Read the article

• Learning Python is good?

  - by user15220

  Recently I have seen some videos from MIT on computer programming topics. I found it's really worth watching. Especially the concepts of algorithms and fundamental stuffs. The programs were written and explained in Python. I never had looked into this language before as I learned and doing stuffs with C/C++ programming. But the cleanliness and better readability of syntax attracted me. Of course as a C++ programmer for long time it's the most readable language for me. Also I heard Python library contains solid algorithms and data-structures implementations. Can you share your experience in this language?

  Read the article

• Looking for reading material on application architecture with web UI

  - by toong

  I'm looking for articles (or other reading material) on the topic of fat client applications with a web UI layer. Open-source projects that use this architecture would be very interesting too. Such an application would embed one (or more) browser-window(s) (chromiumembedded for example). You would need bidirectional communication between your web-UI and your domain model/services. I think this allows quick prototyping the UI, a clean separation between logic and UI and potentially easier portability across platforms (compared to WinForms for example). But that is just my view, I was looking for the view of people who have been on that road. An example of an application using a web-ui layer is Light Table. Unfortunately it is not open source (at this point?).

  Read the article

• Creating a remote management interface

  - by Johnny Mopp

  I'm looking for info on creating a remote management interface for our software. This is not anything illicit. Our software is for live TV production and once they go on-air we can't access the PC (usually through LogMeIn). I would like to be able to upload/download files and issue commands to our software. The commands would be software specific like "load this file" or "run this script" or "return this value" etc. A socket connection is preferred but the problem is most of our PCs are behind firewalls and NAT servers. I'm not sure where to start. I think HTTP tunneling is the way to go but am wondering if there are other options or recommendations. Also, assume our clients are not willing to open up ports for security reasons. Thanks.

  Read the article

• Online training modules / programs for best software engineering practices?

  - by Steve

  We're taking over a team in a foreign country and the programming standards there aren't up to par with US standards. Folks there lack the formal training and basic understanding of computing concepts of databases, how computers work, what good software engineering practices are. Short of sending these ppl to college again, are there good online courses available that we can enroll them into so that they can upgrade their skills? I am specifically looking for online training courses, but recommendations for books are also welcome. This is language-agnostic.

  Read the article

• Dealing with a developer continuously ignoring edge cases in his work

  - by Alex N.

  I have an interesting, fairly common I guess, issue with one of the developers in my team. The guy is a great developer, work fast and productive, produces fairly good quality code and all. Good engineer. But there is a problem with him - very often he fails to address edge cases in his code. We spoke with him about it many times and he is trying but I guess he just doesn't think this way. So what ends up happening is that QA would find plenty issues with his code and return it back for development again and again, ultimately resulting in missed deadlines and everyone in the team unhappy. I don't know what to do with him and how to help him overcome this problem. Perhaps someone with more experience could advise? Thank you!

  Read the article

• storing data for maps database

  - by Timigen

  I am working on an application that displays choropleth maps. These maps are of all different types, some display state by county, country by state/province, or world by country. How should I handle storing the map information in the database? My Thoughts: I won't need to do queries to find POI inside a region, so I don't think there is a need to use spatial datatypes. I am considering storing a map as a geoJSON object (I am using JS mapping library that accepts geoJSON). The only issue is what if I want a map of the US northeast. Then I would have geoJSON for the US and a separate one for the US northeast, which would be redundant. Would it make sense to have a shape database where I had each state then when I needed a map of the US I could query for each state, and when I needed a map of the US Northeast I could again query for what I need? Note: I am not concerned with storing the data for each region, just the region itself. I will query for the data on the fly for the specific region.

  Read the article

< Previous Page | 149 150 151 152 153 154 155 156 157 158 159 160  | Next Page >