Search Results

Search found 14074 results on 563 pages for 'programmers'.

Page 182/563 | < Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >

• PHP Riak in place update

  - by WojonsTech

  From what I can see, when using Riak to update an object, I first need to load the object into PHP, then edit the object, then store the object back to the Riak database. I was wondering if there is a way to update a bucket without pulling it into PHP first. That way, it would save on the network I/O and latency of pulling it into the PHP script. Can objects be edited directly on the Riak side of things? Edit: Is there away to push data to the end of a raik object, so if i have an object that is numeric array can i make a push to add subject that i know its not there or no in place updates what so ever

  Read the article

• Where To Begin To Make A Website

  - by lolyoshi

  I'm a newbie in web programming. I haven't done anything that relates to website before. Now, my new task is creating a website using Java, Jsp, HTML, CSS, mySQL, Apache and Spring Framework (MVC model). I want to know what I should research if I want my website has the function as post entries, comment entries, delete entries, edit entries, etc as a forum? Which I need to know beside above things? I don't know how to update my website automatically when there're changes in website as the top view products, the best products. I don't think I'll input or change them manually. So, which tools or language can support that? Thank for advance

  Read the article

• Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

  - by Austin Smith

  I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other problems with the application (XSS vulnerabilities, rampant inline CSS, code copy-pasted everywhere) but this is the biggest. Sometimes they escape inputs, not using a prepared query or even mysql_real_escape_string(), mind you, but using addslashes(). Often, though, their queries look exactly like this (pasted from their code but with columns and variable names changed): $user = mysql_query("select * from profile where profile_id='".$_REQUEST["profile_id"]."'"); The developers in question claimed that they were unable to hack their application. I tried, and found mod_security to be enabled, resulting in HTTP 406 for some obvious SQL injection attacks. I believe there to be sophisticated workarounds for mod_security, but I don't have time to chase them down. They claim that this is a "conceptual" matter and not a "practical" one since the application can't easily be hacked. Their internal auditor agreed that there were problems, but emphasized the conceptual nature of the issues. They also use this conceptual/practical argument to defend against inline CSS and JS, absence of code organization, XSS vulnerabilities, and massive amounts of repetition. My client (rightly so, perhaps) just wants this to go away so they can launch their product. The site works. You can log in, do what you need to do, and things are visibly functional, if slow. SQL Injection would indeed be hard to do, given mod_security. Further, their talk of "conceptual vs. practical" is rhetorically brilliant, considering that my client doesn't understand web application security. I worry that they've succeeded in making me sound like an angry puritan. In many ways, this is a problem of politics, not technology, but I am at a loss. As a developer, I want to tell them to toss the whole project and start over with a new team, but I face a strong defense from the team that built it and a client who really needs to ship their product. Is my position here too harsh? Even if they fix the SQL Injection and XSS problems can I ever endorse the release of an unmaintainable tangle of spaghetti code?

  Read the article

• Understanding the problem when things break in production

  - by bitcycle

  Scenario: You push to production The push broke multiple things That same build did not break qa or dev As a developer, you don't have prod access. There is lots of pressure from above to get things working agian. Specifics: PHP/MVC application that is API-driven in Zend. Deployed to a few servers. My question: While investigating, lets say I have a hunch that something is wrong. But, I don't know for sure. And, of course, I can't test things in production. If I have a suggested fix based on that hunch, would it be wise to try and apply it and see if it works, before understanding what the problem is?

  Read the article

• Can HTML injection be a security issue?

  - by tkbx

  I recently came across a website that generates a random adjective, surrounded by a prefix and suffix entered by the user. For example, if the user enters "123" for prefix, and "789" for suffix, it might generate "123Productive789". I've been screwing around with it, and I thought I might try something out: I entered this into the prefix field: <a href="javascript:window.close();">Click</a><hr /> And, sure enough, I was given the link, then an <hr>, then a random adjective. What I'm wondering is, could this be dangerous? There must be many more websites out there that have this issue, are all of them vulnerable to some sort of php injection?

  Read the article

• I'm a CS student, and honestly I don't understand Knuth's books..

  - by Raymond Ho

  I stumbled this quote from Bill Gates: "You should definitely send me a resume if you can read the whole thing." He was talking about The Art of Programming books.. So I was pretty curious and want to read it all but honestly, I don't understand it at all.. I'm really not that highly intellectual being.. So this should be the reason why I can't understand it, but I am eager to learn.. I'm currently reading volume 1 about fundamental algo.. So is there any books out there that are friendly to novice/slow people like me? So I can build up myself and hopefully in the future I can read Knuth's book at ease..

  Read the article

• Languages/Methods to Learn for Scientific Computing?:

  - by Zéychin

  I'm a second-semester Junior working towards a Computer Science degree with a Scientific Computing concentration and a Mathematics degree with a concentration on Applied Discrete Mathematics. So, number crunching and such rather than a bunch of regular expressions, interface design, and networking. I've found that I'm not learning new relevant languages from my coursework and am interested in what the community would recommend me to learn. I know as far as programming methods go, I need to learn more about parallelizing programs, but if there's anything else you can recommend, I would appreciate it. Here's a list of the languages with which I am very experienced (web technologies omitted as they barely apply here). Any recommendations for additional languages I should learn would be very much appreciated!: Java C C++ Fortran77/90/95 Haskell Python MATLAB

  Read the article

• moore's law and quadratic algorithm

  - by damon

  I was going thru a video (from coursera - by sedgewick) in which he argues that you cannot sustain Moore's law using a quadratic algorithm.He elaborates like this In year 197* you build a computer of power X ,and need to count N objects.This takes M days According to Moore's law,you have a computer of power 2X after 1.5 years.But now you have 2N objects to count. If you use a quadratic algorithm, In year 197*+1.5 ,it takes (4M)/2 = 2M days 4M because the algorithm is quadratic,and division by 2 because of doubling computer power. I find this hard to understand.I tried to work thru this as below To count N objects using comp=X , it takes M days. -> N/X = M After 1.5 yrs ,you need to count 2N objects using comp=2X -> 2N/(2X) -> N/X -> M days where do I go wrong? can someone please help me understand?

  Read the article

• What languages are most commonly used in medical research?

  - by Chris Taylor

  For someone about to go into a career in medical research, what language would be the most useful to learn? From my limited experience (I have been a researcher in mathematics and in finance) I have been able to recommend looking at R (for statistics) Matlab (for general numeric processing) and Python (for general purpose programming with statistics/numerics as an add-on) but I don't know which of those (if any) are in common use -- or if there are other, more specialized languages that are used. To be clear, I'm not talking about a professional programmer working in a medical setting. I am talking about a medical or genetics researcher who uses programming to analyse data, or generally to help get their work done.

  Read the article

• How to measure the right time to bring a new client?

  - by Byron Sommardahl

  My growing company has a team of developers working on a number of separate projects. Our developers depend on us to keep them working, and we depend on them to make our clients happy. Our projects have differing start and end dates, as you can imagine. The company's responsibility to the developers is to make sure we have clients waiting in the wings so that when one project ends, another can start. For now, finding clients is not a problem and not the topic of this question. What I'm trying to think through right now is, how can I best measure/view/evaluate the end dates of projects so that I know when I need to start courting the next client. Is there a tool that does this? If it's just a spreadsheet, what might it look like?

  Read the article

• Jr developer report bug to potential future boss [on hold]

  - by Cryptoforce

  I applied for a Web developer job in Quebec City, and they called me back for a phone interview. Everything went well, it last for over a hours, and at the end they ask me to send code simple and a portfolio, but in my research about the company and their products I found a PHP error(bug) in their app. Should I tell them or I would that make me look like a total jerk and blow my chance for a interview? I know it might sound stupid. As a junior developer I did 2 interviews they didn't go so well. I am very interested in this position part of my question is like a big lack of confidence so to make it short should I tell them about where is the error and how to fix it? Thanks

  Read the article

• Flash messages in ASP.NET MVC without sessions

  - by Fernando Correia

  I'm developing a web application for Windows Azure using ASP.NET MVC 4. I would like to enforce one restriction in the architecture: do not use Session. To achieve availability on Azure, and since there is no sticky sessions, I would need to store the session data in some central service, probably either SQL Azure or the Caching Service. I would rather avoid sessions on the SQL database to avoid the increased latency, and the caching service on Azure is very expensive for the ammount of memory offered. On the other hand, I would like to have the ability to easily pass Flash-style messages among redirects. TempData is the recommended way to do this, but by default it uses the session object. So I would like to know: Is there an alternative way to use TempData that doesn't require sessions or shared data between servers? Cookies perhaps? Is there a better alternative I'm overlooking?

  Read the article

• What is the oldest living piece of unaltered production code? [closed]

  - by user1598390

  It's come to my mind that parts of the code in, say, Unix, has maybe passed unaltered from one version or flavor into another. Maybe some pieces of the source code of the ls command is the same, unaltered, than was written years ago. Have any of you read or learn about this ? What would be the oldest living piece of unaltered production code still running, passing from version through version of a program or system ? Will the code we write outlive us for decades ?

  Read the article

• Design Application to "Actively" Invite Users (pretend they have privileges)

  - by user3086451

  I am designing an application where users message one another privately, and may send messages to any Entity in the database (an Entity may not have a user account yet, it is a professional database). I am not sure how to best design the database and the API to allow messaging unregistered users. The application should remain secure, and data only accessed by those with correct permissions. Messages sent to persons without user accounts serve as an invitation. The invited person should be able to view the message, act on it, and complete the user registration upon receiving an InviteMessage. In simple terms, I have: User misc user fields (email, pw, dateJoined) Entity (large professional dataset): personalDetails... user->User (may be null) UserMessage: sender->User recipient->User dateCreated messageContent, other fields..... InviteMessage: sender->User recipient->Entity expiringUrl inviteeEmail inviteePhone I plan to alert the user when selecting a recipient that is not registered yet, and inform that he may send the message as an invitation by providing email, phone where we can send the invitation. Invitations will have a unique, one-time-use URL, e.g. uuid.uuid4(). When accessed, the invitee will see the InviteMessage and details about completing his/her registration profile. When registration is complete, InviteMessage details to a new instance of UserMessage (to not lose their data), and assign it to the newly created User. The ability to interact with and invite persons who do not yet have accounts is a key feature of the application, and it seems better to separate the invitation from the private, app messages (easier to keep functionality separate, better if data model changes). Is this a reasonable, good design? If not, what would you suggest? Do you have any improvements? Am I correct to choose to create a separate endpoint for creating invitations via the API?

  Read the article

• Algorithm to use for shop floor layout?

  - by jkohlhepp

  I ran into a classroom problem yesterday (business oriented class, not computer science) and I found it interesting from an algorithmic perspective. The problem goes something like this: Assume there is a shop floor with N different rooms, and you have N different departments that need to go in those rooms. The departments and the rooms are all the same size, so any department could go in any room. There is a known travel distance from each room to each other room. There is also a known amount of trips necessary from one department to another (trips are counted the same regardless which room they originate from, so a trip from A to B is equivalent to a trip from B to A). Given those inputs, determine a layout of departments into rooms which minimizes travel time. What is the best way to approach this problem algorithmically? Is there already a particular algorithm or class of algorithms designed to solve this type of problem? Does this type of problem have a name in computer science? I am not looking for you to design an algorithm to solve this, although feel free to do so if you would like. I'm wondering if this is a problem space that has already been well defined and studied algorithmically and if so get some links to research further. I can see a lot of different data structures and algorithms that might apply to this and I'm curious which approach would be "best". And don't worry, you are not doing my homework for me. This is not a homework problem per se, as this is a business course and we were simply discussing the concepts and not trying to solve the problem algorithmically.

  Read the article

• unit/integration testing web service proxy client

  - by cori

  I'm rewriting a PHP client/proxy library that provides an interface to a SOAP-based .Net webservice, and in the process I want to add some unit and integration tests so future modifications are less risky. The work the library I'm working on performs is to marshall the calls to the web service and do a little reorganizing of the responses to present a slightly more -object-oriented interface to the underlying service. Since this library is little else than a thin layer on top of web service calls, my basic assumption is that I'll really be writing integration tests more than unit tests - for example, I don't see any reason to mock away the web service - the work that's performed by the code I'm working on is very light; it's almost passing the response from the service right back to its consumer. Most of the calls are basic CRUD operations: CreateRole(), CreateUser(), DeleteUser(), FindUser(), &ct. I'll be starting from a known database state - the system I'm using for these tests is isolated for testing purposes, so the results will be more or less predictable. My question is this: is it natural to use web service calls to confirm the results of operations within the tests and to reset the state of the application within the scope of each test? Here's an example: One test might be createUserReturnsValidUserId() and might go like this: public function createUserReturnsValidUserId() { // we're assuming a global connection to the service $newUserId = $client->CreateUser("user1"); assertNotNull($newUserId); assertNotNull($client->FindUser($newUserId); $client->deleteUser($newUserId); } So I'm creating a user, making sure I get an ID back and that it represents a user in the system, and then cleaning up after myself (so that later tests don't rely on the success or failure of this test w/r/t the number of users in the system, for example). However this still seems pretty fragile - lots of dependencies and opportunities for tests to fail and effect the results of later tests, which I definitely want to avoid. Am I missing some options of ways to decouple these tests from the system under test, or is this really the best I can do? I think this is a fairly general unit/integration testing question, but if it matters I'm using PHPUnit for the testing framework.

  Read the article

• Is there such a thing as too much experience?

  - by sunpech

  For modern software developers in today's world, is there such a thing as having too much experience with a certain technology or programming language? To a recruiter, interviewer, or company hiring-- could there often be cases where a particular candidate has so much experience in a certain area or technology where it works against the candidate to being hired? I'm not talking about cases where a senior developer is applying for an entry-level developer position, and has a lot of experience in that sense. Nor am I talking about cases where a candidate is outright lying (e.g. 20+ years experience with Ruby on Rails). I've overheard this in conversations between hiring managers/developers during happy hours, yet I'm not quite sure I fully understand what they mean.

  Read the article

• What are the benefits of PHP?

  - by acme

  Everybody knows that people that have prejudices against certain programming languages. Especially PHP seems to suffer from problems of its past and some other things (like loose types) and is often called a non-serious programming language that should not be used for professional applications. In that special case PHP: How do you argue using PHP as your chosen programming language for web applications? What are the benefits, where is PHP better than ColdFusion, Java, etc.?

  Read the article

• Are #regions an antipattern or code smell?

  - by Craig

  In C# code it allows the #region/#endregion keywords to made areas of code collapsible in the editor. Whenever I am doing this though I find it is to hide large chunks of code that could probably be refactored into other classes or methods. For example I have seen methods that contain 500 lines of code with 3 or 4 regions just to make it manageable. So is judicious use of regions a sign of trouble? It seems to be to me.

  Read the article

• Diagram to show code responsibility

  - by Mike Samuel

  Does anyone know how to visually diagram the ways in which the flow of control in code passes between code produced by different groups and how that affects the amount of code that needs to be carefully written/reviewed/tested for system properties to hold? What I am trying to help people visualize are arguments of the form: For property P to hold, nd developers have to write application code, Ca, without certain kinds of errors, and nm maintainers have to make sure that the code continues to not have these kinds of errors over the project lifetime. We could reduce the error rate by educating nd developers and nm maintainers. For us to be confident that the property holds, ns specialists still need to test or check |Ca| lines of code and continue to test/check the changes by nm maintainers. Alternatively, we could be confident that P holds if all code paths that could violate P went through tool code, Ct, written by our specialists. In our case, test suites alone cannot give confidence that P holdsnd » nsnm ns|Ca| » |Ct| so writing and maintaining Ct is economical, frees up our developers to worry about other things, and reduces the ongoing education commitment by our specialists. or those conditions do not hold, so focusing on education and testing is preferable. Example 1 As a concrete example, suppose we want to ensure that our web-service only produces valid JSON output. Our web-service provides several query and mutation operators that can be composed in interesting ways. We could try to educate everyone who maintains those operations about the JSON syntax, the importance of conformance, and libraries available so that when they write to an output buffer, every possible sequence of appends results in syntactically valid JSON. Alternatively, we don't expose an output stream handle to application code, and instead expose a JSON sink so that every code path that writes a response is channeled through a JSON sink that is written and maintained by a specialist who knows JSON syntax and can use well-written libraries to produce only valid output. Example 2 We need to make sure that a service that receives a URL from an untrusted source and tries to fetch its content does not end up revealing sensitive files from the file-system, like file:///etc/passwd. If there is a single standard way that any developer familiar with the application language's libraries would use to fetch URLs, which has file-system access turned off by default, then simply educating developers about the standard mechanism, and testing that file probing fails for some inputs, will probably be sufficient.

  Read the article

• Dual Inspection / Four Eyes Principle

  - by Ralf

  I have the requirement to implement some kind of dual inspection or four-eyes principle as a feature of my software, meaning that every change of an object done by user A has to be checked by user B. A trivial example would be a publishing system where an author writes an article and another has to proofread it before it is published. I am a little bit surprised that you find nearly nothing about it on the net. No patterns, no libraries (besides cibet), no workflow solutions etc. Is this requirement really so uncommon? Or am I searching for the wrong terms? I am not looking for a specific solution. More for a pattern or best practice approach. Update: the above example is really trivial. Let's add some more complexity to it. The article has been published, but it now needs an update. Putting the article offline for the update is not an option, but the update has to be proof read, too.

  Read the article

• Creating a layer of abstraction over the ORM layer

  - by Daok

  I believe that if you have your repositories use an ORM that it's already enough abstracted from the database. However, where I am working now, someone believe that we should have a layer that abstract the ORM in case that we would like to change the ORM later. Is it really necessary or it's simply a lot of over head to create a layer that will work on many ORM? Edit Just to give more detail: We have POCO class and Entity Class that are mapped with AutoMapper. Entity class are used by the Repository layer. The repository layer then use the additional layer of abstraction to communicate with Entity Framework. The business layer has in no way a direct access to Entity Framework. Even without the additional layer of abstraction over the ORM, this one need to use the service layer that user the repository layer. In both case, the business layer is totally separated from the ORM. The main argument is to be able to change ORM in the future. Since it's really localized inside the Repository layer, to me, it's already well separated and I do not see why an additional layer of abstraction is required to have a "quality" code.

  Read the article

• Software Life-cycle of Hacking

  - by David Kaczynski

  At my local university, there is a small student computing club of about 20 students. The club has several small teams with specific areas of focus, such as mobile development, robotics, game development, and hacking / security. I am introducing some basic agile development concepts to a couple of the teams, such as user stories, estimating complexity of tasks, and continuous integration for version control and automated builds/testing. I am familiar with some basic development life-cycles, such as waterfall, spiral, RUP, agile, etc., but I am wondering if there is such a thing as a software development life-cycle for hacking / breaching security. Surely, hackers are writing computer code, but what is the life-cycle of that code? I don't think that they would be too concerned with maintenance, as once the breach has been found and patched, the code that exploited that breach is useless. I imagine the life-cycle would be something like: Find gap in security Exploit gap in security Procure payload Utilize payload I propose the following questions: What kind of formal definitions (if any) are there for the development life-cycle of software when the purpose of the product is to breach security?

  Read the article

• Functional or non-functional requirement?

  - by killer_PL

  I'm wondering about functional or non-functional requirements. I have found lot of different definitions for those terms and I can't assign some of my requirement to proper category. I'm wondering about requirements that aren't connected with some action or have some additional conditions, for example: On the list of selected devices, device can be repeated. Database must contain at least 100 items Currency of some value must be in USD dollar. Device must have a name and power consumption value in Watts. are those requirements functional or non-functional ?

  Read the article

• Syntax logic suggestions

  - by Anna

  This syntax will be used inside HTML attributes. Here are a few examples of what I have so far: <input name="a" conditions="!b, c" /> <input name="b" /> <input name="c" /> This will make input "a" do something if b is not checked and c is checked (b and c are assumed to be checkboxes if they don't have a :value defined) <input name="a" conditions="!b:foo|bar, c:foo" /> <input name="b" /> <input name="c" /> This will make input "a" do something if bdoesn't have foo or bar values, and if c has the foo value. <input name="a" conditions="!b:EMPTY" /> <input name="b" /> Makes input "a" do something if b has a value assigned. So, essentially , acts as logical AND, : as equals (=), ! as NOT, and | as OR. The | (OR) is only needed between values (at least I think so), and AND is not needed between values for obvious reasons :) EMPTY means empty value, like <input value="" /> Do you have any suggestions on improving this syntax, like making it more human friendly? For example I think the "EMPTY" keyword is not really appropriate and should be replaced with a character, but I don't know which one to choose.

  Read the article

< Previous Page | 178 179 180 181 182 183 184 185 186 187 188 189  | Next Page >