Search Results

Search found 23271 results on 931 pages for 'static classes'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 262/931 | < Previous Page | 258 259 260 261 262 263 264 265 266 267 268 269  | Next Page >

  • Should I share UI for objects that use common fields?

    - by wb
    I have a parent class that holds all of the fields that are common between all device types. From that, I have a few derived classes that each hold their unique fields. Say I have device type "Switch" and "Transformer". Both derived classes only have 2-3 of their own unique fields. When doing the UI design (windows forms) in this case. Should I create two separate forms for each device type or create a user control with all fields that are shared among all devices? Thank you.

    Read the article

  • [PHP] How to unset object's inherited properties ?

    - by vbklv
    I have an Object ( [id] => 1 [parent_id] => 0 [result:Database:private] => [db:Database:private] => mysqli Object ( [affected_rows] => 0 ... ) ) Obviously, the Object has inherited the 'db' and 'result' properties of the parent Database class. unset($object-result) nor unset($object-result:Database) nor unset($object-result:Database:private) work. How could I unset those properties when they are no longer needed (i.e. when the object properties are about to be output)? Is it a generally a good idea to have a database object as an inherited property of other classes (extend one Database class with all other classes that use database connections)?

    Read the article

  • .NET project: unified wrapper for object databases.

    - by Steve
    I am considering doing a project which would provide unified API and tools (import/export, etc.) for object databases (e.g. Caché, Objectivity) for .NET. It would provide: schema generation from CLR classes, generation of C# classes from given OODBMs schema, API for deleting, creating and updating objects, Linq provider, API for calling object's methods on DB server, some of OODBMs provide some kind of SQL support, so API for this, providers for Caché and Objectivity in first phase. Does any project which implements any of above exist? Can this be achieved with NHibernate dialects? or are OODBMs so different than RDBMs that it worth doing separate framework for them?

    Read the article

  • any way to simplify this with a form of dynamic class instantiation?

    - by gnychis
    I have several child classes that extend a parent class, forced to have a uniform constructor. I have a queue which keeps a list of these classes, which must extend MergeHeuristic. The code that I currently have looks like the following: Class<? extends MergeHeuristic> heuristicRequest = _heuristicQueue.pop(); MergeHeuristic heuristic = null; if(heuristicRequest == AdjacentMACs.class) heuristic = new AdjacentMACs(_parent); if(heuristicRequest == SimilarInterfaceNames.class) heuristic = new SimilarInterfaceNames(_parent); if(heuristicRequest == SameMAC.class) heuristic = new SameMAC(_parent); Is there any way to simplify that to dynamically instantiate the class, something along the lines of: heuristic = new heuristicRequest.somethingSpecial(); That would flatten that block of if statements.

    Read the article

  • PHP loading / including files only if class is used

    - by MrMalayev
    I have a couple of classes, and certain classes require only a part of an SDK. For example class a { /* requires filea.php*/ } class b { /*requires fileb.php*/ } Instead of including the files at the top like require_once 'filea.php'; require_once 'fileb.php'; class a { /*do stuff*/ } class b { /*do stuff*/ } Can I just include them in the class, so one only loads when an object is made? class a { require filea.php; /*do stuff*/ } class b { require fileb.php; /*do stuff*/ }

    Read the article

  • Why people define class, trait, object inside another object in Scala?

    - by Zwcat
    Ok, I'll explain why I ask this question. I begin to read Lift 2.2 source code these days. In Lift, I found that, define inner class and inner trait are very heavily used. object Menu has 2 inner traits and 4 inner classes. object Loc has 18 inner classes, 5 inner traits, 7 inner objects. There're tons of codes write like this. I wanna to know why the author write it like this. Is it because it's the author's personal taste or a powerful use of language feature?

    Read the article

  • Is there any alternative way of writing this switch statement(C#3.0)

    - by Newbie
    Can it be done in a better way public static EnumFactorType GetFactorEnum(string str) { Standardization e = new Standardization(); switch (str.ToLower()) { case "beta": e.FactorType = EnumFactorType.BETA; break; case "bkp": e.FactorType = EnumFactorType.BOOK_TO_PRICE; break; case "yld": e.FactorType = EnumFactorType.DIVIDEND_YIELD; break; case "growth": e.FactorType = EnumFactorType.GROWTH; break; case "mean": e.FactorType = EnumFactorType.MARKET_CAP; break; case "momentum": e.FactorType = EnumFactorType.MOMENTUM; break; case "size": e.FactorType = EnumFactorType.SIZE; break; case "stat_fact1": e.FactorType = EnumFactorType.STAT_FACT_1; break; case "stat_fact2": e.FactorType = EnumFactorType.STAT_FACT_2; break; case "value": e.FactorType = EnumFactorType.VALUE; break; } return e.FactorType; } If I create a Static class(say Constatant) and declare variable like public static string BETA= "beta"; and then if I try to put that in the Case expression like Case Constants.BETA : e.FactorType = EnumFactorType.BETA; break; then the compiler will report error.(quite expected) So is there any other way?(I canot change the switch statement) Using C#3.0 Thanks

    Read the article

  • Which way of declaring a variable is fastest?

    - by ADB
    For a variable used in a function that is called very often and for implementation in J2ME on a blackberry (if that changed something, can you explain)? class X { int i; public void someFunc(int j) { i = 0; while( i < j ){ [...] i++; } } } or class X { static int i; public void someFunc(int j) { i = 0; while( i < j ){ [...] i++; } } } or class X { public void someFunc(int j) { int i = 0; while( i < j ){ [...] i++; } } } I know there is a difference how a static versus non-static class variable is accessed, but I don't know it would affect the speed. I also remember reading somewhere that in-function variables may be accessed faster, but I don't know why and where I read that. Background on the question: some painting function in games are called excessively often and even small difference in access time can affect the overall performance when a variable is used in a largish loop.

    Read the article

  • Generic type parameter naming convention for Java (with multiple chars)?

    - by chaper29
    In some interfaces i wrote I'd like to name generic type parameter with more than one character to make the code more readable. Something like.... Map<Key,Value> Instead of this... Map<K,V> But when it comes to methods, the type-parameters look like java-classes which is also confusing. public void put(Key key, Value value) This seems like Key and Value are classes. I found or thought of some notations, but nothing like a convention from sun or a general best-practice. Alternatives i guesed of or found... Map<KEY,VALUE> Map<TKey,TValue>

    Read the article

  • Java PropertyChangeListener

    - by Laphroaig
    Hi, i'm trying to figure out how to listen a property change on another class. this is my code: class with the property to listen: public class ClassWithProperty { private PropertyChangeSupport changes = new PropertyChangeSupport(this); private int usersOnline; public int getUsersOnline() { return usersOnline; } public ClassWithProperty() { usersOnline = 0; while (usersOnline<10) { changes.firePropertyChange("usersOnline", usersOnline, usersOnline++); } } public void addPropertyChangeListener( PropertyChangeListener l) { changes.addPropertyChangeListener(l); } public void removePropertyChangeListener( PropertyChangeListener l) { changes.removePropertyChangeListener(l); } } class where i need to know when the property change: public class Main { private static ClassWithProperty test; public static void main(String[] args) { test = new ClassWithProperty(); test.addPropertyChangeListener(listen()); } private static PropertyChangeListener listen() { System.out.println(test.getUsersOnline()); return null; } } I have the event fired only the last time (usersOnline=10). Sorry if it can be a stupid question, i'm learning now java and can't find a solution.

    Read the article

  • .NET security mechanism to restrict access between two Types in the same Website project?

    - by jdk
    Question: Is there a mechanism in the .NET Framework to hide one custom Type from another without using separate projects/assemblies? I'm using C# with ASP.NET in a Website project (Note: Not a Web Application). Obviously there's not a way to enforce this restriction using language-specific OO keywords so I am looking for something else, for example: maybe a permission framework or code access mechanism, maybe something that uses meta data like Attributes. I'm unsure. I don't really care whether the solution actually hides classes from each other or just makes them inaccessible, etc. A runtime or design time answer will suffice. Looking for something easy to implement otherwise it's not worth the effort ... Background: I'm working in an ASP.NET Website project and the team has decided not to use separate project assemblies for different software layers. Therefore I'm looking for a way to have, for example, a DataAccess/ folder of which I disallow its classes to access other Types in the ASP.NET Website project.

    Read the article

  • Sync issue in collection fetch backbone

    - by Stefano Maglione
    i'm fetching a collection but i've problem because into the collection the function parse use an another ajax call.So if i try to console.log the response of fetch after the fetch linecode but it is ever undefined. Function call fetch: friends: function(){ var amici=new Amicizie(); var amicilist=amici.fetch(); console.log(amicilist);<---undefined,because executed before fetch collection called: var obj={}; var Amicizie = Backbone.Collection.extend({ url:'https://api.parse.com/1/classes/User/', parse: function(data) { var cur_user=Parse.User.current().id; $.ajax({ type: 'GET', headers: {'X-Parse-Application-Id':'qS0KL***EM1tyhM9EEPiTS3VMk','X-Parse-REST-API- Key':'nh3eoUo9G***JIfIt1Gm'}, url: "https://api.parse.com/1/classes/_User/?where=....", success: function(object) { console.log(object ); obj=object; console.log(obj ); }, error: function(data) { console.log("ko" ); } }); return obj.results; } }); return Amicizie; });

    Read the article

  • Is it possible to Store Enum value in String?

    - by Narasimham K
    Actally my java progrem like... public class Schedule{ public static enum RepeatType { DAILY, WEEKLY, MONTHLY; } public static enum WeekdayType { MONDAY(Calendar.MONDAY), TUESDAY(Calendar.TUESDAY), WEDNESDAY( Calendar.WEDNESDAY), THURSDAY(Calendar.THURSDAY), FRIDAY( Calendar.FRIDAY), SATURDAY(Calendar.SATURDAY), SUNDAY( Calendar.SUNDAY); private int day; private WeekdayType(int day) { this.day = day; } public static List<Date> generateSchedule(RepeatType repeatType,List<WeekdayType> repeatDays) { ----------------------------- ----------------------------//hear some logic i wrote }//Method } And i'm calling the method into my Business class like following... @RemotingInclude public void createEvent(TimetableVO timetableVO) { if ("repeatDays".equals(timetableVO.getSearchKey())) { List<Date> repeatDaysList=Schedule.generateSchedule(timetableVO.getRepeatType(),timetableVO.getRepeatDays()); } } And Finally TimetableVO is @Entity @Table(name="EC_TIMETABLE") public class TimetableVO extends AbstractVO{ ----- private RepeatType repeatType; private List<WeekdayType> repeatDays;//But in this case the method generateSchedule(-,-) was not calling. ----- } So my Question is Which one is Better Statement in the Following... private List<WeekdayType> repeatDays; (or) private String repeatDays;//if we give like this `How to Convert Enum type to String` because generateSchedule() method taking enum type value....

    Read the article

  • Associate two sets of values

    - by PJW
    I have the following code - public static int GetViewLevel(string viewLevelDesc) { try { switch (viewLevelDesc) { case "All": return 0; case "Office": return 10; case "Manager": return 50; default: throw new Exception("Invalid View Level Description"); } } catch (Exception eX) { throw new Exception("Action: GetViewLevel()" + Environment.NewLine + eX.Message); } } public static string GetViewLevelDescription(int viewLevel) { try { switch (viewLevel) { case 0: return "All"; case 10: return "Office"; case 50: return "Manager"; default: throw new Exception("Invalid View Level Description"); } } catch (Exception eX) { throw new Exception("Action: GetViewLevelDescription()" + Environment.NewLine + eX.Message); } } The two static Methods enable me to either get an int ViewLevel from a string ViewLevelDesc or vice versa. I'm sure the way I have done this is far more cumbersome than it needs to be, and I'm looking for some advice how to achieve the same objective but more concisely. The list of int / string pairs will increase significantly. The ones in the above code are just the first three I intend to use.

    Read the article

  • DDD: MailService.SendNotificationToUser() or User.Notify()?

    - by cfs
    I seem to stumble on problem after problem giving my entities behavior. I have a system where a user gets a notification when someone comments his article. Right now it is via an e-mail. I'm struggeling how to implement this the DDD way. Option 1 User entity has a Notify method: User.Notify() The method uses C# built in classes to send an e-mail notification via e-mail The problem with having this in the domain is that it is technology spesific, and how a user is notified might change in the future. I feel this belongs to infrastructure, but how then can a user have behavior? Option 2 I create a Service: NotificationService.Notify(User) The Service uses C# built in classes to send an e-mail The pro is that the service could be an Application Service, and as far as I know an application service can use the infrastructure and call things like the System.Net.Mail and repositories for that sake. How would you implement this?

    Read the article

  • select k th mimimum from array a[0..n-1]

    - by davit-datuashvili
    i have done folloing code from progrmming pearls here is code import java.util.*; public class select { public static int select1(int x[],int l,int u,int k){ //pre l<=k<=u //post x[l..k-1]<=x[k]<=x[k+1..u] Random r=new Random(); int t=r.nextInt(u-1-l)+l; if (l>=u) return -1 ; swap(l,t); int s=x[l]; int i=l; int j=u+1; while (true){ do { i++; }while (i<=u && x[i]<t); do { j--; }while (x[j]>t); if (i>j) break; int temp=x[i]; x[i]=x[j];x[j]=t; swap(l,j); if (j<k){ return select1(x,j+1,u,k); } } return select1(x,l,j-1,k); } public static void main(String[] args) { int x[]=new int[]{4,7,9,3,2,12,13,10,20}; select1(x,0,x.length-1,5); } public static void swap(int i,int j){ int c=i; i=j; j=c; } } but here is mistake Exception in thread "main" java.lang.ArrayIndexOutOfBoundsException: -1 at select.select1(select.java:21) at select.main(select.java:36) Java Result: 1 please help

    Read the article

  • Finding an odd perfect number

    - by Coin Bird
    I wrote these two methods to determine if a number is perfect. My prof wants me to combine them to find out if there is an odd perfect number. I know there isn't one(that is known), but I need to actually write the code to prove that. The issue is with my main method. I tested the two test methods. I tried debugging and it gets stuck on the number 5, though I can't figure out why. Here is my code: public class Lab6 { public static void main (String[]args) { int testNum = 3; while (testNum != sum_of_divisors(testNum) && testNum%2 != 0) testNum++; } public static int sum_of_divisors(int numDiv) { int count = 1; int totalDivisors = 0; while (count < numDiv) if (numDiv%count == 0) { totalDivisors = totalDivisors + count; count++; } else count++; return totalDivisors; } public static boolean is_perfect(int numPerfect) { int count = 1; int totalPerfect = 0; while (totalPerfect < numPerfect) { totalPerfect = totalPerfect + count; count++; } if (numPerfect == totalPerfect) return true; else return false; } }

    Read the article

  • Asp.net with MVC multiple model in one view (create, update)

    - by Abdalmohaymen
    I have problem in asp.ne Mvc with multiple model in one view on create and update I 'm work on exams system class Questions and class Answers Question is aparent class and Answers is a child class [Bind(exclude("id"))] class Quesions { public string question{get; set;} public Datetime Timepostquestion{get; set;} } [Bind(exclude("id"))] class Answers { public string answer{get; set;} public Datetime Timepostanswer{get; set;} public questionId {get; set;} } in a view I use two classes how to use classes in insert and update what a way which I have to solve my problem

    Read the article

  • getting duplicate array output - java

    - by dowln
    Hello, Can someone could be kind and help me out here. Thanks in advance... My code below outputs the string as duplicates. I don't want to use Sets or ArrayList. I am using java.util.Random. I am trying to write a code that checks if string has already been randomly outputted and if it does, then it won't display. Where I am going wrong and how do I fix this. public class Worldcountries { private static Random nums = new Random(); private static String[] countries = { "America", "Candada", "Chile", "Argentina" }; public static int Dice() { return (generator.nums.nextInt(6) + 1); } public String randomCounties() { String aTemp = " "; int numOfTimes = Dice(); int dup = 0; for(int i=0 ; i<numOfTimes; i++) { // I think it's in the if statement where I am going wrong. if (!countries[i].equals(countries[i])) { i = i + 1; } else { dup--; } // and maybe here aTemp = aTemp + countries[nums.nextInt(countries.length)]; aTemp = aTemp + ","; } return aTemp; } } So the output I am getting (randomly) is, "America, America, Chile" when it should be "America, Chile".

    Read the article

  • Toorcon 15 (2013)

    - by danx
    The Toorcon gang (senior staff): h1kari (founder), nfiltr8, and Geo Introduction to Toorcon 15 (2013) A Tale of One Software Bypass of MS Windows 8 Secure Boot Breaching SSL, One Byte at a Time Running at 99%: Surviving an Application DoS Security Response in the Age of Mass Customized Attacks x86 Rewriting: Defeating RoP and other Shinanighans Clowntown Express: interesting bugs and running a bug bounty program Active Fingerprinting of Encrypted VPNs Making Attacks Go Backwards Mask Your Checksums—The Gorry Details Adventures with weird machines thirty years after "Reflections on Trusting Trust" Introduction to Toorcon 15 (2013) Toorcon 15 is the 15th annual security conference held in San Diego. I've attended about a third of them and blogged about previous conferences I attended here starting in 2003. As always, I've only summarized the talks I attended and interested me enough to write about them. Be aware that I may have misrepresented the speaker's remarks and that they are not my remarks or opinion, or those of my employer, so don't quote me or them. Those seeking further details may contact the speakers directly or use The Google. For some talks, I have a URL for further information. A Tale of One Software Bypass of MS Windows 8 Secure Boot Andrew Furtak and Oleksandr Bazhaniuk Yuri Bulygin, Oleksandr ("Alex") Bazhaniuk, and (not present) Andrew Furtak Yuri and Alex talked about UEFI and Bootkits and bypassing MS Windows 8 Secure Boot, with vendor recommendations. They previously gave this talk at the BlackHat 2013 conference. MS Windows 8 Secure Boot Overview UEFI (Unified Extensible Firmware Interface) is interface between hardware and OS. UEFI is processor and architecture independent. Malware can replace bootloader (bootx64.efi, bootmgfw.efi). Once replaced can modify kernel. Trivial to replace bootloader. Today many legacy bootkits—UEFI replaces them most of them. MS Windows 8 Secure Boot verifies everything you load, either through signatures or hashes. UEFI firmware relies on secure update (with signed update). You would think Secure Boot would rely on ROM (such as used for phones0, but you can't do that for PCs—PCs use writable memory with signatures DXE core verifies the UEFI boat loader(s) OS Loader (winload.efi, winresume.efi) verifies the OS kernel A chain of trust is established with a root key (Platform Key, PK), which is a cert belonging to the platform vendor. Key Exchange Keys (KEKs) verify an "authorized" database (db), and "forbidden" database (dbx). X.509 certs with SHA-1/SHA-256 hashes. Keys are stored in non-volatile (NV) flash-based NVRAM. Boot Services (BS) allow adding/deleting keys (can't be accessed once OS starts—which uses Run-Time (RT)). Root cert uses RSA-2048 public keys and PKCS#7 format signatures. SecureBoot — enable disable image signature checks SetupMode — update keys, self-signed keys, and secure boot variables CustomMode — allows updating keys Secure Boot policy settings are: always execute, never execute, allow execute on security violation, defer execute on security violation, deny execute on security violation, query user on security violation Attacking MS Windows 8 Secure Boot Secure Boot does NOT protect from physical access. Can disable from console. Each BIOS vendor implements Secure Boot differently. There are several platform and BIOS vendors. It becomes a "zoo" of implementations—which can be taken advantage of. Secure Boot is secure only when all vendors implement it correctly. Allow only UEFI firmware signed updates protect UEFI firmware from direct modification in flash memory protect FW update components program SPI controller securely protect secure boot policy settings in nvram protect runtime api disable compatibility support module which allows unsigned legacy Can corrupt the Platform Key (PK) EFI root certificate variable in SPI flash. If PK is not found, FW enters setup mode wich secure boot turned off. Can also exploit TPM in a similar manner. One is not supposed to be able to directly modify the PK in SPI flash from the OS though. But they found a bug that they can exploit from User Mode (undisclosed) and demoed the exploit. It loaded and ran their own bootkit. The exploit requires a reboot. Multiple vendors are vulnerable. They will disclose this exploit to vendors in the future. Recommendations: allow only signed updates protect UEFI fw in ROM protect EFI variable store in ROM Breaching SSL, One Byte at a Time Yoel Gluck and Angelo Prado Angelo Prado and Yoel Gluck, Salesforce.com CRIME is software that performs a "compression oracle attack." This is possible because the SSL protocol doesn't hide length, and because SSL compresses the header. CRIME requests with every possible character and measures the ciphertext length. Look for the plaintext which compresses the most and looks for the cookie one byte-at-a-time. SSL Compression uses LZ77 to reduce redundancy. Huffman coding replaces common byte sequences with shorter codes. US CERT thinks the SSL compression problem is fixed, but it isn't. They convinced CERT that it wasn't fixed and they issued a CVE. BREACH, breachattrack.com BREACH exploits the SSL response body (Accept-Encoding response, Content-Encoding). It takes advantage of the fact that the response is not compressed. BREACH uses gzip and needs fairly "stable" pages that are static for ~30 seconds. It needs attacker-supplied content (say from a web form or added to a URL parameter). BREACH listens to a session's requests and responses, then inserts extra requests and responses. Eventually, BREACH guesses a session's secret key. Can use compression to guess contents one byte at-a-time. For example, "Supersecret SupersecreX" (a wrong guess) compresses 10 bytes, and "Supersecret Supersecret" (a correct guess) compresses 11 bytes, so it can find each character by guessing every character. To start the guess, BREACH needs at least three known initial characters in the response sequence. Compression length then "leaks" information. Some roadblocks include no winners (all guesses wrong) or too many winners (multiple possibilities that compress the same). The solutions include: lookahead (guess 2 or 3 characters at-a-time instead of 1 character). Expensive rollback to last known conflict check compression ratio can brute-force first 3 "bootstrap" characters, if needed (expensive) block ciphers hide exact plain text length. Solution is to align response in advance to block size Mitigations length: use variable padding secrets: dynamic CSRF tokens per request secret: change over time separate secret to input-less servlets Future work eiter understand DEFLATE/GZIP HTTPS extensions Running at 99%: Surviving an Application DoS Ryan Huber Ryan Huber, Risk I/O Ryan first discussed various ways to do a denial of service (DoS) attack against web services. One usual method is to find a slow web page and do several wgets. Or download large files. Apache is not well suited at handling a large number of connections, but one can put something in front of it Can use Apache alternatives, such as nginx How to identify malicious hosts short, sudden web requests user-agent is obvious (curl, python) same url requested repeatedly no web page referer (not normal) hidden links. hide a link and see if a bot gets it restricted access if not your geo IP (unless the website is global) missing common headers in request regular timing first seen IP at beginning of attack count requests per hosts (usually a very large number) Use of captcha can mitigate attacks, but you'll lose a lot of genuine users. Bouncer, goo.gl/c2vyEc and www.github.com/rawdigits/Bouncer Bouncer is software written by Ryan in netflow. Bouncer has a small, unobtrusive footprint and detects DoS attempts. It closes blacklisted sockets immediately (not nice about it, no proper close connection). Aggregator collects requests and controls your web proxies. Need NTP on the front end web servers for clean data for use by bouncer. Bouncer is also useful for a popularity storm ("Slashdotting") and scraper storms. Future features: gzip collection data, documentation, consumer library, multitask, logging destroyed connections. Takeaways: DoS mitigation is easier with a complete picture Bouncer designed to make it easier to detect and defend DoS—not a complete cure Security Response in the Age of Mass Customized Attacks Peleus Uhley and Karthik Raman Peleus Uhley and Karthik Raman, Adobe ASSET, blogs.adobe.com/asset/ Peleus and Karthik talked about response to mass-customized exploits. Attackers behave much like a business. "Mass customization" refers to concept discussed in the book Future Perfect by Stan Davis of Harvard Business School. Mass customization is differentiating a product for an individual customer, but at a mass production price. For example, the same individual with a debit card receives basically the same customized ATM experience around the world. Or designing your own PC from commodity parts. Exploit kits are another example of mass customization. The kits support multiple browsers and plugins, allows new modules. Exploit kits are cheap and customizable. Organized gangs use exploit kits. A group at Berkeley looked at 77,000 malicious websites (Grier et al., "Manufacturing Compromise: The Emergence of Exploit-as-a-Service", 2012). They found 10,000 distinct binaries among them, but derived from only a dozen or so exploit kits. Characteristics of Mass Malware: potent, resilient, relatively low cost Technical characteristics: multiple OS, multipe payloads, multiple scenarios, multiple languages, obfuscation Response time for 0-day exploits has gone down from ~40 days 5 years ago to about ~10 days now. So the drive with malware is towards mass customized exploits, to avoid detection There's plenty of evicence that exploit development has Project Manager bureaucracy. They infer from the malware edicts to: support all versions of reader support all versions of windows support all versions of flash support all browsers write large complex, difficult to main code (8750 lines of JavaScript for example Exploits have "loose coupling" of multipe versions of software (adobe), OS, and browser. This allows specific attacks against specific versions of multiple pieces of software. Also allows exploits of more obscure software/OS/browsers and obscure versions. Gave examples of exploits that exploited 2, 3, 6, or 14 separate bugs. However, these complete exploits are more likely to be buggy or fragile in themselves and easier to defeat. Future research includes normalizing malware and Javascript. Conclusion: The coming trend is that mass-malware with mass zero-day attacks will result in mass customization of attacks. x86 Rewriting: Defeating RoP and other Shinanighans Richard Wartell Richard Wartell The attack vector we are addressing here is: First some malware causes a buffer overflow. The malware has no program access, but input access and buffer overflow code onto stack Later the stack became non-executable. The workaround malware used was to write a bogus return address to the stack jumping to malware Later came ASLR (Address Space Layout Randomization) to randomize memory layout and make addresses non-deterministic. The workaround malware used was to jump t existing code segments in the program that can be used in bad ways "RoP" is Return-oriented Programming attacks. RoP attacks use your own code and write return address on stack to (existing) expoitable code found in program ("gadgets"). Pinkie Pie was paid $60K last year for a RoP attack. One solution is using anti-RoP compilers that compile source code with NO return instructions. ASLR does not randomize address space, just "gadgets". IPR/ILR ("Instruction Location Randomization") randomizes each instruction with a virtual machine. Richard's goal was to randomize a binary with no source code access. He created "STIR" (Self-Transofrming Instruction Relocation). STIR disassembles binary and operates on "basic blocks" of code. The STIR disassembler is conservative in what to disassemble. Each basic block is moved to a random location in memory. Next, STIR writes new code sections with copies of "basic blocks" of code in randomized locations. The old code is copied and rewritten with jumps to new code. the original code sections in the file is marked non-executible. STIR has better entropy than ASLR in location of code. Makes brute force attacks much harder. STIR runs on MS Windows (PEM) and Linux (ELF). It eliminated 99.96% or more "gadgets" (i.e., moved the address). Overhead usually 5-10% on MS Windows, about 1.5-4% on Linux (but some code actually runs faster!). The unique thing about STIR is it requires no source access and the modified binary fully works! Current work is to rewrite code to enforce security policies. For example, don't create a *.{exe,msi,bat} file. Or don't connect to the network after reading from the disk. Clowntown Express: interesting bugs and running a bug bounty program Collin Greene Collin Greene, Facebook Collin talked about Facebook's bug bounty program. Background at FB: FB has good security frameworks, such as security teams, external audits, and cc'ing on diffs. But there's lots of "deep, dark, forgotten" parts of legacy FB code. Collin gave several examples of bountied bugs. Some bounty submissions were on software purchased from a third-party (but bounty claimers don't know and don't care). We use security questions, as does everyone else, but they are basically insecure (often easily discoverable). Collin didn't expect many bugs from the bounty program, but they ended getting 20+ good bugs in first 24 hours and good submissions continue to come in. Bug bounties bring people in with different perspectives, and are paid only for success. Bug bounty is a better use of a fixed amount of time and money versus just code review or static code analysis. The Bounty program started July 2011 and paid out $1.5 million to date. 14% of the submissions have been high priority problems that needed to be fixed immediately. The best bugs come from a small % of submitters (as with everything else)—the top paid submitters are paid 6 figures a year. Spammers like to backstab competitors. The youngest sumitter was 13. Some submitters have been hired. Bug bounties also allows to see bugs that were missed by tools or reviews, allowing improvement in the process. Bug bounties might not work for traditional software companies where the product has release cycle or is not on Internet. Active Fingerprinting of Encrypted VPNs Anna Shubina Anna Shubina, Dartmouth Institute for Security, Technology, and Society (I missed the start of her talk because another track went overtime. But I have the DVD of the talk, so I'll expand later) IPsec leaves fingerprints. Using netcat, one can easily visually distinguish various crypto chaining modes just from packet timing on a chart (example, DES-CBC versus AES-CBC) One can tell a lot about VPNs just from ping roundtrips (such as what router is used) Delayed packets are not informative about a network, especially if far away from the network More needed to explore about how TCP works in real life with respect to timing Making Attacks Go Backwards Fuzzynop FuzzyNop, Mandiant This talk is not about threat attribution (finding who), product solutions, politics, or sales pitches. But who are making these malware threats? It's not a single person or group—they have diverse skill levels. There's a lot of fat-fingered fumblers out there. Always look for low-hanging fruit first: "hiding" malware in the temp, recycle, or root directories creation of unnamed scheduled tasks obvious names of files and syscalls ("ClearEventLog") uncleared event logs. Clearing event log in itself, and time of clearing, is a red flag and good first clue to look for on a suspect system Reverse engineering is hard. Disassembler use takes practice and skill. A popular tool is IDA Pro, but it takes multiple interactive iterations to get a clean disassembly. Key loggers are used a lot in targeted attacks. They are typically custom code or built in a backdoor. A big tip-off is that non-printable characters need to be printed out (such as "[Ctrl]" "[RightShift]") or time stamp printf strings. Look for these in files. Presence is not proof they are used. Absence is not proof they are not used. Java exploits. Can parse jar file with idxparser.py and decomile Java file. Java typially used to target tech companies. Backdoors are the main persistence mechanism (provided externally) for malware. Also malware typically needs command and control. Application of Artificial Intelligence in Ad-Hoc Static Code Analysis John Ashaman John Ashaman, Security Innovation Initially John tried to analyze open source files with open source static analysis tools, but these showed thousands of false positives. Also tried using grep, but tis fails to find anything even mildly complex. So next John decided to write his own tool. His approach was to first generate a call graph then analyze the graph. However, the problem is that making a call graph is really hard. For example, one problem is "evil" coding techniques, such as passing function pointer. First the tool generated an Abstract Syntax Tree (AST) with the nodes created from method declarations and edges created from method use. Then the tool generated a control flow graph with the goal to find a path through the AST (a maze) from source to sink. The algorithm is to look at adjacent nodes to see if any are "scary" (a vulnerability), using heuristics for search order. The tool, called "Scat" (Static Code Analysis Tool), currently looks for C# vulnerabilities and some simple PHP. Later, he plans to add more PHP, then JSP and Java. For more information see his posts in Security Innovation blog and NRefactory on GitHub. Mask Your Checksums—The Gorry Details Eric (XlogicX) Davisson Eric (XlogicX) Davisson Sometimes in emailing or posting TCP/IP packets to analyze problems, you may want to mask the IP address. But to do this correctly, you need to mask the checksum too, or you'll leak information about the IP. Problem reports found in stackoverflow.com, sans.org, and pastebin.org are usually not masked, but a few companies do care. If only the IP is masked, the IP may be guessed from checksum (that is, it leaks data). Other parts of packet may leak more data about the IP. TCP and IP checksums both refer to the same data, so can get more bits of information out of using both checksums than just using one checksum. Also, one can usually determine the OS from the TTL field and ports in a packet header. If we get hundreds of possible results (16x each masked nibble that is unknown), one can do other things to narrow the results, such as look at packet contents for domain or geo information. With hundreds of results, can import as CSV format into a spreadsheet. Can corelate with geo data and see where each possibility is located. Eric then demoed a real email report with a masked IP packet attached. Was able to find the exact IP address, given the geo and university of the sender. Point is if you're going to mask a packet, do it right. Eric wouldn't usually bother, but do it correctly if at all, to not create a false impression of security. Adventures with weird machines thirty years after "Reflections on Trusting Trust" Sergey Bratus Sergey Bratus, Dartmouth College (and Julian Bangert and Rebecca Shapiro, not present) "Reflections on Trusting Trust" refers to Ken Thompson's classic 1984 paper. "You can't trust code that you did not totally create yourself." There's invisible links in the chain-of-trust, such as "well-installed microcode bugs" or in the compiler, and other planted bugs. Thompson showed how a compiler can introduce and propagate bugs in unmodified source. But suppose if there's no bugs and you trust the author, can you trust the code? Hell No! There's too many factors—it's Babylonian in nature. Why not? Well, Input is not well-defined/recognized (code's assumptions about "checked" input will be violated (bug/vunerabiliy). For example, HTML is recursive, but Regex checking is not recursive. Input well-formed but so complex there's no telling what it does For example, ELF file parsing is complex and has multiple ways of parsing. Input is seen differently by different pieces of program or toolchain Any Input is a program input executes on input handlers (drives state changes & transitions) only a well-defined execution model can be trusted (regex/DFA, PDA, CFG) Input handler either is a "recognizer" for the inputs as a well-defined language (see langsec.org) or it's a "virtual machine" for inputs to drive into pwn-age ELF ABI (UNIX/Linux executible file format) case study. Problems can arise from these steps (without planting bugs): compiler linker loader ld.so/rtld relocator DWARF (debugger info) exceptions The problem is you can't really automatically analyze code (it's the "halting problem" and undecidable). Only solution is to freeze code and sign it. But you can't freeze everything! Can't freeze ASLR or loading—must have tables and metadata. Any sufficiently complex input data is the same as VM byte code Example, ELF relocation entries + dynamic symbols == a Turing Complete Machine (TM). @bxsays created a Turing machine in Linux from relocation data (not code) in an ELF file. For more information, see Rebecca "bx" Shapiro's presentation from last year's Toorcon, "Programming Weird Machines with ELF Metadata" @bxsays did same thing with Mach-O bytecode Or a DWARF exception handling data .eh_frame + glibc == Turning Machine X86 MMU (IDT, GDT, TSS): used address translation to create a Turning Machine. Page handler reads and writes (on page fault) memory. Uses a page table, which can be used as Turning Machine byte code. Example on Github using this TM that will fly a glider across the screen Next Sergey talked about "Parser Differentials". That having one input format, but two parsers, will create confusion and opportunity for exploitation. For example, CSRs are parsed during creation by cert requestor and again by another parser at the CA. Another example is ELF—several parsers in OS tool chain, which are all different. Can have two different Program Headers (PHDRs) because ld.so parses multiple PHDRs. The second PHDR can completely transform the executable. This is described in paper in the first issue of International Journal of PoC. Conclusions trusting computers not only about bugs! Bugs are part of a problem, but no by far all of it complex data formats means bugs no "chain of trust" in Babylon! (that is, with parser differentials) we need to squeeze complexity out of data until data stops being "code equivalent" Further information See and langsec.org. USENIX WOOT 2013 (Workshop on Offensive Technologies) for "weird machines" papers and videos.

    Read the article

  • Full Screen Video Tumblr

    - by Kodi Lane
    I have a tumblr theme seen on http://www.kodilane.com and i am trying to make my Video Posts full screen. I have tried editing the code but i can only get the pictures to stretch. I have attached the template i have so far, if you can spot the changes that need to be done to make the video posts stretch full screen like the pictures do i would really appreciate it. Thank You - Kodi <!DOCTYPE html> <html lang="en"> <head> <title>{Title} {block:PostSummary}- {PostSummary}{/block:PostSummary}</title> <link rel="shortcut icon" href="{Favicon}"> <link rel="alternate" type="application/rss+xml" href="{RSS}"> {block:Description} <meta name="description" content="{MetaDescription}" /> {/block:Description} <meta http-equiv="content-type" content="text/html; charset=utf-8" /> {block:Posts} <meta name="if:Reverse Description" content="0"/> <meta name="if:Include Attribution" content="1"/> <meta name="image:Background" content="http://static.tumblr.com/ffvtarv/QxLlmnswt/kims4.jpeg"/> <meta name="font:Body" content="Arial, Helvetica, sans"/> <meta name="color:Body Text" content="#fff"/> <meta name="color:Link" content="#d5d5d5"/> <meta name="color:Hover" content="#fff"/> <style type="text/css"> html, body, div, span, applet, object, iframe, h1, h2, h3, h4, h5, h6, p, blockquote, pre, a, abbr, acronym, address, big, cite, code, del, dfn, em, img, ins, kbd, q, s, samp, small, strike, strong, sub, sup, tt, var, b, u, i, center, dl, dt, dd, ol, ul, li, fieldset, form, label, legend, table, caption, tbody, tfoot, thead, tr, th, td, article, aside, canvas, details, embed, figure, figcaption, footer, header, hgroup, menu, nav, output, ruby, section, summary, time, mark, audio, video { margin: 0; padding: 0; border: 0; font-size: 100%; font: inherit; vertical-align: baseline; } /* HTML5 display-role reset for older browsers */ article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section { display: block; } body { line-height: 1; font-family: {font:Body}; } ol, ul, .bigcats li { list-style: none; } .main ol{ list-style:decimal; margin-left:25px; margin-bottom:10px; } .main ul{ list-style: disc; margin-left:25px; margin-bottom:10px; } blockquote, q { quotes: none; font-style: italic; padding:7px 7px; display:block; } ol.notes blockquote a{ line-height:22px; } blockquote:before, blockquote:after, q:before, q:after { content: ''; content: none; } table { border-collapse: collapse; border-spacing: 0; } strong{ color:#9d9d9d; font-weight: bold; } em{ font-style: italic; } {block:IfNotReverseDescription} .article{ max-width:420px; position:fixed; bottom:43px; right:0; } {/block:IfNotReverseDescription} {block:IfReverseDescription} .article{ max-width:420px; position:fixed; bottom:43px; left:0; } {/block:IfReverseDescription} h1, h2{ position:absolute; top:-9999px; left:-9999px; } .nav{ width:100%; padding: 10px 0px 10px 0px; text-align:left; z-index: 10; color:{color:Link}; margin-left:5px; } .navwrap{ background-color:#000; position:fixed; width:100%; bottom:0px; clear:both; /* Firefox 3.6+ */ background: -moz-linear-gradient(left, rgba(0, 0, 0, .5), rgba(0, 0, 0, 0.8)); /* Safari 4-5, Chrome 1-9 */ background: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .5)), to(rgba(0, 0, 0, 0.8))); /* Safari 5.1+, Chrome 10+ */ background: -webkit-linear-gradient(left, rgba(0, 0, 0, .5), rgba(0, 0, 0, 0.8)); /* Opera 11.10+ */ background: -o-linear-gradient(left, rgba(0, 0, 0, .5), rgba(0, 0, 0, 0.8)); padding-bottom:2px; box-shadow:0px 0px 3px #000000; } .nav ul li{ display:inline; font-size:13px; text-transform:uppercase; color:{color:Link}; list-style:none; text-align:center; } .nav li{ list-style: none; } .nav ul li a, .nav ul li a:visited { color:{color:Link}; padding: 10px 10px 3px 10px; } .nav ul li a:hover{ color:{color:Hover}; } a{ text-decoration:none; } .main a{ border-bottom: 1px {color:Link} dotted; color: {color:Link}; padding: 0 1px; } .main a:hover, .main a:focus{ color:{color:Hover}; border-bottom: transparent 1px solid; } a:visited, .main a:visited, { color: {color:Link}; } a:active {outline: none;} ol.notes, ol.notes li{ margin-bottom:2px; line-height:16px; } .audiometa{ padding-bottom:10px; } h3.push{ margin-bottom:10px; } h3{ margin-bottom:10px; } h3 a{ margin-bottom:10px; font-size:16px; color:{color:Hover}; } .main, .tags{ color:{color:Body Text}; display:block; padding: 15px; font-size: 12px; line-height: 16px; text-align: left; /* fallback */ background-color: #000; /* Firefox 3.6+ */ background: -moz-linear-gradient(left, rgba(0, 0, 0, .8), rgba(0, 0, 0, 0.6)); /* Safari 4-5, Chrome 1-9 */ background: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .8)), to(rgba(0, 0, 0, 0.6))); /* Safari 5.1+, Chrome 10+ */ background: -webkit-linear-gradient(left, rgba(0, 0, 0, .8), rgba(0, 0, 0, 0.6)); /* Opera 11.10+ */ background: -o-linear-gradient(left, rgba(0, 0, 0, .8), rgba(0, 0, 0, 0.6)); margin-top:5px; box-shadow:0px 0px 3px #000000 } .tags{ padding: 5px 15px; padding-bottom:7px; } .main iframe, .main embed{ margin-left:-5px; margin-top:-5px; } a.more-link, .tags a, .meta a{ line-height:18px; font-size:10px; border-bottom: 1px #888 dotted; color: {color:Link}; padding: 0 1px; margin: 0 2px; } p.meta{ margin-bottom:5px; } .tags a:hover, a.more-link:hover{ color:{color:Hover}; border-bottom: 1px #FFF dotted; } .pagination{ color: {color:Body Text}; padding: 10px 15px; font-size: 10px; line-height: 16px; text-align: left; /* fallback */ background-color: #000; /* Firefox 3.6+ */ background: -moz-linear-gradient(left, rgba(0, 0, 0, .8), rgba(0, 0, 0, 0.6)); /* Safari 4-5, Chrome 1-9 */ background: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .8)), to(rgba(0, 0, 0, 0.6))); /* Safari 5.1+, Chrome 10+ */ background: -webkit-linear-gradient(left, rgba(0, 0, 0, .8), rgba(0, 0, 0, 0.6)); /* Opera 11.10+ */ background: -o-linear-gradient(left, rgba(0, 0, 0, .8), rgba(0, 0, 0, 0.6)); margin-top:5px; box-shadow:0px 0px 3px #000000 } .pagination:hover{ /* Firefox 3.6+ */ background: -moz-linear-gradient(left, rgba(0, 0, 0, .6), rgba(0, 0, 0, 0.8)); /* Safari 4-5, Chrome 1-9 */ background: -webkit-gradient(linear, left top, right top, from(rgba(0, 0, 0, .6)), to(rgba(0, 0, 0, 0.8))); /* Safari 5.1+, Chrome 10+ */ background: -webkit-linear-gradient(left, rgba(0, 0, 0, .6), rgba(0, 0, 0, 0.8)); /* Opera 11.10+ */ background: -o-linear-gradient(left, rgba(0, 0, 0, .6), rgba(0, 0, 0, 0.8)); } #nextslide { width:48%; height:100%; background: url(http://static.tumblr.com/szanjxb/vI6lmo15u/forward.png) no-repeat right center, url(http://static.tumblr.com/ffvtarv/gemlmnsks/next-shadow.png) repeat-y right; position:fixed; top:0; right:0; float:left; opacity:0; filter:alpha(opacity=0); -webkit-transition: opacity .5s ease-out; -moz-transition: opacity .5s ease-out; -o-transition: opacity .5s ease-out; overflow:none; } p{ margin-bottom: 10px; } p:last-child{ margin-bottom: 0px; } #prevslide{ width:48%; float:left; height:100%; background: url(http://static.tumblr.com/szanjxb/MSClmo15g/back.png) no-repeat left center, url(http://static.tumblr.com/ffvtarv/bKulmnsl6/prev-shadow.png) repeat-y left; position:fixed; top: 0; left: 0; opacity:0; filter:alpha(opacity=0); -webkit-transition: opacity .5s ease-out; -moz-transition: opacity .5s ease-out; -o-transition: opacity .5s ease-out; } #nextslide:hover, #prevslide:hover{ filter:alpha(opacity=100); opacity:1.0; -webkit-transition: opacity .2s ease-out; -moz-transition: opacity .2s ease-out; -o-transition: opacity .2s ease-out; } p.time{ padding-bottom:10px; margin-bottom:10px; text-align: right; } .left{ float:left; } .right{ float:right; } .button{ position:fixed; bottom: 9px; right: 15px; line-height:12px; font-size:13px; color:{color:Link}; cursor: pointer; float:left; padding-bottom:1px; border-bottom: 2px solid transparent; } .button:hover{ color:{color:Link}; } .notes{ line-height: 11px; } ol.notes li{ list-style: none; } .clear { clear: both; display: block; overflow: hidden; visibility: hidden; width: 0; height: 0; } .hidden{ display:none; } {block:Photo} body {background: url({PhotoURL-HighRes}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Photo} {block:Text} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Text} {block:Video} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Video} {block:Quote} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Quote} {block:Link} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Link} {block:Audio} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {block:AlbumArt} body{ background: url({AlbumArtURL}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover; } {/block:AlbumArt} {/block:Audio} {block:Answer} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Answer} {block:Chat} body {background: url({image:Background}) no-repeat center center fixed black; -webkit-background-size: cover; -moz-background-size: cover; -o-background-size: cover; background-size: cover;} {/block:Chat} {CustomCSS} </style> <script src="http://static.tumblr.com/ffvtarv/W6Llmnske/jquery-git.js"></script> <script src="http://static.tumblr.com/ffvtarv/QpUlmnsje/jquery.cookie.js"></script> <script> var uiStatus = $.cookie("uiStatus") $(document).ready(function(){ if(uiStatus == 'hidden') { $(".article,.navwrap").hide() }; $(".button").click(function () { $(".article,.navwrap").fadeToggle("slow", "swing"); if(uiStatus == 'hidden') { $.cookie("uiStatus", "visible"); } else { $.cookie("uiStatus", "hidden"); }; }); }); </script> </head> <h1><a href="/">{Title}</a></h1> <h2>{Description}</h2> <!-- Main Side Navigation --> {block:Pagination} {block:PreviousPage} <a href="{PreviousPage}" title="Next Post"><div id="nextslide"></div></a> {/block:PreviousPage} {block:NextPage} <a href="{NextPage}" title="Previous Post"><div id="prevslide"></div></a> {/block:NextPage} {/block:Pagination} {block:PermalinkPagination} {block:PreviousPost} <a href="{PreviousPost}" title="Previous Post"><div id="prevslide"></div></a> {/block:PreviousPost} {block:NextPost} <a href="{NextPost}" title="Next Post"><div id="nextslide"></div></a> {/block:NextPost} {/block:PermalinkPagination} <div class="article"> {block:Pagination} {block:PreviousPage} <a href="{PreviousPage}" title="Newer Post"><div class="pagination">Newer Post</div></a> {/block:PreviousPage} {block:NextPage} <a href="{NextPage}" title="Older Post"><div class="pagination">Older Post</div></a> {/block:NextPage} {/block:Pagination} {block:PermalinkPagination} {block:NextPost} <a href="{NextPost}" title="Newer Post"><div class="pagination">Newer Post</div></a> {/block:NextPost} {block:PreviousPost} <a href="{PreviousPost}" title="Older Post"><div class="pagination">Older Post</div></a> {/block:PreviousPost} {/block:PermalinkPagination} {block:HasTags} <div class="tags"> {block:Tags} <a href="{TagURL}">{Tag}</a> {/block:Tags} </div> {/block:HasTags} <div class="main"> {block:Photo} {block:Caption} {Caption} {/block:Caption} {/block:Photo} {block:Video} {Video-400} {block:Caption} {Caption} {/block:Caption} {/block:Video} {block:Link} <h3><a href="{URL}" target="{Target}">{Name}</a></h3> {block:Description} {Description} {/block:Description} {/block:Link} {block:Quote} <h3>{Quote}</h3> {block:Source} <strong><p>{Source}</p></strong> {/block:Source} {/block:Quote} {block:Audio} {AudioPlayerBlack} <div class="audiometa"> {block:Artist} {Artist} {/block:Artist} {block:Album} {Album} {/block:Album} {block:TrackName} {TrackName} {/block:TrackName} </div> {block:Caption} {Caption} {/block:Caption} {/block:Audio} {block:Chat} <h3 class="push">{Title}</h3> {block:Lines} <p class="chat {Alt}"><strong>{block:Label}{Label}{/block:Label}</strong> {Line}</p> {/block:Lines} {/block:Chat} {block:Text} {Body} {block:Text} <p class="meta"> <a href="http://tmv.proto.jp/reblog.php?post_url={Permalink};" title="Reblog this" class="more-link left">Reblog</a> <span class="hidden">{block:Photo}{LinkOpenTag}Source{LinkCloseTag}{/block:Photo}</span> <a href="{Permalink}" title="Permalink{PhotoAlt}" class="more-link right notes">{NoteCountWithLabel}</a> </p> <div class="clear"></div> </div> </div> <script type="text/javascript"> document.onkeyup = KeyCheck; function KeyCheck(e) { var KeyID = (window.event) ? event.keyCode : e.keyCode; switch(KeyID) { {block:Pagination} {block:PreviousPage} case 39: window.location = "{PreviousPage}"; break; {/block:PreviousPage} {block:NextPage} case 37: window.location = "{NextPage}"; break; {/block:NextPage} {/block:Pagination} {block:PermalinkPagination} {block:PreviousPost} case 39: window.location = "{NextPost}"; break; {/block:PreviousPost} {block:NextPost} case 37: window.location = "{PreviousPost}"; break; {/block:NextPost} {/block:PermalinkPagination} } } </script> <div class="navwrap"> <div class="nav"> <ul> <li><a href="/" title="{Title}">KODI LANE</a></li> <li><a href="/archive" title="Archive of posts">Archive</a></li> {block:AskEnabled}<li><a href="/ask" title="Ask">{AskLabel}</a></li>{/block:AskEnabled} {block:SubmissionsEnabled}<li><a href="/submit" title="Submit">{SubmitLabel}</a></li>{/block:SubmissionsEnabled} {block:HasPages}{block:Pages}<li><a href="{URL}">{Label}</a></li>{/block:Pages}{/block:HasPages} {block:IfIncludeAttribution}<li><a href="http://jonathanhaggard.com/">Theme by Jon</a></li>{/block:IfIncludeAttribution} </ul> </div> </div> <div class="button">HIDE/SHOW UI</div> {/block:Posts}

    Read the article

  • Top things web developers should know about the Visual Studio 2013 release

    - by Jon Galloway
    ASP.NET and Web Tools for Visual Studio 2013 Release NotesASP.NET and Web Tools for Visual Studio 2013 Release NotesSummary for lazy readers: Visual Studio 2013 is now available for download on the Visual Studio site and on MSDN subscriber downloads) Visual Studio 2013 installs side by side with Visual Studio 2012 and supports round-tripping between Visual Studio versions, so you can try it out without committing to a switch Visual Studio 2013 ships with the new version of ASP.NET, which includes ASP.NET MVC 5, ASP.NET Web API 2, Razor 3, Entity Framework 6 and SignalR 2.0 The new releases ASP.NET focuses on One ASP.NET, so core features and web tools work the same across the platform (e.g. adding ASP.NET MVC controllers to a Web Forms application) New core features include new templates based on Bootstrap, a new scaffolding system, and a new identity system Visual Studio 2013 is an incredible editor for web files, including HTML, CSS, JavaScript, Markdown, LESS, Coffeescript, Handlebars, Angular, Ember, Knockdown, etc. Top links: Visual Studio 2013 content on the ASP.NET site are in the standard new releases area: http://www.asp.net/vnext ASP.NET and Web Tools for Visual Studio 2013 Release Notes Short intro videos on the new Visual Studio web editor features from Scott Hanselman and Mads Kristensen Announcing release of ASP.NET and Web Tools for Visual Studio 2013 post on the official .NET Web Development and Tools Blog Scott Guthrie's post: Announcing the Release of Visual Studio 2013 and Great Improvements to ASP.NET and Entity Framework Okay, for those of you who are still with me, let's dig in a bit. Quick web dev notes on downloading and installing Visual Studio 2013 I found Visual Studio 2013 to be a pretty fast install. According to Brian Harry's release post, installing over pre-release versions of Visual Studio is supported.  I've installed the release version over pre-release versions, and it worked fine. If you're only going to be doing web development, you can speed up the install if you just select Web Developer tools. Of course, as a good Microsoft employee, I'll mention that you might also want to install some of those other features, like the Store apps for Windows 8 and the Windows Phone 8.0 SDK, but they do download and install a lot of other stuff (e.g. the Windows Phone SDK sets up Hyper-V and downloads several GB's of VM's). So if you're planning just to do web development for now, you can pick just the Web Developer Tools and install the other stuff later. If you've got a fast internet connection, I recommend using the web installer instead of downloading the ISO. The ISO includes all the features, whereas the web installer just downloads what you're installing. Visual Studio 2013 development settings and color theme When you start up Visual Studio, it'll prompt you to pick some defaults. These are totally up to you -whatever suits your development style - and you can change them later. As I said, these are completely up to you. I recommend either the Web Development or Web Development (Code Only) settings. The only real difference is that Code Only hides the toolbars, and you can switch between them using Tools / Import and Export Settings / Reset. Web Development settings Web Development (code only) settings Usually I've just gone with Web Development (code only) in the past because I just want to focus on the code, although the Standard toolbar does make it easier to switch default web browsers. More on that later. Color theme Sigh. Okay, everyone's got their favorite colors. I alternate between Light and Dark depending on my mood, and I personally like how the low contrast on the window chrome in those themes puts the emphasis on my code rather than the tabs and toolbars. I know some people got pretty worked up over that, though, and wanted the blue theme back. I personally don't like it - it reminds me of ancient versions of Visual Studio that I don't want to think about anymore. So here's the thing: if you install Visual Studio Ultimate, it defaults to Blue. The other versions default to Light. If you use Blue, I won't criticize you - out loud, that is. You can change themes really easily - either Tools / Options / Environment / General, or the smart way: ctrl+q for quick launch, then type Theme and hit enter. Signing in During the first run, you'll be prompted to sign in. You don't have to - you can click the "Not now, maybe later" link at the bottom of that dialog. I recommend signing in, though. It's not hooked in with licensing or tracking the kind of code you write to sell you components. It is doing good things, like  syncing your Visual Studio settings between computers. More about that here. So, you don't have to, but I sure do. Overview of shiny new things in ASP.NET land There are a lot of good new things in ASP.NET. I'll list some of my favorite here, but you can read more on the ASP.NET site. One ASP.NET You've heard us talk about this for a while. The idea is that options are good, but choice can be a burden. When you start a new ASP.NET project, why should you have to make a tough decision - with long-term consequences - about how your application will work? If you want to use ASP.NET Web Forms, but have the option of adding in ASP.NET MVC later, why should that be hard? It's all ASP.NET, right? Ideally, you'd just decide that you want to use ASP.NET to build sites and services, and you could use the appropriate tools (the green blocks below) as you needed them. So, here it is. When you create a new ASP.NET application, you just create an ASP.NET application. Next, you can pick from some templates to get you started... but these are different. They're not "painful decision" templates, they're just some starting pieces. And, most importantly, you can mix and match. I can pick a "mostly" Web Forms template, but include MVC and Web API folders and core references. If you've tried to mix and match in the past, you're probably aware that it was possible, but not pleasant. ASP.NET MVC project files contained special project type GUIDs, so you'd only get controller scaffolding support in a Web Forms project if you manually edited the csproj file. Features in one stack didn't work in others. Project templates were painful choices. That's no longer the case. Hooray! I just did a demo in a presentation last week where I created a new Web Forms + MVC + Web API site, built a model, scaffolded MVC and Web API controllers with EF Code First, add data in the MVC view, viewed it in Web API, then added a GridView to the Web Forms Default.aspx page and bound it to the Model. In about 5 minutes. Sure, it's a simple example, but it's great to be able to share code and features across the whole ASP.NET family. Authentication In the past, authentication was built into the templates. So, for instance, there was an ASP.NET MVC 4 Intranet Project template which created a new ASP.NET MVC 4 application that was preconfigured for Windows Authentication. All of that authentication stuff was built into each template, so they varied between the stacks, and you couldn't reuse them. You didn't see a lot of changes to the authentication options, since they required big changes to a bunch of project templates. Now, the new project dialog includes a common authentication experience. When you hit the Change Authentication button, you get some common options that work the same way regardless of the template or reference settings you've made. These options work on all ASP.NET frameworks, and all hosting environments (IIS, IIS Express, or OWIN for self-host) The default is Individual User Accounts: This is the standard "create a local account, using username / password or OAuth" thing; however, it's all built on the new Identity system. More on that in a second. The one setting that has some configuration to it is Organizational Accounts, which lets you configure authentication using Active Directory, Windows Azure Active Directory, or Office 365. Identity There's a new identity system. We've taken the best parts of the previous ASP.NET Membership and Simple Identity systems, rolled in a lot of feedback and made big enhancements to support important developer concerns like unit testing and extensiblity. I've written long posts about ASP.NET identity, and I'll do it again. Soon. This is not that post. The short version is that I think we've finally got just the right Identity system. Some of my favorite features: There are simple, sensible defaults that work well - you can File / New / Run / Register / Login, and everything works. It supports standard username / password as well as external authentication (OAuth, etc.). It's easy to customize without having to re-implement an entire provider. It's built using pluggable pieces, rather than one large monolithic system. It's built using interfaces like IUser and IRole that allow for unit testing, dependency injection, etc. You can easily add user profile data (e.g. URL, twitter handle, birthday). You just add properties to your ApplicationUser model and they'll automatically be persisted. Complete control over how the identity data is persisted. By default, everything works with Entity Framework Code First, but it's built to support changes from small (modify the schema) to big (use another ORM, store your data in a document database or in the cloud or in XML or in the EXIF data of your desktop background or whatever). It's configured via OWIN. More on OWIN and Katana later, but the fact that it's built using OWIN means it's portable. You can find out more in the Authentication and Identity section of the ASP.NET site (and lots more content will be going up there soon). New Bootstrap based project templates The new project templates are built using Bootstrap 3. Bootstrap (formerly Twitter Bootstrap) is a front-end framework that brings a lot of nice benefits: It's responsive, so your projects will automatically scale to device width using CSS media queries. For example, menus are full size on a desktop browser, but on narrower screens you automatically get a mobile-friendly menu. The built-in Bootstrap styles make your standard page elements (headers, footers, buttons, form inputs, tables etc.) look nice and modern. Bootstrap is themeable, so you can reskin your whole site by dropping in a new Bootstrap theme. Since Bootstrap is pretty popular across the web development community, this gives you a large and rapidly growing variety of templates (free and paid) to choose from. Bootstrap also includes a lot of very useful things: components (like progress bars and badges), useful glyphicons, and some jQuery plugins for tooltips, dropdowns, carousels, etc.). Here's a look at how the responsive part works. When the page is full screen, the menu and header are optimized for a wide screen display: When I shrink the page down (this is all based on page width, not useragent sniffing) the menu turns into a nice mobile-friendly dropdown: For a quick example, I grabbed a new free theme off bootswatch.com. For simple themes, you just need to download the boostrap.css file and replace the /content/bootstrap.css file in your project. Now when I refresh the page, I've got a new theme: Scaffolding The big change in scaffolding is that it's one system that works across ASP.NET. You can create a new Empty Web project or Web Forms project and you'll get the Scaffold context menus. For release, we've got MVC 5 and Web API 2 controllers. We had a preview of Web Forms scaffolding in the preview releases, but they weren't fully baked for RTM. Look for them in a future update, expected pretty soon. This scaffolding system wasn't just changed to work across the ASP.NET frameworks, it's also built to enable future extensibility. That's not in this release, but should also hopefully be out soon. Project Readme page This is a small thing, but I really like it. When you create a new project, you get a Project_Readme.html page that's added to the root of your project and opens in the Visual Studio built-in browser. I love it. A long time ago, when you created a new project we just dumped it on you and left you scratching your head about what to do next. Not ideal. Then we started adding a bunch of Getting Started information to the new project templates. That told you what to do next, but you had to delete all of that stuff out of your website. It doesn't belong there. Not ideal. This is a simple HTML file that's not integrated into your project code at all. You can delete it if you want. But, it shows a lot of helpful links that are current for the project you just created. In the future, if we add new wacky project types, they can create readme docs with specific information on how to do appropriately wacky things. Side note: I really like that they used the internal browser in Visual Studio to show this content rather than popping open an HTML page in the default browser. I hate that. It's annoying. If you're doing that, I hope you'll stop. What if some unnamed person has 40 or 90 tabs saved in their browser session? When you pop open your "Thanks for installing my Visual Studio extension!" page, all eleventy billion tabs start up and I wish I'd never installed your thing. Be like these guys and pop stuff Visual Studio specific HTML docs in the Visual Studio browser. ASP.NET MVC 5 The biggest change with ASP.NET MVC 5 is that it's no longer a separate project type. It integrates well with the rest of ASP.NET. In addition to that and the other common features we've already looked at (Bootstrap templates, Identity, authentication), here's what's new for ASP.NET MVC. Attribute routing ASP.NET MVC now supports attribute routing, thanks to a contribution by Tim McCall, the author of http://attributerouting.net. With attribute routing you can specify your routes by annotating your actions and controllers. This supports some pretty complex, customized routing scenarios, and it allows you to keep your route information right with your controller actions if you'd like. Here's a controller that includes an action whose method name is Hiding, but I've used AttributeRouting to configure it to /spaghetti/with-nesting/where-is-waldo public class SampleController : Controller { [Route("spaghetti/with-nesting/where-is-waldo")] public string Hiding() { return "You found me!"; } } I enable that in my RouteConfig.cs, and I can use that in conjunction with my other MVC routes like this: public class RouteConfig { public static void RegisterRoutes(RouteCollection routes) { routes.IgnoreRoute("{resource}.axd/{*pathInfo}"); routes.MapMvcAttributeRoutes(); routes.MapRoute( name: "Default", url: "{controller}/{action}/{id}", defaults: new { controller = "Home", action = "Index", id = UrlParameter.Optional } ); } } You can read more about Attribute Routing in ASP.NET MVC 5 here. Filter enhancements There are two new additions to filters: Authentication Filters and Filter Overrides. Authentication filters are a new kind of filter in ASP.NET MVC that run prior to authorization filters in the ASP.NET MVC pipeline and allow you to specify authentication logic per-action, per-controller, or globally for all controllers. Authentication filters process credentials in the request and provide a corresponding principal. Authentication filters can also add authentication challenges in response to unauthorized requests. Override filters let you change which filters apply to a given action method or controller. Override filters specify a set of filter types that should not be run for a given scope (action or controller). This allows you to configure filters that apply globally but then exclude certain global filters from applying to specific actions or controllers. ASP.NET Web API 2 ASP.NET Web API 2 includes a lot of new features. Attribute Routing ASP.NET Web API supports the same attribute routing system that's in ASP.NET MVC 5. You can read more about the Attribute Routing features in Web API in this article. OAuth 2.0 ASP.NET Web API picks up OAuth 2.0 support, using security middleware running on OWIN (discussed below). This is great for features like authenticated Single Page Applications. OData Improvements ASP.NET Web API now has full OData support. That required adding in some of the most powerful operators: $select, $expand, $batch and $value. You can read more about OData operator support in this article by Mike Wasson. Lots more There's a huge list of other features, including CORS (cross-origin request sharing), IHttpActionResult, IHttpRequestContext, and more. I think the best overview is in the release notes. OWIN and Katana I've written about OWIN and Katana recently. I'm a big fan. OWIN is the Open Web Interfaces for .NET. It's a spec, like HTML or HTTP, so you can't install OWIN. The benefit of OWIN is that it's a community specification, so anyone who implements it can plug into the ASP.NET stack, either as middleware or as a host. Katana is the Microsoft implementation of OWIN. It leverages OWIN to wire up things like authentication, handlers, modules, IIS hosting, etc., so ASP.NET can host OWIN components and Katana components can run in someone else's OWIN implementation. Howard Dierking just wrote a cool article in MSDN magazine describing Katana in depth: Getting Started with the Katana Project. He had an interesting example showing an OWIN based pipeline which leveraged SignalR, ASP.NET Web API and NancyFx components in the same stack. If this kind of thing makes sense to you, that's great. If it doesn't, don't worry, but keep an eye on it. You're going to see some cool things happen as a result of ASP.NET becoming more and more pluggable. Visual Studio Web Tools Okay, this stuff's just crazy. Visual Studio has been adding some nice web dev features over the past few years, but they've really cranked it up for this release. Visual Studio is by far my favorite code editor for all web files: CSS, HTML, JavaScript, and lots of popular libraries. Stop thinking of Visual Studio as a big editor that you only use to write back-end code. Stop editing HTML and CSS in Notepad (or Sublime, Notepad++, etc.). Visual Studio starts up in under 2 seconds on a modern computer with an SSD. Misspelling HTML attributes or your CSS classes or jQuery or Angular syntax is stupid. It doesn't make you a better developer, it makes you a silly person who wastes time. Browser Link Browser Link is a real-time, two-way connection between Visual Studio and all connected browsers. It's only attached when you're running locally, in debug, but it applies to any and all connected browser, including emulators. You may have seen demos that showed the browsers refreshing based on changes in the editor, and I'll agree that's pretty cool. But it's really just the start. It's a two-way connection, and it's built for extensiblity. That means you can write extensions that push information from your running application (in IE, Chrome, a mobile emulator, etc.) back to Visual Studio. Mads and team have showed off some demonstrations where they enabled edit mode in the browser which updated the source HTML back on the browser. It's also possible to look at how the rendered HTML performs, check for compatibility issues, watch for unused CSS classes, the sky's the limit. New HTML editor The previous HTML editor had a lot of old code that didn't allow for improvements. The team rewrote the HTML editor to take advantage of the new(ish) extensibility features in Visual Studio, which then allowed them to add in all kinds of features - things like CSS Class and ID IntelliSense (so you type style="" and get a list of classes and ID's for your project), smart indent based on how your document is formatted, JavaScript reference auto-sync, etc. Here's a 3 minute tour from Mads Kristensen. The previous HTML editor had a lot of old code that didn't allow for improvements. The team rewrote the HTML editor to take advantage of the new(ish) extensibility features in Visual Studio, which then allowed them to add in all kinds of features - things like CSS Class and ID IntelliSense (so you type style="" and get a list of classes and ID's for your project), smart indent based on how your document is formatted, JavaScript reference auto-sync, etc. Lots more Visual Studio web dev features That's just a sampling - there's a ton of great features for JavaScript editing, CSS editing, publishing, and Page Inspector (which shows real-time rendering of your page inside Visual Studio). Here are some more short videos showing those features. Lots, lots more Okay, that's just a summary, and it's still quite a bit. Head on over to http://asp.net/vnext for more information, and download Visual Studio 2013 now to get started!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 258 259 260 261 262 263 264 265 266 267 268 269  | Next Page >