Search Results

Search found 1426 results on 58 pages for 'risk'.

Page 35/58 | < Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >

• Launching an external application from within a NPAPI Plugin

  - by Adam Cobb

  I am trying to work out why an NPAPI plugin I have written, which works fine in terms of performing operations triggered via Javascipt calls, cannot use CreateProcess() or ShellExecute() to launch an application from a path specified via the Javascript call. I can seemingly use either of these methods and they return success, i.e. no error code. But the application just does not launch. I have tried modifying the parameters used when calling them, to create new process group etc. But seemingly with no effect. I know this may seem like a bit of a security risk, but for the very specific purpose we wish to use it for it shouldn't be a problem. Thanks.

  Read the article

• How do I program an AVR Raven with Linux or a Mac?

  - by Andrew McGregor

  This tutorial for programming these starts with programming the Ravens and Jackdaw with a Windows box. Can I do those initial steps with avrdude on a Linux or OS X machine instead? If so, how? Is there any risk of bricking the hardware if I just try? I have a USB JTAG ICE MKii clone, which is supposed to work for this. I'm totally new to AVR, but very experienced with C/C++ programming on Linux or OS X, up to and including kernel programming... so any hint at all would be appreciated, I can read man pages, but only if I know what I'm looking for.

  Read the article

• Best Ergonomic trackball (finger-operated, with scroll wheel) for programmer

  - by Clay Nichols

  We programmers are at great risk of RSI. After 10 years, I was having shoulder problems and switched to a trackball, which helped, then switched to my left hand which helped even more. I'm looking for a good finger-operated trackball with a scroll wheel. (I do not like the ones where you control the ball w/ your thumb. My thumb isn't as dexterous). I also want to have a scroll wheel. I currently use a Logitech Marble Mouse but the scrolling implementation is very poor. EDIT: I just tried the Marble Scroll (free software that provides better scrolling. Works great. Another option is the KatMouse addon (which I've not tried) for trackballs. I hear the old Logitech Trackman was very good, but is no longer available. Anyone have experience with the Marble Mouse (and the above fixes) ? Or any suggestions of a good trackball.

  Read the article

• Why don't web fonts in Firefox don't work on a different domain?

  - by mikez302

  I was experimenting with the fancy new OpenType font capability in Firefox 3.5 and I ran into a problem. I was trying to embed a font on a different domain than the page it would be used on, and it didn't work. I thought it may have been a bug, but from what I read on the MDC reference page, I noticed this note: In Gecko, web fonts are subject to the same domain restriction (font files must be on the same domain as the page using them), unless HTTP access controls are used to relax this restriction. It looks like they designed the browser that way on purpose. Out of curiosity, why would they do that? Is there any security risk with embedding a font? Or is it for legal trademark or copyright issues? Or something else?

  Read the article

• VB.net Edit-And-Continue: ignore "unable to apply this change while debugging"

  - by FastAl

  When using VB.Net (2008) and paused in debugging, Edit-And-Continue is a great time-saver. However if you change any module/class-level information (variable, sub/function signature, etc), you get the error message like this: "unable to apply this change while debugging" While I can understand the technical challenge to making this work (and why it would be hard), it leaves me in a tight spot with just a few options: 1) Restart and recompile and get the program back to the same state 2) Continue debugging without making the change, and risk forgetting 3) Type up a reminder note to make the change All of which are annoying. Now I know that option '4) Just actually make the change' may not be possible. but does anybody know how to enable the following 'technically easy' possibility? 4) Let me change the code, get it flagged with the purple squiggly underline, so I can save it, but just ignore the change until recompile I have checked the Tools|options|debug|edit and continue, nothing appears to let me do this. thanks!

  Read the article

• Why don't stacks grow upwards (for security)?

  - by AshleysBrain

  This is related to the question 'Why do stacks typically grow downwards?', but more from a security point of view. I'm generally referring to x86. It strikes me as odd that the stack would grow downwards, when buffers are usually written to upwards in memory. For example a typical C++ string has its end at a higher memory address than the beginning. This means that if there's a buffer overflow you're overwriting further up the call stack, which I understand is a security risk, since it opens the possibility of changing return addresses and local variable contents. If the stack grew upwards in memory, wouldn't buffer overflows simply run in to dead memory? Would this improve security? If so, why hasn't it been done? What about x64, do those stacks grow upwards and if not why not?

  Read the article

• safely encode and pass a string from a html link to PHP program

  - by bert

  What series of steps would be reqired to safely encode and pass a string from a html href using javascript to construct the link to a php program. in javascript set up URL // encodes a URI component. path = "mypgm.php?from=" + encodeURIComponent(myvar) ; in php: // get passed variables $myvar = isset($_GET['myvar']) ? ($_GET['myvar']) : ''; // decode - (make the string readable) $myvar = (rawurldecode($myvar)); // converts characters to HTML entities (reduce risk of attack) $myvar = htmlentities($myvar); // maybe custom sanitize program as well? // see [http://stackoverflow.com/questions/2668854/php-sanitizing-strings-to-make-them-url-and-filename-safe][1] $myvar = sanitize($myvar);

  Read the article

• Should I trust Redis for data integrity?

  - by Jiaji

  In my current project, I have PostgreSQL as my master DB, and Redis as kind of a slave, e.g., when some user adds another as a friend, first the relationship will be stored in PostgreSQL and then a friend list in Redis will be updated. When some user's friend list is requested, it will be pulled out of Redis instead of PostgreSQL. The question is: when I update the friend list in Redis, should I get a fresh copy outof PostgreSQL, and replace the old list in Redis with the new one or should I keep the old list and simply SADD the userid into the list? The latter is of course best for performance, but intuitively the former does a better job in keep the data integrity? And if something like Celery is used, is the second method worth the risk?

  Read the article

• Data logged to a file; how do I rotate logs and how do I parse the data to not have 'gaps' in the da

  - by phidah

  I've got a web application that, for performance reasons, throws any data sent into a logfile. I've got two concerns with this approach: How do I best rotate logs, in order to not lose data? For each user session multiple requests are logged. Each request has a unique id so there is an easy way for me to tie the requests to the session. The problem is, however, that if I rotate the logs I risk ending up with one request in one log and another request in another log. How do I arrange my parsing in a way that allows me to parse all requests from a given session? I am willing to define a session timelimit, for example that the requests must, at maximum be 30 minutes apart. If I had a hourly log rotation at 00 minutes: What if the user made one request at 13:59 and one at 14:01 - The user would end up having requests in two different logs.

  Read the article

• Is man-in-the-middle attack a security threat during SSH authentication using keys?

  - by JP19

  Hi, I am no expert in network security, so pardon if this question is not very smart :). I am automating logins to some machines using ssh. I am currently avoiding host-key warnings using StrictHostKeyChecking no. I naively understand that someone can impersonate as the server and I risk losing my password to him if that were the case. However, if I am using only public/private Key based authentication ( using PasswordAuthentication no ), can the intruder still cause harm? So basically, with ssh -o "StrictHostKeyChecking no" -o "PasswordAuthentication no" : 1) Can the intruder decipher my private key? 2) Are there any other security threats? regards, JP

  Read the article

• READING stderr from within Awk

  - by Dave

  I want to keep SSH debug info separate (and logged) from other input. However, if I simply redirect stderr to a log file, I risk combining output from SSH and output from the remote process on the host machine (that might send something to stderr): $ ssh -v somemachine 2 file.log So, I want to filter out only those lines that match "debug1": $ ssh -v somemachine | awk '/debug1/ {print "file.log"; next} {print}' Good so far, BUT ssh's debug output goes to stderr. So... $ ssh -v somemachine 2& | awk '/debug1/ {print "file.log"; next} {print}' Foiled again! I don't want to mix stdout and stderr. BAD! What does a kid like me do? I was about to go the route of named pipes or some such wildeness, but really, all I need to know is how to get awk to match patterns from stderr ONLY.

  Read the article

• QML 5.3 iOS compilation of pure QML app

  - by Nathaniel Johnson

  I have an application written in QML. Initially, I used the standard C++ bootstrap for the app. int main(int argc, char *argv[]) { QApplication app(argc, argv); // A bunch of components and data models written in C++ QQmlApplicationEngine engine; engine.load(QUrl(QStringLiteral("qrc:///main.qml"))); return app.exec(); } The bulk of the app is in QML and the more I work with QML, the happier I am with it and the more I feel comfortable converting the C++ pieces to QML. So, it comes to one risk that I wanted to ask about. If I convert the app to a pure QML application like the kind generated by the Qt Quick UI application wizard with no C++ and designed to be run with qmlscene will I be able to compile it for iOS when the time to port it comes or will I end up just converting it back to the C++ loader form? TL;DR Can pure QML (no C++) apps be compiled and run on iOS devices?

  Read the article

• iphone: is there any secure way to establish 2-way SSL from an application

  - by pmilosev

  Hi I need to establish a HTTPS 2-way SSL connection from my iPhone application to the customer's server. However I don't see any secure way to deliver the client side certificates to the application (it's an e-banking app, so security is really an issue). From what I have found so far the only way that the app would be able to access the certificate is to provide it pre-bundeled with the application itself, or expose an URL from which it could be fetched (http://stackoverflow.com/questions/2037172/iphone-app-with-ssl-client-certs). The thing is that neither of this two ways prevent some third party to get the certificate, which if accepted as a risk eliminates the need for 2-way SSL (since anyone can have the client certificate). The whole security protocol should look like this: - HTTPS 2-way SSL to authenticate the application - OTP (token) based user registration (client side key pair generated at this step) - SOAP / WSS XML-Signature (requests signed by the keys generated earlier) Any idea on how to establish the first layer of security (HTTPS) ? regards

  Read the article

• Postgres column casting...

  - by Simon

  I have a query SELECT assetid, type_code, version, name, short_name, status, languages, charset, force_secure, created, created_userid, updated, updated_userid, published, published_userid, status_changed, status_changed_userid FROM sq_ast WHERE assetid = 7 which doesn't work and throws ERROR: operator does not exist: character varying = integer LINE 4: FROM sq_ast WHERE assetid = 7 I can get it to work by doing SELECT assetid, type_code, version, name, short_name, status, languages, charset, force_secure, created, created_userid, updated, updated_userid, published, published_userid, status_changed, status_changed_userid FROM sq_ast WHERE assetid = '7' Please note the quoting of the 7 in the WHERE clause... I am deploying an huge application and I cannot rewrite the core... similarly I don't want to risk changing the type of the column... I'm no Postgres expert... please help... Is there an option for strict casting of columns???

  Read the article

• Android - Looking for an AOP solution

  - by Serj Lotutovici

  I'm writing an application that on the bottom line uses it's internal API for some manipulations. The problem is that to call any method provided by that class first I (or anybody who uses the API) have to call #prepare() and after that #cleanup(). It all worked fine until the application and the API started to grow. And the risk of not calling one of the supplied methods before or after the API is now to big to be ignored (which makes it a bug risky application). Searching for a solution I found this question. I use Google Guice in my app for other purposes, but Android doesn't support AOP, that's why a use only guice-no_aop-x.jar. So I end-up with two questions: Is there an AOP solution for android to implement the same approach that is shown in the link above? Or may be someone has an idea that will be suitable for my case? Thanks in advice!

  Read the article

• How to create a test environnement on the production FTP

  - by Clement Herreman

  Hello, I'm currently working on a symfony webapp, which is already on production. To develop and add/delete/modify functionnality of the model, I work on my laptop, using symfony 'dev' environnemment. I test if everything work fine, then I pray a little and deploy it on the prod server (with all the risk of data error, like when I add new not null attributes on the model, prod server configuration special stuff, version of php/apache etc.). The problem is that I would like to setup a "staging" server, which would be a copy of the production server (same database, same configuration apache/php), so that, if the deployment goes bad, the production user stay untouched and working, only the staging server is down. But my client has only 1 FTP available. So, the question is : can I run 2 symfony project, with different models, on the same FTP ? Or is there another way to do what I want to do ? Thank you !

  Read the article

• If you could unlearn everything you know, and start again

  - by Rob Conery

  I'm giving a presentation at NDC 2010 and in one of the talks I'm going to focus on education and its power over your career (and you personally). There are people who mercilessly educate themselves, and there are others who are a bit ho-hum about it, feeling a bit of apathy. If you remove all of the risk associated surrounding a "refocus" of your career - what choices would you make? What things would you learn and what would you do with it? Think of it as a reroll, Ground Hog day, starting over from scratch today. What platform and language choices would you make and why? Most important to me are those who are completely happy where they are - would love to hear more about what it is that keeps you where you're at. Please do let me know what platform and tools you work with - it would help tremendously! Thanks in advance.

  Read the article

• Do you take the pain of learning it or use an out of the box solution?

  - by Mantorok

  Hi all What I'm getting at here is being presented with a control or framework that does 95% of what you want but has its shortcomings when opposed to learning how to do it yourself. To give a good example (ASP.Net) UpdatePanel vs DIY JS/JSON. The UpdatePanel gives you AJAX instantly without doing anything additional, however I've come to learn that its shortcomings are mainly that it's a bit of a hack and performs badly on busy pages and I've found myself having to scrap UpdatePanels in favour of rolling my own JS, and I've now made it a habit to fully investigate any shortcomings in out-of-the-box solutions, as I've been stung by this experience. So I guess what I'm asking is: Is it better to find out how to DIY or is it considered a better approach to try the available solution and risk going a full circle? Obviously I've only targetted a single control, but it is a very attractive control to people learning AJAX - I'm sure there are others out there. Sorry if dupliate. Thanks

  Read the article

• Simulating C-style for loops in python

  - by YGA

  (even the title of this is going to cause flames, I realize) Python made the deliberate design choice to have the for loop use explicit iterables, with the benefit of considerably simplified code in most cases. However, sometimes it is quite a pain to construct an iterable if your test case and update function are complicated, and so I find myself writing the following while loops: val = START_VAL while <awkward/complicated test case>: # do stuff ... val = <awkward/complicated update> The problem with this is that the update is at the bottom of the while block, meaning that if I want to have a continue embedded somewhere in it I have to: use duplicate code for the complicated/awkard update, AND run the risk of forgetting it and having my code infinite loop I could go the route of hand-rolling a complicated iterator: def complicated_iterator(val): while <awkward/complicated test case>: yeild val val = <awkward/complicated update> for val in complicated_iterator(start_val): if <random check>: continue # no issues here # do stuff This strikes me as waaaaay too verbose and complicated. Do folks in stack overflow have a simpler suggestion?

  Read the article

• How to determine what invokes User Access Control restrictions?

  - by MX4399

  In a Delphi app intended to build an internet software update service for my software, the Windows 7 UAC system requests authorization from the user to run the exe.The following possible contentious/risk areas exist in the code: A named pipe server is created for communications TCP is used for FTP and HTTP SHGetSpecialFolderPath api call is used Before these items where added UAC did not activate, removing each in turn including all unit reference and then ending with the bare bones exe still causes the UAC event - so its not possible say what is causing it. On top of this Delphi 2007 now requires being launced as an administrator to launcg a debugging process for the app. Question 1 : How can I see what is causing this besides starting from scratch in a new exe - IOW is there a log somewhere I can check Question 2 : Will using a signed exe using authenticode still cause the UAC alert to show

  Read the article

• What is a good approach for a Data Access Layer?

  - by Adil Mughal

  Our software is a customized Human Resource Management System (HRMS) using ASP.NET with Oracle as the database and now we are actually moving to make it a product that supports multiple tenants with their own databases. Our options: Use NHibernate to support Multiple databases and use of OO. But we concern related to NHibernate learning curve and any problem we faced. Make a generalized DAL which will continue working with Oracle using stored procedures and use tools to convert it to other databases such as SQL Server or MySql. There is a risk associated with having to support multiple database-dependent versions of a single script. Provide the software as a Service (SaaS) and maintain the way we conduct business. However there can may be clients who do not want or trust the Cloud or other SaaS business models. With this in mind, what's the best Data access layer technique?

  Read the article

• How does Task Parallel Library scale on a terminal server or in a web application?

  - by Lasse V. Karlsen

  I understand that the TPL uses work-stealing queues for its tasks when I execute things like Parallel.For and similar constructs. If I understand this correctly, the construct will spin up a number of tasks, where each will start processing items. If one of the tasks complete their allotted items, it will start stealing items from the other tasks which hasn't yet completed theirs. This solves the problem where items 1-100 are cheap to process and items 101-200 are costly, and one of the two tasks would just sit idle until the other completed. (I know this is a simplified exaplanation.) However, how will this scale on a terminal server or in a web application (assuming we use TPL in code that would run in the web app)? Can we risk saturating the CPUs with tasks just because there are N instances of our application running side by side? Is there any information on this topic that I should read? I've yet to find anything in particular, but that doesn't mean there is none.

  Read the article

• Is there a standard practice for storing default application data?

  - by Rox Wen

  Our application includes a default set of data. The default data includes coefficients and other factors that are unlikely to ever change but still need to be update-able by the user. Currently, the original default data is stored as a populated class within the application. Data updates are stored to an external XML file. This design allows us to include a "reset" feature to restore the original default data. Our rationale for not storing defaults externally [e.g. XML file] was to minimize the risk of being altered. The overall volume of data doesn't warrant a database. Is there a standard practice for storing "default" application data?

  Read the article

• Choosing Merge Direction

  - by tbreffni

  Consider a simple source-control layout, with a trunk representing a future release in development and a single branch representing a release currently in production. When a bug is discovered that needs fixed in both branches, should the change be made first to the trunk then merged down to the branch, or made first to the branch then merged up to the trunk? Typically I've made the fix first in the trunk then merged downwards, however there is an increased risk this way that future new features get merged down accidentally. What has worked best in your experience?

  Read the article

• Changing the title of a MFMailComposeViewController

  - by Badescu Alexandru

  Although i know changing MFMailComposeViewController is fround upon, i'm taking a risk. I found some ideas such as [self presentModalViewController:controller animated:YES]; // Existing line [[[[controller viewControllers] lastObject] navigationItem] setTitle:@"SomethingElse"]; and [[[[(MFMailComposeViewController*)vc navigationBar] items] objectAtIndex:0] setTitle:@" SomethingElse"]; but the odd thing is that the title is "SomethingElse" for like 2 seconds and after that it returns to the subject that is set. I've tried other solutions as well but the same output. I am using SHK (ShareKit) to connect to social. Here is the code from showViewController : if ([vc respondsToSelector:@selector(modalPresentationStyle)]) vc.modalPresentationStyle = [SHK modalPresentationStyle]; if ([vc respondsToSelector:@selector(modalTransitionStyle)]) vc.modalTransitionStyle = [SHK modalTransitionStyle]; [topViewController presentModalViewController:vc animated:YES]; [[[[(MFMailComposeViewController*)vc navigationBar] items] objectAtIndex:0] setTitle:@" "]; [(UINavigationController *)vc navigationBar].barStyle = [(UINavigationController *)vc toolbar].barStyle = [SHK barStyle]; self.currentView = vc;

  Read the article

< Previous Page | 31 32 33 34 35 36 37 38 39 40 41 42  | Next Page >