Search Results

Search found 8463 results on 339 pages for 'bad learner'.

Page 42/339 | < Previous Page | 38 39 40 41 42 43 44 45 46 47 48 49  | Next Page >

  • Which functions in the C standard library commonly encourage bad practice?

    - by Ninefingers
    Hello all, This is inspired by this question and the comments on one particular answer in that I learnt that strncpy is not a very safe string handling function in C and that it pads zeros, until it reaches n, something I was unaware of. Specifically, to quote R.. strncpy does not null-terminate, and does null-pad the whole remainder of the destination buffer, which is a huge waste of time. You can work around the former by adding your own null padding, but not the latter. It was never intended for use as a "safe string handling" function, but for working with fixed-size fields in Unix directory tables and database files. snprintf(dest, n, "%s", src) is the only correct "safe strcpy" in standard C, but it's likely to be a lot slower. By the way, truncation in itself can be a major bug and in some cases might lead to privilege elevation or DoS, so throwing "safe" string functions that truncate their output at a problem is not a way to make it "safe" or "secure". Instead, you should ensure that the destination buffer is the right size and simply use strcpy (or better yet, memcpy if you already know the source string length). And from Jonathan Leffler Note that strncat() is even more confusing in its interface than strncpy() - what exactly is that length argument, again? It isn't what you'd expect based on what you supply strncpy() etc - so it is more error prone even than strncpy(). For copying strings around, I'm increasingly of the opinion that there is a strong argument that you only need memmove() because you always know all the sizes ahead of time and make sure there's enough space ahead of time. Use memmove() in preference to any of strcpy(), strcat(), strncpy(), strncat(), memcpy(). So, I'm clearly a little rusty on the C standard library. Therefore, I'd like to pose the question: What C standard library functions are used inappropriately/in ways that may cause/lead to security problems/code defects/inefficiencies? In the interests of objectivity, I have a number of criteria for an answer: Please, if you can, cite design reasons behind the function in question i.e. its intended purpose. Please highlight the misuse to which the code is currently put. Please state why that misuse may lead towards a problem. I know that should be obvious but it prevents soft answers. Please avoid: Debates over naming conventions of functions (except where this unequivocably causes confusion). "I prefer x over y" - preference is ok, we all have them but I'm interested in actual unexpected side effects and how to guard against them. As this is likely to be considered subjective and has no definite answer I'm flagging for community wiki straight away. I am also working as per C99.

    Read the article

  • Does constantly checking the documentation make you a bad coder?

    - by cdburgess
    When writing PHP code for any given project, do you find you can write code off the top of your head? Or do you make multiple round trips to php.net? If it is the later, can you still be considered a good coder. This is a legitimate question as I find I have difficulty always remembering all of the functions that are available to me so I find I use php.net as a crutch. Is there anyway to improve this?

    Read the article

  • Pseudorandom crashes in Flash Debugger - My bad, or Abode's?

    - by rinogo
    I'm working on a large-size dual AS3/Flex project (some parts are pure AS3, other parts are Flex), and I'm experiencing a lot of Flash Debugger crashes. These crashes aren't completely random - it seems like I can get them to occur with greater consistency when I perform certain actions in my app. However, at the same time, they aren't consistently repeatable - sometimes a set of actions causes my app to crash, and other times, the same steps execute fine without a crash. I have two questions (carefully worded to remove my personal bias :) ) Are these crashes due to my coding practices, or Adobe's Flash Debugger? When I deploy my app on a web site and access it via Flash Player, should I expect the same crashes to occur, or is Flash Player considerably more resilient than Flash Debugger? Thanks so much, all! :) -Rich

    Read the article

  • Using PostRequestHandlerExecute, Flush and Close to clean up after a request - why is this bad?

    - by Erwin
    After some requests I need to clean up after the user - by calling a remote web service to release some resources if I guess the user doesn't need them anymore. It is ok to leave them hanging and letting them time out on the other server, but the polite thing to do is to inform it that I do not need them anymore. I do not want to waste the users time waiting for cleaning - so I tried to find place to put it. First I tried Application_EndRequest, but I needed something later. Then I found PostRequestHandlerExecute which seemed like a nice place, but I still need a Flush and Close to release the connection to the user. Protected Sub Application_PostRequestHandlerExecute(ByVal sender As Object, ByVal e As System.EventArgs) Response.Flush() Response.Close() ' Simulation of clean up activity: System.Threading.Thread.Sleep(4000) ' Really a couple of web service calls End Sub Is there some other place I could put these lengthy clean up routines?

    Read the article

  • How bad is code using std::basic_string<t> as a contiguous buffer?

    - by BillyONeal
    I know technically the std::basic_string template is not required to have contiguous memory. However, I'm curious how many implementations exist for modern compilers that actually take advantage of this freedom. For example, if one wants code like the following it seems silly to allocate a vector just to turn around instantly and return it as a string: DWORD valueLength = 0; DWORD type; LONG errorCheck = RegQueryValueExW( hWin32, value.c_str(), NULL, &type, NULL, &valueLength); if (errorCheck != ERROR_SUCCESS) WindowsApiException::Throw(errorCheck); else if (valueLength == 0) return std::wstring(); std::wstring buffer; do { buffer.resize(valueLength/sizeof(wchar_t)); errorCheck = RegQueryValueExW( hWin32, value.c_str(), NULL, &type, &buffer[0], &valueLength); } while (errorCheck == ERROR_MORE_DATA); if (errorCheck != ERROR_SUCCESS) WindowsApiException::Throw(errorCheck); return buffer; I know code like this might slightly reduce portability because it implies that std::wstring is contiguous -- but I'm wondering just how unportable that makes this code. Put another way, how may compilers actually take advantage of the freedom having noncontiguous memory allows? Oh: And of course given what the code's doing this only matters for Windows compilers.

    Read the article

  • Globals are bad! But should I use them in this context?

    - by Matt
    Would setting the $link to my database be one thing that I should use a GLOBAL scope for? In my setting of (lots of functions)...it seems as though having only one variable that is in the global scope would be wise. I am currently using the functions to transfer it back and forth so that way I do not have it in the global scope. But it is a bit of a hindrance to my script. Please advise.

    Read the article

  • The same class file in multiple .jar files. How bad is this?

    - by Kannan Goundan
    I have a library that writes data in either a text or binary format. It has the following three components: common data structures text writer (depends on 1) binary writer (depends on 1) The obvious way to distribute this is as 3 .jar files, so that users can include only what they need. However, the "common data structures" component is really just two small classes so I'm considering creating only two .jar files and including the common .class files in both. My question: What are the potential problems with doing this?

    Read the article

  • Java Interface Usage Guidelines -- Are getters and setters in an interface bad?

    - by user68759
    What do people think of the best guidelines to use in an interface? What should and shouldn't go into an interface? I've heard people say that, as a general rule, an interface must only define behavior and not state. Does this mean that an interface shouldn't contain getters and setters? My opinion: Maybe not so for setters, but sometimes I think that getters are valid to be placed in an interface. This is merely to enforce the implementation classes to implement those getters and so to indicate that the clients are able to call those getters to check on something, for example.

    Read the article

  • Bad linking in Qt unit test -- missing the link to the moc file?

    - by dwj
    I'm trying to unit test a class that inherits QObject; the class itself is located up one level in my directory structure. When I build the unit test I get the standard unresolved errors if a class' MOC file cannot be found: test.obj : error LNK2001: unresolved external symbol "public: virtual void * __thiscall UnitToTest::qt_metacast(char const *)" (?qt_metacast@UnitToTest@@UAEPAXPBD@Z) + 2 missing functions The MOC file is created but appears to not be linking. I've been poking around SO, the web, and Qt's docs for quite a while and have hit a wall. How do I get the unit test to include the MOC file in the link? ==== My project file is dead simple: TEMPLATE = app TARGET = test DESTDIR = . CONFIG += qtestlib INCLUDEPATH += . .. DEPENDPATH += . HEADERS += test.h SOURCES += test.cpp ../UnitToTest.cpp stubs.cpp DEFINES += UNIT_TEST My directory structure and files: C:. | UnitToTest.cpp | UnitToTest.h | \---test | test.cpp (Makefiles removed for clarity) | test.h | test.pro | stubs.cpp | +---debug | UnitToTest.obj | test.obj | test.pdb | moc_test.cpp | moc_test.obj | stubs.obj Edit: Additional information The generated Makefile.Debug shows the moc file missing: SOURCES = test.cpp \ ..\test.cpp \ stubs.cpp debug\moc_test.cpp OBJECTS = debug\test.obj \ debug\UnitToTest.obj \ debug\stubs.obj \ debug\moc_test.obj

    Read the article

  • Why calling Process.killProcess(Process.myPid()) is a bad idea?

    - by Tal Kanel
    I've read some posts saying using this method is "not good", shouldn't been use, it's not the right way to "close" the application and it's not how android works... I understand and accept the fact that Android OS knows better then me when it's the right time to terminate the process, but I didn't heard yet a good explanation why it's wrong using the killProcess() method?. after all - it's part of the android API... what I do know is that calling this method while other threads doing in potential an important work (operations on files, writing to DB, HTTP requests, running services..) can be terminated in the middle, and it's clearly not good. also I know I can benefit from the fact that "re-open" the application will be faster, cause the system maybe still "holds" in memory state from last time been used, and killProcess() prevents that. beside this reason, in assumption I don't have such operations, and I don't care my application will load from scratch each run, there are other reasons why not using the killProcess() method? I know about finish() method to close an Activity, so don't write me about that please.. finish() is only for Activity. not to all application, and I think I know exactly why and when to use it... and another thing - I'm developing also games with the Unity3D framework, and exporting the project to android. when I decompiled the generated apk, I was very suprised to find out that the java source code created from unity - implementing Unity's - Application.quit() method, with Process.killProcess(Process.myPid()). Application.quit() is suppose to be the right way to close game according to Unity3d guides (is it really?? maybe I'm wrong, and missed something), so how it happens that the Unity's framework developers which doing a very good work as it seems implemented this in native android to killProcess()? anyway - I wish to have a "list of reasons" why not using the killProcess() method, so please write down your answer - if you have something interesting to say about that. TIA

    Read the article

  • Is it good or bad practice to use var everywhere? [closed]

    - by Earlz
    Possible Duplicate: Use of var keyword in C# Hello, I've recently been discovering the awesomeness that is the var keyword in C#. Well, I didn't think about it before but I just wrote lines of code that are along the lines of var con=CreateNewConnection(); Where this would usually be IdbConnection con=CreateNewConnection(); Is this a good use of var? Is it possible to use var too often? Are there any downsides to using it? Also, one more point of consideration: We are not worried about backwards compatability. We just care that it runs on .NET 3.5

    Read the article

  • Is it bad practice to apply class-based design to JavaScript programs?

    - by helixed
    JavaScript is a prototyped-based language, and yet it has the ability to mimic some of the features of class-based object-oriented languages. For example, JavaScript does not have a concept of public and private members, but through the magic of closures, it's still possible to provide the same functionality. Similarly, method overloading, interfaces, namespaces and abstract classes can all be added in one way or another. Lately, as I've been programming in JavaScript, I've felt like I'm trying to turn it into a class-based language instead of using it in the way it's meant to be used. It seems like I'm trying to force the language to conform to what I'm used to. The following is some JavaScript code I've written recently. It's purpose is to abstract away some of the effort involved in drawing to the HTML5 canvas element. /* Defines the Drawing namespace. */ var Drawing = {}; /* Abstract base which represents an element to be drawn on the screen. @param The graphical context in which this Node is drawn. @param position The position of the center of this Node. */ Drawing.Node = function(context, position) { return { /* The method which performs the actual drawing code for this Node. This method must be overridden in any subclasses of Node. */ draw: function() { throw Exception.MethodNotOverridden; }, /* Returns the graphical context for this Node. @return The graphical context for this Node. */ getContext: function() { return context; }, /* Returns the position of this Node. @return The position of this Node. */ getPosition: function() { return position; }, /* Sets the position of this Node. @param thePosition The position of this Node. */ setPosition: function(thePosition) { position = thePosition; } }; } /* Define the shape namespace. */ var Shape = {}; /* A circle shape implementation of Drawing.Node. @param context The graphical context in which this Circle is drawn. @param position The center of this Circle. @param radius The radius of this circle. @praram color The color of this circle. */ Shape.Circle = function(context, position, radius, color) { //check the parameters if (radius < 0) throw Exception.InvalidArgument; var node = Drawing.Node(context, position); //overload the node drawing method node.draw = function() { var context = this.getContext(); var position = this.getPosition(); context.fillStyle = color; context.beginPath(); context.arc(position.x, position.y, radius, 0, Math.PI*2, true); context.closePath(); context.fill(); } /* Returns the radius of this Circle. @return The radius of this Circle. */ node.getRadius = function() { return radius; }; /* Sets the radius of this Circle. @param theRadius The new radius of this circle. */ node.setRadius = function(theRadius) { radius = theRadius; }; /* Returns the color of this Circle. @return The color of this Circle. */ node.getColor = function() { return color; }; /* Sets the color of this Circle. @param theColor The new color of this Circle. */ node.setColor = function(theColor) { color = theColor; }; //return the node return node; }; The code works exactly like it should for a user of Shape.Circle, but it feels like it's held together with Duct Tape. Can somebody provide some insight on this?

    Read the article

  • Why is using OPENQUERY on a local server bad?

    - by Ziplin
    I'm writing a script that is supposed to run around a bunch of servers and select a bunch of data out of them, including the local server. The SQL needed to SELECT the data I need is pretty complicated, so I'm writing sort of an ad-hoc view, and using an OPENQUERY statement to get the data, so ultimately I end up looping over a statement like this: exec('INSERT INTO tabl SELECT * FROM OPENQUERY(@Server, @AdHocView)') However, I've heard that using OPENQUERY on the local server is frowned upon. Could someone elaborate as to why?

    Read the article

  • Boiler plate code replacement - is there anything bad about this code?

    - by Benjol
    I've recently created these two (unrelated) methods to replace lots of boiler-plate code in my winforms application. As far as I can tell, they work ok, but I need some reassurance/advice on whether there are some problems I might be missing. (from memory) static class SafeInvoker { //Utility to avoid boiler-plate InvokeRequired code //Usage: SafeInvoker.Invoke(myCtrl, () => myCtrl.Enabled = false); public static void Invoke(Control ctrl, Action cmd) { if (ctrl.InvokeRequired) ctrl.BeginInvoke(new MethodInvoker(cmd)); else cmd(); } //Replaces OnMyEventRaised boiler-plate code //Usage: SafeInvoker.RaiseEvent(this, MyEventRaised) public static void RaiseEvent(object sender, EventHandler evnt) { var handler = evnt; if (handler != null) handler(sender, EventArgs.Empty); } } EDIT: See related question here UPDATE Following on from deadlock problems (related in this question), I have switched from Invoke to BeginInvoke (see an explanation here). Another Update Regarding the second snippet, I am increasingly inclined to use the 'empty delegate' pattern, which fixes this problem 'at source' by declaring the event directly with an empty handler, like so: event EventHandler MyEventRaised = delegate {};

    Read the article

  • iPhone - Bug using CADisplayLink and UIControls - bad to mix openGL and UIControls?

    - by Adam
    Having had problems using other methods, I've decided to stick with CADisplayLink to run my game loop. The animation is smooth now, but sometimes there's a problem where the buttons and other UI elements can't be used, can't be accessed by touch or changed programmatically. This includes UIButtons and UILabels. Has anyone encountered this before? Is it not a good idea in general to use interface builder and uicontrols on top of an OpenGL view? I've heard they don't play well together but haven't heard the reasons. Thanks!

    Read the article

  • Is it bad taste to include GPA in your resume?

    - by Gab Royer
    As I was typing my curriculum vitae, I was wondering if it was good idea to include my GPA. I'm currently in software engineering and have a 4.0 GPA, but don't like mentioning it too much as I fear people might see this as bragging... But at the same time, I feel like it is something that could help me land a job (or an interview, at least). What should I do?

    Read the article

  • Is using the keyword var bad in C# 2.0?

    - by Patrick
    I read an article about using C# 3 features in C# 2 where you can for instance type var x = 2; and even if the project is a 2.0 project, the Visual Studio 2008 compiler picks it up and generates the same code as it would if you type int x = 2. But what I don't get is, should you not do this in some cases? I always thought that the var keyword didn't arrive until C# 3.. If the compiler generates the same code and I can type C# 3 code and C# 2 code exactly the same, what is the differance really, because the CLI is the same, right? Quote from the link above Behind the scenes, the compiler generate regular .NET 2.0 code. Is there any difference between .NET 2.0 code and .NET 3 code?

    Read the article

  • Rendering javascript at the server side level. A good or bad idea?

    - by davidhong
    I want to make it clear first: This isn't a question in relation to server-side Javascript or running Javascript server side. This is a question regarding rendering of Javascript code (which will be executed on the client-side) from server-side code. Having said that, take a look at below ASP.net code for example: hlRemoveCategory.Attributes.Add("onclick", "return confirm('Are you sure you want to delete this?');") This is prescribing the client-side onclick event on the server-side. As oppose to: $('a[rel=remove]').bind('click', function(event) { return confirm('Are you sure you want to delete this?'); } Now the question I want to ask is: What is the benefit of rendering javascript from the server-side code? Or the vice-versa? I personally prefer the second way of hooking up client-side UI/behaviour to HTML elements for the following reasons: Server-side does what ever it needs to already, including data-validation, event delegation and etc; and What server-side sees as an event is not necessarily the same process on the client-side. i.e., there are plenty more events on client-side (just look at custom events); and What happens on client-side and on server-side, during an event, could be completely irrelevant and decoupled; and What ever happens on client-side happens on client-side, there is no need for the server to know. Server should process and run what is given to them, how the process comes to life is not really up to them to decide in the event of the client-side events; and so and so forth. These are my thoughts obviously. I want to know what others think and if there has been any discussions on this topic. Topics branching from this argument can reach: Code management: is it easier to render everything from server-side? Separation of concern: is it easier if client-side logic is separated to server-side logic? Efficiency: which is more efficient both in terms of coding and running? At the end of the day, I am trying to move my team to go towards the second approach. There are lot of old guys in this team who are afraid of this change. I just wish to convince them with the right facts and stats. Let me know your thoughts.

    Read the article

  • Is adding indexes to a SQL Server ever a bad idea?

    - by Aerik
    We have a mid-size SQL Server based application that has no indexes defined. Not even on the the identity columns. I suggested to our moderately expensive application consultant that perhaps we might get better performance (particularly as our database grows) by creating some indexes on appropriate fields, and he said: "Indexes will significantly impact other areas of the application and customers should not create them under any circumstances." Anybody ever heard of anything like this? Are there ever circumstances where one should not create any indexes? I can see nothing special about this app - it's got int identity columns, then lots of string columns, bunch of relational tables but nothing special or weird that I can see. Thanks!

    Read the article

  • What do I use if a CSS framework or grid is bad?

    - by johnny
    Reference this question: http://stackoverflow.com/questions/203069/what-is-the-best-css-framework-and-are-they-worth-the-effort Do I go back to the "old" way of manually creating a template or downloading free ones again. For a little bit I thought a grid was the new thing and the best, now it appears I am wrong after all and not sure of best practice. And, yes, I can write my own CSS but didn't want to create the infrastructure if I didn't have to.

    Read the article

  • Why would it be a bad idea to have database connection open between client requests?

    - by AspOnMyNet
    1) Book I’m reading argues that connections shouldn’t be opened between client requests, since they are a finite resource. I realize that max pool size can quickly be reached and thus any further attempts to open a connection will be queued until connection becomes available and for that reason it would be imperative that we release connection as soon as possible. But assuming all request will open connection to the same DB, then I’m not sure how having a connection open between two client requests would be any less efficient than having each request first acquiring a connection from connection pool and later returning that object to connection pool? 2) Book also recommends that when database code is encapsulated in a dedicated data access class, then method M opening a database connection should also close that connection. a) I assume one reason why M should also close it, is because if method M opening the connection doesn’t also close it, but instead this connection object is used inside several methods, then it’s more likely that a programmer will forget to close it. b) Are there any other reasons why a method opening the connection should also close it? thanx

    Read the article

  • CruiseControl.rb: Error in plugin EmailNotifier: 501 5.1.7 Bad sender address syntax?

    - by Justin
    Hi guys, I can't seem to figure this out. I setup my email address in cruisecontrol.rb but no matter how I set it, it always gives me this error. Current settings are: project/cruise_config.rb: project.email_notifier.emails = ['[email protected]'] project.email_notifier.from = '[email protected]' site_config.rb: ActionMailer::Base.smtp_settings = { :address => "localhost", :domain => "myemail.com", } I've even tried ActionMailer::Base.delivery_method = :sendmail Configuration.email_from = '[email protected]' Any thoughts as to why my cruisecontrol can't send an e-mail? Thanks! Justin

    Read the article

< Previous Page | 38 39 40 41 42 43 44 45 46 47 48 49  | Next Page >