Search Results

Search found 28459 results on 1139 pages for 'task base programming'.

Page 443/1139 | < Previous Page | 439 440 441 442 443 444 445 446 447 448 449 450  | Next Page >

• Android viole-t-il la licence du noyau Linux ? Des experts évoquent un problème encore plus complexe que le conflit avec Oracle sur Java

  Android viole-t-il la licence du noyau Linux ? Des experts avertissent contre un problème qui pourrait être encore plus complexe que le conflit avec Oracle sur Java Comme si le procès intenté par Oracle ne suffisait pas, des experts en propriété intellectuelle se sont penchés sur l'utilisation par l'OS mobile de Google de la base de code sous licence GPL Version 2 du noyau Linux. Ils mettent en garde contre une problématique encore plus complexe pour Google que le bras de fer qui l'oppose à Or...

  Read the article

• Is reliance on parametrized queries the only way to protect against SQL injection?

  - by Chris Walton

  All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed as poor practice, mainly because they were seen as less maintainable; less testable; highly coupled; and locked a system into one vendor; (this question covers some other reasons). Although when I was working, projects were virtually unaware of the possibility of such attacks; various rules were adopted to secure the database against corruption of various sorts. These rules can be summarised as: No client/application had direct access to the database tables. All accesses to all tables were through views (and all the updates to the base tables were done through triggers). All data items had a domain specified. No data item was permitted to be nullable - this had implications that had the DBAs grinding their teeth on occasion; but was enforced. Roles and permissions were set up appropriately - for instance, a restricted role to give only views the right to change the data. So is a set of (enforced) rules such as this (though not necessarily this particular set) an appropriate alternative to parametrized queries in preventing SQL injection attacks? If not, why not? Can a database be secured against such attacks by database (only) specific measures? EDIT Emphasis of the question changed slightly, in the light of the initial responses received. Base question unchanged. EDIT2 The approach of relying on paramaterized queries seems to be only a peripheral step in defense against attacks on systems. It seems to me that more fundamental defenses are both desirable, and may render reliance on such queries not necessary, or less critical, even to defend specifically against injection attacks. The approach implicit in my question was based on "armouring" the database and I had no idea whether it was a viable option. Further research has suggested that there are such approaches. I have found the following sources that provide some pointers to this type of approach: http://database-programmer.blogspot.com http://thehelsinkideclaration.blogspot.com The principle features I have taken from these sources is: An extensive data dictionary, combined with an extensive security data dictionary Generation of triggers, queries and constraints from the data dictionary Minimize Code and maximize data While the answers I have had so far are very useful and point out difficulties arising from disregarding paramaterized queries, ultimately they do not answer my original question(s) (now emphasised in bold).

  Read the article

• DRY and SRP

  - by Timothy Klenke

  Originally posted on: http://geekswithblogs.net/TimothyK/archive/2014/06/11/dry-and-srp.aspxKent Beck’s XP Simplicity Rules (aka Four Rules of Simple Design) are a prioritized list of rules that when applied to your code generally yield a great design.  As you’ll see from the above link the list has slightly evolved over time.  I find today they are usually listed as: All Tests Pass Don’t Repeat Yourself (DRY) Express Intent Minimalistic These are prioritized.  If your code doesn’t work (rule 1) then everything else is forfeit.  Go back to rule one and get the code working before worrying about anything else. Over the years the community have debated whether the priority of rules 2 and 3 should be reversed.  Some say a little duplication in the code is OK as long as it helps express intent.  I’ve debated it myself.  This recent post got me thinking about this again, hence this post.   I don’t think it is fair to compare “Expressing Intent” against “DRY”.  This is a comparison of apples to oranges.  “Expressing Intent” is a principal of code quality.  “Repeating Yourself” is a code smell.  A code smell is merely an indicator that there might be something wrong with the code.  It takes further investigation to determine if a violation of an underlying principal of code quality has actually occurred. For example “using nouns for method names”, “using verbs for property names”, or “using Booleans for parameters” are all code smells that indicate that code probably isn’t doing a good job at expressing intent.  They are usually very good indicators.  But what principle is the code smell of Duplication pointing to and how good of an indicator is it? Duplication in the code base is bad for a couple reasons.  If you need to make a change and that needs to be made in a number of locations it is difficult to know if you have caught all of them.  This can lead to bugs if/when one of those locations is overlooked.  By refactoring the code to remove all duplication there will be left with only one place to change, thereby eliminating this problem. With most projects the code becomes the single source of truth for a project.  If a production code base is inconsistent with a five year old requirements or design document the production code that people are currently living with is usually declared as the current reality (or truth).  Requirement or design documents at this age in a project life cycle are usually of little value. Although comparing production code to external documentation is usually straight forward, duplication within the code base muddles this declaration of truth.  When code is duplicated small discrepancies will creep in between the two copies over time.  The question then becomes which copy is correct?  As different factions debate how the software should work, trust in the software and the team behind it erodes. The code smell of Duplication points to a violation of the “Single Source of Truth” principle.  Let me define that as: A stakeholder’s requirement for a software change should never cause more than one class to change. Violation of the Single Source of Truth principle will always result in duplication in the code.  However, the inverse is not always true.  Duplication in the code does not necessarily indicate that there is a violation of the Single Source of Truth principle. To illustrate this, let’s look at a retail system where the system will (1) send a transaction to a bank and (2) print a receipt for the customer.  Although these are two separate features of the system, they are closely related.  The reason for printing the receipt is usually to provide an audit trail back to the bank transaction.  Both features use the same data:  amount charged, account number, transaction date, customer name, retail store name, and etcetera.  Because both features use much of the same data, there is likely to be a lot of duplication between them.  This duplication can be removed by making both features use the same data access layer. Then start coming the divergent requirements.  The receipt stakeholder wants a change so that the account number has the last few digits masked out to protect the customer’s privacy.  That can be solve with a small IF statement whilst still eliminating all duplication in the system.  Then the bank wants to take a picture of the customer as well as capture their signature and/or PIN number for enhanced security.  Then the receipt owner wants to pull data from a completely different system to report the customer’s loyalty program point total. After a while you realize that the two stakeholders have somewhat similar, but ultimately different responsibilities.  They have their own reasons for pulling the data access layer in different directions.  Then it dawns on you, the Single Responsibility Principle: There should never be more than one reason for a class to change. In this example we have two stakeholders giving two separate reasons for the data access class to change.  It is clear violation of the Single Responsibility Principle.  That’s a problem because it can often lead the project owner pitting the two stakeholders against each other in a vein attempt to get them to work out a mutual single source of truth.  But that doesn’t exist.  There are two completely valid truths that the developers need to support.  How is this to be supported and honour the Single Responsibility Principle?  The solution is to duplicate the data access layer and let each stakeholder control their own copy. The Single Source of Truth and Single Responsibility Principles are very closely related.  SST tells you when to remove duplication; SRP tells you when to introduce it.  They may seem to be fighting each other, but really they are not.  The key is to clearly identify the different responsibilities (or sources of truth) over a system.  Sometimes there is a single person with that responsibility, other times there are many.  This can be especially difficult if the same person has dual responsibilities.  They might not even realize they are wearing multiple hats. In my opinion Single Source of Truth should be listed as the second rule of simple design with Express Intent at number three.  Investigation of the DRY code smell should yield to the proper application SST, without violating SRP.  When necessary leave duplication in the system and let the class names express the different people that are responsible for controlling them.  Knowing all the people with responsibilities over a system is the higher priority because you’ll need to know this before you can express it.  Although it may be a code smell when there is duplication in the code, it does not necessarily mean that the coder has chosen to be expressive over DRY or that the code is bad.

  Read the article

• No sound after clean install 11.10

  - by Jorge

  First of all, sorry to ask this, I'm sure that this was asked so many times before. Second, sorry for the English, it's not my native language. And Third, thank you in advance. So, I hope the follow info will help, here's a log. http://www.alsa-project.org/db/?f=07089caf530494bc4bc23e1d1cd56b3a5fae03c6 I already check 'System - Preferences - Sound'. Here's a screenshot http://i.imgur.com/Ghwnj.png > jorge@jorge-desktop:~$ sudo lshw -class multimedia > *-multimedia > description: Multimedia audio controller > product: VT8233/A/8235/8237 AC97 Audio Controller > vendor: VIA Technologies, Inc. > physical id: 11.5 > bus info: pci@0000:00:11.5 > version: 60 > width: 32 bits > clock: 33MHz > capabilities: pm cap_list > configuration: driver=VIA 82xx Audio latency=0 > resources: irq:22 ioport:e400(size=256) Tried with no results: > sudo apt-get remove --purge alsa-base > sudo apt-get remove --purge pulseaudio > sudo apt-get clean && sudo apt-get autoremove > sudo apt-get install alsa-base > sudo apt-get install pulseaudio > sudo apt-get install ubuntu-desktop Also > sudo gedit /etc/default/grub > > from: > > GRUB_CMDLINE_LINUX_DEFAULT="quiet splash" > > to: > > GRUB_CMDLINE_LINUX_DEFAULT="quiet splash radeon.audio=1" > > sudo update-grub > > And Reboot... without any result. EDIT: I made sure that everything it's fine with aplay -l and lspci -v and lsmod; and checked alsamixer, it's not in mute. Well I'm running out of ideas. Thanks.

  Read the article

• What if(event) statement means in JavaScript?

  - by j flo

  I'm rather new to JavaScript and programming in general so I am pretty much only used to seeing if statements that have some kind of comparison operator like, if (x < 10) or if(myBool). I have seen an if statement checking against an event, but I don't understand what or why the event is being checked like that. What's the semantic meaning behind that check or comparison? Here is the code in question: if(event){ event.preventDefault(); }

  Read the article

• What's the best way to create a static utility class in python? Is using metaclasses code smell?

  - by rsimp

  Ok so I need to create a bunch of utility classes in python. Normally I would just use a simple module for this but I need to be able to inherit in order to share common code between them. The common code needs to reference the state of the module using it so simple imports wouldn't work well. I don't like singletons, and classes that use the classmethod decorator do not have proper support for python properties. One pattern I see used a lot is creating an internal python class prefixed with an underscore and creating a single instance which is then explicitly imported or set as the module itself. This is also used by fabric to create a common environment object (fabric.api.env). I've realized another way to accomplish this would be with metaclasses. For example: #util.py class MetaFooBase(type): @property def file_path(cls): raise NotImplementedError def inherited_method(cls): print cls.file_path #foo.py from util import * import env class MetaFoo(MetaFooBase): @property def file_path(cls): return env.base_path + "relative/path" def another_class_method(cls): pass class Foo(object): __metaclass__ = MetaFoo #client.py from foo import Foo file_path = Foo.file_path I like this approach better than the first pattern for a few reasons: First, instantiating Foo would be meaningless as it has no attributes or methods, which insures this class acts like a true single interface utility, unlike the first pattern which relies on the underscore convention to dissuade client code from creating more instances of the internal class. Second, sub-classing MetaFoo in a different module wouldn't be as awkward because I wouldn't be importing a class with an underscore which is inherently going against its private naming convention. Third, this seems to be the closest approximation to a static class that exists in python, as all the meta code applies only to the class and not to its instances. This is shown by the common convention of using cls instead of self in the class methods. As well, the base class inherits from type instead of object which would prevent users from trying to use it as a base for other non-static classes. It's implementation as a static class is also apparent when using it by the naming convention Foo, as opposed to foo, which denotes a static class method is being used. As much as I think this is a good fit, I feel that others might feel its not pythonic because its not a sanctioned use for metaclasses which should be avoided 99% of the time. I also find most python devs tend to shy away from metaclasses which might affect code reuse/maintainability. Is this code considered code smell in the python community? I ask because I'm creating a pypi package, and would like to do everything I can to increase adoption.

  Read the article

• Week in Geek: Windows 8 Users at Risk Due to Missing IE 10 Flash Update

  - by Asian Angel

  This week’s edition of WIG is filled with news link goodness covering topics such as Windows 8 Pro downgrades to Windows 7 and Vista will be possible, the Ubuntu Live CD is now dead, Guild Wars 2 is suffering an ongoing password attack, and more. HTG Explains: Is ReadyBoost Worth Using? HTG Explains: What The Windows Event Viewer Is and How You Can Use It HTG Explains: How Windows Uses The Task Scheduler for System Tasks

  Read the article

• Configuring SQL Server Audit Logging with Powershell

  - by Jonathan Kehayias

  One of the standard configuration options that I set on all SQL Server installs is to log Failed Login Attempts to the SQL Server Error Log.  I recently inherited an environment that this option wasn’t standardized across all of the servers and needed to configure it for multiple servers in a scripted manner.  There are a couple of ways to handle this kind of task.  First I could log on to every server in SSMS, open the Server Properties, and set the option on the Security sheet for...(read more)

  Read the article

• Make Pong on android using OpenGL-ES

  - by brainydexter

  I am trying to make a simple pong game using opengl-es. I have checked out some of the tutorials/samples, but most of them are pre-dated to 2009. I am familiar with game programming, and consider pong to be the hello-world! Right now, I intend to make it using their supplied SDK (2.3), but eventually I want to make it in NDK, so I can port my other work to android. Would anyone have a good reference for a starting point ? Thanks

  Read the article

• CVE-2012-3410 stack-based buffer overflow vulnerability in Bash

  - by RitwikGhoshal

  CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3410 Buffer overflow vulnerability 4.6 Bash Solaris 11 Contact Support Solaris 10 SPARC: 126546-04 X86: 126547-04 Solaris 9 Contact Support This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

  Read the article

• ADF Essentials - free version of ADF available for any app server!

  - by Lukasz Romaszewski

  Hello,  that's great news, finally anyone can create and deploy an ADF application on any application server including Oracle's open source Glassfish server without any license! You can use core ADF functionality, namely: Oracle ADF Faces Rich Client Components Oracle ADF Controller Oracle ADF Model Oracle ADF Business Components Some more enterprise grade functionalities still require purchasing the license, among the others: ADF Security (you can use standard JEE security or third party frameworks) MDS (customizations) Web Service Data Control (workaround - use WS proxy and wrap it as a Pojo DC!) Remote Task Flows HA and Clustering You can find more information about this here

  Read the article

• Microsoft Access 2000 How To's Series

  Listen Software Solutions and author David Nishimoto present a new series designed to help Microsoft Access developers discover the secrets of Access programming and empower the developer with the critical knowledge needed to build enterprise-quality applications.

  Read the article

• Can't format / delete locked partition from gparted?

  - by tech

  I cannot format my hard disk for ubuntu installation. It has Fedora installed in it. I wonder how to unlock the locked partition to delete and format it, since I am stucked at installing ubuntu. I am now using a livecd to do the task. No options are available for me to use. Link to screenshot: http://img822.imageshack.us/img822/7929/screenshotfrom201211151.png If you have any questions, please ask below.

  Read the article

• "Building on a Solid Foundation"

  Designing the right IT infrastructure is a critical part of ensuring application availability and performance. See how companies rely on an Oracle grid infrastructure—including Oracle Database and Oracle Real Application Clusters—to provide a solid yet flexible base for their applications.

  Read the article

• Week in Geek: Google Drive Desktop Client Allows Backdoor Access to Google Accounts

  - by Asian Angel

  Our last edition of WIG for October is filled with news link coverage on topics such as Microsoft may not issue a second Windows 7 service pack, Windows Media Center is free for Windows 8 Pro users for limited time, CyanogenMod logged swipe gestures used to unlock Android devices, and more. What Is the Purpose of the “Do Not Cover This Hole” Hole on Hard Drives? How To Log Into The Desktop, Add a Start Menu, and Disable Hot Corners in Windows 8 HTG Explains: Why You Shouldn’t Use a Task Killer On Android

  Read the article

• Draw multiple objects with textures

  - by Simplex

  I want to draw cubes using textures. void OperateWithMainMatrix(ESContext* esContext, GLfloat offsetX, GLfloat offsetY, GLfloat offsetZ) { UserData *userData = (UserData*) esContext->userData; ESMatrix modelview; ESMatrix perspective; //Manipulation with matrix ... glVertexAttribPointer(userData->positionLoc, 3, GL_FLOAT, GL_FALSE, 0, cubeFaces); //in cubeFaces coordinates verticles cube glVertexAttribPointer(userData->normalLoc, 3, GL_FLOAT, GL_FALSE, 0, cubeFaces); //for normals (use in fragment shaider for textures) glEnableVertexAttribArray(userData->positionLoc); glEnableVertexAttribArray(userData->normalLoc); // Load the MVP matrix glUniformMatrix4fv(userData->mvpLoc, 1, GL_FALSE, (GLfloat*)&userData->mvpMatrix.m[0][0]); //Bind base map glActiveTexture(GL_TEXTURE0); glBindTexture(GL_TEXTURE_CUBE_MAP, userData->baseMapTexId); //Set the base map sampler to texture unit to 0 glUniform1i(userData->baseMapLoc, 0); // Draw the cube glDrawArrays(GL_TRIANGLES, 0, 36); } (coordinates transformation is in OperateWithMainMatrix() ) Then Draw() function is called: void Draw(ESContext *esContext) { UserData *userData = esContext->userData; // Set the viewport glViewport(0, 0, esContext->width, esContext->height); // Clear the color buffer glClear(GL_COLOR_BUFFER_BIT); // Use the program object glUseProgram(userData->programObject); OperateWithMainMatrix(esContext, 0.0f, 0.0f, 0.0f); eglSwapBuffers(esContext->eglDisplay, esContext->eglSurface); } This work fine, but if I try to draw multiple cubes (next code for example): void Draw(ESContext *esContext) { ... // Use the program object glUseProgram(userData->programObject); OperateWithMainMatrix(esContext, 2.0f, 0.0f, 0.0f); OperateWithMainMatrix(esContext, 1.0f, 0.0f, 0.0f); OperateWithMainMatrix(esContext, 0.0f, 0.0f, 0.0f); OperateWithMainMatrix(esContext, -1.0f, 0.0f, 0.0f); OperateWithMainMatrix(esContext, -2.0f, 0.0f, 0.0f); eglSwapBuffers(esContext->eglDisplay, esContext->eglSurface); } A side faces overlapes frontal face. The side face of the right cube overlaps frontal face of the center cube. How can i remove this effect and display miltiple cubes without it?

  Read the article

• Parent variable inheritance methods Unity3D/C#

  - by Timothy Williams

  I'm creating a system where there is a base "Hero" class and each hero inherits from that with their own stats and abilities. What I'm wondering is, how could I call a variable from one of the child scripts in the parent script (something like maxMP = MP) or call a function in a parent class that is specified in each child class (in the parent update is alarms() in the child classes alarms() is specified to do something.) Is this possible at all? Or not? Thanks.

  Read the article

• CVE-2012-2763 Buffer overflow vulnerability in Gimp

  - by RitwikGhoshal

  CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2763 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5 Gimp Solaris 11 11/11 SRU 11.4 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

  Read the article

• How to Become a Valuable Web Developer

  If you are new to web development and want to 'break into' the field then PHP is the programming language you should learn. There are many approaches to learning how to be a web developer, however, I believe the following approach makes the most sense.

  Read the article

• Learn more about SPARC by listening to our newly recorded podcasts

  - by Cinzia Mascanzoni

  Please listen to our newly recorded series of four podcasts focused on SPARC. The topics are: How SPARC T4 Servers Open New Opportunities SPARC Roadmap and SPARC T4 Architecture Highlights SPARC T4 For Installed Base Refresh and Consolidation SPARC T4 – How Does it Stack up Against the Competition? Rob Ludeman, from SPARC Product Management, and Thomas Ressler, WWA&C Alliances Consultant, are your hosts. The intent is to continue to help you understand how to position and sell SPARC/T4 into your customer architecture.Details on how to access these podcasts can be found here.

  Read the article

• Design Principles: An Illuminati For Better Solution

  From my earliest memory of programming, I was taught that we should do some level of design before coding. Somewhere around the way I started hearing phrases Dependency Injection, IoC etc., but whenever I asked people the need for these patterns, I seldom got an answer that satisfied me…

  Read the article

• Synchronizing ODSEE and OUD

  - by Etienne Remillon

  When it comes to synchronizing between ODSEE and OUD, what should be the best options ? Couple  options are available - Use one of OUD internal capability called Replication Gateway - Use our synchronization tool called Directory Integration Platform part of Oracle Directory Services Plus - Manuel export and import Let's check pro and cons on each method. Replication Gateway is the natural, out of the box solution to perform the task. We created this as a feature of OUD because it works at our replication protocol level. The gateway perform the required adaptation between the ODSEE's replication protocol and OUD's one. The benefits of doing this is that it provide strong consistency between the to type of directories. This fully leverage conflict management implemented in the replication protocols to ensure that changes are applied in a coherent and ordered manner. It does not require specific modification on existing ODSEE production instances such as turning on "retro changelog". Changes are propagated at near speed of replication in both directions. Replication Gateway can also synchronize information that are stored internally in the directory server such as "xxxxx" account locking managed at ODSEE server level and not via the nsyyyy attribute. OUD replication gateway does no require any specific tools or installation specific procedure. It is manged like other OUD component with monitoring and configuration via the standard console. OUD Replication Gateway does not perform adaptation between ODSEE and OUD. Using Directory Integration Protocol as external component to OUD, brings flexibility in remapping and transformations between ODSEE and OUD. There is a price to pay in using DIP to perform the synchronization task. You will have to turn on the retro change log to get access to changes on the ODSEE side (this will impact disk and CPU usage and performances which could be a serious challenge for your existing ODSEE environment (if you have not provisioned additional hardware and instances). You will not benefits of conflict resolution management and this might have to be addressed at application level, which is not always possible to implement. Using export and import seams very simple, but this methodology cannot ensure an highly available deployment with up to date entries on booth sides. This solution can be used if full HA with up-to-date data is not needed (during synchronization time). It often used  if data-cleaning need to take place to avoid polluting a new environment with old un-necessary data.

  Read the article

• Importance of a 1st Class Degree

  - by Nipuna Silva

  I'm currently at the 3rd year following a degree in Software Engineering. I'm thinking of moving into a research field in the future (programming language design, AI etc.) My problems are, What is the advantage/importance of carrying a 1st Class Degree (Honors for Americans) in to the industry rather than with just simple pass. Is it really important to have a 1st Class? Is it the practical knowledge i have to give priority or the theoretical knowledge, or both?

  Read the article

• ASP.NET 3.5 Loop Control Structures Using Visual Basic

  Loop statements are one of the most important control structures in any programming language. Control structures are used to control or alter the flow of the program depending on a given situation. This article acquaints you with the most important loop statements and how to use them when developing ASP.NET web applications.... Microsoft Exchange Server 2010 Simplify Administration and Deployment of Messaging - Free Download.

  Read the article

• Multiple Denial of Service vulnerabilities in Quagga

  - by chandan

  CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3323 Denial of Service (DoS) vulnerability 5.0 Quagga Solaris 10 SPARC: 126206-09 X86: 126207-09 Solaris 11 11/11 SRU 4 CVE-2011-3324 Denial of Service (DoS) vulnerability 5.0 CVE-2011-3325 Denial of Service (DoS) vulnerability 5.0 CVE-2011-3326 Denial of Service (DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

  Read the article

< Previous Page | 439 440 441 442 443 444 445 446 447 448 449 450  | Next Page >