|
Right, well this particular one is a partisan straw-man. When was the last time you embedded ActiveX managed code in your page? Probably never--I haven't. It's not as if the ability to run .net code on the client ships with most browsers by default as core functionality. And if such a feature were offered:
- The list of 'sploits would be a thousand miles long, and definitely not available before release (as if such an expectation were even reasonable or made sense);
- Everyone would turn it off;
- It would not count as a strike against the .net platform, but rather against the sandboxing policy in the browser.
I can't wait til HTML5 hits critical mass. Let's see how well the security issues around this are managed by M$. I'm betting on Not Well.
Anyway, even snarky comments should make sense!
Best,
Forty
|
|
|
|
|
The snarky comment made perfect sense to me.
Like it or not of late Java has become known for exploits. Whether it is fair, and whether other systems will have as many problems (HTML5) is not the point. I uninstalled the Java runtime from my home machine. If .NET came with the abiltiy to run client side and had as little use to me and as many problems I might remove that too. Also, if a diet of burgers and beer didn't make me fat I'd be a model.
Until they fix their code and then their PR problem: Java == exploits.
|
|
|
|
|
The Java browser plug-in may be exploitable, but not so much "Java" itself. I understand, of course, that the label "Java" gets applied to a bunch of qualitatively different things. But using the label to cloud and misrepresent matters to users is irresponsible and unethical.
No one likes applets, not even Java people. But almost no one deploys them anyway. The Java platform itself (the back-end: language, JVM, appserver--which, btw, routinely runs on much more secure OSes than the IIS-standard Windows) is less exploitable than the Microsoft equivalent combination (.NET runtime, IIS+Windows OS), and it's this (either intentional or ignorant) implicit false comparison of applets (a marginal use of Java) with _anything_else_ that's incorrect.
Best,
Forty
|
|
|
|
|
That's true. In the last year, the .NET browser plugin has had just as many security holes as the Java plugin, but they weren't actively exploited, so they didn't get the same bad press
|
|
|
|
|
Today's Little Program monitors windows as they come and go. When people contemplate doing this, they come up with ideas like installing a WH_CBT hook or a WH_SHELL hook, but one of the major problems with those types of hooks is that they are injected hooks. Injection is bad for a number of reasons.... This is where accessibility comes in handy, because accessibility lets you specify whether you want your hook to be an injected or non-injected one. What looks like a silly trick is actually a necessary feature for accessibility in Windows.
|
|
|
|
|
There’s a treasure trove of excellent yet ancient games made for DOS that are nearly unplayable on modern computers. Awesome games like the Lucasarts SCUMM adventures, the original Civilization and SimCity, Starflight, the King’s Quest series and even Leisure Suit Larry aren’t played much today because of the near impossibilities of getting them to run on modern hardware or setting up an emulator with proper sound. Patrick has been doing his best to help out classic gamers with an x86 emulator for the Raspberry Pi. It’s designed to be a very capable DOS box with 20 MB of extended memory, a 640×480 display with 256 colors, an ~20MHz 486 emulated CPU, and a Soundblaster 2.0 sound card. Fascinating discussion of DOS emulators in the comments.
|
|
|
|
|
Turing patterns are a perennial favorite among science writers, especially in light of the 100th anniversary of Turing’s birth last year. Also? Pretty! And narrative angles like why the tiger has stripes play to broad audiences, so editors love them too. Scientists, on the other hand, have mixed feelings about Turing’s little foray into mathematical biology.... Turing was a mathematician, first and foremost, and his proposed mechanism is (by his own admission) a highly simplified and idealized take on a messy, complicated system. LSD, hallucination patterns and... Alan Turing? Sure, why not...
|
|
|
|
|
Algorithms and their complexity often occur in critical parts of computer systems, but I find that few engineers have a good understanding of how a O(n!) algorithm compares to a O(n^5) one. In the coding contest world, competitors think about these tradeoffs all the time. No wonder, there's a set of numbers every algorithm designer should know. The table below shows the limits that can be reached in a few seconds by algorithms of different complexities, n being the input size. I've added some algorithms and data structure examples for each complexity class. 8: the weight, in pounds, of the head you'll bang against a desk while debugging code.
|
|
|
|
|
Earlier this month I posted my review of the TECK, an ergonomic keyboard with mechanical switches that’s looking to attract users interesting in a high quality, highly ergonomic offering and don’t mind the rather steep learning curve or the price. The TECK isn’t the only such keyboard, of course, and I decided to see what other mechanical switch ergonomic keyboards I could get for comparison. Next up on the list is the granddaddy of high-end ergonomic keyboards, the Kinesis Contour Advantage. Ergo keyboards and trackballs are great for keeping people from using your computer, if nothing else.
|
|
|
|
|
In his March 16, 2013 opinion column on CNN.com, Bruce Schneier called the Internet a “surveillance state”. In the piece, Schneier complains that the Internet now serves as a platform which enables massive and pervasive surveillance by the state. State sponsored and ordained surveillance, however, is not synonymous with the Internet. Schneier’s use of the word ‘state’ is ill-advised, his goading conclusion thereby misses the mark. It's a shame he didn't use the interwebs for niceness instead of evil.
|
|
|
|
|
Launching a new mobile OS is a difficult project since the market leaders, Android and iOS, have such a big lead. Even Microsoft, with its near-infinite financial resources and vast ecosystem of complementary products, has struggled to gain traction. And new entrants face a chicken-and-egg problem: developers don't want to write apps for a platform without many users, while users don't want to buy a phone without many apps. Mozilla, the non-profit foundation behind Firefox, believes it can tackle this dilemma. Welcome to the mobile OS formerly known as "web pages".
|
|
|
|
|
Many veteran developers have learned their lesson and given up on iCloud’s Core Data syncing entirely. "Ultimately, when we looked at iCloud + Core Data for [our app], it was a total no-go as nothing would have worked," said one best-selling iPhone and Mac developer. "Some issues with iCloud Core Data are theoretically unsolvable (stemming from the fact that you’ve put an object model on top of a distributed data store) and others are just plain bugs in the implementation," he said. Syncing alternatives exist, but none of them live up to the goals iCloud set out to achieve nearly two years ago... Apple needs to finish writing this syncing ship.
|
|
|
|
|
One of the guys who works on Windows Azure Mobile Services gave me a demo of its support for iOS. What? Microsoft supporting iOS? What? That isn’t the Microsoft (I thought) I knew. Once I got over the shock, I expected that I’d have to write code in C# (a Microsoft language), that services would run behind IIS (a Microsoft webserver), and that I’d have to use Visual Studio (a Microsoft developer tool) on Windows, which I don’t have. That would be typical Microsoft, right? Instead: The code is JavaScript, the webserver is Node.js, and I can write code in any text editor. No Microsoft things. The company even released some related code as open source and put it on GitHub. Microsoft noticed the world outside Redmond, and it likes it.
|
|
|
|
|
|
At any given time the Windows operating system is tracking statistics for the system and many of the processes / applications that are currently running on it. Things like the number of processors, how many threads are executing, how often the CLR is in garbage collection, the number of I/O operations being performed etc are all tracked through things called performance counters.... Reading performance counters involves using the PerformanceCounter class which you can find in the System.Diagnostics namespace. It takes the category, the counter name and optionally an instance. Perfmon? We don't need no stinkin' perfmon...
|
|
|
|
|
Let’s say you’re building your first API. Be it public, private, or some hybrid thereof, don’t be surprised if your first defect is date/time-related. Do not underestimate how much trouble you can get into when it comes to handling date and times. Here are some tips which might keep you out of this potential future. At the tone, it will be ISO-8601 o'clock.
|
|
|
|
|
I would definitely add: store UTC and UTC offset. [^]
This allows to regenerate the local time at origin ("it happened 12:00 their wall clock") and the local time at the receiver ("it happened when we switched to a new server").
|
|
|
|
|
I've been able to quote the "rules" from SOLID word for word this past half-decade quite easily, but my relationship and understanding of how these seemingly innocuous statements impact my code has changed over time much like my relationship and understanding of TDD. So, for the next 5 entries, I will jot down my current relationship with SOLID... Follow along this interesting series of posts by Rob Ashton on SOLID code.
|
|
|
|
|
One of ReSharper’s most notable features, Code Analysis, is now unleashed and ready to hunt for bad and dead code—without even opening Visual Studio. Dubbed as InspectCode, it is as simple as a command-line tool can be and requires a minimum of one parameter—your solution file. But as it runs it will apply all of ReSharper’s code inspections—that’s over 1,400 of them—to code in all languages supported by ReSharper! Hokey religions and ancient IDEs are no match for a good code analysis, kid.
|
|
|
|
|
Hello, world! Programs are usually written to make the text “Hello, world!” appear on a computer screen. This is also a basic sanity check for an installation of a new programming language. The first Hello World program appeared in chapter 1.1 of the first edition of Kernighan & Ritchie’s original book about C, ‘The C Programming Language’, in 1978. This is considered to be the first ever “Hello World!” program. Greetings, from 4DOS Batch to Yorick.
|
|
|
|
|
oh noes wheres brainfuck and Beatnik and Haifu
is this a signature ?
|
|
|
|
|
C# is listed twice. and LOLCODE is missing
|
|
|
|
|
|
I know. If you wanted to be a lawyer, you would have gone to law school instead of spending your nights poring over K&R. Tough. In 2013, if you're an open source programmer you need to know a few things about copyright law. If you don't, bad things can happen. Really bad things. This humorous subhead is licensed under The Code Project Open License (CPOL).
|
|
|
|
|
One of the key problems is that software patents are essentially patents on mathematical algorithms -- sets of instructions for carrying out a calculation. Since it has long been a principle that you can't patent mathematical formulae or laws of nature, there is a tension there: if software is just mathematics, why should you be able to patent it at all? New Scientist points to an interesting article in the April 2013 issue of Notices of the American Mathematical Society, in which David A. Edwards proposes a radical way of solving that conundrum.... In particular, he believes it should be possible to patent mathematics, and hence software. It's impossible to calculate how much harm these patents would cause... because the formula is patented.
|
|
|
|
|