Bjarne Stroustrup's C++ Style and Technique FAQ

These are questions about C++ Style and Technique that people ask me often. If you have better questions or comments on the answers, feel free to email me (bs@research.att.com). Please remember that I can't spend all of my time improving my homepages.

For more general questions, see my general FAQ.

For terminology and concepts, see my C++ glossary.

Please note that these are just a collection of questions and answers. They are not a substitute for a carefully selected sequence of examples and explanations as you would find in a good textbook. Nor do they offer detailed and precise specifications as you would find in a reference manual or the standard. See The Design and Evolution of C++ for questions related to the design of C++. See The C++ Programming Language for questions about the use of C++ and its standard library.

    Topics:

• • Getting started
  • Classes
  • Hierarchy
  • Templates and generic programming
  • Memory
  • Exceptions
  • Other language features
  • Trivia and style

• Getting started:
  • How do I write this very simple program?
  • Can you recommend a coding standard?
  • How do I read a string from input?
  • How do I convert an integer to a string?
• Classes:
  • How are C++ objects laid out in memory?
  • Why is "this" not a reference?
  • Why is the size of an empty class not zero?
  • How do I define an in-class constant?
  • Why isn't the destructor called at the end of scope?
  • Does "friend" violate encapsulation?
  • Why doesn't my constructor work right?
• Class hierarchies:
  • Why do my compiles take so long?
  • Why do I have to put the data in my class declarations?
  • Why are member functions not virtual by default?
  • Why don't we have virtual constructors?
  • Why are destructors not virtual by default?
  • What is a pure virtual function?
  • Why doesn't C++ have a final keyword?
  • Can I call a virtual function from a constructor?
  • Can I stop people deriving from my class?
  • Why doesn't C++ have a universal class Object?
  • Do we really need multiple inheritance?
  • Why doesn't overloading work for derived classes?
  • Can I use "new" just as in Java?
• Templates and generic programming:
  • Why can't I define constraints for my template parameters?
  • Why can't I assign a vector<Apple> to a vector<Fruit>?
  • Is "generics" what templates should have been?
  • why use sort() when we have "good old qsort()"?
  • What is a function object?
  • What is an auto_ptr and why isn't there an auto_array?
  • Why doesn't C++ provide heterogenous containers?
  • Why are the standard containers so slow?
• Memory:
  • How do I deal with memory leaks?
  • Why doesn't C++ have an equivalent to realloc()?
  • What is the difference between new and malloc()?
  • Can I mix C-style and C++ style allocation and deallocation?
  • Why must I use a cast to convert from void*?
  • Is there a "placement delete"?
  • Why doesn't delete zero out its operand?
  • What's wrong with arrays?
• Exceptions:
  • Why use exceptions?
  • How do I use exceptions?
  • Why can't I resume after catching an exception?
  • Why doesn't C++ provide a "finally" construct?
  • Can I throw an exception from a constructor? From a destructor?
  • What shouldn't I use exceptions for?
• Other language features:
  • Can I write "void main()"?
  • Why can't I overload dot, ::, sizeof, etc.?
  • Can I define my own operators?
  • How do I call a C function from C++?
  • How do I call a C++ function from C?
  • Why does C++ have both pointers and references?
  • Should I use NULL or 0?
  • What's the value of i++ + i++?
  • Why are some things left undefined in C++?
  • What good is static_cast?
  • So, what's wrong with using macros?
• Trivia and style:
  • How do you pronounce "cout"?
  • How do you pronounce "char"?
  • Is ``int* p;'' right or is ``int *p;'' right?
  • Which layout style is best for my code?
  • How do you name variables? Do you recommend "Hungarian"?
  • Should I use call-by-value or call-by-reference?
  • Should I put "const" before or after the type?

Read more: Bjarne Stroustrup
QR:

Posted via email from Jasper-net

10 Immutable Laws of Security

Here at the Microsoft Security Response Center, we investigate thousands of security reports every year. In some cases, we find that a report describes a bona fide security vulnerability resulting from a flaw in one of our products; when this happens, we develop a patch as quickly as possible to correct the error. (See "A Tour of the Microsoft Security Response Center"). In other cases, the reported problems simply result from a mistake someone made in using the product. But many fall in between. They discuss real security problems, but the problems don't result from product flaws. Over the years, we've developed a list of issues like these, that we call the 10 Immutable Laws of Security.

Don't hold your breath waiting for a patch that will protect you from the issues we'll discuss below. It isn't possible for Microsoft—or any software vendor—to "fix" them, because they result from the way computers work. But don't abandon all hope yet—sound judgment is the key to protecting yourself against these issues, and if you keep them in mind, you can significantly improve the security of your systems.

On This Page

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea

Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore

It's an unfortunate fact of computer science: when a computer program runs, it will do what it's programmed to do, even if it's programmed to be harmful. When you choose to run a program, you are making a decision to turn over control of your computer to it. Once a program is running, it can do anything, up to the limits of what you yourself can do on the computer. It could monitor your keystrokes and send them to a website. It could open every document on the computer, and change the word "will" to "won't" in all of them. It could send rude emails to all your friends. It could install a virus. It could create a "back door" that lets someone remotely control your computer. It could dial up an ISP in Katmandu. Or it could just reformat your hard drive.

That's why it's important to never run, or even download, a program from an untrusted source—and by "source," I mean the person who wrote it, not the person who gave it to you. There's a nice analogy between running a program and eating a sandwich. If a stranger walked up to you and handed you a sandwich, would you eat it? Probably not. How about if your best friend gave you a sandwich? Maybe you would, maybe you wouldn't—it depends on whether she made it or found it lying in the street. Apply the same critical thought to a program that you would to a sandwich, and you'll usually be safe.

Read more: TechNet
QR:

Posted via email from Jasper-net

Superman vs. Google+

Read more: AllThingsD
QR:

Posted via email from Jasper-net

Kernel.org Compromised

There is a note posted on the main kernel.org page, that kernel.org has been compromised earlier this month: 'Earlier this month, a number of servers in the kernel.org infrastructure were compromised. We discovered this August 28th. While we currently believe that the source code repositories were unaffected, we are in the process of verifying this and taking steps to enhance security across the kernel.org infrastructure.' The note goes on to say that it is unlikely to have affected the source code repositories, due to the nature of git.

Read more: Slashdot
QR:

Posted via email from Jasper-net

Three commands you should know to evaluate the performance of your Unix (Linux / OSX) workstation

Three Things are to consider: CPU, Input/Output (I/O), RAM, so three tools to know. Today we focus on  this⇓ ( this is an ascii arrow, and underneath that’s a CPU )

Packages to install for this article:
Debian/Ubuntu:

apt-get install sysbench

FreeBSD:

cd benchmarks/sysbench ;  make install

OSX / Other Unix ( via pkgsrc ) :

cd benchmarks/sysbench ; bmake install

The need to have a single indicator to measure the performance of your computer stems from the 90′s, when PC vendors started to use the Frequency of the processor as a practical way to tell the public “This new computer is way faster than your 3 years old  antiquity” Needless to say, non-PC makers were quickly to dismiss this Mega Herz Myth and were somehow right.
Sufficient to say if you boot a Intel Core 1,5 Ghz, it will be two times faster than a Pentium IV 3 Ghz, not the other way round.

To benchmark the CPU we will use sysbench, a utility designed to benchmark mysql, which besides simulating OLTP transactions, can also do pure CPU benchmarking. In this mode sysbench will calculate all prime number up to 10 000, and count the time spent doing that. To be honest, I have no idea how much prime number calculation is accurate if you want to benchmark your CPU, but I know prime numer calculations are heavily used in openssl and gpg, which means SSH and HTTPS, things we use everyday.

This shell one liner runs 4 sysbench tests in a loop, each time with an increasing number of threads, up to 4 of them. Why that ? Because CPU makers keep on adding more cores to the same CPU socket. At each new CPU generation cores are not so much faster, but you get always more of them !

Let us copy this in a terminal window (just copy it like this, do not care about line breaks )

for THREADS in 1 2 3 4
do printf "threads: $THREADS"
sysbench --test=cpu --cpu-max-prime=10000 \
--num-threads=$THREADS run | grep "total time:"
done

Read more: jimssquare
QR:

Posted via email from Jasper-net

.NET Micro Framework 4.2 RC2 Now Released

We released RC2 of the .NET Micro Framework 4.2 on CodePlex yesterday. The .NET Micro Framework as an Apache-licensed open source project run by Colin Miller's team in the Developer Division at Microsoft.

Read more: 10Rem.Net
QR:

Posted via email from Jasper-net

How to Create Better Unit-Testing with Microsoft Moles Framework

Introduction

Unit testing is something that we all do, even if we don't really use any framework for that such as MS Test or NUnit. If we're writing class library we usually create another console application project to test the methods and the behavior of the new classes.

You can read my previous post about writing TDD and unit tests in Microsoft Visual Studio 2010 here.

One of the goals of unit testing is isolation. When we unit test a method, we usually want to check that it behaves as accepted, without any other objects to interfere. For example, let's take a very simple scenario:

We want to test GetInfo method (in Manager Class inside our BL) that calls GetFileContent method in DAL library.

BL GetInfo Implementation

When we test GetInfo, we want to check that it returns a valid result according to our inputs, but we also want to achieve isolation – meaning, we don’t want to be depend on ResouceReader object. We don't want our test to pass or fail due to GetFileContent result. How can we achieve this? How can we achieve isolation?

Before Moles Framework

In order to detour DAL.ResourceReader.GetFileContent method, we need to somehow replace the real DAL object (m_dal) in the BL.Manager object to a fake one that its implementation of GetFileContent is no more than 1 safe line… By saying "safe" I mean that it won't do anything "dangerous" such as reading from a resource that can\might fail. Because our ResourceReader class is implementing an interface (IResourceReader), we can create a new class in the test project that implements IResourceReader and its GetFileContent. Then we can use Private Accessor of the Manager object to set m_dal to our fake object.

Read more: Roy Rosenberg Part 1, Part 2
QR:

Posted via email from Jasper-net

Details of the RSA Hack

We finally have some, even though the company isn't talking:

    So just how well crafted was the e-mail that got RSA hacked? Not very, judging by what F-Secure found.

    The attackers spoofed the e-mail to make it appear to come from a "web master" at Beyond.com, a job-seeking and recruiting site. Inside the e-mail, there was just one line of text: "I forward this file to you for review. Please open and view it." This was apparently enough to get the intruders the keys to RSAs kingdom.

    F-Secure produced a brief video showing what happened if the recipient clicked on the attachment. An Excel spreadsheet opened, which was completely blank except for an "X" that appeared in the first box of the spreadsheet. The "X" was the only visible sign that there was an embedded Flash exploit in the spreadsheet. When the spreadsheet opened, Excel triggered the Flash exploit to activate, which then dropped the backdoor -- in this case a backdoor known as Poison Ivy -- onto the system.

    Poison Ivy would then reach out to a command-and-control server that the attackers controlled at good.mincesur.com, a domain that F-Secure says has been used in other espionage attacks, giving the attackers remote access to the infected computer at EMC. From there, they were able to reach the systems and data they were ultimately after.

Read more: Bruce Schneier
QR:

Posted via email from Jasper-net

Microsoft Windows 8 Storage Format Support Details Revealed

Microsoft is continuing its public deep-geek dive into the particulars of Windows 8, with a new corporate blog entry focusing on the upcoming operating system’s easy interoperability with two popular file-storage formats.

“The trend of incredibly large- and small-form-factor hard discs means we can store ever increasing amounts of data without worrying about running out of capacity,” Rajeev Nagar, group program manager for Windows’ Storage and File Systems team, wrote in an Aug. 30 posting on the Building Windows 8 blog. “Windows 8 enables easy access to the contents of two important storage formats, ISO and VHD files.”

ISO stands for International Organization for Standardization, which publishes standards for organizing content on media such as DVDs. With these standards in place, that content is transferrable between systems such as a laptop and a DVD player. “An ISO file is simply a disc image as a file, composed of all the contents of a CD-ROM or DVD disc,” Nagar wrote. “You can also think of an ISO file as a full-fidelity image (digital copy) of the optical disc.”

But discs themselves aren’t exactly in vogue, thanks to the growing popularity of cloud computing and other new technologies. Optical drives also aren’t exactly an omnipresent hardware feature in tablets, and more manufacturers have begun discarding them from ultra-thin laptops.

Read more: MICROSOFT GULF COMMUNITY BLOG
QR:

Posted via email from Jasper-net

Windows Azure Toolkits for Devices now in Android flavor too!

I am tremendously pleased to share that today we have released the Windows Azure Toolkit for Android! We announced our intentions to build a toolkit for Android back in May, and it had always been our intention to release this summer (we only missed by a week or so).

In addition to this release of Android, we have also:

    Released the Windows Azure Toolkit for Windows Phone (v1.3.0)
    Released the Windows Azure Toolkit for iOS (v1.2.1)
    Released a new Windows Phone sample called BabelCam both as source code and to the Windows Phone Marketplace

These releases complete our coverage of the three device platforms we intended to cover earlier this year when we started our work – Windows Phone, iOS, and Android.

Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Windows Azure Toolkits for Devices – Now With Android!
QR:

Posted via email from Jasper-net

A new Objective-C library for a new generation of APIs

Four years ago, we introduced an Objective-C library for Google Data APIs. At first, it supported a scant three services - Google Base, Calendar, and Spreadsheets. Perhaps more surprising is that it was written just for Mac applications; the iPhone SDK was still a year off. In the years since, the library has grown to support 16 APIs, and has been used in many hundreds of applications. In a fine example of unforeseen consequences, most of those applications run not on the Mac but on iOS.

The Google Data APIs were built on XML and the Atom Publishing Protocol, a reasonable industry standard for the time. But mobile, low-power, and bandwidth-limited computers are now the biggest audience for client software. Across the Internet, XML and AtomPub have given way to the lighter-weight JSON data interchange format.

Other fundamental changes have also shifted the API landscape. Password-based authentication is being supplanted by the more secure and flexible OAuth 2 standard. The number of APIs has grown dramatically, making it impractical to hand-craft data classes for all APIs and all languages. When services offer API improvements, developers want access to those changes as quickly as possible.

To support this evolving world, we are introducing a brand new library for Cocoa developers, the Google APIs Client Library for Objective-C. The library supports recent Google JSON APIs, including Tasks, Latitude, Books, URL Shortener, and many others. It is designed to make efficient use of the device’s processor and memory, so it’s a great fit for iOS applications.

Read more: Google code blog
QR:

Posted via email from Jasper-net

Global Mouse and Keyboard Hooks .NET Libary in C#

Short Project Description
This library allows you to tap keyboard and mouse and to detect and record their activity even when an application is inactive and runs in background.

This library attaches to windows global hooks, tracks keyboard and mouse clicks and movement and raises common .NET events with KeyEventArgs and MouseEventArgs, so you can easily retrieve any information you need:

    Mouse coordinates
    Mouse buttons clicked
    Mouse wheel scrolls
    Key presses and releases
    Special key states

Background
The library is a successor of my CodeProject article Processing Global Mouse and Keyboard Hooks in C# http://www.codeproject.com/KB/cs/globalhook.aspx. This article was posted in 2004 and updated in 2006 and 2008. With nearly 2.000.000 views and over 25.000 downloads it became quite popular. During all this time until now I receive a lot of positive feedback and recommendations. There where also many useful contributions which where usually posted as code snippets in forum.

Read more: Codeplex
QR:

Posted via email from Jasper-net

שישה מיתוסים שצריך לשבור לפני שבוחרים את שיטת ניהול פרויקטי תוכנה הנכונה לך

אחרי שדיברנו על כיצד לעשות ארכיטקטורת תוכנה בצורה טובה יותר, הגיע הזמן לפתוח את הקלפים ולראות איך אנחנו מביאים תוצר עובד שמתאים לארגון שאנחנו עובדים בו.
אמנם דיברנו כבר בעבר על כלי הפיתוח הנכונים, איך מגייסים את אנשי הפיתוח הנכונים ואיך מכשירים מהנדסי תוכנה, אבל הפעם נדבר על תרבות ארגונית, צרכים עסקיים ואיך זה מתחבר לקוד שאנחנו כותבים.
 
מיתוס מספר 1: כל פרויקטי התוכנה נכשלים
לא כל הפרויקטים נכשלים. אבל סטטסיטקות מעודכנות של Standish Group מצביעות ש - 95% מהפרויקטים שנמשכים מעל שנתיים נכשלים! אלו כמובן החדשות הרעות. החדשות הטובות הן שאם נבין למה יש 5% שמצליחים, נוכל לבצע את הדברים הנכונים גם אצלנו. לשם כך נצטרך לשבור כמה מיתוסים.

מיתוס מספר 2: פרויקטים נכשלים כי אין להם מספיק משאבים
הוספת שולי בטחון לפרויקט והגדלת רמות הניהול (שמתרגמות בסופו של דבר לדיוני סטטוס בני שעתיים שבהם חצי מהאנשים המשתתפים לא רלוונטיים), תגרומנה באופן פרדוקסאלי להגדלת הפרויקט ולפי הגרף לעלייה בסיכוי לכשלון. אם נעיף מבט נוסף בגרף נראה שפרויקטים קצרים מגיעים ל - 60% הצלחה, ולכן הפתרון לעיתים יהיה להקטין את הפרויקט: הקטנת תכולה, הקטנת זמנים, פישוט ארכיטקטורת התוכנה וקיצור יעדים.
 
מיתוס מספר 3: יש רק שיטת ניהול פרויקטים אחת והיא עובדת לכל פרויקטי התוכנה
בקורסי ניהול פרויקטים מתרכזים בעיקר בשימוש בגאנט וניהול פרויקטים בשיטה הקלאסית Waterfall. בשנים האחרונות החלו להופיע מספר שיטות חדשות שמביאות מענה לצרכים עסקיים שונים של חברות. הראשונה בהן היא מתודולוגיית ה - Agile המתמקדת בעבודה עסקית בסבבים קצרים יותר, תוך שימוש בהיזון חוזר מהסביבה (אנחנו נעסוק בה בפוסטים הבאים, אבל בינתיים מומלץ שתעיפו מבט בבלוג המצויין של אלעד סופר שעורך גם את מפגשי ה - Agile practitioners IL). מתוך מתודולוגיה זו צמחה שיטת ה - SCRUM שדוגלת בשחרור גרסאות עובדות מדי 2-5 שבועות. שיטה חדשה עוד יותר שהופיעה רק בשנתיים האחרונות היא ה - Continuous Deployment. שיטה זו מוטמעת כבר במספר חברות בישראל ודוגלת בשחרור גרסאות לייצור מסביב לשעון (או בעברית פשוטה יותר עשרות גרסאות חדשות בייצור מדי יום). השיטה הזאת מתאימה בעיקר לגופי תוכנה שמספקים שירות ללקוחות פנימיים או חיצוניים וגם בה נדון בשבועות הקרובים.
 
מיתוס מספר 4: אני מנהל פיתוח בסטארט אפ, השיטה הזאת לא מתאימה לי, היא מתאימה רק לחברות גדולות!
אז זהו, שלא כל החברות זהות, גם אם מספר העובדים בהן דומה ואפילו אם הן עוסקות באותו ענף. ההחלטה על שיטת ניהול פרויקטי התוכנה צריכה להלקח על בסיס מאפייני הארגון, צוואר הבקבוק הארגוני שלו והתרבות הארגונית. אם הכוונה שלך במילה סטארט אפ היא "חברה ללא הררכיה מסודרת עם רמת הגדרת מוצר נמוכה, חוסר ודאות לצרכי המשתמשים ותרבות ארגונית שמבוססת על ניצול הזדמנויות" אז ככל הנראה החסם שלכם בארגון הוא השוק וההיזון החוזר ממנו. אמנם תיאור זה מאפיין ארגונים של 3 אנשים שייסדו את החברה לפני חודש עם מושג מועט לגבי השוק, אבל הוא גם מאפיין חברות גדולות בהרבה (דוגמה טובה לכך תמצאו בפוסט על השלבים הראשונים בפיתוח מוצר ב - Google).

Read more: הבלוג הפתוח למנהל הפיתוח
QR:

Posted via email from Jasper-net

20 Useful Free PSD files and Templates

 

Are you searching new PSD stuff for you next project? After a long time here is a roundup of 20 beautiful as well as useful PSD files which you can download for free.

Each PSD pack is unique in its own way; you can click on the link and download the file from its original source. If you liked this post then feel free to comment and share with your friends.

Read more: MachoArts
QR:

Posted via email from Jasper-net

Android continues to grow, now makes up 42% of U.S. smartphone market

Earlier this morning, comScore released their quarterly report of the U.S. smartphone market for the three month period ending July 31. The report measures market share across three segments of the mobile market: manufacturers, platform (operating system), and service use.

Manufacturers

When it comes to cell phone manufacturers for both smartphones and non-smartphones, Samsung continued to hold the lead with 25.5%, up 1% from the period ending April 2011. LG and Motorola round out the top three, with 20.9% (+0.0%) and 14.1% (-1.5%) respectively. Apple found itself in the 4th spot with a 9.5% share (+1.2%), and struggling RIM dropped to 7.6% (-0.6%).

Sadly, comScore did not report the market share for only smartphone manufacturers, which is what we as Android users are really interested in. It is, however, nice to see manufacturers that make Android smartphones in the top 3 spots overall.

Read more: Android and Me
QR:

Posted via email from Jasper-net

42 Outstanding FREE UI Kits for Web Designers

Introduction

Internet is full of freebies for web designers and developers. Today, we will be covering 42 free UI Kits and templates. All of them are editable in PSD format and mostly covering all of the basic UI elements such as textfield, checkboxes, radio buttons, buttons, drop down menu and some other cover extensive list of elements.

Well, you might say, "They're gorgeous! But what can I do with it?". The simplest way to use it - Prototyping. You can create wireframe/prototype to present your idea to your client. You also can use this UI kit to reskin HTML/Software/App form.

Mac and Windows platforms, they both render the form interface differently, and it's inconsistant in different browsers as well. So, I have found a few tools, tutorials that might able to give you a head start to make sure you know what to do with these beautiful and nicely done User Interface Kit.

However, you will need to do a little bit of investigation to integrate it. But once you've figure it out, you will have an amazing form in your website!

Read more: Queness
QR:

Posted via email from Jasper-net

Google blacklists 247 certificates. Is it related to DigiNotar hacking incident?

After yesterday's news concerning the fake certificate found in Iran that allowed an attacker to impersonate Google.com, Vasco, the parent company of certificate authority DigiNotar, released a statement explaining what happened.

As is usually the case with security incidents, the statement was light on details, but claims the certificate authority was hacked and certificates for a "number of domains" were signed by the hackers using their root certificate.

Certificate authorities are "trusted" entities who validate the certificates that allow people to create encrypted connections to web servers.

They are responsible for confirming the identity of the entity requesting a certificate so that people are unable to impersonate other people's servers.

DigiNotar discovered they were hacked on July 19th, but the intrusion began at least as early as July 10th, 2011.

They performed an audit and revoked what they thought were all of the fraudulently issued certificates, but somehow missed one that was created to impersonate Google.

Read more: Naked security
QR:

Posted via email from Jasper-net

Apache 2.2.20 released to fix DoS vulnerability

This afternoon the Apache Foundation released an awaited fix to the denial of service (DoS) vulnerability reported a few days ago.

The fixes in version 2.2.20 of the Apache httpd server reduce the amount of memory that is used by range requests. If the total bytes of a file requested exceed the total file size, httpd will return the entire file.

This follows closely on the heels of a tool released to the Full Disclosure mailing list this week that exploits the flaw.

Read more: Naked security
QR:

Posted via email from Jasper-net

Bring Your Desktop to the Wild Side with the Safari Theme for Windows 7

Do you love animals? Then you will definitely want to download this beautiful theme featuring wildlife from across the world. The theme comes with 40 Hi-Res wallpapers, wild animal icons, and custom sounds to make your desktop come alive with wildlife.

Read more: How-to geek
QR:

Posted via email from Jasper-net

Akamai Employee Tried To Sell Secrets To Israel

    A 43-year-old former Akamai employee has pleaded guilty to espionage charges after offering to hand over confidential information about the Web acceleration company to an agent posing as an Israeli consular official in Boston. Starting in September 2007, Elliot Doxer played an elaborate 18-month-long game of cloak-and-dagger with James Cromer, a man he thought was an Israeli intelligence officer. He handed over pages and pages of confidential data to Cromer, providing a list of Akamai's clients and contracts, information about the company's security practices, and even a list of 1,300 Akamai employees, including mobile numbers, departments and e-mail addresses. Doxer delivered the information to a dead drop box 62 times. His motivation: To help Israel and to get information on his son and estranged wife, who lived outside the U.S., prosecutors said in court filings. Doxer faces 15 years in prison on the charges.

Read more: Slashdot
QR:

Posted via email from Jasper-net

Stupid Geek Tricks: Hacking the Windows Experience Index

If you’ve ever checked your Windows Experience Index, you might wonder whether you can increase these numbers without buying a new PC. Today we’re going to show you how to hack the WEI to show whatever numbers you want.
Why You Might Want To Do This

So you might be wondering why in the world would you want to do this, firstly the Windows Experience Index has an API that programs can use to enable functionality. This means that if your score is too low, some parts of a program may have dumbed down functionality or even be completely disabled. You could use this hack to trick your system into allowing you to use features. Additionally if you are really geeky, like we are, you can use it to cheat in a benchmark test against your friends.
Hacking The XML File

The first method, and the most fun, requires some knowledge of XML files, however if you follow this tutorial you will be fine. So lets get started.

You are going to have to navigate to C:\Windows\Performance\WinSAT\DataStore

Read more: How-to geek
QR:

Posted via email from Jasper-net

Best Procrastination Tip Ever

Your first thought as you look at this article will be, “I’ll read this later.”

But don’t. Let the urge to switch to a new task pass. Read this now.

It’ll take you two minutes. It’ll save you countless hours.

I’ve written the book on ending procrastination, but I’ve since come up with a very simple technique for beating everyone’s favorite nemesis. It is incredibly easy, but as with anything, it takes a little practice.

Try it now:

Identify the most important thing you have to do today.

Decide to do just the first little part of it — just the first minute, or even 30 seconds of it. Getting started is the only thing in the world that matters.

Clear away distractions. Turn everything off. Close all programs. There should just be you, and your task.

Sit there, and focus on getting started. Not doing the whole task, just starting.

Pay attention to your mind, as it starts to have urges to switch to another task. You will have urges to check email or Facebook or Twitter or your favorite website. You will want to play a game or make a call or do another task. Notice these urges.

Read more: zenhabits
QR:

Posted via email from Jasper-net

How can I get information about the items in the Recycle Bin?

For some reason, a lot of people are interested in programmatic access to the contents of the Recycle Bin. They never explain why they care, so it's possible that they are looking at their problem the wrong way.

For example, one reason for asking, "How do I purge an item from the Recycle Bin given a path?" is that some operation in their program results in the files going into the Recycle Bin and they want them to be deleted entirely. The correct solution is to clear the FOF_ALLOW­UNDO flag when deleting the items in the first place. Moving to the Recycle Bin and then purging is the wrong solution because your search-and-destroy mission may purge more items than just the ones your program put there.

The Recycle Bin is somewhat strange in that it can have multiple items with the same name. Create a text file called TEST.TXT on your desktop, then delete it into the Recycle Bin. Create another text file called TEST.TXT on your desktop, then delete it into the Recycle Bin. Now open your Recycle Bin. Hey look, you have two TEST.TXT files with the same path!

Now look at that original problem: Suppose the program, as part of some operation, moves the file TEST.TXT from the desktop to the Recycle Bin, and then the second half of the program goes into the Recycle Bin, finds TEST.TXT and purges it. Well, there are actually three copies of TEST.TXT in the Recycle Bin, and only one of them is the one you wanted to purge.

Okay, I got kind of sidetracked there. Back to the issue of getting information about the items in the Recycle Bin.

The Recycle Bin is a shell folder, and the way to enumerate the contents of a shell folder is to bind to it and enumerate its contents. The low-level interface to the shell namespace is via IShell­Folder. There is an easier-to-use medium-level interface based on IShell­Item, and there's a high-level interface based on Folder designed for scripting.

I'll start with the low-level interface. As usual, the program starts with a bunch of header files.

#include <windows.h>
#include <stdio.h>
#include <tchar.h>
#include <shlobj.h>
#include <shlwapi.h>
#include <propkey.h>

The Bind­To­Csidl function binds to a folder specified by a CSIDL. The modern way to do this is via KNOWN­FOLDER, but just to keep you old fogeys happy, I'm doing things the classic way since you refuse to upgrade from Windows XP. (We'll look at the modern way later.)

Read more: The Old New Thing
QR:

Posted via email from Jasper-net

WinDbg / i386kd Primer

A handful of people on my team are working with the Windows code base to ensure we don't break them with compiler changes, and since some of them were new to kernel debugging, I put together a rather quick introduction to windbg/i386kd. The slide deck can be found here.

Read more: Software Sleuthing
Read more: Example
QR:

Posted via email from Jasper-net

Twitter OAuth authentication using .Net

Introduction

In this article I want to demonstrate how to implement OAuth authentication in .Net. I've previously written about my dislike of third party SDKs for social media integration and how we should leverage technology based solutions instead. One of the sticking points in doing this tends to be that implementing OAuth based authentication is relatively difficult compared with actually making the requests themselves. There is documentation available, but there seems to be a lack of .NET example code to go with it.

In keeping with my thoughts in previous articles I would recommend using open source OAuth based libraries to solve this problem, and again avoid resorting to third party Twitter/Facebook implementations which more strongly couple code to specific APIs. This keeps the solution more reusable and builds on specific technologies to better future proof your application.

I've also previously shown how client-side plugins can be used in combination with server-side code to speed development in this area. However sometimes authentication does need to be implemented purely on the server-side.

So how difficult is this?

It turns out implementing OAuth on the server-side in .Net isn't too difficult, the battle is getting the encoding and authentication signature right. With so few examples it can be a little daunting, so here's an example written in pure .NET using the official Twitter OAuth documentation and a bit of trial and error.

Background

The following example shows how to authenticate against the Twitter APIs using a registered Twitter application. Any interaction with the APIs when authenticated in this manner will behave as if coming from the Twitter account under which the application has been registered. It's therefore useful for sending out status updates or sending out notifications from a specific account.

Usually OAuth requires redirecting the user to a login screen to obtain an oAuth token which requires a bit more work. However when authenticating via a Twitter application this step is skipped as your application already has an oAuth token provided (access token). Whether you are using the application oAuth token or a user oAuth token, the following code can be used to authenticate against the twitter APIs.

The Code

The first step is to visit the Twitter developer section and register a new application. On completion you will be provided with a set of public/private keys which you will need the replace in the example below in order to run. The values I have used directly correspond with the documented example here. Make sure you replace them with your own.

var oauth_token           = "819797-Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw";
var oauth_token_secret    = "J6zix3FfA9LofH0awS24M3HcBYXO5nI1iYe8EfBA";
var oauth_consumer_key    = "GDdmIQH6jhtmLUypg82g";
var oauth_consumer_secret = "MCD8BKwGdgPHvAuvgvz4EQpqDAtx89grbuNMRd7Eh98";

Read more: Codeproject
QR:

Posted via email from Jasper-net

Illusions theme by Josh Sommers free download available for Windows 7

“Optical illusions, planets of grass floating in impossible summer skies, and homages to M.C. Escher fill this free Windows 7 theme of weird and wonderful digital art by Josh Sommers.”

Read more: I'm PC
Read more: Theme
QR:

Posted via email from Jasper-net

.net OpenOffice Automation Library

Project Description
The .net OpenOffice Automation Library makes it easier for .net developers to control OpenOffice or LibreOffice through the automation interface. You'll no longer have to browse the Uno docs and call everything by refelction. It's developed in C#.

Creators comment
OOLib is far away from being complete. This project is mainly created for my needs.
This started as a very simple Delphi project which put all functionallity inte a hand full classes.
This project is a collection of wrapper classes for the OpenOffice UNO Services and interfaces.
Additionally some classes will be extended by some usefull utility functions.

What is missing

    The majority of classes (services) is not implemented.
    The implemented classes does not support all of the interfaces.
    So far I could not get the listeners working. I would like to map the listener events to classic .NET events. Any help here is appreciated.
    Testing in general
    Test/sample programs

What is done already

    Implementing some basic classes
    Implementing a lot of classes related to TextDocument

Read more: Codeplex
QR:

Posted via email from Jasper-net

Visual Studio 2010 Service Pack 1 Update, KB2529927, released fixing VS2008 -> VS2010SP1 Setup Project Migration GUID issue...

Migrating setup project from VS2008 to VS2010SP1 changes component GUIDs, which causes upgrades to fail

Version: 10.0
Date Published: 8/30/2011

Change Language: Chinese (Simplified) Chinese (Traditional) English French German Italian Japanese Korean Russian Spanish

KB Articles: KB2529927

VS10SP1-KB2529927-v2-x86.exe 2.0 MB

Overview

When you install the .msi file that is created from the Visual Studio 2010 SP1 Setup project, the .msi file determines that the GUID has changed. Therefore, the .msi file removes the files and registry keys for the installation path by using the sequence of the project. This issue occurs because a different hashing algorithm is used to create the Globally Unique Identifiers (GUIDs) in Visual Studio 2010 SP1.

To resolve this issue, apply this hotfix, and then set the new BackwardCompatibleIDGeneration property to True before you build the project.

This hotfix introduces the BackwardCompatibleIDGeneration property. By default, this property is set to False. Before you build the Setup project in Visual Studio 2010 SP1, you have to explicitly set the BackwardCompatibleIDGeneration property to True

Read more: Greg's Cool [Insert Clever Name] of the Day
Read more: Update for Microsoft Visual Studio 2010 Service Pack 1 (KB2529927)
QR:

Posted via email from Jasper-net

When to use T-SQL or SSIS for ETL

When doing ETL, you have the choice of using T-SQL or SSIS.  What things should you consider when deciding which one to use?  Here are some of the major design considerations to think about:

    Performance - With T-SQL, everything is processed within the SQL engine.  With SSIS, you are bringing all the data over to the SSIS memory space and doing the manipulation there.  So if speed is an issue, usually T-SQL is the way to go, especially when dealing with a lot of records.  Something like a JOIN statement in T-SQL will go much faster than using lookup tasks in SSIS.  Another example is a MERGE statement in T-SQL has much better performance than a SCD task in SSIS for large tasks
    Features/capabilities – Some features can only be done in either T-SQL or SSIS.  You can shred text in SSIS, but can’t in T-SQL.  For example, text files with an inconsistent number of fields per row can only be done in SSIS.  So certain tasks may force you into using one or the other
    Current skill set – Are the people in your IT department more familiar with SSIS or T-SQL?
    Ease of development/maintenance – Of course, whatever one you are most familiar with will be the easiest, but if your skills at both are fairly even, then SSIS is usually easier to use because it is graphical, but sometimes you can develop quicker in T-SQL.  For example, having to join a bunch of tables will require a bunch of tasks in SSIS, where in T-SQL it is one statement.  So it might be easier to create the tasks to join the tables in SSIS, but it will take longer to build then writing a T-SQL statement
    Complexity – SSIS can be more complex because you might need to create many tasks to accomplish your objective, where in T-SQL it might just be one statement, like in the example above for joining tables
    Extensibility – SSIS has better extensibility because you can create a script task that uses C# that can do just about anything, especially for non-database related tasks.  T-SQL is limited because it is only for database tasks.  SSIS also has logging, which T-SQL does not
    Likelihood of depracation/breaking changes – Minor issue, but T-SQL is always removing features in each release that will have to be rewritten
    Types/architecture of sources and destinations – SSIS is better if you have multiple types of sources.  For example, it works really well with Oracle, XML, flat-files, etc.  SSIS was designed from the beginning to work well with other sources, where T-SQL is designed for SQL Server and it requires more steps to access other sources, and there are additional limitations when doing so
    Local regulations – Are there some company standards you have to adhere to that would limit which tool you can use?

If you decide T-SQL is the way to go and you just want to execute a bunch of T-SQL statements, it’s still a good idea to wrap them in SSIS Execute SQL Tasks because you can use logging, auditing and error handling that SSIS provides that T-SQL does not.

Read more: James Serra's Blog
QR:

Posted via email from Jasper-net

Update the WPF UI now: how to wait for the rendering to finish ?

WPF is really awesome to build reactive applications and data binding is here to push useful information inside of the User Interface. All is done magically and it’s wonderfully simple to create an application without knowledge of the internals of the WPF’s rendering.

Now, I wan’t to talk about something which can useful in every WPF application : how to wait for the rendering UI to be done. This can also be rephrased to : “how to force the rendering after I performed an action ?“.

Why would I need this ?

You can find a lot of reasons to need this:

    You are doing a long-running job that can only be done on the UI thread (good bye BackgroundWorker) and you want to tell the user the progress of the task.
    The rendering of a control takes a lot of time to be done and you want to be sure that the “wait please” Textblock” is rendered instead of a white screen.
    You need to wait that the UI rendering following an action is done.
    You are a geek and you want to know how you can do this !
    You are adding a lot of items to a binded collection and you want to wait for the rendering of each added item to be done. By doing this, the data won’t seems to be push into the ItemsControl by packet but one by one. No apparent freeze of the UI. As pointed out by a lot of people, there is really better ways to do this.

Here is a non-exhaustive list of things that can only be done on the UI-Thread and which are time-consuming (if you have some others, please give me them in the comments):

    Create UI controls may be long(exemple),
    Im my previous project using Mogre 3D, I needed to initialize some parts of the 3D engine in the main UI Thread,
    Sometimes applying the content to a view is very long because the XAML is really complex (more to come on this in a later post),
    etc.

Please tell me how can I do this !

What is wonderful is that the solution takes only one little line of code. One line of code.

To keep it simple, the rendering of the UI is perform on the UI thread via the Dispatcher. It can be considered as a tasks processer, each of these task being assigned a priority. The rendering of the UI is one of these tasks and all you have to do is tell the Dispatcher: “perform an action now with a priority less than the rendering”. The current work will then wait for the rendering to be done.

Here is the snippet this sentence transposing in .Net:

Dispatcher.Invoke(new Action(() => { }), DispatcherPriority.ContextIdle, null);

Read more: Yet another blog about
QR:

Posted via email from Jasper-net

Working with AssemblyCatalog in MEF

MEF is a component defined in Base class library for extensibility. If you are really looking for writing something that extend itself at runtime, or that supports plugins to be attached to it, you should give MEF a try. You can read how MEF works from my post here. In this post I will demonstrate how to use AssemblyCatalog in MEF World.

A Catalog is a container that lists Parts where each Part is actually mapped to a Type which individually hosts a number of Exports in forms of ExportDefination and number of Import in forms of ImportDefinations. An AssemblyCatalog is actually a collection of TypeCatalogs where the Types are actually defined within one particular assembly.

Lets take a look at AssemblyCatalog using our previous code :

public class ExportContainer
{
[Export]
public string ExportName { get; set; }

[Export]
public string GetName()
{
return this.ExportName;
}

[Export]
public Action MyActionDelegate { get; set; }

}

Now if I use Assemblycatalog to load the Catalog into Parts we write :

static void Main(string[] args)
{
   AssemblyCatalog catalog = new AssemblyCatalog(Assembly.GetExecutingAssembly());

   Console.WriteLine(catalog.Parts.Count());

   Console.ReadKey(true);
}

Read more: Daily .Net Tips
QR:

Posted via email from Jasper-net

Accessing data in ISO and VHD files

The trend of incredibly large and small form-factor hard disks means we can store ever increasing amounts of data without worrying about running out of capacity. Windows 8 enables easy access to the contents of two important storage formats, ISO and VHD files. While we generally think of these formats when they appear on media, they are also very useful as files within a file system and that is where native support in Explorer comes in handy.
Working with ISO files

While optical discs continue to be useful in many situations, large hard disks allow us to decrease our dependence on them. Personally, I’ve spent a load of my time (legally) ripping about 900 GB worth of music, and more recently almost 1TB of home video DVDs into my collection. I know that my backup of our photos and home movies is probably the most important data in my house. Together with backups, storing the most basic things in my house now requires terabytes of space. Just a couple of years ago that was an unimaginable amount of storage. These days, however, I know I can buy a 3TB hard disk for less than $200.

Given cheap hard disks and our mobile lifestyle, we have little interest in carting around collections of discs. Also, we expect to be able to receive content as well as share and collaborate with friends, family, and colleagues in an instant – typically through online file transfers. Last but not least, our desire for thin and light form factors such as slates and ultra-mobile laptops often leaves no room for vendors to add optical disc drives. This is exactly the feedback we received from many of you who used Windows 7 – the ability to directly use ISO files (also known as ISO images) without requiring a physical CDROM or DVD drive is very important.

A quick refresher on ISO files might be helpful. ISO refers to the International Organization for Standardization which is an international standard-setting body, and a world leader in developing and publishing international standards. For the purpose of this blog entry, our interests lie in a couple of standards published by ISO, namely ISO-9660 and ISO-13346. Simply stated, these two standards each describe a method by which photos, video, applications, documents or other content (excluding CD audio) are organized on CDROM or DVD optical media. The reason for the popularity of these standards is they allow CDROM and DVD media content to be easily interchanged across systems from different vendors e.g. you can create a DVD on a Windows PC and read it in your living room DVD player. An ISO file is simply a disc image stored as a file, composed of all of the contents of a CDROM or DVD disc. You can also think of an ISO file as a full-fidelity image (digital copy) of the optical disc.

Read more: Building Windows 8
QR:

Posted via email from Jasper-net

Falsely issued Google SSL certificate in the wild for more than 5 weeks

Update: Mozilla have announced out of an abundance of caution that they are releasing new versions of Firefox, Firefox Mobile and Thunderbird to revoke the trust of DigiNotar's root certificate for signing certificates.

I presume this is because DigiNotar has not explained how the Google certificate was signed and to prevent further abuse. This could cause issues for websites who have purchased certificates from DigiNotar.

It remains to be seen whether other browsers will follow in Mozilla's foot steps, but it may be prudent to remove DigiNotar from your trusted certificates until there is further clarification.

Update 2: Google is following Mozilla's lead by marking DigiNotar untrusted in the next release of the Chrome OS (Chromium).

Original post: Reports surfaced this morning that accuse the government of Iran with trying to perform a man-in-the-middle attack against Google's SSL services.

Padlock keyA user named alibo on the Gmail forums posted a thread about receiving a certificate warning about a revoked SSL certificate for SSL-based Google services.

The certificate in question was issued on July 10th by Dutch SSL certificate authority DigiNotar. DigiNotar revoked the certificate today at 16:59:03 GMT, but many browsers do not check for revoked certificates by default.

Rogue Google certificateThe certificate was valid for *.google.com and raises serious questions about who the certificate was issued to, and how it was signed.

Read more: Naked security
QR:

Posted via email from Jasper-net

Windows 8: Improvements in Windows Explorer

Windows 8 is about reimagining Windows, so we took on the challenge to improve the most widely used desktop tool (except maybe for Solitaire) in Windows. Alex Simons on the program management team authored this post with a detailed look at the evolution of Explorer and the major improvements to its interface and functionality for Windows 8. Judging by the passion on file operations and user interface design, we know this is an important subject so we expect a pretty engaged dialog on the topic. We put this in one lengthy post, will watch the comments and dialog, and down the road we'll continue the discussion.
-- Steven

It’s exciting to have this opportunity to share the improvements we’re making to the file management capabilities of Windows Explorer. Explorer is one of the most venerable parts of Windows with a heritage you can trace back to the “MS-DOS Executive” in Windows 1.0!

The new ribbon

The Home tab is focused on the core file management tasks, and we’ve put all the major file management commands there in prominent locations: Copy, Paste, Delete, Rename, Cut, and Properties. We’ve also given new prominence to two popular heritage features, Move to and Copy to, along with exposing a hidden gem, Copy path, which is really useful when you need to paste a file path into a file dialog, or when you want to email someone a link to a file on a server.

The Home tab is the heart of our new, much more streamlined Explorer experience. The commands that make up 84% of what customers do in Explorer are now all available on this one tab:

Read more: Bink.nu
QR:

Posted via email from Jasper-net

Pirate Bay מציגה: שיתוף קבצים חוקי

מייסדי אתר הביטורנט הפופולארי Pirate Bay השיקו אתמול (ב') פלטפורמה לשיתוף קבצים בשם Bayfiles. לאחר שעזבו את תחום הטורנטים, שניים מהמייסדים המקוריים של האתר חוזרים עם מערכת שיתוף שמטרתה לכבד ולשמור על זכויות היוצרים של בעלי התכנים.
שיתוף חוקי

אתר Bayfiles עובד בדומה לאתרי שיתוף תכנים ידועים כגון RapidShare ו-MegaUpload. על ידי הקלקה אחת, המשתמשים יכולים להעלות קבצים אל שרתי האתר ולאחר מכן לשתף אותם עם חבריהם. אחת הסיבות העיקריות להשקת האתר החדש, היא לספק למשתמשים אופציה אמינה יותר לשיתוף ואחסון קבצים.

באתר עצמו אין תיבת חיפוש או ספריית קבצים, כך שלא ניתן למצוא תכנים שמשתמשים אחרים העלו. בנוסף, תנאי השימוש המופיעים ב-Bayfiles מבהירים כי תוכן המפר זכויות יוצרים של צד שלישי אינו מותר להעלאה ומשתמשים שינסו להעלות תכנים מסוג זה מספר פעמים, יחסמו מהאתר וחשבונם ימחק.

בראיון שערך אתר TorrentFreak, עם מייסד Bayfiles פרדריק ניי (Fredrik Neij) טען ניי כי שירותי ביטורנט הולכים ו"נחנקים" ואפילו מסוננים ישירות על ידי ספקיות האינטרנט, בעוד ש-HTTP לא. אופן האחסון והעברת קבצים ב-Bayfiles שומר על פרטיות המשתמשים ומבטיח להם כי המידע שלהם ישאר תמיד באוויר, כך שבמידה וירצו לשחזר גיבוי – הקובץ תמיד יהיה זמין. מעבר לכך, פרדריק מוסיף כי במידה ומשתמשים בוחרים לאחסן את קבצי ה-MP3 שלהם בשירות, הם יוכלו לגשת אליהם ואפילו לשמוע אותם בסטרימנג, דרך כל מכשיר שהוא.

כעת Bayfiles הוא אתר לאחסון ושיתוף קבצים, אך המקימים מתכננים להמשיך ולפתח אותו לשירות אחסון ענן, שיתפקד באופן דומה ל-Dropbox. כמו באתר Pirate Bay, המטרה הסופית היא להפוך את אופן שיתוף הקבצים ליעיל יותר.
נתונים טכניים

Bayfiles מציע עבור משתמשים שאינם רשומים, אפשרות לשתף קבצים בנפח של עד 250 מגה. משתמשים רשומים יכולים להעלות קבצים בנפח של עד 500 מגה, בעוד שמשתמשי פרימיום יכולים להעלות קבצים בנפח של עד 5 ג'יגה, ללא הגבלה במספר הקבצים שניתן להעלות.

Read more: newsGeek

QR:

Posted via email from Jasper-net