Comments on code when app is published problem - programming-languages

I wanted to ask you if it is right to leave comments within the code of an app that is about to be published. Could malicious users who want to analyze the source code immediately understand how it works?

When you publish a software you are not (supposed) to publish your code but only file.exe that you build from it, so the source code is not there as well as your comments, if you do publish your sorce code, from your own choice, then any one can understand it even without any comments, that is a open source software.
bottom line - you can leave your comments in the code when you publish your software.

Related

Klocwork - how to scan cross-platform projects?

We have a project with a single code base which we build both on Windows and Linux. And we want to run Klocwork code analysis on both Windows and Linux. Currently our approach is:
We have set up one KW project in the web UI
Inject and build on Linux, push the results to the server, save the report
Inject and build on Windows, push the results to the server, save the report
It somehow works, but the problem is that latter scan effectively overwrites results of the first one. If we save report directly after push, then we can still have a saved copy, but if developers want to triage/analyze the hit which is present only in the first build (i.e. some Linux-specific code), then it's almost impossible because KW has already marked this hit as "obsolete" (because it was not present in Windows scan)
Having two projects is not really an option, because 90% of the code is shared and it will cause huge overhead of developers to triage the same hits twice.
There are multiple options to achieve your goal.
Option 1: There is a tab under projects called Builds. That can give you the build chain report. here you can see the reports of previous builds.
Option 2: Are you using Klocwork desktop tools (Plugins/kwcheck)? If yes, developer will be notified automatically about the new defects/issues that he has produced at his machine. So there may be no question of reviewing Klocwork portal by a developer just to see what are all the issues he has created.
Option 3: I see you have mentioned 90% of the code has been shared. Is that meant, your project needs windows dlls and Linux libraries together to build your project?.
If the Answer is YES, please do let me know. i will think about some possible workarounds.
If the Answer is NO, then creating kwtables is one time job and from second time onwards Klocwork can perform incremental analysis (kwbuildproject ....... --incremental)
Option 4: Creating multiple project is not a bad option. Existing project settings can be replicated and the issue status can be sync. When you push the results to Klocwork server, the results will be pushed from Build Machine to Klocwork web/database server and it creates /projects_root/My_Project/builds/My_Build_Name/ directory. So, maintaining two Klocwork projects wont make much of a difference.
Option 5: Schedule a call with Klocwork support team. They will be happy to assist you with the best possible way.
I hope this helps.

How to synchronize source code from one TFS to another TFS

We are maintaining code for one of our clients.
Initially, we copied all the source code that they have and added it to our TFS 2012.
We modify the code any time they need a bug fix and give the client deployment packages.
Now, client wants all the latest code in their TFS 2012 as well.
Is there a way to update their source code with our changes? ...
preferably automatically (i.e. power shell script) and preferably with history of changes.
There are many approaches each with some pros and cons. The following are the main options I would suggest.
Database backup and restore
This is the only path that guarantees full fidelity. It has some technical difficulties (e.g. SQL Server version and editions) and political (how much information you care to expose, how much effort you want to put in sanitizing your data).
Project synchronization
There are some tools, most notably the Integration Platform, that use the API to read and reply the changes from one system to the other. It requires that the syncing tool can see both systems via HTTP(S).
It gives you the flexibility to project only some data (say source code not work items).
Keep in mind that you will always loose something in the process: the Changeset number will never match, some users details.
Dumb dump
Give up conserving full history and be content to share the code.
This is the simplest to implement: get all the code, ship and check into the other system. You can associate release notes in the check-in.
Two simple scripts using TF.exe is all you need.
You can use TFS Integration Tool to achieve the code migration(TFS-to-TFS). TFS Integration Tool moving data between two different servers. The migration is done through the APIs of TFS, and there also some limitations.(Check the above link for more info)
Detail steps please see my answer in this question: Move Team Project to another Project Collection TFS 2013

Unable to publish node js site to azure using Visual Studio 2013

I am publishing my node js site to azure using this tutorial - http://blogs.technet.com/b/sams_blog/archive/2014/11/14/azure-websites-deploy-node-js-website-using-visual-studio.aspx
I get the following error, as mentioned in one of the comments on the blog, any idea what this error is about and how do I fix this ? I am able to run my app locally no issues with that.
Error: InvalidParameter
Parameter name: index
P.s : the site is like a very basic "Hello world" kind of site, this is the first time I am using and deploying to azure too.
I created a new project as a "Blank Azure Node.js web application", and replaced the resulting package.json and .js files with what I had before, and it publishes fine now
All was working fine for and suddenly got the error! I pretty sure it something in the project as it's now happening on vs2013 and vs2015 on different computers.
Its something to do with Templates after a lot of searching. For me Azure TFS CI got things working again if possible for you?
I had this issue with some projects but not with others, all created in a similar way. So I went thought every change and every setting I could until eventually i worked it out. I didn't want to give up and just remake them.
Basically its file paths, the first thing you notice is that it errors very quickly compared to a usual publish, the first thing that is triggered is a build but unlike heavy framework languages there not really much to actually build.
Like all builds for VS it pops out a bin folder take not of where this appears. This is the key, you want this to appear in the root of your deployment usually at the same level as the publish profile.
Before I moved my projects to VS, TFS and Azure, I used to use git and used the azure push and deployment as part of git, so I instinctively structured my folders in the similar fashion with src folder and all the extra VS baggage in the a directory higher.
This is where I noticed bin folder, so re-structured my solution and made changes to .njsproj (notepad) and moved to be inline with source code and re-added it yo my solution.
Technically speaking this a bug within VS as it allows to create the project and specify different locations which is all fine unless you want to build and publish locally.
Once you get your head around what is going on you should be able to solve this problem easily and not make the same mistake in the future. If anyone is still confused comment and ill grab some screen shots.

retrieve lost code after merge went wrong

So we made a rookie mistake, One of our project team members had forgotten to commit for a couple of weeks, (some of which were vacation) but then when he did commit he did something wrong, most of the code he wrote has been overwritten with what was on the server after trying to resolve all the conflicts automatically.
So is there any way to get the code he used to have on his PC back? because a lot of work has been lost and we can't really afford to make it all again.
So just to clarify, the code which is lost is not on the server, it were his uncommitted changes on his client machine.
We are using the team foundation server and visual studio
Take a look at folder:
C:\Users\%USERNAME%\AppData\Local\Temp\TFSTemp\
In my case, searching by method name, i can recover a mistake merge =)
Nope. Code lost that never made it into source is lost. This is one of the biggest selling points of distributed version control like Git.
If your using Windows 7 or similar check for previous version of the file on his/her computer, right click the file options should be their
If you have not compiled after doing the merge, you can use DotPeek by JetBrains to decompile the assembly and get your code back

Visual Studio 2012 Signing

I would like to have Visual Studio sign my assemblies.
I got past the point where I can specify my PFX file without any complaints. That was not easy, as I had two of errors. Yes, I had to make sure that I used openssl (a stackoverflow article helped with that error) and a microsoft article helped with the first error message, where I had to import the PFX file, clear/set options, and then reexport to not include downstream certificates.
When I go to build a project, I receive the warning:
Option 'keycontainer' overrides attribute 'System.Reflection.AssemblyKeyNameAttribute' given in a source file or added module"
Naturally, my assembly did not get signed.
I did some research and the best suggestion that I saw was to add a line to the project file (did not help) or to sign stuff manually using a post build event, which I am now doing, but I would still like to get the sign tool to work.
I cannot imagine that Microsoft would offer the Singing tab, if the vast majority of developers would not be able to use the feature.
Heck, with the new Visual Studio 2012 Update 1 release, I would have expected that signing assemblies (DLLs or EXEs) would be child's play. The task is anything but.
Thoughts?
Without more information, I can't tell if this will fix your issue. But I'll post the answer that worked for me. In my case, I had converted an old project (pre VS 2012) that had specified signing in the AssemblyInfo.cs file like so...
[assembly: AssemblyDelaySign(false)]
[assembly: AssemblyKeyFile("")]
[assembly: AssemblyKeyName("")]
I usually use the Signing tab in project/properties as you describe. The warning message was essentially saying "Hey, you already told me something different in the source code!"
The solution for me was to remove the above three lines in the AssemblyInfo.cs file.
I realize this is probably way after your original post but I hope someone finds it useful.

Resources