Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 8 years ago.
Improve this question
I haven't visited haskell.org for a while. When I did the other day, I discovered that a company called FPComplete have started offering a number of rather interesting Haskell services. However, there doesn't seem to be much documentation anywhere, and I'm a little bit confused...
If you go in through the "front door", you're required to create a user account before you can do anything. But sometimes you can click on example code and instantly start editing and running it - seemingly without requiring any kind of account. So is an account required or not? Is there some way I can just try stuff out without going to all the trouble of setting up an account?
Also, if I "start a project", is it public by default, or is it private? If I close my browser window, does it go away? Or does it stay in existence forever? If I don't actually want the project anymore, can I delete it somehow?
I'm also a little confused as to the difference between "FP Haskell Center" and "School of Haskell"...
School of Haskell is a community-driven set of Haskell tutorials and articles with "live" code snippets embedded into them.
FP Haskell Center is a cloud IDE for Haskell with full-featured editor, git integration and so on.
After registration you can create both tutorials for School of Haskell and your own projects, which can be private. IDE projects are persistent, until you manually delete them.
What makes you think you are required to create an account if you go through the front door? Yes, creating an account is the biggest thing on the page, but if you just ignore than and go into the alternatives in the lower half, you can create projects, etc, without going through the process of creating an account.
That will automatically create a temporary account. You can turn it into a permanent account by going through the registration process. That requires validating an email address. A google+ or Persona login will do, or you can go through the "here's my address - get email - click validation link" dance.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
"My team lead just gave me a task to study about Coded UI, then create a program afterwards. He told me to focus on the 'code' rather than 'record'. Honestly, I don't have an idea or background about it. What's on Microsoft's website is too technical for me. Please give me a more simple idea on what it is all about. :) Thanks in advance! ---Intern Here!"
To everyone:
Sorry for asking a question which is too broad. My account is currently unable to ask questions.
Now, I have better knowledge in Coded UI, thanks to Google. I humbly admit my mistakes. Lesson learned: Google first. Thanks guys.
Coded UI is part of the testing (quality assurance) aspect of Microsoft's software development life-cycle strategy. Coded UI tests are typically created and used by quality assurance folks to verify that code meets the business' requirements. Sometimes they share these tests with developers so developers can better repeat and understand the bugs the tests locate.
Coded UI tests themselves are basically a way of creating an automated test that tests user interface functionality. So for example, you could record navigating to a certain page in the company's application, login and then go to some page where a bug can be be made to happen. Then you could play back that actual 'recording' as many times as you want to see if the bug was fixed. There some other tools that automate stuff like this such as watir. Watir is not a test though to be clear. Just a way of automating browser strokes (and recording them).
Lastly, your team lead says code rather than record. When recording a UI test you actually do it as described above. You click record, go through the steps and then when done click stop. You can also create an automated UI test (also known as Coded UI test) using just code. You can ALSO record a coded UI test I believe and then edit it in code mode.
FORGOT to mention: You can add assertions as a part of your test (much like other forms of code testing). This means you could say that the profile should not allow a box to contain a certain value under certain conditions and the test should fail if this is allowed when the test is run.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Anyone can explain about this question ?
If the actors who will be using the applications are not determined before
the creation of application, which of the following will happen? Select any
two choices.
a. We will be unable to create reports and dashboards
b. Unauthorized users can access sensitive data
c. There will be no room for scaling the application to large users
Thanks,
I don't think this question is one StackOverflows' rules would consider good. Did you copy it from some certification exam maybe? ;) It's not exactly programming problem-related.
I'll flag it for mods but also try to attack it :P
An app is not much in SF world. Set of (default) tabs, that's it. If an user has no access to app that mentions tab XYZ it doesn't mean he can't access the tab from "all tabs" menu. The more important thing is the security setting on the object that says:
tab hidden - meaning user with this profile is not even aware such object exists in the database, even if he has "Read" permission ticked
default off - accessible in "all tabs" menu
default on - visible by default in given app if said app is selected
a. We will be unable to create reports and dashboards
No. Sysadmin will be able to see all data (and thus create reports) even if none of the apps includes this tab. What they talk about in this answer is controlled by object's "allow reports" checkbox (and if it's not ticked even being a sysadmin cannot help you). Normal users won't be able to make reports/run exisitng ones on given objects without having at least "Default off" + "Read" permission on the object in their Profiles.
b. Unauthorized users can access sensitive data
Yes? I can imagine this happening - you don't know which Profiles should access given object, you give Read access to all users, funny things happen. But then - by default nobody can see the data except people with "View all/Modify all" (like SysAdmins) so it's a bit weird answer. You'd have to explicitly go to each Profile and enable access...
c. There will be no room for scaling the application to large users
I don't understand this answer so I'm going to go with "no, bullshit" :D You can always grant access to given app (or object) per profile or even permission set if you have to, I don't see how this can become an issue...
d.
I'm missing 1 more answer, are you sure you copied complete question? I've never seen a SF exam question with less than 4 answers...
Disclaimer: I've never seen similar question on my exam or any practice exams. I've passed 201, 401 and 501 tests.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm in the process of opening up a company that will eventually hire 2-5 developers to work on a large web app.
My main concern is that one or more developers could steal the code. I could make them sign contracts against this type of thing, but I live in a country where the law is "bendable".
Is my only option to lock them up in a room without inet access and usb ports?
I'd love to know how others have solved this problem.
Don't hire people you can't trust.
Break the app into sections and only let people work on a subset of the app, never getting access to the whole thing.
Make it worth their while - you're opening a company, hire people and give them some stock options. Make sure it's more attractive for them to make you succeed than otherwise.
How about keeping them all happy and show that you appreciate their work?
You may find that you think your source code is the valuable part of your business, but you can always build that again. Your real advantage over your competitors is usually in the people you hire, and in the business relationships that you establish in the course of naturally doing business.
My suggestion is not technical but social: Make them feel good.
Most human beings have a moral base that prevents them from hurting other people who have treated them with respect and generosity.
There's a slim chance you'll wind up hiring a psychopath, in which case this approach won't work -- but then, it's likely to be the least of your worries.
The only thing that occures to me is to make them sign a contract where you explicit that if they share any code outside the project ambient, they'll compromise to pay you a large amount of money. But there's no guarantee they'll not do it anyway ..
You can create a vitual environment (a virtual machine) with limited internet connection (only to specific servers - git/svn server, database server, etc) and no copy/paste possibilities.
This virtual machine would be a standard environment with common developer tools.
At the office a developer would remotely connect to the virtual machine and start developing without being able to steal the code.
Of course he could print the screen or type the code on another computer but it's still very hard to steal.
There are many encrypting softwares available to encrypt the code. Here is an example http://www.codeeclipse.com/step1.php
In other words you can hide the code of one developer(one module) from the other developer and he will not be able to take the whole code himself in any case if you follow this approach.
Thanks
Sunny
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
What's the best way to close the loop and have a desktop app "call home" with customer feedback? Right now our code will login to our SMTP server and send me some email.
The site GetSatisfaction has been an increasingly popular way to get customer feedback.
http://getsatisfaction.com/
GetSatisfaction is a community based site that builds a community around your application. Users can post questions, comments, and feedback about and application and get answers to their questions either from other members or from members of the development team themselves.
They also have an API so you can incorporate GetSatifaction into your app, and/or your site.
I've been playing with it for a couple of weeks and it is pretty cool. Kind of like stackoverflow, but for customer feedback.
Feedback from users and programmers simply is one of the most important points of development in my opinion. The whole web2.0 - beta - concept more or less is build around this concept and therefore there should be absolutely no pain involved whatsoever for the user. What does it have to do with your question? I think quite a bit. If you provide a feedback option, make it visible in your application, but don't annoy the user (like MS sometimes does with there feedback thingy on there website above all elements!!). Place it somewhere directly! visible, but discreet. What about a separate menu entry? Some leftover space in the statusbar? Put it there so it is accessible all the time. Why? People really liking your product or who are REALLY annoyed about something will probably find your feedback option in any case, but you will miss the small things. Imagine a user unsure about the value of his input "should I really write him?". This one will probably will not make the afford in searching and in the end these small things make a really outstanding product, don't they? OK, the user found your feedback form, but how should it look and what's next? Keep it simple and don't ask him dozens questions and provoke him with check- and radioboxes. Give him two input fields, one for a title and one for a long description. Not more and not less. Maybe a small text shortly giving him some info what might be useful (OS, program version etc., maybe his email), but leave all this up to him. How to get the message to you and how to show the user that his input counts? In most cases this is simple. Like levand suggested use http and post the comment on a private area on your site and provide a link to his input. After revisiting his input, make it public and accessible for all (if possible). There he can see your response and that you really care etc.. Why not use the mail approach? What about a firewall preventing him to access your site? Duo to spam in quite some modern routers these ports are by default closed and you certainly will not get any response from workers in bigger companies, however port 80 or 443 is often open... (maybe you should check, if the current browser have a proxy installed and use this one..). Although I haven't used GetSatisfaction yet, I somewhat disagree with Nick Hadded, because you don't want third parties to have access to possible private and confidential data. Additionally you want "one face to the customer" and don't want to open up your customers base to someone else. There is SOO much more to tell, but I don't want to get banned for tattling .. haha! THX for caring about the user! :)
You might be interested in UseResponse, open-source (yet not free) hosted customer feedback / idea gathering solution that will be released in December, 2001.
It should run on majority of PHP hosting environments (including shared ones) and according to it's authors it's absorbed only the best features of it's competitors (mentioned in other answers) while will have little-to-none flaws of these.
You could also have the application send a POST http request directly to a URL on your server.
What my friend we are forgetting here is that, does having a mere form on your website enough to convince the users how much effort a Company puts in to act on that precious feedback.
A users' note to a company is a true image about the product or service that they offer. In Web 2.0 culture, people feel proud of being part of continuous development strategy always preached by almost all companies nowadays.
A community engagement platform is the need of the hour & an entry point on ur website that gains enuf traction from visitors to start talking what they feel will leave no stone unturned in getting those precious feedback. Thats where products like GetSatisfaction, UserRules or Zendesk comes in.
A company's active community that involves unimagined ideas, unresolved issues and ofcourse testimonials conveys the better development strategy of the product or service they offer.
Personally, I would also POST the information. However, I would send it to a PHP script that would then insert it into a mySQL database. This way, your data can be pre-sorted and pre-categorized for analysis later. It also gives you the potential to track multiple entries by single users.
There's quite a few options. This site makes the following suggestions
http://www.suggestionbox.com/
http://www.kampyle.com/
http://getsatisfaction.com/
http://www.feedbackify.com/
http://uservoice.com/
http://userecho.com/
http://www.opinionlab.com/content/
http://ideascale.com/
http://sparkbin.net/
http://www.gri.pe/
http://www.dialogcentral.com/
http://websitechat.net/en/
http://www.anymeeting.com/
http://www.facebook.com/
I would recommend just using pre built systems. Saves you the hassle.
Get an Insight is good: http://getaninsight.com/
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
Regarding Agile development, what are the best practices for testing security per release?
If it is a monthly release, are there shops doing pen-tests every month?
What's your application domain? It depends.
Since you used the word "Agile", I'm guessing it's a web app. I have a nice easy answer for you.
Go buy a copy of Burp Suite (it's the #1 Google result for "burp" --- a sure endorsement!); it'll cost you 99EU, or ~$180USD, or $98 Obama Dollars if you wait until November.
Burp works as a web proxy. You browse through your web app using Firefox or IE or whatever, and it collects all the hits you generate. These hits get fed to a feature called "Intruder", which is a web fuzzer. Intruder will figure out all the parameters you provide to each one of your query handlers. It will then try crazy values for each parameter, including SQL, filesystem, and HTML metacharacters. On a typical complex form post, this is going to generate about 1500 hits, which you'll look through to identify scary --- or, more importantly in an Agile context, new --- error responses.
Fuzzing every query handler in your web app at each release iteration is the #1 thing you can do to improve application security without instituting a formal "SDLC" and adding headcount. Beyond that, review your code for the major web app security hot spots:
Use only parameterized prepared SQL statements; don't ever simply concatenate strings and feed them to your database handle.
Filter all inputs to a white list of known good characters (alnum, basic punctuation), and, more importantly, output filter data from your query results to "neutralize" HTML metacharacters to HTML entities (quot, lt, gt, etc).
Use long random hard-to-guess identifiers anywhere you're currently using simple integer row IDs in query parameters, and make sure user X can't see user Y's data just by guessing those identifiers.
Test every query handler in your application to ensure that they function only when a valid, logged-on session cookie is presented.
Turn on the XSRF protection in your web stack, which will generate hidden form token parameters on all your rendered forms, to prevent attackers from creating malicious links that will submit forms for unsuspecting users.
Use bcrypt --- and nothing else --- to store hashed passwords.
I'm no expert on Agile development, but I would imagine that integrating some basic automated pen-test software into your build cycle would be a good start. I have seen several software packages out there that will do basic testing and are well suited for automation.
I'm not a security expert, but I think the most important fact you should be aware of, before testing security, is what you are trying to protect. Only if you know what you are trying to protect, you can do a proper analysis of your security measures and only then you can start testing those implemented measures.
Very abstract, I know. However, I think it should be the first step of every security audit.
Unit testing, Defense Programming and lots of logs
Unit testing
Make sure you unit test as early as possible (e.g. the password should be encrypted before sending, the SSL tunnel is working, etc). This would prevent your programmers from accidentally making the program insecure.
Defense Programming
I personally call this the Paranoid Programming but Wikipedia is never wrong (sarcasm). Basically, you add tests to your functions that checks all the inputs:
is the user's cookies valid?
is he still currently logged in?
are the function's parameters protected against SQL injection? (even though you know that the input are generated by your own functions, you will test anyway)
Logging
Log everything like crazy. Its easier to remove logs then to add them. A user have logged in? Log it. A user found a 404? Log it. The admin edited/deleted a post? Log it. Someone was able to access a restricted page? Log it.
Don't be surprised if your log file reaches 15+ Mb during your development phase. During beta, you can decide which logs to remove. If you want, you can add a flag to decide when a certain event is logged.