As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I'll be writing an XMPP (Jabber) bot, and I need to decide in which language should I write it. Currently I'm considering Python, Java, and PHP.
Since I'm expecting the bot to be running most of the time (i.e. 23.5/7), are there some specific arguments for or against using one of these languages? (e.g. not "$x sucks", but "$y has good daemon library" or "$z leaks memory")
The bot's purpose will mostly be responding to user input.
If none of these languages seem suitable to you, what would you recommend?
I would say Python with the Twisted framework. Twisted is amazing framework for asynchronous networking and most of the time it already has the support for the protocol you are looking for. There's a slight learning curve because of the reactor pattern but once overcome you can do amazing things with the littlest amount of code. As for the IRC protocol twisted already has it, so while I'm not an expert on IRC bots, I would definitely recommend Python and Twisted.
BTW, this is the first one that came up with google: Python IRC bot using Twisted
If you want to service for multiple users at the same time(probably you want), PHP may not be a good choice, since it does not support(or experimentally support) threading, you have to fork a copy of your application for each user.
I recommend Java for this purpose. Sun describes Java as "simple, object-oriented, distributed, interpreted, robust, secure, architecture neutral, portable, high-performance, multithreaded, and dynamic.".
In my opinion with exception of time critical jobs Java best suits for client-server architecture.
Of the options you posted, I would have to suggest Java. PHP, for one, simply isn't going to do what you want it to; it's meant to be a web scripting language, not an anything-else scripting language. Python is capable of doing what you want, but I think Java will provide more out-of-the-box support for the functionality you're trying to achieve.
Personally I'd start with the ejabberd codebase and work from there -- for a headless network server agent, Erlang would be the language/platform I'd reach for first, unless there were compelling arguments for another technology. Immutable data and actor-based concurrency pushes all the normal housekeeping code down into the platform, leaving you free to concentrate on the bits that are really what your app is about.
Wrote some years ago bot for IRC using delphi. It is much better than interpreter languages - eats less memory, works much faster, and you can be sure that it will have great reserve of speed if you will need add more and more features in future - parsing users phrases, process them. For example my bot particularly logged all chat and performed quick search by user request (user just wrote !search word/phrase - bot performed search and sent to user results as short quotations, so user could select one of quotations and get more posts around it from log). It is almost unimplementable using for example php because it is too slow.
If bot is proposed to work under *nix - just use c/c++ :)
If you want to use only languages enumerated in your post - then only Java to my mind. Read above why.
Python Jabberbot
This is a fairly easy way to create a jabberbot with python.
Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
Recently I made the switch from windows to linux (arch). As a student majoring computer science I have quite some programming experience (mainly java so not really platform dependant).
Now I want to create some simple desktop applications for my linux machine. For some small projects I made for personal use on windows I used C#.net. Now I want to do something similar in linux.
I did some research and I guess my main toolkit choices for GUIs are QT and GTK but since I'm using GNOME I'm guessing the best choice is GTK?
What are some good options to get started with?
PS: Something I had in mind for a first little project was a simple download manager, basically a GUI on top of wget since I couldn't really find one that I liked.
(I could use java on linux too but I'd prefer something more "native")
Well if you want something fast and easy I'd recommand the use of Qt, since it comes with a graphical editor
C++ is really powerful and you can do a lot of crazy stuff, but you also have to write a lot and scratch your head sometimes. A really good alternative is Python to get things running faster. Qt has binding for Python too, Pyside and PyQt
In most modern Linux distributions, it is trivially easy to install and maintain the entire Qt tool chain. Coming from C#, you are also more likely to find C++ a bit more familiar.
On the other hand, your proposed project might be a bit more instructive should you decide to go the C/GTK route. After all, wget is written in C, and, being Open Source, is freely available to incorporate into your projects. To learn good programming, IMHO, it is more important to expose yourself to code that's stood the test of time and is being actively maintained than to fool around with desktop decorations. Heck, if you discover something interesting, you can drop an email to Hrvoje Niksic himself. Now there is a feature that's not available even with the $5,000 Vis Studio Premium.
Also, both Qt and GTK have great UI designers, so that really shouldn't influence your choice. So, really my answer would be, why not try both?
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I know node.js can build web apps that run super fast, but I just can't find enough info about how it would perform in a magazine or news style website. I know some CMS's like Joomla or Drupal (or even wordpress) are very good at it, but as the number of users grow, I'm seeing some performance issues. Naturally, the web server count but as I want to host it in the cloud, I guess working with node and just create a simple CMS based on it would suit the needs for a better user experience once many users can log in and do their social stuff parallel to the main side of the site that is just a news and reviews site. Does any node.js coder knows about it?
Agree that this is rather subjective, but that said having some experience with node I don't know that there is any particular advantage to using it in this instance. I think frameworks like Django (Python) and Rails (Ruby) are more or less built to accomodate this type of use-case and assuming you have PHP experience but not a lot of node experience, would likely be easier for you to build and deploy a working CMS with very quickly.
Based on what you've described I don't know that any of the advantages of using node will be particularly relevant, and it's unlikely that using node instead of any other modern framework and web server will have a huge impact on your site's performance.
I think this question is quite subjective, as the performance of any application written using modern and maintained languages will depend mostly on the skills of the developer(s), and if your website reaches a certain scale it will not depend only on the language but also on the architecture of your distributed system.
Some of the usual strengths of node are that it is event driven, single language for front-end, back-end thus developer integration should be easier. It's event-driven model gives it a nice and easy(subjective!) way to write and understand (for new devs) applications that make heavy use of concurrent operations such as data-intensive operation across distributed systems.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
Benchmark
Hacker News Discussion
Hacker News Discussion 2
It's not like Node.js is even really dominant today (except in the Hacker News community of course), it hasn't even had a 1.0 release yet. Funny to be speculating on what might replace it already :)
Performance is nice (though micro-benchmarks are not the right way to judge that) but if that was the only thing that mattered we would all be writing custom web servers in C for every app. One of the other important things is the community support, which Node.js definitely has going for it at the moment. It has a very healthy open source (this being the key) community that has created a large library of tools.
I think Vert.x is interesting and has a different way of looking at things than Node.js which is great. If they are able to continue to make progress, get more people interested in it, and show that it is easier and faster to write web apps then who knows? Maybe in a few years we can have a discussion on what is going to threaten Vert.x's future.
There are some interesting things brought up by this micro-benchmark that may be worth addressing in Node, but it's very important to remember that nobody doing 100's of millions of hits per day (which these benchmarks show) does so on one machine. They do it on many machines.
There are certain levels where faster languages make a difference (see for example Twitter migrating their backend from Ruby to Java), but it's VERY rare to get to that position.
Most people need a language that is clean and easy to program in, and a good ecosystem.
Vert.x has no ecosystem to speak of. If you want a JVM based system you can get plenty of options there. If you want a Javascript based system the best option right now is Node.js. It's that simple.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks)
Is cfqueryparam enough?
I use a modified portcullis, and filter all incoming var scopes (URL,FORM,COOKIE) onRequestStart.
http://portcullis.riaforge.org/
Pete Freitag has an awesome blog, especially this post on Hardening ColdFusion
Never trust the client.
The most ColdFusion specific "set and forget" is following server administrator hardening guidelines noted above, keeping the server up-to-date, and following ColdFusion on twitter to learn about any new issues immediately.
For app security, which is common across all languages, you should validate every piece of information that touches your server from the client. Forms are are obvious areas of tight control, but don't forget about URL parameters that you might use for application state management or control. Something like &startRow=10&tag=security which isn't "supposed" to be touched by the user is user input. Even if your application could never break with invalid data, you might not know how that data will be used in the future. Validation could be as simple as ensuring that someone isn't entering a 100 character long first name and doesn't contain programming characters or ensuring that &startRow is always a number. These are the little things that application developers sometimes skip because everything works OK as long as you are using the software as expected.
I believe you can look at the Sony Playstation hacking as an example. Unfortunately, they didn't expect someone to hack the client (playstation console) and manipulate the PlayStation console software to hack the server. The server trusted the client.
Never trust the client.
I would say best practices for ColdFusion are similar to those for programming web applications in any language.
I recently read Essential PHP Security Chris Shiflett and the majority of issues discussed affect ColdFusion as well, though the syntax for dealing with them may be slightly different. I expect there are other (possibly better) language agnostic books which contain principles which can easily be altered for use in ColdFusion.
Although using a prebuilt solution will work, I recommend knowing all the possible issues that must be protected. Check out Hack Proofing ColdFusion at Amazon.
Another great place to learn about security (and all kinds of other topics) is to check out Charlie Arehart's massive list of recorded user group presentations: http://www.carehart.org/ugtv/
Here is information on a good tool that can be used to prevent XSS.
https://www.owasp.org/index.php/Category:OWASP_AntiSamy_Project
http://www.petefreitag.com/item/760.cfm
Fairly easy to implement and Java based.
I recommend you the excellent talk by Justin McLean "ColdFusion Security and
Risk Management". It includes a case study.
PDF presentation http://cdn.classsoftware.com/talks/CFMeetupSecurity.pdf
Video streaming: http://experts.adobeconnect.com/p22718297
CfQueryParam is very important, but not nearly enough.
There is a boxed solution we use at my work: http://foundeo.com/security/. It covers most of the bases. And even if you don't want to buy it, you can take a look at it's feature set and get an idea of the things you should be considering.
You may like to check -
http://help.adobe.com/en_US/ColdFusion/10.0/Developing/WSe61e35da8d3185183e145c0d1353e31f559-8000.html
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 11 years ago.
I want to learn more about sandboxing. Not just about it. I want to learn such that I will be able to write a simple sandbox.
Surprisingly, there isn't any information available anywhere. Even the Wikipedia article is not good.
Can any one please suggest me good material. I know that its very advanced level concept. So, what are the prerequisites for learning & mastering it.
read about API hooking, for example sandboxie hooks Windows kernel to filter all api calls to filesystem and redirects it results to sandbox, you could hook APIs and filter it, pass only valid parameters, return errors for invalid calls
for API hooking you will find plenty materials on the net, try on codeproject.com
Google's Chromium uses sandboxing and has several documents about it:
http://dev.chromium.org/developers/design-documents/sandbox
http://code.google.com/p/chromium/wiki/LinuxSandboxing
You might also look at jails in FreeBSD. These are the FreeBSD equivalent of sandboxes.
The source code for jail is available (though you'll have to understand the rest of the FreeBSD code as well.)
A simple sandbox would simply be an environment in which you let 'something' execute, but restrict what it can do.
Typically, this "something" is an already-existing language, like Java, or JavaScript, or C#, or native code. Java has 'sandboxing' apis for applets and so on, and .NET has various 'trust' levels, JavaScript has the bounds placed on it by the interpreters (browsers).
So it's a little weird to "write" your own sandbox unless you also have a language you want to sandbox.
Do you have such a language? What do you want to learn about, specifically?
This is very dependent on what do you want to sandbox. If it is a full-blown system with multiple interfaces/languages available, you really do not want to re-invent the wheel, but run a virtual machine in VirtualBox, QEmu or some other alternative
In any case, a sandbox IS, at least on some level a virtualization of the system you are 'supposed to be' running...
If you need to sandbox applications for a single (interpreted) language, modifying the interpreter sound like a sensible approach.
The answer will likely be language specific. Unfortunately most languages don't have built-in sandboxing capabilities. But functional languages tend to be powerful enough that one can be built from scratch without extending the language.
In Tcl the basic mechanism is to create slave interpreters:
interp create -safe sandbox
interp eval sandbox $set_up_code
set result [interp eval sandbox $unsafe_code]
I wrote an overview of the ways of sandboxing within Linux the other day, which links to a lot of references for the different techniques. Similar methods are applicable in other operating systems. I hope it is helpful - I couldn't find much comprehensively documented either.