Welcome Guest.   Make a donation to an author on the site November 26, 2014, 03:59:07 AM  *

Please login or register.
Or did you miss your validation email?


Login with username and password (forgot your password?)
Why not become a lifetime supporting member of the site with a one-time donation of any amount? Your donation entitles you to a ton of additional benefits, including access to exclusive discounts and downloads, the ability to enter monthly free software drawings, and a single non-expiring license key for all of our programs.


You must sign up here before you can post and access some areas of the site. Registration is totally free and confidential.
 
Check out and download the GOE 2007 Freeware Challenge productivity tools.
   
  Forum Home Thread Marks Chat! Downloads Search Login Register  
  Show Posts
      View this member's profile 
      donate to someone Donate to this member 
Pages: Prev 1 ... 33 34 35 36 37 [38] 39 40 41 42 43 ... 53 Next
926  Main Area and Open Discussion / Living Room / Re: News Article: Anti-Spam Law Declared Unconstitutional on: September 14, 2008, 05:43:30 PM
One bright spot is that the court struck down the law because it extended to non-commercial speech, but most anti-spam laws apply only to commercial emails:

Quote
the ruling won't have broad repercussions because Virginia is the only state that prohibits noncommercial spam
927  Main Area and Open Discussion / Living Room / Re: News Article: Insecure Cookies Leak Sensitive Information on: September 14, 2008, 05:11:14 PM
On a somewhat related note (cookie stealing), Coding Horror recently did an article about the fact that cookies should be marked "HttpOnly" to prevent being stolen by JavaScript attacks:

http://www.codinghorror.c...blog/archives/001167.html

I wonder how much stuff would break if browsers changed the protocol to make cookies HttpOnly by default (make websites specifically mark them as "OK for JavaScript") and automatically mark cookies the browser gets via HTTPS/SSL with the 'secure bit'.  Let the website specifically indicate that the cookie is not secure instead of the other way around ('secure by default').

I wonder if this is something that can be added to FireFox via plugin (I know nothing about how low-level plugins can get).  It might be interesting to see if web browsing is still usable.
928  Main Area and Open Discussion / Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9 on: September 14, 2008, 05:02:13 PM
In his case it sounds like the term "denial of service" is being used to sensationalize this.  There's no resource or service that's being denied access to - the URL is bogus. Is it an inconvenience? Irritating?

Sure.

But it's just something that crashes a program due to a bug.
929  Main Area and Open Discussion / Living Room / Re: News Article: Insecure Cookies Leak Sensitive Information on: September 14, 2008, 02:21:13 PM
Secure websites are vulnerable to a new man-in-the-middle attack that takes advantage of cookies with the secure bit set.

That should read "takes advantage of cookies without the secure bit set". 

The exploit works by poisoning or otherwise spoofing DNS somehow (the article doesn't mention how CookieMonster does this, and I'm not sure how easy it is to do) and placing images on webpage that claim to come from the target website, but without HTTPS/SSL.  If the secure bit is not set on the authentication cookie, the browser will send it along in cleartext so the attacker gets the cookie.  If the secure bit is set on the authentication cookie, the browser will not send it to the attacker.
930  Main Area and Open Discussion / Living Room / Re: Vuln. Alert: Malformed URLs Crash Acrobat 9 on: September 14, 2008, 02:01:11 PM
I'm at a loss as to how this can be called a "denial of service" vulnerability.  Sure, it's a bug in Acrobat, but from the description all it does is cause it to crash when you open a document with the malformed URL.  What service is being denied?  The ability to open documents that are intended to crash the program?
931  Main Area and Open Discussion / Living Room / Re: Microsoft granted patents for PageUp and PageDn keystrokes! on: September 10, 2008, 03:40:50 PM
Right, patenting a key would be ridiculous, but the way in which the keys operate I see as a legitimate patent, just like the rolly storage bins which were advertised on TV during the late 90's were patented as a "Method of storage". Again, the title of this article misleads and does not actually indicate that it is a matter of HOW the key is utilized and not the ACTUAL key itself.

However, two of the attributes a patent is supposed to have are that it is:

  • novel - something new (ie., no prior art)
  • non-obvious - especially to a skilled practitioner in the area the patent is in

The patent as described by the news article (I admit, I have not read the actual patent itself) does not seem to come close to meeting these attributes.  Early word processors, mainframe applications and even early versions of Adobe Reader had PgUp/PgDn keys behave as described (I personally never found that behavior to be very usable anyway).
932  Main Area and Open Discussion / General Software Discussion / Re: Easy remote access to my home pc? on: September 03, 2008, 06:10:47 PM
Using RDP/Remote Assistance often runs into a problem that Crossloop and logmein solve - NAT routers.  I know that Remote Assistance can work around NAT routers to a certain degree, but it has real problems if both ends have a router between them and the Internet.

I like LogMeIn fine for remote access to my machine, but the free version doesn't work too well for assisting someone else (at least the last time I tried it).

I have not tried Crossloop.

I have used Fog Creek Copilot (https://www.copilot.com/) to provide assistance for some relatives and it worked nicely except that it does not support dual monitor systems very well.  Copilot is free on the weekends or $5 for a 24 hour 'ticket' through the week.  The other nice thing about Copilot is that the person you're assisting doesn't need to be computer savvy - a link gets sent in email (or the URL and/or connection code can be read over the phone if email's not working) and everything else pretty much just works with maybe a few clicks on a 'yes' button in a dialog.

I think that Copilot is built upon VNC, but I'm not sure.
933  Main Area and Open Discussion / Living Room / Re: What the hell is this -- charge me to remove crapware? on: August 31, 2008, 03:55:31 PM
The crapware makers will be happy.

I don't think so - I think that often they actually pay the OEM to get their crap in front of users as a form of advertising for more craptastic versions that the user might pay for.  They want to be on the system out of the box.

To get my point, here're two examples of user experience level I consider as "typical end user":
a.) The Windows XP search assistant is annoying. Can it be disabled?
b.) If I open a avi file i just hear the music in Media Player, but see no video.

I often find myself in situation "b".  I hate the whole Windows video architecture that puts codecs and codec installation front and center.  I don't know anything about video codecs, and I don't *want* to know anything about them.  I just want the damn video to play.
934  Main Area and Open Discussion / Living Room / Re: Insert Char into String - I "Hit the Wall" ...again. on: August 27, 2008, 05:03:46 PM
Dynamic buffer allocation is one of those things I never have figured out so resizing on the fly might take a while (Suggestions I'm open for...).

If you're using C++ I'd strongly consider using the string class (or the similar, but different, MFC/ATL CString class).  Even if you don't use any other aspect of C++ having those classes deal with the buffer management of the string data is an immense help.  And since the classes provide an easy way to get a null terminated, C-style string (using the c_str() method with std::string - don't remember what it is in the CString class) it's easy to have the strings interact with most Win32 and other C-oriented APIs. 

The only time it becomes a problem is when the API wants a buffer that it's going to copy a string into.  Or returns a pointer to a string that you then have to free using some other API function.  For those situations I'll often write a small wrapper that allocates the buffer (and frees it when done), calls the API then packages the result in a string object that gets returned by the wrapper.  There may be an extra heap allocation and a string copy in there, but I think the resulting ease and safety of use is worth it in almost all cases.
935  Main Area and Open Discussion / Living Room / Re: Insert Char into String - I "Hit the Wall" ...again. on: August 27, 2008, 01:06:41 PM
So I'll assume memmove is StringSafe ... Safe (as it are Working).

Uh oh.... my example is not exactly safe.  For simplicity's sake there were a couple things left out that you may want to check:

  • the example I gave does not ensure that there's enough buffer for the memmove() - if the string passed in to the CleanString() function happens to fill its allocated memory exactly, the memmove will overrun the buffer (which is exactly the type of problem that the SafeString routines were intended to prevent).  Since the buffer size is not passed in to CleanString() I'm not sure that you can grow the string in place safely.  You may need to change the CleanString() interface to include the buffer size and change the memmove() call to ensure that the buffer is not overrun and that the resulting expanded string is always null terminated.
  • The memmove() is not Unicode aware.  The CleanString() function you presented is also not Unicode aware, but to make it at least slightly easier to port, the memmove() call should probably look like "memmove( p + 1, p, (_tcslen( p) + 1) * sizeof (*p))"
936  Main Area and Open Discussion / Living Room / Re: Insert Char into String - I "Hit the Wall" ...again. on: August 27, 2008, 10:59:18 AM
The inster() method is part of the C++ string class, so you'd need to include <string>  - not <string.h> which gets you the good, old standard C string functions (which, as you find, are deprecated in MSVC 9 for the most part as being unsafe).  Since you're using raw strings instead of the string class, the insert() method will not be much help unless you're willing to move to using the string class.  That might be a worthwhile thing, but it might be a lot of work.

If you're going to insert a character in a raw string, you'll need to move the characters in the tail end of string (after the insertion point) over one character each.  So before line 10 in your example, you'll need something equivalent to:

Formatted for C++ with the GeSHI Syntax Highlighter [copy or print]
  1. memmove( p + 1, p, strlen( p) + 1)

But you'll need to adjust that bit of code to use the SafeString equivalent to memmove().  Note that you need memmove() semantics - not memcpy() - since the source and destination buffers overlap.
937  Special User Sections / What's the Best? / Re: Anti-Virus Package on: August 23, 2008, 11:10:05 AM
I'm interested in what you might find about Sunbelt VIPRE - I've been meaning to try it out since they released a couple weeks ago, but haven't gotten around to it.

They have a very attractive home license price - $50 for 4 or more PCs.
938  Other Software / Developer's Corner / Re: C++0x: The Dawning of a New Standard on: August 22, 2008, 03:48:32 PM
Also C++0x will standardize shared_ptr<> which can make managing the lifetime of dynamically allocated objects pretty much as easy to manage as in garbage collected environments like .NET or Java.

shared_ptr's are seriously nice. 

shared_ptrs<> are already available as part of TR1 (which is now in MSVC 9/VS 2008  if you get SP1) or part of Boost.
939  Other Software / Developer's Corner / Re: C++0x: The Dawning of a New Standard on: August 22, 2008, 01:40:36 PM
I wonder why nullptr is necessary, '0' is clean enough in source code? (but perhaps this is template-magic related).

Regular old overloading and plain old readability.

I like nullptr.  The rationale from the nullptr proposal (http://www.open-std.org/j...ocs/papers/2004/n1601.pdf):

  • Distinguishing between null and zero. The null pointer and an integer 0 cannot be distinguished well for overload resolution. For example, given two overloaded functions f(int) and f(char*), the call f(0) unambiguously resolves to f(int).1 There is no way to write a call to f(char*) with a null pointer value without writing an explicit cast (i.e., f((char*)0)) or using a named variable.
  • Naming null. Further, programmers have often requested that the null pointer constant have a name (rather than just 0). This is one reason why the macro NULL exists, although that macro is insufficient. (If the null pointer constant had a type-safe name, this would also solve the previous problem as it could be distinguished from the integer 0 for overload resolution and some error detection.)
940  Main Area and Open Discussion / Living Room / Re: Trialpay on: August 19, 2008, 05:14:08 PM
Here's a somewhat old list of TrialPay offers (probably not comprehensive): http://maggiewang.com/200...lpay-free-software-offers

The comments include additional info and at least one pointer to another list.

I've used TrialPay a couple times, and I'd use it again if I found a set of deals I wanted - but it's still a buyer beware situation.  A few comments:

  • look for eBay offers - at least once they had an offer where all you had to do was make a bid - you didn't even have to win the item;
  • use it only when the trial you're paying for is something you'd purchase without the software (or pretty close to it);
  • realize that you might pay more for the thing you're buying on TrialPay than if you bought directly though the vendor's site.  In this case you're essentially paying for the 'free' software by paying more for whatever you're buying on TrialPay, so the 'free' software might not be that much of a bargain.  I know this is true for some or all of the flower offers;
941  Other Software / Found Deals and Discounts / Re: BeyondSync $10 on: August 19, 2008, 10:26:00 AM
I was going to post that there was one comment on BDJ that appeared to indicate the program was less than promising, but looking today there are a few update comments that show a surprising level of support:

http://www.bitsdujour.com...are/beyond-sync/#comments

I don't have much need for another sync program so I wasn't going to evaluate it, but the words about the realtime sync sound interesting.
942  Other Software / Found Deals and Discounts / Re: Take Command v9 New $20 off, Upgrade $10 off,TC/LE $10 off on: August 18, 2008, 04:01:03 PM
PS What happened to the jpsoft newsgroup? I used to read it in my newsreader and then it just disappeared about a month ago?

Apparently they switched to using a web forum.  I'm surprised they wouldn't have made some sort of announcement post to the newsgroup then left the server up in a read-only mode (can that be done with NNTP?).  I don't follow the newsgroup/forum regularly, so for me this is a major improvement - the web interface to the newsgroup was awful.  However, I can understand that  using NNTP for regulars would be far better than having to track a website (RSS might help - I think I'd use something like WebsiteWatcher).
943  Other Software / Found Deals and Discounts / Re: Take Command v9 New $20 off, Upgrade $10 off,TC/LE $10 off on: August 18, 2008, 01:04:19 PM
Just an update: on my new Vista notebook with 3GB RAM, Take Command Console 9 opens INSTANTLY. There's obviously something wrong with my XP machine (on which it takes upwards of 10 seconds to open). Strange...
The slow load of TCMD seems to be related to it populating the folders windows (whether you have it displayed or not).  It can get bogged down on network shares and/or accessing floppy drives:

http://jpsoft.com/forums/...&mode=linear#post1587

I'm seeing the long startup as well, but I haven't tried the workarounds suggested yet (changing the startup folder or disabling floppy drives).  The problem doesn't bother me too much as I start it up once then use that instance for all (or most) of my console windows.

But I do hope they take the suggestion of one forum post and make the folder window initialization a background task.
944  Main Area and Open Discussion / Living Room / Re: Numeric Format Strings in C++ on: August 16, 2008, 06:21:45 PM
Does stringstream allow for (inherantly) secure buffer handling? That's why I'm using the StringCbXxxx(...) series of functions. They do automatic buffer checking to prevent over-runs ... and will even flag you at compile time if something has potential of going poof!

The stringstream class is similar to the std::string class or the MFC/ATL CString class in that all of the buffer management is handled by the class, so there's no chance of a buffer overflow (unless you go out of your way to do evil things to the object).  If you're using C++, these classes are definitely the way to go over raw  C "char *" strings whenever possible. 
945  Main Area and Open Discussion / Living Room / Re: Numeric Format Strings in C++ on: August 16, 2008, 11:59:57 AM
What Mouser said about using float/doubles for currency.

As far as some of the other things you brought up:

  • I'm not sure exactly how %n is used to perform thousands grouping, but the reason it's deprecated (generally shouldn't be used) is that it's easy to introduce bugs that trash the stack which can lead to security errors.
  • As far as using streams in GUI applications, you are right that "cout" is something that is pretty much not usable, but you can use stringstreams where the formatted output gets put into a string variable instead of getting sent to stdout (sort of like the difference between printf() and sprintf()).  See the end of this post for my sample modified to use stringstreams.
  • I wasn't aware of GetCurrencyFormat() - that looks to be a pretty good solution. I think I would probably write a wrapper for it that took an int value in cents (or whatever lowest denominator currency you're using) so floats could be avoided, formatted a string with the decimal point in the right place then sent that string off to GetCurrencyFormat() to do the rest of the work.

Just for reference, here's the sample using stringstreams (though I think a GetCurrencyFormat() wrapper is the way I'd go):

Formatted for C++ with the GeSHI Syntax Highlighter [copy or print]
  1. #include <locale>
  2. #include <sstream>
  3. #include <string>
  4. #include <stdio.h>
  5.  
  6. using namespace std;
  7.  
  8. int main()
  9. {
  10.    stringstream formatted_string;
  11.  
  12.    locale loc( ""); // user's locale
  13.    locale prev_loc( formatted_string.imbue( loc)); // set stream's new locale and remember the origial ("global") locale
  14.  
  15.    int dollars = 4561254;
  16.    int cents = 75;
  17.  
  18.  
  19.    formatted_string << dollars << "." << cents << endl;
  20.  
  21.    printf( "%s\n", formatted_string.str().c_str());
  22.  
  23.    formatted_string.imbue( prev_loc);
  24.  
  25.    return 0;
  26. }
946  Main Area and Open Discussion / General Software Discussion / Re: Which free burning software can you recommend? on: August 16, 2008, 01:23:55 AM
I have bought ashampoo burning studio 8 for only 10$! so I can call it for free Wink And I am very satisfied with it.
the link is here:
http://r.ashampoo.com/r.php?id=15958&ri=y9pe

I second that! Sometimes they give away an older version too!  Thmbsup

Ashampoo Burning Studio 6 is now always free at download.com:  http://www.download.com/A...3000-2646_4-10776287.html
947  DonationCoder.com Software / Post New Requests Here / Re: IDEA: Remote Destop, Keyboard & Mouse ONLY - Without Video/Graphics? on: August 16, 2008, 12:15:08 AM
Kartal just mentioned one (Input Director) favorably in another thread: http://www.donationcoder....14277.msg124642#msg124642

Another couple that I'm aware of are:

Synergy http://synergy2.sourceforge.net/
MaxiVista ($30) http://www.maxivista.com/
948  Main Area and Open Discussion / Living Room / Re: Numeric Format Strings in C++ on: August 15, 2008, 11:59:12 PM
If you're using streams (cout, stringstream, etc.) to perform the I/O or formatting, what you want to do is call the stream's imbue() method with the proper locale.

As an aside - you should never use floats or doubles to deal with monetary amounts, of course...

Something like:

Formatted for C++ with the GeSHI Syntax Highlighter [copy or print]
  1. #include <locale>
  2. #include <iostream>
  3.  
  4. using namespace std;
  5.  
  6. int main()
  7. {
  8.    locale loc( ""); // user's locale
  9.    locale prev_loc( cout.imbue( loc)); // set stream's new locale and remember the origial ("global") locale
  10.  
  11.    int dollars = 4561254;
  12.    int cents = 75;
  13.  
  14.    cout << dollars << "." << cents << endl;
  15.  
  16.    cout.imbue( prev_loc);
  17.  
  18.  
  19.    return 0;
  20. }

If you're not using streams (maybe you're a fan of printf-like formatting) then you might try adding the ' (single quote) character to the flags in the format specifier.  Some implementations take that to mean that the output should use thousands separators (Microsoft's compiler does not support this).

If the compiler you're using does not support that extension, the open source Trio library might be an option for you if you want to go this route, since it does support it:

http://daniel.haxx.se/projects/trio/

949  Main Area and Open Discussion / General Software Discussion / Re: Any virtual printer for .doc or .rtf? on: August 14, 2008, 09:05:19 PM
I think that your suspicion that it's the web site (or the browser) that's pacing objects on the page in a manner that you don't like instead of the virtual PDF printer is correct.

But, if you have MS Office installed you'll have a "Microsoft XPS Document Writer" and/or a "Microsoft Office Document Image Writer" that may handle things better than your PDF virtual printer.  Or you can get the XPS Writer and Viewer from http://www.microsoft.com/whdc/xps/viewxps.mspx.

I guess XPS is Microsoft's attempt to out-do Adobe's PDF.  I'm not sure they are being very successful.
950  Main Area and Open Discussion / General Software Discussion / Re: BeyondCompare 3 Released on: August 07, 2008, 07:34:22 PM
I should have mentioned that when I first tried the explorer integration BC2 started up, but I went into the options and fiddled around (turned them off then back on or something), then the explorer menus opened up BC3.

I suppose that the install doesn't override the existing shell registration (this might or might not be intentional or a bug), but hitting OK in the options dialog forces the issue.
Pages: Prev 1 ... 33 34 35 36 37 [38] 39 40 41 42 43 ... 53 Next
DonationCoder.com | About Us
DonationCoder.com Forum | Powered by SMF
[ Page time: 0.077s | Server load: 0.11 ]