Mono 2.2 has been released. Mono is a really great open source version of .NET and it is finding its way into many platforms that need to support multiplatform code such as Unity3D.
This update brings in some great stuff like routing controllers to use the ASP.NET MVC architecture, csharp inteactive shell and other great performance enhancements to an already speedy C#.
This is a handy list to have. This is the top 25 most dangerous programming errors relating to the web and keeping websites (and user data) safe. Be sure when you are building and using frameworks that you do test or expect these types of behaviors.
The Top 25 is organized into three high-level categories that contain multiple CWE entries.
Insecure Interaction Between Components
These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
- CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
- CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
- CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-362: Race Condition
- CWE-209: Error Message Information Leak
Risky Resource Management
The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.
- CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642: External Control of Critical State Data
- CWE-73: External Control of File Name or Path
- CWE-426: Untrusted Search Path
- CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
- CWE-494: Download of Code Without Integrity Check
- CWE-404: Improper Resource Shutdown or Release
- CWE-665: Improper Initialization
- CWE-682: Incorrect Calculation
Porous Defenses
The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.
- CWE-285: Improper Access Control (Authorization)
- CWE-327: Use of a Broken or Risky Cryptographic Algorithm
- CWE-259: Hard-Coded Password
- CWE-732: Insecure Permission Assignment for Critical Resource
- CWE-330: Use of Insufficiently Random Values
- CWE-250: Execution with Unnecessary Privileges
- CWE-602: Client-Side Enforcement of Server-Side Security
Python 3000, the mythical creature for all future Python cleanup has been released. It is breaking in many cases and will take time for all the great python libraries to be up to date but it is released.
Python 2.6 was released not too long ago as an update adding great stuff like simplejson within python. But Python 3000 might be the release that draws lots of usage and programmers new and veteran.
Mono 2.0 the open source .NET framework has been released. Mono has made it’s way into many great systems by now from websites to even 3d engines such as Unity3D. It is great to have a toolkit that is powerful, has a great language set from C# to Boo and that is available on multiple platforms. From Windows, to *nix to of course Mac OSX built on unix, it all just works.
Having 2.0 solid and complete is a great step to making production apps run off of it.
These compilers are part of the Mono 2.0 release:
Great news! Mono has made it to .NET 3.0 support and this includes some of the latest stuff like LINQ expressions.
I am pleased to announce that Mono C# compiler (gmcs) has now full C# 3.0 support. Most of the features has been available since Mono 1.2.6 release. However, with the upcoming Mono 2.0 release we will also support complex LINQ expressions and mainly expression trees which is fairly overlooked new feature with a lot of potential.
For anyone interested in compiling and running this LukeH’s slightly extreme LINQ example I have good news. It compiles on Mono and it runs as fast as on .NET.
UNIVERSITY OF CALIFORNIA, IRVINE
DISSERTATION
submitted in partial satisfaction of the requirements for the degree of
DOCTOR OF PHILOSOPHY
in Information and Computer Science
by
2000
Dissertation Committee:
Professor Richard N. Taylor, Chair
Professor Mark S. Ackerman
Professor David S. Rosenblum
| [Next] | © Roy Thomas Fielding, 2000. All rights reserved. | [How to reference this work.] |
Lua is a very useful language for many things. Extending core base code with modules and add-ons have made it very useful in game development but since Lua is table-based it can also be easily applied to web development. Well that time has come, See the Kepler Project for a nice collection of modules that make a good start for web development with Lua.
Kepler is an open source platform that brings the power of Lua to web development. There are a number of great Web development platforms out there but none balances portability, size, power and extensibility quite like Kepler does:
Kepler was created by Fábrica Digital and PUC-Rio and is continuously being improved by a core team of commiters (see Dev Team) and lots of contributors (see Credits).
Kepler is free software and uses the MIT license model: it can be used for both academic and commercial purposes at absolutely no cost. See the Kepler License for more details.
Kepler is a platform that uses LuaRocks to offer Modules such as:
The Lua community is constantly contributing with more modules that can be used with the Kepler Architecture. Most of those modules are catalogued on LuaForge and new ones keep coming.
Please check UNIX Installation for a detailed view of how to install Kepler on Unix machines (including OSX).
Installing Kepler on Windows does not require any C compiler and should work on any Windows machine with internet access.
install /SCRIPTS c:\luarocks\0.5.2/SCRIPTS parameter above)luarocks install kepler-xavantesetup-kepler and following the instructionsxavante to run Xavante as a tray bar application, or use ‘xavante_start’ to run Xavante from the command prompt. Another option is to run Kepler using CGIOnce Kepler is running, you might want to look at those pages:
The Kepler 1.1 Unix installer can be downloaded from its downloads page. Check the Installation page for more details and for the Windows installation instructions (using LuaRocks).
If you need the binaries for specifics Modules you can also get them from LuaForge, on the module respective project page.
Finally rest for all that boilerplate in Java. At each turn of lots of Java frameworks you are bombarded with layers. I felt this long ago and see it in the developers eyes that work with Java. Java can be easy, it can be RESTful and it will make you look sharp.
Lightweight REST framework for Java
Do you want to embrace the architecture of the Web and benefit from its simplicity and scalability? Leverage our innovative REST engine and start blending your Web Sites and Web Services into uniform Web Applications!
Java is making things more lightweight now with lots of emerging kits that compete with other web ready platforms like Python, Ruby, .NET, PHP etc. After this many years things get bloated and need to be simplified. I think this will start winning people over in this direction.
If you have ever worked on a massively high trafficked website, you know that cache is very important to keeping the server count down and being a superhero to your database servers. Cache can be bad and overly optimized but when you hit a certain threshold, relational databases, databases that are dimension modelled for data warehouse, and even server resources get exhausted. At that point you have two options, buy more servers, or more likely, cache read data.
Each platform has their own way to do this, but there is a common baseplane way to do caching, yes even in .NET. That is with memcached. Memcached is a very common and useful tool that makes caching data and cache layers in an application something that can be the same on every platform. The benefit of using memcached is it is open, common and it has APIs for nearly every popular web development platform (and can be wired in easily to platforms that don’t have their own cache mechanism). Why write your caching layer specific to a certain platform when you can memcache?
If you write high performance web apps and don’t memcache, I feel bad for your server budget and your late nights when that ad buy hits or something popular on your site becomes all the rave.
An object-oriented Perl module can be found on CPAN as Cache::Memcached or in Subversion (ChangeLog). (GPL/Artistic)
The Perl API takes advantage of the server’s opaque flag support and sets its “complex” flag whenever the object being stored or retrieved isn’t a plain scalar. In that case, the Storable module is used to freeze and thaw the value automatically going in and out of the memcached.
There is also Cache::Memcached::Fast—another Perl client written in C, largely compatible with the original Cache::Memcached. Available on CPAN at http://search.cpan.org/dist/Cache-Memcached-Fast/.
There are tons of PHP libraries available, in different conditions. But it now seems there’s an official one:
The Python client we’d previously released was just a prototype, and we don’t have regular Python programmers on hand. The folks at Tummy.com have took over maintenance. See ftp://ftp.tummy.com/pub/python-memcached/ for the latest versions.
A Java API is maintained by Greg Whalin from Meetup.com. You can find that library here:
An improved Java API maintained by Dustin Sallings is also available. Aggressively optimised, ability to run async, supports binary protocol, etc. See site for details:
There are multiple C# APIs:
Multiple C libraries for memcached exist:
The pgmemcache project allows you to access memcache servers from Postgresql Stored Procedures and Triggers. More details and downloads are available at:
The memcache_engine allows memcache to work as a storage engine to MySQL. This means that you can SELECT/UPDATE/INSERTE/DELETE from it as though it is a table in MySQL.
A set of MySQL UDFs (user defined functions) to work with memcached using libmemcached.
To write a new client, check out the protocol docs. Be aware that the most important part of the client is the hashing across multiple servers, based on the key, or an optional caller-provided hashing value. Feel free to join the mailing list (or mail me directly) for help, inclusion in Subversion, and/or a link to your client from this site.
The best part, they support all good platforms and even Lua, and wisely they left out VB.NET, no worries, VB.NET’ers will never know. Only kidding…
Finally, memcached is distributed, most cache layers included with platforms listed above are in process and per machine. If you are running your code on a webfarm memcached is the only way to go.
*drawlogic *drawcloud