Mono 2.2 has been released.  Mono is a really great open source version of .NET and it is finding its way into many platforms that need to support multiplatform code such as Unity3D. 

This update brings in some great stuff like routing controllers to use the ASP.NET MVC architecture, csharp inteactive shell and other great performance enhancements to an already speedy C#.

This is a handy list to have.  This is the top 25 most dangerous programming errors relating to the web and keeping websites (and user data) safe. Be sure when you are building and using frameworks that you do test or expect these types of behaviors.

The Top 25 is organized into three high-level categories that contain multiple CWE entries.

Insecure Interaction Between Components

These weaknesses are related to insecure ways in which data is sent and received between separate components, modules, programs, processes, threads, or systems.

• CWE-20: Improper Input Validation
• CWE-116: Improper Encoding or Escaping of Output
• CWE-89: Failure to Preserve SQL Query Structure (aka ‘SQL Injection’)
• CWE-79: Failure to Preserve Web Page Structure (aka ‘Cross-site Scripting’)
• CWE-78: Failure to Preserve OS Command Structure (aka ‘OS Command Injection’)
• CWE-319: Cleartext Transmission of Sensitive Information
• CWE-352: Cross-Site Request Forgery (CSRF)
• CWE-362: Race Condition
• CWE-209: Error Message Information Leak

Risky Resource Management

The weaknesses in this category are related to ways in which software does not properly manage the creation, usage, transfer, or destruction of important system resources.

• CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
• CWE-642: External Control of Critical State Data
• CWE-73: External Control of File Name or Path
• CWE-426: Untrusted Search Path
• CWE-94: Failure to Control Generation of Code (aka ‘Code Injection’)
• CWE-494: Download of Code Without Integrity Check
• CWE-404: Improper Resource Shutdown or Release
• CWE-665: Improper Initialization
• CWE-682: Incorrect Calculation

Porous Defenses

The weaknesses in this category are related to defensive techniques that are often misused, abused, or just plain ignored.

• CWE-285: Improper Access Control (Authorization)
• CWE-327: Use of a Broken or Risky Cryptographic Algorithm
• CWE-259: Hard-Coded Password
• CWE-732: Insecure Permission Assignment for Critical Resource
• CWE-330: Use of Insufficiently Random Values
• CWE-250: Execution with Unnecessary Privileges
• CWE-602: Client-Side Enforcement of Server-Side Security

Python 3000, the mythical creature for all future Python cleanup has been released.  It is breaking in many cases and will take time for all the great python libraries to be up to date but it is released.

Python 2.6 was released not too long ago as an update adding great stuff like simplejson within python.  But Python 3000 might be the release that draws lots of usage and programmers new and veteran.

Mono 2.0 the open source .NET framework has been released.  Mono has made it’s way into many great systems by now from websites to even 3d engines such as Unity3D. It is great to have a toolkit that is powerful, has a great language set from C# to Boo and that is available on multiple platforms.  From Windows, to *nix to of course Mac OSX built on unix, it all just works.

Having 2.0 solid and complete is a great step to making production apps run off of it.

Microsoft Compatible APIs

• ADO.NET 2.0 API for accessing databases.

• ASP.NET 2.0 API for developing Web-based applications.

• Windows.Forms 2.0 API to create desktop applications.

• System.XML 2.0: An API to manipulate XML documents.

• System.Core: Provides support for the Language Integrated Query (LINQ).

• System.Xml.Linq: Provides a LINQ provider for XML.

• System.Drawing 2.0 API: A portable graphics rendering API.

Mono APIs

• Gtk# 2.12: A binding to the Gtk+ 2.12 and GNOME libraries for creating desktop applications on Linux, Windows and MacOS X.
• Mono.Cecil: A library to manipulate ECMA CLI files (the native format used for executables and libraries).
• Mono.Cairo: A binding to the Cairo Graphics library to produce 2D graphics and render them into a variety of forms (images, windows, postscript and PDF).
• Mono’s SQLite support: a library to create and consume databases created with SQLite.
• Mono.Posix: a library to access Linux and Unix specific functionality from your managed application. With both a low-level interface as well as higher level interfaces.

Third Party APIs bundled with Mono

• Extensive support for databases: PostgresSQL, DB2, Oracle, Sybase, SQL server, SQLite and Firebird.
• C5 Generics Library: we are bundling the C5 generics collection class library as part of Mono.

Compilers

These compilers are part of the Mono 2.0 release:

• C# 3.0 compiler implementation, with full support for LINQ.
• Visual Basic 8 compiler.
• IL assembler and disassembler and the development toolchain required to create libraries and applications.

Great news!  Mono has made it to .NET 3.0 support and this includes some of the latest stuff like LINQ expressions.

I am pleased to announce that Mono C# compiler (gmcs) has now full C# 3.0 support. Most of the features has been available since Mono 1.2.6 release. However, with the upcoming Mono 2.0 release we will also support complex LINQ expressions and mainly expression trees which is fairly overlooked new feature with a lot of potential.

For anyone interested in compiling and running this LukeH’s slightly extreme LINQ example I have good news. It compiles on Mono and it runs as fast as on .NET.

PDF Editions

1-column for viewing online

2-column for printing

Table of Contents

Dedication

Acknowledgments

Curriculum Vitae

Abstract of the Dissertation

Introduction

CHAPTER 1: Software Architecture

1.1 Run-time Abstraction

1.2 Elements

1.3 Configurations

1.4 Properties

1.5 Styles

1.6 Patterns and Pattern Languages

1.7 Views

1.8 Related Work

1.9 Summary

CHAPTER 2: Network-based Application Architectures

2.1 Scope

2.2 Evaluating the Design of Application Architectures

2.3 Architectural Properties of Key Interest

2.4 Summary

CHAPTER 3: Network-based Architectural Styles

3.1 Classification Methodology

3.2 Data-flow Styles

3.3 Replication Styles

3.4 Hierarchical Styles

3.5 Mobile Code Styles

3.6 Peer-to-Peer Styles

3.7 Limitations

3.8 Related Work

3.9 Summary

CHAPTER 4: Designing the Web Architecture: Problems and Insights

4.1 WWW Application Domain Requirements

4.2 Problem

4.3 Approach

4.4 Summary

CHAPTER 5: Representational State Transfer (REST)

5.1 Deriving REST

5.2 REST Architectural Elements

5.3 REST Architectural Views

5.4 Related Work

5.5 Summary

CHAPTER 6: Experience and Evaluation

6.1 Standardizing the Web

6.2 REST Applied to URI

6.3 REST Applied to HTTP

6.4 Technology Transfer

6.5 Architectural Lessons

6.6 Summary

Conclusions

References

List of Figures

Figure 5-1. Null Style

Figure 5-2. Client-Server

Figure 5-3. Client-Stateless-Server

Figure 5-4. Client-Cache-Stateless-Server

Figure 5-5. Early WWW Architecture Diagram

Figure 5-6. Uniform-Client-Cache-Stateless-Server

Figure 5-7. Uniform-Layered-Client-Cache-Stateless-Server

Figure 5-8. REST

Figure 5-9. REST Derivation by Style Constraints

Figure 5-10. Process View of a REST-based Architecture

List of Tables

Table 3-1. Evaluation of Data-flow Styles for Network-based Hypermedia

Table 3-2. Evaluation of Replication Styles for Network-based Hypermedia

Table 3-3. Evaluation of Hierarchical Styles for Network-based Hypermedia

Table 3-4. Evaluation of Mobile Code Styles for Network-based Hypermedia

Table 3-5. Evaluation of Peer-to-Peer Styles for Network-based Hypermedia

Table 3-6. Evaluation Summary

Table 5-1. REST Data Elements

Table 5-2. REST Connectors

Table 5-3. REST Components

Lua is a very useful language for many things.  Extending core base code with modules and add-ons have made it very useful in game development but since Lua is table-based it can also be easily applied to web development. Well that time has come, See the Kepler Project for a nice collection of modules that make a good start for web development with Lua.

Kepler is an open source platform that brings the power of Lua to web development. There are a number of great Web development platforms out there but none balances portability, size, power and extensibility quite like Kepler does:

• Being extremely portable and light means that it can be installed in very constrained devices as much as in providers that limit the amount of RAM and processing time for your scripts.
• If you ever heard of the customization features of games such as World of Warcraft, think about all that power applied to web scripting.
• Being extensible means both that we can extend the platform by adding new modules and that the users of the applications that you build can extend those applications using Lua.

Kepler was created by Fábrica Digital and PUC-Rio and is continuously being improved by a core team of commiters (see Dev Team) and lots of contributors (see Credits).

Kepler is free software and uses the MIT license model: it can be used for both academic and commercial purposes at absolutely no cost. See the Kepler License for more details.

Kepler is a platform that uses LuaRocks to offer Modules such as:

• Page based and MVC XHTML generation (WSAPI, CGILua and Orbit)
• SQL and XML processing (LuaSQL and LuaExpat)
• Hash (MD5) and a pair crypt/decrypt
• Zip files reading (LuaZip)

The Lua community is constantly contributing with more modules that can be used with the Kepler Architecture. Most of those modules are catalogued on LuaForge and new ones keep coming.

Unix installation

Please check UNIX Installation for a detailed view of how to install Kepler on Unix machines (including OSX).

Windows installation

Installing Kepler on Windows does not require any C compiler and should work on any Windows machine with internet access.

1. Download LuaRocks and install it using install /SCRIPTS c:\luarocks\0.5.2
2. Add the LuaRocks scripts dir to your system path (the same directory used in the /SCRIPTS parameter above)
3. Install Kepler and Xavante using luarocks install kepler-xavante
4. Configure everything using setup-kepler and following the instructions
5. Use xavante to run Xavante as a tray bar application, or use ‘xavante_start’ to run Xavante from the command prompt. Another option is to run Kepler using CGI

Once Kepler is running, you might want to look at those pages:

• Hello World will tell you how to write a simple application
• Using a Database will tell you how to use some of the popular databases with Kepler.
• Configuring Web Servers will tell you how to use Kepler with some specific web servers.

The Kepler 1.1 Unix installer can be downloaded from its downloads page. Check the Installation page for more details and for the Windows installation instructions (using LuaRocks).

If you need the binaries for specifics Modules you can also get them from LuaForge, on the module respective project page.