Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 6 years ago.
Improve this question
I'm just about to rewrite my personal site/blog using ASP.NET 4/MVC. I usually use my private Subversion server for version control, but for this project I'm intending to use Git/GitHub —I've been using Git more and more recently and prefer the way it works. I'd also like to make my code open-source in case anyone else wants to use it to learn from.
My question is this: if I make the source code of my personal site publicly available on GitHub, am I exposing myself to an increased risk of security breaches?
I'm not concerned about intellectual property here, just about security—whatever code I write will be fairly basic anyway.
I realise that a) the open-source community leans very much toward the white-hat and b) my tiny web site is not by any means a worthwhile target.
Having said that, if I'm publishing my code and I make a mistake which results in a security hole (and I'm positive that at some stage I will, nobody's perfect), it only takes one malicious person to exploit it rather than letting me know and I'm screwed, aren't I?.
If you open-source it, it has a higher chance of being hacked, but you have a much higher chance of being told about it. If you don't, you may not get told about it if it happens.
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
Is there any standard way to build developer, just making the developers understand the code easily after delivering, if you have sample it's better
If you want to know how to make your code better, you need to read about SOLID and other object-oriented design patterns.
There are no official Apple developer programming style guides.
I.e.: no official "Programming Standards" exist.
Standard only exist in terms of UI, external appearance of your application.
Normal software development criteria apply:
commenting
using software patterns appropriately, as pointed out in another answer, SOLID makes a lot of sense. Just in order to understand Apple Frameworks you need to know software patterns: delegation, visitor, proxy, etc.
document requisites and change requests, api and architecture if the app is complex
don't rely too much on bug tracking, these tend to be abused (change requests marked as bugs) and might add too much complexity of their own (JIIRA).
your organization may adopt an existing programming "quality standard" and adapt it to iOS development. ITIL is and ISO are usually overkill.
Sometimes it makes no sense to over-optimize and over-engineer everything, including your code and programming standards.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 1 year ago.
Improve this question
From what I can tell from online forums and posts, one of the main focuses of BDD/ATDD seems to be on discussion and ensuring that the customer, developers, testers and other relevant parties are involved in the understanding what the system must do.
Question 1: Do BDD/ATDD stories replace the need for traditional requirement specifications, such as the those captured using the Volere Template?
Because the traditional requirement specifications are one of the key inputs for developers and testers, traditional requirement specifications tend to be comprehensive.
Question 2: Should BDD/ATDD stories also be comprehensive enough to allow a system to be fully tested?
Question 1: Instead of looking at this question as a black-and-white situation, we should better understand how these two requirements capture methods get along with each other. Writing a story in the BDD/ATDD methodologies, or in Scrum for example, does not imply removing the templates like volere off the table. If we take a look at the volere requirements specification here, we can see that most of the information regards to project-related issues, and the shell used for functional requirements is far from being different to a story. They just have different information, not exclusive one.
Question 2: Here we have the advantage coming from the methodology itself. BDD comes from TDD, we can more or less rely on the test-first oriented process to allow the team to test the system. But, as I mentioned in question 1, making a BDD/ATDD story more comprehensive is not a sin, and wouldn't compromise the general idea of the story. This would also prove useful when interacting with more experienced clients.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm about to start building a Rails app that will eventually need to vary CRUD access by user (i.e. which pages do they see, which can they edit, etc).
Is there a best stage of the development cycle to incorporate this?
Part of me feels like it should be the very first thing, since almost every piece of the interface will in some way rely on checking the user's ID, and it will be an inherent part of the DB structure.
Another part feels that this would overcomplicate things to start out with, and that I should instead build the core parts of the app, then layer on the authentication/authorization later.
Are there any best practices around this sort of thing?
I would say that if your system will rely on some kind of authentication... Why wait?
Let's say that you start developing your application without the authentication layer but at the same time you know that at some point you will have to do it. That means that at some point you will develop the authentication layer, and most likely you will have to refactor what you have already built to adapt it to this new layer.
Also, to try to convince you a little bit more...When you say:
I should instead build the core parts of the app
You should consider that the authentication module might be a core part of the app too...
I prefer to do it early, but you really have roughly the same amount of work in front of you regardless of when you do it. It really a matter of opinion on when you prefer to do it.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 7 years ago.
Improve this question
Background
I want to create a Cocoa Touch library where others will be limited to a finite number deployment builds using said library. However, there should be no limitations on the number of development builds.
I was considering a remote server which generates license-keys each associated with the library and a number of permitted deployment builds on the library.
When the user of the library builds for deployment, I need to check against the keys on the remote server.
Question
Does this seem like a sound approach for what I want to accomplish? If so, how does one check only for deployment builds while preventing the user from tampering with the script/binary that does the checking? If not, what would make it a sound approach?
Imagine the joy and rapture if every library you used was making calls to some random server, affecting your customers, hurting their experience. Making your development of your product a living hell for testing and distribution. Yea, that'd be a hoot.
Get a lawyer, get a solid contract, reserve the right to audit their sales, etc. Companies have had such arrangements for years, and actually abide by them with little more than a piece of paper and couple of signatures.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Recently, I found an interesting Wiki/CMS/Database hybrid called Wagn, where the most important unit of information is the 'Card'. That terminology immediately made me think of Hypercard. As expected, there is some "Hypercard-ness" in that application.
Do you know of other web applications/frameworks with that "Hypercard-ness" thing, or if its successor still must be invented?
Note: I insist on web applications because I already know the desktop ones.
Check out Runtime Revolution at http://www.runrev.com they have a language/IDE that is the spiritual successor to HyperCard. They also have a product in beta called RevWeb which is a plugin not unlike Flash that is able to execute stacks.
Now more on the web framework front, checkout Rodeo at http://alltiera.com/ which is a HyperCard like web application that generates HTML/CSS/JS stuff for you.
I am a customer of Runtime Revolution but I haven't used Rodeo so I can only help with building web applications using RevTalk (like HyperTalk) and not with Rodeo.
There was http://tilestack.com for a while. Sadly it closed down again. It even imported HyperCard stacks.
I have found that quote from Dan Ingalls in the book "Coders At Work" (p.382):
"A decade or two ago there was Hypercard [...] It's really strange that that whole experience didn't naturally go right into the web. I think there's still a role to be filled there with tools as simple as HyperCard and as immediate as the web. It would be cool if it went that way.".
If one of the inventor of Smalltalk is asking that question too, I'm almost sure that there is no valid answers...
Anyone interested in inventing that future?
Google's AppEngine is being called the web Hypercard.
http://www.skrenta.com/2008/04/appengine_web_hypercard_finall.html
Googel App Engine - http://code.google.com/appengine/