Pull to refresh
712.81
Rating

Programming *

The art of creating computer programs

Show first
  • New
  • Top
Rating limit
  • All
  • ≥0
  • ≥10
  • ≥25
  • ≥50
  • ≥100

Architectural approaches to authorization in server applications: Activity-Based Access Control Framework

Information Security *Programming *Java *GitHub Software
Translation

This article is about security. I’ll focus on this in the context of web applications, but I’ll also touch on other types of applications. Before I describe approaches and frameworks, I want to tell you a story.


Background


Throughout my years working in the IT sphere, I’ve had the opportunity to work on projects in a variety of fields. Even though the process of authenticating requirements remained relatively consistent, methods of implementing the authorization mechanism tended to be quite different from project to project. Authorization had to be written practically from scratch for the specific goals of each project; we had to develop an architectural solution, then modify it with changing requirements, test it, etc. All this was considered a common process that developers could not avoid. Every time someone implemented a new architectural approach, we felt more and more that we should come up with a general approach that would cover the main authorization tasks and (most importantly) could be reused on other applications. This article takes a look at a generalized architectural approach to authorization based on an example of a developed framework.


Approaches to Creating a Framework


As usual, before developing something new, we need to decide what problems we’re trying to solve, how the framework will help us solve them, and whether or not there is already a solution to these issues. I’ll walk you through each step, starting with identifying issues and describing our desired solution.


We’re focusing on two styles of coding: imperative and declarative. Imperative style is about how to get a result; declarative is about what you want to get as a result.

Read more →
Rating 0
Views 532
Comments 0

What is one of the most common mistakes beginner developers make

Website development *Programming *Studying in IT IT career

It may seem that when you are a beginner, you'll do simple things only. No need to learn data structures and algorithms. No need to understand Big O notation, complexity and stuff like that. 

This couldn't be further away from the truth!

In 2008, when I just started learning to program, I spent a lot of time reading books on PHP and MySQL. Months later, when I felt confident, I took my first freelance project. It was a real estate website. A simple one. I used a custom-made ORM and everything worked just fine!

When I released it, the search feature quickly became sluggish and made the website unusable. 

I was wondering what the heck had happened. I figured out that database queries became very slow when there were over 200 real estate objects added to it. 

This is it. What worked fine during testing did not work in real life.

I was a self-taught developer. I did not know how to measure if my project scaled well. I didn't even know that I had to do it.

I thought algorithms mattered only for launching a spaceship.

If I had some basic understanding of algorithms, I would have known that the more the input, the longer it takes. 

I am not saying I would have come up with a robust solution as a junior, but I would have looked for a solution because I knew there would be a problem. 

Please, don't make the same mistake!

Of course, data structures and algorithms are much more than that and they apply differently depending on what you work on.

But a basic understanding of data structures and algorithms is a must for every software developer. 

Read more
Total votes 1: ↑0 and ↓1 -1
Views 778
Comments 1

9 Reasons Why Students Don’t Want You as a Teacher

Programming *Machine learning *Studying in IT Social networks and communities Learning languages
Teaching is hard! Finding a way to explain ideas and concepts, finding an approach to each individual among your students, each having a unique mind and learning capabilities. Being patient and creative, friendly but respective, kind but fair. You have to understand complex stuff and be able to present them in the simplest of ways. There are so many things that you must balance and consider in your work. Teachers, you are heroes, the every-day heroes! With this heroic work comes a responsibility. A responsibility of keeping yourself accountable for your student’s education. Some teachers forget about that and stay oblivious to the mistakes they are making. We’ve compiled a list of 9 Reasons Why Students Don’t Want You as a Teacher. We sincerely hope that it will help you to self-reflect, better connect with your students and achieve better results during your lessons.
Total votes 1: ↑0 and ↓1 -1
Views 1K
Comments 0

Top-10 Bugs Found in C# Projects in 2020

PVS-Studio corporate blog Programming *.NET *C# *
image1.png

This tough year, 2020, will soon be over at last, which means it's time to look back at our accomplishments! Over the year, the PVS-Studio team has written quite a number of articles covering a large variety of bugs found in open-source projects with the help of PVS-Studio. This 2020 Top-10 list of bugs in C# projects presents the most interesting specimens. Enjoy the reading!
Read more →
Total votes 1: ↑0 and ↓1 -1
Views 1K
Comments 0

Big / Bug Data: Analyzing the Apache Flink Source Code

PVS-Studio corporate blog Programming *Java *Apache *Big Data *
image1.png

Applications used in the field of Big Data process huge amounts of information, and this often happens in real time. Naturally, such applications must be highly reliable so that no error in the code can interfere with data processing. To achieve high reliability, one needs to keep a wary eye on the code quality of projects developed for this area. The PVS-Studio static analyzer is one of the solutions to this problem. Today, the Apache Flink project developed by the Apache Software Foundation, one of the leaders in the Big Data software market, was chosen as a test subject for the analyzer.
Read more →
Total votes 1: ↑0 and ↓1 -1
Views 451
Comments 0

The Rules for Data Processing Pipeline Builders

Badoo corporate blog Programming *Data storages *DevOps *


"Come, let us make bricks, and burn them thoroughly."
– legendary builders

You may have noticed by 2020 that data is eating the world. And whenever any reasonable amount of data needs processing, a complicated multi-stage data processing pipeline will be involved.


At Bumble — the parent company operating Badoo and Bumble apps — we apply hundreds of data transforming steps while processing our data sources: a high volume of user-generated events, production databases and external systems. This all adds up to quite a complex system! And just as with any other engineering system, unless carefully maintained, pipelines tend to turn into a house of cards — failing daily, requiring manual data fixes and constant monitoring.


For this reason, I want to share certain good engineering practises with you, ones that make it possible to build scalable data processing pipelines from composable steps. While some engineers understand such rules intuitively, I had to learn them by doing, making mistakes, fixing, sweating and fixing things again…


So behold! I bring you my favourite Rules for Data Processing Pipeline Builders.

Read more →
Total votes 9: ↑9 and ↓0 +9
Views 2.7K
Comments 2

Algorithms in Go: Sliding Window Pattern

Programming *Algorithms *Go *
Sandbox

Let's consider the following problem: we have an array of integers and we need to find out the length of the smallest subarray the sum of which is no less than the target number. If we don't have such a subarray we shall return -1.

We can start with a naive approach and consider every possible subarray in the input:

Continue reading
Total votes 5: ↑5 and ↓0 +5
Views 2.8K
Comments 4

Russian AI Cup 2020 — a new strategy game for developers

Mail.ru Group corporate blog Abnormal programming *Entertaining tasks Programming *Artificial Intelligence


This year, many processes transformed, with traditions and habits being modified. The rhythm of life has changed, and there's more uncertainty and strain. But IT person's soul wants diversity, and many developers have asked us if annual Russian AI Cup will be held this year. Is there going to be an announcement? What is the main theme of the upcoming championship? Should I take a vacation?

Though some changes are expected, it will be held in keeping with the best traditions. In the run-up, we will announce one of today's largest online AI programming championships — Russian AI Cup. We invite you to make history!
Total votes 15: ↑15 and ↓0 +15
Views 1.4K
Comments 0

The Code Analyzer is wrong. Long live the Analyzer

PVS-Studio corporate blog Programming *C++ *
Foo(std::move(buffer), line_buffer - buffer.get());

Combining many actions in a single C++ expression is a bad practice, as such code is hard to understand, maintain, and it is easy to make mistakes in it. For example, one can instill a bug by reconciling different actions when evaluating function arguments. We agree with the classic recommendation that code should be simple and clear. Now let's look at an interesting case where the PVS-Studio analyzer is technically wrong, but from a practical point of view, the code should still be changed.
Read more →
Total votes 3: ↑2 and ↓1 +1
Views 513
Comments 0

Spring Boot app with Apache Kafka in Docker container

Programming *Java *Apache *Industrial Programming *
Translation
Tutorial

Privet, comrads!

In this article i’ll show how easy it is to setup Spring Java app with Kafka message brocker. We will use docker containers for kafka zookeeper/brocker apps and configure plaintext authorization for access from both local and external net.

Link to final project on github can be picked up at the end of the article.

Read more
Total votes 1: ↑1 and ↓0 +1
Views 11K
Comments 1

Why PVS-Studio Doesn't Offer Automatic Fixes

PVS-Studio corporate blog Programming *Perfect code *C++ *C *
Why PVS-Studio Doesn't Offer Automatic Fixes

Static analyzer PVS-Studio can detect bugs in pretty complex and intricate parts of code, and coming up with appropriate fixes for such bugs may be a tough task even for human developers. That's exactly the reason why we should avoid offering any options for automatic fixing at all. Here are a couple of examples.
Read more →
Total votes 4: ↑2 and ↓2 0
Views 492
Comments 0

Checking the Code of DeepSpeech, or Why You Shouldn't Write in namespace std

PVS-Studio corporate blog Programming *C++ *
DeepSpeech is an open-source speech recognition engine developed by Mozilla. It's pretty fast and ranks high, which makes its source code an interesting target for static analysis. In this article, I'll show you some of the bugs found in DeepSpeech's C++ code.

image1.png

Introduction


We have already scanned a few projects based on machine learning before, so there was nothing new about DeepSpeech to us in this respect. No wonder since the project is quite popular: as of this writing, it has 15k stars on GitHub.
Read more →
Total votes 2: ↑1 and ↓1 0
Views 340
Comments 0

7 Best Practices Every Budding React.JS Developer Must Follow to Excel

Web design *JavaScript *Programming *ReactJS *
image

With the advancement in web technology, the entire globe is sliding towards the online tech sphere. The globe around us is going tech-centric day by day and thus the demand for front-end designers and developers also.

Whatever, be the purpose, people just google things and get their desired result. This is all because of the increase in the evolution of web and mobile app development. While we all know that to be a Web developer, you need to have basic skills of HTML, CSS, and JavaScript, but, with time React.js emerged into the technology stack of the web development field and outdated JavaScript.

A Report by JS reflects that 64.8% of the web developers prefer to use the React.JS framework and would love to use it again and again in the future. It has even beaten other categories of frameworks that are Vue.js with 28.8% votes and Angular with 23.9% votes. This is the reason why the demand for React.JS development companies is at an all-time high.

image

With React, it becomes painless to build an interactive user interface. It efficiently updates and renders the right components when changes are made.

Before you use React.js as web technology, let’s have a look at the practices that every React.js developer should follow to write better react codes for their application.
Read more →
Total votes 1: ↑1 and ↓0 +1
Views 4.5K
Comments 3

Using Flex (Fast Lexical Analyzer Generator)

Programming *Compilers *
Lexical analysis is the first stage of a compilation process. It's used for getting a token sequence from source code. It gets an input character sequence and finds out what the token is in the start position, whether it's a language keyword, an identifier, a constant (also called a literal), or, maybe, some error. A lexical analyzer (also known as tokenizer) sends a stream of tokens further, into a parser, which builds an AST (abstract syntax tree).

It's possible to write a lexer from scratch, but much more convenient to use any lexer generator. If we define some parsing rules, corresponding to an input language syntax, we get a complete lexical analyzer (tokenizer), which can extract tokens from an input program text and pass them to a parser.

One of such generators is Flex. In this article, we'll examine how it works in general, and observe some nontrivial nuances of developing a lexer with Flex.
Read more →
Total votes 5: ↑5 and ↓0 +5
Views 2.5K
Comments 4

Why it is important to apply static analysis for open libraries that you add to your project

PVS-Studio corporate blog Open source *Programming *Perfect code *C++ *
PVS-Studio and Awesome header-only C++ libraries

Modern applications are built from third-party libraries like a wall from bricks. Their usage is the only option to complete the project in a reasonable time, spending a sensible budget, so it's a usual practice. However, taking all the bricks indiscriminately may not be such a good idea. If there are several options, it is useful to take time to analyze open libraries in order to choose the best one.
Read more →
Total votes 1: ↑0 and ↓1 -1
Views 494
Comments 1

Why code reviews are good, but not enough

PVS-Studio corporate blog Information Security *Programming *C++ *
image1.png

Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.
Read more →
Rating 0
Views 674
Comments 0

Checking QEMU using PVS-Studio

PVS-Studio corporate blog Open source *Programming *C++ *C *
image1.png

QEMU is a rather well-known application for emulation. Static analysis can help developers of complex projects such as QEMU catch errors at early stages and generally improve quality and reliability of a project. In this article, we will check the source code of the QEMU application for potential vulnerabilities and errors using the PVS-Studio static analysis tool.
Read more →
Total votes 3: ↑3 and ↓0 +3
Views 489
Comments 0

Dark code-style academy: line breaks, spacing, and indentation

Abnormal programming *Programming *Perfect code *

Hey guys! Let me walk you through the next part of our dark-style code academy. In this post, we will discover some other ways how to slow down the reading speed of your code. The next approaches will help you to decrease maintenance and increase a chance to get a bug in your code. Ready? Let's get started.

Read more
Total votes 1: ↑1 and ↓0 +1
Views 1.7K
Comments 1

Authors' contribution