Every year, we will propose a challenge to coders to solve a simple data processing problem, but with covert malicious behavior. Examples include miscounting votes, shaving money from financial transactions, or leaking information to an eavesdropper. The main goal, however, is to write source code that easily passes visual inspection by other programmers.

Symbian Horizon is an application-publishing platform designed to reduce barriers to success and increase the profitability of delivering applications on the Symbian platform. Horizon will provide a service that allows developers to write an application once, and publish in dozens of stores worldwide.

Over time, though, my initially rosy feelings towards ORMs have begun to sour. I gradually realised I was spending a disproportionate amount of time trying to coax the ORM into doing my bidding - and when I succeeded, the results were often ugly, slow and needlessly opaque. Analysing the performance of some of the more complicated portions of my data access layer was often painful, and I spent cumulative hours poring over generated SQL, trying to figure out what the ORM was doing and why. Usually, improving performance involved side-stepping the ORM altogether. Recently, a particularly gnarly performance issue prompted me to ditch the ORM from a project altogether, with surprisingly pleasant results.

Some of our PERL tools require some CPAN modules that are not part of the standard Ubuntu distribution. It's obviously possible to install the module using CPAN but I like using deb packages where possible as then you only have one repository to manage. Fortunately with dh-make-perl it is possible to quickly turn any CPAN module in to a debian package!

The basic policy for Actionscript is very close to the Javascript same-origin policy: A Flash object can only access content from the domain it originated from. There are exceptions, which I'll get into another time, but they actually aren't particularly important. This flash behavior is known and documented, but is not particularly well-understood, even within the Web Application Security community. The important difference, of course, is that flash objects are not web pages. A flash object does not need to be injected into a web page to execute- simply loading the content is enough. Let's consider the implications of this policy for a moment: If I can get a Flash object onto your server, I can execute scripts in the context of your domain.

This is a frighteningly Bad Thing. How many web sites allow users to upload files of some sort? How many of those sites serve files back to users from the same domain as the rest of the application? Nearly every one of them is vulnerable.

Piwik is a downloadable, open source (GPL licensed) web analytics software program. It provides you with detailed real time reports on your website visitors: the search engines and keywords they used, the language they speak, your popular pages… and so much more.

Piwik aims to be an open source alternative to Google Analytics.

Software maintenance is not like hardware maintenance, which is the return of the item to its original state. Software maintenance involves moving an item away from its original state. It encompasses all activities associated with the process of changing software. That includes everything associated with "bug fixes," functional and performance enhancements, providing backward compatibility, updating its algorithm, covering up hardware errors, creating user-interface access methods, and other cosmetic changes.

In software, adding a six-lane automobile expressway to a railroad bridge is considered maintenance—and it would be particularly valuable if you could do it without stopping the train traffic.

Is it possible to design software so it can be maintained in this way? Yes, it is. So, why don't we?

Complaining about poor internal documentation is an old practice, but there's a reason that doing it right is important. Your comments are the only way you have to speak to the next person looking at this software (that may be you) about the larger scope of the software, not just this line-or-two. What were you thinking when you wrote this code? Yes, "self-documenting code" is a goal, but it's arrogant to assume that you've achieved it, any more than it's arrogant of me to assume that my words need no editing. (They do. I'm happiest when I have an editor.)

Another common problem in comment ugliness is developers who update the code and don't update the comments; as one consultant pointed out, comments aren't tested. But doesn't that show a lack of attention to detail, too? Anytime you aren't paying full attention, you're apt to drop a logic bit.

Sitemaps are an easy way for webmasters to inform search engines about pages on their sites that are available for crawling. In its simplest form, a Sitemap is an XML file that lists URLs for a site along with additional metadata about each URL (when it was last updated, how often it usually changes, and how important it is, relative to other URLs in the site) so that search engines can more intelligently crawl the site. Web crawlers usually discover pages from links within the site and from other sites. Sitemaps supplement this data to allow crawlers that support Sitemaps to pick up all URLs in the Sitemap and learn about those URLs using the associated metadata. Using the Sitemap protocol does not guarantee that web pages are included in search engines, but provides hints for web crawlers to do a better job of crawling your site.

a systems programming language

expressive, concurrent, garbage-collected