Skip to content

Software Development News: .NET, Java, PHP, Ruby, Agile, Databases, SOA, JavaScript, Open Source

Methods & Tools

Subscribe to Methods & Tools
if you are not afraid to read more than one page to be a smarter software developer, software tester or project manager!

Open Source

Dojo Security Advisory 2014-12-08

The Dojo Toolkit - Announcements - Tue, 12/09/2014 - 21:04
Introduction

Several XSS vulnerabilities have been discovered and fixed in the Dojo Toolkit.

Masato Kinugawa discovered a security flaw in the SWF component of the dojox/form/FileUploader widget that allows for cross-site scripting attacks on domains hosting the affected SWF.

After evaluating the disclosed vulnerability, similar additional XSS vulnerabilities were discovered by the Dojo Toolkit security team in other dojox components including dojox/av/FLAudio, dojox/av/FLVideo, and dojox/form/Uploader. A potential XSS vulnerability with a different attack vector was also discovered in dojox/embed/Flash.

Note that these vulnerabilities are isolated to the dojox package; if you publish only the dojo and/or dijit packages, you are not affected by this security advisory and do not need to take any action. We recommend that all users that publish the dojox package upgrade to the latest point release.

Vulnerable

Dojo Toolkit 1.2
Dojo Toolkit 1.3
Dojo Toolkit 1.4.5 and earlier
Dojo Toolkit 1.5.3 and earlier
Dojo Toolkit 1.6.2 and earlier
Dojo Toolkit 1.7.7 and earlier
Dojo Toolkit 1.8.8 and earlier
Dojo Toolkit 1.9.5 and earlier
Dojo Toolkit 1.10.2 and earlier

Patches

New versions of the Dojo Toolkit have been released containing fixes for the vulnerabilities listed in this security advisory:

1.4.6 (patch)
1.5.4 (patch)
1.6.3 (patch)
1.7.8 (patch)
1.8.9 (patch)
1.9.6 (patch)
1.10.3 (patch)

Dojo 1.3 and earlier are end-of-life products. Users running Dojo 1.3 and earlier are urged to upgrade immediately to a more recent version of the toolkit.

Workarounds

1. Delete the SWF files listed under “attack vector” below; and
2. Ensure all user input passed to dojox/embed/Flash is HTML escaped.

Attack vector

http://xxx/dojox/av/resources/audio.swf?id=\"))-alert(1);}catch(e){}//

http://xxx/dojox/av/resources/video.swf?id=\"))-alert(1);}catch(e){}//

http://xxx/dojox/av/resources/video.swf?src=…?\"))-alert(1);}catch(e){}//

http://xxx/dojox/av/resources/video.swf?videoUrl=…?\"))-alert(1);}catch(e){}//

http://xxx/dojox/form/resources/fileuploader.swf?flashButton=%3A\"))-alert(1);}catch(e){}//%3B

http://xxx/dojox/form/resources/fileuploader.swf?id=\"))-alert(1);}catch(e){}//

http://xxx/dojox/form/resources/uploader.swf?id=\"))-alert(1);}catch(e){}//

Impact

Cross-site scripting.

CVSS Severity (2.0)

CVSS Base Score: 4.3
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Temporal Score: 3.2
CVSS Environmental Score: Not Defined
Modified Impact Subscore: Not Defined
Overall CVSS Score: 3.2

CVSS v2 Vector (AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Background

The Adobe Flash Player ExternalInterface API contains a known security issue where backslashes in strings passed to ExternalInterface.call are not correctly escaped by the Flash Player runtime. This enables arbitrary code to be executed if unsanitised user input is passed through ExternalInterface.call. Several SWF files inside the Dojo Toolkit passed unsanitised user data through ExternalInterface.call to console.log and dojo.publish, introducing a cross-site scripting vulnerability.

Additionally, JavaScript code in dojox/embed/Flash performs string building of HTML for injection to the page without ensuring special characters are properly encoded. This allowed arbitrary HTML to be injected onto a page that uses dojox/embed/Flash if unsanitised user input were passed to it.

Timeline

2014-12-03: Initial disclosure.
2014-12-04: Security team notified of issue.
2014-12-08: Patch released and initial announcement.
2014-12-09: Full announcement.

What can I do to prevent this from happening in the future?

There is currently a lot of crufty old code in dojox that is unmaintained or undermaintained. We need more developers that use Dojo and are interested in adopting some of this old code, or developers who want to help us finish Dojo 2 so that we can replace this old code with new code that follows modern best practices for Web development.

If you’re interested in lending a helping hand, please get in touch by posting on the mailing list or visiting us at #dojo on irc.freenode.net. Thanks!

Categories: Open Source, RIA

ANTLR 4 IDE

  • ANTLR 4.x
  • Advanced Syntax Highlighting (even for target language)
  • Automatic Code Generation (on save)
  • Manual Code Generation (through External Tools menu)
  • Code Formatter (Ctrl+Shift+F)
  • Syntax Diagrams as HTML
  • Live Parse Tree evaluation
  • Advanced Rule Navigation between files (F3 or Ctrl+Click over a rule)
  • Quick fixes
Categories: Open Source

2014-12-09 - NEW TOOL: Pseudo-localizer

UIZE JavaScript Framework - Tue, 12/09/2014 - 09:00
The new Pseudo-localizer tool (which makes use of the Uize.Widgets.Tools.PseudoLocalizer widget module) lets you experiment with the technique of pseudo-localiztion.
Categories: Open Source, RIA

FOSDEM PGDay 2015 and Devroom - Schedule posted and registration open

PostgreSQL News - Tue, 12/09/2014 - 01:00

We have finished the schedule for FOSDEM PGDay and the PostgreSQL Devroom at FOSDEM 2015 - our apologies for the delay in processing!

You will find a number of great talks both on PostgreSQL usage and development from great speakers. And of course, it will as usual feature the Hallway Track, where you can network with fellow PostgreSQL users!

We have also opened registration. Number of seats are limited, and as we sold out last year, we recommend that you make your reservation as soon as possible. Registration is €50 for all attendees for the PGDay on Friday. No registration is necessary if you only want to attend the Devroom at FOSDEM on Saturday.

Finally, we'd like to remind you that our rate with the conference hotel (Marriott Brussels) will expire on Dec 15th. Therefore, we recommend that you book your accommodations as soon as possible!

We hope to see you in Brussels in January!

Categories: Database, Open Source

FitNesse Eclipse

This plugin provides FitNesse editing capabilities from within the eclipse workspace.

Categories: Open Source

Projects of the Week, December 8, 2014

SourceForge.net: Front page news - Mon, 12/08/2014 - 07:08

Here are the featured projects for the week, which appear on the front page of SourceForge.net:

wxPython

A set of Python extension modules that wrap the cross-platform GUI classes from wxWidgets.

[ Download wxPython ]

devkitPro

This project is for Homebrew console development tools that are based on the gnu compiler collection, with additional tools and libraries to aid programming each supported console. The windows variants are built with MinGW.

[ Download devkitPro ]

simutrans

Simutrans is a cross-platform simulation game where players try to successfully manage transportation systems between places by land, air, and water for passengers, mail, and goods. Planes, ships, trains, trams, trucks, buses, or monorails are at your disposal, but factories operate based on contracts and passengers can only travel to their set destinations.

[ Download simutrans ]

TeXstudio – A LaTeX Editor

TeXstudio is a fully featured LaTeX editor. Our goal is to make writing LaTeX documents as easy and comfortable as possible. Some of the outstanding features of TeXstudio are an integrated PDF viewer with (almost) word-level synchronization, live inline preview, advanced syntax-highlighting, live checking of references, citations, latex commands, spelling and grammar.

[ Download TeXstudio - A LaTeX Editor ]

TYPO3

TYPO3 is an enterprise class Web CMS written in PHP/MySQL. It’s designed to be extended with custom written back end modules and front end libraries for special functionality. It has very powerful integration of image manipulation.

[ Download TYPO3 ]

FileBot

FileBot is the ultimate tool for renaming your movies, TV shows, or anime and downloading subtitles. It’s smart, streamlined for simplicity, and just works. FileBot supports Windows, Linux, and Mac and includes a full-featured command-line interface for all sorts of automation.

[ Download FileBot ]

Linux Lite

Linux Lite is suitable for people who are new to Linux or who want a fully functional lightweight environment. Linux Lite is based on the Ubuntu LTS series giving you 5 years of support per major release. The following software is included: LibreOffice Suite, VLC Media Player, Firefox Web Browser, Thunderbird Email, Steam, Gimp Image Editor, Lite User Manager, Lite Software, Lite Cleaner, Lite Manual and more.

[ Download Linux Lite ]

Shareaza

Shareaza is a very powerful multi-network peer-to-peer file-sharing client supporting Gnutella² G2, Gnutella, eDonkey2000 / eMule, DC++, HTTP, FTP and BitTorrent / DHT protocols for Windows or Wine.

[ Download Shareaza ]

SMPlayer

SMPlayer is a free media player for Windows and Linux with built-in codecs that can also play and download YouTube videos. One of the most interesting features of SMPlayer is that it remembers the settings of all files you play. SMPlayer is a graphical user interface (GUI) for the award-winning MPlayer, which is capable of playing almost all known video and audio formats.

[ Download SMPlayer ]

Categories: Open Source

Google Summer of Code Wrap up: 52°North

Google Open Source Blog - Fri, 12/05/2014 - 18:00
Today’s Google Summer of Code wrap up comes to us from Daniel Nüst at 52°North, an international network of partners fostering innovation in Geoinformatics R&D.52north.pngThe open source software initiative 52°North completed its third year in a row as a Google Summer of Code (GSoC) mentoring organization. We were pleased to work with four students this summer. 52°North’s overall goals for the projects were to extend software with strategically promising features and to improve usability of the software.

Dushyant Sabharwal implemented a graphical user interface and permissions editor - the Time Series Protector – for administrators in his project “Access Control UI For SOS Servers“. This permissions editor regulates permission to access data via a Sensor Observation Service (SOS). An administrator can now define permissions for particular user roles which control how (operation granularity) the user can access which data (parameter granularity). The 52°North Security API handles access enforcement.

In his “ILWIS mobile app“, Bouke Pieter Ottow extended the ILWIS framework for geodata capture with a mobile application. The Gatherer app enables users to collect spatial data, store it on a remote server (while in the field or using a local template and cache) and access and visualize spatial background data, such as base maps, historic measurements or administrative maps.

Rahul Raja’s project “enviroCar UX Design“ extended the existing open source enviroCar Android application. The result is a more user-friendly app. He polished up the appearance, added various parameters and localization features, and enhanced the profile page to include track information, stats and graphs.

Simona Badoiu tackled the integration of Rasdaman as a data storage backend to the 52°North Sensor Observation Service (SOS) implementation. The “Sensor Data Access for Rasdaman“ is a complex and very challenging project, which required a good understanding of three different projects: Rasdaman, ASQLDB, and HSQLDB. Simona was able to provide a first prototype of the integration of array data and the Sensor Web data retrieval service SOS.

By Daniel Nüst, 52°North Organization Administrator and Mentor
Categories: Open Source

open-here-eclipse

Date Created: December 3, 2014 - 16:16Date Updated: January 14, 2015 - 14:08Submitted by: Fredy Wijaya

An Eclipse plugin to open console and file browser.

This plugin supports Windows, Mac OSX, and Linux (Gnome, KDE, XFCE, MATE, Cinnamon, and LXDE). This plugin also allows specifying custom console and file browser commands in the Windows -> Preferences -> Open Here.

Categories: Open Source

saneclipse

Date Created: December 3, 2014 - 04:49Date Updated: January 14, 2015 - 16:13Submitted by: Lars Vogel

Improved settings and code templates for Eclipse

This project provides a set of plug-ins which:

Registers several default file endings if the Eclipse text editor, because opening the system editor is typically not the desired behavior
Adds more JDT templates for JFace, Android and Java programmer
Configures the preference at startup of Eclipse to defaults we think have proven to be reasonable

Categories: Open Source

GWT 2014 Survey

Google Web Toolkit Blog - Tue, 12/02/2014 - 01:26
The GWT development community has been using GWT survey results for the past two years as valuable input into planning for future GWT releases. Please help us continue this for next year, by filling in this year's GWT survey, conducted by Vaadin Ltd. This survey is similar to the GWT 2013 survey, whose results can now be downloaded directly from http://www.gwtproject.org/gwt_surveys.html
Vaadin plans to make the results of the survey freely available in February 2015 at GWT.create and for free online at the same time.
Categories: Java, Open Source, Vendor

3, 2, 1 Code-in: Inviting teens to contribute to open source

Google Open Source Blog - Mon, 12/01/2014 - 21:15

Code-in 2014 logo

We believe that the key to getting students excited about computer science is to give them opportunities at ever younger ages to explore their creativity with computer science. That’s why we’re running the Google Code-in contest again this year, and today’s the day students can go to the contest site, register and start looking for tasks that interest them.

Ignacio Rodriguez was just 10 years old when he became curious about Sugar, the open source learning platform introduced nationally to students in Uruguay when he was in elementary school. With the encouragement of his teacher, Ignacio started asking questions of the developers writing and maintaining the code and he started playing around with things, a great way to learn to code. When he turned 14 he entered the Google Code-in contest completing tasks that included writing two new web services for Sugar and he created four new Sugar activities. He even continued to mentor other students throughout the contest period.  His enthusiasm for coding and making the software even better for future users earned him a spot as a 2013 Grand Prize Winner.

Ignacio is one of the 1,575 students from 78 countries that have participated in Google Code-in since 2010. We are encouraging 13-17 year old students to explore the many varied ways they can contribute to open source software development through the Google Code-in contest. Because open source is a collaborative effort, the contest is designed as a streamlined entry point for students into software development by having mentors assigned to each task that a student works on during the contest. Students don’t have to be coders to participate; as with any software project, there are many ways to contribute to the project.  Students will be able to choose from documentation, outreach, research, training, user interface and quality assurance tasks in addition to coding tasks.

This year, students can choose tasks created by 12 open source organizations working ondisaster relief, content management, desktop environments, gaming, medical record systems for developing countries, 3D solid modeling computer-aided design and operating systems to name a few.  

For more information on the contest, please visit the contest site where you can find the timeline, Frequently Asked Questions and information on each of the open source projects students can work with during the seven week contest.

Good luck students!
By Stephanie Taylor, Open Source Programs
Categories: Open Source

Advanced Google Maps Functionality Tutorial

DevX: Open Source Articles - Mon, 12/01/2014 - 13:13
Learn more about some advanced techniques used when integrating Google maps with web applications.
Categories: Open Source

December 2014, “Community Choice” Project of the Month – SCons

SourceForge.net: Front page news - Mon, 12/01/2014 - 07:08

For our December “Community Choice” Project of the Month, the SourceForge community elected SCons, a software construction tool that is a superior alternative to the classic make build tool that we all know and love. The SCons team shared their thoughts about the project’s history, purpose, and direction.

SourceForge (SF): Tell me about the SCons project please.

SCons Team: Well, first, many thanks to the SourceForge community for choosing SCons as “Community Choice” Project of the Month! It’s an honor.

SCons is a software construction tool (build tool, or make tool) implemented in Python, which uses Python scripts as “configuration files” for software builds. It is an easier, more reliable, and faster way to build software, solving a number of problems associated with other build tools, especially including the classic and ubiquitous make itself.

Distinctive features of SCons include: a modular design that lends itself to being embedded in other applications; a global view of all dependencies in the source tree; an improved model for parallel (“-j”) builds; automatic scanning of files for dependencies; use of MD5 signatures for deciding whether a file
is up-to-date; use of Python functions or objects to build target files; and easy user extensibility.

Also, SCons is built with itself, using test-driven development with an extensive test suite.

SF: What made you start this?

SCons Team: SCons has a direct predecessor named Cons, which was written in Perl. The original goal of Cons was to help scientists who are not experts
in programming build their simulation codes and experiments in a reliable, friendly, and intuitive way, while being easy to extend to very complex builds.
It used the same approach of specifying your build description in a full scripting language, but was programmed more in a monolithic fashion. For a user it wasn’t easy to extend the build system when he wanted to support a different kind of compiler for example. And people, especially newcomers, didn’t really like Perl as a language that much. That’s when the idea of marrying the friendlier syntax of Python to the architectural advantages of Cons was born.

The resulting merged design, at that time named ScCons, won the Software Carpentry build tool competition in 2000. CodeSourcery (by then the administrators of the competition) ultimately decided not to fund development of the build tool, but Steven Knight and several other contributors took the basic idea to the first SCons release on December 13, 2001.

SF: Has the original vision been achieved?

SCons Team: A large number of open-source projects, companies, universities, and other scientific institutions use SCons as their build system, and are
very happy with its stability and ease of maintenance. There are also several projects like Parts, PlatformIO, Madagascar, and FuDePAN, which use the SCons framework as a building block to provide highly specialized build environments to their users.

So, we can say that the goal of delivering a stable, reliable and extensible tool that can be used for industrial-strength software builds has truly been met.

SF: Who can benefit the most from your project?

SCons Team: Anybody who has to build something. Building here not only refers to the classic compilation of C/C++ files to programs and libraries, but
also to creating PDF files from LaTeX documents, for example. If you have to create files from one or several sources, while correctly tracking the dependencies between those files, SCons is the right tool for the job.

SF: What is the need for this software development tool?

SCons Team: Of course there are already many build systems out there. What makes SCons stand out from this crowd are two main points:

  1. The ability to create large and complex builds in a single run, while correctly tracking all dependencies, and with full parallel support.
  2. It’s easily extensible: Any user can override the default behavior of SCons to support different compilers/tools, or can change command-line options for their special build situation, without having to change the core sources. And they can wrap changes into a Python module, which can then be shared with colleagues and friends, or the users of an open-source project that want to build from source on their local machine.

SF: What’s the best way to get the most out of using SCons?

SCons Team: There are basically two things:

  1. Learning yourself a little bit of Python, and
  2. Understanding how SCons works differently from make, or any make file generators like CMake.

The latter takes some time and we’re constantly trying to improve our documentation about this.

SF: What has your project team done to help build and nurture your community?

SCons Team: One of the major steps was to migrate the code base away from SVN to a DVCS (Mercurial) to make source code contributions a lot easier. We also participated in the GSoC with several projects/students. Some members of the core team have given talks about SCons at various conferences. In general, we provide a lot of documentation about our workflows, branching strategies, documentation tool chain, and so on in our Wiki, so that interested users can find the information they need for a quick start. The most recent action item was to add SCons to the OpenHatch.org page and contribute a specialized tigris.org bugimporter as well.

SF: Have you all found that more frequent releases helps build up your community of users?

SCons Team: Definitely. It helps give users confidence that the project is under active development. But even more than frequent releases, our community has grown because of switching from SVN to Mercurial. We now have many more people submitting really good work than ever before.

SF: What was the first big thing that happened for your project?

SCons Team: Winning the Software Carpentry competition was a big early milestone that let us know there really was a need out there for a more flexible,
extensible build tool.

SF: What helped make that happen?

SCons Team: Steven Knight, the original author of SCons, worked tirelessly with the scientific computing community, which sponsored Software Carpentry. Without his efforts both as author and evangelist, SCons wouldn’t be where it is today.

SF: What was the net result for that event?

SCons Team: It’s been a long fifteen years, but SCons is now a mature project, with thousands of downloads per week, dozens of contributors, and significant use throughout the software world.

SF: What is the next big thing for SCons?

SCons Team: We have prepared some performance improvements (speedup/less memory) for the next two planned releases and will switch to a mixed Python 2/3 version after that. Also, we’re working on an improved way to specify tools and chains of tools.

SF: How long do you think that will take?

SCons Team: Probably six months to a year.

SF: Do you have the resources you need to make that happen?

SCons Team: Basically yes, but in an open-source project you can’t have too many contributors. Any helping hand is welcome!

SF: If you had it to do over again, what would you do differently for SCons?

SCons Team: It would have been good to switch from SVN to hg much earlier, and, perhaps, also ditch the awkward backward compatibility to Python 1.5.x earlier. It would also be a big benefit to make it easier for third party add-on tools to work with SCons, by decoupling the core logic (nodes, taskmaster, signature etc.) from the tools.

SF: Why?

SCons Team: Moving to a DVCS has really expanded our ability to attract contributors. Similarly, dropping support for ancient Python versions gives developers more tools to work with and makes it easier to contribute. And decoupling tools from the core would hopefully have the same effect.

SF: Any reason you can’t do that now?

SCons Team: Well, we did most of that. :)   Now, we have new challenges ahead of us.

SF: Is there anything else we should know?

SCons Team: We try to be an open, supportive, and helpful community. Check out our website, download SCons from Sourceforge, and sign up for our mailing list.

[ Download SCons ]

Categories: Open Source

Projects of the Week, December 1, 2014

SourceForge.net: Front page news - Mon, 12/01/2014 - 07:08

Here are the featured projects for the week, which appear on the front page of SourceForge.net:

Money Manager Ex

Money Manager Ex is an easy-to-use, money management application. It is a personal finance manager. It can be used to track your net worth, income vs expenses, etc., and it runs on Windows, Linux, and Mac OSX.

[ Download Money Manager Ex ]

PostInstallerF

PostInstallerF will install all the software that Fedora doesn’t include by default, after running Fedora for the first time. It’s easy for a new user. PostInstallerF contains everything that you need for your daily computing.

[ Download PostInstallerF ]

winPenPack: Portable Software Collection

winPenPack is a project that aims at collecting the most frequently used and most popular open source applications made portable, so that they can be executed on Windows without installation from any USB Flash Drive or Hard Disk. The winPenPack suites offer a wide range of portable applications like office tools, internet tools, multimedia tools, development tools, security applications and other frequently used utilities. Everything you need, completely free, open source and portable!

[ Download winPenPack: Portable Software Collection ]\

simutrans

Simutrans is a cross-platform simulation game where players try to successfully manage transportation systems between places by land, air, and water for passengers, mail, and goods. Planes, ships, trains, trams, trucks, buses, or monorails are at your disposal, but factories operate based on contracts and passengers can only travel to their set destinations.

[ Download simutrans ]

GnuCash

GnuCash is a personal and small-business finance manager with a check-book like register GUI to enter and track bank accounts, stocks, income, and expenses. GnuCash is designed to be simple and easy to use but still based on formal accounting principles.

[ Download GnuCash ]

Roundcube Webmail

Roundcube Webmail is a browser-based, multilingual IMAP client with an application-like user interface. Roundcube provides the full functionality you’d expect from an email client, including MIME support, address book, folder manipulation, message searching, and spell check. Roundcube is written in PHP and JavaScript.

[ Download Roundcube Webmail ]

gnuplot development

A famous scientific plotting package, features include 2D and 3D plotting, a huge number of output formats, interactive input or script-driven options, and a large set of scripted examples.

[ Download gnuplot development ]

MSYS2

MSYS2 is an updated, modern version of MSYS, both of which are Cygwin (POSIX compatibility layer) forks with the aim of better interoperability with native Windows software. MSYS2 facilitates using the bash shell, Autotools, revision control systems, and the like for building native Windows applications using MinGW-w64 toolchains. We wanted a package management system to provide easy installation of packages, and ported Arch Linux’s Pacman.

[ Download MSYS2 ]

Megacubo

Megacubo is a broadcast tuner application written in PHP and Winbinder. Megacubo has a catalog of links of TV streams, which are available for free on the web. At the moment it only runs on Windows (XP or later). Megacubo lets you watch hundreds of live TV channels for your computer without antenna or TV cards.

[ Download Megacubo ]

Categories: Open Source

December 2014, “Staff Pick” Project of the Month – FreeFileSync

SourceForge.net: Front page news - Mon, 12/01/2014 - 07:08

For our December “Staff Pick” Project of the Month, we selected FreeFileSync, software that helps you synchronize files and folders for Windows, Linux and Mac OS X. The FreeFileSync admin, Zenju, shared his thoughts about the project’s history, purpose, and direction.

SourceForge (SF): Tell me about the FreeFileSync project please.

Zenju: FreeFileSync is a graphical file synchronization and folder comparison tool. This means its main purpose is to speed up backup operations by examining the differences between source and target folders and then copy only what is needed rather than copying everything each time, similar to what a disk cloning/imaging tool does. Since synchronization is usually very fast and can be automated by creating batch jobs, it is easy to back up your important files to a second location – without using any cloud services. The second core feature is folder comparison. FreeFileSync lets you binary-compare entire folders to see exactly where differences are. This is similar to what a file diff tool does but at a folder level. And file diff tools can be integrated into FreeFileSync!

SF: What made you start this?

Zenju: When I started the project I was looking for a file synchronization tool because I was traveling back and forth between two locations and needed my multi-gigabyte data to sync on simultaneous PCs. Conceptually, my requirement was simple but I was unhappy with the tools I found. They were overly complex, often slow, and lacked good error handling. After seeing one “unknown error” message too many, I decided this problem should be solved beginning with “first principles”. So I set forth a number of goals that FreeFileSync should strive for.

  1. No needless user interface complexity: A good number of options are avoided by finding a different, smaller set that better suits the task at hand. Another big fraction are avoided by having the software make smart decisions itself whenever it can do so without risk. Having an academic background in mathematics, I like to think that good software design means finding the base vectors of the problem domain. If you have too few “vectors” (= program capability) your software won’t satisfy your user’s needs but if you have too many you’ll bloat the software with redundancy. Ideally, just like a good set of base vectors for a vector space, software features should be orthogonal, which means you have minimal dependencies while maximally expanding into the problem domain.
  2. Optimal performance. Having worked professionally, mainly in the area of software performance optimization, I decided if I found a faster file synchronization tool than FreeFileSync, I would take it as a challenge and make FreeFileSync equally fast. Since file synchronization is inherently I/O bound, optimal performance can be defined as the time needed to complete the minimum number of I/O operations for a task, while CPU time should be so short it is negligible.
  3. Good error handling. Every operation should be pedantically checked for errors and, when errors are detected, it should return the maximum amount of useful information to the user. Reliability is key for a file sync tool and, before FreeFileSync; I found popular tools lacked consistent error checking and an acceptable level of reasonable error messages. With FreeFileSync, when errors are not reported you can rest assured all went well.

SF: Has the original vision been achieved?

Zenju: Deciding which features to support is a tough battle. Not every feature that is essential for a single user justifies its exposure to the full FreeFileSync user base. On the other hand, making a number of small changes to the software without increasing the total complexity can support highly specific scenarios. Using the vector space metaphor, it’s like changing the direction of some base vectors. New requirements can be handled without the proverbial adding of another “check box”. Understanding the problem is the hard part and takes time and openness to user feedback. Years after its initial conception, I’m proud to say FreeFileSync has not compromised on its software design ideals. There is no legacy of historic features that could impede future software development.

For example, I have not yet seen faster synchronization software. The results of performance measurements for FreeFileSync show that except for the essential I/O the fraction of additional time consumed is low. Additionally, FreeFileSync tries to keep the machine busy by doing as much work in parallel as possible. For example all folders are scanned at the same time, so if your are scanning, say 10 slow hard disks in a single job, you only have to wait the time that it takes to scan one of them.

FreeFileSync’s error messages significantly reduce the overall support effort because they enable most users to help themselves. Error messages are structured into multiple levels, first providing a high-level overview on what went wrong, followed by more detailed context information, and are even going further down to operating system error codes for maximum detail. All of the information can be copy-pasted and is formatted in a way that gives good results when entered into a search engine. This takes a lot of pressure from FreeFileSync support forums on Sourceforge because users can more quickly find a solution to a specific problem.

SF: Who can benefit the most from your project?

Zenju: FreeFileSync is suited for everyone who wants to back up important files regularly. The idea is to set up a sync configuration once and use it from there on. This reduces the mental overhead required to do a backup to a single mouse button click (on a FreeFileSync batch file). If you want even more automation, you can schedule FreeFileSync to run in a task planner or synchronize a folder in real time on each detected change with RealtimeSync, an application bundled with FreeFileSync. Backup is needed when disaster strikes and when you need an earlier version of a particular file or document. In a non-technical sense, FreeFileSync helps you sleep better knowing that recent versions of your files are safe. I sure know it helped me. :)

FreeFileSync requires no special knowledge. Both the casual PC user and IT administrator will find their way with FreeFileSync. I firmly believe that expert users want nice and easy-to-use software too and that’s in not complicated with “easy” and “advanced” modes?

SF: Have you found that more frequent releases helps build up your community of users?

Zenju: FreeFileSync releases updates about once every month and has been doing so since its first release. From a software development perspective, this provides all the benefits that are expected from short release cycles nowadays. Bug fixes reach end users very quickly, solving problems before they may have a negative impact. This naturally increases the confidence that the program is stable and well maintained. Severe bugs are less likely to occur because changes between versions are not as pervasive as software created following traditional methodologies like waterfall or those that release each year. Frequent releases force you to rigidly streamline the development process, including packaging, testing, and localization. This takes considerable initial effort, but pays off if a severe bug is found. In FreeFileSync, it’s possible to ship an out-of-order bug-fix release on the same day, where users are notified by a built-in auto-updater. This is an essential property for software that needs to scale up for those who depend on its functionality. Considering all the years that FreeFileSync has been releasing regularly, this consistency has helped to build a community of users who are confident about the quality of the backup software they are using.

SF: What is the next big thing for FreeFileSync?

Zenju: The most-requested feature currently is synchronization with smart phones. This is top priority and will be in one of the future versions of FreeFileSync. However. I can’t make any promises as to when it will be available.

SF: What is the software development philosophy for FreeFileSync?

Zenju: FreeFileSync takes a drastic approach concerning software development. If something is not right, be it software design or source code, it is fixed, no matter how small or insignificant the problem seems. This seems like a lot of work for tiny problems but it pays off significantly when applied consistently. The complete code base, not only of FreeFileSync but all of my software projects, always matches the current level of my expertise. When I learn something new, I apply and update everything. As my understanding of both technical and human interface problems deepens, the number of things to fix decreases over time and my time investment shrinks. Strategically, this is an advantage because working on the FreeFileSync code base is always fun without this historic baggage.

The advantages of constant code refactoring are well known. For example, the C++11 standard had a profound impact on the code base. As soon as the common set of feature supported by compilers on Windows, OS X, and Linux allowed it, I migrated the FreeFileSync code gradually to using the most recent and improved ways of programming. For me, software development is taken literally and whenever there is something that should be done differently, I believe is never too late to do it now.

SF: Is there anything else we should know?

Zenju: I like to thank everyone who has contributed to this project! Thanks in particular to my group of dedicated translators who have supported me reliably over all the years. Also thanks to all the users reporting feature requests and bug reports that help to improve FreeFileSync even further. And thanks to Sourceforge for offering a great site for open source project management.

[ Download FreeFileSync ]

Categories: Open Source

Eclipse Newsletter - Looking Towards Mars

Eclipse News - Wed, 11/26/2014 - 18:09
Read the lastest Eclipse Newsletter and check out the new theme!
Categories: Open Source

Java ORM Plugin for Eclipse

Date Created: November 25, 2014 - 12:57Date Updated: February 13, 2015 - 17:46Submitted by: Karthikeyan Sadayamuthu

Java ORM Plugin for eclipse helps the user to create a Mybatis & Hibernate ORM framework in one click.
1) Mybatis ORM Framework
2) Hibernate ORM Framework

Company URL : http://oneclicklabs.org
Product URL : http://orm.karthy.me

Thank you for supporting free and open software development.











Categories: Open Source

Getting ready for Code-in: notes from BRL-CAD

Google Open Source Blog - Tue, 11/25/2014 - 18:00
The Google Code-in contest starts on December 1st for students. To prepare and inspire students, Christopher Sean Morrison, a dedicated mentor and organization administrator from BRL-CAD, talks a bit below about his experience with GCI over the last few years.
GCI-2014-b-square.jpg
BRL-CAD has participated in Google Code-in (GCI) for two years now, and it’s been amazing to see the frenzy of creativity and aptitude. Our community alone has had the pleasure of introducing more than a hundred students to the world of open source software. The students’ contributions get used all around the world even though many of these students had never heard of open source or computer-aided design (CAD) before they started on GCI. With GCI, they get to explore at their own pace, learn while they are completing real world tasks, and make genuinely useful contributions to open source projects.
ilkin_musaev_1.jpeg
One great outcome of GCI is that students work as a team, often unknowingly, to achieve a complicated objective that has been broken down into piecemeal tasks. One example involved creating a scene like you might see at the beginning of a movie or a game: a half-dozen students modeled individual letters, others organized them into a scene, and a final rendering was made.  Another involved several students that unknowingly made BRL-CAD run much faster on Windows: they implemented various routines independently of each other, created test cases to demonstrate that functions worked correctly, and documented their improvements while others worked to tie it all together. Both examples might have taken even an experienced contributor weeks or months by themselves. GCI students earn recognition for these accomplishments and their work gets used by others.

For our BRL-CAD community, these young eager individuals have tackled and completed more than four hundred tasks related to computer graphics, 3D modeling, design, science, and mathematics. Some of these tasks helped our open source community grow while challenging right-brain creativity: students have designed new t-shirts, created YouTube tutorials, written blog posts, and modeled our logo for marketing materials (including the one shown above). Other tasks improved BRL-CAD by employing left-brain analytical thinking: students wrote code to fix bugs, improved websites, wrote technical documentation, and calculated 3D volumes, surface areas, and centroids.
There’s really something for everybody and every skillset. We’re excited to see what GCI 2014 will bring!
By Christopher Sean Morrison, BRL-CAD Organization Administrator and Mentor
Categories: Open Source

Upgrade Your Website with Google Charts

DevX: Open Source Articles - Mon, 11/24/2014 - 13:08
Learn how to make the most of Google Charts and customize charts for your website.
Categories: Open Source

Projects of the Week, November 24, 2014

SourceForge.net: Front page news - Mon, 11/24/2014 - 07:08

Here are the featured projects for the week, which appear on the front page of SourceForge.net:

gnuplot development

A famous scientific plotting package, features include 2D and 3D plotting, a huge number of output formats, interactive input or script-driven options, and a large set of scripted examples.

[ Download gnuplot development ]

MSYS2

MSYS2 is an updated, modern version of MSYS, both of which are Cygwin (POSIX compatibility layer) forks with the aim of better interoperability with native Windows software. MSYS2 facilitates using the bash shell, Autotools, revision control systems, and the like for building native Windows applications using MinGW-w64 toolchains. We wanted a package management system to provide easy installation of packages, and ported Arch Linux’s Pacman.

[ Download MSYS2 ]

Megacubo

Megacubo is a broadcast tuner application written in PHP and Winbinder. Megacubo has a catalog of links of TV streams, which are available for free on the web. At the moment it only runs on Windows (XP or later). Megacubo lets you watch hundreds of live TV channels for your computer without antenna or TV cards.

[ Download Megacubo ]

ScummVM

ScummVM is a cross-platform interpreter for many point-and-click adventure games. This includes LucasArts SCUMM games (such as Monkey Island 1-3, Day of the Tentacle, Sam & Max, …), many of Sierra’s AGI and SCI games (such as King’s Quest 1-6, Space Quest 1-5, …), Discworld 1 and 2, Simon the Sorcerer 1 and 2, Beneath A Steel Sky, Lure of the Temptress, Broken Sword 1 and 2, Flight of the Amazon Queen, Gobliiins 1-3, The Legend of Kyrandia 1-3, many of Humongous Entertainment’s children’s SCUMM games (including Freddi Fish and Putt Putt games) and many more.

[ Download ScummVM ]

Skim

Skim is a PDF reader and note-taker for OS X. It is designed to help you read and annotate scientific papers in PDF, but is also great for viewing any PDF file. Skim requires Mac OS X 10.6 or higher.

[ Download Skim ]

gretl

gretl is a cross-platform software package for econometric analysis, written in the C programming language.

[ Download gretl ]

Shareaza

Shareaza is a very powerful multi-network peer-to-peer file-sharing client supporting Gnutella² G2, Gnutella, eDonkey2000 / eMule, DC++, HTTP, FTP and BitTorrent / DHT protocols for Windows or Wine.

[ Download Shareaza ]

FileBot

FileBot is the ultimate tool for renaming your movies, tv shows or anime and downloading subtitles. It’s smart, streamlined for simplicity and just works. FileBot supports Windows, Linux and Mac, plus there’s a full-featured command-line interface for all sorts of automation.

[ Download FileBot ]

Google Map Gps Cell Phone Tracker

Google Map Gps Cell Phone Tracker includes clients for IOS, Android, Windows Phone, and Java Me/J2ME cell phones. The project allows you to track cell phones periodically. For instance every minute or every five minutes. You can watch the cell phone being tracked in real time and you can store and reload routes easily. You have the choice of two server stacks. Either using asp.net and sql server or using php and mysql.

[ Download Google Map Gps Cell Phone Tracker ]

Categories: Open Source