Posts by rproffitt

While you are not looking for obfuscation, it's still possible to get at those values as noted in my last link using the tools and inspections they note.

I'm reminded of this old saying. "Any code devised by humans can be decoded by humans." So if you are looking for value security then you never place the final value in a single variable. Use as much security as you see fit for the task.

In parting I'm reminded again of where there was a secret value but the programmer passed it from a web service and they picked it off with a packet sniffer. This was one determined attacker so about all they could have done was to make it a few steps harder by adding some XOR or encryption to the value so it never lives in a variable. Also, Python and the security level you appear to want is something you'll have to work at. I also would take bet few consider this a bug.

I think a lot of what you are noting is indirectly covered at https://wiki.python.org/moin/Asking%20for%20Help/How%20do%20you%20protect%20Python%20source%20code%3F

You have to read nearly to the bottom where it writes about Pyarmor and:

• Encrypt code object by DES to protect constants and literal strings.
• Obfuscate byte code of each code object when code object completed execution.
• Clear f_locals of frame as soon as code object completed execution.

So backing up all the way to the top and running at this again, old Python does not secure your internal constants, literal strings and more. It's not what Python does so you have to think of ways such as that XOR use or other ways if you want to obfuscate secrets in Python or for that matter almost all other languages.

Out on a walk I recall something we did long ago to hide values that were at the time IN PLAIN SIGHT if you looked at the compiled code.

Let's say the secret number was coded like:

secret_number = 12345; // Hey that's my luggage combination too.

Since we had to distribute the compiled exe we would then do another operation on the variable so it wasn't so easy to pick off.

answer = value * (secret_number xor magic); // Not terrible secure but better.

Since Python is usually some plain text file, if the server was compromised then all secrets are laid bare but at least we have no real exposure of internal variables and constants from say Python scripts that run on the server and the client that is getting the output in their web browser.

Then again we could broach SQL injection which by now you know how to mitigate.

I'm going to stay on the topic of access of privates inside our app. You did expand your questions to what may be web security and more.

Since your code is in Python and that is not on the client but the web server then the client can't access most of the variables and classes in your Python code.

As to all the NEW issues you bring up in your reply, well, that needs its own discussion.

As a primer I refreshed my view on privates at https://en.wikipedia.org/wiki/Law_of_Demeter

As to insta. at some point during debugging and more you will need access to all things. I don't consider this to be a big deal.

I'll avoid supplying the answer since you must code it yourself or I'd be doing your homework.

I take it you want to decrement by 2. SO... THINK about.

--i means i-=1; return i

So to decrement by 2, change the 1 to 2.

Please supply exactly what is broken. Error messages along with what you expected to happen.

I get the feeling you expected this to help your SEO or rank but from what I know, this feature is not about that.

-> Write more. Tell the forum what you felt should happen.

A few steps. First check your DANIWEB settings about emails. Once that is done you automatically get email when you create a new discussion or reply to an existing discussion.

To get a notification without posting a reply, click the Watch Topic icon.

PS. Adding note. This only gives you notifications of new replies to a topic that is open. To monitor for new discussions, you have to craft such with ideas from Dani.

To me it should appear to hang on line 57. Why? "The accept method waits until a client starts up and requests a connection on the host" is right out of the documentation. This app will sit there, waiting.

After decades of software development I start where I can. Agile seems to toss out the old ways of writing your software design specifications and more. You iterate and move to your goal without the docs. I have yet to see this when money is involved. They want docs, presentations before code.

While you would need an attorney to weigh in I think https://github.com/PhilJay/MPAndroidChart/blob/master/LICENSE covers the licensed use very well as it looks to be the bog standard Apache 2.0 license.

Lines 123 to 128 are interesting as it may impact what you write in your own license agreement. Remember that I did not read all 201 lines but you should.

PS. As to your top question I could spend a day going over that question but given no one can code it all, you should use code and content so you can build your apps. Imagine trying to start over from say a single board computer, assembly language to OS to apps written all by you. While I applaud such efforts, at some point we have to move beyond "I wrote every line of code."

Which is why we use conversion functions like https://www.w3schools.com/python/ref_func_int.asp

Did you notice you are not comparing numbers? Read https://www.google.com/search?q=python+single+quote+use&gl=US

Thanks Grant. I entered in the root and toor username+password and it seems to work.

In your top post you wrote "some trouble" but here it worked so you'll have to detail how to break it.

So I took the next step and put your 67 lines of code into https://repl.it/languages/python3 and it didn't get past line 1.

As such I can't see what you are seeing and must wait for some valid code.

These are examples of the bad methods you used to see in school. There are many articles about passwords today so I can't guess if this will be exposed to the world or not.

What I want you to understand is this is OK for a prototype but never to be released or used as a learning tool about user and password systems. Just last week another breach in a Smarthome system where they didn't salt the user and password database.

The Orvibo incident went one step further when it comes to diluting the security value of MD5 hashing: the passwords and reset codes were hashed but not salted. By adding a unique value, or salt, to the end of every password before hashing you produce a different hash value. This additional security layer is vital if you want to protect against a brute force attack that tries every known alphanumeric combination until the password is revealed.

• https://www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/#4a549008411c written by Davey Winder (happygeek) here on Daniweb.

No code yet here but let's hope there is no password in the clear stored in your database. That was taught in classrooms for years (decades?) and has proven to be at the root of a lot of data leaks.

If one were to hold an open ended W10 discussion, it would never end. While you should ask questions, place each in its own discussion so they can be addressed. If you add a question in the middle or end, folk won't find it and you may never get an answer.

@cambalinho. Sorry but I don't see what Windows Defender has to do with your issues to this point. If you are trying to squeeze in a NEW QUESTION then you should start a NEW DISCUSSION.

@cambalinho.

Let's say you install a working driver but W10 replaces it. For this PC you need to disable W10's Automatic Driver Update system.

I do not write how as it's best you pick the article you like for that from https://www.google.com/search?q=disable+W10%27s+Automatic+Driver+Update+system&gl=US

I hope in the future you can make your discussion title match the post content.

Anyhow, what I'm encountering are folk that expected Microsoft to go get drivers for them. And get the settings right. Sorry, no. Microsoft has yet to perfect that aspect of Windows. "Driver Hell" is real. Microsoft has slightly improved since 1995 but barely.

For your laptop, try the laptop maker's web site for the drivers.

I have purchased refurbs on Amazon but they came with a product key sticker so I could complete the activation.

There were some refurbs that used a cracked W10 OS so when you reloaded you might trigger the issue you have now. W10 and all Windows have a license to deal with so in your case you would check your case for the sticker and use that key to activate.

All that said I occasionally run into folk that were ripped off by the refurd seller and even if so, you are not entitled to a free CDKEY.

If you were ripped off, then you talk to the seller.

PS. My project is to drive around, geocode a location, add my observations, and then have a map with my addresses and notes.

As a realtor what good is Lat+Long doing us here? All the realtor/realty sites use/display addresses. Maybe the Lat+Long is complicating the project.

I rarely see folk here code for the members. Only discuss, try to sort out an error and redesign. That said, it sounds almost like you want to duplicate Zillow or Redfin which should be a long endeavor as your programming skills improve.

My PS. Don't get stuck on just Google APIs. Use any solution. Such as https://www.google.com/search?q=street+address+to+lat+long&gl=US

Gloak commented: The current task is to store Lat Lng in the database.

That doesn't appear to be what the code at the top does at all. I'd start a new app for my phone that:

1. Shows me on a map. This alone should take you some time.
2. Shows a button with maybe "LOG MY CURRENT LOCATION".
3. That button's code would get the current Lat+Long and write it to a file or database.
4. Now work out how to get user comments into that record or file for this Lat+Long.

Break down the problem. Don't try to swallow it whole.

The top post omitted so much that it's best forgotten. No tags about the host computer but this looks like a prime use for a smart phone.

Lat and Long do not tell you the address but a point on a map. I've found folk new to this complain that the Lat+Long to address is "always wrong." They need time to think about how this works as they are not inside the address's boundery but usually on the street or sidewalk. Only the human that is doing this can make this decision.

But back to your top post and reply. To me you tossed out a lot of code and maybe, just maybe told what you wanted in your one line PS in the reply. All that code and it's just me saying this, distracts from what you want to do.

-> Don't take this badly, but leaving out comments about what a passage does means that when you wrote it, you and God knows what the intent was. Yes I can read code but I can't know the intent and God doesn't speak often on the matter.

My advice is to break down the problem to steps.

1. As I travel I want my phone to log a location with my notes.
2. Later I want to translate these locations to an address.
3. Then I want a map with ????

Each of those goals should be tackled on their own and broken down into discrete small steps that you can code up. As to you not being a programmer, now you are.

I can't decode what your code is doing. You wrote you want the Lat+Long yet on line 33 you tell it the lat and long.

To help me understand what your code is supposed to do, supply a few lines of psuedo code.

Thanks JamesCherrill.

My comment is to think defensively when coding as above. I think the code will fail with null strings so some check would be needed to avoid that in some cases.

That is, I've seen apps run for years and then one day blow up because a check was left out for the out of bounds condition.

Sorry but if the IDE is broken I'd research that. I'm sure there are tutorials about Eclipse and such so I'll share the old fashioned debug ways instead.

Time to debug your code. I don't see it but if this was mine then in Pig_Laten Translator Code just before line 9 I'd add

System.out.print(count); // just to be sure what this is.
System.out.print(word[count].length()) //could it be a null length?
System.out.print(word[count]); // to see what this is.

For me I look up that information for my DVDRW drive. As to software I found such to be unreliable at times so I check my hardware (the drive) capability by checking it's specifications (again, done by reading the spec sheet and not with software.)

I also use IMGBURN to make such media.

HOWEVER SINCE YOU MENTION Windows 10 ISO, why didn't you let the Microsoft Media Creation Kit create this disc? I run into folk that download the ISO and then they descend into hell over trying to make the bootable USB or DVD. Very odd since later they meet with me, I run up the media creation kit and it's done. And yes, they want me to fix their Nero or whatever which is something I never do. I like to make the media the easy way or with IMGBURN then move on. Some owners get fixated with Nero and get burned.

Now I'm spitballing here but I've seen the command shell FORGET environment variables when you launch by association. I'm sure there is a longer discussion on that somewhere but it is a Windows thing.

Now this is covered at https://docs.python.org/2/using/windows.html and I had to read it five times to get it. Try the assoc and ftype commands at https://docs.python.org/2/using/windows.html#executing-scripts but the way Windows revs up the python and pythonw.exe and how paths are determined is my take on why this is.

To me this sounds like Python environment and path issues. We chatted about some of this and you revealed the drive letter D so my bet is that Python environment variables are what's in play. I am a little under the gun on a non-Python issue so I won't get to duplicate this till a few days.

Off topic but why I can duplicate this is that one of my test laptops is now clean and ready to do this. But I'm supposed to have my nose to the grindstone and not here. So I'll cheat a little and comment but have to delay on duplicating this here for a few days.

My sample may not be your sample so may I have a copy of sample? (bad English there.)

https://pymsgbox.readthedocs.io/en/latest/quickstart.html seems to note a 2 line minimum to get this package working.

Hmm, this reminds me of our old friend DEFINE. I wonder if Python does that. Off to check that out. It won't obviate a need to change from getargs totally but here I go looking for that.

So yes, Python can def() something so it could shorten your getargs.getargs() down to just what you call your function in the def() code.

To me this is a different question than at top so my thought here is that Python is treating your getargs import as an object and what's inside are members or such so this seems to be exactly what should happen. Now us old foggies that like terse stuff may just have to name this getargs to something short if keystrokes are what we want to reduce.

So if the grep is the goal one could cheat and write:
from getargs import * # from include import getargs
But hey, that's cheating.

I like Python, I really do but I'm a newbie at it too. That out of the way, is PYTHONPATH the solution?

What about the other PYTHON Environment Variables?
Reference: https://docs.python.org/3/using/cmdline.html#environment-variables

Agreed about the SEO posts. I find most are are disingenuous to spam or shill jobs. So many that if anyone was sincere they may be lost to me if they lead with the usual "my ratings have dropped, this is my site, what am I doing wrong?" Or worse.

That aside there was a few OP-ED pieces by a new member which was nice to see.

Dani has compared her work to a newspaper. Maybe that's the next move for the homepage. News that we read or news that we find interesting. I'm not sure the social "connect with" is working out.

I only used Dev C++ briefly so I can't recall if it allowed you to specify which directory to run in but I will bet you can specify command line parameters. Not one IDE I used in decades didn't have that. The early ones didn't have a pause after execution but that was added later. So go looking around your IDE for the options you need here. It appears there's really nothing busted here as the code looked fine and Reverend Jim confirmed that.

https://www.seoinc.com/seo-blog/fastest-way-to-deindex-pages/ is working here but I'm in the USA using a Google DNS 8.8.8.8 so folk in China, North Korea and who knows where else may not be able to get there.

Thanks Dani.

Sites with spammy content will suffer so I think we're on the same track there.

If useruno1 wants to keep spammy pages that's up to them and let's hope that what's been covered here can clean it up.

My point here is robots.txt doesn't appear to be the answer. Looking around for more clarity I found this discussion in which Google's own webmaster John Mueller notes how to mass deindex.

"using a robots.txt won’t remove pages from Google’s index." was his point and again why I wrote no.

The full discussion is at https://www.seoinc.com/seo-blog/fastest-way-to-deindex-pages/ and IMO should be the fine answer on how to deindex where needed.

I'm going with no since robots do not have to honor this file.
Noted at http://www.robotstxt.org/faq/blockjustbad.html

On top of that your links don't show me the issue. In fact they seem more like forum spam to me. Tell me what I should be seeing at those links.

@Papa_Don

My step son is 30 and has his degree in Film. He worked in that industry then moved to finance and sees a bubble on its way. Now he's going for a degree in compsci or software. My advice was to go to the college and meet with his counselor to plan out the coursework.

That's where it may get a little interesting to you. The counselor set up a 2 year plan to get him a Masters degree. I don't remember what the name was exactly but it is CompSci or software in its title.

I don't know if that was of any interest to you but he did ask about coding bootcamps and while they may fit others, I worry that the primary benefits of those camps go to the ones that run the camps. That is, the camps seem to be expensive and the benefits hard to measure.

The camps were discussed and my advice was to meet with the counselor and see how long for a new degree in the area of interest. He understands that coding bootcamps carry little weight when job hunting but a degree does.

This sounds like a nonsense question. Can you expand on what you are looking for as the first is an effort to rank on Google and the second is revenue via clicks.

My advice is to go DSN-less to see what this connection requires. There are so many prior discussions about DSN connection failures that I can't guess which is the cause here. Maybe no password?

Since no code is shared I'll write you should attempt a DSN-less connection.
Noted at https://docs.microsoft.com/en-us/sql/ado/guide/appendixes/microsoft-ole-db-provider-for-odbc?view=sql-server-2017

But which line has the syntax error? VB has always shown the line in question which when you place code here you can speed things along by posting the code, preview your post and write which line along with the error text.

Also, lines 11 through 33, 52 to 59 along with 66 to 68 do nothing. Those were not needed here.

In line 5, can you share documention for the SEARCH keyword? https://www.w3schools.com/sql/ doesn't show this.

PS. A comment about "SELECT * FROM Admin"

A common lesson from many SQL books start off with SELECT which is a bad way to learn about the SELECT command. Unless you need all columns do not use . Call out the column or columns you need. Example readings from the web: https://www.google.com/search?q=SELECT+*+is+bad

As your database grows, you will see the performance hit.

About the lbAdmin_SelectedIndexChanged method. It looks incorrect from here. You have the index and should use that to get the name you are interested in. But your handler seems to read the entire database rather than a one line SQL command like SELECT * FROM Admin where Username = your indexed name from the list.

Before you do anything else, encrypt those passwords. Your code shows a classic blunder in name and password databases. The good news is there are discussions about that with this search: https://www.google.com/search?q=vb.net+one+way+password+encryption&gl=US

Because such passwords must not be stored in the clear you have to consider what this apps is for. If it's for you and storing your own passwords you could at least encrypt it in a database. If this is for a customer or client system then you never hold their passwords like this. You use the one way system so you can never show the user passwords.