DOCSLIB.ORG

JSP Syntax Reference

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

APPENDIX A JSP Syntax Reference THISAPPENDIX DESCRIBES the syntax for JavaServer Pages (JSP) 2.0. Dur intention is to provide you with a reference that's complete and useful but more compact than the specification. (The JSP 2.0 specification weighs in at 478 pages!) NOTE j5P specifica tions front version 2.0 011 are avai/able by visiting http://java .sun .com/products/jsp/. This appendix looks in turn at the following: • Various preliminary details: The notation we use, how you specify uniform resource locators (URLs) in JSP code, and the various types ofcommenting you can use. • The JSP directives: The page, taglib, and include directives. • JSP scripting elements: Declarations, scriptlets, and expressions. • JSP standard actions: The <jsp :useBean>, <jsp :setProperty>, <jsp :getProperty>, <jsp :include>, and <jsp :forward> actions. • Tag libraries: A briefreview ofthe syntax for using tag libraries. • Implicit objects: The implicit objects that are available within a JSP page such as request, response, session, and application. Appendix B covers these in more detail. • Attributes:Various predefined request and application attributes that you may find useful. 363 AppendixA Preliminaries Before getting stuck in the details, the following sections make a few miscelIa­ neous observations. Notation This appendix uses the following notation: • ltalics show what you'll have to specify. • Bold shows the default value of an attribute. Attributes with default values are optional ifyou're using the default; sometimes, where the default value is a little complicated, we use default to indicate that the default is described in the following text. • When an attribute has a set of possible values, those are delimited by I: import="package .dass, package . *, session="truelfalse" URL Specifications URLsspecified within JSP tags can be of two sorts: • Context-relative paths start with /; the base URLis provided by theWeb appli­ cation to which the JSPpage belongs. For example, in aWeb application hosted at http://localhost:8080/begjsp-appendixA/, the URL/pageurl. jsp would be equivalenttohttp://localhost:8080/begjsp-appendixA/pageurl.jsp. • Page-relative paths are relative to the JSP page in which they occur. Unlike context-relative paths, page-relative paths don't start with /; for instance, a page application hosted at http://localhost:808o/begjsp-appendixA/ morespecs/urlspec .jsp might give a page as subfolder/urlspec.jsp, which would be equivalent to http://localhost:808o/begjsp-appendixA/morespecs/ subfolder/urlspec.jsp. 364 JSPSyntax Reference Comments Two sorts of comments are allowed in JSP code: JSPand HTMLcomments: <!-- HTML comments remain in the final client page . They can contain JSP expressions, which will be processed by the JSP container. --> <%-- JSP comments are hidden from the final client page --%> Remember too that within scriptlets (inside <% %» , you can use standard Java comments: <% /* This Java comment starts with a slash asterisk, and continues until we come to a closing asterisk slash */ // Comments starting with a double slash continue to the end of the line %> Directives Directives are instructions to the JSP container regarding setting page properties, importing tag libraries, and including content within a JSP; because directives are instructions rather than in-out processes, they can't produce any output via the out stream. The page Directive The pagedirective specifies attributes for the page; all the attributes are optional, and the essential ones have default values, shown in bold: <%@ page language="java" extends="package .dass" import="package .dass, package .*, session="trueIfalse" buffer="noneldefaultlsizekb" autoFlush="true Ifalse" isThreadSafe="truelfalse" info="Sample JSP to show tags" 365 AppendixA isErrorPage="trueI false" errorPage="ErrorPage .jsp" contentType= "TYPEI TYPE; charset=CHARSETI text/html; charset=ISO-8859-1" pageEncoding="default" isELIgnored="trueI false" %> Bear the following in mind when using this directive: • The default buffer size is defined to be at least 8 kilobytes (KB) . • The errorPage attribute contains the relative URLfor the error page to which this page should go if there's an unhandled error on this page. • The specified error page file must declare isErrorPage="true" to have access to the Exception object. • The contentType attribute sets the MIMEtype and the character set for the response. The default value is "t ext / html" for standard JSP pages and "text/xml " when implementing JSP documents in Extensible Markup Language (XML) format. • The pageEncoding attribute defines the character encoding for the JSP page. The default is that specified in the contentType attribute or "150-8859-1" if none was specified there. This is an example of the code that may be used for an error page: <%@ page language="java" isErrorPage="true" %> <html> <body> <! -- This displays the fully-qualified name of the exception and its message--> <%= exception.toString() %> cbr» <!-- This displays the exception's descriptive message --> <%= exception .getMessage() %> </body> </html> The page will print the error message received . 366 JSPSyntax Reference This directive can also switch on support for scripting and EL in the JSP document, using the isELIgnored attribute, which sets Expression Language (EL) support. Settings in web. xml may influence the behavior of this attribute. For this attribute, a value of true enables support, and false disables it. The default value is true. The taglib Directive A tag library is a collection of tags used to extend a JSPcontainer functional model. The taglib directive defines a tag library namespace for the page, mapping the uniform resource indicator (UR!) of the tag library descriptor to a preflx that can be used to reference tags from the library on this page. <%@ taglib ( uri="tagLibraryURI" I tagdir="tagDir" ) prefix="tagPrefix" %> <tagPrefix :tagName attributeName="attributeValue" > JSP content <ltagPrefix:tagName> <tagPrefix :tagName attributeName="attributeValue" I> Youcan assume that the tag library descriptor (TLD) defines a tagName element. tagdir indicates this prefix is for identifying tag extensions installed in the IWEB-INF/tagsl directory or a subdirectory. Ifa TLD is present in the specified directory, it's used. Otherwise, an implicit tag library descriptor, generated by the container, is used.A translation error must occur if the value doesn't start with IWEB-INF/tags/. A translation error must occur ifthe value doesn't point to a directory that exists. A translation error must occur if used in conjunction with the uri attribute. The tag Directive Youcan use most JSPdirectives in simple tag handler code files. Note that the page directive itself isn't used; instead, you use the tag directive, which may only be used in tag files. Here's the syntax: 367 AppendixA tag_directive_attr_list ::= { display-name="display-name" } { body-content="scriptlessltagdependentlempty" } { dynamic-attributes="name" } { small-icon="small-icon" } { large-icon="large-icon" } { description="description" } { example="example" } { language="scriptingLanguage" } { import="imporUist" } { pageEncoding="peinfo" } { isELIgnored="truelfalse" } This is an example tag directive: <%@ tag name="msg" display-name= "Message" body-content="scriptless" dynamic-attributes="user" small-icon="/WEB-INF/small-icon.jpg" large-icon="/WEB-INF/large-icon .jpg" description="Simple usage of a tag directive" %> The include Directive There are two include tags: the include directive and the j sp: include action. The include directive includes a static file at translation time, adding any JSP in that file to this page for run-time processing: <%@ include file="header .html" %> See also the jsp:include action. The attribute Directive The attribute directive is analogous to the cattr.ibutes element in the TLDand allows you to declare custom action attributes. This is the syntax: 368 JSPSyntax Reference <%@ attribute attribute_directive_attr_list %> attribute-directive--attr list ..- name= "attribute-name" { required="true Ifalse" } { fragment="truelfalse" } { rtexprvalue="truelfalse" } { type="type" } { description="description" } The variable Directive The variable directive is analogous to the <variable> element in the TLD and allows you to define a variable exposed by the tag handler. This is the syntax: <%@ variable variable_directive_attr_list %> variable- directive--attr list :: = ( name -given="output-name" I ( name-from-attribute="attr-name" alias="local-name"» { variable-class="output -type" } { declare="truelfalse" } { scope= "AT_BEGINIAT_ENDINESTED"} { description="description" } Scripting Elements Youuse scripting elements to include snippets of Java code within a JSP:to declare variables and methods, to execute arbitrary Java code, and to display the result of Java expressions. Declarations The following syntax allows you to declare variables and methods for the page. These are placed in the generated servlet outside the _jspService() method; in other words, variables declared here will be instance variables of the servlet. Declarations don't produce any output. This is an example of declaring a variable: <%1 String message; %> 369 AppendixA The following code declares a variable and initializes it: <% 1 String message = "variable declarared"; %> You can define a method for use on the global page like so: <% 1 public String showMessage() { return message; } %> Declaration tags are mainly used in conjunction with scriptlets. Scriptlets Scriptlets enclose Java code (on
Recommended publications
  • User Manual HOFA CD-Burn.DDP.Master (App) HOFA CD-Burn.DDP.Master PRO (App) V2.5.4 Content Introduction

    User Manual HOFA CD-Burn.DDP.Master (App) HOFA CD-Burn.DDP.Master PRO (App) V2.5.4 Content Introduction

    User Manual HOFA CD-Burn.DDP.Master (App) HOFA CD-Burn.DDP.Master PRO (App) V2.5.4 Content Introduction .......................................................................................... 4 Quick Start ............................................................................................ 4 Installation ............................................................................................ 5 Activation ........................................................................................... 5 Evaluation version ............................................................................... 5 Project window ....................................................................................... 6 Audio file import and formats ................................................................... 7 The Audio Editor ..................................................................................... 8 Audio Editor Tracks .............................................................................. 8 Audio Editor Mode ............................................................................... 9 Mode: Insert ................................................................................... 9 Mode: Slide ..................................................................................... 9 Audio Clips ....................................................................................... 10 Zoom ........................................................................................... 11 Using Plugins ...................................................................................
  • Hibernate ORM Query Simplication Using Hibernate

    Hibernate ORM Query Simplication Using Hibernate

    2016 3rd National Foundation for Science and Technology Development Conference on Information and Computer Science Hibernate ORM Query Simplication Using Hibernate Criteria Extension (HCE) Kisman Sani M. Isa Master of Information Technology Master in Computer Science Bina Nusantara University Bina Nusantara University Jl. Kebon Jeruk Raya No. 27, Jakarta Barat, DKI Jl. Kebon Jeruk Raya No. 27, Jakarta Barat, DKI Jakarta, Indonesia 11530 Jakarta, Indonesia 11530 [email protected] [email protected] Abstract— Software development time is a critical issue interfaced by a query. The software engineer will make in software development process, hibernate has been the query specified to database used. Each database widely used to increase development speed. It is used in vendor has their Structured Query Language (SQL). As database manipulation layer. This research develops a the development of software technology and most of library to simplify hibernate criteria. The library that is programming languages are object oriented, some called as Hibernate Criteria Extension (HCE) provides API functions to simplify code and easily to be used. Query engineer or software institutions try to simplify the associations can be defined by using dot. The library will query process. They try to bind object in application to automatically detect the join association(s) based on database. This approach is called as Object Relational mapping in entity class. It can also be used in restriction Mapping (ORM). ORM is a translation mechanism from and order. HCE is a hibernate wrapper library. The object to relational data, vice versa. ORM has “dialect” configuration is based on hibernate configuration.
  • 2019 Stateof the Software Supply Chain

    2019 Stateof the Software Supply Chain

    2019 State of the Software Supply Chain The 5th annual report on global open source software development presented by in partnership with supported by Table of Contents Introduction................................................................................. 3 CHAPTER 4: Exemplary Dev Teams .................................26 4.1 The Enterprise Continues to Accelerate ...........................27 Infographic .................................................................................. 4 4.2 Analysis of 12,000 Large Enterprises ................................27 CHAPTER 1: Global Supply of Open Source .................5 4.3 Component Releases Make Up 85% of a Modern Application......................................... 28 1.1 Supply of Open Source is Massive ...........................................6 4.4 Characteristics of Exemplary 1.2 Supply of Open Source is Expanding Rapidly ..................7 Development Teams ................................................................... 29 1.3 Suppliers, Components and Releases ..................................7 4.5 Rewards for Exemplary Development Teams ..............34 CHAPTER 2: Global Demand for Open Source ..........8 CHAPTER 5: The Changing Landscape .......................35 2.1 Accelerating Demand for 5.1 Deming Emphasizes Building Quality In ...........................36 Open Source Libraries .....................................................................9 5.2 Tracing Vulnerable Component Release 2.2 Automated Pipelines and Downloads Across Software Supply Chains
  • Aug2021 CBCS Bsc Computerscience

    Aug2021 CBCS Bsc Computerscience

    Choice Based Credit System 140 Credits for 3-Year UG Honours MAKAUT Framework w.e.f. Academic Year: 2021 – 2022 MODEL CURRICULUM for B. Sc.- Computer Science (Hons.) CBCS – MAKAUT UG Degree: B. Sc. - Computer Science (Hons) 140 Credit Subject Semester Semester Semester Semester II Semester V Semester VI Type I III IV CC C1, C2 C3, C4 C5, C6,C7 C8,C9,C10 C11,C12 C13,C14 DSE DSE1, DSE2 DSE3, DSE4 GE GE1 GE2 GE3 GE4 Capstone Project Evaluation AECC AECC 1 AECC 2 SEC SEC 1 SEC 2 4 (20) 4 (20) 5 (26) 5(26) 4 (24) 4 (24) Teaching-Learning-Assessment as per Bloom’s Taxonomy fitment Levels L1: L2: L3: L4: L5: L6: REMEMBER UNDERSTAND APPLY ANALYZE EVALUATE CREATE Courses – T&L and Assessment Levels SEM 1 SEM 2 SEM 3 SEM 4 SEM 5 SEM 6 MOOCs BEGINNER BASIC INTERMEDIA TE ADVANCED CC: Core Course AECC: Ability Enhancement Compulsory Courses GE: Generic Elective Course DSE: Discipline Specific Elective Course SEC: Skill Enhancement Course B. Sc. - Computer Science (Hons.) Curriculum Structure 1st Semester Credit Course Credit Mode of Delivery Subject Type Course Name DistriBution Proposed Code Points MOOCs L P T Offline Online Blended Programming CC1-T CS 101 Fundamental – 4 4 yes using C Language Programming using CC1-P CS 191 2 2 yes CC C CC2-T CS 102 Digital Electronics 4 4 yes Digital Electronics CC2-P CS 192 2 2 yes Lab Any one from GE1 6 yes GE Basket – 1 to 5 AEC Soft Skills (English AECC 1 CS(HU-101) 2 2 yes C Communication) Semester Credits 20 nd 2 Semester Credit Course Credit Mode of Delivery Subject Type Course Name DistriBution Proposed Code Points MOOCs L P T Offline Online Blended CC3-T CS 201 Data Structures 4 4 yes CC Data Structures CC3-P CS 291 2 2 yes Lab Computer CC4-T CS 202 Organization 4 4 yes Computer CC4-P CS 292 2 2 yes Organization Lab.
  • The Kid3 Handbook

    The Kid3 Handbook

    The Kid3 Handbook Software development: Urs Fleisch The Kid3 Handbook 2 Contents 1 Introduction 11 2 Using Kid3 12 2.1 Kid3 features . 12 2.2 Example Usage . 12 3 Command Reference 14 3.1 The GUI Elements . 14 3.1.1 File List . 14 3.1.2 Edit Playlist . 15 3.1.3 Folder List . 15 3.1.4 File . 16 3.1.5 Tag 1 . 17 3.1.6 Tag 2 . 18 3.1.7 Tag 3 . 18 3.1.8 Frame List . 18 3.1.9 Synchronized Lyrics and Event Timing Codes . 21 3.2 The File Menu . 22 3.3 The Edit Menu . 28 3.4 The Tools Menu . 29 3.5 The Settings Menu . 32 3.6 The Help Menu . 37 4 kid3-cli 38 4.1 Commands . 38 4.1.1 Help . 38 4.1.2 Timeout . 38 4.1.3 Quit application . 38 4.1.4 Change folder . 38 4.1.5 Print the filename of the current folder . 39 4.1.6 Folder list . 39 4.1.7 Save the changed files . 39 4.1.8 Select file . 39 4.1.9 Select tag . 40 The Kid3 Handbook 4.1.10 Get tag frame . 40 4.1.11 Set tag frame . 40 4.1.12 Revert . 41 4.1.13 Import from file . 41 4.1.14 Automatic import . 41 4.1.15 Download album cover artwork . 42 4.1.16 Export to file . 42 4.1.17 Create playlist . 42 4.1.18 Apply filename format . 42 4.1.19 Apply tag format .
  • JSP with Javax.Script Languages

    JSP with Javax.Script Languages

    Seminar paper BSF4ooRexx: JSP with javax.script Languages Author: Nora Lengyel Matriculation no: 1552636 Class Title: Projektseminar aus Wirtschaftsinformatik (Schiseminar) Instructor: ao.Univ.Prof. Mag. Dr. Rony G. Flatscher Term: Winter Term 2019/2020 Vienna University of Economics and Business Content 1. Introduction ..................................................................................................................................... 3 2. Tomcat .............................................................................................................................................. 4 2.1 Introduction to Tomcat ............................................................................................................... 4 2.2 The Installation of Tomcat ........................................................................................................ 5 2.2.1 Environment Variables ....................................................................................................... 7 2.2.2 Tomcat Web Application Manager ................................................................................... 9 3. Cookie ............................................................................................................................................. 11 3.1 Introduction to Cookies ........................................................................................................... 11 3.2 Functioning of a Cookie .........................................................................................................
  • Installation Manual

    Installation Manual

    CX-20 Installation manual ENABLING BRIGHT OUTCOMES Barco NV Beneluxpark 21, 8500 Kortrijk, Belgium www.barco.com/en/support www.barco.com Registered office: Barco NV President Kennedypark 35, 8500 Kortrijk, Belgium www.barco.com/en/support www.barco.com Copyright © All rights reserved. No part of this document may be copied, reproduced or translated. It shall not otherwise be recorded, transmitted or stored in a retrieval system without the prior written consent of Barco. Trademarks Brand and product names mentioned in this manual may be trademarks, registered trademarks or copyrights of their respective holders. All brand and product names mentioned in this manual serve as comments or examples and are not to be understood as advertising for the products or their manufacturers. Trademarks USB Type-CTM and USB-CTM are trademarks of USB Implementers Forum. HDMI Trademark Notice The terms HDMI, HDMI High Definition Multimedia Interface, and the HDMI Logo are trademarks or registered trademarks of HDMI Licensing Administrator, Inc. Product Security Incident Response As a global technology leader, Barco is committed to deliver secure solutions and services to our customers, while protecting Barco’s intellectual property. When product security concerns are received, the product security incident response process will be triggered immediately. To address specific security concerns or to report security issues with Barco products, please inform us via contact details mentioned on https://www.barco.com/psirt. To protect our customers, Barco does not publically disclose or confirm security vulnerabilities until Barco has conducted an analysis of the product and issued fixes and/or mitigations. Patent protection Please refer to www.barco.com/about-barco/legal/patents Guarantee and Compensation Barco provides a guarantee relating to perfect manufacturing as part of the legally stipulated terms of guarantee.
  • Important Notice Regarding Software

    Important Notice Regarding Software

    Important Notice Regarding Software The software package installed in this product includes software licensed to Onkyo & Pioneer Corporation (hereinafter, called “O&P Corporation”) directly or indirectly by third party developers. Please be sure to read this notice regarding such software. Notice Regarding GNU GPL/LGPL-applicable Software This product includes the following software that is covered by GNU General Public License (hereinafter, called "GPL") or by GNU Lesser General Public License (hereinafter, called "LGPL"). O&P Corporation notifies you that, according to the attached GPL/LGPL, you have right to obtain, modify, and redistribute software source code for the listed software. ソフトウェアに関する重要なお知らせ 本製品に搭載されるソフトウェアには、オンキヨー & パイオニア株式会社(以下「弊社」とします)が 第三者より直接的に又は間接的に使用の許諾を受けたソフトウェアが含まれております。これらのソフト ウェアに関する本お知らせを必ずご一読くださいますようお願い申し上げます。 GNU GPL / LGPL 適用ソフトウェアに関するお知らせ 本製品には、以下の GNU General Public License(以下「GPL」とします)または GNU Lesser General Public License(以下「LGPL」とします)の適用を受けるソフトウェアが含まれております。 お客様は添付の GPL/LGPL に従いこれらのソフトウェアソースコードの入手、改変、再配布の権利があ ることをお知らせいたします。 Package List パッケージリスト alsa-conf-base glibc-gconv alsa-conf glibc-gconv-utf-16 alsa-lib glib-networking alsa-utils-alsactl gstreamer1.0-libav alsa-utils-alsamixer gstreamer1.0-plugins-bad-aiff alsa-utils-amixer gstreamer1.0-plugins-bad-bluez alsa-utils-aplay gstreamer1.0-plugins-bad-faac avahi-autoipd gstreamer1.0-plugins-bad-mms base-files gstreamer1.0-plugins-bad-mpegtsdemux base-passwd gstreamer1.0-plugins-bad-mpg123 bluez5 gstreamer1.0-plugins-bad-opus busybox gstreamer1.0-plugins-bad-rawparse
  • Anembeddedquerylanguage in Scala

    Anembeddedquerylanguage in Scala

    Master Thesis An Embedded Query Language in Scala Amir Shaikhha Professor Martin Odersky Supervisors Vojin Jovanovic, Eugene Burmako Expert Stefan Zeiger, Typesafe Semester Spring 2013 An Embedded Query Language in Scala, p. 1 Abstract In this thesis we address the problem of integrating general purpose programming languages with relational databases. An approach to solving this problem is using raw strings to represent SQL statements. This approach leads to run-time errors and security vulnerabilities like SQL injection. The second approach is integrating the query in a host language. The most well-known example of the second approach is LINQ. This approach provides static checking of types and syntax during compilation. This thesis presents an embedded query language in Scala, namely Shadow Embedding in Slick. Shadow Embedding provides even stronger compile-time guarantees than LINQ and similar sys- tems in Scala. The experimental results show that the performance of our approach is very similar to the case of using raw Strings, thanks to static code analysis and clever code caching. An Embedded Query Language in Scala, p. 2 Acknowledgement First, I would like to thank Prof. Martin Odersky for giving me the opportunity to do my master thesis in Typesafe and LAMP. Vojin Jovanovic helped me tremendously during the whole period of my thesis. Thank you to Stefan Zeiger for believing in me and providing me with the opportunity to work on the Slick project. I would like to thank Eugene Burmako for all his support, Christopher Vogt for the great discussions, and everybody at Typesafe and the LAMP team. I can never thank my parents enough for believing in me and supporting me through all periods of my life.
  • Curriculum Vitae: Tom Eugelink

    Curriculum Vitae: Tom Eugelink

    Curriculum Vitae: Tom Eugelink Personalia Woonplaats Aalten Geboortedatum 25 juni 1970 Functie Senior software engineer / solution architect Email [email protected] Telefoon +31-647938592 Blog http://tbeernot.wordpress.com Hobbies Basketbal, Stijldansen, Sportschool, Gaming Talen Nederlands vloeiend (moedertaal), Engels en Duits vloeiend Opleiding Opleidingen VWO (CSA Aalten, 1989) Hogere Informatica (HIO Enschede, 1993, cum laude) Cursus hoger management TOGAF & archimate certified architect Boeken Patterns, Principles and Practices of DDD, Functional and Reactive Domain Modeling, Implementing Domain Driven Design, Building modular cloud apps with OSGi, Risk Driven Software Architecture, Effective Unit Testing, Spring 3 in Practice, Gradle in Action, UML distilled, The Cucumber for Java book Werkverleden Mei 1994 – Aug 2002 OVSoftware (developer) Sept 2002 – Oct 2005 Knowledgeplaza B.V. (senior software engineer) Nov 2005 – heden SoftWorks B.V. (senior software engineer / architect) Over Mijn eerste computerprogramma schreef ik in 1983 op een NewBrain, een veredelde broodtrommel met zo’n lang nagloeiend groen scherm. Maar die eerste keer was een bijna magische ervaring. Computers waren toen nog zeldzaam, maar op dat moment werd duidelijk wat ik later zou worden en dat maakte veel keuzes makkelijker. Behalve die tussen HBO en universiteit, in 1989 was de IT anders dan nu; de universiteit was vooral bezig met de wetenschappelijke en wiskundige kant, maar ik wilde juist software maken die mensen ondersteunde in hun dagelijkse leven. En daar sloot het HBO beter bij aan. Die insteek is tegenwoordig belangrijker dan ooit; software is nu overal, maar wordt nog steeds gemaakt voor mensen, maar vooral ook door mensen. En met alle technische keuzes en mogelijkheden die je als ontwikkelaar of architect hebt, is ‘the human factor’ vaak veel bepalender.
  • Master Thesis Innovation Dynamics in Open Source Software

    Master Thesis Innovation Dynamics in Open Source Software

    Master thesis Innovation dynamics in open source software Author: Name: Remco Bloemen Student number: 0109150 Email: [email protected] Telephone: +316 11 88 66 71 Supervisors and advisors: Name: prof. dr. Stefan Kuhlmann Email: [email protected] Telephone: +31 53 489 3353 Office: Ravelijn RA 4410 (STEPS) Name: dr. Chintan Amrit Email: [email protected] Telephone: +31 53 489 4064 Office: Ravelijn RA 3410 (IEBIS) Name: dr. Gonzalo Ord´o~nez{Matamoros Email: [email protected] Telephone: +31 53 489 3348 Office: Ravelijn RA 4333 (STEPS) 1 Abstract Open source software development is a major driver of software innovation, yet it has thus far received little attention from innovation research. One of the reasons is that conventional methods such as survey based studies or patent co-citation analysis do not work in the open source communities. In this thesis it will be shown that open source development is very accessible to study, due to its open nature, but it requires special tools. In particular, this thesis introduces the method of dependency graph analysis to study open source software devel- opment on the grandest scale. A proof of concept application of this method is done and has delivered many significant and interesting results. Contents 1 Open source software 6 1.1 The open source licenses . 8 1.2 Commercial involvement in open source . 9 1.3 Opens source development . 10 1.4 The intellectual property debates . 12 1.4.1 The software patent debate . 13 1.4.2 The open source blind spot . 15 1.5 Litterature search on network analysis in software development .
  • Is the Linux Desktop Less Secure Than Windows 10? Or How Super Mario Music Can Own Your System

    Is the Linux Desktop Less Secure Than Windows 10? Or How Super Mario Music Can Own Your System

    IS THE LINUX DESKTOP LESS SECURE THAN WINDOWS 10? OR HOW SUPER MARIO MUSIC CAN OWN YOUR SYSTEM. Hanno Böck https://hboeck.de 1 This was too easy . It should not be possible to find a serious memory corruption vulnerability in the default Linux desktop attack surface with just a few minutes of looking. Although it’ s hard to say it, this is not the kind of situation that occurs with a latest Windows 10 default install. Is it possible that Linux desktop security has rotted? (Chris Evans) 2 NINTENDO SOUND FILES (1) Exploit against Gstreamer in Ubuntu 12.04 (LTS). Thumbnail parser. 3 NINTENDO SOUND FILES (2) NSF players are mini-emulators - the attacker can execute code in an emulator. Easier to bypass modern exploit mitigation techniques. 4 FIX The fix is to delete the affected NSF gstreamer plugin. No problem: Ubuntu shipped two different NSF player plugins. 5 FLIC EXPLOIT 6 AUTOMATIC DOWNLOADS Some browsers automatically download files to ~/Downloads. Any webpage can create files on your filesystem. (Chrome/Chromium, Epiphany, ... - not Linux specific) 7 TRACKER GNOME Desktop search tool automatically indexes all new files in a user's home - including ~/Downloads. 8 REACTION FROM TRACKER DEVELOPER Furthermore, the GStreamer guys were extremely fast in fixing it. You could claim that other libraries used for metadata extraction are just as insecure, but that'd really be bugs in these libraries to fix. (Carlos Garnacho) 9 TRACKER PARSERS (1) Gstreamer, ffmpeg, flac, totem-pl-parser, tiff, libvorbis, taglib, libpng, libexif, giflib, libjpeg-turbo, libosinfo, poppler, libxml2, exempi, libgxps, ghostscript, libitpcdata 10 TRACKER PARSERS (2) If you can exploit any of them you can exploit many Linux desktop users from the web without user interaction.