Web Dev Questions That Don't Need Their Own Thread v4 - Developers

[QUOTE=supersnail11;44892225]$20/hr, minimum.[/QUOTE] Thanks, I feel like I undervalue myself sometimes. It's not even working with the technologies I enjoy so I don't mind asking too much anyway

[QUOTE=Alternative Account;44895956] You will be responsible for keeping the funds of every user as secure as a bank would keep them. This is an incredibly demanding task, as plenty of things can go wrong: Your service's wallet can get compromised or your server can get manipulated in another way ([url=http://www.wired.com/2013/11/inputs/]which[/url] [url=http://www.slate.com/blogs/moneybox/2014/05/13/doge_vault_hack_millions_of_dogecoin_have_disappeared_from_the_online_wallet.html]happened[/url] [url=https://bitcointalk.org/index.php?topic=576337#post_toc_16]often enough[/url]), insecure means of authentication can lead to users easily getting scammed out of their money or "hacked", and cross-site scripting vulnerabilities can also lead to unrecoverable loss of customer funds. And those are just technical issues. You might also get in trouble with your country's law, for instance.[/QUOTE] I'm aware of all the things that could happen. My plan is to finish the project, and from there me and others will determine if it's secure enough to use. Don't worry about the security, I got that all planned. At least it's not going to end up as Mt.Gox (which I hope everyone by now knows didn't get hacked).

[QUOTE=BoXHocK;44897160]I'm aware of all the things that could happen. My plan is to finish the project, and from there me and others will determine if it's secure enough to use.[/QUOTE] If you don't make it open source, then audits of the source code may not be in depth enough to find enough high-risk issues. And if you make it open source, then a blackhat attacker might find a vulnerability in the open source code and use it against you instead of reporting it. Wallet services are attractive targets. [QUOTE=BoXHocK;44897160]Don't worry about the security, I got that all planned.[/quote] Everybody says that. On Wednesday this week, attackers copied a database from eBay containing user information such as encrypted passwords as well as personal information. And that's despite the fact that [url=http://pages.ebay.com/help/account/safety.html#privacy]they said they have lots of technical measures to protect your privacy[/url]. No system is completely bulletproof; therefore, it's best to design a service with that in mind. And in this case, I personally think that it's best not to offer it at all. [QUOTE=BoXHocK;44897160]At least it's not going to end up as Mt.Gox (which I hope everyone by now knows didn't get hacked).[/quote] Mt. Gox wasn't intended to be an online wallet service, though. I gave you links to reports and lists of hacked online wallet services. It probably won't go the way of Mt. Gox, but it might as well become the next inputs.io.

[QUOTE=Alternative Account;44897322]If you don't make it open source, then audits of the source code may not be in depth enough to find enough high-risk issues. And if you make it open source, then a blackhat attacker might find a vulnerability in the open source code and use it against you instead of reporting it. Wallet services are attractive targets. Everybody says that. On Wednesday this week, attackers copied a database from eBay containing user information such as encrypted passwords as well as personal information. And that's despite the fact that [url=http://pages.ebay.com/help/account/safety.html#privacy]they said they have lots of technical measures to protect your privacy[/url]. No system is completely bulletproof; therefore, it's best to design a service with that in mind. And in this case, I personally think that it's best not to offer it at all. Mt. Gox wasn't intended to be an online wallet service, though. I gave you links to reports and lists of hacked online wallet services. It probably won't go the way of Mt. Gox, but it might as well become the next inputs.io.[/QUOTE] I understand what you are saying, and I totally agree with you. The point of my e-wallet service is not to be a bank. It's not made for users to store all their funds. When talking crypto-currencies, only the individuals themselves can store their funds the safest way. What I'm trying to make is a service where people more easily can send and receive litecoins - [B]not store them as long as they want[/B]. Let's say; you're not home - or don't have the Bit/Litecoin QT, but you want to receive a payment. The only way you could receive that payment, at that moment, is to have a bit/litecoin address written down. That's where my e-wallet service comes handy. You simply generate or get an address from there, and you can send them to your own wallet later. Security is, and will always be a huge problem when it comes to safely storing this type of money. TL;DR: I will [B]not allow[/B] users to store their funds for a long period of time. (I'm sorry if I'm taking this discussion a bit far, I'm just trying to defend my project :p )

[QUOTE=BoXHocK;44897641]I understand what you are saying, and I totally agree with you. The point of my e-wallet service is not to be a bank. It's not made for users to store all their funds. When talking crypto-currencies, only the individuals themselves can store their funds the safest way. What I'm trying to make is a service where people more easily can send and receive litecoins - [B]not store them as long as they want[/B]. Let's say; you're not home - or don't have the Bit/Litecoin QT, but you want to receive a payment. The only way you could receive that payment, at that moment, is to have a bit/litecoin address written down. That's where my e-wallet service comes handy. You simply generate or get an address from there, and you can send them to your own wallet later. Security is, and will always be a huge problem when it comes to safely storing this type of money. TL;DR: I will [B]not allow[/B] users to store their funds for a long period of time. (I'm sorry if I'm taking this discussion a bit far, I'm just trying to defend my project :p )[/QUOTE] If you're popular, though, you can still have tons of Litecoins in your service at one time; and they could all be stolen in one attack.

[QUOTE=BoXHocK;44897641]I understand what you are saying, and I totally agree with you. The point of my e-wallet service is not to be a bank. It's not made for users to store all their funds. When talking crypto-currencies, only the individuals themselves can store their funds the safest way. What I'm trying to make is a service where people more easily can send and receive litecoins - [B]not store them as long as they want[/B]. Let's say; you're not home - or don't have the Bit/Litecoin QT, but you want to receive a payment. The only way you could receive that payment, at that moment, is to have a bit/litecoin address written down. That's where my e-wallet service comes handy. You simply generate or get an address from there, and you can send them to your own wallet later. Security is, and will always be a huge problem when it comes to safely storing this type of money. TL;DR: I will [B]not allow[/B] users to store their funds for a long period of time. (I'm sorry if I'm taking this discussion a bit far, I'm just trying to defend my project :p )[/QUOTE] You say that people would have to write their Litecoin address down when they are out of the house and want to accept payments, and then, you say your e-wallet service generates an address. Now... how does that help? Wouldn't it be simpler to just make a service that acts like an URL shortener does for regular URLs, or an app that displays QR codes of LTC addresses? And how are you going to disallow users to stash funds on your service? Will you confiscate their money after a certain period of time, or...? I don't mean to discourage you from working on your project and using it for yourself, but I'm worried about the fact that you want to make it a public service.

I don't want to keep spamming the thread with this. PM me if you want to talk about it. My main point was to get feedback on the layout, and how to make it look more clean.

[QUOTE=BoXHocK;44898099]I don't want to keep spamming the thread with this. PM me if you want to talk about it. My main point was to get feedback on the layout, and how to make it look more clean.[/QUOTE] We're on a forum, the point is to have discussions.

I'm trying to use a Google Spreadsheet as a data source for a web app I'm developing. For some reason, however, whenever I go to the URL which I read about [URL="http://acrl.ala.org/techconnect/?p=4001"]here[/URL], it says the file does not exist. I've published the spreadsheet to the web - and for the sake of troubleshooting, I'm using a test spreadsheet. Here is the URL to the spreadsheet: [url]https://docs.google.com/spreadsheets/d/17uLUt7hs11OvVUUFC7Btvpp6U1ZIb3pKai2QUJTAMHM/edit#gid=0[/url] And here is the URL which should return a full HTML table of the spreadsheet: [url]https://docs.google.com/spreadsheets/d/17uLUt7hs11OvVUUFC7Btvpp6U1ZIb3pKai2QUJTAMHM/tq?tqx=out:html&tq&gid=0[/url] Any idea of what I am doing wrong here? This is all completely new to me so I'm very confused at this point. [editline]25th May 2014[/editline] Alternatively, is there an entirely different and better way of going about this? I tried using Google's Spreadsheet API but it seems like it's only available in Java and .NET - both of which I have absolutely no experience in. [editline]25th May 2014[/editline] I have also tried this URL to request a JSON feed, but the same error happens: [url]https://spreadsheets.google.com/feeds/list/17uLUt7hs11OvVUUFC7Btvpp6U1ZIb3pKai2QUJTAMHM/0/public/basic/[/url]

did you publicly share it? pretty sure you have to [editline]24th May 2014[/editline] latest comment mentions changes that googles made, it might not work anymore.

[QUOTE=Shadaez;44901555]did you publicly share it? pretty sure you have to [editline]24th May 2014[/editline] latest comment mentions changes that googles made, it might not work anymore.[/QUOTE] I did publicly share it. Where are you seeing the comment that says it might not work? [editline]25th May 2014[/editline] This Google example was updated January 2014 - but I can't get it to work either: [url]https://developers.google.com/gdata/samples/spreadsheet_sample[/url]

[QUOTE=Poo Monst3r;44905042]I did publicly share it. Where are you seeing the comment that says it might not work? [editline]25th May 2014[/editline] This Google example was updated January 2014 - but I can't get it to work either: [url]https://developers.google.com/gdata/samples/spreadsheet_sample[/url][/QUOTE] [quote]I will look into the changes Google made recently and see if i can write a follow-up post in the near future. Thanks~[/quote] in comments of [url]http://acrl.ala.org/techconnect/?p=4001[/url] can anyone help me with d3? i feel really overwhelmed, trying to make a simple stacked bar graph. the examples don't really tell you much and just throw a bunch of code at you

[QUOTE=Shadaez;44911020]in comments of [url]http://acrl.ala.org/techconnect/?p=4001[/url] can anyone help me with d3? i feel really overwhelmed, trying to make a simple stacked bar graph. the examples don't really tell you much and just throw a bunch of code at you[/QUOTE] Damn. 2 days ago...

[QUOTE=Shadaez;44911020]can anyone help me with d3? i feel really overwhelmed, trying to make a simple stacked bar graph. the examples don't really tell you much and just throw a bunch of code at you[/QUOTE] I'm not surprised, really... I felt the same way when I started to fiddle around with it. D3 isn't as much of a graphing library as a different way to access and manipulate some kind of DOM, be it HTML or SVG. I suggest that you should get familiar with SVG first - it's not as difficult as you think it might be, and most D3-based graphs make use of it. Mozilla offers an [url=https://developer.mozilla.org/en-US/docs/Web/SVG/Tutorial]incomplete tutorial[/url] that covers the basics, and W3's [url=http://www.w3.org/Graphics/SVG/IG/resources/svgprimer.html]SVG primer[/url] is a quite useful reference. Once you've understood how to make a simple SVG document in the text editor of your choice, you might want to try some of the [url=https://github.com/mbostock/d3/wiki/Tutorials]tutorials[/url]. I followed the bar chart tutorial, it was pretty neat. The [url=https://github.com/mbostock/d3/wiki/Gallery]basic examples[/url] might also help you grok D3. I'm not quite sure why they aren't at the top.

can you guys try to cheat in this game for me [url]http://betashade.com/[/url] it's a remake of another abandoned game my friend is making. He wants to know if you can cheat the level system, or the login or anything like that, but please don't destroy the server if you totally break it, they are sort of new at this.

[img]http://puu.sh/930tZ.png[/img] does storing passwords through get count

[QUOTE=frozensoda;44920324]can you guys try to cheat in this game for me [url]http://betashade.com/[/url] it's a remake of another abandoned game my friend is making. He wants to know if you can cheat the level system, or the login or anything like that, but please don't destroy the server if you totally break it, they are sort of new at this.[/QUOTE] A few things: - If you use HTML tags in your username, you can't log in. - They store sessions as a GET variable instead of a cookie.

[QUOTE=PortalGod;44920384][img]http://puu.sh/930tZ.png[/img] does storing passwords through get count[/QUOTE] So that's like a really bad thing right? I'll let them know to fix it. [QUOTE=supersnail11;44920438]A few things: - If you use HTML tags in your username, you can't log in. - They store sessions as a GET variable instead of a cookie.[/QUOTE] I'll pass that on to the devs thanks.

password through get? yeah, that's pretty bad.

[QUOTE=Ac!dL3ak;44920673]password through get? yeah, that's pretty bad.[/QUOTE] Could you explain to me why? What exactly is at risk, can people cheat the game with that? oh but there's no risk of leak? Or can you call up the passwords for other users?

[QUOTE=frozensoda;44920746]Could you explain to me why? What exactly is at risk, can people cheat the game with that?[/QUOTE] You can see the password. But yea $_GET for login is probably the worst you can do

[QUOTE=frozensoda;44920746]Could you explain to me why? What exactly is at risk, can people cheat the game with that? oh but there's no risk of leak? Or can you call up the passwords for other users?[/QUOTE] If you look at browsing history you can also see the password. It's also pretty easy to log it

[QUOTE=frozensoda;44920746]Could you explain to me why? What exactly is at risk, can people cheat the game with that? oh but there's no risk of leak? Or can you call up the passwords for other users?[/QUOTE] What if you're registering on the site and somebody is stood next to you? You should never display a password on screen.

I'm trying to get [URL="https://github.com/zeroclipboard/zeroclipboard"]ZeroClipboard[/URL] to work for a userscript/extension for my fp link shortener atm but it just doesn't want to. I downloaded the latest version and just copied their "simple example". The flash movie loads and all that, but the callbacks aren't even getting called. [t]http://i.imgur.com/BYNLVdv.png[/t] Can someone imagine as to why it might not be working?

[CODE]<!DOCTYPE html> <html> <head> <title>Test</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href = "css/bootstrap.css" rel = "stylesheet"> </head> <body> <div id = "myCarousel" class = "carousel slide"> <ol class = "carousel-indicators"> <li data-target = "#myCarousel" data-slide-to = "0" class = "active"></li> <li data-target = "#myCarousel" data-slide-to = "1"></li> <li data-target = "#myCarousel" data-slide-to = "2"></li> </ol> <div class = "carousel-inner"> <div class = "item active"> <img src = "test.jpg" alt = "Test" class = "img-responsive"> </div> <div class = "item hey> <img src = "gmod.jpg" alt = "hey" class = "img-responsive"> </div> <div class = "item 2"> <img src = "lol.jpg" alt = "he1" class = "img-responsive"> </div> </div> <a class = "carousel control left" href = "myCarousel" data-slide = "prev"> <span class = "icon-prev"></span> </a> <a class = "carousel control right" href = "myCarousel" data-slide = "next"> <span class = "icon-next"></span> </a> </div> <script src = "http://ajax.googleapis/ajax/libs/jquery/1.11.0/jquery.min.js"></script> <script src = "js/bootstrap.js"></script> </body> </html>[/CODE]Why wont my circle buttons work?

[QUOTE=Icejjfish;44925129][CODE]<!DOCTYPE html> <html> <head> <title>Test</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <link href = "css/bootstrap.css" rel = "stylesheet"> </head> <body> <div id = "myCarousel" class = "carousel slide"> <ol class = "carousel-indicators"> <li data-target = "#myCarousel" data-slide-to = "0" class = "active"></li> <li data-target = "#myCarousel" data-slide-to = "1"></li> <li data-target = "#myCarousel" data-slide-to = "2"></li> </ol> <div class = "carousel-inner"> <div class = "item active"> <img src = "test.jpg" alt = "Test" class = "img-responsive"> </div> <div class = "item hey> <img src = "gmod.jpg" alt = "hey" class = "img-responsive"> </div> <div class = "item 2"> <img src = "lol.jpg" alt = "he1" class = "img-responsive"> </div> </div> <a class = "carousel control left" href = "myCarousel" data-slide = "prev"> <span class = "icon-prev"></span> </a> <a class = "carousel control right" href = "myCarousel" data-slide = "next"> <span class = "icon-next"></span> </a> </div> <script src = "http://ajax.googleapis/ajax/libs/jquery/1.11.0/jquery.min.js"></script> <script src = "js/bootstrap.js"></script> </body> </html>[/CODE]Why wont my circle buttons work?[/QUOTE] Well for a start I just pasted this into Sublime Text and the syntax highlighting showed the error straight away. div class item hey isn't surrounded in quotes properly,

Here's a quick question. How do you create a textbox that limits what you can select to itself? So for example, if you click inside the textbox then hit control + A, it only selects everything inside the textbox. I'm using HTML/CSS, you can see the source if you need.

[QUOTE=sloppy_joes;44926029]Here's a quick question. How do you create a textbox that limits what you can select to itself? So for example, if you click inside the textbox then hit control + A, it only selects everything inside the textbox. I'm using HTML/CSS, you can see the source if you need.[/QUOTE] Erm...... it's default functionality when you click inside a text box and hit ctrl+a it only selects what's inside the text box, are you on some sort of fucked up OS or drugs? Here is the most amazing jsfiddle in the history of fiddling, demonstrating this [url]http://jsfiddle.net/Ljhu5/[/url]

[QUOTE=djjkxbox360;44926097]Erm...... it's default functionality when you click inside a text box and hit ctrl+a it only selects what's inside the text box, are you on some sort of fucked up OS or drugs? Here is the most amazing jsfiddle in the history of fiddling, demonstrating this [URL]http://jsfiddle.net/Ljhu5/[/URL][/QUOTE] Oh maybe I'm not using the correct thing then, thanks. Oh I guess it's worth mentioning I want to write inside this textbox, using php. Basically, I was using a div before, now I'm using a real textbox, but I can't write inside.

[QUOTE=sloppy_joes;44926141]Oh maybe I'm not using the correct thing then, thanks. Oh I guess it's worth mentioning I want to write inside this textbox, using php. Basically, I was using a div before, now I'm using a real textbox, but I can't write inside.[/QUOTE] Textboxes' text is defined as their value. Therefore, to do what you want, you just need to add the atribute value with the text you want. [URL="http://jsfiddle.net/mbD3v/"]<input type="textbox" value="I am text." />[/URL]