Web2.0을활용한사이트 › 숫자3자리마다콤마(쉼표)넣기JavascriptRegexp › javadoc › MSWindowsTip › 삼성블루투스키보드트리오500Xubuntu에서페어링 › m2eclipse bug
- eclipse-keys . . . . 152 matches
"Run/Debug","Debug Ant Build","Shift+Alt+D Q","In Windows"
"Run/Debug","Java Breakpoint Properties","Alt+Enter","In Breakpoints View"
"Run/Debug","Run Eclipse Application","Shift+Alt+X E","In Windows"
"Run/Debug","Run JUnit Plug-in Test","Shift+Alt+X P","In Windows"
"Run/Debug","Debug JUnit Plug-in Test","Shift+Alt+D P","In Windows"
"Run/Debug","All Instances","Shift+Ctrl+N","In Windows"
"JavaScript Debug","Open Source","Shift+Ctrl+3","Debugging"
"Run/Debug","Debug OSGi Framework","Shift+Alt+D O","In Windows"
"Run/Debug","Run Java Applet","Shift+Alt+X A","In Windows"
"Run/Debug","Force Return","Shift+Alt+F","In Windows"
"Run/Debug","Run Ant Build","Shift+Alt+X Q","In Windows"
"Run/Debug","Use Step Filters","Shift+F5","In Windows"
"Run/Debug","Toggle Breakpoint","Shift+Ctrl+B","In Windows"
"Run/Debug","Close Rendering","Ctrl+W","In Memory View"
"Run/Debug","Step Over","F6","Debugging"
"Run/Debug","Step Into","F5","Debugging"
"Run/Debug","Toggle Memory Monitors Pane","Ctrl+T","In Memory View"
"Run/Debug","New Rendering","Ctrl+N","In Memory View"
"Run/Debug","Debug on Server","Shift+Alt+D R","In Windows"
"Run/Debug","Debug XSLT Transformation","Shift+Alt+D X","In Windows" - OurSoftwareDependencyProblem . . . . 27 matches
designing, writing, testing, debugging, and maintaining a specific unit of code.
These packages contain high-quality, debugged code that required significant expertise to develop.
A package, for this discussion, is code you download from the internet. Adding a package as a dependency outsources the work of developing that code—designing, writing, testing, debugging, and maintaining—to someone else on the internet, someone you often don’t know. By using that code, you are exposing your own program to all the failures and flaws in the dependency. Your program’s execution now literally depends on code downloaded from this stranger on the internet. Presented this way, it sounds incredibly unsafe. Why would anyone do this?
Decades ago, most developers already trusted others to write software they depended on, such as operating systems and compilers. That software was bought from known sources, often with some kind of support agreement. There was still a potential for bugs or outright mischief,3 but at least we knew who we were dealing with and usually had commercial or legal recourses available.
The context where a dependency will be used determines the cost of a bad outcome. At one end of the spectrum is a personal hobby project, where the cost of most bad outcomes is near zero: you’re just having fun, bugs have no real impact other than wasting some time, and even debugging them can be fun. So the risk probability almost doesn’t matter: it’s being multiplied by zero. At the other end of the spectrum is production software that must be maintained for years. Here, the cost of a bug in a dependency can be very high: servers may go down, sensitive data may be divulged, customers may be harmed, companies may fail. High failure costs make it much more important to estimate and then reduce any risk of a serious failure.
A basic inspection can give you a sense of how likely you are to run into problems trying to use this code. If the inspection reveals likely minor problems, you can take steps to prepare for or maybe avoid them. If the inspection reveals major problems, it may be best not to use the package: maybe you’ll find a more suitable one, or maybe you need to develop one yourself. Remember that open-source packages are published by their authors in the hope that they will be useful but with no guarantee of usability or support. In the middle of a production outage, you’ll be the one debugging it. As the original GNU General Public License warned, “The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction.”4
Is the code well-written? Read some of it. Does it look like the authors have been careful, conscientious, and consistent? Does it look like code you’d want to debug? You may need to.
Develop your own systematic ways to check code quality. For example, something as simple as compiling a C or C++ program with important compiler warnings enabled (for example, -Wall) can give you a sense of how seriously the developers work to avoid various undefined behaviors. Recent languages like Go, Rust, and Swift use an unsafe keyword to mark code that violates the type system; look to see how much unsafe code there is. More advanced semantic tools like Infer7 or SpotBugs8 are helpful too. Linters are less helpful: you should ignore rote suggestions about topics like brace style and focus instead on semantic problems.
Debugging
Find the package’s issue tracker. Are there many open bug reports? How long have they been open? Are there many fixed bugs? Have any bugs been fixed recently? If you see lots of open issues about what look like real bugs, especially if they have been open for a long time, that’s not a good sign. On the other hand, if the closed issues show that bugs are rarely found and promptly fixed, that’s great.
Look at the package’s commit history. How long has the code been actively maintained? Is it actively maintained now? Packages that have been actively maintained for an extended amount of time are more likely to continue to be maintained. How many people work on the package? Many packages are personal projects that developers create and share for fun in their spare time. Others are the result of thousands of hours of work by a group of paid developers. In general, the latter kind of package is more likely to have prompt bug fixes, steady improvements, and general upkeep.
Do many other packages depend on this code? Dependency managers can often provide statistics about usage, or you can use a web search to estimate how often others write about using the package. More users should at least mean more people for whom the code works well enough, along with faster detection of new bugs. Widespread usage is also a hedge against the question of continued maintenance: if a widely-used package loses its maintainer, an interested user is likely to step forward.
For example, libraries like PCRE or Boost or JUnit are incredibly widely used. That makes it more likely—although certainly not guaranteed—that bugs you might otherwise run into have already been fixed, because others ran into them first.
The inspection process should include running a package’s own tests. If the package passes the inspection and you decide to make your project depend on it, the next step should be to write new tests focused on the functionality needed by your application. These tests often start out as short standalone programs written to make sure you can understand the package’s API and that it does what you think it does. (If you can’t or it doesn’t, turn back now!) It is worth then taking the extra effort to turn those programs into automated tests that can be run against newer versions of the package. If you find a bug and have a potential fix, you’ll want to be able to rerun these project-specific tests easily, to make sure that the fix did not break anything else.
It may also be appropriate to isolate a dependency at run-time, to limit the possible damage caused by bugs in it. For example, Google Chrome allows users to add dependencies—extension code—to the browser. When Chrome launched in 2008, it introduced the critical feature (now standard in all browsers) of isolating each extension in a sandbox running in a separate operating-system process.15 An exploitable bug in an badly-written extension therefore did not automatically have access to the entire memory of the browser itself and could be stopped from making inappropriate system calls.16 For Code Search, until we dropped PCRE entirely, our plan was to isolate at least the PCRE parser in a similar sandbox. Today, another option would be a lightweight hypervisor-based sandbox like gVisor.17 Isolating dependencies reduces the associated risks of running that code.
If you only need a tiny fraction of a dependency, it may be simplest to make a copy of what you need (preserving appropriate copyright and other legal notices, of course). You are taking on responsibility for fixing bugs, maintenance, and so on, but you’re also completely isolated from the larger risks. The Go developer community has a proverb about this: “A little copying is better than a little dependency.”20
For a long time, the conventional wisdom about software was “if it ain’t broke, don’t fix it.” Upgrading carries a chance of introducing new bugs; without a corresponding reward—like a new feature you need—why take the risk? This analysis ignores two costs. The first is the cost of the eventual upgrade. In software, the difficulty of making code changes does not scale linearly: making ten small changes is less work and easier to get right than making one equivalent large change. The second is the cost of discovering already-fixed bugs the hard way. Especially in a security context, where known bugs are actively exploited, every day you wait is another day that attackers can break in.
Equifax’s experience drives home the point that although dependency managers know the versions they are using at build time, you need other arrangements to track that information through your production deployment process. For the Go language, we are experimenting with automatically including a version manifest in every binary, so that deployment processes can scan binaries for dependencies that need upgrading. Go also makes that information available at run-time, so that servers can consult databases of known bugs and self-report to monitoring software when they are in need of upgrades.
Upgrading is a natural time to revisit the decision to use a dependency that’s changing. It’s also important to periodically revisit any dependency that isn’t changing. Does it seem plausible that there are no security problems or other bugs to fix? Has the project been abandoned? Maybe it’s time to start planning to replace that dependency. - rewar.sh . . . . 6 matches
debug remove temp dir ${TMPDIR}.
debug temp dir is not removed.
debug mkdir ${TMPDIR}
function debug {
debug "tmpdir \(${TMPDIR}\) exist. building war..."
debug ${TMPDIR} NOT exists. - csv-decoding . . . . 4 matches
debug("EOL");
debug("COMMA");
debug("QT");
private void debug(String string) { - JavaListSystem.properties() . . . . 3 matches
java.vendor.url.bug=http://java.sun.com/cgi-bin/bugreport...
java.vendor.url.bug=http://www.hp.com/go/Java - Useful Software . . . . 3 matches
* [Fiddler] : web debugging proxy
* Wink : http://www.debugmode.com/wink/
* [Fiddler] : web debugging proxy - Fiddler . . . . 2 matches
Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and "fiddle" with incoming or outgoing data. Fiddler includes a powerful event-based scripting subsystem, and can be extended using any .NET language.
Fiddler is freeware and can debug traffic from virtually any application, including Internet Explorer, Mozilla Firefox, Opera, and thousands more. - PMD . . . . 2 matches
* Possible bugs - empty try/catch/finally/switch statements
* Duplicate code - copied/pasted code means copied/pasted bugs - slack-alt-tab-error . . . . 2 matches
https://bugs.launchpad.net/ubuntu/+source/xfwm4/+bug/1827302 - (번역)PleaseStopCallingDatabasesCPOrAP . . . . 1 match
That kind of fault absolutely does happen, but it’s not the only kind of thing that can go wrong: nodes can crash or be rebooted, you can run out of disk space, you can hit a bug in the software, etc. - JYbooksCdList . . . . 1 match
[The Grouchy Ladybug] - MoniWikiThemes . . . . 1 match
attachment:WikiIEbug.PNG - MoniWiki보안설정 . . . . 1 match
#$acl_debug=true; - UnixShellProgramming . . . . 1 match
= debug = - WikiNature . . . . 1 match
Writing on Wiki is like regular writing, except I get to write so much more than I write, and I get to think thoughts I never thought (like being on a really good Free Software project, where you wake up the next morning to find your bugs fixed and ideas improved). - mycli . . . . 1 match
["mycli bug"] - tusc . . . . 1 match
[hp-ux]용 [debugging] tool - 개발툴 . . . . 1 match
* [Fiddler] : web debugging proxy - 나는아마존에서미래를다녔다-박정준-201907 . . . . 1 match
대화기록방식 일처리 (cf. rubber duck debugging): - 미니노트북 . . . . 1 match
*[^http://cafe.naver.com/fpnbug.cafe] - naver p7120 cafe
