I would like to ask about a recent black dot of death that is causing crash issues on messaging apps on Android and iOS devices.
More information on this issue can be found in this video:
https://www.youtube.com/watch?v=0fepqIO57f8
I would like to know if this issue can cause a potential risk to businesses everywhere if it is inserted to database without the correct validation check? And how do we perform validation check on this because there is a lot of hidden text that is not able to be detected by normal validation I think, such as doing string validation for a text box. It might crash database if the input went through and even making a query will take forever to load because of this issue.
well, i dont think you have to worry too much about that black dot, it isnt a virus as far as im aware of in my research about it, this is how it works:
The secret to the message is not actually the black dot, but rather the blank space that comes right after it. When the WhatsApp prank message is converted to HTML, it contains repetitive instances of the "&rlm:" character, which is code for right-to-left text directional formatting.
The right-to-left text format is used for languages such as Arabic and Urdu while the more common left-to-right text format is used for languages such as English. The hidden "&rlm:" code in the black dot prank message instructs WhatsApp to change the direction of the text repeatedly, which requires a lot of processing power.
Related
I wrote a large complex C program around 20(!) years go. As far as I can recall it worked fine at the time in all respects - it was probably running on windows 95.
Now I need to use it again. Unfortunately the radio buttons in it do not appear to work properly any more (the ordinary push buttons are all behaving correctly). As I click on the radio buttons, I get some feedback that windows is acknowledging my click in as much as I see a dotted line appear around the button's text and the circle of the button goes grey for as long as my finger is on the button, but when I take my finger off I see that the selected button has not changed.
My suspicion is that I was perhaps getting away with some bad practice at the time which worked with windows 95 but no longer works on newer versions of windows, but I'm struggling work out what I did wrong. Any ideas?
EDIT: Its difficult to extract the relevant code because the message handling in this program was a tangled nightmare. Many buttons were created programatically at runtime and there were different message loops working when the program was in different modes of operation. The program was a customisable environment for running certain types of experiment. It even had its own built-in interpreted language! So I'm not expecting an answer like "you should have a comma instead of a semicolon at line 47", but perhaps something more like "I observed similar symptoms once in my program and it turned out to be ..... " .. or perhaps "the fact that the dotted rectangle is appearing means that process AAA has happened, but maybe step BBB has gone wrong".
EDIT: I've managed to extract some key code which my contain an error...
char *process_messages_one_at_a_time()
{
MSG msg;
int temp;
temp = PeekMessage(&msg,winh,0,0,PM_NOREMOVE);
if (temp)
{
GetMessage (&msg, NULL, 0, 0);
if (msg.message == WM_LBUTTONUP)
{
mouse_just_released_somewhere = TRUE;
}
TranslateMessage (&msg);
DispatchMessage (&msg);
}
if (button_command_waiting)
{
button_command_waiting = FALSE;
return (button_command_string);
}
else
{
return (NULL);
}
}
There are two simple things to check when using radio buttons. First is to make sure that each has the BS_AUTORADIOBUTTON property set. The second is to make sure that the first button in the tab order and the next control after the set of buttons (typically a group box) have the WS_GROUP property set, while the other buttons have it clear.
A few suggestions:
I'd try to use spy++ to monitor the messages in that dialog box, particularly to and from the radiobutton controls. I wonder if you'll see a BM_SETCHECK that your program is sending (ie, somewhere you're unchecking the button programatically).
Any chance your code ever checks the Windows version number? I've been burned a few times with an == where I should have used a >= to ensure version checking compatibility.
Do you sub-class any controls? I don't remember, but it seems to me there were a few ways sub-classing could go wrong (and the effects weren't immediately noticeable until newer versions of Windows rolled in).
Owner-drawing the control? It's really easy to for the owner-draw to not work with newer Windows GUI styles.
Working with old code like that, the memories come back to me in bits and pieces, rather than a flood, so it usually takes some time before it dawns on me what I was doing back then.
If you just want to get the program running to use it, might I suggest "compatibility mode".
http://www.howtogeek.com/howto/windows-vista/using-windows-vista-compatibility-mode/
However, if you have a larger, expected useful life of the software, you might want to consider rewriting it. Rewriting it is not anywhere near the complexity or work of the initial write because of a few factors:
Developing the requirements of a program is a substantial part of the required work in making a software package (the requirements are already done)
A lot of the code is already written and only parts may need to be slightly refactored in order to be updated
New library components may be more stable alternatives to parts of the existing codebase
You'll learn how to write current applications with current library facilities
You'll have an opportunity to comment or just generally refactor and cleanup the code (thus making it more maintainable for the anticipated, extended life)
The codebase will be more maintainable/compatible going forward for additional changes in both requirements and operating systems (both because it's updated and because you've had the opportunity to re-understand the entire codebase)
Hope that helps...
I'm making a program, and I want to be able to store questions and answers in a text file. What I'm doing right now is separating the different question/answer combos by a new line, and separating the questions from the answers by having the questions first, then /// (triple slash) and then the answer. The problem with this is that the user can't enter a triple slash or slashes at the end of the question without messing the program up.
So what I'm looking for is some character that I can put in that can't be entered by the user in any way shape or form to separate the questions and answers. What I'm leaning towards right now is some unicode symbol like a smiley face, but anything that's more perfect would be appreciated.
As a side question, where should I store this document on Mac OS X? Should it be in application support, or part of the app bundle itself?
There are some well-documented pre-existing text formats you might want to consider. I would look into csv (comma-separated-value), tsv (tab-separated value), json and xml. Most likely xml and json are overkill for you, but they solve this problem nicely, and if you already have libraries for dealing with those in your code stack, you can get going more quickly by using those.
But for a DIY approach, I would recommend tsv. It's hard for users to enter the "TAB" ASCII 09 character in web forms, and you can usually convert to space without losing much information if they do. Then you just have to work out what your record-separator will be; probably on the Mac you will want to use CR (ascii 13), but NL (ascii 10) is a fine choice too.
I'm working web project with a mssql backend, not in my control except for tapping it.
A lot of the data is littered with garbage characters in place of tradmarks, quotes, register symbols and quotes.
The html I'm rendering in is set to utf-8.
Is this encoding problem something that should be taken care of on the insertion of the data into the db?
The problem should be taken care of where it's wrong. If you try to take care of it somewhere else, then you don't fix the problem, you only try to recover lost data.
When you handle encoded text, you have to do it correctly all the way. If you encode it or decode it incorrectly at one point in the process, you can't reliably fix it at any other point.
You have to find out where the text gets encoded or decoded incorrectly by examining what's happening to the data, and apply the fix there.
I'm using a WPF InkCanvas control to capture signatures in a Tablet PC application.
One of my requirements is to validate whether or not the application has really been "signed". Right now I'm doing this by checking the Strokes collection of the InkCanvas - if there are 0 strokes, then I know the user has not "signed".
However, if the user enters a single slash, or even a single dot, this counts as a stroke and my validation test will pass, even though the signature isn't really valid.
Any ideas about how to build a better test for this? Granted, the use case for what is and is not a valid signature is pretty fuzzy, but I want to try to eliminate obviously bad signatures.
Or is this simply unsolvable in any straightforward way?
I know there are algorithms to test if a signature is a valid match for an existing signature, like the one outlined here. However, finding out if something is a signature in the first place seems to be much more complex.
From Wikipedia:
On legal documents, an illiterate signatory can make a "mark" (often an "X" but occasionally a personalized symbol)
...
Several cultures whose languages use writing systems other than alphabets do not share the Western notion of signatures per se: the "signing" of one's name results in a written product no different from the result of "writing" one's name in the standard way. For these languages, to write or to sign involves the same written characters. Three such examples are Chinese, Japanese, and Korean.
While this could be approached using Intelligent Character Recognition, I also know that my signature rarely looks like it has any characters in it. It's even worse if I am using one of those UPS or FedEx package singing pads. Next time a package arrives though I will try signing with just a dash and a dot and see if it allows it (Which I think it will allow since it's already close enough to that).
Because a signature may not match any recognizable words or characters, trying to 'validate' it any further then you currently are could actually be discarding some valid signatures. If for some reason you do still need to know if there is something more then a dot, take a look at validating instead that the signature fills a certain sized rectangle. That still may invalidate results that shouldn't be, so if you do attempt to add any validation to it make sure to document fully the expectations of a valid signature.
So we are sure that we will be taking our product internationally and will eventually need to internationalize it. How much internationalizing would you recommend we do as we go along?
I guess in other words, is there any internationalization that is easy now but can be much worse if we let the code base mature and that won't slow us down very much if we choose to start doing it now?
Tech used: C#, WPF, WinForms
Prepare it now, before you write all the strings in the codebase itself.
Everything after now will be too late. It's now or never!
It's true that it is a bit of extra effort to prepare well now, but not doing it will end up being a lot more expensive.
If you won't follow all the guidelines in the links below, at least heed points 1,2 and 7 of the summary which are very cheap to do now and which cause the most pain afterwards in my experience.
Check these guidelines and see for yourself why it's better to start now and get everything prepared.
Developing world ready applications
Best practices for developing world ready applications
Little extract:
Move all localizable resources to separate resource-only DLLs. Localizable resources include user interface elements such as strings, error messages, dialog boxes, menus, and embedded object resources. (Moving the resources to a DLL afterwards will be a pain)
Do not hardcode strings or user interface resources. (If you don't prepare, you know you will hardcode strings)
Do not put nonlocalizable resources into the resource-only DLLs. This causes confusion for translators.
Do not use composite strings that are built at run time from concatenated phrases. Composite strings are difficult to localize because they often assume an English grammatical order that does not apply to all languages. (After the interface design, changing phrases gets harder)
Avoid ambiguous constructs such as "Empty Folder" where the strings can be translated differently depending on the grammatical roles of the strings' components. For example, "empty" can be either a verb or an adjective, and this can lead to different translations in languages such as Italian or French. (Same issue)
Avoid using images and icons that contain text in your application. They are expensive to localize. (Use text rendered over the image)
Allow plenty of room for the length of strings to expand in the user interface. In some languages, phrases can require 50-75 percent more space. (Same issue, if you don't plan for it now, redesign is more expensive)
Use the System.Resources.ResourceManager class to retrieve resources based on culture.
Use Microsoft Visual Studio .NET to create Windows Forms dialog boxes, so they can be localized using the Windows Forms Resource Editor (Winres.exe). Do not code Windows Forms dialog boxes by hand.
IMHO, to claim something is going to happens "in a few years" literally translates to "we hope one day" which really means "never". Although I would still skim over various tutorials to make sure you don't make any horrendous mistakes. Doing correct internationalization support now will mean less work in the future, and once you get use to it, it won't have any real affect on today's productivity. But if you can measure the goal in years, maybe it's not worth doing at all right now.
I have worked on two projects that did internationalization: a C# ASP.NET (existed before I joined the project) app and a PHP app (homebrewed my own method using a free Internationalization control and my own management app).
You should store all the text (labels, button text, etc etc) as data inside a database. Reference these with keys (I prefer to use the first 4 words, made uppercase, spaces converted to underscores and non alpha-numerics stripped out) and when you have a duplicate, append a number to the end. The benefit of this key method is the programmer has a pretty strong understanding of the content of the text just by looking at the key.
Write a utility to extract the data and build .NET resource files that you add into your project for compile. Create a separate resource file for each language. In your code, use the key to point to the proper entry.
I would skim over the MS documents on the subject:
http://www.microsoft.com/globaldev/getwr/dotneti18n.mspx
Some basic things to avoid:
never ever ever use translation software, hire a pro or an intern taking that language at a local college
never try to create text by appending two existing entries, because grammar differs greately in each language, this will never work. So if you have a string that says "Click" and want one that says "Click Now", do not try to create a setup that merges two entries, or during translation, copy the word for click and translate the word now. Treat every string as a totally new translation from scratch
I will add to store and manipulate string data as Unicode (NVARCHAR in MS SQL).
Some questions to think about…
How match can you afford to delay the shipment of the English version of your application to save a bit of cost internationalize later?
Will you still be trading if you don’t get the cash flow from shipping the English version quickly?
How will you get the UI right, if you don’t get feedback quickly from some customers about it?
How often will you rewrite the UI before you have to internationalize it?
Do you English customers wish to be able to customize strings in the UI, e.g. not everyone calls a “shipping note” the same think.
As a large part of the pain of internationalize is making sure you don’t break the English version, is automated system testing of the UI a better investment?
The only thing I think I will always do is: “Do not use composite strings that are built at run time from concatenated phrases” and if you do so, don’t spread the code that builds up the a single string over lots of methods.
Having your UI automatically resize (and layout) to cope with length of labels etc will save you lots of time over the years if you can do it cheaply. There a lots of 3rd party control sets for Windows Forms that lets you label text boxes etc without having to put the labels on as separate controls.
I just starting to internationalize a WinForms application, we hope to mostly be able to use the “name” of each control as the lookup key, without having to move lots into resource files etc. It is not always as hard as you think at first….
You could use NGettext.Wpf (it can be installed from NuGet, and yes I am the author, but I made it out of the frustrations listed in the other answers).
It is hosted this github repository, and here is the getting started section at the time of writing:
NGettext.Wpf is intended to work with dependency injection. You need to call the following at the entry point of your application:
NGettext.Wpf.CompositionRoot.Compose("ExampleDomainName");
The "ExampleDomainName" string is the domain name. This means that when the current culture is set to "da-DK" translations will be loaded from "Locale\da-DK\LC_MESSAGES\ExampleDomainName.mo" relative to where your WPF app is running (You must include the .mo files in your application and make sure they are copied to the output directory).
Now you can do something like this in XAML:
<Button CommandParameter="en-US"
Command="{StaticResource ChangeCultureCommand}"
Content="{wpf:Gettext English}" />
Which demonstrates two features of this library. The most important is the Gettext markup extension which will make sure the Content is set to the translation of "English" with respect to the current culture, and update it when the current culture is changed. The other feature it demonstrates is the ChangeCultureCommand which changes the current culture to the given culture, in this case "en-US".
I also highly recommend reading Preparing Strings from the gettext utilities manual.
Internationalization will let your product be usable in other countries, it's easy and should be done from the start (this way English speaking people all over the world can use your software), those 3 rules will get you most of the way there:
Support international characters - use only Unicode data types in files and databases.
Support international date, time and number formats - use CultureInfo.InvariantCulture when storing data to file or computer readable storage, use CultureInfo.CurrentCulture when displaying data or parsing user input, never do your own parsing, never use any other culture objects.
textual data entered by the user should be considered a black box, don't try to break it up into words or letters, especially when displaying it to the user - different languages have diffract rules and the OS knows how to display left-to-right text, you don't.
Localization is translating the software into different languages, this is difficult and expensive, a good start is to never hard code strings and never build sentences out of smaller strings.
If you use test data, use non-English (e.g.: Russian, Polish, Norwegian etc) strings.
Encoding peeks it's little ugly head at every corner. If not in your own libraries, then in external ones.
I personally favor Russian because although I don't speak a word Russian (despite my name's origin) it has foreign chars in it and it takes way more space then English and therefor tests your spacing too.
Don't know if that is something language specific, or just because our Russian translator likes verbose strings.