|
 php
|
#
?
Apr 23, 2016 16:21
|
|
|
|
| # ? Jun 10, 2024 00:37 |
|
|
This is apparently a sudoku solver with all solutions hardcoded. http://pastebin.com/raw/1mPdgZgg Posting the raw link because the regular pastebin page (just remove the /raw from the URL) crashes browsers.
|
|
#
?
Apr 23, 2016 18:06
|
|
|
PHP isn't broken, it just makes broken people.
|
|
#
?
Apr 23, 2016 18:12
|
|
|
Klades posted:PHP isn't broken, it just makes broken people. Yeah, even WordPress is arguably not completely broken, it's just that it's really, really easy to write broken, insecure, lovely code with PHP, and even easier to introduce it into a WordPress website. Look at all the contact form "tutorials" for wordpress that don't involve CSRF prevention, for example. It's trivial to add with WordPress, so you might as well do it with every form you handle, but no one actually does.
|
|
#
?
Apr 23, 2016 18:27
|
|
|
Wikipedia doesn't seem to get hacked all the time so it can't be that hard to use php and not suck.
|
|
#
?
Apr 23, 2016 19:06
|
|
|
Yeah, they only have to support one of the ten most visited sites in the world so their engineers probably aren't much cop. Same deal with Facebook.
|
|
#
?
Apr 23, 2016 19:26
|
|
|
Can what Facebook uses even be described as php any more?
|
|
#
?
Apr 23, 2016 19:34
|
|
|
PT6A posted:it's just that it's really, really easy to write broken, insecure, lovely code with PHP, and even easier to introduce it into a WordPress website. I agree with this completely - I'm a PHP dev and seeing the quality of code of people we've been hiring in the past has put me in a severe depression. A term phpkiddie comes to mind - people that don't really know anything about algorithms, or evaluating limiting time of function, OO, loving inheritance, creating interfaces or abstractions, separating presentation layer from application, idk what else, well, dev stuff. And for Wordpress - people should really put into their thick skulls that while you can echo stuff in PHP, you really shouldn't - until Wordpress starts doing that (and has quality assurance system) it will keep on being a steaming pile of poo poo. PHP, in my opinion, is very similar to JS - the level of entry is similarly low, you can add in code without really understanding it to do *stuff* and without proper organisation your code base quickly turns into tangled mess of spaghetti code. The difference is that JS can't really harm that much (if we're talking client side). I still want to see some examples of horrible node.js code bases though, made by people that never heard of OO, because I think it should follow similar patterns. Soricidus posted:Can what Facebook uses even be described as php any more? I think Facebook uses HHVM at this point, which contains PHP and introduces C properties to it (taking from http://hacklang.org/: mostly dealing with types and type definition) - which are indeed nice things to have. Mate of mine praises it for high heavens, but I've not had a chance to write in it - some of those things are doable in PHP (hackishly but still - in the same sense that multiple inheritance is possible in PHP, but you really should think twice if you want to do it). Apparently HHVM and PHP7 diverge somewhat. Don't know where else to post it, but recently I've found a simple bit of HTML that crashes Chrome - it's good that it's patched in nightly build, but I was surprised when Safari / Firefox would deal with it and Chrome wouldn't  Same thing when Chrome would crash when a pretty popular JS plugin (sharethis) would load its assets via HTTPS; I still'd like to know what/how they managed to do that. My expectations of Chrome are too high edit: vvv sorry - I mostly associate static typing (and other things, like inheritance, overloading with C), so it was a bit of unfortunate mental shortcut canis minor fucked around with this message at 22:03 on Apr 23, 2016 |
|
#
?
Apr 23, 2016 20:16
|
|
|
canis minor posted:I think Facebook uses HHVM at this point, which contains PHP and introduces C properties to it wat
|
|
#
?
Apr 23, 2016 21:13
|
|
|
My work asked me to help improve a server monitoring GUI someone else wrote. Its way of detecting the active servers? Prompt for a subnet and ping every address in it. If it responds, attempt to send it a file by SMB. If that succeeds, attempt to use PSEXEC (!) to remotely tell that server to add the file to its registry (!!) They also mentioned they might be training me to be their security specialist at some point..
|
|
#
?
Apr 23, 2016 21:42
|
|
|
hyphz posted:My work asked me to help improve a server monitoring GUI someone else wrote. Sounds like some poo poo I wrote in the 90a where there were a shirt on of unmanaged switches on the corporate network and no one had an up to date pc inventory. I walked SNMP of everything they knew of gathering arp tables then used uhh netbios I think to ask what the hostname was so we could track it back to a person to ask them where the machine was and what was it for. I think pinging all broadcast addresses was part of it to ensure the arp caches were full.
|
|
#
?
Apr 23, 2016 22:17
|
|
|
b0lt posted:wat Quite.
|
|
#
?
Apr 23, 2016 22:24
|
|
|
Mush Man posted:I hate to be the clueless idiot, but part of my job is working with WordPress and I don't know what the better or more secure alternatives are. The only other CMS I've gone near was someone else's hacked Joomla site. A lot of the appeal of WordPress is that our clients are don't need to call us every time they want to put up new content because they can do it easily themselves... I think October CMS is pretty promising if you want to stay in the realm of skills you currently have and maybe pull in more from the PHP ecosystem. If your clients just want to be able to write something without much trouble there's got to be at least one static site generator that's easy to use.
|
|
#
?
Apr 23, 2016 22:29
|
|
|
Carbon dioxide posted:This is apparently a sudoku solver with all solutions hardcoded. what Please tell me this was somebody's elaborate practical joke.
|
|
#
?
Apr 23, 2016 23:12
|
|
|
Klades posted:what Programming course assignment would be my guess
|
|
#
?
Apr 23, 2016 23:50
|
|
|
canis minor posted:edit: vvv sorry - I mostly associate static typing (and other things, like inheritance, overloading with C), so it was a bit of unfortunate mental shortcut c doesnt have inheritance or overloading
|
|
#
?
Apr 23, 2016 23:56
|
|
|
So it doesn't - C++ has too long since uni times
|
|
#
?
Apr 23, 2016 23:58
|
|
|
Mush Man posted:I hate to be the clueless idiot, but part of my job is working with WordPress and I don't know what the better or more secure alternatives are. The only other CMS I've gone near was someone else's hacked Joomla site. A lot of the appeal of WordPress is that our clients are don't need to call us every time they want to put up new content because they can do it easily themselves... It's mostly just a matter of locking it down and checking basic security. Make sure wordpress has a unique databases user and that it's user can't see other databases or do schema changes. Change the file permissions so apache or your wordpress system user can't write outside of the wp-content folder - this will break the plugin install and update from the admin, but also prevents rogue plugins from doing as much. If you can put it in a jail of some kind or it's own instance isolated from other possible web resources that's ideal. Take daily backups and ideally the worse that happens is someone manages to deface it. Pay attention to online CVE updates. Subscribe to the US-CERT (https://www.us-cert.gov/) mailing list and watch for wordpress or related CVEs when they are announced and move quickly on them. There are some other ones specific to wordpress, I'm not sure which ones are great, but there seem to be a few (https://wpvulndb.com http://www.wordpressexploit.com). Keep wordpress up to date although you'll have to do it manually since hopefully you changed the permissions as I mentioned above. I think a few tools help here like http://wp-cli.org. There are very often new CVEs for versions of wordpress only like a month old, so don't fall into thinking it's okay if you update it periodically but not frequently. That's my 
ultrabay2000 fucked around with this message at 00:50 on Apr 24, 2016 |
|
#
?
Apr 24, 2016 00:47
|
|
|
canis minor posted:So it doesn't - C++ has Some of the people in my department refer to C++ as "C".
|
|
#
?
Apr 24, 2016 01:23
|
|
|
On the other hand, if you properly secure WordPress, it removes the user-friendliness from it which is, as best as I can tell, the only reason to use it in the first place. Coding horrors aren't just limited to outright dangerous code -- it's still a horror if it actively encourages bad behaviour on the part of the user or administrator, or makes it easy for such to occur without being noticed.
|
|
#
?
Apr 24, 2016 02:06
|
|
|
weird posted:c doesnt have inheritance or overloading C has overloading as of C11, thanks to the abomination of type-generic macros. code:
|
|
#
?
Apr 24, 2016 03:29
|
|
|
b0lt posted:C has overloading as of C11, thanks to the abomination of type-generic macros. None of that is OK. Stop.
|
|
#
?
Apr 24, 2016 03:34
|
|
|
Subjunctive posted:None of that is OK. Stop. Read this if you want to see things that are even worse. I'm probably going to be using it in the near future
|
|
#
?
Apr 24, 2016 03:39
|
|
|
I looked at that, and decided to google "FORTRAN Object Oriented", to make sure I could just joke about it. Welp... quote:Fortran90 is a modern, powerful language with features that support important new programming concepts, including those used in object-oriented programming. This paper explains the concepts of data encapsulation, function overloading, classes, objects, inheritance, and dynamic dispatching, and how to implement them in Fortran90. As a result, a methodology can be developed to do object-oriented programming in the language. 
|
|
#
?
Apr 24, 2016 03:40
|
|
|
AIUI, Fortran didn't have global variables until Fortran90, so it arguably has some horror credits to burn.
|
|
#
?
Apr 24, 2016 03:48
|
|
|
b0lt posted:C has overloading as of C11, thanks to the abomination of type-generic macros. __attribute__((overloadable)) is clang-only, it was their perfectly sensible solution to the tgmath.h problem before _Generic got bodged into the standard
|
|
#
?
Apr 24, 2016 07:31
|
|
|
Absurd Alhazred posted:I looked at that, and decided to google "FORTRAN Object Oriented", to make sure I could just joke about it. Oh it gets better, object-oriented COBOL is also a thing. https://supportline.microfocus.com/Documentation/books/sx60/oppubb.htm
|
|
#
?
Apr 24, 2016 13:48
|
|
|
weird posted:c doesnt have inheritance or overloading Tell that to the fine folks who wrote gtk and gnome (casts, casts everywhere!  )
|
|
#
?
Apr 24, 2016 13:50
|
|
|
feedmegin posted:Tell that to the fine folks who wrote gtk and gnome (casts, casts everywhere! That's just typical C code as far as I'm concerned. Casting ints to void pointers or floats to a union of a char and a function pointer is just part of the C experience.
|
|
#
?
Apr 24, 2016 16:52
|
|
|
feedmegin posted:Oh it gets better, object-oriented COBOL is also a thing.  There is always more and it is always worse. 
|
|
#
?
Apr 24, 2016 17:31
|
|
|
YeOldeButchere posted:That's just typical C code as far as I'm concerned. Casting ints to void pointers or floats to a union of a char and a function pointer is just part of the C experience. Yeah, the Unix VFS layer made a style out of this before you could use 10 character identifiers.
|
|
#
?
Apr 24, 2016 17:33
|
|
|
YeOldeButchere posted:That's just typical C code as far as I'm concerned. Casting ints to void pointers or floats to a union of a char and a function pointer is just part of the C experience. Yeah, sometimes you just gotta do weird things: C++ code:
|
|
#
?
Apr 24, 2016 18:10
|
|
|
The first thing I thought of was Carmack's "// what the gently caress?". It's absolutely amazing what you can do if you really have a deep understanding of things like IEEE 754.
|
|
#
?
Apr 24, 2016 18:21
|
|
|
Xerophyte posted:Yeah, sometimes you just gotta do weird things: I'd just been reading about the Fast Inverse Square Root function. It's fascinating, really, what a good hard-coded first approximation along with one iteration of Newton's Method can do for you.
|
|
#
?
Apr 24, 2016 18:22
|
|
|
YeOldeButchere posted:That's just typical C code as far as I'm concerned. Casting ints to void pointers or floats to a union of a char and a function pointer is just part of the C experience. Some of the time, sure, but it's a difference of degree. It's all over the place in gtk because they thought it would be a wizard idea to recreate C++ inheritance and vtbls in plain C, rather than just, y'know, using C++.
|
|
#
?
Apr 24, 2016 18:29
|
|
|
Xerophyte posted:Yeah, sometimes you just gotta do weird things: Incidentally, this is undefined behavior in C++, but OK in C99. Don't know of a compiler that doesn't work as you'd expect in C++, though. The standards compliant way to do type punning in C++ is through char arrays (which can legally alias variables/arrays of other types). But I think you'd need two separate buffers to write this function, since an int isn't allowed to alias a float.
|
|
#
?
Apr 24, 2016 18:34
|
|
|
Xerophyte posted:Yeah, sometimes you just gotta do weird things: How does that even work? And how does i get initialized?
|
|
#
?
Apr 24, 2016 18:42
|
|
|
VikingofRock posted:How does that even work? And how does i get initialized? It's a union, a union declares multiple variables (or fields in a struct) that all share the same memory, meaning that reading or writing i or x accesses the same 4 bytes of memory. I believe it would be like this in well-defined C++: C++ code:E: Updated code to be simpler/not use union. nielsm fucked around with this message at 19:03 on Apr 24, 2016 |
|
#
?
Apr 24, 2016 18:53
|
|
|
eth0.n posted:Incidentally, this is undefined behavior in C++, but OK in C99. Don't know of a compiler that doesn't work as you'd expect in C++, though. Yeah, in C++ you need to do a memcpy or something to not have an aliasing issue (which is generally fine and optimized to a register copy at worst). I'm pretty sure we're cheerfully dependent on union type punning working as expected here and in a few other places in our codebase, which is arguably another horror. VikingofRock posted:How does that even work? And how does i get initialized? You can very roughly approximate any power function through casting the floating point number to an equivalent-width integer and adding a constant, which translates to (among other things) adding or subtracting a constant value to the exponent bits of the float. Selecting a good integer constant and doing one or two steps of Newton's method will get you a low enough error for most applications if you know the range of the input (x in [0,1] for this particular cube root). Finding a good magical constant can be hard. It's recommended to do a search for one that fits your power function and domain of interest. i is hopefully initialized when x is as they're unioned, but as pointed out that sort of type aliasing isn't really appreciated by the C++ standard and the compiler could in principle optimize it away unless you memcpy. E: An overview of how the hack works in general Xerophyte fucked around with this message at 21:29 on Apr 24, 2016 |
|
#
?
Apr 24, 2016 18:54
|
|
|
|
| # ? Jun 10, 2024 00:37 |
|
|
Thanks for the info guys. That's really cool!
|
|
#
?
Apr 24, 2016 19:05
|
|