|
php:<? if(!$_POST){ $_POST=&$_GET; // ughhhhhhhhh } ?>
|
# ? Dec 23, 2010 10:15 |
|
|
# ? May 25, 2024 01:18 |
|
Oh yes, I know that pain. We have delightful nuggets like this one spread throughout our code.php:<?php $_GET['cat'] or $_GET['cat'] = $_POST['cat']; $_GET['cat'] or $_GET['cat'] = $_GET['id']; $_GET['cat'] or $_GET['cat'] = $_POST['id'];
|
# ? Dec 23, 2010 18:54 |
|
McGlockenshire posted:Oh yes, I know that pain. We have delightful nuggets like this one spread throughout our code. to be fair, $_REQUEST also looks up in $_COOKIE and cookies are checked after $_POST. In certain cases it might be better to be explicit.
|
# ? Dec 23, 2010 19:12 |
|
MononcQc posted:to be fair, $_REQUEST also looks up in $_COOKIE and cookies are checked after $_POST. In certain cases it might be better to be explicit.
|
# ? Dec 23, 2010 21:06 |
|
Just saw this on some random website:code:
|
# ? Dec 26, 2010 10:31 |
|
Apparently this was needed because you couldn't directly invoke new Array objects in Javascript 1.0. Javascript 1.1 was introduced in Netscape 3, released in 1996. This is the problem with tutorial code. Inevitably, your code becomes obsolete and laughable and teaches people the now-wrong way to do things.
|
# ? Dec 26, 2010 18:23 |
|
Hey, does anyone know why everything on the page stopped workicode:
|
# ? Dec 27, 2010 16:37 |
|
manero posted:Hey, does anyone know why everything on the page stopped worki This is dedicated trolling.
|
# ? Dec 28, 2010 21:10 |
|
I once worked on revamping a website where the guy had all the config files in a web-readable directory, .ini format. After poking around for a little bit I found that using the password "letmein" with ANY username allowed you full administrative access to the website.
|
# ? Dec 29, 2010 00:15 |
|
Rainbow Pony Deluxe posted:This is dedicated trolling. I wish I were ;(
|
# ? Dec 29, 2010 16:12 |
|
VerySolidSnake posted:I once worked on revamping a website where the guy had all the config files in a web-readable directory, .ini format. After poking around for a little bit I found that using the password "letmein" with ANY username allowed you full administrative access to the website. One of the jobs we picked up a while ago that handled credit card donations for a charitable organisation would accept any username and/or password combo to get access to plaintext credit card details.
|
# ? Dec 30, 2010 16:54 |
|
Topological sort in Perl using the garbage collector as the sorter. Also, $[. $[ sets the index of the first element of arrays. So if $[ = 1, you get 1-indexed arrays. Mysteriously, however, $x[0] will always refer to the first element of the array if $[ is positive. If $[ is negative, then it refers to whatever element you'd get if you started counting from $[. And if $[ is negative, there's no way to get the last element, because -1 will be a valid index. Yeaaaah. Also, you know those perl magic variables that have names like $^H (that's a literal carat followed by an H)? Well, code:
Opinion Haver fucked around with this message at 09:51 on Dec 31, 2010 |
# ? Dec 31, 2010 09:38 |
|
I think Perl qualifies in its entirety.
|
# ? Dec 31, 2010 10:33 |
|
The Reaganomicon posted:I think Perl qualifies in its entirety. Hey, it's perfectly possible to write good Perl. It's just really easy to write crimes against humanity.
|
# ? Dec 31, 2010 18:44 |
|
There are a lot better things in Perl to complain about than poo poo you shouldn't even be poking atperldoc perlvar posted:$^H
|
# ? Dec 31, 2010 19:12 |
|
Many times the people who complain about C/C++ being too easily abusable are the same ones who hide behind their perl script. I once had the thought, "Why don't they have an International Obfuscated Perl Coding Contest" ? And then I realized, "It would be too easy."
|
# ? Dec 31, 2010 22:11 |
|
Perl golf is close enough to that really (although I guess golfing in any language tends to be unreadable, and completely inscrutable to folks who aren't adepts of that language).
|
# ? Dec 31, 2010 23:17 |
|
Vino posted:Many times the people who complain about C/C++ being too easily abusable are the same ones who hide behind their perl script. http://en.wikipedia.org/wiki/Obfuscated_Perl_Contest Edit: Actually, just noticed that apparently it stopped in 2000. Oh well, it still did exist for a bit.
|
# ? Jan 1, 2011 00:57 |
|
Vino posted:Many times the people who complain about C/C++ being too easily abusable are the same ones who hide behind their perl script. pre:# sub j(\$){($ P,$V)= @_;while($$P=~s:^ ([()])::x){ $V+=('('eq$1)?-32:31 }$V+=ord( substr( $$P,0,1,""))-74} sub a{ my($I,$K,$ J,$L)=@_ ;$I=int($I*$M/$Z);$K=int( $K*$M/$Z);$J=int($J*$M /$Z);$L=int($L*$M/$Z); $G=$ J-$I;$F=$L-$K;$E=(abs($ G)>=abs($F))?$G:$F;($E<0) and($ I,$K)=($J,$L);$E||=.01 ;for($i=0;$i<=abs$E;$i++ ){ $D->{$K +int($i*$F/$E) }->{$I+int($i*$G/$E)}=1}}sub p{$D={};$ Z=$z||.01;map{ $H=$_;$I=$N=j$H;$K=$O=j$H;while($H){$q=ord substr($H,0,1,"" );if(42==$q){$J=j$H;$L=j$H}else{$q-=43;$L =$q %9;$J=($q-$L)/9;$L=$q-9*$J-4;$J-=4}$J+=$I;$L+=$K;a($I,$K,$J,$ L); ($I,$K)=($J,$L)}a($I,$K,$N,$O)}@_;my$T;map{$y=$_;map{ $T.=$D->{$y} ->{$_}?$\:' '}(-59..59);$T.="\n"}(-23..23);print"\e[H$T"}$w= eval{ require Win32::Console::ANSI};$b=$w?'1;7;':"";($j,$u,$s,$t,$a,$n,$o ,$h,$c,$k,$p,$e,$r,$l,$C)=split/}/,'Tw*JSK8IAg*PJ[*J@wR}*JR]*QJ[*J'. 'BA*JQK8I*JC}KUz]BAIJT]*QJ[R?-R[e]\RI'.'}Tn*JQ]wRAI*JDnR8QAU}wT8KT'. ']n*JEI*EJR*QJ]*JR*DJ@IQ[}*JSe*JD[n]*JPe*'.'JBI/KI}T8@?PcdnfgVCBRcP'. '?ABKV]]}*JWe*JD[n]*JPe*JC?8B*JE};Vq*OJQ/IP['.'wQ}*JWeOe{n*EERk8;'. 'J*JC}/U*OJd[OI@*BJ*JXn*J>w]U}CWq*OJc8KJ?O[e]U/T*QJP?}*JSe*JCnTe'. 'QIAKJR}*JV]wRAI*J?}T]*RJcJI[\]3;U]Uq*PM[wV]W]WCT*DM*SJ'. 'ZP[Z'. 'PZa[\]UKVgogK9K*QJ[\]n[RI@*EH@IddR[Q[]T]T]T3o[dk*JE'. '[Z\U'. '{T]*JPKTKK]*OJ[QIO[PIQIO[[gUKU\k*JE+J+J5R5AI*EJ00'. 'BCB*'. 'DMKKJIR[Q+*EJ0*EK';sub h{$\ = qw(% & @ x)[int rand 4];map{printf "\e[$b;%dm",int(rand 6)+101-60* ($w ||0);system( "cls")if$w ;($A,$S)= ($_[1], $ _[0]);($M, @,)= split '}';for( $z=256 ;$z>0; $z -=$S){$S*= $A;p @,} sleep$_ [2];while ($_[3]&&($ z+=$ S) <=256){ p@,}}("". "32}7D$j" ."}AG". "$u}OG" ."$s}WG" ."$t","" ."24}(" ."IJ$a" ."}1G$n" ."}CO$o" ."}GG$t" ."}QC" ."$h}" ."^G$e" ."})IG" ."$r", "32}?" ."H$p}FG$e}QG$r". "}ZC" ."$l", "28}(LC" ."" ."". "$h}:" ."J$a}EG". "$c" ."}M" ."C$k}ZG". "$e" ."}" ."dG$r","18" ."}(" ."D;" ."$C" )}{h(16 ,1,1,0 );h(8, .98,0,0 );h(16 ,1,1,1) ;h(8.0 ,0.98,0, 1); redo}### #written 060204 by #liverpole @@@@@@@ #@@@@@@@@@@@
|
# ? Jan 1, 2011 02:32 |
|
I'm fairly sure at least one of the IOCCC entries was also valid perl. Possibly more than one.
|
# ? Jan 1, 2011 06:05 |
|
A program that is valid in a number of languages simultaneously is called a polyglot. Here's a quine that is valid C, Ruby, Python, Perl and Brainfuck.
|
# ? Jan 1, 2011 06:13 |
|
Internet Janitor posted:A program that is valid in a number of languages simultaneously is called a polyglot. Here's a quine that is valid C, Ruby, Python, Perl and Brainfuck. That's nice. I think this one's nice too: http://d.hatena.ne.jp/ku-ma-me/20090916/p1 It's a quine that produces a valid program in another programming language eleven times - each being an unique language - and then finally when it reaches the last one, it jumps back to the original quine meaning that the compile&run loop is infinite. Example of execution: code:
|
# ? Jan 1, 2011 13:48 |
|
There was an extremely short polyglot quine in an IOCCC entry a while back: Description code:
|
# ? Jan 1, 2011 18:44 |
|
How am I not surprised an MIT student submitted the null program to IOCCC with a smarmy writeup? edit: VVV Alright, fine, I wasn't paying close enough attention to which parts came from the judges and what was the original submission. While "clever", the whole thing is still pretty low-effort by IOCC standards. Internet Janitor fucked around with this message at 20:06 on Jan 1, 2011 |
# ? Jan 1, 2011 19:04 |
|
Is this really so smarmy?quote:The world's smallest self-replicating program. Guaranteed. Produces a listing of itself on stdout.
|
# ? Jan 1, 2011 19:56 |
|
Internet Janitor posted:edit: VVV Alright, fine, I wasn't paying close enough attention to which parts came from the judges and what was the original submission. While "clever", the whole thing is still pretty low-effort by IOCC standards. Thankfully the competition is judged on cleverness and not effort. It's a competition for showing off how clever you are for Knuth's sake, lighten up. Also I always liked: code:
quote:The program's capabilities are only limited by the abilities of the person compiling it. Zombywuf fucked around with this message at 21:02 on Jan 1, 2011 |
# ? Jan 1, 2011 20:59 |
|
I don't think I saw this posted here, but it definitely fits with the recent discussion topics. Sony completely hosed up their crypto on the PS3 by not using a random salt with their ECDSA algorithm to sign their binaries, and the code that was implemented to update their binary rights revocation list ended up allowing hackers to copy anything they might want into part of one of the boot loaders. There's quite a lot more to it than that, but those are definitely the highlights of this talk. There's a very interesting business lesson here somewhere about how good customer relations strategies are more important to battling piracy than technical bells and whistles. When they get done with their talk you wonder how the PS3 wasn't hacked on day 1 with all the weird little holes in their security system, but I think the argument that they gave hackers most of what they wanted by allowing them to install Linux has some weight to it. ErIog fucked around with this message at 18:42 on Jan 2, 2011 |
# ? Jan 1, 2011 23:31 |
|
pedant: it isn't a salt, it is a nonce. and I still think the strcmp thing by nintendo was funnier
|
# ? Jan 2, 2011 03:17 |
|
The strncmp() bug was amusing, but there's no way you can squint at the Wii's security design and say, "Yes, that could've worked." The PS3 ECDSA implementation is a monumental fuckup, and is much more amusing as a result.
|
# ? Jan 2, 2011 03:27 |
|
ErIog posted:the argument that they gave hackers most of what they wanted by allowing them to install Linux has some weight to it. Yeah, I'm actually kind of surprised about this. Or actually the part about the guys wanting to play games for free not being clever or motivated enough to accomplish anything. Before that talk, I was under the impression that Sony's security system was actually pretty good.
|
# ? Jan 2, 2011 10:34 |
|
Wheany posted:Before that talk, I was under the impression that Sony's security system was actually pretty good.
|
# ? Jan 2, 2011 11:47 |
|
evensevenone posted:It's always good until it's broken. Sort of a horror in itself, the Finnish law states that software algorithm reverse engineering is illegal if the algorithm is "complex enough". Since laws are pedantic, "algorithm that is complex enough" is specified as "algorithm that can't be reverse engineered".
|
# ? Jan 2, 2011 18:59 |
|
Parantumaton posted:Sort of a horror in itself, the Finnish law states that software algorithm reverse engineering is illegal if the algorithm is "complex enough". Since laws are pedantic, "algorithm that is complex enough" is specified as "algorithm that can't be reverse engineered". Do they define "reverse engineering" with equal pedantry??
|
# ? Jan 2, 2011 19:04 |
|
The Reaganomicon posted:Do they define "reverse engineering" with equal pedantry?? If I remember correctly that was just a lame explanation about observing how something works and then replicating it. Yes, practically the law is saying that you shouldn't look into how things work - it was lobbied in by the DRM pushers but since the only politician that actually was interested to push the law and had enough political power to do it was an ex beauty pageant, it didn't really go well at all
|
# ? Jan 2, 2011 19:15 |
|
tef posted:pedant: it isn't a salt, it is a nonce. Well rdist says it's specifically not a nonce. Though, it doesn't say what to call it instead. It sounds like it's supposed to be more like a secret unique initialization vector, but not strictly just a nonce or a salt. ErIog fucked around with this message at 22:25 on Jan 2, 2011 |
# ? Jan 2, 2011 19:55 |
|
Parantumaton posted:Sort of a horror in itself, the Finnish law states that software algorithm reverse engineering is illegal if the algorithm is "complex enough". Since laws are pedantic, "algorithm that is complex enough" is specified as "algorithm that can't be reverse engineered". I'm just going to quote Wikipedia: http://en.wikipedia.org/wiki/Lex_Karpela#Prohibition_of_circumventing_copy_protection quote:Prohibition of circumventing copy protection Isn't a technical measure that can be circumvented by definition not effective?
|
# ? Jan 2, 2011 20:07 |
|
NSAttributedString is not a subclass of NSString, and RegexKit doesn't implement anything for NSAttributedString. So if you have one, and you want to do regex operations while preserving formatting, you have to convert it to a NSString, do your regex operations, then figure out the indices your regex matched on and then manually extract them from the original attributed string. Ugh.
|
# ? Jan 2, 2011 22:17 |
|
Behold Haml, Rails' elegant, beautiful templating solution:MVC best man posted:
|
# ? Jan 3, 2011 03:47 |
|
What are all the - for?
|
# ? Jan 3, 2011 03:51 |
|
|
# ? May 25, 2024 01:18 |
|
In Haml lines beginning with "-" are interpreted as plain Ruby, with the expression's result discarded. Basically the equivalent in ERB is <% some.ish %> Basically the overwhelming majority of this partial (half the views/partials for this resource are as bad or worse than this, with random incomprehensible 2 letter variable names, sometimes imported from a parent view) is horrible and random logic and isn't actually *outputting* anything: it's like babby's first day with PHP, except worse and in a templating system that goes out of its way to make this BS difficult
|
# ? Jan 3, 2011 04:04 |