|
Hammerite posted:Is there a language that allows fallthrough inside switch, but requires you to explicitly declare it? Like this That would be Perl. http://perldoc.perl.org/Switch.html#Allowing-fall-through
|
#
?
Jun 17, 2011 15:10
|
|
|
|
| # ? May 21, 2024 01:58 |
|
|
Go has it too, but when I tried to google for a description I only found a yahoo answers page about why ghosts do not fall through floors if they can go through walls. 
|
|
#
?
Jun 17, 2011 15:37
|
|
|
Vanadium posted:Go has it too, but when I tried to google for a description I only found a yahoo answers page about why ghosts do not fall through floors if they can go through walls. I swear Google chose that name to make it as hard as possible to find stuff about the language using Google but I can't imagine why
|
|
#
?
Jun 17, 2011 15:53
|
|
|
Hammerite posted:Is there a language that allows fallthrough inside switch, but requires you to explicitly declare it? Like this C# is pretty close with you having to use a goto to do a fall through. The break would be implicit.
|
|
#
?
Jun 17, 2011 17:28
|
|
|
Doc Hawkins posted:Can't! I like this one: I've seen this up in the QA pit where I work. Sometimes I'm surprised it doesn't have stab marks on it 
|
|
#
?
Jun 17, 2011 18:06
|
|
|
csammis posted:I've seen this up in the QA pit where I work. Sometimes I'm surprised it doesn't have stab marks on it One of the guys in the apps division where I work has printed this out and stuck it on his cubicle. Given some of our recent outages it's pretty accurate.
|
|
#
?
Jun 17, 2011 18:45
|
|
|
baquerd posted:That would be Perl. Nb. Switch.pm is out of vogue for a whole host of reasons (most of which revolve around it being a source filter and having all the associated baggage) and that if you've got the luxury of a non-ancient perl you probably want given/when 
|
|
#
?
Jun 17, 2011 20:52
|
|
|
Doc Hawkins posted:Can't! I like this one: This is going to have to go up in my office after an experience a week ago where we broke all external file access in our application for a couple days after deploying a major update. To be fair, the problem wasn't in any code that I wrote. To be unfair, I didn't test it under the same conditions that it would be running in production because what could possibly go wrong 
|
|
#
?
Jun 17, 2011 20:58
|
|
|
Munkeymon posted:I swear Google chose that name to make it as hard as possible to find stuff about the language using Google but I can't imagine why A complication that is entirely avoided if you always just search for golang instead
|
|
#
?
Jun 17, 2011 22:05
|
|
|
Bozart posted:Wait, maybe my demented, drunken brain isn't working, but isn't CheckField a function that makes sure all characters in a string are members of that third argument, and while == true is probably redundant, and OK = true makes me hurt inside for some reason, and there is no reason for nesting (in what is probably a function which runs whenever an input textbox thing loses focus) it still works correctly?  . And, it did indeed work...I don't know how. Through the magic of jQuery, I condensed that all into:code:
|
|
#
?
Jun 18, 2011 00:59
|
|
|
JediGandalf posted:Yeah this chunk of code was pretty I don't know poo poo about javascript, but what you wrote isn't actually the exact same. The old code had one field with a decimal and 2 fields with $. Maybe it doesn't matter. Also is golang worth learning at all? I have absolutely no time to learn it, but I just wonder why it would be useful in comparison to any other C language.
|
|
#
?
Jun 18, 2011 04:08
|
|
|
Vanadium posted:Go has it too, but when I tried to google for a description I only found a yahoo answers page about why ghosts do not fall through floors if they can go through walls. The golang spec is pretty readable, including its section on switch statements. But yeah, break is implicit in cases, fallthrough overrides it.
|
|
#
?
Jun 18, 2011 08:01
|
|
|
baquerd posted:That would be Perl. Though you shouldn't use Switch.pm. It works via source filters and breaks in some odd ways. It's depricated but included for backwards compatibility. Use the built-in given/when (5.10+; http://perldoc.perl.org/perlsyn.html#Switch-statements) instead. Edit: Beaten a long time ago by Otto; ah well. Roseo fucked around with this message at 13:18 on Jun 18, 2011 |
|
#
?
Jun 18, 2011 13:16
|
|
|
pseudorandom name posted:US banks think that asking you for both your password and your security questions is two-factor authentication. Or password and a captcha based around a precalculated image which is always a word made up of four capital letters with the same RGB color, like so: 
|
|
#
?
Jun 20, 2011 01:08
|
|
|
Fren posted:A complication that is entirely avoided if you always just search for golang instead That's fine if you want the docs and probably to find SO discussions, but if it ever gets really popular there will probably be plenty of people talking about it on blogs and whatnot without using the string 'golang'.
|
|
#
?
Jun 20, 2011 14:44
|
|
|
code:
|
|
#
?
Jun 20, 2011 16:36
|
|
|
Bizarro Buddha posted:
I don't think this is so bad, as long as (a) the intent of the code really is to get a random "valid" yaw value and (b) the density of valid yaw values is high over the range of random numbers referenced. The obvious other method (count the number of valid yaw values in the range, generate a random integer n at most as large as the count, choose the n'th smallest valid yaw value) may be quite a bit slower than this method if enumerating all the valid yaw values is difficult or the density of valid yaws over the range is large.
|
|
#
?
Jun 20, 2011 16:46
|
|
|
It's hard to explain, but here's the service method:code:
|
|
#
?
Jun 20, 2011 19:09
|
|
|
Found this while trying to compile Wine on Mac OS X (yes, I know).  pre:if [ -w / ]
then
echo "You are running wineinstall as root, this is not advisable. Please rerun as a user."
echo "Aborting."
exit 1
fi
|
|
#
?
Jun 20, 2011 20:05
|
|
|
TRex EaterofCars posted:
|
|
#
?
Jun 20, 2011 20:43
|
|
|
Aleksei Vasiliev posted:No don't do that Please explain. To me it looks like your standard form where you input your current password and then your new password twice. I assume that PasswordValidator.validate hashes the given currentPassword and compares it to the already-hashed user.getPassword().
|
|
#
?
Jun 21, 2011 08:01
|
|
|
Wheany posted:already-hashed user.getPassword(). Unfortunately, I'm afraid that either: 1. They're not hashing passwords, or 2. That method is poorly-named. And as much as I'm hoping it's 2, I'd have to put my money on it being 1.
|
|
#
?
Jun 21, 2011 08:12
|
|
|
Jabor posted:Unfortunately, I'm afraid that either: Well what does encryptAndSave(user, newPassword); do? Encrypt the username?
|
|
#
?
Jun 21, 2011 09:13
|
|
|
Wheany posted:Well what does encryptAndSave(user, newPassword); do? Reversible encryption.
|
|
#
?
Jun 21, 2011 09:57
|
|
|
Please keep in mind I didn't write this abortion.Wheany posted:Please explain. Sort of. What I posted is a service method, completely internal to the application. If it wants to set a new password it has the authority to just do it. It already has a reference to the repository layer. What's happening is the service layer calls a GWT class (PasswordValidator) that requires that information. It's completely the opposite of the way data should flow in this application. Another fun facet of this shitbag program is that the PasswordValidator class is compiled to javascript by GWT and already performed (worthless) client-side validation, which necessitates sending the hashed password across the wire. I hate this application. Jabor posted:Reversible encryption. It's actually a sha hash, the method is simply named poorly. Of course since it's just a sha hash it's susceptible to rainbow table attack.
|
|
#
?
Jun 21, 2011 17:43
|
|
|
TRex EaterofCars posted:It's actually a sha hash, the method is simply named poorly. Of course since it's just a sha hash it's susceptible to rainbow table attack. And bruteforcing, rainbow tables are typically not worth it anymore when you can leverage the speed of sha, and the power of multiple gpu's to bruteforce your way through your sha hashes.
|
|
#
?
Jun 22, 2011 02:43
|
|
|
Wheany posted:Please explain.
|
|
#
?
Jun 22, 2011 02:56
|
|
|
code: How many different variables do you need to refer to this.parent? Why would you make a new array with one member, then iterate through that array? e:Atleast his last commit was over 2 years ago  e2: THERE IS NO GOD! code:Wheany fucked around with this message at 13:34 on Jun 22, 2011 |
|
#
?
Jun 22, 2011 12:19
|
|
|
 Because returning a result in your function is functional and I hate Haskell By assigning a global variable I save returning a string, which is clearly more efficient. I declare the string before hand which allows the JIT to optimize the ... gently caress THIS I GIVE UP
Beef fucked around with this message at 15:00 on Jun 22, 2011 |
|
#
?
Jun 22, 2011 14:58
|
|
|
Wheany posted:
It's a tree component. "this" is actually the main tree container itself. This.parent is not some parent component of the tree, because there is none. In reality "this" is the parent of all the nodes of the tree (the nodes have a field parentTreeObject or similar). This.parent is actually the root node of the tree. So, it in other words: this: instance of class Tree. this.parent: instance of class Node. That for loop works by chance: par = par.add(a[j]); Node.add creates a new child node and returns it, so if that code actually looped, it would create a string of child nodes to the root node, instead of a bunch of children for the root. I'm not completely sure if that function is even supposed to create multiple children for the root, because the only place it is used, it called wit a single argument. All in all, the whole file looks like someone was desperately just throwing poo poo code around trying to get it to work.  e: And because it Wheany fucked around with this message at 16:12 on Jun 22, 2011 |
|
#
?
Jun 22, 2011 15:56
|
|
|
Aleksei Vasiliev posted:Strings are immutable and persist in memory for an undefined amount of time, using char arrays and zeroing them after use is proper That does seem to make sense, but if the attacker is reading live memory aren't you pretty well hosed no matter what data type you used internally? Besides, wouldn't most frameworks pass user data around as strings, anyway? Assuming it's working behind a web framework that's going to treat all data coming from the client as a String until it's explicitly converted, going to the trouble to then turn it back into byte arrays kind of pointless, right?
|
|
#
?
Jun 22, 2011 16:10
|
|
|
Wheany posted:It became a load bearing compost. I'm going to start using this term.
|
|
#
?
Jun 22, 2011 16:31
|
|
|
Profane Obituary! posted:And bruteforcing, rainbow tables are typically not worth it anymore when you can leverage the speed of sha, and the power of multiple gpu's to bruteforce your way through your sha hashes. 
|
|
#
?
Jun 22, 2011 17:32
|
|
|
Aleksei Vasiliev posted:Strings are immutable and persist in memory for an undefined amount of time, using char arrays and zeroing them after use is proper I don't believe this is an issue for a web server. It's difficult to find a framework that doesn't already String-ify incoming parameters. Also, if your server has been compromised to the point that an attacker can examine the memory space of your running JVM then they probably already have root and you are hosed anyhow.
|
|
#
?
Jun 22, 2011 17:38
|
|
|
Aleksei Vasiliev posted:Strings are immutable and persist in memory for an undefined amount of time, using char arrays and zeroing them after use is proper
|
|
#
?
Jun 22, 2011 18:43
|
|
|
Brecht posted:Is very strange and likely bad, this advice. Not at all - it's a common thing to do if you're handling sensitive data and feel paranoid. And sometimes, being paranoid is the right approach. Imagine e.g. that a bug in a server makes it possible to provoke it into returning chunks of its own memory - or that you can provoke a password-handling process into dumping cores in a directory where you'll have read access to them. Neither should happen, of course - but I'm sure both have. (In other words, it's about reducing the damage an unexpected vulnerability can do.)
|
|
#
?
Jun 22, 2011 19:17
|
|
|
It's a very valid concern if you are doing encryption. You should NEVER EVER perform an encryption routine in Java where the private key has ever existed as a String. That said, a password is not a private key and AFAIK there is no mechanism for obtaining a char[] / byte[] from the POST data without it being String-ified somewhere by the servlet container.
|
|
#
?
Jun 22, 2011 19:23
|
|
|
TRex EaterofCars posted:Also, if your server has been compromised to the point that an attacker can examine the memory space of your running JVM then they probably already have root and you are hosed anyhow. Either that or you've got the remote debugger port enabled on a production system.
|
|
#
?
Jun 23, 2011 01:55
|
|
|
1337JiveTurkey posted:Either that or you've got the remote debugger port enabled on a production system. I think that falls under the you are hosed anyhow.
|
|
#
?
Jun 23, 2011 02:08
|
|
|
|
| # ? May 21, 2024 01:58 |
|
|
MEAT TREAT posted:I think that falls under the you are hosed anyhow. It also fits the spirit of the thread quite nicely, especially if you open a port in the corporate firewall to allow remote debugging after hours.
|
|
#
?
Jun 23, 2011 02:32
|
|