|
Janin posted:isn't just putting in openssl/gnutls like a 10-line change? why did your team roll their own encryption? This is the thread full of coding horrors. They rolled their own encryption because they knew this is where they were meant to be.
|
# ? Feb 11, 2012 02:37 |
|
|
# ? May 21, 2024 07:31 |
|
Janin posted:isn't just putting in openssl/gnutls like a 10-line change? why did your team roll their own encryption? To be fair, our team didn't implement any encryption at all--the core security team owns all of the encryption implementation. We used an API described as secure that in fact did not turn out to be secure. Interestingly, we do have a TLS implementation available. However none of our customers actually use it due to "performance concerns", and internal management is equally wary. This is despite realistic performance tests with our application that show around a ~0.2% performance degradation from turning on TLS.
|
# ? Feb 11, 2012 09:28 |
|
BP posted:This is despite realistic performance tests with our application that show around a ~0.2% performance degradation from turning on TLS. Of course, if it's already performing so poorly that 0.2% is the difference between "barely usable" and "unusable", then that makes sense.
|
# ? Feb 11, 2012 20:56 |
|
BP posted:Interestingly, we do have a TLS implementation available. However none of our customers actually use it due to "performance concerns", and internal management is equally wary. This is despite realistic performance tests with our application that show around a ~0.2% performance degradation from turning on TLS. How much of a performance hit is the homebrew "encryption"?
|
# ? Feb 11, 2012 21:31 |
|
And who is so hypocritical that they're concerned about secure communications but consider a 0.2% performance hit unreasonable?
|
# ? Feb 11, 2012 21:52 |
|
pokeyman posted:And who is so hypocritical that they're concerned about secure communications but consider a 0.2% performance hit unreasonable? They've probably been trained not to trust performance testing thanks to horribly inaccurate results from tests run by the same kind of people who think that stuff counts as encryption.
|
# ? Feb 11, 2012 22:15 |
|
modifying some random java image scaling library, and in the DimensionConstrain class I find:code:
At least one of the resize algos was completely worthless, too.
|
# ? Feb 11, 2012 23:58 |
|
Aleksei Vasiliev posted:modifying some random java image scaling library, and in the DimensionConstrain class I find: Ah, the "Identity Crisis" pattern.
|
# ? Feb 12, 2012 01:12 |
|
I don't see what's wrong with it.
|
# ? Feb 12, 2012 07:16 |
|
it is posted:I don't see what's wrong with it. That makes 2 of us. It's fine.
|
# ? Feb 12, 2012 07:17 |
|
The function does none of the things that the docblock says it should. All it does is return the passed argument unmodified, an effective no-op. This would break poo poo horribly if you trusted the docs.
|
# ? Feb 12, 2012 07:27 |
|
it is posted:I don't see what's wrong with it. it is posted:That makes 2 of us. It's fine. Are you having an identity crisis too?
|
# ? Feb 12, 2012 07:28 |
|
Suspicious Dish posted:Are you having an identity crisis too? That's the joke.
|
# ? Feb 12, 2012 07:29 |
|
Zhentar posted:They've probably been trained not to trust performance testing thanks to horribly inaccurate results from tests run by the same kind of people who think that stuff counts as encryption. My performance testing story: A client was once very upset that our new release was performing 20% slower in their performance tests. After about two weeks it came out that they had tried to run the test at the same time and on the same machines as another system's performance test.
|
# ? Feb 12, 2012 23:36 |
|
Contra Duck posted:My performance testing story: A client was once very upset that our new release was performing 20% slower in their performance tests. After about two weeks it came out that they had tried to run the test at the same time and on the same machines as another system's performance test. Turns out they had scheduled the performance test once a month on their server, as a scheduled task (which was fine, it was designed that way) - except they'd added one scheduled task for each manager that needed a copy of the report. So it was running 4x simultaneously, and when they tested the new code they added a fifth scheduled task to run alongside them. Fixing up their scheduled task mistake provided something like a 2000x performance increase [for their performance tests], and it turned out the system was fast enough already and it was only the managers seeing bad numbers on the performance test that made them want to rewrite. Performance testing should be done by people that understand the system, and how performance testing should work! [fake edit; the cost to rewrite the system to be faster for no reason was >$400k, and took 7 months]
|
# ? Feb 13, 2012 03:05 |
|
The Gripper posted:That's awesome. My best story doesn't even hold a candle to that one; management was reporting that a feature was "too slow" (without any metrics defining what constituted acceptable performance, of course). We requested metrics and received some that actually were reasonable. We tested the feature, and it performed well within the metrics provided. When told that, management insisted it was unacceptably slow and that we "do something". Ultimately, we just said "okay, we made some tweaks that may have improved performance" (without any numbers, of course), and suddenly it was performing great! We were all commended for doing such good work. Yay! That kind of bullshit is one of a million reasons I'm glad I don't work there anymore.
|
# ? Feb 13, 2012 03:15 |
|
Ithaqua posted:Ultimately, we just said "okay, we made some tweaks that may have improved performance" (without any numbers, of course), and suddenly it was performing great! We were all commended for doing such good work. Yay! How much did you charge them for your time?
|
# ? Feb 13, 2012 03:37 |
|
Ephphatha posted:How much did you charge them for your time? Nothing, since we were salaried employees. They just didn't get another feature/bug fix in that sprint because they allocated time to a nonexistent problem.
|
# ? Feb 13, 2012 04:26 |
|
The Gripper posted:Performance testing should be done by people that understand the system, and how performance testing should work! "People who understand the system" usually means "people who worked on the system and will game the performance measurements to make the system look good". I'd say that for measuring performance, or correctness, or whatever, you want people who have no idea how the system works, but rather understand what the system is meant to do. I can't argue with the latter portion of your statement, though.
|
# ? Feb 13, 2012 09:52 |
|
Here's an entertaining one: Assigning values inside an array (yes I know that PHP + Stack Overflow is the lowest of low-hanging fruit).
|
# ? Feb 13, 2012 18:30 |
|
Hammerite posted:Here's an entertaining one: Assigning values inside an array (yes I know that PHP + Stack Overflow is the lowest of low-hanging fruit). I've never seen that goofy "more than one dollar sign" poo poo in PHP before, but just what the hell is it supposed to do? Like, this makes no sense: http://codepad.org/tMhOK1dO http://codepad.org/3xDgPwrA http://codepad.org/1IxeJDDO
|
# ? Feb 13, 2012 18:51 |
|
Optimus Prime Ribs posted:I've never seen that goofy "more than one dollar sign" poo poo in PHP before, but just what the hell is it supposed to do? Apparently they are "variable variables": PHP docs posted:Variable variables
|
# ? Feb 13, 2012 18:57 |
|
Look Around You posted:Apparently they are "variable variables": Ah, that makes sense. I just had the perfect storm of variable names for extra confusion. Not surprising at all that this feature exists in PHP though.
|
# ? Feb 13, 2012 19:01 |
|
Optimus Prime Ribs posted:I've never seen that goofy "more than one dollar sign" poo poo in PHP before, but just what the hell is it supposed to do? It lets you refer to a variable whose name is determined by the contents of another variable. I do not know of a use case that is not better dealt with by using PHP's built-in associative arrays.
|
# ? Feb 13, 2012 19:01 |
|
That just makes my head hurt, jesus.
|
# ? Feb 13, 2012 19:35 |
|
Mircscript does a similar thing. It is how you get arrays Personally i'm more curious at keys in array() statements being treated as bare words
|
# ? Feb 13, 2012 19:36 |
|
You want to make those poor programmers type out all those quotes? No, much better to just treat any unknown character sequence as a string. - PHP
|
# ? Feb 13, 2012 20:27 |
|
tef posted:Mircscript does a similar thing. It is how you get arrays I'm not sure what you mean by "keys being treated as bare words", can you explain? Although I did find in trying to work out what you meant that this works (and has the obvious effect), which I wasn't expecting: code:
|
# ? Feb 13, 2012 23:03 |
|
You can do the same thing in perl if you don't use strict;, and it's a really bad idea that makes code unmaintainable.code:
Carthag Tuek fucked around with this message at 23:59 on Feb 13, 2012 |
# ? Feb 13, 2012 23:48 |
|
Coffeescript does this too, but only in dict keys. At least there it makes sense since in objects (Javascript's dict equivalent) the keys can only be strings.
|
# ? Feb 14, 2012 00:21 |
|
Hammerite posted:But on thinking about it, it is consistent with PHP's treatment of unknown bare words in other contexts, so I'm not sure why I was surprised. Every time I learn a new horror regarding PHP I am amazed for a few seconds and then remember that it's PHP.
|
# ? Feb 14, 2012 00:43 |
|
Carthag posted:You can do the same thing in perl if you don't use strict;, and it's a really bad idea that makes code unmaintainable. With use strict your code fails due to the "b" in your values, but that's hardly fair because the discussion was barewords in keys, and this indeed works just fine with strict: code:
|
# ? Feb 14, 2012 03:23 |
|
Oh, the rabbit hole goes much deeper than that. First, an old PHP feature: bare strings. In PHP, $foo = hello; is equivalent to $foo = "hello";, even though this triggers a warning in newer versions of PHP. $foo is really shorthand for ${foo}, which is really shorthand for ${"foo"}. The thing inside the braces can be any arbitrary PHP expression, so $$foo is shorthand for ${${"foo"}}. You can even do this: php:<?php $wow_php_is_dumb = "what did you expect?"; $language = "php"; echo ${wow_ . $language . _is_dumb}; You can do: php:<?php $wow_php_is_dumb_times_100 = "are you not getting it yet?"; $language = "php"; echo ${wow_ . $language . _is_dumb_times_ (10*10)}; Now, remember.... any PHP expression. Go ahead and digest this. I'll wait.
|
# ? Feb 14, 2012 03:34 |
|
Hammerite posted:I'm not sure what you mean by "keys being treated as bare words", can you explain? I misread the php snippet
|
# ? Feb 14, 2012 04:02 |
|
I like to think of php variables as one big name mangling (for local variables!) hash map and $ is the accessor method. I'm not sure if that makes it more or less of a horror. At this point the value could overflow at any time anyway.
|
# ? Feb 14, 2012 04:03 |
|
Suspicious Dish posted:Oh, the rabbit hole goes much deeper than that. Jesus christ what the gently caress. Why do people still use this garbage?
|
# ? Feb 14, 2012 04:18 |
|
Look Around You posted:
Because internet forums or something, I don't know. Is there anything other than PHP and/or SQL for that? I know almost nothing about web development.
|
# ? Feb 14, 2012 04:25 |
|
Look Around You posted:
LAMP stacks made it really, really easy for beginners and non-technical people to start web programming, and it kind of built inertia from there.
|
# ? Feb 14, 2012 04:38 |
|
Haystack posted:LAMP stacks made it really, really easy for beginners and non-technical people to start web programming, and it kind of built inertia from there. Built for non-programmers, by non-programmers.
|
# ? Feb 14, 2012 04:48 |
|
|
# ? May 21, 2024 07:31 |
|
Haystack posted:LAMP stacks made it really, really easy for beginners and non-technical people to start web programming, and it kind of built inertia from there. Yeah but at some point you'd think people would realize just how loving terrible PHP is all around, as a language and with it's libraries... Who am I kidding people are loving retarded and would rather straight up cut and paste things and cobble together piles of poo poo than put any effort in at all.
|
# ? Feb 14, 2012 04:50 |