Janin posted:

isn't just putting in openssl/gnutls like a 10-line change? why did your team roll their own encryption?

Janin posted:

isn't just putting in openssl/gnutls like a 10-line change? why did your team roll their own encryption?

BP posted:

This is despite realistic performance tests with our application that show around a ~0.2% performance degradation from turning on TLS.

BP posted:

Interestingly, we do have a TLS implementation available. However none of our customers actually use it due to "performance concerns", and internal management is equally wary. This is despite realistic performance tests with our application that show around a ~0.2% performance degradation from turning on TLS.

pokeyman posted:

And who is so hypocritical that they're concerned about secure communications but consider a 0.2% performance hit unreasonable?

Aleksei Vasiliev posted:

modifying some random java image scaling library, and in the DimensionConstrain class I find:

code:

    /**
     * Will always return a dimension with positive width and height;
     * @param dimension of the unscaled image
     * @return the dimension of the scaled image
     */
    public Dimension getDimension(Dimension dimension){
        return dimension;
    }

it is posted:

I don't see what's wrong with it.

it is posted:

I don't see what's wrong with it.

it is posted:

That makes 2 of us. It's fine.

Suspicious Dish posted:

Are you having an identity crisis too?

Zhentar posted:

They've probably been trained not to trust performance testing thanks to horribly inaccurate results from tests run by the same kind of people who think that stuff counts as encryption.

Contra Duck posted:

My performance testing story: A client was once very upset that our new release was performing 20% slower in their performance tests. After about two weeks it came out that they had tried to run the test at the same time and on the same machines as another system's performance test.

The Gripper posted:

Ithaqua posted:

Ultimately, we just said "okay, we made some tweaks that may have improved performance" (without any numbers, of course), and suddenly it was performing great! We were all commended for doing such good work. Yay!

Ephphatha posted:

How much did you charge them for your time?

The Gripper posted:

Performance testing should be done by people that understand the system, and how performance testing should work!

Hammerite posted:

Here's an entertaining one: Assigning values inside an array (yes I know that PHP + Stack Overflow is the lowest of low-hanging fruit).

Optimus Prime Ribs posted:

I've never seen that goofy "more than one dollar sign" poo poo in PHP before, but just what the hell is it supposed to do?
Like, this makes no sense:

http://codepad.org/tMhOK1dO
http://codepad.org/3xDgPwrA
http://codepad.org/1IxeJDDO

PHP docs posted:

Variable variables

Sometimes it is convenient to be able to have variable variable names. That is, a variable name which can be set and used dynamically. A normal variable is set with a statement such as:

php:

<?
$a = 'hello';
?>

A variable variable takes the value of a variable and treats that as the name of a variable. In the above example, hello, can be used as the name of a variable by using two dollar signs. i.e.

php:

<?
$$a = 'world';
?>

At this point two variables have been defined and stored in the PHP symbol tree: $a with contents "hello" and $hello with contents "world". Therefore, this statement:

php:

<?
echo "$a ${$a}";
?>

produces the exact same output as:

php:

<?
echo "$a $hello";
?>

i.e. they both produce: hello world.

Look Around You posted:

Apparently they are "variable variables":

Optimus Prime Ribs posted:

I've never seen that goofy "more than one dollar sign" poo poo in PHP before, but just what the hell is it supposed to do?

tef posted:

Mircscript does a similar thing. It is how you get arrays

Personally i'm more curious at keys in array() statements being treated as bare words

Hammerite posted:

But on thinking about it, it is consistent with PHP's treatment of unknown bare words in other contexts, so I'm not sure why I was surprised.

Carthag posted:

You can do the same thing in perl if you don't use strict;, and it's a really bad idea that makes code unmaintainable.

code:

[ [email]carthag@mbp.loca[/email]l:~ ]$ perl
use Data::Dumper;

$a = { a => b, "b" => 2, 3 => "c" };

print Dumper \$a;
^D
$VAR1 = \{
            'a' => 'b',
            '3' => 'c',
            'b' => 2
          };

Hammerite posted:

I'm not sure what you mean by "keys being treated as bare words", can you explain?

Suspicious Dish posted:

Oh, the rabbit hole goes much deeper than that.

First, an old PHP feature: bare strings. In PHP, $foo = hello; is equivalent to $foo = "hello";, even though this triggers a warning in newer versions of PHP.

$foo is really shorthand for ${foo}, which is really shorthand for ${"foo"}. The thing inside the braces can be any arbitrary PHP expression, so $$foo is shorthand for ${${"foo"}}.

You can even do this:

php:

<?php
$wow_php_is_dumb = "what did you expect?";

$language = "php";
echo ${wow_ . $language . _is_dumb};

Try it at home!

You can do:

php:

<?php
$wow_php_is_dumb_times_100 = "are you not getting it yet?";

$language = "php";
echo ${wow_ . $language . _is_dumb_times_ (10*10)};

Link!

Now, remember.... any PHP expression.

Go ahead and digest this. I'll wait.

Look Around You posted:

Jesus christ what the gently caress. Why do people still use this garbage?

Look Around You posted:

Jesus christ what the gently caress. Why do people still use this garbage?

Haystack posted:

LAMP stacks made it really, really easy for beginners and non-technical people to start web programming, and it kind of built inertia from there.

Haystack posted:

LAMP stacks made it really, really easy for beginners and non-technical people to start web programming, and it kind of built inertia from there.