|
Cocoa Crispies posted:I doesn't have c fuckups with regards to buffers and poo poo unless you put them in an "unsafe" block. yeah as a managed language it's p much the same as java but with more niceties like functional pointers but what i'm curious about is how good the sandboxing is, i seem to recall it's pretty granular and let's you control whether an app has permission to access dns, files, env variables, isolated storage, windows message queue, event log, etc etc. so like if you get a third party library you can give it a very limited set of app permissions. since i work on internal enterprisey stuff only and only use oss libraries or stuff i really trust i've never really looked into it in depth is it as good as advertised? does java have all that? what about other languages?
|
#
?
Oct 26, 2012 14:28
|
|
|
|
| # ? May 9, 2024 17:52 |
|
|
this bad boy is where u can see the sorts of control you can introduce: http://msdn.microsoft.com/en-us/library/system.security.permissions.aspx
|
|
#
?
Oct 26, 2012 14:29
|
|
|
I think this is the closest analog in Java. Java has a bunch of built in security libraries but I've had to roll my own wrapper around the terrible built in crypto api so that I could read encrypted bits of configuration files (passwords). It'd be nice if the properties class had some support for that built in so that you didn't have to spend an hour or two to follow best practices.
|
|
#
?
Oct 26, 2012 14:40
|
|
|
poo poo security can potentially be bad for our bottom line, you say? oh, you must mean drm
|
|
#
?
Oct 26, 2012 15:09
|
|
|
if c# had portable windowing like java does I'd be so fuckin happy
|
|
#
?
Oct 26, 2012 15:35
|
|
|
tef posted:just to say imo it should be as tinfoil as expected. ex: ssl should require full cert validation by default since thats what 99% of developers are gonna expect. thats why we're getting this "oh, huh. java ssl doesnt do what we all thought by default". Java has a long history of configurable system parameters that change the internal mechanics, so if you're in dev and want the default security to be in who-cares mode you could have a java.security.ssl.validation=none or something similar that you can stuff into your development profile. this solution solves the default security being too low and makes it easy for developers to alter the level without having to do it in code.
|
|
#
?
Oct 26, 2012 15:37
|
|
|
Cold on a Cob posted:yeah as a managed language it's p much the same as java but with more niceties like functional pointers alot of the reason you can do that stuff in c# is because they're windows concepte. a linux doesnt have any of those things, atleast in any standard way, so if you wanted to add them to the jvm you'd have to start making distro specific jvms or make the jvm autoconfigure to specific distros and then ur just getting into a world of hurt. so they do the most that they can do on all platforms. that said, there are some sandboxing storage concepts that no one uses because java applets are mostly dead. it also has a concept of different permission levels and the ability to get user permission to do things. idk how much those integrate w/ the windows level permissions or if when java gets install it just tells IE "hey turn off ur sandboxing for me. I got this."
|
|
#
?
Oct 26, 2012 15:44
|
|
|
rotor posted:if c# had portable windowing like java does I'd be so fuckin happy it does.
|
|
#
?
Oct 26, 2012 15:44
|
|
|
MononcQc posted:if there's data to store, then there's gonna be a crypto debate on how it should be stored, then a debate on how or where it should be stored, and then it will have an ORM debate, and ... encryption on the transport and either disk (scrub mode) or database level encryption. ez pz. also never use a orm.
|
|
#
?
Oct 26, 2012 15:49
|
|
|
Shaggar posted:alot of the reason you can do that stuff in c# is because they're windows concepte. yeah i bet mono doesn't support most of it if at all
|
|
#
?
Oct 26, 2012 16:04
|
|
|
it probably could but its up to the underlying os to support it properly.
|
|
#
?
Oct 26, 2012 16:07
|
|
|
Shaggar posted:it probably could but its up to the underlying os to support it properly. yeah they barely support it at all, no surprise: "Code Access Security (CAS) is a new experimental (i.e. unsupported) feature in the Mono 1.2 release. It is complete enough to play with it but should not be used in production (incomplete and unaudited). The security manager is off by default. There is no planned release date to support CAS in Mono, see roadmap for details. Security efforts are now oriented to support the Silverlight security model in Moonlight." honestly role access security is way more important anyway, i haven't used CAS in production ever but all i do these days is work on web apps and sql server apps (i.e. medium scale messaging systems)
|
|
#
?
Oct 26, 2012 16:11
|
|
|
i was looking at a jnlp file the other day and was like wtf <security><all-permissions/></security> why is that necessary for this lovely app but apparently thats the level of granularity, all or none lol
|
|
#
?
Oct 26, 2012 16:16
|
|
|
Carthag posted:i was looking at a jnlp file the other day and was like wtf <security><all-permissions/></security> why is that necessary for this lovely app I haven't done a java for a long time but I'm pretty sure that's not true
|
|
#
?
Oct 26, 2012 16:52
|
|
|
Shaggar posted:it does. ???
|
|
#
?
Oct 26, 2012 16:53
|
|
|
rotor posted:I haven't done a java for a long time but I'm pretty sure that's not true thats what the docs i googled up said but i dont know and theres only really one context i encounter them in so i havent had reason to look into it. http://docs.oracle.com/javase/7/docs/technotes/guides/javaws/developersguide/syntax.html#security
|
|
#
?
Oct 26, 2012 17:40
|
|
|
I got worried about this for a moment http://thedailywtf.com/Articles/Not-Good-Enough-for-Paul.aspx But then I read the comments and I felt better. That's not how the internet usually works...
|
|
#
?
Oct 26, 2012 18:24
|
|
|
rotor posted:??? ~a soft voice whispers in the night~ silverlight.....
|
|
#
?
Oct 26, 2012 18:31
|
|
|
Carthag posted:i was looking at a jnlp file the other day and was like wtf <security><all-permissions/></security> why is that necessary for this lovely app there are multiple levels of security you can do w/ java web starts. u need max access for writing files and stuff but they have ones where it doesnt need file access at all. the ones that request all-permissions have to be A) signed B) allowed by the user.
|
|
#
?
Oct 26, 2012 18:33
|
|
|
shaggar'd again 
|
|
#
?
Oct 26, 2012 19:02
|
|
|
Carthag posted:thats what the docs i googled up said but i dont know and theres only really one context i encounter them in so i havent had reason to look into it. http://lopica.sourceforge.net/ref.html#j2ee-application-client-permissions i think this just punts to some j2ee monstrosity
|
|
#
?
Oct 26, 2012 19:05
|
|
|
Zombywuf posted:I got worried about this for a moment http://thedailywtf.com/Articles/Not-Good-Enough-for-Paul.aspx not a team player.
|
|
#
?
Oct 26, 2012 19:29
|
|
|
Zombywuf posted:I got worried about this for a moment http://thedailywtf.com/Articles/Not-Good-Enough-for-Paul.aspx anyone who describes anything as "full of fail" is a retarded whiny baby fit only to work the drive thru window at mcdonalds
|
|
#
?
Oct 26, 2012 20:38
|
|
|
HORATIO HORNBLOWER posted:anyone who describes anything as "full of fail" is a retarded whiny baby fit only to work the drive thru window at mcdonalds or other kinds of windows (microsoft)
|
|
#
?
Oct 26, 2012 20:39
|
|
|
HORATIO HORNBLOWER posted:anyone who describes anything as "full of fail" is a retarded whiny baby fit only to work the drive thru window at mcdonalds
|
|
#
?
Oct 26, 2012 20:41
|
|
|
rotor posted:http://lopica.sourceforge.net/ref.html#j2ee-application-client-permissions well thats just gross
|
|
#
?
Oct 27, 2012 00:04
|
|
|
sorry just gotta say it again, that its super gross
|
|
#
?
Oct 27, 2012 00:23
|
|
|
i can't believe it's taken me this long to stop giving a poo poo about the language and give more poo poo about the ecosystem, the support, and what problem i'm actually trying to loving solve if the rest of my career involves smacking myself for things that are loving obvious in hindsight i don't know
|
|
#
?
Oct 27, 2012 00:25
|
|
|
WHOIS John Galt posted:if the rest of my career involves smacking myself for things that are loving obvious in hindsight i don't know Part of getting wiser is that you'll just start accepting that you're probably wrong about most things. mlmp.
|
|
#
?
Oct 27, 2012 00:31
|
|
|
here's a lesson: poo poo is dumb as gently caress, and so are you.
|
|
#
?
Oct 27, 2012 00:50
|
|
|
WHOIS John Galt posted:i can't believe it's taken me this long to stop giving a poo poo about the language and give more poo poo about the ecosystem, the support, and what problem i'm actually trying to loving solve the process we know as "growth" is simply the continuous realization that we're wrong.
|
|
#
?
Oct 27, 2012 01:35
|
|
|
knowing yourself without knowing your enemy gives you only half a chance of victory
|
|
#
?
Oct 27, 2012 01:40
|
|
|
Carthag posted:knowing yourself without knowing your enemy gives you only half a chance of victory
|
|
#
?
Oct 27, 2012 01:43
|
|
|
Carthag posted:knowing yourself without knowing your enemy gives you only half a chance of victory unless you are your own enemy. which you always are.
|
|
#
?
Oct 27, 2012 01:46
|
|
|
rotor posted:unless you are your own enemy. which you always are. https://www.youtube.com/watch?v=sc5iTNVEOAg
|
|
#
?
Oct 27, 2012 01:48
|
|
|
WHOIS John Galt posted:i can't believe it's taken me this long to stop giving a poo poo about the language and give more poo poo about the ecosystem, the support, and what problem i'm actually trying to loving solve congratulations on understanding that syntax is dwarfed by ecosystem Your next realisation should be about social problems va technical ones If it isn't obvious in hindsight, you probably haven't internalized the solution, or understood it
|
|
#
?
Oct 27, 2012 01:51
|
|
|
rotor posted:the process we know as "growth" is simply the continuous realization that we're wrong. i could have sworn the more commonly accepted definition is the acquisition of material goods and other forms of wealth. at least that is how it is in business
|
|
#
?
Oct 27, 2012 01:57
|
|
|
tef posted:i could have sworn the more commonly accepted definition is the acquisition of material goods and other forms of wealth. if you cant find love, i guess bullshit moneys work as a temporary replacement
|
|
#
?
Oct 27, 2012 02:04
|
|
|
ah yes, social norms and co-dependence. find meaning in your life by attaching it to other people. i'm not saying that relationships are useless or bad, but that society dictates your only value (outside of material goods) is finding someone to be jealous and controlling over. the idea that you can only be happy by caging someone else is the toxic part.
|
|
#
?
Oct 27, 2012 02:07
|
|
|
|
| # ? May 9, 2024 17:52 |
|
|
dude tef i know this is yospos but you are literally posting that on a friday night...
|
|
#
?
Oct 27, 2012 02:11
|
|