|
ratbert90 posted:Oh I mean Linux kernel level code. Ask me about Macros that go to Macros that combine into their own separate functions! It's a kernel thing. Sometimes the overhead of a function call is unacceptable and you really have to inline the code everywhere it's used. Compilers can't inline functions reliably, so you use macros. It's really common in the Windows kernel too, and the unreliability of function inlining is one of the reasons C++ is greatly discouraged for kernel-mode code Zopotantor posted:In 1985 or so, all C compilers were that lovely. I think it was the linker. Linkers still have symbol name length limitations today: it's unlikely you'll hit them with C, but template-heavy C++ code sooner or later will By the way: the 8-char limitation is why almost all standard C library function names fit in 6 or exceptionally 7 characters. Similarly the header names were short to accommodate the limitations of the early UNIX filesystem
|
# ? Oct 18, 2014 18:10 |
|
|
# ? May 17, 2024 17:03 |
|
Every major compiler has a way to force inlining. Kernel programmers just enjoy reinventing things from scratch because (1) like physicists, they think that understanding a fundamental thing means that they necessarily understand everything built on top of it and (2) 99% of what they would otherwise do is just tinkering around the edges of a design that they have only a marginal ability to change.
|
# ? Oct 18, 2014 22:08 |
|
ratbert90 posted:Oh I mean Linux kernel level code. Ask me about Macros that go to Macros that combine into their own separate functions! Which macros are these?
|
# ? Oct 19, 2014 01:07 |
|
rjmccall posted:Every major compiler has a way to force inlining. Kernel programmers just enjoy reinventing things from scratch because (1) like physicists, they think that understanding a fundamental thing means that they necessarily understand everything built on top of it and (2) 99% of what they would otherwise do is just tinkering around the edges of a design that they have only a marginal ability to change. These nanoseconds aren't going to shave themselves of lmbench, bub.
|
# ? Oct 19, 2014 01:38 |
|
Paul MaudDib posted:I guess I don't see how we got from "a square matrix used to convolve an image" to "an arbitrary program executed on a GPGPU processor". One refers to data processed by a program (fixed pipeline or no), the other refers to the program itself. The convolution operation is the same no matter what matrix you feed it. A convolution kernel is not necessarily a square matrix. It only happens to be in the discrete cases, but analytical convolution is expressed as an integral, in which case the kernel is some square integrable function. In all the cases though, the sense of the word "kernel" is that it is the "local operation that can be used perform a global opereration by repeating it many times over the input data". This is exactly the sense of GPU kernels, the element wise or local operation that gets vectorized (put in a loop) so that when its run over a data set, it computes the larger result. Seems like a perfectly reasonable usage to me.
|
# ? Oct 19, 2014 17:19 |
|
JawnV6 posted:When code is "on the cob," formerly ring0, of course they weren't too far from the truth when the beatles did Sgt Pepper Album. I mean they had John Paul George and Ring 0 so it should have been Kernel Peppers..
|
# ? Oct 20, 2014 07:49 |
|
php:<? $c='derp-search'; ?> <div class="section derp-search <?=$c;?>"> <section> <a id="<?=$c;?>" name="<?=$c;?>" class="pg_anchor"></a>
|
# ? Oct 20, 2014 14:52 |
|
https://bugs.openjdk.java.net/browse/JDK-4242717 You...you can't break on changes to locals, or only break on changes to a specific instance's fields? For real?
|
# ? Oct 20, 2014 16:25 |
|
Subjunctive posted:https://bugs.openjdk.java.net/browse/JDK-4242717 That doesn't seem too constraining since you can stick breakpoints on the lines where the local variable is modified. For fields on just a specific instance, you want com.sun.jdi.request.WatchpointRequest.addInstanceFilter() which is what the comment on the ticket is regarding and was added in 1.4 (i.e. Merlin)
|
# ? Oct 20, 2014 16:46 |
|
1337JiveTurkey posted:That doesn't seem too constraining since you can stick breakpoints on the lines where the local variable is modified. For fields on just a specific instance, you want com.sun.jdi.request.WatchpointRequest.addInstanceFilter() which is what the comment on the ticket is regarding and was added in 1.4 (i.e. Merlin) Ah, good, that's better. The lack of local-watching is still surprising given the maturity of the platform, but not as bad. Thanks.
|
# ? Oct 20, 2014 18:01 |
|
I feel like a lot of state/government websites are crawling with coding horrors. http://www-odi.nhtsa.dot.gov/owners/SearchSafetyIssues Security horror: My local DMV website requires passwords to be EXACTLY 8 characters, with exactly one capital letter, and exactly one special character (or one number, can't remember). I'd guess the run time on a brute force with a pattern of (pseudo) [A-Z][a-z][a-z][a-z][a-z][a-z][a-z][!@#$%^&*()-+=] wouldn't be too shabby, and would catch a large majority of cases. Use a dictionary instead with 7 character words with the first letter capitalized and it's even quicker. With that password policy it wouldn't surprise me if passwords were stored in the DB as plaintext (or maybe even a publicly available csv on the webserver? who knows!). Knyteguy fucked around with this message at 19:57 on Oct 20, 2014 |
# ? Oct 20, 2014 19:40 |
|
Knyteguy posted:My local DMV website requires passwords to be EXACTLY 8 characters My brokerage has a 6-character limit on passwords.
|
# ? Oct 20, 2014 19:58 |
|
Subjunctive posted:My brokerage has a 6-character limit on passwords. I wonder what the thought process is here. "Gotta save those kilobytes of database space!" ?
|
# ? Oct 20, 2014 20:22 |
|
For the longest time, I found it both fascinating and horrifying that my World of Warcraft account was more secure than my bank account, from a website perspective. The former had two-factor authentication and a long password; the latter had a four-digit pin number and knowing my mother's middle name. For an industry that wants to portray itself as cool, collected, and secure, the financial industry has no loving clue.
|
# ? Oct 20, 2014 20:33 |
|
Knyteguy posted:I wonder what the thought process is here. "Gotta save those kilobytes of database space!" ? My assumption is that there's some back-end system from the 1970s that has the limitation. Still pretty surprising.
|
# ? Oct 20, 2014 20:39 |
|
My bank has a 4 character limit on passwords and you can only use numerals.
|
# ? Oct 20, 2014 20:56 |
|
Axiem posted:For the longest time, I found it both fascinating and horrifying that my World of Warcraft account was more secure than my bank account, from a website perspective. The former had two-factor authentication and a long password; the latter had a four-digit pin number and knowing my mother's middle name. Wasn't there a mild scandal a few years ago when it was discovered that battle.net's passwords weren't case-sensitive?
|
# ? Oct 20, 2014 21:16 |
I have a friend who I occasionally work with on programming projects. He is the worst array-abuser I have ever seen in my life. There is no programming challenge that he does not solve by cramming arrays into other arrays. Half the time, I can't even find the logic portion of his programming, and it looks like the arrays are magically making things happen. When we first worked together, I ribbed him about it, because I thought it was a one-off thing, where our thought processes just worked a bit differently. Nope. It's every block of code he writes in any language to solve any problem. When I try to go through modules he's written, I am faced with literally pages upon pages of code that look like this: code:
|
|
# ? Oct 20, 2014 21:28 |
|
Software development: the profession where adding ) to a file costs $600 and no one involved objects.
|
# ? Oct 20, 2014 21:36 |
|
it is posted:Software development: the profession where adding ) to a file costs $600 and no one involved objects. Cost Of Parenthesee: Cost Of Knowing Where To Put It:
|
# ? Oct 20, 2014 21:41 |
|
JawnV6 posted:Cost Of Parenthesee: also known as "Ten minutes, following twenty years of practice"
|
# ? Oct 20, 2014 21:58 |
|
it is posted:Software development: the profession where adding ) to a file costs $600 and no one involved objects. How much did its absence cost?
|
# ? Oct 20, 2014 23:08 |
|
Munkeymon posted:How much did its absence cost?
|
# ? Oct 20, 2014 23:16 |
|
Ithaqua posted:Wasn't there a mild scandal a few years ago when it was discovered that battle.net's passwords weren't case-sensitive? Yes, though that matters less when you have two-factor authentication and a 20-character password. Ceteris paribus, a 20-character case-insensitive password is far more secure than an 8-character case-sensitive password.
|
# ? Oct 21, 2014 00:08 |
|
Axiem posted:Yes, though that matters less when you have two-factor authentication and a 20-character password. Ceteris paribus, a 20-character case-insensitive password is far more secure than an 8-character case-sensitive password.
|
# ? Oct 21, 2014 00:25 |
|
Isn't it also the case that Facebook also reverses the case of your password and allows that too? So PassWord123 is as good as pASSwORD123, but not pASSword123?
|
# ? Oct 21, 2014 00:40 |
|
kitten smoothie posted:Isn't it also the case that Facebook also reverses the case of your password and allows that too? So PassWord123 is as good as pASSwORD123, but not pASSword123? Yes. We also accept first-char-capitalized for mobile platforms.
|
# ? Oct 21, 2014 01:12 |
|
Knyteguy posted:I wonder what the thought process is here. "Gotta save those kilobytes of database space!" ? We're locking down the account after three failed attempts so the passwords just need to resist that for online brute force attacks. Offline brute force attacks involve hacking a dedicated server that's only accessible using a protocol that supports a handful of password-related operations. Everything else has to be done from the admin console in the heavily guarded server room. So barring some insane Mission: Impossible scheme, nobody's getting passwords that way. On the other hand, shared passwords are a much bigger problem. We can tell people not to do it, but nobody listens because there's so many accounts that all want 'good' passwords with letters, digits, symbols and all that crap it's impossible for anyone to remember them all even using schemes like Staple Horse Battery Correct. People who reuse their passwords want one that works for every 'good' password checker so odds are it's going to be long and have digits and symbols. So if we disallow long passwords and symbols, they'll have to pick a different password.
|
# ? Oct 21, 2014 01:17 |
|
1337JiveTurkey posted:We're locking down the account after three failed attempts so the passwords just need to resist that for online brute force attacks. Offline brute force attacks involve hacking a dedicated server that's only accessible using a protocol that supports a handful of password-related operations. Everything else has to be done from the admin console in the heavily guarded server room. So barring some insane Mission: Impossible scheme, nobody's getting passwords that way. That's...pretty smart. E: though, from a friend: "Also, 3-attempt lockout is kind of a joke. I had it happen to my by accident, so I had to call in to reset my password. They reset it and read the new one to me over the phone after I gave them some very basic information about myself. Get 2-fac, folks." E2: or maybe don't bother with the authenticator: "I doubt 2-fac is all that better. I misplaced my token generator and they disabled 2-fac after asking the very same basic information. It is very scary." Subjunctive fucked around with this message at 01:36 on Oct 21, 2014 |
# ? Oct 21, 2014 01:26 |
|
Subjunctive posted:E: though, from a friend: "Also, 3-attempt lockout is kind of a joke. I had it happen to my by accident, so I had to call in to reset my password. They reset it and read the new one to me over the phone after I gave them some very basic information about myself. Get 2-fac, folks." People have been and will always be the most insecure part of a system.
|
# ? Oct 21, 2014 02:12 |
|
necrotic posted:People have been and will always be the most insecure part of a system. Yeah, but usually it's the users.
|
# ? Oct 21, 2014 02:24 |
|
Subjunctive posted:Yeah, but usually it's the users. It's incredibly frustrating when sites won't let you specify a custom security question, and then only provide poo poo like "what is your mother's maiden name" that's trivial to find out for anyone whose extended family is on Facebook.
|
# ? Oct 21, 2014 02:41 |
|
Blue Footed Booby posted:It's incredibly frustrating when sites won't let you specify a custom security question, and then only provide poo poo like "what is your mother's maiden name" that's trivial to find out for anyone whose extended family is on Facebook. The worst type of security question is the one that asks "What is your favorite X?" Maybe I'm just fickle, but my favorite TV show, movie, or food changes all the time, or it's a tough choice between two or three different things.
|
# ? Oct 21, 2014 02:45 |
|
Blue Footed Booby posted:It's incredibly frustrating when sites won't let you specify a custom security question, and then only provide poo poo like "what is your mother's maiden name" that's trivial to find out for anyone whose extended family is on Facebook. I legit made that argument once and one of the security guys (first generation immigrant from Uganda) challenged me to find his mother's maiden name.
|
# ? Oct 21, 2014 02:46 |
|
Flobbster posted:The worst type of security question is the one that asks "What is your favorite X?" Maybe I'm just fickle, but my favorite TV show, movie, or food changes all the time, or it's a tough choice between two or three different things. I used to just reverse the characters or words in the question, then hit length limits and decided to just hope nobody cared enough to attack me I guess.
|
# ? Oct 21, 2014 02:48 |
|
Blue Footed Booby posted:It's incredibly frustrating when sites won't let you specify a custom security question, and then only provide poo poo like "what is your mother's maiden name" that's trivial to find out for anyone whose extended family is on Facebook. Come up with a series of fake answers for all your security question needs. Also do this in case someone pretends to be you from the future, because only you should know these fake answers. Unless he's a mind reader--then you're screwed.
|
# ? Oct 21, 2014 02:48 |
|
andipossess posted:Come up with a series of fake answers for all your security question needs. Also do this in case someone pretends to be you from the future, because only you should know these fake answers. Unless he's a mind reader--then you're screwed. I use the same password generation tools I use to make passwords to make answers to security questions. What is the first name of your childhood best friend? ;alsdjf09j4qr;lkajsdlfkj
|
# ? Oct 21, 2014 02:55 |
|
Thermopyle posted:I use the same password generation tools I use to make passwords to make answers to security questions. Do this. Do it for any arbitrary field that is related to security.
|
# ? Oct 21, 2014 03:00 |
|
1337JiveTurkey posted:We're locking down the account after three failed attempts so the passwords just need to resist that for online brute force attacks. Offline brute force attacks involve hacking a dedicated server that's only accessible using a protocol that supports a handful of password-related operations. Everything else has to be done from the admin console in the heavily guarded server room. So barring some insane Mission: Impossible scheme, nobody's getting passwords that way. I think a system like this is viable and acceptable only if it allows access to very sensitive information. Usually having a "unique" password just means resetting it every time someone wants access as Subjunctive mentioned, and that's incredibly annoying unless it's for very important, potentially damaging/permanent things like server access, banking, etc. Requiring a site like Gravatar to have a unique password or something is just overkill. Even a system like the one you have would have potential vulnerabilities in the server software (ala Bash/OpenSSL type things), so there's still a chance that password hashes and salts could be dumped. Really though I like using an online-based password manager (I use LastPass). Only have to remember 1 password, it autofills username/password data, and it completely eliminates the shared password problem and the unique password problem. There's a single point of failure, but if the service gets broken then I'll have some safety in numbers while I change passwords.
|
# ? Oct 21, 2014 03:00 |
|
|
# ? May 17, 2024 17:03 |
|
Back to code: my team is building software for the Linux desktop that has to interact with the X stack, various vendor drivers, libudev version of the month, and such bullshit. Everything is crap that needs workarounds for esoteric things like portrait orientation. I'm going to need to register these guys for the PTSD treatment that people are building on top of our device. (We also build the software for desktop operating systems that people actually use.)
|
# ? Oct 21, 2014 03:02 |