|
It's a C implementation for a language called K, which is in the APL family. K, like many languages in that family, is known for extreme terseness and it is also apparently very fast. It isn't terribly surprising that the C code used in K's implementation is written in a style similar to how K itself is used.
|
# ? Oct 24, 2014 04:14 |
|
|
# ? May 21, 2024 10:09 |
|
Che Delilas posted:This is C we're talking about, right? A language where all the code is compiled into machine language before it actually runs at all? I'm just checking. If the compiler puts debugging symbols in the binary, longer variable names will mean that it takes longer for the os to load the executable from disk and it adds to memory pressure
|
# ? Oct 24, 2014 14:01 |
|
fritz posted:If the compiler puts debugging symbols in the binary, longer variable names will mean that it takes longer for the os to load the executable from disk and it adds to memory pressure Stop.
|
# ? Oct 24, 2014 17:03 |
|
Subjunctive posted:Stop. But my precious cache hits!
|
# ? Oct 24, 2014 17:11 |
|
fritz posted:If the compiler puts debugging symbols in the binary, longer variable names will mean that it takes longer for the os to load the executable from disk and it adds to memory pressure Debug symbols go in separate sections of the executable (eg .debug_info) which are not loaded into RAM by the dynamic linker
|
# ? Oct 24, 2014 18:24 |
|
http://mobilesecurityares.blogspot.com/2014/10/why-samsung-knox-isnt-really-fort-knox.html?m=1 I haven't thought this through enough, but I'm posting it here because I think it's a horror. quote:Samsung really tried to hide the functionality to generate the key, following the security by obscurity rule. In the end it just uses the Android ID together with a hardcoded string and mix them for the encryption key. I would have expected from a product, called Knox, a different approach:
|
# ? Oct 24, 2014 18:43 |
|
feedmegin posted:Debug symbols go in separate sections of the executable (eg .debug_info) which are not loaded into RAM by the dynamic linker You should be using split debuginfo anyway.
|
# ? Oct 24, 2014 18:55 |
|
Gazpacho posted:If your administrator makes you lock files while editing them, you may complain only about your administrator. This is an option? I'm stuck with this and I thought perforce just sucked
|
# ? Oct 24, 2014 19:02 |
|
Thermopyle posted:http://mobilesecurityares.blogspot.com/2014/10/why-samsung-knox-isnt-really-fort-knox.html?m=1 Password stored on device with reversible encryption. Encryption key trivially derived from device unique identifier and hardcoded string. Also, gives out free information about the password (length and first+last chars) if given a key stored in the clear. Yes, it's a horror.
|
# ? Oct 24, 2014 19:39 |
|
Relevant to the recent conversation: I'm working with some web login logic at the moment, specifically with passwords. I noticed that forgot password emails simply assign passwords to a variable, which are sent to a template, and sent to a user. I decided to take a look at the user table to see if my unconfirmed horror was true; it was. Over 110,000 enterprise customers have their email address, full name, and password in plaintext in our database. And their password hints. This is actually a (paid) software mod provided by one of the tech giants (they own the company that implemented this). Hundreds of other sites are likely using the exact same thing. Holy poo poo. v: Yes over HTTPS Knyteguy fucked around with this message at 23:25 on Oct 24, 2014 |
# ? Oct 24, 2014 23:06 |
|
Eh, it's not so bad. At least you have https to protect the plaintext passwords getting passed over the wire right?
|
# ? Oct 24, 2014 23:10 |
|
Sounds like the reset mails go out in the clear?
|
# ? Oct 24, 2014 23:24 |
|
Snapchat A Titty posted:Eh, it's not so bad. At least you have https to protect the plaintext passwords getting passed over the wire right? Subjunctive posted:Sounds like the reset mails go out in the clear? Over HTTPS. Still though it wouldn't take much to turn this into a pretty big data leak from just one distraught employee. If there's even one exploitable vulnerability in the parent software that allows bypassing security key access then we're talking a pool of tens of thousands of users who could potentially access this data. Or a developer that forgets to lock their workstation while going to the bathroom, etc. It might be unlikely, but as we all know it's a stupid risk. The logic was written in 2009 too so there's really no excuse.
|
# ? Oct 24, 2014 23:37 |
|
I was joking. Since you have the passwords, you could basically just hash them and change the verification method to use hashes instead and it would work without your users even noticing.
|
# ? Oct 24, 2014 23:47 |
|
And then find the twenty places that do a password check that shouldn't, and redo the password reset system since apparently it's less "password reset" and more "email me my cleartext password." Or am I misunderstanding that part?
|
# ? Oct 24, 2014 23:58 |
|
No, those things are for sure in there, but you're never gonna root them out until you kill the heart of them. Obviously you gotta do it at a time where you can be reasonably sure that some high percentage of the code paths will be touched within your next n hour shift.
|
# ? Oct 25, 2014 00:01 |
|
So, the installer for the "Send to Kindle" app on Mac won't install on Mac 10.10.0. The app says "Send to Kindle is only supported on Mac OSX version 10.6.0 and above". What's the problem?code:
Lexical comparisons of version numbers is super smart and definitely what you should be doing in this scenario yes.
|
# ? Oct 25, 2014 01:22 |
|
im kinda interested in what kinds of errors will be the daily show in this thread in like 2030. i mean i would be if they werent the same
|
# ? Oct 25, 2014 01:27 |
|
titaniumone posted:This is an option? I'm stuck with this and I thought perforce just sucked Don't worry, it still sucks even with that turned off.
|
# ? Oct 25, 2014 01:46 |
Snapchat A Titty posted:im kinda interested in what kinds of errors will be the daily show in this thread in like 2030. i mean i would be if they werent the same Ugh can you believe it, my stupid intellisense made my video game too easy and now I have to actually open the code and tweak the difficulty
|
|
# ? Oct 25, 2014 02:12 |
|
Jewel posted:So, the installer for the "Send to Kindle" app on Mac won't install on Mac 10.10.0. The app says "Send to Kindle is only supported on Mac OSX version 10.6.0 and above". What's the problem? Isn't that why Microsoft is skipping Windows 9?
|
# ? Oct 25, 2014 02:13 |
|
Ithaqua posted:Isn't that why Microsoft is skipping Windows 9? Supposedly a similar reason, but Apple's kinda stuck. What do you do, follow 10.9 with 10.99? "Getting asymptotically closer to some arbitrary number" is a version scheme you can only get away with when you're computer royalty. See also: literate programming. (Surprise! Same person!)
|
# ? Oct 25, 2014 02:44 |
|
pokeyman posted:Supposedly a similar reason, but Apple's kinda stuck. What do you do, follow 10.9 with 10.99? "Getting asymptotically closer to some arbitrary number" is a version scheme you can only get away with when you're computer royalty. OS X 10.10 is only theoretical and if anyone ever actually figures out a way to install it, they would
|
# ? Oct 25, 2014 02:56 |
|
Jewel posted:So, the installer for the "Send to Kindle" app on Mac won't install on Mac 10.10.0. The app says "Send to Kindle is only supported on Mac OSX version 10.6.0 and above". What's the problem? I don't blame someone writing a bash script from wanting to finish it as fast as possible.
|
# ? Oct 25, 2014 02:59 |
|
Ithaqua posted:Isn't that why Microsoft is skipping Windows 9? Supposedly. However, as someone pointed out someplace, if you check the GetVersion API they don't actually return "Windows 9" or "Windows 98" they return numbers like "4.5" or "6.2". And, in fact, they're deprecated: quote:[GetVersion may be altered or unavailable for releases after Windows 8.1. Instead, use the Version Helper APIs] So if old applications were using that to get the version, they'd end up with "6.2" and not "Windows 9". I guess Microsoft got fed up with people doing OS version checks and made it as hard as possible to do to try and fix bad code. Later in the same documentation you get this: quote:The GetVersionEx function was developed because many existing applications err when examining the packed DWORD value returned by GetVersion, transposing the major and minor version numbers. GetVersionEx forces applications to explicitly examine each element of version information. VerifyVersionInfo eliminates further potential for error by comparing the required system version with the current system version for you. It sounds like Microsoft has had some real fun supporting applications misusing version numbers over the years and has finally thrown up their hands and basically given up.
|
# ? Oct 25, 2014 06:44 |
|
pokeyman posted:Supposedly a similar reason, but Apple's kinda stuck. What do you do, follow 10.9 with 10.99? "Getting asymptotically closer to some arbitrary number" is a version scheme you can only get away with when you're computer royalty. Just keep adding 0s to it. 10.9 10.90 10.900 10.9000. The OS isn't getting bigger, it's becoming more precise.
|
# ? Oct 25, 2014 07:02 |
|
Deus Rex posted:Just keep adding 0s to it. 10.9 10.90 10.900 10.9000. The OS isn't getting bigger, it's becoming more precise. That surely won't mess up code that does dumb casts, nor will it mess up code that does this: C code:
|
# ? Oct 25, 2014 07:20 |
|
Xenoveritas posted:Supposedly. However, as someone pointed out someplace, if you check the GetVersion API they don't actually return "Windows 9" or "Windows 98" they return numbers like "4.5" or "6.2". Thankfully, everyone programs directly against Win32 APIs and a popular programming language like Java would never provide an API that returns a string representing the "friendly" OS version.
|
# ? Oct 25, 2014 07:34 |
|
Yeah if I remember correctly there were in fact several confirmed cases in the wild of the "Windows 9*" version check and they were all Java. I'd be surprised if there was enough *relevant* Java code out there checking for pre-2k versions for it to sway Microsoft's naming choices one way or the other. Apple, on the other hand, just doesn't care and will call you a bad developer for using version number that way (and they're right).
|
# ? Oct 25, 2014 07:55 |
|
Suspicious Dish posted:That surely won't mess up code that does dumb casts, nor will it mess up code that does this: Oh gosh and, you know, the number might overflow and stuff. I hereby retract my very serious suggestion for a versioning scheme
|
# ? Oct 25, 2014 09:16 |
|
brosmike posted:Thankfully, everyone programs directly against Win32 APIs and a popular programming language like Java would never provide an API that returns a string representing the "friendly" OS version. It's not even an API. As I recall, you can change it using "-Dos.name=Whatever" from the command line and I know you can change it to whatever you want while the program is running, allowing you to do things like "trick" the Swing Windows PLAF (theme) into running on non-Windows platforms.
|
# ? Oct 25, 2014 11:13 |
|
Flobbster posted:OS X 10.10 is only theoretical and if anyone ever actually figures out a way to install it, they would
|
# ? Oct 25, 2014 11:27 |
|
Xenoveritas posted:It's not even an API. As I recall, you can change it using "-Dos.name=Whatever" from the command line and I know you can change it to whatever you want while the program is running, allowing you to do things like "trick" the Swing Windows PLAF (theme) into running on non-Windows platforms. That doesn't make it somehow not an API.
|
# ? Oct 25, 2014 11:35 |
|
Do environment variables count as APIs? Because that's basically all the Java system properties are. (But instead of environment variables, they're Java-specific properties.) They happen to have default values (or maybe they override values the user sets, I don't remember) but they're still just mutable properties. There is no API in Java that you can call and ask "what OS am I running on?" Instead there's a set of mutable system properties that (probably) tells you. Unless someone's changed them to lie. Plus, as far as I can tell, there's no formal definition to what value any of the three "os" properties can have. So under Windows "os.name" is something like "Windows 95" or "Windows 8". Under Linux, it's ... what? "Linux"? "GNU/Linux"? "RedHat Linux"? I guess you'd have to test it to find out. What does "os.version" mean? What is it under Windows 8? (It's "6.2". See GetVersion.) What values can "os.arch" take? Is it "amd64" or "x86_64"? (As I recall, it's the former under Linux and the latter under Windows. Trying to find the real answer discovered that it's "x86" under Windows and "i386" under Linux but didn't answer the 64-bit question.)
|
# ? Oct 25, 2014 12:03 |
|
Jewel posted:So, the installer for the "Send to Kindle" app on Mac won't install on Mac 10.10.0. The app says "Send to Kindle is only supported on Mac OSX version 10.6.0 and above". What's the problem? I thought version tuples (or the bash equivilent) were a thing everywhere. Or is this just my spoiled python background? NtotheTC fucked around with this message at 12:10 on Oct 25, 2014 |
# ? Oct 25, 2014 12:03 |
|
NtotheTC posted:I thought version tuples (or the bash equivilent) were a thing everywhere. Or is this just my spoiled python background? This is comparing the last part of the "tuple". A lexical comparison of "9" < "10" is false (because '1' comes before '9'). code:
code:
|
# ? Oct 25, 2014 13:39 |
|
quote != edit
|
# ? Oct 25, 2014 13:40 |
|
Dr Monkeysee posted:Yeah if I remember correctly there were in fact several confirmed cases in the wild of the "Windows 9*" version check and they were all Java. I'd be surprised if there was enough *relevant* Java code out there checking for pre-2k versions for it to sway Microsoft's naming choices one way or the other. Probably being a master of the obvious here, but if your java code cares about the version of windows that its running on, you've clearly chosen the wrong tool for the job.
|
# ? Oct 25, 2014 14:09 |
|
Bruegels Fuckbooks posted:Probably being a master of the obvious here, but if your java code cares about the version of windows that its running on, you've clearly chosen the wrong tool for the job. Unless you're talking about platform-specific JDK code. I could definitely see Microsoft saying "Yes, we do want Java debugging to work on our new operating system".
|
# ? Oct 25, 2014 14:48 |
|
|
# ? May 21, 2024 10:09 |
|
the joke your head
|
# ? Oct 25, 2014 15:15 |