|
Wordpress and businesses are a script kiddies wet dream: businesses don't want to pay for Wordpress as a hosted service but also hate upgrading things ever. Manager: why does the login page keep on being reset to default? Oh, disable the automatic updates then. MrMoo fucked around with this message at 17:06 on Jan 30, 2016 |
#
?
Jan 30, 2016 16:58
|
|
|
|
| # ? May 25, 2024 00:01 |
|
|
me: i got the site back online, but it's probably still vulnerable manager: does the shopping cart work? me: 
|
|
#
?
Jan 30, 2016 17:09
|
|
|
DaTroof posted:me: i got the site back online, but it's probably still vulnerable sever
|
|
#
?
Jan 30, 2016 20:39
|
|
|
funny how managers care about sales more than the minutiae of php Web app security.
|
|
#
?
Jan 30, 2016 22:31
|
|
|
computer toucher posted:funny how
|
|
#
?
Jan 30, 2016 22:53
|
|
|
DaTroof posted:me: i got the site back online, but it's probably still vulnerable good way to keep getting contracts imo
|
|
#
?
Jan 31, 2016 03:19
|
|
|
meatpotato posted:Available tools: awk, sed, etc., C++ std lib. can't you just escape poo poo? when you see /* just turn it into /\* or something stupid and change it back when not using JSON?
|
|
#
?
Jan 31, 2016 04:19
|
|
|
craisins posted:can't you just escape poo poo? when you see /* just turn it into /\* or something stupid and change it back when not using JSON? this is actually hilariously tricky to do correctly
|
|
#
?
Jan 31, 2016 12:37
|
|
|
meatpotato posted:Edit: I'm so amazed that operating systems don't crash more often due to terrible drivers. Does the kernel protect against drivers doing stupid poo poo? usually not. often it's pointless because the devices themselves are not isolated from the system (can interrupt the CPU, can read and write main memory, can feed code to the CPU, etc.), so software that can drive them can indirectly mess with the system
|
|
#
?
Jan 31, 2016 13:36
|
|
|
qntm posted:this is actually hilariously tricky to do correctly I misunderstood the initial issue - I assumed /* was in reference to a comment in JS (even though JSON doesn't have comments) and not in terms of running something in a prompt. sucks
|
|
#
?
Jan 31, 2016 22:50
|
|
|
craisins posted:can't you just escape poo poo? when you see /* just turn it into /\* or something stupid and change it back when not using JSON? qntm posted:this is actually hilariously tricky to do correctly I changed the shell script in two ways, only one of which is required to solve this specific problem but more is better, right? 1) Set the IFS to '\n' (to read a line at a time, rather than the default which is merely whitespace-separated) and use a for loop rather than 'read', which was globbing. Actually, this behavior makes shell scripting 1000% better. It should be the default IMO (learned about it here http://redsymbol.net/articles/unofficial-bash-strict-mode/). 2) I later learned that I can simply disable globbing with 'set -f' at the start of the script. I'm looking into more ways to harden these stupid scripts, but I don't know how to attack them so I don't know how to harden them. The first step ought to be checking if lighttpd is escaping query strings, I think.
|
|
#
?
Jan 31, 2016 23:01
|
|
|
could always pay for another security audi-pffft
gonadic io fucked around with this message at 23:23 on Jan 31, 2016 |
|
#
?
Jan 31, 2016 23:21
|
|
|
i have no idea how embedded things work but it seems really unreasonable to me that you can run sh but cant afford a decent plang or non std c++ libs
|
|
#
?
Jan 31, 2016 23:40
|
|
|
MALE SHOEGAZE posted:i have no idea how embedded things work but it seems really unreasonable to me that you can run sh but cant afford a decent plang or non std c++ libs it's not just about processing power, storage can be very restricted too. sh is tiny, plangs are big.
|
|
#
?
Feb 1, 2016 00:44
|
|
|
what about using non-standard c++ libs? or like, some command line tool that isn't awk for dealing with this poo poo? is it a legal/licensing issue? it's just hard for me to understand a world where a world where hand rolling your own json parser in bash is the only way to deal with json
|
|
#
?
Feb 1, 2016 00:51
|
|
|
Nah, we're using somebody else's sh-based hand-rolled json library. Large parts of the project are hosed up, but it's not completely stupid. Actually, the largest part of the system is C++ with a few non-std libs. I'm just off in a small corner that was written in sh instead. I don't know C++ well enough to justify re-writing the few mostly-working scripts we already have. Our processing power is actually really good, I think our main application only uses ~10% CPU time. Like Soricidus said, space is a limiting factor. We have <8 MB of flash to hold Linux + our application + persistent data storage + everything else we need (debug tools, etc.).
|
|
#
?
Feb 1, 2016 01:52
|
|
|
I'm surprised Linux can exist on less than 8mb
|
|
#
?
Feb 1, 2016 01:53
|
|
|
meatpotato posted:Nah, we're using somebody else's sh-based hand-rolled json library. Large parts of the project are hosed up, but it's not completely stupid. Actually, the largest part of the system is C++ with a few non-std libs. I'm just off in a small corner that was written in sh instead. I don't know C++ well enough to justify re-writing the few mostly-working scripts we already have. 8mb? what luxury!
|
|
#
?
Feb 1, 2016 01:55
|
|
|
I think we have 128 (or 64, can't remember) MB of RAM. The Linux image is stored compressed in a special section of flash and a bootloader unzips the kernel to RAM when the system boots. Very common as far as I can tell.
|
|
#
?
Feb 1, 2016 01:56
|
|
|
Ludwig van Halen posted:8mb? what luxury! Up until now my only paid programming experience has been with under 256 kB of flash and 16 kB of RAM, so yeah it actually feels pretty nice. Unfortunately those small systems are way easier to debug. Since /tmp maps to RAM we have space for some decently-sized debugging tools on this system. However, MIPS is a ghetto and while lots of relatively standard software will compile to a MIPS target, it won't run. Valgrind, for instance, just hangs and consumes 100% CPU. We can run gdbserver and remote debug easily, but it's not really completely functional. Most of the time we can't get a backtrace when poo poo crashes. This partially is because MIPS doesn't have a frame pointer register, but also because the signal handler code for Linux on MIPS isn't complete. 
|
|
#
?
Feb 1, 2016 02:02
|
|
|
OpenWRT lives on 4-32MB apparently? There are a few articles of fitting Linux + InitRD on 1MB flash too.
|
|
#
?
Feb 1, 2016 02:04
|
|
|
meatpotato posted:Up until now my only paid programming experience has been with under 256 kB of flash and 16 kB of RAM, so yeah it actually feels pretty nice. i was just pulling your leg i just started a javascript job and everytime i do anything with node it has to spin up a multi-hundred mb instance of chrome my work pc has 4gb of ram and it gets filled up quick
|
|
#
?
Feb 1, 2016 02:07
|
|
|
Ludwig van Halen posted:i just started a javascript job and everytime i do anything with node it has to spin up a multi-hundred mb instance of chrome what the hell are you doing with node
|
|
#
?
Feb 1, 2016 02:07
|
|
|
It's also not difficult to run our code on a desktop machine but it hasn't been very useful for debugging because then it doesn't crash. (I think) our scariest intermittent crash is from some kind of unaligned memory access deep deep down in code a math phd wrote. MIPS and x86 don't behave the same at that level, x86 has no problem getting a uint32 on a weird boundary.
|
|
#
?
Feb 1, 2016 02:12
|
|
|
abraham linksys posted:what the hell are you doing with node 
|
|
#
?
Feb 1, 2016 02:17
|
|
|
like what are you doing with node that is creating a chrome instance? testing through karma or something?
|
|
#
?
Feb 1, 2016 02:18
|
|
|
abraham linksys posted:like what are you doing with node that is creating a chrome instance? testing through karma or something? oh nah, i mean it spins up v8 which is close enough
|
|
#
?
Feb 1, 2016 02:19
|
|
|
meatpotato posted:It's also not difficult to run our code on a desktop machine but it hasn't been very useful for debugging because then it doesn't crash. go on ebay find some old mips-based workstations or get one of those ideologically correct laptops?
|
|
#
?
Feb 1, 2016 02:39
|
|
|
meatpotato posted:It's also not difficult to run our code on a desktop machine but it hasn't been very useful for debugging because then it doesn't crash. It seems like you could write a crash handler for an unaligned read that fetches the two chunks individually and then stitches them together, before resuming where it left off.
|
|
#
?
Feb 1, 2016 02:48
|
|
|
fritz posted:go on ebay find some old mips-based workstations or get one of those ideologically correct laptops? "ideologically correct laptop" intrigued me so I looked online and found a review of a north-korean tablet computer, looks sweet. Make sure you scroll to the photo with the ICBM as a desktop background. http://38north.org/wp-content/uploads/2013/10/SamjiyonProductReview_RFrank102213-2.pdf Jabor posted:It seems like you could write a crash handler for an unaligned read that fetches the two chunks individually and then stitches them together, before resuming where it left off. That sounds like it would work but: 1) I'm posting in the terrible programmer thread 2) The code is multithreaded which makes things like this hard, I think. Our team found out about this patch http://git.openwrt.org/?p=openwrt.git;a=commitdiff;h=2389c41f7c8f92ff84b6dda57fc94d8dfc760d8c posted yesterday (titled fix GDB debugging on MIPS) and one of my more-senior co-workers is going balls-out now that backtraces work, I've gotten a dozen emails from him in the last few hours finding previously-untraceable bugs.
|
|
#
?
Feb 1, 2016 03:18
|
|
|
Ludwig van Halen posted:oh nah, i mean it spins up v8 which is close enough no it's not. it's not at all. opening up the node REPL is ~8MB of RAM for me so i have no idea what you're doing.
|
|
#
?
Feb 1, 2016 03:56
|
|
|
meatpotato posted:It's also not difficult to run our code on a desktop machine but it hasn't been very useful for debugging because then it doesn't crash. just sprinkle some __attribute__((aligned(1))) on your code
|
|
#
?
Feb 1, 2016 03:58
|
|
|
fritz posted:go on ebay find some old mips-based workstations you should do this anyway, and run NetBSD on them I wonder how may times faster a little OpenWRT-based dingus is than an R3000-based DECstation 5000 running Ultrix
|
|
#
?
Feb 1, 2016 04:23
|
|
|
some moron programmer was adding everyone to our apple testflight beta testing thing and he was screwing up the email addresses and names all the time so we had like 50 duplicate entries and only some of the names were capitalized and some people's first and last names were switched. i finally sat down and spent an hour cleaning it up and my autism is the most soothed its been in weeks
|
|
#
?
Feb 1, 2016 04:31
|
|
|
man gently caress that guy
|
|
#
?
Feb 1, 2016 04:42
|
|
|
don't use mips
|
|
#
?
Feb 1, 2016 05:02
|
|
|
please it's triggering
|
|
#
?
Feb 1, 2016 05:02
|
|
|
Bloody posted:don't use mips my undergrad capstone project was writing a compiler that read pascal and output mips assembly 
|
|
#
?
Feb 1, 2016 05:48
|
|
|
Bloody posted:please srs question from someone who doesn't know better, whats wrong with mips?
|
|
#
?
Feb 1, 2016 05:49
|
|
|
|
| # ? May 25, 2024 00:01 |
|
|
Barnyard Protein posted:srs question from someone who doesn't know better, whats wrong with mips? Nothing, really. MIPS is a sane assembly language, although nothing you learn applies to the x86 assembly people actually use. More general purpose registers, ability to do math and assign in one instruction, etc.
|
|
#
?
Feb 1, 2016 05:57
|
|
