|
nielsm posted:Also it sets array_capacity to a potentially larger number than the actual allocation. Bonfire Lit fucked around with this message at 10:06 on Apr 18, 2016 |
#
?
Apr 18, 2016 10:03
|
|
|
|
| # ? Jun 5, 2024 14:16 |
|
|
Athas posted:I see people using arrays of pointers to fake multidimensional arrays in the most nasty way. It is terrible and bad and probably confuses the compiler horribly. In C++, you can probably use some template magic to define a class that gives a nicer multidimensional array interface. But then you have to deal with templates. Arrays of pointers won't confuse the compiler any more than any other pointer dereferences. But if you're dealing with arrays of numbers (or other small types, I guess), a lot of common access patterns are going to do very bad things to your cache if you're doing reads all over the place in memory.
|
|
#
?
Apr 18, 2016 12:40
|
|
|
Jsor posted:I'm taking a (grad-level) parallel programming class, and all our graphs are supposed to be done in a way such that the values get larger when they get faster (e.g. y axis is op/ns as opposed to ns/op). This isn't wrong, but it's so weird to me since outside this class I don't think I've ever seen people measure performance that way. The only place I can think of where this is standard is frames per second, and even then for most optimization purposes I see people measure (nano/milli)seconds per frame anyway. I guess processor-level operation speeds are also measured this way (e.g. FLOPS, the name MIPS), but most benchmark systems, and most results I've seen online and in papers, tend to do it the other way. If you want to show parallel scalability, it is typically not a good idea to plot the wallclock times. The time-axis (e.g. Y) gets squashed too much as you add more processors (e.g. X axis), so it becomes hard to distinguish good from bad scaling. But in practice, it is mostly because of human psychology: people like upward curves. For instance, parallel speedup is typically an upwards curve (cannonball graph), which in conjunction with a 'dynamic' X/Y ratio can always be made to at least feel good. Everytime you see a speedup curve like the following, be suspicious: (no x=y ideal speedup line, X/Y ratio != 1)  What is actually important, is how close you are to the ideal speedup on the x=y diagonal. Plotting Parallel Efficiency (parallel speedup / number of cores) shows exactly that distance and is the more responsible way to plot the same data. However, it's a downwards curve:  I used speedup plots in my phd thesis, but at least I plot the x=y line and fixed my goddamn X/Y ratio to 1:1.
|
|
#
?
Apr 18, 2016 13:51
|
|
|
YeOldeButchere posted:But then you have to deal with templates. Also, there are array notation extentions for C/C++ supported across multiple compilers (such as https://www.cilkplus.org/tutorial-array-notation) that will have your compiler optimize the snot out of your array code. Hacking your own multidimentional arrays and using raw pointers is a good way to prevent your compiler from doing its job. edit: VVV Well yeah, that's why those array notation extensions exist. It gives the compiler more information about the dataflow. All of those (GCC vector extension, Intel CilkPlus, C++ valarray) either do not allow alias/overlap or make it undefined behavior. Beef fucked around with this message at 20:18 on Apr 19, 2016 |
|
#
?
Apr 18, 2016 13:59
|
|
|
YeOldeButchere posted:But then you have to deal with templates. The compiler will generally have trouble proving that the sub-arrays in an array of pointers don't alias each other. Depending on what you're doing, that could matter a lot.
|
|
#
?
Apr 19, 2016 16:46
|
|
|
php:<?
//turn a date into a unix timestamp
//$date comes in as YYYY-MM-DD - with dashes
//returns YYYYMMDD000000
function toUnixTimestamp($date){
$res=mktime(0,0,0,substr($date,5,2),substr($date,8,2),substr($date,0,4));
$result=date("Ymd",$res)."000000";
return $result;
}
?>
|
|
#
?
Apr 19, 2016 20:35
|
|
|
Beef posted:Also, there are array notation extentions for C/C++ supported across multiple compilers (such as https://www.cilkplus.org/tutorial-array-notation) that will have your compiler optimize the snot out of your array code. Hacking your own multidimentional arrays and using raw pointers is a good way to prevent your compiler from doing its job. I didn't know about those; every time I've used SIMD stuff was through opaque datatypes and functions which I guess eventually boiled down to some form of hand-crafted inline assembly or something. I'd still assume that the compiler knows about the semantics of those SIMD instructions and will be able to do more than just treat them like a black box, though, even without language extensions enabled. rjmccall posted:The compiler will generally have trouble proving that the sub-arrays in an array of pointers don't alias each other. Depending on what you're doing, that could matter a lot. Ah, that is true. That will definitely constraint the compiler's ability to re-order stuff around, for one, and run-time instruction re-ordering probably doesn't have nearly a high-level enough view on any non-trivial function to approach what the compiler could do with a contiguous piece of memory.
|
|
#
?
Apr 20, 2016 02:57
|
|
|
I came across this while browsing through the terrible codebase of the terrible iOS app I have to work with gently caress
|
|
#
?
Apr 20, 2016 08:11
|
|
|
Ah, the ubiquitous NSDate+Formatting file in every iOS App ever. And the other horrors. At least it will be easy to search and replace that code to fix the locale issue.
Kallikrates fucked around with this message at 15:16 on Apr 20, 2016 |
|
#
?
Apr 20, 2016 14:23
|
|
|
Hey, at least their needlessly copy-pasted code also has copy-pasted comments to go with it. Documentation! 
|
|
#
?
Apr 20, 2016 14:52
|
|
|
So how many more times is that copy pasted after the image cuts off? Not that mashing ctrl-v 6 times isn't already enough to qualify as an horror, but I'm curious.
|
|
#
?
Apr 20, 2016 15:33
|
|
|
I wonder if that person had any idea why that was suddenly necessary.
|
|
#
?
Apr 20, 2016 15:43
|
|
|
At least they're being honest I guess?
|
|
#
?
Apr 20, 2016 16:47
|
|
|
It doesn't look like the linked stackoverflow came to any conclusion about the problem either.
|
|
#
?
Apr 20, 2016 19:00
|
|
|
CPColin posted:I wonder if that person had any idea why that was suddenly necessary. I'm not sure I understand why that was suddenly necessary. Is it a locale thing?
|
|
#
?
Apr 20, 2016 19:05
|
|
|
Me today: "Hmm. What's this unit test here that doesn't seem to run ever? Oh, it fails! Whew, fixing it was a simple change. Now what other code was calling what this test was testing? Oh, nothing. This test tests code that only the test itself calls. Great." 
|
|
#
?
Apr 21, 2016 18:36
|
|
|
The perils of test driven development.
|
|
#
?
Apr 21, 2016 19:34
|
|
|
I'm sure I'm not the first one to say this, so I doubt it will be interesting in any way, but: WordPress is the ur-coding horror. If you want to see what software looks like when it's cobbled together by people who have only the very faintest clue about how software should be engineered, this is what you get. It makes everything non-trivial an exercise in utter frustration, all in order to make the most basic of updates slightly easier (assuming you wouldn't benefit from having an actual structure to your data for any reason). That's before we get into the frequent vulnerabilities and the inexplicable difficulties in hardening it to any degree. Why must it have such strong name recognition that all my clients request it? I'm going to start applying a surcharge for dealing with this nonsense.
|
|
#
?
Apr 22, 2016 05:00
|
|
|
PT6A posted:That's before we get into the frequent vulnerabilities and the inexplicable difficulties in hardening it to any degree. Everything about it is designed such that first 15 minutes of using it are smooth to new users, but this ends up making it completely awful for anyone who's used it for longer. The fact that themes are just php files that get uploaded through the admin panel as zip files and then executed by the web server is nuts. I wonder how many WP installs have been owned by malicious plugins and themes even outside of all the ways it can be exploited from the outside.
|
|
#
?
Apr 22, 2016 08:39
|
|
|
Ok this just appeared on SO: http://stackoverflow.com/questions/36787613/due-to-500-server-error-404-page-not-found What is laughable is that it sounds like someone on the Dev team for VISA is asking normal People to respond and help them solve what is a serious issue with a secure financial website.
|
|
#
?
Apr 22, 2016 08:44
|
|
|
TheresaJayne posted:Ok this just appeared on SO: That looks more like a middleman service for getting Indian visas in Bangladesh. Nothing to do with VISA or financial services.
|
|
#
?
Apr 22, 2016 09:01
|
|
|
iron buns posted:That looks more like a middleman service for getting Indian visas in Bangladesh. Nothing to do with VISA or financial services. Well that is then a government office so again the devs shouldnt be just posting their problems on SO
|
|
#
?
Apr 22, 2016 09:29
|
|
|
TheresaJayne posted:Well that is then a government office so again the devs shouldnt be just posting their problems on SO middleman service. as in, nothign to do with the government, they just charge you money to file the forms for you or w/e
|
|
#
?
Apr 22, 2016 09:57
|
|
|
ErIog posted:Everything about it is designed such that first 15 minutes of using it are smooth to new users, but this ends up making it completely awful for anyone who's used it for longer. The fact that themes are just php files that get uploaded through the admin panel as zip files and then executed by the web server is nuts. I wonder how many WP installs have been owned by malicious plugins and themes even outside of all the ways it can be exploited from the outside. This is probably why it's so popular. Users see a really friendly CMS interface with tons of plugins and themes because there's no barrier to entry. Devs instead have to fight poorly cobbled-together code that probably only worked on the author's personal computer and full of comments like "} // DO NOT REMOVE", just to get it to work and fit client specifications. Paid content just means it's obfuscated and DRMed to hell, with barely any support provided. And don't trust anything "free", that's code for "loaded with adware and exploits" and the only protection is a handful of plugins that run regexps to try and detect them.
|
|
#
?
Apr 22, 2016 10:48
|
|
|
CPColin posted:Me today: "Hmm. What's this unit test here that doesn't seem to run ever? Oh, it fails! Whew, fixing it was a simple change. Now what other code was calling what this test was testing? Oh, nothing. This test tests code that only the test itself calls. Great." I really wish the jet brains unused code analysis tool would flag things only invoked from tests. I'm sure there's some refactored that have removed valid code paths in the code at work but not the tests.
|
|
#
?
Apr 22, 2016 13:15
|
|
|
I told a guy who does Wordpress sites for people on the side about how the Panama Papers were exfiltrated through a vulnerable WP plugin and he thought that was great because it would probably lead to more side jobs fixing things 
|
|
#
?
Apr 22, 2016 14:23
|
|
|
Recently one of our WP "devs" requested that .htaccess needs to have 777 because one Wordpress plugin modifies it edit: going through task list - one of the devs was asking about forms in emails... canis minor fucked around with this message at 14:45 on Apr 22, 2016 |
|
#
?
Apr 22, 2016 14:33
|
|
|
ErIog posted:Everything about it is designed such that first 15 minutes of using it are smooth to new users, but this ends up making it completely awful for anyone who's used it for longer. The fact that themes are just php files that get uploaded through the admin panel as zip files and then executed by the web server is nuts. I wonder how many WP installs have been owned by malicious plugins and themes even outside of all the ways it can be exploited from the outside. Yeah, there's a good reason why I'm building my own theme from scratch and writing all my own plugins as needed for this project. It's actually going faster than previous projects I've done where I've had to try and unfuck other people's horrible themes and plugins. But, no, everyone wants WordPress, and woe betide you if you offer an alternative that's better and more secure, because inevitably they will phone you and bitch about how they can't do X, Y or Z that some guy told them they could do with WordPress. I'm starting to think that the quality of all things, tech-related or completely unrelated, is going down because consumers are actively expressing a preference for lower quality goods and services.
|
|
#
?
Apr 22, 2016 15:06
|
|
|
PT6A posted:Yeah, there's a good reason why I'm building my own theme from scratch and writing all my own plugins as needed for this project. It's actually going faster than previous projects I've done where I've had to try and unfuck other people's horrible themes and plugins. To be fair, to them it's not lower quality. Quality to them means "can I do X fast, and if I can't, can I get it done cheaply and quickly." Software is a magic black box to many folks, and if you say "PHP exploits, injection attacks, ..." you might as well be talking about dark moon unicorns. They don't give a poo poo: theyneed the marketing thing up by Tuesday or the boss is going to yell at them. That said, I'm sorry you have to work with WordPress. 
|
|
#
?
Apr 22, 2016 15:14
|
|
|
Reposting from elsewhere since it's relevant. I was forced into a WordPress security 2 day course at work given by an outside vendor you have heard of. I tried to edit out all the fluff, and then I realized it was all insane so I only deleted like 3 lines. It was a magical eye-opening experience.erIog posted:Today's highlights: ErIog fucked around with this message at 15:19 on Apr 22, 2016 |
|
#
?
Apr 22, 2016 15:17
|
|
|
Lumpy posted:That said, I'm sorry you have to work with WordPress. It's partially my own fault. I've been bitten so many times by the "what do you mean I can't do [exact thing WordPress does] with no additional work from you, despite the fact I never asked you about this in the first place?" that now I just go with WordPress if it gets mentioned during the initial consultation, and hating my life until the project can be handed off to some cheaper WordPress "guru" which is why they want WordPress in the first place anyway.
|
|
#
?
Apr 22, 2016 15:53
|
|
|
ErIog posted:Reposting from elsewhere since it's relevant. I was forced into a WordPress security 2 day course at work given by an outside vendor you have heard of. I tried to edit out all the fluff, and then I realized it was all insane so I only deleted like 3 lines. It was a magical eye-opening experience. lol that's amazing
|
|
#
?
Apr 22, 2016 19:20
|
|
|
ErIog posted:Reposting from elsewhere since it's relevant. I was forced into a WordPress security 2 day course at work given by an outside vendor you have heard of. I tried to edit out all the fluff, and then I realized it was all insane so I only deleted like 3 lines. It was a magical eye-opening experience.  That's... wow.
|
|
#
?
Apr 23, 2016 00:19
|
|
|
ErIog posted:Reposting from elsewhere since it's relevant. I was forced into a WordPress security 2 day course at work given by an outside vendor you have heard of. I tried to edit out all the fluff, and then I realized it was all insane so I only deleted like 3 lines. It was a magical eye-opening experience. Hell, the second sentence of the description on Github is completely false 
|
|
#
?
Apr 23, 2016 06:26
|
|
|
PT6A posted:But, no, everyone wants WordPress, and woe betide you if you offer an alternative that's better and more secure I hate to be the clueless idiot, but part of my job is working with WordPress and I don't know what the better or more secure alternatives are. The only other CMS I've gone near was someone else's hacked Joomla site. A lot of the appeal of WordPress is that our clients are don't need to call us every time they want to put up new content because they can do it easily themselves... While I'm here I guess, how should I manage WordPress? (Too much of this stuff is inside baseball so it's hard to find good information.  )
|
|
#
?
Apr 23, 2016 08:52
|
|
|
Mush Man posted:While I'm here I guess, how should I manage WordPress? (Too much of this stuff is inside baseball so it's hard to find good information. A lot of the ways to manage Wordpress sensibly involve shutting off features like plugin management from the admin panel. If you think you're good enough at explaining these issues to the customer then that's the way to go. However, a lot of people are put in the very bad position of getting bitched out when they try to do this and so end up deploying sites they know are vulnerable just to please the client. Just apply basic sys admin security knowledge to Wordpress. It's not rocket science. However, WordPress itself will fight you every step of the way.
|
|
#
?
Apr 23, 2016 09:02
|
|
|
Mush Man posted:I hate to be the clueless idiot, but part of my job is working with WordPress and I don't know what the better or more secure alternatives are. The only other CMS I've gone near was someone else's hacked Joomla site. A lot of the appeal of WordPress is that our clients are don't need to call us every time they want to put up new content because they can do it easily themselves... The answer, for corporate websites at least, is to use a CMS that isn't php-based. The disadvantage is that you need at least a VPS for that, because sadly regular stock web hostings won't run anything but php. At my job we use OneHippo which is Java based and completely customizable. I personally think it's not a bad CMS. It differs from the most common ones by being component-based instead of page based. Basically, you define pages by putting reusable components together (header, footer, textbox, form, ...) , which may or may not have the same text/pictures/whatever in them. It gets quite powerful, especially if you're willing to dive into the code. I don't know much about security, and of course it depends on how much you customize the code, but it's gotta be better than wordpress because php is inherently broken.
|
|
#
?
Apr 23, 2016 10:03
|
|
|
Carbon dioxide posted:php is inherently broken. Sure buddy. Whatever you say
|
|
#
?
Apr 23, 2016 10:34
|
|
|
Carbon dioxide posted:The answer, for corporate websites at least, is to use a CMS that isn't php-based. The disadvantage is that you need at least a VPS for that, because sadly regular stock web hostings won't run anything but php. Not true; I have a shared hosting account that runs Python, which allows to me to use Django. It's obviously much more client-specific to set up since it's a framework and not a full CMS, but I usually get a far better result because I can actually give structure to the data that needs to be added/edited on a regular basis, so the people who edit it don't also have to worry about formatting it. If you're going to hire a web developer anyway, why not let them do all the heavy lifting? Your point is well-taken in general, though, since Django hosting is unfortunately rare and "we want to use our current web hosting" is a common reason, again, I get pushed into running WordPress for a lot of clients.
|
|
#
?
Apr 23, 2016 14:50
|
|
|
|
| # ? Jun 5, 2024 14:16 |
|
|
Carbon dioxide posted:I don't know much about security... php is inherently broken. "I don't know what I'm talking about. Here is an obviously stupid generalization."
|
|
#
?
Apr 23, 2016 16:07
|
|
