|
IDEs are crutches for the weak (I use gvim plus syntax highlighting plus auto tab and indentations oh god I swear it's not an IDE) E: Terrible page snipe
|
#
?
Oct 9, 2017 17:52
|
|
|
|
| # ? Jun 1, 2024 01:41 |
|
|
Real programmers use butterflies.
|
|
#
?
Oct 9, 2017 17:54
|
|
|
Apex Rogers posted:IDEs are crutches for the weak (I use gvim plus syntax highlighting plus auto tab and indentations oh god I swear it's not an IDE) I once said smugly "I take out the garbage myself like a real man." My friend said: "I use a garbage man like the rest of civilized society."
|
|
#
?
Oct 9, 2017 17:57
|
|
|
I only use editors that fill main memory entirely. There's nothing like 8 seconds of latency between keystroke and feedback while your OS is swapping to make you think real hard about your problems.
|
|
#
?
Oct 9, 2017 18:05
|
|
|
I use a hand-ground lense to write individual bits on hard drive platters using only sunlight via the photoelectric effect Takes some time, but if it's worth doing it's worth doing right
|
|
#
?
Oct 9, 2017 18:06
|
|
|
Apex Rogers posted:IDEs are crutches for the weak (I use gvim plus syntax highlighting plus auto tab and indentations oh god I swear it's not an IDE) My IDE is Unix, ie a menagerie of interconnected and hand-configured tools with odd names and unmemorable interfaces so fragile that barely a day passes without it either betraying my expectations with some unforseen interaction or I actively gently caress it up by trying to add some shiny new tool to it. 
|
|
#
?
Oct 9, 2017 18:12
|
|
|
Linear Zoetrope posted:I only use editors that fill main memory entirely. There's nothing like 8 seconds of latency between keystroke and feedback while your OS is swapping to make you think real hard about your problems. So, emacs?
|
|
#
?
Oct 9, 2017 18:32
|
|
|
Please give me ALL the crutches for the weak, and every other kind too. Thanks.
|
|
#
?
Oct 9, 2017 19:18
|
|
|
gently caress crutches, give me a Rascal scooter.
|
|
#
?
Oct 9, 2017 20:10
|
|
|
Thermopyle posted:Would the remote features built in to Pycharm not work for you? I've barely touched them in years, but I seem to remember that they let you develop on a remote machine... The canonical answer when I looked into this a couple years ago was to use the deployment feature in pycharm pro. I've used that feature in the past and it is in fact pretty dope, but it still fundamentally relies on having a local copy of the code to look at (in fact the canonical copy is local), but the whole reason I have to access code remotely in the first place is that work has a "no code on laptops" policy.
|
|
#
?
Oct 9, 2017 20:11
|
|
|
VS Code has this extension: https://marketplace.visualstudio.com/items?itemName=rafaelmaiolla.remote-vscode Atom has this extension: https://atom.io/packages/remote-edit Sublime Text has this extension: https://wbond.net/sublime_packages/sftp Notepad++ has this extension: https://ashkulz.github.io/NppFTP/ I haven't used any of these myself, so I couldn't tell how well they work.
|
|
#
?
Oct 9, 2017 20:19
|
|
|
Nippashish posted:The canonical answer when I looked into this a couple years ago was to use the deployment feature in pycharm pro. I've used that feature in the past and it is in fact pretty dope, but it still fundamentally relies on having a local copy of the code to look at (in fact the canonical copy is local), but the whole reason I have to access code remotely in the first place is that work has a "no code on laptops" policy. Wouldn't the local cache that I'm sure PyCharm builds technically run afoul of that policy? I mean, it sounds like they want you to remote in, not mount via an SSH tunnel.
|
|
#
?
Oct 9, 2017 20:22
|
|
|
Munkeymon posted:Wouldn't the local cache that I'm sure PyCharm builds technically run afoul of that policy? I mean, it sounds like they want you to remote in, not mount via an SSH tunnel. You're probably right, I didn't think of that. Mounting drives over ssh is explicitly okay, but I can't see them being very happy about a local cache. I guess it's a good thing I'm not using it then 
|
|
#
?
Oct 9, 2017 20:45
|
|
|
Nippashish posted:I love pycharm but there are plenty of situations where you can't use it. The one that comes up for me most often is that pycharm gets mad as hell if your code is on a slow drive, or a drive with intermittent connectivity. Accessing code from my laptop at work means ssh-ing to a workstation that can see the code through on network drive, and this means latency is high enough that pycharm locks up whenever it decides to look really hard at all the source files. If I kill the ssh tunnel (by, say, closing my laptop) pycharm gets even angrier. Semi-Fake comedy answer: Run a docker instance with NoVNC on the workstation and use a web browser to control the IDE ala https://hub.docker.com/r/dlsniper/docker-intellij/
|
|
#
?
Oct 9, 2017 21:33
|
|
|
Nippashish posted:I love pycharm but there are plenty of situations where you can't use it. The one that comes up for me most often is that pycharm gets mad as hell if your code is on a slow drive, or a drive with intermittent connectivity. Accessing code from my laptop at work means ssh-ing to a workstation that can see the code through on network drive, and this means latency is high enough that pycharm locks up whenever it decides to look really hard at all the source files. If I kill the ssh tunnel (by, say, closing my laptop) pycharm gets even angrier. Are you allowed to clone the project locally? Nippashish posted:The canonical answer when I looked into this a couple years ago was to use the deployment feature in pycharm pro. I've used that feature in the past and it is in fact pretty dope, but it still fundamentally relies on having a local copy of the code to look at (in fact the canonical copy is local), but the whole reason I have to access code remotely in the first place is that work has a "no code on laptops" policy. Okay then, your workplace sucks. Maybe ask for a desktop so that you can have a real IDE at work without having to worry about what is apparently a shoddy network connection? Anyway, sssuming you're just using vim or something I still don't see how refactoring "from butt import foo" is going to be any harder than refactoring "import butt... <100 instances of butt.foo>". Even across multiple files with the former case you're only looking at changing the header of each file once
|
|
#
?
Oct 9, 2017 22:11
|
|
|
Nippashish posted:The canonical answer when I looked into this a couple years ago was to use the deployment feature in pycharm pro. I've used that feature in the past and it is in fact pretty dope, but it still fundamentally relies on having a local copy of the code to look at (in fact the canonical copy is local), but the whole reason I have to access code remotely in the first place is that work has a "no code on laptops" policy. You've made me feel 100%better about my own workplace's policies, which is pretty amazing. Encrypt whole drive+ keycard. Be sure to check your poo poo in periodically. If you really need something esoteric or secure, please enjoy one of our vdi machines.
|
|
#
?
Oct 9, 2017 23:27
|
|
|
My editor TCS e: too far?
|
|
#
?
Oct 10, 2017 04:19
|
|
|
Yeah, place where I work has a 'no source on laptops' policy so I just ssh in to my desktop and use emacs in a terminal.
|
|
#
?
Oct 10, 2017 05:00
|
|
|
QuarkJets posted:Are you allowed to clone the project locally? I do have a workstation, it's the machine that sees the code through a network drive, I just like to sit at places that aren't my desk while I work. Anyway, there are probably lots of reasons why pycharm doesn't work for my work situation. I only brought it up because editors that get mad when their files disappear are a pet peeve of mine and I wanted to complain about them in the coding horrors thread. The point is that even with a solid network connection you still get things grinding to a halt from the extra latency to access files (and then if you want to work from home everything really goes to hell). Nippashish fucked around with this message at 07:30 on Oct 10, 2017 |
|
#
?
Oct 10, 2017 07:25
|
|
|
Did you people know about this "no code on laptops" thing when you took the job? Are there non laptop computers you can use to make things less insane?
|
|
#
?
Oct 10, 2017 12:38
|
|
|
Company: No code on laptops. Coder: Sure. Unrelated, can I configure my ssh keys so I don't have to type my password when I login to the dev server? Company: Yes. Directions are in the new hire guide on the wiki.
|
|
#
?
Oct 10, 2017 14:33
|
|
|
Hey, I'm not even allowed to have code on the desktop I log into every day. I have to remote to a vm hosted miles away to do any kind of development.
|
|
#
?
Oct 10, 2017 15:47
|
|
|
smackfu posted:Did you people know about this "no code on laptops" thing when you took the job? Are there non laptop computers you can use to make things less insane? As Nippashish said, their workstation is allowed to directly access code via a netmount. They choose to use the laptop to have more flexibility about where they physically are when working, but as a consequence accept more latency in their file accesses. Which normally isn't a problem, but becomes an issue with IDEs that want to crawl the entire source tree. Frankly this isn't that insane. Consider the amount of damage that can be done with a single stolen laptop if that laptop had actual important documents on it. We've been doing similar stuff with email, docs, spreadsheets, etc. for years -- they're stored on The Cloud somewhere, not on the physical machine. It just took a bit longer to happen to source code.
|
|
#
?
Oct 10, 2017 15:55
|
|
|
Yeah, it doesn't seem extremely crazy. FWIW, Jetbrains IDEs don't actually crawl the source tree, they use inotify or the equivalent on Windows whose name I can't think of.
|
|
#
?
Oct 10, 2017 16:05
|
|
|
TooMuchAbstraction posted:Frankly this isn't that insane. Consider the amount of damage that can be done with a single stolen laptop if that laptop had actual important documents on it. We've been doing similar stuff with email, docs, spreadsheets, etc. for years -- they're stored on The Cloud somewhere, not on the physical machine. It just took a bit longer to happen to source code. Why not just use an encrypted hard drive / home folder / BitLocker ? If your laptop gets stolen while locked, your data is safe. If your laptop gets stolen while it's unlocked, the attackers could still use your SSH session anyway. NihilCredo fucked around with this message at 16:20 on Oct 10, 2017 |
|
#
?
Oct 10, 2017 16:18
|
|
|
NihilCredo posted:Please give me ALL the crutches for the weak, and every other kind too. Thanks. Type systems are crutches
|
|
#
?
Oct 10, 2017 16:32
|
|
|
NihilCredo posted:Why not just use an encrypted hard drive / home folder / BitLocker ? If your laptop gets stolen while locked, your data is safe. If your laptop gets stolen while it's unlocked, the attackers could still use your SSH session anyway. Because what with today's hardware will take a million years to crack, with tomorrow's hardware may take a few hours. The safest thing is to indeed not have any code on a laptop. It is a bit paranoid, but ... there's a reason behind the madness.
|
|
#
?
Oct 10, 2017 16:32
|
|
|
NihilCredo posted:Why not just use an encrypted hard drive / home folder / BitLocker ? If your laptop gets stolen while locked, your data is safe. If your laptop gets stolen while it's unlocked, the attackers could still use your SSH session anyway. I think it's to discourage any kind of file footprint. You might have the urge to put the files on a external harddrive to access it from another computer and yeah it'll still be locked but now it's on two laptops. While if the attacker gets the ssh password or something the company can just change the password and bam, those laptops won't be able to work anymore. Just guessing though could be completely wrong about this.
|
|
#
?
Oct 10, 2017 16:34
|
|
|
It can be pretty tricky to maintain a secure footing when your threat model is "things which don't exist".
|
|
#
?
Oct 10, 2017 16:36
|
|
|
Coffee Mugshot posted:Type systems are crutches computers are crutches
|
|
#
?
Oct 10, 2017 16:39
|
|
|
Nude posted:I think it's to discourage any kind of file footprint. You might have the urge to put the files on a external harddrive to access it from another computer and yeah it'll still be locked but now it's on two laptops. While if the attacker gets the ssh password or something the company can just change the password and bam, those laptops won't be able to work anymore. Just guessing though could be completely wrong about this. In general having your files going on walkabout makes security a lot harder. It's far easier to secure your data if it's only held in one place and can only be accessed through gateways that you control. Like you said, if a laptop with SSH access gets stolen, the attack window is however long it takes the laptop owner to report the theft and the security team to disable their access. Hopefully that's a shorter time than it takes for the attacker to crack the login password on the laptop, which means they aren't able to access anything. Whereas if a laptop with files on it gets stolen, that's it, there's nothing security can do except hope that the attacker gives up before cracking the HD encryption.
|
|
#
?
Oct 10, 2017 16:43
|
|
|
Volguus posted:Because what with today's hardware will take a million years to crack, with tomorrow's hardware may take a few hours. The safest thing is to indeed not have any code on a laptop. It is a bit paranoid, but ... there's a reason behind the madness. That's not how modern crypto works. 128-bit keys are strong enough that it's unlikely any will ever be brute forced before the sun swallows the earth, even if we dedicated so much computing power to the task that the average sci-fi author would think you were pushing the bounds of plausibility. 256-bit keys, as commonly used in security critical situations will take 2128 times longer than that. The actual realistic threats revolve around social engineering and hacking, and once someone has malware on your laptop while you're using it, it doesn't make the slightest difference whether the data is stored locally or not.
|
|
#
?
Oct 10, 2017 17:02
|
|
|
How damaging are source code leaks anyway? What would the damage be if e.g. Google had their entire monorepo leaked? Is there a serious risk that their competitors would actually use the code? You see source code leaks semi-frequently, but I can't offhand remember any that had dramatic consequences. Microsoft had big chunks of Windows leaked in the 2000s, but I think the damage was limited to a few extra security holes.
|
|
#
?
Oct 10, 2017 17:02
|
|
|
Soricidus posted:That's not how modern crypto works. 128-bit keys are strong enough that it's unlikely any will ever be brute forced before the sun swallows the earth, even if we dedicated so much computing power to the task that the average sci-fi author would think you were pushing the bounds of plausibility. 256-bit keys, as commonly used in security critical situations will take 2128 times longer than that. Hmm, those quantum computers proponents seem to think differently. They may be full of poo poo, or they may be onto something. Still, is easier to protect something that doesn't exist.
|
|
#
?
Oct 10, 2017 17:06
|
|
|
Athas posted:How damaging are source code leaks anyway? What would the damage be if e.g. Google had their entire monorepo leaked? Is there a serious risk that their competitors would actually use the code? You see source code leaks semi-frequently, but I can't offhand remember any that had dramatic consequences. Microsoft had big chunks of Windows leaked in the 2000s, but I think the damage was limited to a few extra security holes. Nobody would ever admit to using the code, because that would be illegal of course. But you can bet your rear end people would be digging through it looking for competitive advantages, and a few months after such a leak would happen suddenly everyone would have independently developed a lot of similar tools that just happen to replicate functionality that Google had internally but hadn't released to the public. Hell, even if there wasn't pressure from management to do that kind of stuff, there'd still be incentives at the individual-developer level. Want to get promoted? Show impact. Want to show impact? You can either develop things yourself, and therefore be constrained by the limits of what you have time to independently develop (and of course also by the limits of your own skill level)...or you can just nick someone else's already-implemented, tested-by-production implementation. Nobody else needs to know that you didn't write it yourself. It's the same principle as cheating on a test.
|
|
#
?
Oct 10, 2017 17:09
|
|
|
[quote="“Volguus”" post="“477242554”"] Hmm, those quantum computers proponents seem to think differently. They may be full of poo poo, or they may be onto something. Still, is easier to protect something that doesn’t exist. [/quote] Quantum computers will, IIRC, effectively halve the size of a symmetric key - so AES-128 may become breakable, but AES-256 will remain effectively impossible even against quantum computers. And if an early adopter of practical quantum computers wants your source code, you have bigger problems, like those tanks camped on your lawn. My point is that worrying about crypto strength is pretty much always wrong. Unless you rolled your own crypto, the weak point of your system is almost certainly somewhere else. Soricidus fucked around with this message at 17:47 on Oct 10, 2017 |
|
#
?
Oct 10, 2017 17:39
|
|
|
The attack isn't 'brute force the entire key space', the attack is based on guessing likely passwords. Either way I trust my company's security experts more than a random person on a paywalled comedy internet forum.
|
|
#
?
Oct 10, 2017 18:50
|
|
|
vOv posted:The attack isn't 'brute force the entire key space', the attack is based on guessing likely passwords. There is no case in which properly configured bitlocker is vulnerable to password guessing. If your threat model involves literally the cia then yes, maybe they can extract the key from your tpm. Or they could just bribe one of the other devs to give them your source code. I wonder which is a more plausible threat?
|
|
#
?
Oct 10, 2017 19:08
|
|
|
Soricidus posted:There is no case in which properly configured bitlocker is vulnerable to password guessing.  https://www.usenix.org/system/files/1401_08-12_mickens.pdf
|
|
#
?
Oct 10, 2017 19:12
|
|
|
|
| # ? Jun 1, 2024 01:41 |
|
|
It's as the old saying goes, the most effective password cracker is a lead pipe.
|
|
#
?
Oct 10, 2017 19:58
|
|
