|
if and switch are generally represented differently in the compiler's IR, and it's just that optimizers are usually smart enough to turn if/else chains into switches.
|
# ? Oct 12, 2017 05:59 |
|
|
# ? May 29, 2024 16:13 |
|
JawnV6 posted:Okay. You still can't discern a difference between "attacker who can clone a disk and execute find -name "*.c"" and "attacker who can clone a disk, extract SSH keys, determine the server through meticulous examination of command history, somehow gin up what they were doing on the long-closed remote session once they have access, all under a time limit before IT slams the door shut". Second group of folks seems a lot more clever and capable by the minute. No, I'm on the side that thinks that if you're looking to steal source code then it's better to clone an unlocked disk than to try and investigate a remote server through SSH. I just think that it's funny that you recognized that you could use the find command to identify source code but apparently you think that typing "!ssh" on an open terminal is some next level hacker poo poo
|
# ? Oct 12, 2017 07:05 |
|
I discovered something fun today and wrote a blog post about it. http://blog.mecheye.net/2017/10/urg/
|
# ? Oct 12, 2017 07:30 |
|
Suspicious Dish posted:I discovered something fun today and wrote a blog post about it. quote:How did everyone get confused and start misunderstanding the TCP urgent mechanism? Even today, despite Linux allowing you to My best guess is that the broken behavior is actually more useful than the one suggested by TCP.
|
# ? Oct 12, 2017 10:26 |
|
Suspicious Dish posted:I discovered something fun today and wrote a blog post about it. Huh, I didn't think anything used URG but here comes Telnet.
|
# ? Oct 12, 2017 14:01 |
|
This is where someone should step in with a Fermi estimate of how many nearly meaningless bytes URG bytes have been sent over the wire since TCP was invented.
|
# ? Oct 12, 2017 15:46 |
|
SupSuper posted:Your before-last paragraph seems to have a missing sentence: i'm a good proofreader. that was supposed to talk about SO_OOBINLINE but then i realized that it's actually useless and doesn't let you check whether you're in urgent mode. deleted.
|
# ? Oct 12, 2017 16:33 |
|
Munkeymon posted:Huh, I didn't think anything used URG but here comes Telnet. also, if you search for URG online it's supposedly used by FTP to high-priority commands during a file transfer, but I can't find any evidence of this in either FTP client source code or any of the many FTP RFCs (mainly 959, the revised FTP protocol spec, and 765, the first RFC which ported FTP from NCP to TCP)
|
# ? Oct 12, 2017 17:29 |
|
QuarkJets posted:I just think that it's funny that you recognized that you could use the find command to identify source code but apparently you think that typing "!ssh" on an open terminal is some next level hacker poo poo One being under a time limit is more pertinent than the relative "skills" of the attacker and your myopic focus on how clever this fellow is or is not keeps exposing how poo poo your underlying threat model of "exactly one server to ssh into" is.
|
# ? Oct 12, 2017 17:46 |
|
Suspicious Dish posted:i'm a good proofreader. that was supposed to talk about SO_OOBINLINE but then i realized that it's actually useless and doesn't let you check whether you're in urgent mode. deleted. Also, "urgency is an attribute of the TCP socket itself, not of a piece of data of data within that stream". Interesting read though, thanks!
|
# ? Oct 12, 2017 17:50 |
|
JawnV6 posted:One being under a time limit is more pertinent than the relative "skills" of the attacker and your myopic focus on how clever this fellow is or is not keeps exposing how poo poo your underlying threat model of "exactly one server to ssh into" is. Again, I know reading comprehension is hard for you, but we are on the same side of the argument
|
# ? Oct 12, 2017 23:43 |
|
The tone this discussion took may not be a coding horror, but it's definitely a horror.
|
# ? Oct 13, 2017 01:22 |
|
Thermopyle posted:The tone this discussion took may not be a coding horror, but it's definitely a horror. 50+% of coding is clear communication, so I'd say this qualifies.
|
# ? Oct 13, 2017 01:26 |
|
QuarkJets posted:No, I'm on the side that thinks that if you're looking to steal source code then it's better to clone an unlocked disk than to try and investigate a remote server through SSH. I just think that it's funny that you recognized that you could use the find command to identify source code but apparently you think that typing "!ssh" on an open terminal is some next level hacker poo poo So you're also presuming that the key used to SSH either has no password, or has been added to an ssh agent in the currently active session. Also that the server is even accessible on a public network, or that there is an active VPN connection or one available without password authentication
|
# ? Oct 13, 2017 02:13 |
|
Pollyanna posted:Remind me again why we don't like switch cases? I've always been told to avoid them, but I never quite understood why. If you're working in a functional language then you kinda need to use pattern matching anyway, but in other languages, you don't have much of a choice. It's not about disliking them. Switch cases have their uses and it usually comes down to readability. That being said there's a ton of esoteric bullshit that can go into it depending on which language, compiler, optimizations, etc. A buddy of mine once did an in-depth study on which was faster in .net: dictionary look up, switch statement, if/else chain. With different methods of generating them: in source, at runtime via expression trees, etc. They all had fairly different results in terms of performance and that's just a single language. tl;dr: Unless you need a specific level of performance out of it just do what is easier to read.
|
# ? Oct 13, 2017 04:58 |
|
Steve French posted:So you're also presuming that the key used to SSH either has no password, or has been added to an ssh agent in the currently active session. Also that the server is even accessible on a public network, or that there is an active VPN connection or one available without password authentication Nope, I'm not presuming anything like that. Here let me quote just the most relevant part: QuarkJets posted:No, I'm on the side that thinks that if you're looking to steal source code then it's better to clone an unlocked disk
|
# ? Oct 13, 2017 05:07 |
|
Who the gently caress would want to steal someone's lovely code? It's not like you're the loving NSA.
|
# ? Oct 13, 2017 06:44 |
|
Is it cheating to post this? https://github.com/raxod502/TerrariaClone ETA: quote:The TerrariaClone.init() method, which is over 1,300 lines long, actually grew so large that the Java compiler started running out of memory trying to compile it! The solution? Copy half of the init() code into a new method, called codeTooLarge(), and call that from init(). Loezi fucked around with this message at 07:56 on Oct 13, 2017 |
# ? Oct 13, 2017 07:47 |
|
Loezi posted:Is it cheating to post this? quote:The control flow is so labyrinthine that some of the code is actually indented by 23 tabs. Forget the 80-column rule -- these lines don't even start until column 92! Even if we discard the inline data tables, then the longest line in the codebase is still a whopping 387 characters long (you'll have to scroll to the right to read it) At least this guy is upfront about how awful it is. AotC fucked around with this message at 08:13 on Oct 13, 2017 |
# ? Oct 13, 2017 08:11 |
|
Odette posted:Who the gently caress would want to steal someone's lovely code? It's not like you're the loving NSA. Lol if your code is so worthless nobody would want to steal it.* * Note that there is a difference between would want to and actually bothers to follow through
|
# ? Oct 13, 2017 09:57 |
|
I just went through process of retrieving my bank information (yay for your bank not having correct infromation it failed to communicate it needs): - all the SMS messages for verification purposes display the sender as "probably the name of the dev that integrated it" rather than "name of the bank" - if your account is blocked, such information is not displayed anywhere - trying to send a message about issue number one gave me a hilarious "You can't use #, $, ', " in the content of the message", which is rather worrying (this is using the Account interface they're providing)
|
# ? Oct 13, 2017 12:39 |
JavaScript code:
Joda fucked around with this message at 14:51 on Oct 13, 2017 |
|
# ? Oct 13, 2017 14:49 |
|
do you imagine he just didn't spot the ! and hastily left a comment because i do that all the time
|
# ? Oct 13, 2017 15:15 |
|
Give 'em the ol' freshman logic 101 truth table for maximum shame.
|
# ? Oct 13, 2017 15:18 |
|
john donne posted:Give 'em the ol' freshman logic 101 truth table for maximum shame. Make sure to add a gigantic red arrow for ludicrous levels of shame.
|
# ? Oct 13, 2017 15:24 |
Suspicious Dish posted:do you imagine he just didn't spot the ! and hastily left a comment because i do that all the time Oh yeah, that's definitely possible. That's pretty much how we do it everywhere else, though, since massively nested if-statements are awful.
|
|
# ? Oct 13, 2017 15:24 |
|
Loezi posted:Is it cheating to post this? I've seen a function of that length. It had 0 useful comments, combined tabs and spaces, and determined if someone's health insurance paid out.
|
# ? Oct 13, 2017 15:24 |
|
Joda posted:Oh yeah, that's definitely possible. That's pretty much how we do it everywhere else, though, since massively nested if-statements are awful. it's likely he missed the the "!" because it's right next to an "i" and your brain blends "!i" together just like it blended the two "the"s at the start of this post
|
# ? Oct 13, 2017 15:36 |
|
Suspicious Dish posted:it's likely he missed the the "!" because it's right next to an "i" and your brain blends "!i" together just like it blended the two "the"s at the start of this post You son of a bitch
|
# ? Oct 13, 2017 15:39 |
|
iospace posted:I've seen a function of that length. It had 0 useful comments, combined tabs and spaces, and determined if someone's health insurance paid out. This is like the "for sale: baby shoes, never worn" of this thread.
|
# ? Oct 13, 2017 15:48 |
|
iospace posted:I've seen a function of that length. It had 0 useful comments, combined tabs and spaces, and determined if someone's health insurance paid out. America.java
|
# ? Oct 13, 2017 15:53 |
|
iospace posted:I've seen a function of that length. It had 0 useful comments, combined tabs and spaces, and determined if someone's health insurance paid out. Couldn't that just be reduced to code:
|
# ? Oct 13, 2017 15:55 |
|
iospace posted:I've seen a function of that length. It had 0 useful comments, combined tabs and spaces, and determined if someone's health insurance paid out. Optum?
|
# ? Oct 13, 2017 16:53 |
|
lifg posted:Optum? Nah.
|
# ? Oct 13, 2017 17:12 |
|
5TonsOfFlax posted:Couldn't that just be reduced to Nah, you have to at least look up their tax bracket to determine if they're a freeloader first, then deny them. (Spoiler: Only freeloaders need health insurance) Ranzear fucked around with this message at 18:50 on Oct 13, 2017 |
# ? Oct 13, 2017 18:24 |
|
iospace posted:I've seen a function of that length. It had 0 useful comments, combined tabs and spaces, and determined if someone's health insurance paid out. Please tell me it had no tests either.
|
# ? Oct 13, 2017 18:46 |
|
NihilCredo posted:Please tell me it had no tests either. Oh we could test it all right, but the thing was we had no clue how it worked. Nor did the people who wrote it by that point. (full disclaimer, this was C++, not Java)
|
# ? Oct 13, 2017 18:47 |
|
Speaking of early projects, I realized I found and hosted DerpShine again. It's a clone of that flash game BoomShine of course, but without the catchy piano roll. http://caliber.online/DerpShine.htm This was the earliest era of Chrome having hardware accelerated canvas, like 22 or 23, so doing 60fps was a big deal to me. It's a questionable implementation, but apparently I'm reducing Draw rate when Sim rate falls off. I totally cribbed this from my SuperTanks wankery, but it works really well with this (hopefully) fixed timestep game. My earliest notions of disconnecting draw rate from simulation rate. Code here: http://caliber.online/DerpShine.js Topically, almost all of the logic appears to be switch case on enums. Ranzear fucked around with this message at 18:55 on Oct 13, 2017 |
# ? Oct 13, 2017 18:50 |
|
Joda posted:
maybe they were trying to get you to make the code clearer by applying de morgan's laws
|
# ? Oct 14, 2017 00:34 |
|
|
# ? May 29, 2024 16:13 |
|
Hammerite posted:maybe they were trying to get you to make the code clearer by applying de morgan's laws I actually generally prefer ¬P ∨ ¬Q to ¬(P ∧ Q), because my desire to have as few parentheses as possible trumps my desire to have as few negations as possible. In the first example it's easier to see at a glance that P = F implies that the whole expression is true, which is important sometimes. The second example technically also has one more token in it than the first one, so while you and others may find it clearer, it's hard to argue that it's simpler. But I view all this as mostly a matter of personal taste, so I probably wouldn't tell anyone to change it one way or the other in a code review.
|
# ? Oct 14, 2017 12:46 |