|
Munkeymon posted:It should all be done in a widely-used library that someone else wrote (like https://en.wikipedia.org/wiki/Scrypt) so you don't have the chance to screw up your own implementation. There are higher-level libraries like libsodium which are even harder to gently caress up
|
# ? Nov 15, 2016 23:00 |
|
|
# ? May 31, 2024 15:01 |
|
If you have a website with a login page, all information should be going over https, right?
|
# ? Nov 16, 2016 03:43 |
|
Stinky_Pete posted:If you have a website Fixed that for you. I mean, doing everything over HTTPS does add overhead as you have to spend the cycles on encrypting things, but hey, if it's good enough for Google... More seriously, make certain at the very least that the login page's form target is https, as are all pages behind the login page. Probably good from a UI standpoint to make the login page itself be served over https so the user sees their browser's "this page is secure" indicator.
|
# ? Nov 16, 2016 04:37 |
|
It does technically add overhead but the overhead is so negligible it will not even register a blip on most production clusters.
|
# ? Nov 16, 2016 12:23 |
|
TooMuchAbstraction posted:Fixed that for you. It's basically a requirement from a security point of view to have the login page on https - while there isn't any information being transmitted unsecurely, https also ensures the website is unmodified. If you can change the login page, you can redirect the post output (or send it to multiple places) and steal the user / password that way. http://www.stealmylogin.com/ explains how this could work.
|
# ? Nov 16, 2016 12:40 |
|
robostac posted:It's basically a requirement from a security point of view to have the login page on https - while there isn't any information being transmitted unsecurely, https also ensures the website is unmodified. If you can change the login page, you can redirect the post output (or send it to multiple places) and steal the user / password that way. Ah ha, good call. I guess the lesson here is "never trust non-HTTPS content" (which is not the same thing as "trust HTTPS content" of course). Thanks for the correction.
|
# ? Nov 16, 2016 17:01 |
|
I don't have access to our live environment but I assume it is https. I really hope it is.
|
# ? Nov 17, 2016 01:40 |
|
Can anyone suggest any resources/online courses for QA/software testers (we usually handle web and mobile design) both free or paid, basics and advanced?
|
# ? Nov 18, 2016 04:05 |
|
Sab669 posted:Ah, I misspoke -- I didn't mean client side like JavaScript but if you had a thick client where a lot of the work is done on their machine, whether it be C# or Java or some other compiled language. A thick client on a really locked-down corporate environment might be OK handling password hashing... until someone get phished. So it's still not a great idea. The client really should use TLS, even on an internal network, but making the DB do it (if it's doing it at all!) is mainly a performance concern. Sedro posted:There are higher-level libraries like libsodium which are even harder to gently caress up Forgot about that But only because .Net has nice user managmenet that mostly Just Works so I haven't had to think about it in quite a while
|
# ? Nov 18, 2016 14:31 |
|
nielsm posted:The "blas" package contains the dynamically linked runtime libraries. You need this to run a program that links dynamically against BLAS. Jsor posted:It depends to some degree on the exact build environment. A lot of C or C++ programs/libraries tend to require headers naming the BLAS functions they're linking to and need devel. You could specify or package in your own BLAS headers, of course, when distributing your library's source. This is also kind of how Python's C FFI bindings work, where you have to manually specify the functions signatures in Python, meaning you only need the .dll/.so/.dylib/.a file because you're essentially providing your own header and it's simply searching for the functions in the library at link time (when you call cdll.LoadLibrary generally). Rust's FFI works similarly. Thanks you two. I'm from an aero/mech engineering background now doing a lot of HPC stuff. It's just I've always worked with proprietary/in house codes so there's never been an instance where I didn't need to (re)compile my code so the whole splitting of blas and blas-devel is new to me, though I get it now. About the compiling OpenBLAS myself: In general I always heard that this was a bad idea to use your own compiled software vs getting it from a package manager? I mean I have nothing to back this up or know where I even heard this from. It's just always been one of those "things" I've heard. Have I been completely misguided this entire time? I know that compiling OpenBLAS myself and throwing it into /usr/lib64 or whatever is a bad idea but I thought that kind of extended to "compiling OpenBLAS yourself when it's available in the package manager for your distribution is a bad idea as well because ______." I mean if that's not the case then why should I not compile my own gcc/gfortran with "-O2 -march=native" and then use that to compile my own OpenBLAS, mpich, boost, etc. etc, and throw it all into ~/home/local/ ?
|
# ? Nov 19, 2016 10:40 |
|
When it comes to optimization algorithms, what's a good place to build base knowledge? I have a EE/engineering background but looking at grad school options for operations research and it seems like optimization is a big part of this field.
|
# ? Nov 19, 2016 11:10 |
|
Howard Phillips posted:When it comes to optimization algorithms, what's a good place to build base knowledge? Are we talking optimization in the sense of "here's a function, find the inputs to the function that yield the highest/lowest value"? Or are we talking like "make this function run as fast as possible"? Because the two are very different.
|
# ? Nov 19, 2016 16:47 |
|
TooMuchAbstraction posted:Are we talking optimization in the sense of "here's a function, find the inputs to the function that yield the highest/lowest value"? Or are we talking like "make this function run as fast as possible"? Because the two are very different. If someone's looking at grad school in OR, it's pretty obviously the first sense. Optimization is really its own field, and it's not something that's easy to pick up on your own without taking a class. It's not generally taught in any real detail at the undergraduate level because the math requirements are a little too strict, so most programs won't assume that you're coming in with any significant background. As long as you have enough math and a good application otherwise, you'll be fine at the master's level. PhD programs are a different animal entirely.
|
# ? Nov 19, 2016 16:51 |
|
Yeah more of the former. I guess the big application for optimization applications or processes in OR is helping humans make better decisions with either a known data or a potentially unknown condition or parameter. Has vast commercial and government applications. Seems to be a growth field as far as back end development niche area.
|
# ? Nov 19, 2016 17:27 |
|
Howard Phillips posted:When it comes to optimization algorithms, what's a good place to build base knowledge? Maybe browse through something like: http://stanford.edu/~boyd/cvxbook/ ?
|
# ? Nov 19, 2016 22:10 |
|
Is there a general design pattern for building a simple database query interface? My thinking is start the select with all the fields possible, the build up a WHERE by going through the input fields. Maybe have an array that lists which comparison you are going to use, LIKE (for strings), = (for numbers) < or > (for dates or numbers)
|
# ? Nov 19, 2016 23:45 |
|
Bob Morales posted:Is there a general design pattern for building a simple database query interface? might want to be a bit more granular with the date field, or just use a picker, otherwise you're going to have to deal with different formatting
|
# ? Nov 20, 2016 00:03 |
|
JawKnee posted:might want to be a bit more granular with the date field, or just use a picker, otherwise you're going to have to deal with different formatting It would be a picker - I just made a form up to screenshot it
|
# ? Nov 20, 2016 13:45 |
|
I'm trying to debug a Google Sheets script custom function. It's kind of infuriating because you can't log from these functions. However, I can call an url. Can anyone think of any web services which can take a message as a query parameter and let me access the messages as a log? I don't even care if it's secure, but if it is, it needs to take an API key as query string as I can't set headers or anything. edit: obviously I could write something myself fairly trivially, but.... Thermopyle fucked around with this message at 00:02 on Nov 22, 2016 |
# ? Nov 21, 2016 23:56 |
|
Thermopyle posted:I'm trying to debug a Google Sheets script custom function. Why can't you log from those functions? They have a Logger class: https://developers.google.com/apps-script/reference/base/logger EDIT: or if you want to just log to a spreadsheet, use BetterLog: https://sites.google.com/site/scriptsexamples/custom-methods/betterlog
|
# ? Nov 22, 2016 00:03 |
|
ulmont posted:Why can't you log from those functions? They have a Logger class: Custom functions can't log when used in a spreadsheet (only when run from the script editor), and BetterLog doesn't work in custom functions either because custom functions are run as an anonymous user. I'm having a weird issue where the function works in the script editor but not in the sheet.
|
# ? Nov 22, 2016 00:09 |
|
So, I'm doing an SQL project for class and I just wanted to make sure my code is correct. Is this code right?code:
|
# ? Nov 25, 2016 18:13 |
Unless you're speaking some foreign language, "Moblie" and "Accomidations" are misspelled field names, better fix those before someone else ridicules you. Also consider whether those extremely abbreviated field names are really worth the minuscule savings in typing over the large gains you could have in code readability/maintainability. If I was grading a project, I'd deduct points for that sort of naming. Remember that double quotes can be used to quote identifiers such as field names, letting you use names that would otherwise clash with reserved words too. As for the syntax, if your DBMS eats it, it should be fine? It's not how I usually write foreign key constraints but I think yours is ANSI SQL compliant. Except, I'm not sure what this declaration is supposed to do: CONSTRAINT FOREIGN KEY(ADID_C,OID_C,CCID_C,TID_C) Do you really need that? I mean, you declare all those as foreign keys anyway. Why are your record ID's of CHAR type instead of INTEGER type? Good practice is to either use auto-incrementing ID numbers for records, or use auto-generated GUIDs for them. (Only use GUIDs if your DBMS has a native GUID data type.)
|
|
# ? Nov 25, 2016 18:28 |
|
nielsm posted:Unless you're speaking some foreign language, "Moblie" and "Accomidations" are misspelled field names, better fix those before someone else ridicules you. Also consider whether those extremely abbreviated field names are really worth the minuscule savings in typing over the large gains you could have in code readability/maintainability. Thank you
|
# ? Nov 25, 2016 19:01 |
|
Looking over my oldest questions on Stack Overflow this morning. I started asking questions on there within months of the site opening in 2008 and it's funny how wet behind the ears I was Funnily enough one of my highest rated questions is one of those newbie questions from 8 years ago and it still continually racks up votes. I find myself not asking questions on there nowadays because my questions are usually a little more...specialized? I dunno how to describe the nature of the questions exactly but once I started asking questions that would get zero answers I kind of stopped trying to even ask. I guess my question is: does this mirror anyone else's experience or did I just get bad at asking questions?
|
# ? Nov 25, 2016 19:04 |
|
Thermopyle posted:Looking over my oldest questions on Stack Overflow this morning. I started asking questions on there within months of the site opening in 2008 and it's funny how wet behind the ears I was stack overflow is pretty bad for anything that reasonable documentation couldn't answer trivially. forums and user groups have been much better for less trivial or more specialized things in my experience. though the private clones of it some middleware providers have can be good for questions on their middleware.
|
# ? Nov 25, 2016 19:26 |
Yeah that's also my experience with SO, asking questions that require real analysis and deep understanding usually doesn't give any answers, or only very poor answers. The format is somewhat bad for questions that need further clarification too, since you only get the comments that don't seem to be suited to thorough questions.
|
|
# ? Nov 25, 2016 19:44 |
|
StackOverflow is a giant sociology experiment to find out that, yes, when you incentivize people with achievements and points, they will put in the minimum effort to get those things, at the expense of actually being useful. And since you give the people that do the bare minimum power, of course they use it to mark every question ever as a duplicate, even if it's clearly not, because they're not willing to put in the effort to find out if it's actually a duplicate, and it's quicker than writing an answer for the same number of points.
|
# ? Nov 25, 2016 20:35 |
|
You seem bitter. I've gotten good use out of SO, both for searching for solutions to problems other people have had and for asking questions that haven't been asked before. It's not as good as good documentation, but sometimes that documentation isn't available, and rarely you encounter an issue that doesn't have an obvious/documented solution but does have a well-known-to-insiders solution.
|
# ? Nov 25, 2016 23:01 |
|
I'm running some CUDA code on my GPU and sometimes it completes successfully and other times it fails with an "unknown" CUDA error, even though it's the same exact code running. What could be causing these weird failures? I'm guessing it might have something to do with the GPU overheating, since I know that if the GPU overheats when playing games weird artifacts could appear in the game.
|
# ? Nov 26, 2016 03:19 |
|
SO is fantastic for "beginner questions" that are relatively trivial for someone who already has a deep knowledge of the problem domain to see what the issue is. The gamification really encourages those domain experts to churn through those problems and provide answers quickly. It's way less useful once your question requires actual effort to answer, because most people (even if they are domain experts) move on to easier questions instead of bothering.
|
# ? Nov 26, 2016 03:19 |
|
qkkl posted:I'm running some CUDA code on my GPU and sometimes it completes successfully and other times it fails with an "unknown" CUDA error, even though it's the same exact code running. What could be causing these weird failures? I'm guessing it might have something to do with the GPU overheating, since I know that if the GPU overheats when playing games weird artifacts could appear in the game. Are you running the exact same code on different inputs? How about other applications running at the same time? That's all I can think of, like maybe t's running out of resources sometimes, though I would expect a known error message for that
|
# ? Nov 26, 2016 06:39 |
|
Yeah, I don't ask many questions on SO. Generally I find most of what I need doing documentation searches or experimenting myself. I have asked questions on SO when I've spent a very long time looking for an answer, or if all the documentation is outdated, but usually I end up getting a well upvoted question with no answer, or an extremely poor answer. The only times I get a good answer tend to be times where the answer is "this is a consequence of a known issue <link to bug tracker>" explaining why I couldn't figure it out, because it wasn't working as intended. If I'm looking for something I don't entirely understand but probably could find eventually, but I need it answered quickly, I tend to just ask here because I won't get closed as duplicate/vague and downvoted into oblivion because I didn't guess the magic words I needed to find the answer to a poorly asked question from 3 years ago. Linear Zoetrope fucked around with this message at 07:13 on Nov 26, 2016 |
# ? Nov 26, 2016 07:06 |
|
Stinky_Pete posted:Are you running the exact same code on different inputs? How about other applications running at the same time? That's all I can think of, like maybe t's running out of resources sometimes, though I would expect a known error message for that Same code, and it has no inputs. I'm running Chrome but nothing that would use the GPU a lot. I guess it might be running out of memory, I could try running two instances of the program at the same time and see if they fail twice as fast.
|
# ? Nov 26, 2016 08:00 |
|
leper khan posted:stack overflow is pretty bad for anything that reasonable documentation couldn't answer trivially. forums and user groups have been much better for less trivial or more specialized things in my experience. Yeah, I have a similar experience with SO. Most questions I look up are just simple documentation gaps or just shortcuts from googling, and they're usually correct or close enough that I don't need to ask anything. A few I've written and then essentially answered for myself because that's what happens when you rubber duck a problem. The few answers I get on deeper questions have usually been from maintainers monitoring their hashtags.
|
# ? Nov 26, 2016 12:27 |
|
Maluco Marinero posted:The few answers I get on deeper questions have usually been from maintainers monitoring their hashtags. Yeah, this is the big thing. I've gotten really good responses for the JOOQ and the Microsoft Azure ADAL4J libraries, since the devs seem to be monitoring SO. Honestly, most of the time writing up a half-decent question for SO leads me to solve my own problem. You need to be able to reproduce the issue in a toy-problem in about 50 lines of code if you want anyone to bother reading it, and you need to limit your example code to only use the one library you're asking about, and you need to clearly state what you expect your code to do and what it is actually doing.
|
# ? Nov 26, 2016 20:28 |
|
I've used several libraries where the devs specifically say to use whatever tag on SO to get support. Seems to work out alright. But yeah, SO isn't that great for more advanced discussions, but, at least for me, it helped me a lot when I was getting started. I remember finding lots of info about the best way to do different things like getting unique items from a python list or whatever.
|
# ? Nov 26, 2016 20:45 |
|
What is a good example of a simple CPU to use if you want to experiment with writing an emulator or assembler or something?
|
# ? Nov 28, 2016 03:55 |
|
Bob Morales posted:What is a good example of a simple CPU to use if you want to experiment with writing an emulator or assembler or something? i hear chip8 is popular for doing some of that. there's a thread for it somewhere. anything from an 80s console was relatively simple, but still might be more complex than what you're looking for. e.g. 6502 or a z80.
|
# ? Nov 28, 2016 03:59 |
|
|
# ? May 31, 2024 15:01 |
|
Bob Morales posted:What is a good example of a simple CPU to use if you want to experiment with writing an emulator or assembler or something? I've been writing a CHIP-8 emulator for Haskell and it's pretty easy to work with. There's some quirks, but it's a lot simpler than other architectures (only about 30 opcodes, a fairly regular register set, and not too much weird stuff except the delay/sound timers, and those are pretty easy to understand.)
|
# ? Nov 28, 2016 04:08 |