|
I know what you’re thinking. How can caring about spelling in code be anything but pedantic? That danged strnig data type!
|
|
|
|
|
wow. Must have been a really slow news day.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
|
My gf's computer got hit by ransomware last year. Reformat drive, re-install OS, and recover documents that were happily stored elsewhere. An hour later, problem solved. (That was W7, haha.)
While ransomware is not the saddest thing that sadists do in the world, it's definitely another transaction in the block chain of despicable behavior with the genesis root of "Homo Sapiens."
Marc
|
|
|
|
|
raddevus wrote: it may be necessary to ban Bitcoin Sponsored by the banks, I dare say.
In other news, it was discovered that more than 90% of crimes involve money, either directly or indirectly, so money is being banned.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
If you find a problem you care about, you're more likely to stick with it through that incredibly confusing and intimidating first stage of your adventure. And even as you progress and become programmatically proficient, finding projects that personally interest you will help you learn new things. Yeah, whatever
|
|
|
|
|
This is the conclusion of a study carried out by cyber-security firm Avecto for the second year in a row, after, at the same time last year, it discovered that a sysadmin could mitigate 86% of all critical vulnerabilities Microsoft patched in 2015, just by taking the same action and disabling admin rights. And it only prevents getting any work done 49% of the time
|
|
|
|
|
Kent Sharkey wrote: And it only prevents getting any work done 49% of the time
Exactly!
It's not really Microsoft's fault, rather 3rd party programs (usually). It's definitely not the users / IT departments - they are forced into this compromised position.
The reason most companies "have" to turn their users into "admins" ... lots of the programs simply refuse to work otherwise. Things like registry settings, DLL calls, config file locations, network & peripheral coms, etc. tend to have restrictions per user access levels. Which in turn means the UAL needs to be escalated just so the program can be started. And trying to modify ACLs of all relevant files / reg keys / hw devices / etc. for each program on each user account becomes a complete hogwash of a task. Thus the simpler solution is to give the user account admin rights.
Unless Windows' security makes it easier to sandbox a program and force 3rd party developers to refrain from using admin-only paths this problem will not go away. The reason Linux gets it right is because it was like that from the very start. Windows only added this idea later, meaning lots of legacy programs tended to be incompatible with this add-on security system, which in turn meant users needed to turn it off. And since that tends to be the case nearly all the time, even newer programs are still written without regard for such rights limitations (to a lesser extent, but still causing the problem).
|
|
|
|
|
All they have to add is a suwindo command.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
I bet turning the computer off mitigates 100% of Microsoft vulnerabilities.
|
|
|
|
|
Witchcraft!
You must be a security EXPERT!
TTFN - Kent
|
|
|
|
|
Removing my dad from a keyboard mitigates 100% of all vulnerabilities, regardless of OS.
|
|
|
|
|
I have often suggested that every comment represents a failure to make the code self explanatory. /*this comment isn't necessary*/
|
|
|
|
|
What a lovely story.
For those who found it tl;dr grist:
If your code is more than just simple, basic, first-year-student-level statements: it needs commenting.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Unfortunately there is no comments section on his blog, as this is not a complex code issue, but a complex design issue. With a different design, his code problems vanish, and the code can follow a simple execution path. It's kind of a separation of concerns problem, where one concern is updating the cache and the other is returning the correct value to the client request. The cache should be updated when an order is placed, but the current value in the cache should always be returned to the client. I would cache the info in a table unless it is a very high volume site, then I would still cache it in a table, but would also have an in-memory cache for fast response.
|
|
|
|
|
Notebooks are a great learning resource that go beyond a REPL (an simple interactive console) in that they are effectively textbooks with islands of interactive code. It's even more powerful when you consider graphics, charts, and other interactive models. Is this going to be on the exam?
|
|
|
|
|
To combat Microsoft and Google, Amazon appears to be in the early stages of developing its own office suite, utilizing the power and ubiquity of its AWS platform to support it. Because the world needs another way to edit documents
|
|
|
|
|
Will it have a grammar checker, to tell people when to use a conjunction?
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Will it be based on LaTeX?
|
|
|
|
|
Service used by 5.5 million websites may have leaked passwords and authentication tokens. "You had one job"
|
|
|
|
|
We fetched a few live samples, and we observed encryption keys, cookies, passwords, chunks of POST data and even HTTPS requests for other major cloudflare-hosted sites from other users. Once we understood what we were seeing and the implications, we immediately stopped and contacted cloudflare security.
See Incident report on memory leak caused by Cloudflare parser bug[^] for a detailed analysis:
Quote: The root cause of the bug was that reaching the end of a buffer was checked using the equality operator and a pointer was able to step past the end of the buffer. This is known as a buffer overrun.
|
|
|
|
|
To underscore just how serious this is, read this comment (and some of its replies by the same author) on HN.
For context, the comment author is the co-counder of Matasano Security, and is one of the most respected members of the HN community. He's not prone to exaggeration or hyperbole, so if he says it's this bad, it likely really is this bad.
|
|
|
|
|
This is known as a buffer overrun.
In this day and age, programming languages that allow for buffer overruns should be banned.
Oh wait...
Marc
|
|
|
|
|
Do you know that its little brother, the arithmetic overflow, is NOT checked for by default in C# projects? You have to navigate thru the properties of your project, to the Build tab, click the Advanced button, then mark "Check for arithmetic overflow/underflow". Otherwise, no run-time exception will be thrown when multiplying a million by a million with 32 bit integers.
Since those bugs are so old, nobody cares anymore, and they will become much more common than they are now. Sure.
|
|
|
|
|
Bernhard Hiller wrote: the arithmetic overflow, is NOT checked for by default in C# projects?
Amusingly, I had tested that last week when I wrote the article on hashcash, because I wanted to verify that it did throw an exception on overflow, and lo-and-behold, it did not.
Didn't know about the option to enable it though. I'll have to look to see what other gems there are under Advanced.
Marc
|
|
|
|