|
Encryption is legit hard. It's so loving hard that it seems kinda sorta simple. Add to that the dumbs who think that because they can't read it, it's encrypted.
|
#
?
Apr 28, 2012 20:26
|
|
|
|
| # ? Apr 29, 2024 11:57 |
|
|
Security by 
|
|
#
?
Apr 28, 2012 21:51
|
|
|
Contero posted:I've seen this in a flight search api, because they struggled to get the xml to validate against their own schema.
|
|
#
?
Apr 29, 2012 00:00
|
|
|
Biowarfare posted:Nah, that was base64 of the quoted post. I've actually seen it encapsulated in XML like three levels deep. And some people actually consider it encryption I write embedded C for point of sale terminals (credit card readers with pinpads and displays essentially) for a bank as an external software vendor. The system which I've finally begun to rewrite uses xml over GPRS as its communications protocol. The xml structure is mostly plaintext, but the actual parameter values are encrypted using 3des with a MK/SK and then b64'd. Some of the parameters it downloads are xml configuration blobs. So, there's xml that's been encrypted and b64'd, which is then dumped into more xml as an element's value. Making the message parsing, decryption, and parsing the decrypted xml blob again all work within 256KB of effective userspace RAM was quite tricky...
|
|
#
?
Apr 29, 2012 00:12
|
|
|
beuges posted:I write embedded C for point of sale terminals (credit card readers with pinpads and displays essentially) for a bank as an external software vendor. The system which I've finally begun to rewrite uses xml over GPRS as its communications protocol. The xml structure is mostly plaintext, but the actual parameter values are encrypted using 3des with a MK/SK and then b64'd. Some of the parameters it downloads are xml configuration blobs. So, there's xml that's been encrypted and b64'd, which is then dumped into more xml as an element's value. Making the message parsing, decryption, and parsing the decrypted xml blob again all work within 256KB of effective userspace RAM was quite tricky... 256k of ram? What monster uC are you using?
|
|
#
?
Apr 29, 2012 00:19
|
|
|
Contero posted:Yep, seen this one before   
|
|
#
?
Apr 29, 2012 01:31
|
|
|
beuges posted:The system which I've finally begun to rewrite uses xml over GPRS We have a small uC and a tiny data pipe. I know, lets use XML! 
|
|
#
?
Apr 29, 2012 03:19
|
|
|
Otto Skorzeny posted:256k of ram? What monster uC are you using? It looks like There are some ARM cortex SoCs with that kind of SRAM. I've never even used a uC with 256kb of flash let alone RAM.
|
|
#
?
Apr 29, 2012 05:10
|
|
|
When doing defense contracting I wrote part of an experimental system that did real time XML updates (including base64 encoded pictures and videos in the XML!) to flying planes via a satellite or long range radio connection. Best case connection scenario was a directional radio beam. I doubt that ever made it on to a plane.
|
|
#
?
Apr 29, 2012 05:30
|
|
|
So what is the correct use of XML? I'm going to get asked about it tomorrow and I know nothing about its best practices.
|
|
#
?
Apr 29, 2012 20:47
|
|
|
XML is for data transfer between different systems, usually in a way that can be validated for correctness.
|
|
#
?
Apr 29, 2012 21:57
|
|
|
i.e. http://en.wikipedia.org/wiki/Electronic_data_interchange It's not for configuration files or for storing data which is what most muppets end up using it for. A recent discovery is using one XML tag with every configuration entity as an attribute. Added bonus of not being able not being able to insert comments between attributes. Consider 1,000+ lines of this: code:
|
|
#
?
Apr 29, 2012 22:11
|
|
|
GrumpyDoctor posted:So what is the correct use of XML? I'm going to get asked about it tomorrow and I know nothing about its best practices. XML was originally designed as an extensible document markup format, not as a data interchange format, and not as a data storage format. It didn't stop people from using it as either of those things. If you're going to get asked about it tomorrow, talk about data interchange, as that's widely considered the "accepted" use.
|
|
#
?
Apr 29, 2012 22:44
|
|
|
Like it was discussed above, the actual place to use XML is for structured text markup, it only truly excels when it makes sense to have text and tags interspersed. If your data must follow a very rigid structure where only very specific elements can be contained in other very specific elements and text nodes are generally only used at the innermost level (or not at all), then XML is probably the wrong choice. (Use JSON, Yaml, or even INI files, instead.) If your data are mostly free-form and the elements allow for mostly free-form nesting, and meaning/intent is expressed through the choice of how to put text and tags inside other tags, then XML is probably a decent choice. But it's questionable whether that's what an interviewer or professor wants to hear.
|
|
#
?
Apr 29, 2012 22:51
|
|
|
MrMoo posted:It's not for configuration files or for storing data which is what most muppets end up using it for.
|
|
#
?
Apr 29, 2012 23:58
|
|
|
Gazpacho posted:Developers use it for those things because it provides code reuse advantages over what was done before, namely defining a binary or otherwise ad hoc format. Trying to confine a technology to some historical vision is generally a losing bet.
|
|
#
?
Apr 30, 2012 00:27
|
|
|
BonzoESC posted:It was used for that before JSON was discovered, and that's why it's still popular. It's not even bad at it, it's developer readable, and depending on how much metadata you have for your format, frighteningly easy to debug. XML is also impressively easy to mess up on. I've seen software crash because there was whitespace between tags, which caused text nodes to be generated in the DOM tree where it expected another element.
|
|
#
?
Apr 30, 2012 00:33
|
|
|
If you ever write an XML parser yourself you are doing something horribly wrong and should stop before you hurt someone.
|
|
#
?
Apr 30, 2012 02:14
|
|
|
Jabor posted:If you ever write an XML parser yourself you are doing something horribly wrong and should stop before you hurt someone. What if you're writing an XML parser for compatibility with a broken XML parser in a commercial product?
|
|
#
?
Apr 30, 2012 02:16
|
|
|
Suspicious Dish posted:What if you're writing an XML parser for compatibility with a broken XML parser in a commercial product? Well, then you're not really writing an XML parser, are you? You're writing a parser for a DSL that just happens to look superficially similar to XML.
|
|
#
?
Apr 30, 2012 02:19
|
|
|
Jabor posted:If you ever write an XML parser yourself you are doing something horribly wrong and should stop before you hurt someone. Hell, I would go so far as to say that an overwhelming majority of coding horrors are a result of rolling your own stuff instead of using library functions. Unless you're using php. In that case, 
|
|
#
?
Apr 30, 2012 02:27
|
|
|
Jabor posted:Well, then you're not really writing an XML parser, are you? That's how I'll think of it from now on. Even though we're reimplementing an API called "XML". (If you're curious, the Flash XML parser is extremely loving broken. We initially were using libxml2, but stopped.)
|
|
#
?
Apr 30, 2012 03:01
|
|
|
Suspicious Dish posted:(If you're curious, the Flash XML parser is extremely loving broken. We initially were using libxml2, but stopped.) I remember when XML got introduced to flash, it was slow. It was so slow in fact that a homerolled actionscript version was remarkedly faster than the native approach. This was in flash 5. Good to see adobe still hasn't quite gotten XML parsing yet.
|
|
#
?
Apr 30, 2012 11:03
|
|
|
KARMA! posted:Good to see adobe still hasn't quite gotten XML parsing yet. If you're curious, you can read their XML parser, as they opened it as part of Tamarin: XMLParser16.cpp (yes, that filename means your fears are real)
|
|
#
?
Apr 30, 2012 11:06
|
|
|
BonzoESC posted:before JSON was discovered I like this idea that markup languages are "discovered." I suppose it makes sense if you consider the space of markup languages which represent the same things as JSON does as a countably infinite set from which JSON merely needed to be picked out, though I think if you use that then the definition of "discover" starts to break down...
|
|
#
?
Apr 30, 2012 11:55
|
|
|
Suspicious Dish posted:If you're curious, you can read their XML parser, as they opened it as part of Tamarin: XMLParser16.cpp (yes, that filename means your fears are real) code:
|
|
#
?
Apr 30, 2012 12:57
|
|
|
 Jeff Atwood strikes again! El Jefe posted:The upside is that once you enable [two-factor authenitcation for GMail], your email becomes extremely secure, to the point that you can (and I regularly do) email yourself highly sensitive data like passwords and logins to other sites you visit so you can easily retrieve them later.
|
|
#
?
Apr 30, 2012 13:19
|
|
|
In a case of strange coincidence (or not), here's Crockford talking about "discovering" JSON: http://inkdroid.org/journal/2012/04/30/lessons-of-json/
|
|
#
?
Apr 30, 2012 16:28
|
|
|
code:
|
|
#
?
Apr 30, 2012 19:42
|
|
|
It makes no sense because those functions used to do other things and they've since been mostly trimmed to their current functionality but it works despite making no sense; fortunately you can check earlier versions to see what the functions did and who changed them into this mess so I'm sure it'll be no trouble at all to sort everything out. cue lack of version control cue rousing orchestral celebration of incompetence
|
|
#
?
Apr 30, 2012 20:11
|
|
|
pokeyman posted:cue rousing orchestral celebration of incompetence What would you recommend as the inverse of Fanfare for the Common Man? Chicken on the Rocks?
|
|
#
?
Apr 30, 2012 20:14
|
|
|
GrumpyDoctor posted:So what is the correct use of XML? I'm going to get asked about it tomorrow and I know nothing about its best practices. It's a language for generating markup languages.
|
|
#
?
Apr 30, 2012 20:45
|
|
|
I've been in maintenance programming hell the past week as I had to: A) find and fix horrible security flaws in one antique but still active site, and B) thud and blunder through another even older piece of software that is suckled onto our main app like a lamprey, so that I can gain enough understanding of its internals to properly clone all the functionality we want out of it and eventually migrate all data into this new section of our own app that I'm designing*. That Chicken on the Rocks actually makes these tasks a little more endurable. I might have to make a "Bad code expedition" playlist with stuff like that and maybe the Cash for Gold song from southpark. * It's not reinventing the wheel, I swear. It's more like kicking a rectangular table over and using it as a wheel. It's elimination of a huge technical debt that was docked onto our software long ago when time to market was critical and IT resources were thin and stretched. Now that the business has reaped short term gains from that move in their first couple years, it's time to mitigate the long term losses because in production it takes endless man hours to get anything done in that beast. And constructing accurate reports? Their super terrible schema makes it feel like you're reading tea leaves.
|
|
#
?
Apr 30, 2012 20:51
|
|
|
Jonnty posted:I like this idea that markup languages are "discovered." I suppose it makes sense if you consider the space of markup languages which represent the same things as JSON does as a countably infinite set from which JSON merely needed to be picked out, though I think if you use that then the definition of "discover" starts to break down... It's not that they're all discovered, it's that somebody realized that the object literal notation in JS could be general-purpose.
|
|
#
?
Apr 30, 2012 21:56
|
|
|
BonzoESC posted:It's not that they're all discovered, it's that somebody realized that the object literal notation in JS could be general-purpose. Oh. Fair enough. I'm still gonna stick to my definition though...
|
|
#
?
Apr 30, 2012 22:31
|
|
|
BonzoESC posted:It's not that they're all discovered, it's that somebody realized that the object literal notation in JS could be general-purpose. And slowly the world caught up with Perl...
|
|
#
?
Apr 30, 2012 22:36
|
|
|
Internet Janitor posted:What would you recommend as the inverse of Fanfare for the Common Man? Chicken on the Rocks? https://www.youtube.com/watch?v=hpJ6anurfuw
|
|
#
?
Apr 30, 2012 22:50
|
|
|
I used XML for a config file because the data is very basic and C# has built in libraries for serializing/deserializing it. Am I a bad person? 
|
|
#
?
May 1, 2012 00:50
|
|
|
HappyHippo posted:I used XML for a config file because the data is very basic and C# has built in libraries for serializing/deserializing it. Am I a bad person? Was there a particular reason .ini wouldn't work?
|
|
#
?
May 1, 2012 00:55
|
|
|
|
| # ? Apr 29, 2024 11:57 |
|
|
I'd have to write my own parser? Right now it's "deserialize this file -> now I have an object with the info" where the deserialization is built in. It also seems (to me) more extensible in the future with less effort.
|
|
#
?
May 1, 2012 00:59
|
|