|
I don't really see anything wrong with expected test failures. Shipping with known issues is not exactly an uncommon thing to do, and it's important to be able to distinguish between known issues and new issues.
|
# ? Mar 2, 2012 18:04 |
|
|
# ? Apr 26, 2024 15:26 |
|
this is the best test: http://gcov.php.net/viewer.php?version=PHP_5_4&func=tests&file=ext%2Fopenssl%2Ftests%2F001.phptcode:
quote:Expected
|
# ? Mar 2, 2012 19:08 |
|
Aleksei Vasiliev posted:this is the best test: http://gcov.php.net/viewer.php?version=PHP_5_4&func=tests&file=ext%2Fopenssl%2Ftests%2F001.phpt I am not a system-level developer, but what does "stacking up entropy" mean?
|
# ? Mar 2, 2012 19:11 |
|
prefect posted:I am not a system-level developer, but what does "stacking up entropy" mean? Collecting random noise from which to generate cryptographically strong random numbers.
|
# ? Mar 2, 2012 19:17 |
|
And noise can be from various sources, like external RNG hardware, or simpler things like core voltage or mouse/keyboard movement and timing.
|
# ? Mar 2, 2012 19:19 |
|
ymgve posted:And noise can be from various sources, like external RNG hardware, or simpler things like core voltage or mouse/keyboard movement and timing. I guess I assumed that it would just be "call some random-number generator". (This may be why I don't work in that area.)
|
# ? Mar 2, 2012 19:20 |
|
prefect posted:I guess I assumed that it would just be "call some random-number generator". (This may be why I don't work in that area.) Computers cannot be completely random by their nature; a random-number generator merely produces predictable numbers according to a formula that ensures a uniform distribution over time. It has to base its randomness on something other than pure CPU activity. "Stacking entropy" is just a fancier, more in-depth version of calling srandom(get_current_time()). haveblue fucked around with this message at 19:24 on Mar 2, 2012 |
# ? Mar 2, 2012 19:22 |
|
PHP uber alles
|
# ? Mar 3, 2012 00:04 |
|
Aleksei Vasiliev posted:this is the best test: http://gcov.php.net/viewer.php?version=PHP_5_4&func=tests&file=ext%2Fopenssl%2Ftests%2F001.phpt Well it's no wonder it times out. The first lines are code:
|
# ? Mar 3, 2012 02:25 |
|
No, it usleeps for $i seconds. Assuming that the argument is 'sleep time in microseconds' that's about half a second total of sleeping.
|
# ? Mar 3, 2012 02:30 |
|
pokeyman posted:
i!=z E: What the guy above me said
|
# ? Mar 3, 2012 02:32 |
|
Oh poo poo, my bad.
|
# ? Mar 3, 2012 06:06 |
|
Plorkyeran posted:I don't really see anything wrong with expected test failures. Shipping with known issues is not exactly an uncommon thing to do, and it's important to be able to distinguish between known issues and new issues. Well they're shipping it with 82 failures and only 44 of them are expected. Also 1119 compiler warnings e: Most of the compiler warnings are just not using typedefs and other casting warnings though, so they're not as horrible. Look Around You fucked around with this message at 06:37 on Mar 3, 2012 |
# ? Mar 3, 2012 06:35 |
|
Here I was thinking that an expected failure was something like assert(functionThatShouldReturnTrueFor(args) (don't ask me why you wouldn't do it the other way around though).
|
# ? Mar 3, 2012 07:49 |
|
http://gcov.php.net/viewer.php?version=PHP_5_4&func=expected_tests&file=Zend%2Ftests%2Fmethod_static_var.phptquote:
This is so loving dumb holy gently caress. Also is PHP supposed to be case sensitive? e: this is one of their "expected test failures" e2: A few of their expected test failures actually segfault. Look Around You fucked around with this message at 08:05 on Mar 3, 2012 |
# ? Mar 3, 2012 08:01 |
|
pokeyman posted:
Slightly off topic, but is that the comma operator in the loop initialization? I've been looking for an example of it in a situation that wasn't horribly contrived. Drape Culture fucked around with this message at 17:29 on Mar 3, 2012 |
# ? Mar 3, 2012 17:25 |
|
ManlyWeevil posted:Slightly off topic, but is that the comma operator in the loop initialization? I've been looking for an example of it in a situation that wasn't horribly contrived. Yes. IIRC using it like that is a common idiom in other C-like languages, not just PHP.
|
# ? Mar 3, 2012 17:38 |
|
code:
|
# ? Mar 3, 2012 18:37 |
|
2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are:quote:1) In C#, how do you figure out if a collection such as a IList<T> or array is empty? I'm getting a bit worried.
|
# ? Mar 3, 2012 18:55 |
|
wwb posted:2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are: Holy crap that's bad.
|
# ? Mar 3, 2012 19:18 |
|
wwb posted:2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are: What are the credentials of those people, did they have any programming (in C#) on their CV at all? This scares me.
|
# ? Mar 3, 2012 19:39 |
|
gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it?
|
# ? Mar 3, 2012 19:43 |
|
ymgve posted:gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it? I don't know the company or the specific job posting, but I'm guessing if someone said "There's a count() or a size() method on the list, I can't remember the exact name, but I'd use that" then it'd be ok. But I dunno.
|
# ? Mar 3, 2012 20:15 |
|
ymgve posted:gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it? Yes (or at least everywhere in ICollection). Similarly, all Scala and Java collections support an isEmpty method. I'm not sure I could answer those specific questions on account of not knowing C#, but I could certainly answer them in any programming language I do know.
|
# ? Mar 3, 2012 20:40 |
|
wwb posted:2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are: For 2b, would you accept the use of code:
I prefer to save the "can you actually code" questions until they come in for the in-person, and then have them do it with an IDE. Coding over the phone sucks. Your first question, although you'd expect that anyone with a reasonable level of proficiency would be able to answer, it doesn't show anything other than that they've read some code before. Your second question is better because it makes them solve a simple problem. FizzBuzz really is one of the best benchmarks I've seen, though. It covers looping and conditionals and doesn't require any trivia to implement correctly, although a surprising number of people get hung up on the modulus operator. #1 becomes trickier if you ask "What's the best way to determine if an IEnumerable<T> contains any elements?", because IEnumerable doesn't contain a Count property, it has a LINQ Count() extension method. The best way for an IEnumerable would be to use Any(), since Count() requires iterating over the entire collection, and Any() will immediately return true on the first element it hits. [edit] Hey, this isn't the interview thread! New Yorp New Yorp fucked around with this message at 21:44 on Mar 3, 2012 |
# ? Mar 3, 2012 21:32 |
|
ymgve posted:gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it? You'd want to use .Any(), Count() will enumerate the collection.
|
# ? Mar 4, 2012 02:05 |
|
Atimo posted:You'd want to use .Any(), Count() will enumerate the collection.
|
# ? Mar 4, 2012 02:12 |
|
Ithaqua posted:iList has a Count property.
|
# ? Mar 4, 2012 02:56 |
|
Look Around You posted:http://gcov.php.net/viewer.php?version=PHP_5_4&func=expected_tests&file=Zend%2Ftests%2Fmethod_static_var.phpt That's what happens when you write your code while doped up on acid.
|
# ? Mar 4, 2012 05:54 |
|
Both resumes had several years of professional experience.quote:I don't know the company or the specific job posting, but I'm guessing if someone said "There's a count() or a size() method on the list, I can't remember the exact name, but I'd use that" then it'd be ok. But I dunno. Exactly. What I'm looking for is someone who can say without thinking "Yeah, I'd check to see if the list has zero items in it." Bonus points for differentiating between techniques or checking for null first. The split in this thread on this question is interesting, and I've seen a bit of the same in the interviews -- some folks get stuck on "crap, what is the syntax" and don't get to the logical part of what you are looking for. I'm kind of struggling with this myself having never been horribly trained and brought up in normal programming but rather in solving problems with computers sometimes using code so I think that way. Which is a really long winded way of saying I'm open for suggestion as to a better way to ask the question. @Ithaqua: The capitalization in 2b is a bit of a red herring, really looking to see that someone can handle concepts of "loop through collection and do something conditional with it". Picked captialization because it was easy, I figured everyone knew .ToUpper(). Was originally designed to be a MVC3 / Razor question but nobody has been comfortable enough over there. quote:I prefer to save the "can you actually code" questions until they come in for the in-person, and then have them do it with an IDE. Coding over the phone sucks. Your first question, although you'd expect that anyone with a reasonable level of proficiency would be able to answer, it doesn't show anything other than that they've read some code before. Your second question is better because it makes them solve a simple problem. Yeah, we got a whole (small) project for them to do with an IDE, but I don't want to waste their or my time setting things up if they can't handle very, very basic things anyone who has coded anything in any semblance of a modern language should be able to handle.
|
# ? Mar 4, 2012 16:58 |
|
I have to write some code to control a water chiller over an RS-232 line. This ought to be an easy job but it's turning out to be difficult because the manufacturer came up with the most jacked up serial transmission protocol I've seen in a long time. Fun features include: 1) Data arrives in a variable length format with no termination character. Just throw each incoming byte into a buffer and then look to see if the buffer contains a valid command I guess. I have no idea how to handle a case where some data gets munged during transmission causing the data buffer to never match a known command pattern. Detect timeout/buffer overflow? Testing every byte that arrives is clearly much simpler than just waiting until a termination character shows up. 2) Some measured values like water temperature or pressure are reported with variable precision. Low-precision values are transmitted with two bytes while high-precision values are transmitted with four bytes. The precision can change unpredictably during operation so you have to query what mode the system is in before requesting data. This is clearly simpler than just always transmitting four bytes for both formats. What happens if the precision mode changes between the query and data request commands? 3) Some of their command naming conventions are absolutely bizarre. There is a command named SetArray that sends one byte. SetArray(0) turns the machine off, SetArray(1) turns it on, SetArray(2) causes the machine to return an error string that incidentally also tells you if the device is on or off so you can query its state. 4) There are only three error codes - 'bad data', 'bad value', and 'the system is on or off'. What is the difference between having bad data or having a bad value? No loving idea, the manual doesn't waste time on such trivial concerns. Reporting the on/off state as an error is cute. 5) Not really a coding thing, but once you've started talking to the device via the RS-232 port it locks out the front panel buttons except for the 'power off' button. That isn't totally crazy, lots of devices have local/remote control modes. What is crazy is that you can't turn the device on from the front panel once it's in remote mode. You can only turn it on via RS-232, with the SetArray(1) command. This 'feature' isn't covered in the manual so I spent a good hour thinking our new chiller was broken when all of the front panel buttons went dead.
|
# ? Mar 4, 2012 18:23 |
|
Maybe "bad value" means you sent something invalid as a command and "bad data" means you sent something invalid as an argument to a command? That sounds really awful, dude.
|
# ? Mar 4, 2012 18:35 |
|
https://github.com/rails/rails/issues/5228 Russian programmer discovers massive security vulnerability in Rails. He reports it to the issue tracker, then the issue gets closed by Rails devs. He uses it to re-open the issue, as a proof-of-concept. Rails devs close it again. He files Issue #5239: I'm Bender from Future. from the year 3012, and re-opens the original issue. Rails devs close it again. He submits a new file, "hacked", to the main Rails repository and re-opens the original issue.
|
# ? Mar 4, 2012 19:58 |
|
So looking into it, that attack happened/was possible because Rails developers (including Github!) have a habit of stuffing data directly from HTTP params into Rails's ORM without validation. That's insane.
|
# ? Mar 4, 2012 20:50 |
|
Haystack posted:So looking into it, that attack happened/was possible because Rails developers (including Github!) have a habit of stuffing data directly from HTTP params into Rails's ORM without validation. That's insane. Imagine code like this (which is probably all over various Rails apps) code:
You are supposed to define "attr_accessible" in your models to whitelist what attributes are allowed to be updated in this mass-assignment manner. It seems like perhaps attr_accessible should default to an empty list so that nothing could accidentally be stomped on in this way?
|
# ? Mar 4, 2012 22:57 |
|
Here's the Github announcement: https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation
|
# ? Mar 5, 2012 00:26 |
|
kitten smoothie posted:It seems like perhaps attr_accessible should default to an empty list so that nothing could accidentally be stomped on in this way? It feels like you are solving the wrong problem though “Let's just turn register_globals off by default”.
|
# ? Mar 5, 2012 00:30 |
|
I like how the Rails guys are all "but insecure-by-default is a feature!"
|
# ? Mar 5, 2012 00:48 |
|
Aleksei Vasiliev posted:Here's the Github announcement: https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation Github has reinstated his account. So that's good at least.
|
# ? Mar 5, 2012 04:06 |
|
|
# ? Apr 26, 2024 15:26 |
|
Here's how he did it. I don't speak Rails, but from all the hubbub from those classy rockstars over on Hacker News, apparently any random Rails application may suffer from the same problem unless they expressly turn off the ORM magic that makes it possible.
|
# ? Mar 5, 2012 05:18 |