|
seiken posted:This kind of failure to be comfortable with the most basic rules of your language is why we end up with poo poo like if (bool_value == true) .... There's a difference between 'understanding that conditionals take booleans', and 'exploiting the fact that booleans are represented as integers to do arithmetic with them.' The latter is generally dubious, but it's especially dangerous in Python, because the traditional logical operators ('and', 'or') don't only return booleans. Let's take Suspicious Dish's example in Python: (a and b) * 100. This code is weird, and harder to read than the correct way to do write it (100 if a and b else 0) (warning number one!), but after examination, it looks like it should either return 0 or 1. Except that's not true at all. Imagine a is True (or 1, or otherwise truthy), and b is 2; then you'll end up with (True and 2) * 100 -> 2 * 100 -> 200. Or, if b is the string "a", you'll end up with "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa". Neither of those things are desirable or intuitive! And those are the kinds of outcomes that 'treating booleans as ints' leads to, especially in Python. (Though one could easily run into similar problems in e.g. C.) Bringing it back to your comparison, here's the key difference: if (bool_value == true) ... is longer code, to no benefit & reduced readability. 100 if a and b else 0 is longer code, to avoid common pitfalls and increase readability. Please don't play golf with your code.
|
#
?
Dec 18, 2013 23:23
|
|
|
|
| # ? Apr 29, 2024 02:52 |
|
|
http://forums.dayzgame.com/index.php?/topic/155358-security-vulnerabilities-fixed-by-patch-2-and-character-wipe/ Problem: Hackers used client side game scripts (I think?) to spawn themselves loot. Solution: Global character wipe.
|
|
#
?
Dec 19, 2013 04:44
|
|
|
Factor Mystic posted:http://forums.dayzgame.com/index.php?/topic/155358-security-vulnerabilities-fixed-by-patch-2-and-character-wipe/ During a testing period, that's totally reasonable.
|
|
#
?
Dec 19, 2013 04:47
|
|
|
This game has been out for two years now.
|
|
#
?
Dec 19, 2013 04:54
|
|
|
Suspicious Dish posted:This game has been out for two years now. Days. Two days. This is for the standalone version that just came out.
|
|
#
?
Dec 19, 2013 05:04
|
|
|
Sockser posted:Because I develop internal tools, I get to write whatever the hell I want. A lot of what I do is C# simply because I inherited a lot of C# code. And I've worked to improve a lot of that, which recently went from scrapping one huge project (~45000 lines of code) and rewriting it (down to a nice, maintainable, ~1200 including unit tests) so it's not like I'm not actively engaging myself in writing good code or anything like that, I loving hate the majority of code that gets written here even in our release stuff (I'm one of maybe a dozen people in the company with a CS degree and not an engineering degree if that says anything) As for theory stuff, I'd suggest that you find out what textbooks top-rated CS programs are using on your subjects of interest and buy some of them to study.
|
|
#
?
Dec 19, 2013 05:06
|
|
|
Mr.Hotkeys posted:Days. Two days. This is for the standalone version that just came out. I thought this was the latest rebrand of WarZ / Infestation: Survivor Stories.
|
|
#
?
Dec 19, 2013 05:12
|
|
|
Suspicious Dish posted:I thought this was the latest rebrand of WarZ / Infestation: Survivor Stories. It's not. It's the official standalone public alpha of an Arma 2 Zombie survival mod that got bought by the developer of that game. http://lmgtfy.com/?q=DayZ+Wikipedia&l=1
|
|
#
?
Dec 19, 2013 05:17
|
|
|
I found this method in a C++ mutex class the other day:code:
|
|
#
?
Dec 19, 2013 06:55
|
|
|
Is there another mutex class in the codebase that isn't threadsafe?
|
|
#
?
Dec 19, 2013 08:47
|
|
|
Suspicious Dish posted:I thought this was the latest rebrand of WarZ / Infestation: Survivor Stories. WarZ is the horrible knockoff that just ripped off the name, it was super terrible.
|
|
#
?
Dec 19, 2013 09:13
|
|
|
PleasingFungus posted:...endless rambling about python... I don't see what this has to do with a bunch of code examples that were very obviously not Python. That you had to switch to a different language (which, in this context, behaves completely differently) in order to argue makes it clear you prefer a cargo cult approach over considering code on its merits. Using bools as 0 and 1 in C is "code golf" my loving arse vv or c++ or any language where you can treat the result of a comparison as 0 or 1 seiken fucked around with this message at 19:12 on Dec 19, 2013 |
|
#
?
Dec 19, 2013 15:43
|
|
|
ANSI C doesn't have bools 
|
|
#
?
Dec 19, 2013 15:53
|
|
|
astr0man posted:ANSI C doesn't have bools C99 became an ANSI standard more than 13 years ago
|
|
#
?
Dec 19, 2013 16:48
|
|
|
C89 supremacy. There's still a ton of places that require C89 compliance due to needing to support legacy systems. So no using bool for me!
|
|
#
?
Dec 19, 2013 17:00
|
|
|
Linus on bool: https://lkml.org/lkml/2013/8/31/138
|
|
#
?
Dec 19, 2013 17:16
|
|
|
Reminder that using _Bool in a wire/disk format is a security hazard.
|
|
#
?
Dec 19, 2013 17:27
|
|
|
Objective-C on 64-bit iOS finally defines BOOL as bool instead of signed char, fixing a range of issues.
|
|
#
?
Dec 19, 2013 17:50
|
|
|
pseudorandom name posted:Reminder that using _Bool in a wire/disk format is a security hazard. Because 2 is only true depending on how you test, or is there another fun way for it to explode?
|
|
#
?
Dec 19, 2013 18:56
|
|
|
Optimizing compilers make assumptions about the possible values of a bool, which aren't necessarily true if the byte came from disk or the network instead of being assigned by C/C++ code. This means that the compiler could theoretically interpret truth to mean "not 0" in one location and "equal to 1" in another, allowing an attacker to use a value other than zero or one to execute "impossible" code paths. And since bools can only possibly be true or false (as far as the compiler is concerned), things like "if (x != true && x != false) x = false;" get deleted as dead code and there's no way to sanitize the value of a bool once the untrusted byte has been read into the bool variable.
|
|
#
?
Dec 19, 2013 20:22
|
|
|
seiken posted:That you had to switch to a different language (which, in this context, behaves completely differently) in order to argue makes it clear you prefer a cargo cult approach over considering code on its merits. What? Pleasing Fungus's examples are in Python: pre:>>> (True and True) * 100 100 >>> (True and 2) * 100 200 >>> (True and "a") * 100 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'
|
|
#
?
Dec 19, 2013 20:30
|
|
|
Yes, you can do weird-looking things when bool inherits from int. I don't see a problem with this; it's a feature that preserves an old convention of using integers to represent true/false, and if you're intentionally using bool's int features and screw them up then that's on you (just like every other feature in every other language)
|
|
#
?
Dec 19, 2013 20:47
|
|
|
Opinion Haver posted:What? Pleasing Fungus's examples are in Python: eww you made python look like php
|
|
#
?
Dec 19, 2013 21:24
|
|
|
Dren posted:eww you made python look like php What? `s * n` repeats s n times, same thing in ruby. In PHP it does actual math: code:
|
|
#
?
Dec 19, 2013 21:29
|
|
|
Opinion Haver posted:What? Pleasing Fungus's examples are in Python: Yes. Nobody else was talking about python.
|
|
#
?
Dec 19, 2013 21:37
|
|
|
If I encounter true/false being used as ints that's an automatic rejection in code review. I don't care how elegant or whatever it is, it's a terrible idea.
|
|
#
?
Dec 19, 2013 21:55
|
|
|
pseudorandom name posted:Optimizing compilers make assumptions about the possible values of a bool, which aren't necessarily true if the byte came from disk or the network instead of being assigned by C/C++ code. Do you have a link for this
|
|
#
?
Dec 19, 2013 22:07
|
|
|
Don't read/write in-memory layouts. Problem solved.
|
|
#
?
Dec 19, 2013 22:09
|
|
|
So what's Python's excuse for logical operators returning values that aren't 1 or 0 or True or False or whatever?
|
|
#
?
Dec 19, 2013 22:16
|
|
|
Lets you do value = value or default.
|
|
#
?
Dec 19, 2013 22:23
|
|
|
The API service I'm trying to communicate with is sending me ampersands inside of its xml. And not &, just plain old & by itself. 
|
|
#
?
Dec 19, 2013 22:23
|
|
|
necrotic posted:What? `s * n` repeats s n times, same thing in ruby. In PHP it does actual math: A list of examples of operators behaving in incongruous ways depending on their arguments is php-like. I find Python code:
|
|
#
?
Dec 19, 2013 22:25
|
|
|
necrotic posted:What? `s * n` repeats s n times, same thing in ruby. In PHP it does actual math: IMO making * always an arithmetic operator makes more sense than overloading it in non-numeric contexts. The problem with PHPs behavior here is that it doesn't warn you about performing an arithmetic operation on non-numeric arguments. For all of Perl's ugliness, its behavior seems the best of all in this case: warning you about the bad operand to a multiplication and the resulting goofy coercion (refusing to do the coercion would also be fine), and having a separate operator for string repetition: code:quote:Argument "a" isn't numeric in multiplication (*) at t.pl line 4.
|
|
#
?
Dec 19, 2013 22:28
|
|
|
seiken posted:Yes. Nobody else was talking about python. The same thing is true in C as well.
|
|
#
?
Dec 19, 2013 23:33
|
|
|
Because I put a MessageBox in a catch block of my emailer program, every time an email address doesn't work, the box pops up and wont continue emailing until closed. Now I have to watch this thing for six hours as we send out 24,000 emails.
Crazy Mike fucked around with this message at 00:37 on Dec 20, 2013 |
|
#
?
Dec 19, 2013 23:42
|
|
|
Crazy Mike posted:Because I put a MessageBox in a catch block of my emailer program, every time an email address doesn't work, the box pops up and wont continue emailing until closed. Now I have to watch this thing for six hours as we send out 240000 emails. I think an Autohotkey script could take care of that while you prepare the fix
|
|
#
?
Dec 19, 2013 23:51
|
|
|
Testing service runs the release product and then sends reports to a central server where people can view test results. Except the client doesn't send reports the server; it creates a local share and the server downloads it from a shared directory. GOOD loving DESIGN DECISIONS.
|
|
#
?
Dec 20, 2013 00:05
|
|
|
Sockser posted:Testing service runs the release product and then sends reports to a central server where people can view test results. brought to you by It works™
|
|
#
?
Dec 20, 2013 00:34
|
|
|
Sockser posted:Testing service runs the release product and then sends reports to a central server where people can view test results. That's not necessarily a bad decision at all. What if the reports are large? Having the server responsible for retrieving the results as needed makes a lot of sense in that case.
|
|
#
?
Dec 20, 2013 00:49
|
|
|
|
| # ? Apr 29, 2024 02:52 |
|
|
Crazy Mike posted:Because I put a MessageBox in a catch block of my emailer program, every time an email address doesn't work, the box pops up and wont continue emailing until closed. Now I have to watch this thing for six hours as we send out 24,000 emails. Since you wrote it, and you're running it, have you considered fixing it?
|
|
#
?
Dec 20, 2013 01:14
|
|
