|
DONT THREAD ON ME posted:oh i'm not done here, there are plenty of horrors to come.
|
#
?
Aug 30, 2018 20:01
|
|
|
|
| # ? Apr 19, 2024 01:19 |
|
|
c is cool imo, definitely no modern conveniences in there though.
|
|
#
?
Aug 30, 2018 20:28
|
|
|
DONT THREAD ON ME posted:i have a basic generic linked list and if i want to define map it's all pointers to void and casting. pretty gross. I thought you were doing c not go
|
|
#
?
Aug 30, 2018 20:57
|
|
|
i decided to go with c for the emulator stuff. i dont regret it but its also been uh... different. but it works now! code:
|
|
#
?
Aug 30, 2018 20:58
|
|
|
^^ nice!! yeah okay i'm just gonna do C++. I mostly get what's going on here it's just really tedious and templates are calling to me. what C++ books do I get? I'm aiming for modern C++, and I'll probably get more out of something relatively short along with something else that's more in depth. DONT THREAD ON ME fucked around with this message at 21:13 on Aug 30, 2018 |
|
#
?
Aug 30, 2018 21:06
|
|
|
I hear there's a new edition of A Tour of C++ by Stroustrup (the devil himself).
|
|
#
?
Aug 30, 2018 21:21
|
|
|
DONT THREAD ON ME posted:^^ nice!!
|
|
#
?
Aug 30, 2018 21:24
|
|
|
DONT THREAD ON ME posted:today i'm getting serious about c. gonna do the basic data structures and algos for however long that takes and then move on to c++. dont do c++ its super bad otoh c is fine for what it is
|
|
#
?
Aug 30, 2018 21:30
|
|
|
there are places where you cannot avoid doing c++ (e.g. video games) because it is entrenched. there's nothing you can do in those circumstances but otherwise do not voluntarily use c++
|
|
#
?
Aug 30, 2018 21:31
|
|
|
Sapozhnik posted:dont do c++ its super bad quote:otoh c is fine for what it is Correct
|
|
#
?
Aug 30, 2018 21:39
|
|
|
C is very good
|
|
#
?
Aug 30, 2018 21:47
|
|
|
so far C++ is way more fun. Templates are good and it's cool you can instantiate a template with value parameters. I ran into that problem with my ringbuffer in rust.
|
|
#
?
Aug 30, 2018 21:49
|
|
|
DONT THREAD ON ME posted:i have a basic generic linked list and if i want to define map it's all pointers to void and casting. pretty gross. look at utlist because it’s an entire macro based implementation of a linked list that can do a lot more dynamic (sorta) work without adding overhead. learn to love the preprocessor
|
|
#
?
Aug 30, 2018 21:56
|
|
|
there's also uthash which is also unbelievably cool:code:it owns.
|
|
#
?
Aug 30, 2018 22:44
|
|
|
CRIP EATIN BREAD posted:it owns. 
|
|
#
?
Aug 30, 2018 22:53
|
|
|
DONT THREAD ON ME posted:hmmm c feels very bad after rust dtom: "I'm not sure if this will be memory safe... what do you think borrow checker?" *undefined behavior crawls on the ceiling above dtom, xenomorph-like* dtom: "borrow checker?" *undefined behavior drops down behind dtom, its jaws slavering*
|
|
#
?
Aug 30, 2018 22:54
|
|
|
DONT THREAD ON ME posted:today i'm getting serious about c. gonna do the basic data structures and algos for however long that takes and then move on to c++. i'm extremely jealous of how motivated you are to do things
|
|
#
?
Aug 30, 2018 23:59
|
|
|
redleader posted:i'm extremely jealous of how motivated you are to do things yeah, i wish i had time to learn c
|
|
#
?
Aug 31, 2018 00:11
|
|
|
Where does one go about learning laws for "must report" level security fuckups, in terms of badness? Are there even such laws? 
|
|
#
?
Aug 31, 2018 00:19
|
|
|
AggressivelyStupid posted:im prepared to run away to Belize if that's what it takes to get away from AccuRev™ AccuRev isn’t that bad if you have a decent use case for their version stream setup. though that’s been copied by p4 at this point.
|
|
#
?
Aug 31, 2018 00:21
|
|
|
Are unencrypted config files (and application code) with plain text as gently caress sql admin passwords BADbad, or BADBAD bad? Can unsalted unhashed passwords in a db get anyone in trouble? :|
|
|
#
?
Aug 31, 2018 00:22
|
|
|
I firmly believe everyone should know enough c to read it if only to know why other things are better
|
|
#
?
Aug 31, 2018 00:26
|
|
|
Feisty-Cadaver posted:AccuRev isn’t that bad if you have a decent use case for their version stream setup. what would those use cases be? Space Whale posted:Are unencrypted config files (and application code) with plain text as gently caress sql admin passwords BADbad, or BADBAD bad? it's a really bad idea and I'd advise against it
|
|
#
?
Aug 31, 2018 00:28
|
|
|
AggressivelyStupid posted:it's a really bad idea and I'd advise against it If I tell managers and they don't do poo poo am I in trouble if poo poo happens? y/n
|
|
#
?
Aug 31, 2018 00:33
|
|
|
Space Whale posted:Are unencrypted config files (and application code) with plain text as gently caress sql admin passwords BADbad, or BADBAD bad? generally its a bad idea but the problem is that ultimately your application (desktop or web) will eventually need to get those credentials. in .net there are configuration protectors that you can use for asp.net or desktop apps, but they only really hide things from people who don't know what they're doing. Its probably better than not using them but you shouldn't consider it safe from people with admin rights or from the user as which the application is running. ex: if a desktop user is using your application and you've put a sql password in the config encrypted with dpapi, the user has permissions to decrypt the protection key since that's the only way they could ever decrypt the password to make a connection. w/ sql server use integrated (windows) auth instead. At that point you're punting password security to the OS or IIS and its not your problem anymore.
|
|
#
?
Aug 31, 2018 00:42
|
|
|
Space Whale posted:If I tell managers and they don't do poo poo am I in trouble if poo poo happens? y/n depends on the paper trail.
|
|
#
?
Aug 31, 2018 00:42
|
|
|
Shaggar posted:generally its a bad idea but the problem is that ultimately your application (desktop or web) will eventually need to get those credentials. in .net there are configuration protectors that you can use for asp.net or desktop apps, but they only really hide things from people who don't know what they're doing. Its probably better than not using them but you shouldn't consider it safe from people with admin rights or from the user as which the application is running. ex: if a desktop user is using your application and you've put a sql password in the config encrypted with dpapi, the user has permissions to decrypt the protection key since that's the only way they could ever decrypt the password to make a connection. management too dumb to let us actually do that :/
|
|
#
?
Aug 31, 2018 00:43
|
|
|
Shaggar posted:depends on the paper trail. there are many snarky toall emails to protect us
|
|
#
?
Aug 31, 2018 00:43
|
|
|
the dpapi/rsa protectors you can setup during deployment so that's not really a big lift. you can do that without management knowing or caring about it as long as you don't break a deployment (which is unlikely)
|
|
#
?
Aug 31, 2018 00:44
|
|
|
the passwords you have stored in cleartext are a little harder because you will need to make sure you touch everything that is accessing the passwords. If you have a central data api or are using shared procs it will be easy and you just pad the dev schedule to get it done. The only thing I would mention here is if its passwords used to log into your application, migrating them to bcrypt is very easy. If its passwords used for configuration that need to be retrieved in clear text it will be a little harder because now you have another decryption key to store somewhere. You could try using sql column encryption but again that's one of those things where its technically encrypted somewhere but users with access to read the field will treat it as effectively unencrypted.
|
|
#
?
Aug 31, 2018 00:48
|
|
|
my current project is a webassembly -> verilog compiler in rust this is almost certainly a terrible idea
|
|
#
?
Aug 31, 2018 00:57
|
|
|
agreeing with Shaggar again. I've done this and if you're using bare sql logon creds (which we are because management banned AD accounts on dbs for some dumbass reason) you can either use an api to retrieve at runtime via a custom config handler/api (we have an internal one that locks access down by environment based on the requesting host) or encrypt the config at first run with the machine key except that this relies on having the unencrypted config in the initial deploy. That then raises the problem that your raw config is probably in source control and thus visible, or you leave it empty for that bid and add it in the deploy process or something, except then your creds are there. Also i 100% guarantee that whatever you do you will have to painfully explain to an auditor that whatever you do, it will be technically possible to extract that data and they'll flip their poo poo....
|
|
#
?
Aug 31, 2018 01:05
|
|
|
AggressivelyStupid posted:what would those use cases be? it's been quite a while but we used to use it as a feature-per-stream model, where each stream would be deployed to a separate QA environment. So feature A would be on QA env A, B -> B, etc. And you could have streams of streams ofc, so you could have a "new login experiment" stream that split into A/B UI tests or w/e What was nice is if you wanted it in multiple QA envs you just checked it in further upstream and it auto-flowed down to the others. obvs you could accomplish this in different ways and iirc their GUI tool sucked fairly bad but w/e.
|
|
#
?
Aug 31, 2018 01:23
|
|
|
if you're worried about deploy time encryption you can deploy a separate configuration file that contains only the connection strings and leave that encrypted on the host. then when you deploy you deploy a web.config file that imports the encrypted dbconnections.config. this way you aren't deploying unencrypted config except for the very first time you setup the separate config file on the host.
|
|
#
?
Aug 31, 2018 01:24
|
|
|
redleader posted:i'm extremely jealous of how motivated you are to do things well, to be fair, i quit my job in order to do this and i don't have more than 6 months or so before I really need to think about getting another job so I'm motivated to make as much use of my time as I can. I also don't have kids and my girlfriend is super supportive.
|
|
#
?
Aug 31, 2018 01:41
|
|
|
DONT THREAD ON ME posted:I also don't have kids every time a read one of your posts about rust or asm or whatever i feel slight regret that i had kids before really getting into programming. of course deep down i know before kids i would just have played video games or watched tv instead of learning haskell or whatever.
|
|
#
?
Aug 31, 2018 02:24
|
|
|
as a childless nerd I can confirm factorio is far more interesting than learning a research language.
|
|
#
?
Aug 31, 2018 02:26
|
|
|
Space Whale posted:Where does one go about learning laws for "must report" level security fuckups, in terms of badness? Just post about it on yospos and eventually twitter will pick it up and make it viral, thus being reported to everyone with a social media account.
|
|
#
?
Aug 31, 2018 03:41
|
|
|
Space Whale posted:Where does one go about learning laws for "must report" level security fuckups, in terms of badness? some states? have data breach laws. like if your company know that a lot of personally identifying information has been lost to the haxors, your company may be required to let people know. generally speaking, there ain't laws against being bad at information security in almost every industry? so it's a more holistic question of what level of harm might occur, who / how many could it happen to, and how easy or likely such a security breach is
|
|
#
?
Aug 31, 2018 04:06
|
|
|
|
| # ? Apr 19, 2024 01:19 |
|
|
animist posted:my current project is a webassembly -> verilog compiler in rust what the gently caress
|
|
#
?
Aug 31, 2018 04:07
|
|
