Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Ellie Crabcakes
Feb 1, 2008

Stop emailing my boyfriend Gay Crungus

DONT THREAD ON ME posted:

oh i'm not done here, there are plenty of horrors to come.

Only registered members can see post attachments!

Adbot
ADBOT LOVES YOU

jony neuemonic
Nov 13, 2009

c is cool imo, definitely no modern conveniences in there though.

Soricidus
Oct 21, 2010
freedom-hating statist shill

DONT THREAD ON ME posted:

i have a basic generic linked list and if i want to define map it's all pointers to void and casting. pretty gross.

i guess you build better tools on top of this though.

I thought you were doing c not go

necrotic
Aug 2, 2005
I owe my brother big time for this!
i decided to go with c for the emulator stuff. i dont regret it but its also been uh... different.

but it works now!

code:
====== test_roms/TST8080.COM ======
MICROCOSM ASSOCIATES 8080/8085 CPU DIAGNOSTIC
 VERSION 1.0  (C) 1980

 CPU IS OPERATIONAL
Jumped to 0x0000 from 0x06BA



====== test_roms/CPUTEST.COM ======

DIAGNOSTICS II V1.2 - CPU TEST
COPYRIGHT (C) 1981 - SUPERSOFT ASSOCIATES

ABCDEFGHIJKLMNOPQRSTUVWXYZ
CPU IS 8080/8085
BEGIN TIMING TEST
END TIMING TEST
CPU TESTS OK

Jumped to 0x0000 from 0x3B25



====== test_roms/8080PRE.COM ======
8080 Preliminary tests complete
Jumped to 0x0000 from 0x032F



====== test_roms/8080EXM.COM ======
8080 instruction exerciser
dad <b,d,h,sp>................  PASS! crc is:14474ba6
aluop nn......................  PASS! crc is:9e922f9e
aluop <b,c,d,e,h,l,m,a>.......  PASS! crc is:cf762c86
<daa,cma,stc,cmc>.............  PASS! crc is:bb3f030c
<inr,dcr> a...................  PASS! crc is:adb6460e
<inr,dcr> b...................  PASS! crc is:83ed1345
<inx,dcx> b...................  PASS! crc is:f79287cd
<inr,dcr> c...................  PASS! crc is:e5f6721b
<inr,dcr> d...................  PASS! crc is:15b5579a
<inx,dcx> d...................  PASS! crc is:7f4e2501
<inr,dcr> e...................  PASS! crc is:cf2ab396
<inr,dcr> h...................  PASS! crc is:12b2952c
<inx,dcx> h...................  PASS! crc is:9f2b23c0
<inr,dcr> l...................  PASS! crc is:ff57d356
<inr,dcr> m...................  PASS! crc is:92e963bd
<inx,dcx> sp..................  PASS! crc is:d5702fab
lhld nnnn.....................  PASS! crc is:a9c3d5cb
shld nnnn.....................  PASS! crc is:e8864f26
lxi <b,d,h,sp>,nnnn...........  PASS! crc is:fcf46e12
ldax <b,d>....................  PASS! crc is:2b821d5f
mvi <b,c,d,e,h,l,m,a>,nn......  PASS! crc is:eaa72044
mov <bcdehla>,<bcdehla>.......  PASS! crc is:10b58cee
sta nnnn / lda nnnn...........  PASS! crc is:ed57af72
<rlc,rrc,ral,rar>.............  PASS! crc is:e0d89235
stax <b,d>....................  PASS! crc is:2b0471e9
Tests complete
Jumped to 0x0000 from 0x0137

DONT THREAD ON ME
Oct 1, 2002

by Nyc_Tattoo
Floss Finder
^^ nice!!
yeah okay i'm just gonna do C++. I mostly get what's going on here it's just really tedious and templates are calling to me.

what C++ books do I get? I'm aiming for modern C++, and I'll probably get more out of something relatively short along with something else that's more in depth.

DONT THREAD ON ME fucked around with this message at 21:13 on Aug 30, 2018

qsvui
Aug 23, 2003
some crazy thing
I hear there's a new edition of A Tour of C++ by Stroustrup (the devil himself).

Ellie Crabcakes
Feb 1, 2008

Stop emailing my boyfriend Gay Crungus

DONT THREAD ON ME posted:

^^ nice!!
yeah okay i'm just gonna do C++. I mostly get what's going on here it's just really tedious and templates are calling to me.
Stick with it for a while. You'll regret it, but also not regret it.

Sapozhnik
Jan 2, 2005

Nap Ghost

DONT THREAD ON ME posted:

today i'm getting serious about c. gonna do the basic data structures and algos for however long that takes and then move on to c++.

dont do c++ its super bad

otoh c is fine for what it is

Sapozhnik
Jan 2, 2005

Nap Ghost
there are places where you cannot avoid doing c++ (e.g. video games) because it is entrenched. there's nothing you can do in those circumstances but otherwise do not voluntarily use c++

FlapYoJacks
Feb 12, 2009

Sapozhnik posted:

dont do c++ its super bad
Incorrect

quote:

otoh c is fine for what it is

Correct

netcat
Apr 29, 2008
C is very good

DONT THREAD ON ME
Oct 1, 2002

by Nyc_Tattoo
Floss Finder
so far C++ is way more fun. Templates are good and it's cool you can instantiate a template with value parameters. I ran into that problem with my ringbuffer in rust.

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat

DONT THREAD ON ME posted:

i have a basic generic linked list and if i want to define map it's all pointers to void and casting. pretty gross.

i guess you build better tools on top of this though.

look at utlist because it’s an entire macro based implementation of a linked list that can do a lot more dynamic (sorta) work without adding overhead.

learn to love the preprocessor

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat
there's also uthash which is also unbelievably cool:

code:
#include "uthash.h"

struct my_struct {
    int id;            /* we'll use this field as the key */
    char name[10];             
    UT_hash_handle hh; /* makes this structure hashable */
};

struct my_struct *users = NULL;

void add_user(struct my_struct *s) {
    HASH_ADD_INT( users, id, s );    
}
this let's you pass in the field you want to use as a key as a parameter to the HASH_* functions, without having to do any sort of casting.

it owns.

qsvui
Aug 23, 2003
some crazy thing

:wrong:

prisoner of waffles
May 8, 2007

Ah! well a-day! what evil looks
Had I from old and young!
Instead of the cross, the fishmech
About my neck was hung.

DONT THREAD ON ME posted:

hmmm c feels very bad after rust

dtom: "I'm not sure if this will be memory safe... what do you think borrow checker?"

*undefined behavior crawls on the ceiling above dtom, xenomorph-like*


dtom: "borrow checker?"

*undefined behavior drops down behind dtom, its jaws slavering*

redleader
Aug 18, 2005

Engage according to operational parameters

DONT THREAD ON ME posted:

today i'm getting serious about c. gonna do the basic data structures and algos for however long that takes and then move on to c++.

i'm extremely jealous of how motivated you are to do things

JawnV6
Jul 4, 2004

So hot ...

redleader posted:

i'm extremely jealous of how motivated you are to do things

yeah, i wish i had time to learn c

Space Whale
Nov 6, 2014
Where does one go about learning laws for "must report" level security fuckups, in terms of badness?

Are there even such laws?

:smith:

Feisty-Cadaver
Jun 1, 2000
The worms crawl in,
The worms crawl out.

AggressivelyStupid posted:

im prepared to run away to Belize if that's what it takes to get away from AccuRev™

AccuRev isn’t that bad if you have a decent use case for their version stream setup.

though that’s been copied by p4 at this point.

Space Whale
Nov 6, 2014
Are unencrypted config files (and application code) with plain text as gently caress sql admin passwords BADbad, or BADBAD bad?

Can unsalted unhashed passwords in a db get anyone in trouble?

:|

Phobeste
Apr 9, 2006

never, like, count out Touchdown Tom, man
I firmly believe everyone should know enough c to read it if only to know why other things are better

AggressivelyStupid
Jan 9, 2012

Feisty-Cadaver posted:

AccuRev isn’t that bad if you have a decent use case for their version stream setup.

though that’s been copied by p4 at this point.

what would those use cases be?

Space Whale posted:

Are unencrypted config files (and application code) with plain text as gently caress sql admin passwords BADbad, or BADBAD bad?

Can unsalted unhashed passwords in a db get anyone in trouble?

:|

it's a really bad idea and I'd advise against it

Space Whale
Nov 6, 2014

AggressivelyStupid posted:

it's a really bad idea and I'd advise against it

If I tell managers and they don't do poo poo am I in trouble if poo poo happens? y/n

Shaggar
Apr 26, 2006

Space Whale posted:

Are unencrypted config files (and application code) with plain text as gently caress sql admin passwords BADbad, or BADBAD bad?

Can unsalted unhashed passwords in a db get anyone in trouble?

:|

generally its a bad idea but the problem is that ultimately your application (desktop or web) will eventually need to get those credentials. in .net there are configuration protectors that you can use for asp.net or desktop apps, but they only really hide things from people who don't know what they're doing. Its probably better than not using them but you shouldn't consider it safe from people with admin rights or from the user as which the application is running. ex: if a desktop user is using your application and you've put a sql password in the config encrypted with dpapi, the user has permissions to decrypt the protection key since that's the only way they could ever decrypt the password to make a connection.

w/ sql server use integrated (windows) auth instead. At that point you're punting password security to the OS or IIS and its not your problem anymore.

Shaggar
Apr 26, 2006

Space Whale posted:

If I tell managers and they don't do poo poo am I in trouble if poo poo happens? y/n

depends on the paper trail.

Space Whale
Nov 6, 2014

Shaggar posted:

generally its a bad idea but the problem is that ultimately your application (desktop or web) will eventually need to get those credentials. in .net there are configuration protectors that you can use for asp.net or desktop apps, but they only really hide things from people who don't know what they're doing. Its probably better than not using them but you shouldn't consider it safe from people with admin rights or from the user as which the application is running. ex: if a desktop user is using your application and you've put a sql password in the config encrypted with dpapi, the user has permissions to decrypt the protection key since that's the only way they could ever decrypt the password to make a connection.

w/ sql server use integrated (windows) auth instead. At that point you're punting password security to the OS or IIS and its not your problem anymore.

management too dumb to let us actually do that :/

Space Whale
Nov 6, 2014

Shaggar posted:

depends on the paper trail.

there are many snarky toall emails to protect us

Shaggar
Apr 26, 2006
the dpapi/rsa protectors you can setup during deployment so that's not really a big lift. you can do that without management knowing or caring about it as long as you don't break a deployment (which is unlikely)

Shaggar
Apr 26, 2006
the passwords you have stored in cleartext are a little harder because you will need to make sure you touch everything that is accessing the passwords. If you have a central data api or are using shared procs it will be easy and you just pad the dev schedule to get it done. The only thing I would mention here is if its passwords used to log into your application, migrating them to bcrypt is very easy. If its passwords used for configuration that need to be retrieved in clear text it will be a little harder because now you have another decryption key to store somewhere. You could try using sql column encryption but again that's one of those things where its technically encrypted somewhere but users with access to read the field will treat it as effectively unencrypted.

animist
Aug 28, 2018
my current project is a webassembly -> verilog compiler in rust

this is almost certainly a terrible idea

Powerful Two-Hander
Mar 10, 2004

Mods please change my name to "Tooter Skeleton" TIA.


agreeing with Shaggar again.

I've done this and if you're using bare sql logon creds (which we are because management banned AD accounts on dbs for some dumbass reason) you can either use an api to retrieve at runtime via a custom config handler/api (we have an internal one that locks access down by environment based on the requesting host) or encrypt the config at first run with the machine key except that this relies on having the unencrypted config in the initial deploy. That then raises the problem that your raw config is probably in source control and thus visible, or you leave it empty for that bid and add it in the deploy process or something, except then your creds are there.

Also i 100% guarantee that whatever you do you will have to painfully explain to an auditor that whatever you do, it will be technically possible to extract that data and they'll flip their poo poo....

Feisty-Cadaver
Jun 1, 2000
The worms crawl in,
The worms crawl out.

AggressivelyStupid posted:

what would those use cases be?

it's been quite a while but we used to use it as a feature-per-stream model, where each stream would be deployed to a separate QA environment. So feature A would be on QA env A, B -> B, etc.

And you could have streams of streams ofc, so you could have a "new login experiment" stream that split into A/B UI tests or w/e

What was nice is if you wanted it in multiple QA envs you just checked it in further upstream and it auto-flowed down to the others.

obvs you could accomplish this in different ways and iirc their GUI tool sucked fairly bad but w/e.

Shaggar
Apr 26, 2006
if you're worried about deploy time encryption you can deploy a separate configuration file that contains only the connection strings and leave that encrypted on the host. then when you deploy you deploy a web.config file that imports the encrypted dbconnections.config. this way you aren't deploying unencrypted config except for the very first time you setup the separate config file on the host.

DONT THREAD ON ME
Oct 1, 2002

by Nyc_Tattoo
Floss Finder

redleader posted:

i'm extremely jealous of how motivated you are to do things

well, to be fair, i quit my job in order to do this and i don't have more than 6 months or so before I really need to think about getting another job so I'm motivated to make as much use of my time as I can.

I also don't have kids and my girlfriend is super supportive.

Mahatma Goonsay
Jun 6, 2007
Yum

DONT THREAD ON ME posted:

I also don't have kids

every time a read one of your posts about rust or asm or whatever i feel slight regret that i had kids before really getting into programming. of course deep down i know before kids i would just have played video games or watched tv instead of learning haskell or whatever.

Shaggar
Apr 26, 2006
as a childless nerd I can confirm factorio is far more interesting than learning a research language.

Finster Dexter
Oct 20, 2014

Beyond is Finster's mad vision of Earth transformed.

Space Whale posted:

Where does one go about learning laws for "must report" level security fuckups, in terms of badness?

Are there even such laws?

:smith:

Just post about it on yospos and eventually twitter will pick it up and make it viral, thus being reported to everyone with a social media account.

prisoner of waffles
May 8, 2007

Ah! well a-day! what evil looks
Had I from old and young!
Instead of the cross, the fishmech
About my neck was hung.

Space Whale posted:

Where does one go about learning laws for "must report" level security fuckups, in terms of badness?

Are there even such laws?

:smith:

some states? have data breach laws. like if your company know that a lot of personally identifying information has been lost to the haxors, your company may be required to let people know.

generally speaking, there ain't laws against being bad at information security in almost every industry? so it's a more holistic question of what level of harm might occur, who / how many could it happen to, and how easy or likely such a security breach is

Adbot
ADBOT LOVES YOU

Bloody
Mar 3, 2013

animist posted:

my current project is a webassembly -> verilog compiler in rust

this is almost certainly a terrible idea

what the gently caress

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply