|
Ender.uNF posted:I am seriously considering never opening another PDF file. How safe is it to use an alternate PDF reader? I've been using SumatraPDF with the browser plugin disabled, but all this poo poo has me in  -mode
|
#
?
May 7, 2012 15:11
|
|
|
|
| # ? Apr 24, 2024 15:57 |
|
|
dwazegek posted:How safe is it to use an alternate PDF reader? I've been using SumatraPDF with the browser plugin disabled, but all this poo poo has me in I think Sumatra is currently the best choice for people who just want a PDF reader without all the weird Adobe stuff, it also makes life easier for people who use LaTex.
|
|
#
?
May 7, 2012 15:42
|
|
|
I imagine OS X's built in PDF support is restricted enough not to have to worry about a majority of these cases, but I haven't watched the video yet. Feel free to indicate otherwise.
|
|
#
?
May 7, 2012 16:47
|
|
|
At least one remote execution vulnerability has been found in iOS's PDF rendering, and I imagine it shares a ton of code with OS X's version.
|
|
#
?
May 7, 2012 17:02
|
|
|
I would hedge that Chrome's PDF viewer has more eyes on the security front.
|
|
#
?
May 7, 2012 17:49
|
|
|
MrMoo posted:I would hedge that Chrome's PDF viewer has more eyes on the security front. It's also sandboxed away from anything which provides some benefits, although I think the sandbox was breached recently in Pwn2Own or some other contest.
|
|
#
?
May 7, 2012 20:22
|
|
|
The video is four parts and somewhat annoying to watch because the presenter is obviously an inexperienced public speaker but I suggest you watch it anyway. PDF is seriously a horror. At least as bad as PHP.
|
|
#
?
May 7, 2012 20:44
|
|
|
This guy isn't a programmer so I'm not so much lamenting his incompetence as making a  face:code:
|
|
#
?
May 7, 2012 20:55
|
|
|
Well I got tasked with figuring out how code (which was written by a guy who doesn't work here anymore) works. This is what some of it looks like (formatting preserved): code:
|
|
#
?
May 8, 2012 21:09
|
|
|
Yeah yeah, misindented code. Worked on some for four years, then later worked in a job where the offshore devs regularly sent misindented code for review and refused to correct it to standards. Cry me a river and go learn Python you baby. 
|
|
#
?
May 9, 2012 00:59
|
|
|
I just run all of that crap through a code formatter. If the formatter ends up breaking something it was honestly probably broken before, too. I'm not sure if misindented code is worse than outright not indented code, though. One is just lame, the other is outright malicious sometimes.
|
|
#
?
May 9, 2012 06:42
|
|
|
Gazpacho posted:Yeah yeah, misindented code. Worked on some for four years, then later worked in a job where the offshore devs regularly sent misindented code for review and refused to correct it to standards. Cry me a river and go learn Python you baby. I swear sometimes someone installed an indentation mangler as an svn hook on my server or something. I once went to another coworker kinda annoyed at what he committed... looked perfect on his computer. Probably somehow set it to spaces instead of tabs or something but it was a real  Hmm... thinking about it... a whitespace mangler script as a svn hook would be one hell of a prank.
|
|
#
?
May 9, 2012 10:24
|
|
|
The real horror that this is still an issue, anywhere. Every text editor should automatically format code the way you want to look at it. File comparison wossnames should use the formatting you want to see. It should be a solved problem by now.
|
|
#
?
May 9, 2012 11:01
|
|
|
qntm posted:The real horror that this is still an issue, anywhere. Every text editor should automatically format code the way you want to look at it. File comparison wossnames should use the formatting you want to see. It should be a solved problem by now. The hard part is what format do you save it as?
|
|
#
?
May 9, 2012 12:53
|
|
|
Zombywuf posted:The hard part is what format do you save it as? It doesn't matter, as long as it's readable from cat. v  v
|
|
#
?
May 9, 2012 13:39
|
|
|
Sinestro posted:It doesn't matter, as long as it's readable from cat. v And doesn't make every commit the size of your whole codebase.
|
|
#
?
May 9, 2012 13:45
|
|
|
Gazpacho posted:Yeah yeah, misindented code. Worked on some for four years, then later worked in a job where the offshore devs regularly sent misindented code for review and refused to correct it to standards. Cry me a river and go learn Python you baby. At my last job, the CTO had the most horribly formatted code I'd ever seen in my life. I ended up using python for as much of my new development as I possibly could, just to avoid him going in and mangling my code. He tried to mess with it a few times but he could never get anything to compile so we just reverted his changes. He was also a terrible programmer, so this was quite a blessing. What about an svn hook that runs a whitespace formatter, and if it passed some threshold of changes, rejected the commit. In my experience, anyone who can't think straight enough to format their whitespace has other problems too.
|
|
#
?
May 9, 2012 14:39
|
|
|
Zombywuf posted:The hard part is what format do you save it as? There's always Victor's "save it as an AST... somehow" solution.
|
|
#
?
May 9, 2012 14:41
|
|
|
Save the AST as sexprs.
|
|
#
?
May 9, 2012 14:51
|
|
|
Plorkyeran posted:Save the AST as sexprs. Skip the middle man and just write lisp
|
|
#
?
May 9, 2012 14:52
|
|
|
SlightlyMadman posted:At my last job, the CTO had the most horribly formatted code I'd ever seen in my life. I ended up using python for as much of my new development as I possibly could, just to avoid him going in and mangling my code. He tried to mess with it a few times but he could never get anything to compile so we just reverted his changes. He was also a terrible programmer, so this was quite a blessing. I've never worked anywhere with a CTO, but it seems odd that one would be writing code.
|
|
#
?
May 9, 2012 14:55
|
|
|
Thermopyle posted:I've never worked anywhere with a CTO, but it seems odd that one would be writing code. It was a small company, and they gave many of the senior employees "officer" or "director" titles when they couldn't afford to give us raises. If that sounds screwed up and like they didn't know how to run a business, it's only the tip of the iceberg.
|
|
#
?
May 9, 2012 15:01
|
|
|
Thermopyle posted:I've never worked anywhere with a CTO, but it seems odd that one would be writing code. Depends on the team size. I worked at a place with a team of 5 and a CTO. He called himself the "CTO of Sealand", and he wrote badass code but also had 15 years of experience in managing teams and architecting software. He also didn't code in every sprint; he would usually come in when we were swamped and decimate a big task in a day. New Yorp New Yorp fucked around with this message at 15:03 on May 9, 2012 |
|
#
?
May 9, 2012 15:01
|
|
|
Plorkyeran posted:Save the AST as sexprs. Polish notation with tokens separated by newlines would make for better diffing.
|
|
#
?
May 9, 2012 15:01
|
|
|
sexprs are just polish notation with support for variable arity, which most languages' ASTs will require
|
|
#
?
May 9, 2012 16:58
|
|
|
trex eaterofcadrs posted:Skip the middle man and just write lisp Forgive me for my misplaced rage here, this hits a little close to home. People who say this drive me up the wall. It's either "None shall borrow language features from lisp without accepting our lord and savior Paul Graham into your heart" or "If you're going to manipulate your code at the AST level in any conceivable way you might as well just switch to lisp since it's a perfect language  "I'm amazed that popular languages even have lambdas and closures the way lisp weenies are so possessive of anything remotely related their language of choice. Maybe in another 20 years mainstream languages will have real, actual macros.
|
|
#
?
May 9, 2012 18:31
|
|
|
Contero posted:Forgive me for my misplaced rage here, this hits a little close to home. I've never heard anyone in the Lisp community say either of those things, and I can't name a single person who considers Paul Graham a Lisp figurehead. Maybe you have an aphasia?
|
|
#
?
May 9, 2012 18:32
|
|
|
Hmm, the development version of our mobile site isn't working properly. Maybe it's just a issue with XSS because we probably have some hardcoded stuff in there and this domain wasn't ever used before. (several minutes of aggrivated tweaking and fixing later, including disabling a forced redirect if you aren't using a mobile browser among other 'features') OK, let's open the Net panel and see what kind of crazy AJAX poo poo we're pulling he-- code: code: (On the "bright side" at least the "API" uses SESSION variables but auugh) E: Oh, and every AJAX request is its very own little block of AJAX-For-Dummies copy-pasted code instead of something simple like $.get("url"). (and yes, jQuery is included in the page, so this is all patently loving absurd.) E: This just keeps getting better. Debugging it with Firebug and oh boy oh boy, this is the page that keeps on giving. Apparently he tried to hard-wrap his lines in vi and that broke a whole bunch of Javascript stuff that may have never worked in the first place. Zamujasa fucked around with this message at 18:44 on May 9, 2012 |
|
#
?
May 9, 2012 18:34
|
|
|
Fren posted:I've never heard anyone in the Lisp community say either of those things, and I can't name a single person who considers Paul Graham a Lisp figurehead. Maybe you have an aphasia? Again, forgive my misplaced and probably unjustified sperging out 
|
|
#
?
May 9, 2012 18:37
|
|
|
Zamujasa posted:
That said, exchanging a password for an authentication token is a better idea, and including the password in the GET request means that it could show up in logs, so it's still a bad practice, but it's not a gaping security hole that poses a clear and present danger. Just a dangerous practice if you ever get compromised to the point that someone's sniffing internal server traffic or reading server logs. On the second thought, I bet the real security hole there could be HTTP_HOST. If the server serving it serves the page even if the Host: header is nonsense, I wonder if sending the request directly to the right ip but with "Host: https://www.maliciousdomain.com" might redirect it. I don't have enough faith in PHP to assume that such a boneheaded case would be protected against.
|
|
#
?
May 9, 2012 18:49
|
|
|
Doctor w-rw-rw- posted:To be fair, this isn't a risk on the wire I guess the "notme" and "notmine" entries didn't make it obvious, but those are... well, not my username and not my password. They were another user's, hardcoded in the file. 
|
|
#
?
May 9, 2012 18:53
|
|
|
Contero posted:Again, forgive my misplaced and probably unjustified sperging out Man you got real mad at a joke.
|
|
#
?
May 9, 2012 19:05
|
|
|
Fren posted:I've never heard anyone in the Lisp community say either of those things, and I can't name a single person who considers Paul Graham a Lisp figurehead. Maybe you have an aphasia? It's not as if there isn't a known "heh, finally caught up to Lisp" attitude out there. Happens to any marginalized community.
|
|
#
?
May 9, 2012 19:24
|
|
|
The real human horror is caring about ASTs and "smart" diffs and wanting smart text editors. These people are complicationists who are culturally biased towards ideas that make them feel smarter. For the record, I am not joking. Diff tools do not need to know about ASTs because they work perfectly fine without them and much more predictably without them. Text editors do not need to be AST-editors instead of text editors because that rips up line numbers and again makes things complicated. You end up never knowing what format your code is really in, and that has side effects like writing ad-hoc perl scripts to help with large renamings or refactorings much harder. That's not the only side effect, you surely get others because you decided to make things complicated instead of keeping them simple.
|
|
#
?
May 9, 2012 21:10
|
|
|
Look, I just want to know why we've been writing text using the same 26 letters for hundreds of years. Isn't it time we started using something more English 2.0?
|
|
#
?
May 9, 2012 21:13
|
|
|
Speak for yourself, using languages other than English with computers used to be a lot bigger pain in the rear end.
|
|
#
?
May 9, 2012 21:16
|
|
|
yaoi prophet posted:Look, I just want to know why we've been writing text using the same 26 letters for hundreds of years. Isn't it time we started using something more English 2.0? Bring back ð and þ!
|
|
#
?
May 9, 2012 21:18
|
|
|
Toady posted:It's not as if there isn't a known "heh, finally caught up to Lisp" attitude out there. Happens to any marginalized community. "Any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp."
|
|
#
?
May 9, 2012 21:26
|
|
|
HappyHippo posted:"Any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp." "...including Common Lisp."
|
|
#
?
May 9, 2012 21:27
|
|
|
|
| # ? Apr 24, 2024 15:57 |
|
|
HappyHippo posted:"Any sufficiently complicated C or Fortran program contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of Common Lisp." No joke, I once unknowingly got into an argument with that guy about the need for progress in systems programming languages.
|
|
#
?
May 9, 2012 21:35
|
|
