“Just use Chrome”
-
@error said in “Just use Chrome”:
Penis-In-Vagina sex is as vanilla as it comes. It doesn't need to be in that thread.
Right, it's the other ones I didn't know
-
@error said in “Just use Chrome”:
@HardwareGeek said in “Just use Chrome”:
@error said in “Just use Chrome”:
Penis-In-Vagina sex is as vanilla as it comes.
I thought about posting what (some) feminists say about PIV, but this isn't the Garage.
I find it remarkable how many feminists I've met who have CNC
Well, that's one of the least feminine jobs while still not being terribly hard, so it makes sense.
(consensual non-consent, i.e. rape simulation)
Oh.
-
@Gąska said in “Just use Chrome”:
I find it remarkable how many feminists I've met who have CNC
Well, that's one of the least feminine jobs while still not being terribly hard, so it makes sense.
Well, TIL, and TYL.
I actually suspect it's because submission is very antithetical to their own ethos, that makes it taboo and therefore erotic to them.
-
@error said in “Just use Chrome”:
that makes it taboo and therefore erotic to them
I suspect it's people's natural ability to doublethink.
-
@error said in “Just use Chrome”:
I find it remarkable how many feminists I've met who have CNC
Sounds like a large overlap between feminists and butch lesbians operating heavy machinery.
Fake edit:
-
The stereotypical image of a "feminist" does not align well with my personal experiences with them.
-
I don't know many feminists, but being a Christian I have met quite a few of their - should I say arch-enemies? That is, anti-abortion activists. (Although from a certain point of view that's a form of feminism too.)
And for all the think pieces out there calling anti-abortion a form of men asserting sexual control over women, each and every one of the aforementioned activists was a woman or a girl.
-
Back on topic...
Microsoft sadly no longer hosts an anime news network, part of a tie-in with one of their (i.e. Microsoft's) only anime to spread outside of Japan. So long, https://internetexplorertan.com/
-
@TwelveBaud I would imagine they're going for something more edgy these days...
-
@error said in “Just use Chrome”:
I actually suspect it's because submission is very antithetical to their own ethos, that makes it taboo and therefore erotic to them.
Doesn't that explain about 90% of all kinks?
-
@Tsaukpaetra said in “Just use Chrome”:
It's... not ideal.
Nothing on mobile ever is.
Pretending that a phone is a general purpose computer is TRWTF.
-
@dkf said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
And then, after both the customer and vendor go through a couple cycles of turnover, you'll have the customer asking, "What the hell is an AXQ? Nobody here knows what it means." And the vendor won't know either, beyond being able to say which reports show it, or that they don't send emails to AXQs of
B38.Making a glossary is good. Encoding the fucking glossary on every line of code you write… is just verbose and annoying.
Where is this glossary? Is it coupled to the codebase? How can one be sure it's kept up-to-date while the codebase organically grows and evolves? Whose responsibility is it to maintain said glossary?
-
@Groaner said in “Just use Chrome”:
Whose responsibility is it to maintain said glossary?
The person responsible for maintenance of the BRD, FRD, PRD, and data dictionary?
-
@Groaner said in “Just use Chrome”:
Where is this glossary? Is it coupled to the codebase? How can one be sure it's kept up-to-date while the codebase organically grows and evolves? Whose responsibility is it to maintain said glossary?
What makes you think that you didn't have that problem anyway?
-
@dfdub said in “Just use Chrome”:
@error said in “Just use Chrome”:
I actually suspect it's because submission is very antithetical to their own ethos, that makes it taboo and therefore erotic to them.
Doesn't that explain about 90% of all kinks?
I guess some of the rest is things that are rare and/or you can't have?
At least that'd explain red heads for me.INB4 ewwe, nobody asked.
-
@dkf said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
Where is this glossary? Is it coupled to the codebase? How can one be sure it's kept up-to-date while the codebase organically grows and evolves? Whose responsibility is it to maintain said glossary?
What makes you think that you didn't have that problem anyway?
Intellisense, code completion and good comments solve much of that problem without external documents. Otherwise, documentation must be updated in tandem with the code, and when things get rushed, that falls by the wayside.
The great thing about source code is that it doesn't lie.
-
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
-
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.
-
-
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
It might not lie about what it actually does. It probably does lie about what it is supposed to do, and linking the (often low-level) operations that the code shows you to the higher level concepts that are observed by users of the code… that's not necessarily trivial either.
-
-
@dkf said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
It might not lie about what it actually does. It probably does lie about what it is supposed to do, and linking the (often low-level) operations that the code shows you to the higher level concepts that are observed by users of the code… that's not necessarily trivial either.
Yes, that's why they pay us good money to be able to determine that behavior upon request.
-
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
-
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
-
-
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
That is entirely up to the implementer. It could always inject payload, or for specific function names, or for specific users or whatever you pretty much feel like. There was a PoC of a backdoor attack that injected backdoors into everything a compiler built. And when you asked the compiler to build a new compiler, it injected the code to inject backdoors instead, so unless you looked at the binary and figured it out, the toolchain was forever insecure.
-
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
I suggest reading https://thedailywtf.com/articles/Elegant-Syntax-Error for a hint as to one possible way.
-
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
That is entirely up to the implementer. It could always inject payload, or for specific function names, or for specific users or whatever you pretty much feel like. There was a PoC of a backdoor attack that injected backdoors into everything a compiler built. And when you asked the compiler to build a new compiler, it injected the code to inject backdoors instead, so unless you looked at the binary and figured it out, the toolchain was forever insecure.
I think you're thinking of Ken Thompson's jolly thing... https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf
-
@PleegWat said in “Just use Chrome”:
Some interesting reading.
Any articles in particular? I'm somewhat familiar with the premise, and not sure how slipping tricks past a lazy eye changes my assertion that the code doesn't lie.
-
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
That is entirely up to the implementer. It could always inject payload, or for specific function names, or for specific users or whatever you pretty much feel like. There was a PoC of a backdoor attack that injected backdoors into everything a compiler built. And when you asked the compiler to build a new compiler, it injected the code to inject backdoors instead, so unless you looked at the binary and figured it out, the toolchain was forever insecure.
Extend my definition of "code" to "binary code" and "toolchain used to compile the code," then.
You guys are really stretching for
edge cases here. Do you really think that your coworkers who make boring CRUD pages in your order-tracking or accounting webapp and confuse postbacks with callbacks and Viewstate with Session are going to be busily implementing obfuscated killswitches or timebombs?
-
@Steve_The_Cynic said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
I suggest reading https://thedailywtf.com/articles/Elegant-Syntax-Error for a hint as to one possible way.
Okay.
The day before his contract expired, he checked in all of his changes. And needless to say, it wouldn't compile anymore.
Man, it sure is a good thing we have source control! Let's revert to an earlier date, or even better, look at his final commit(s).
"The problem has to be on your end," he insisted. "It works on my system." For good measure, he compiled it and demonstrated that it worked.
Meanwhile, at a sane company:
Great, can you check in your changes? We build from the build server, not from your computer.VS2017 also makes this very easy to spot:
And even without syntax highlighting,
whilst != while. The fifty billion error messages about undefined "whilst" should have been a pretty big hint.
-
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
@Tsaukpaetra said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
The great thing about source code is that it doesn't lie.
Semantically, maybe. But logically... It very much can, has, and will do so in the future, and if you depend on code being correct at face value, I'm surprised you say the above unironically...
Yes, and sometimes the code as written can be completely orthogonal to expected or desired behavior, and that's when you know it's time to fix it.
Even if you have people playing games with overloads or
#defines for supreme obfuscation, it's still all in the code.You can actually do some nifty hacks with compilers to make code do stuff it doesn't say it does. It's a rather scary attack vector.
How does the compiler know to use those hacks? If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
That is entirely up to the implementer. It could always inject payload, or for specific function names, or for specific users or whatever you pretty much feel like. There was a PoC of a backdoor attack that injected backdoors into everything a compiler built. And when you asked the compiler to build a new compiler, it injected the code to inject backdoors instead, so unless you looked at the binary and figured it out, the toolchain was forever insecure.
Extend my definition of "code" to "binary code" and "toolchain used to compile the code," then.
You guys are really stretching for
edge cases here. Do you really think that your coworkers who make boring CRUD pages in your order-tracking or accounting webapp and confuse postbacks with callbacks and Viewstate with Session are going to be busily implementing obfuscated killswitches or timebombs?Of course we are! This is wtdwtf after all.
Yeah, the people that can successfully carry out such an attack are pretty few and far in between and unless you're dealing with sensitive information, it's not a problem. But I have been working several gigs where I did. I have a coworker right now that is on a classified gig. He's not allowed to say where he works, with what he works, or when he works. Proper secret stuff. I think our CEO may know where he works, but not more.
-
@Groaner said in “Just use Chrome”:
Meanwhile, at a sane company:
ENOREPRO: never heard of such a thing.
-
@Steve_The_Cynic said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
Meanwhile, at a sane company:
ENOREPRO: never heard of such a thing.
Functioning source control and a rubber-stamp process that just requires your code to compile on a build server is a very low bar, and yet it's high enough to defeat the contractor in said story.
Of course, when that story was written, we may not have had much of the same advanced tech like syntax highlighting and visual diff tools.
-
@Carnage said in “Just use Chrome”:
I have a coworker right now that is on a classified gig. He's not allowed to say where he works, with what he works, or when he works. Proper secret stuff. I think our CEO may know where he works, but not more.
Sounds like a great way to slack off and do nothing at all while getting paid top dollar for pretending to work at a secret government agency.
-
@HardwareGeek said in “Just use Chrome”:
@Carnage said in “Just use Chrome”:
I have a coworker right now that is on a classified gig. He's not allowed to say where he works, with what he works, or when he works. Proper secret stuff. I think our CEO may know where he works, but not more.
Sounds like a great way to slack off and do nothing at all while getting paid top dollar for pretending to work at a secret government agency.
Isn't all government HPC gigs just pretending to do work?
-
@Groaner said in “Just use Chrome”:
@Steve_The_Cynic said in “Just use Chrome”:
@Groaner said in “Just use Chrome”:
Meanwhile, at a sane company:
ENOREPRO: never heard of such a thing.
Functioning source control and a rubber-stamp process that just requires your code to compile on a build server is a very low bar, and yet it's high enough to defeat the contractor in said story.
Of course, when that story was written, we may not have had much of the same advanced tech like syntax highlighting and visual diff tools.
((Thinks)) Hmm. I remember using both those things in 2001. But then again a compiler with a hidden magic header included invisibly in every compilation is a sizeable
in its own right.
-
@Groaner said in “Just use Chrome”:
Meanwhile, at a sane company:
Great, can you check in your changes? We build from the build server, not from your computer.
If you want to make this really nasty when you leave, swap the definitions of, say, int16_tandint32_tin your system header files. Code that you compile that works with them on your machine will then become subtly different when built on other people's systems and yet will almost certainly still be type-correct as the system will helpfully insert all sorts of type coercions.If testing is about as thorough as it usually is, this sort of level of shenanigans won't be caught for ages, and all too many places turn off (or don't enable) the warnings that would flag this up as trouble…
-
@Steve_The_Cynic said in “Just use Chrome”:
But then again a compiler with a hidden magic header included invisibly in every compilation is a sizeable
in its own right.It's also not very difficult to do, due to the way that compilers tend to work internally.
-
@dkf said in “Just use Chrome”:
@Steve_The_Cynic said in “Just use Chrome”:
But then again a compiler with a hidden magic header included invisibly in every compilation is a sizeable
in its own right.It's also not very difficult to do, due to the way that compilers tend to work internally.
True, but that doesn't stop it being a
, especially if it's easy for end-users to modify furtively. (If it's generated internally on the fly, then the in that article cannot happen, and most of the reasons you'd want it to be a file are satisfied.)
-
@Steve_The_Cynic said in “Just use Chrome”:
(If it's generated internally on the fly, then the
in that article cannot happen, and most of the reasons you'd want it to be a file are satisfied.)Typically, you'd generate initially from a file (because otherwise it's too damn difficult to edit) and internally after that; writing a tool to do the embedding isn't very difficult.
-
@Groaner said in “Just use Chrome”:
If someone were to inspect the solution file and examine flags/command line arguments, wouldn't those be a dead giveaway?
No. The hack goes inside that point, and works by adding extra code (and/or replacing some) under some circumstances. As compilers already do extensive rewriting of code (what do you think the C preprocessor does anyway?) hiding a little bit extra in there is decidedly easy. The tricky parts are to do with making it hard to detect that you've done shenanigans after the fact.
