Semi-quasi-unofficial unhelpful comments
-
-
@DogsB said in Automatically starting a program on Raspberry Pi OS:
smile on a monday.
-
@HardwareGeek said in Semi-quasi-unofficial unhelpful comments:
@DogsB said in Automatically starting a program on Raspberry Pi OS:
smile on a monday.
Besides this post the only interaction was a downvote if that cheers you up any.
-
@BernieTheBernie said in Semi-quasi-unofficial unhelpful comments:
@HardwareGeek said in Semi-quasi-unofficial unhelpful comments:
at 37.5293504° N, 122.2658253° W
You should add a good explosive head on the missile, then you do not need to hit the target at such an extreme detail (that's at 0.1 meters exact).
If you're dropping a tungsten rod from orbit you don't need a warhead.
-
Just leaving this here:
@Mason_Wheeler said in Regex parsing...fun times:
@Benjamin-Hall said in Regex parsing...fun times:
"Help? And don't ask me to use something other than regex...I can't at this stage."Use something other than regex anyway. It is by-definition incapable of doing what you want in the general case, and special-case attempts to work around that are known to be pathological cases in regular expression engines, at times bad enough that they create denial of service vulnerabilities in software that uses them.
-
@boomzilla On the contrary, I would consider "this approach has a lot of problems including opening security vulnerabilities in your software, and therefore should be abandoned entirely" to be an extremely helpful comment if I were on the receiving end of it.
-
@Mason_Wheeler Only if that's a legitimate scenario. Nothing about the original post indicated that ReDoS was a realistic attack vector. (To be fair, nothing said it wasn't either, but web-facing things running Perl are... quite rare these days, and Perl's RE engine is bastard fast even in pathological cases.)
I'm not saying you're wrong because it certainly can be an attack vector, though not nearly as often as it used to be.
-
@Arantor said in Semi-quasi-unofficial unhelpful comments:
Perl's RE engine is bastard fast even in pathological cases
It doesn't particularly matter how fast it is when you have, for example, a case where a linear increase in recursion depth causes an exponential increase in execution time.
(2^N) * x
grows unmanageably huge very quickly no matter how small of anx
you start with.
-
@Mason_Wheeler said in Semi-quasi-unofficial unhelpful comments:
@boomzilla On the contrary, I would consider "this approach has a lot of problems including opening security vulnerabilities in your software, and therefore should be abandoned entirely" to be an extremely helpful comment if I were on the receiving end of it.
You have a lot of stupid opinions. This is one of them, in that you plowed right through the part where he said that he couldn't.
-
@Mason_Wheeler you do understand the C# and Perl don't have the same regex engine, right? Different pathological cases, and you have no clue whether the ones that are problematic will be problematic in this case.
That's a very nice ivory tower you have.
-
@Mason_Wheeler said in Semi-quasi-unofficial unhelpful comments:
@boomzilla On the contrary, I would consider "this approach has a lot of problems including opening security vulnerabilities in your software, and therefore should be abandoned entirely" to be an extremely helpful comment if I were on the receiving end of it.
It is only helpful when it is accurate and your statement isn't. ReDos is a no more a concern than SQL injection attacks are a concern. Something that you need to be aware of and handle for yes, but not something that will stop your usage of the tool.
-
@Dragoon said in Semi-quasi-unofficial unhelpful comments:
@Mason_Wheeler said in Semi-quasi-unofficial unhelpful comments:
@boomzilla On the contrary, I would consider "this approach has a lot of problems including opening security vulnerabilities in your software, and therefore should be abandoned entirely" to be an extremely helpful comment if I were on the receiving end of it.
It is only helpful when it is accurate and your statement isn't. ReDos is a no more a concern than SQL injection attacks are a concern. Something that you need to be aware of and handle for yes, but not something that will stop your usage of the tool.
Soon.
-
@Dragoon and in this case, there are checks much further up in the parsing chain than this one that would prevent or at least mitigate (by killing the parse attempt) that issue. We're dealing with fixed format data coming from automated systems. And if someone fed in pathological data, all the systems along the way would scream bloody murder.
Plus, it's just not in scope. I literally cannot, even if I wanted to, change the overall path of this piece of code. Not without massive buy in from every level.
-
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
plowed right through the part where he said that he couldn't.
Well, there's that, but much more importantly that reply suffers a severe lack of Lovecraft vibe and Unicode abuse.
-
@Mason_Wheeler said in Semi-quasi-unofficial unhelpful comments:
@Arantor said in Semi-quasi-unofficial unhelpful comments:
Perl's RE engine is bastard fast even in pathological cases
It doesn't particularly matter how fast it is when you have, for example, a case where a linear increase in recursion depth causes an exponential increase in execution time.
(2^N) * x
grows unmanageably huge very quickly no matter how small of anx
you start with.- N can be hard-limited in some cases
- You have never made nor heard a true statement nor have you seen nor heard anything but the echoes of sensory pulsations in your own mind.
-
@Gribnit said in Semi-quasi-unofficial unhelpful comments:
You have never made nor heard a true statement
False!
-
-
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
Just leaving this here:
@Mason_Wheeler said in Regex parsing...fun times:
@Benjamin-Hall said in Regex parsing...fun times:
"Help? And don't ask me to use something other than regex...I can't at this stage."Use something other than regex anyway. It is by-definition incapable of doing what you want in the general case, and special-case attempts to work around that are known to be pathological cases in regular expression engines, at times bad enough that they create denial of service vulnerabilities in software that uses them.
I don’t know. I’m not saying he’s right, but…
If the question was “help me parse HTML with regex, I know I shouldn’t”? Pointing out that it’s not a regular language feels like a fair point, at least.
-
@topspin said in Semi-quasi-unofficial unhelpful comments:
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
Just leaving this here:
@Mason_Wheeler said in Regex parsing...fun times:
@Benjamin-Hall said in Regex parsing...fun times:
"Help? And don't ask me to use something other than regex...I can't at this stage."Use something other than regex anyway. It is by-definition incapable of doing what you want in the general case, and special-case attempts to work around that are known to be pathological cases in regular expression engines, at times bad enough that they create denial of service vulnerabilities in software that uses them.
I don’t know. I’m not saying he’s right, but…
If the question was “help me parse HTML with regex, I know I shouldn’t”? Pointing out that it’s not a regular language feels like a fair point, at least.
Not in an active help thread. Especially since the OP already basically acknowledged that the approach was suboptimal.
-
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
@topspin said in Semi-quasi-unofficial unhelpful comments:
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
Just leaving this here:
@Mason_Wheeler said in Regex parsing...fun times:
@Benjamin-Hall said in Regex parsing...fun times:
"Help? And don't ask me to use something other than regex...I can't at this stage."Use something other than regex anyway. It is by-definition incapable of doing what you want in the general case, and special-case attempts to work around that are known to be pathological cases in regular expression engines, at times bad enough that they create denial of service vulnerabilities in software that uses them.
I don’t know. I’m not saying he’s right, but…
If the question was “help me parse HTML with regex, I know I shouldn’t”? Pointing out that it’s not a regular language feels like a fair point, at least.
Not in an active help thread. Especially since the OP already basically acknowledged that the approach was suboptimal.
and since the confined subset was already regularizable - it's not like I dont have a Zalgo generator
-
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
Not in an active help thread.
That thread's done. The actual problem was some weird preprocessing that only happened sometimes.
-
@dkf yes, now.
-
@boomzilla said in Semi-quasi-unofficial unhelpful comments:
Just leaving this here:
@Mason_Wheeler said in Regex parsing...fun times:
@Benjamin-Hall said in Regex parsing...fun times:
"Help? And don't ask me to use something other than regex...I can't at this stage."Use something other than regex anyway. It is by-definition incapable of doing what you want in the general case, and special-case attempts to work around that are known to be pathological cases in regular expression engines, at times bad enough that they create denial of service vulnerabilities in software that uses them.
I believe this is false in context. Unless I badly misremember something, Perl regular expression engine can actually parse (at least some) context-free (type 2) grammars.
-
@Bulb said in Semi-quasi-unofficial unhelpful comments:
Perl regular expression engine can actually parse (at least some) context-free (type 2) grammars.
I did mention the other day that Perl needs a mix of meth and weed to properly appreciate. This is part of why.
-
@dkf Perl is a curious mixture of simple (e.g. I like the way object orientation was added on top of modules and functions with very little additions), surprisingly complex (list contexts DWIM until they fail to and then they get utterly confusing) and gratuitous syntactic sugar (like the trailing if and unless).
-
@Bulb my experience of Perl is 95% seeing code that people have gone out of their way to leave readable and understandable, and 5% deciphering utter line noise.
-
@Arantor said in Semi-quasi-unofficial unhelpful comments:
5% deciphering utter line noise.
Perl extended REs are definitely in that category.
-
@HardwareGeek said in Semi-quasi-unofficial unhelpful comments:
@Arantor said in Semi-quasi-unofficial unhelpful comments:
5% deciphering utter line noise.
Perl extended REs are definitely in that category.
The ones with embedded Perl code are where the crazy juice really takes hold.
-
@Unperverted-Vixen said in Home network revamp suggestions:
@Captain The ER-X looks like a great value, but it also looks like a dead product line walking. No Wifi 6 access point, and the Wifi 5 one is out of stock.
On the Unifi side, the Dream Router would be tempting if they, y'know, had any stock.
Mikrotik ax2
Except it's not in stock anywhere either.
-
@Applied-Mediocrity in this thread I was expecting a hyperbole.
-
@Gustav said in Semi-quasi-unofficial unhelpful comments:
@Applied-Mediocrity in this thread I was expecting a hyperbole.
HTH HAND
-
@topspin Objection! That’s a hyperboloid!
Which doesn’t just rule, but is doubly ruled
-
@Zerosquare said in Help Bites:
I'm way late, but you can temporarily bypass the Twitter prompt by just clicking on the login button, then closing the login dialog. If you scroll down enough, it triggers again, at which point you can repeat the process. Not ideal, but it's a -friendly solution since you don't have to install anything.
Alternatively you can bypass the Twitter login prompt by just clicking on the login button and then logging in. This also requires installing nothing.
-
@loopback0 how about No?
-
-
@BernieTheBernie said in You look hot!:
its germanium coated lens alone costs much more than that.
Yes, but @remi will obviously use Francium instead.
...
-
No wonder. It's from France, therefore it's a luxury product
-
@Zerosquare so Germanium should really be called Sparkling Alkali Metal?
-
@Applied-Mediocrity said in Semi-quasi-unofficial unhelpful comments:
Francium Price is $1 billion per gramme which makes it th emost expensive element found on earth with a hlf-life of only 22 minutes.
Nice copy-proofing going on there...
At that price and half-life, it's probably cheaper to bring your whole factory that needs it (but what for?) to where the Francium is produced rather than even moving it a few meters... to do the maths but each second is probably going to cost you some millions of the thing vanishing...
-
@loopback0 said in Semi-quasi-unofficial unhelpful comments:
Alkali Metal
Germanium is a semi-metal in the same chemical group as carbon, silicon, tin, and lead.
Carbon has a large band gap and (in its diamond cubic crystal structure) is a good insulator. It is also transparent to visible light, because photons with an energy less than 5.5eV (which corresponds to UV light) don't have enough energy to kick electrons across the band gap.
Silicon, of course, is a semiconductor. It has a band gap of 1.1eV, and it looks metallic because both visible photons and room-temperature thermal energy are sufficient to kick some electrons across the band gap, where they are free to move about like a metal.
Germanium is also a semiconductor; the first successful transistors were made from germanium, and it dominated the semiconductor industry for about the first decade of its existence. Both germanium and silicon are transparent to infrared, because it doesn't have enough energy to promote electrons above the band gap, but germanium's smaller band gap of 0.7eV blocks more near-infrared while transmitting lower-energy thermal IR, which is useful for thermal imaging. It also has an absurdly high refractive index, which makes it useful for IR optics.
The next members of periodic group 14, tin and lead, are metallic, of course. They have the same electron structure as carbon, silicon and germanium, but their band gaps (if they could be said to have any) would be negative, meaning the bands overlap and their electrons are free to move about at the slightest provocation.
Alkali metals are lithium, sodium, potassium, cesium, rubidium, and francium.
-
Earlier, I pondered posting something about germanium being what @HardwareGeek‐vintage diodes and transistors were made of. Looks like I've been ed by .
-
@Zerosquare said in Semi-quasi-unofficial unhelpful comments:
@HardwareGeek‐vintage diodes and transistors
Oi! I'm not (quite) that old!
-
@HardwareGeek Faxmachinium is a barrier to jokesium.
-
@remi said in Semi-quasi-unofficial unhelpful comments:
At that price and half-life, it's probably cheaper to bring your whole factory that needs it (but what for?) to where the Francium is produced rather than even moving it a few meters...
Java programmers would do so anyways.
-
@remi said in Semi-quasi-unofficial unhelpful comments:
At that price and half-life, it's probably cheaper to bring your whole factory that needs it (but what for?) to where the Francium is produced
Apparently it's only used for research, and the factories to make it are complicated mixtures of particle accelerators and ion traps. Nobody's quite sure what solid Francium looks like because it is simultaneously only available in really tiny quantities and so radioactive it never gets cold enough to become a solid.
Yes, it does occur naturally, but only ever very briefly...
-
@dkf and yet, those cunning reporters found a way to include images of it in the article.
-
@Zecc said in old man yelling at clouds or ... ?:
And then there was Ctrl+Alt+Del, which was Clear Clipboard Aggressively.
It's easier to remember as "Clear All Data."
-
@dkf said in Semi-quasi-unofficial unhelpful comments:
Yes, it does occur naturally, but only ever very briefly...
There is no known natural synthesis path for francium, not even cosmic-ray spallation.
-
@remi my mom always calls it the Holy Trinity.
-
@Gustav said in Semi-quasi-unofficial unhelpful comments:
@remi my mom always calls it the Holy Trinity.
I've heard "three-finger salute".