Yeah, I was sure that I had seen somebody else mention this. I guess I could have search... ah, never mind, that would have just led to further aggravation. :-/
Posts made by cvi
-
RE: 🙅 THE BAD IDEAS THREAD
-
RE: 🙅 THE BAD IDEAS THREAD
That $@¡3@€¥ing "N new or updated topic(s). Click to show." notification that guarantees that you'll misclick shit whenever it appears - which it does frequently, and typically whenever I try to middleclick on a topic.
Also, it's not even a normal link or button, but just a damn
div
with some onclick shit, which also makes it unselectable with the keyboard selection in Vimperator (f
+ link/button/... number).(I'm sure this was mentioned previously, but it's starting to seriously bug me.)
-
RE: "Shell Shock", the bash complement to heartbleed (AS IF)
Well, I don't do webstuff typically, so I don't really know the extents of the problem. But:
<?php echo "foo\n"; $o = shell_exec( "date" ); echo "$o"; ?>
Run as
$ env X="() { :;} ; echo busted" php
printsfoo busted Thu Sep 25 12:07:32 CEST 2014
on an unpatched system for me.
Dunno how easy it's to control the environment variables from a HTTP request, but if that's possible, this would be a problem. (Also assuming people do stuff like
shell_exec()
and the likes on a regular basis - again IDK.)Filed under: First PHP code I've
writtencopy-pasted in 4+ years. -
RE: "Shell Shock", the bash complement to heartbleed (AS IF)
Not sure how dangerous this really is in the real world context. I mean, how do you realistically inject into a bash environmental variable on a server?
From what I understand, the problem is with (crappy?) CGIs and the likes, and systems where
/bin/sh
is a link to/bin/bash
. Calls tosystem()
(and apparentlypopen()
) actually run/bin/sh
before the actual command they were supposed to execute.Now, if you have a setup that copies stuff from the HTTP header or from the query string (or whatever) into the environment before executing the CGI/whatever, you're screwed. (And there's nothing you can do about it either, since the problem is before your program is exectued.)
Similarly, it might be a problem if you use
system()
/popen()
or whatever in your CGI/PHP/... without sanitizing the environment first.(Major distros apparently have already updated their
bash
packages, and there seem to be backported patches for bash releases for the last decade or so. Also, if your/bin/sh
isn't/bin/bash
, and you're not running bash-shell scripts anywhere in your webstuff, you might not be in trouble either way.) -
RE: Poll: clean?
you can try rearranging the stuff that's already there
Yes! Categorizing + sorting by surface friction.
Filed under: Bills posted in coarse, high-friction envelopes are less likely to be paid on time.
-
RE: Poll: clean?
I suggest getting a Roomba or equivalent. I can attest to it not leaving papers on the floor unmolested. For bonus points, get a model that comes with the timer, so it can be set up to automatically molest papers daily, when nobody is at home.
(Not sure if it will prevent further arguments, though. Probably not.)
-
RE: Poll: clean?
I tried to select "THX1138" (as in, highlight the text with my mouse), so I could google it. Discourse interpreted that as an intention to vote so, and I'm too lazy to change it.
As for my place - I'd say mostly tidy and mostly clean. Roombas turn out to be very incompatible with random piles of stuff on the floor, and having a mostly clean floor but a not clean everything-else causes some sort of aesthetic imbalance, so there's an incentive to keep up with the Roomba and clean the rest.
-
RE: Microspeak: "Offline"
We use "offline" to mean in person.
I'll in-person you an email with further details
-
RE: Apple introduces JScript, only 20 years too late
Right, but added to that, they need to have names that are impossible to Google.
C†† is an excellent choice then - by default Google throws away the "††", so you'll end up with plain C answers.
-
RE: Destiny
A v P remake. I hated it. Although to be fair, I only tried playing as the Alien. The controls and camera for walking on walls made me very, very ill.
But the wallrunning with the Aliens was soooo much fun in MP. :-) But sure, it took a bit getting used to.
(Incidentally, IMO half of the fun of Titanfall was the unrestricted movement outside of the titans.)
-
RE: Codethulu's evil spawn, in fewer lines than you can imagine
Ah, but
NULL
is actually defined to be0
by the standard. If the real not-point-to-anything “pointer” is something else, the type-cast machinery has to handle this special case right. Funnily enough, everyone actually uses 0. They just don't guarantee that it won't point somewhere…I think @SpoofedEx is referring to the (somewhat failed) attempt at using
memset()
to initialize pointers. I guess he's technically right there -memset()
would fill the memory with the literal value0
byte-for-byte, not with whatever magic pattern NULL could be using.Of course, the point is moot, because the code attempts to initialize the zero first bytes of the pointer arrays with whatever the value of
sizeof(ptr)*9000
ends up being (interpreted as a byte), so it fails terribly either way.I've never had to work with an insane arch where NULL doesn't use zero as a pattern, but it seems that on those platforms you're not able to use
memset()
to initialize anything containing pointers... Interesting.But, yeah, definitively not the main problem with this code.
-
RE: Codethulu's evil spawn, in fewer lines than you can imagine
I vote for the clbuttic
memset()
fuckup. -
RE: Discourse is the best thing since sliced bread
hmmm.... artery clogging fat.....-gurgle- </homer simpson>
But it is awesome infinity scrolling toastable foam!
I didn't really expect to ever be grossed out in a thread about bread, but the mental image of a slowly scrolling infinite mess of butter-soaked toast surely did that.
Thank you.
Filed under: Not a huge fan of butter-soaked toast
-
RE: Discourse is the best thing since sliced bread
More like, discourse is to forums what the toastable foam that some places try to pass off as bread is to real bread.
-
RE: I spy demons coming out of your nose...
Yes, thanks for pointing that out to me. What happens is that
strrchr
returns NULL because there are no dots in the display string, which causes the length passed tostrncpy
to be so far off base it isn't even funny (it in effect negates a pointer value). Result: the display string can go on and on, and it'll copy all of it, negating the use ofstrncpy
altogether! Morons.Actually, it seems to be a bit worse than that:
man strncpy: If the length of src is less than n, strncpy() writes additional null bytes to dest to ensure that a total of n bytes are written.
I originally thought that
strncpy
would copy only until and including the\0
from the source string, assuming that the length parameter was large enough. Then I remembered thatstrncpy
is particularly retarded and useless... -
RE: Minecraft- unrelated shenanigans
If Microsoft buys Mojang/Minecraft, my guess is that they'd eventually release a Minecraft 2 of sorts.
So, the question is, will they be able to create something compelling (because the devs, whoever those end up being, now have much better resources, somewhat similar to the situation with Portal), or will Microsoft just end up attempting to milk the franchise with a number of mediocre products and/or promotional console-only releases?
I could see it go either way, but realistically, I guess it'll be the latter.
-
RE: I spy demons coming out of your nose...
Didn't spend too much time looking at the code - the
sprintf()
stood out for me. But you're right - there's much terribleness to be had there.In fact, shouldn't this code blow up on most systems by default? IIRC the string returned by
DisplayString()
would be:0
, with no dots, which should be at the very least bad news whennds
is manually zero-terminated.(FIxed lenght strings are of course bad, but seem to be pretty much standard in most code that messes with X11 that I've seen. )
-
RE: I spy demons coming out of your nose...
QFT.
The fact that this "works" at all seems to be mostly dumb luck (i.e., if the format string started with anything other than
%s
, it'd probably break in all sorts of funny ways). -
RE: Traffic lights
https://meta.discourse.org/t/traffic-lights-algorithm/19992/2
Not receiving the appropriate badges for e.g. pedanticism, when said post clearly qualifies the poster for such a badge should be considered a problem.
Filed under: Not doing it wrong
-
RE: Explicating the survival of the Shell as default OSS UI
...which has been delayed until 2016 last I heard (it was supposed to ship in Ubuntu 13.04 in April 2013). Meaning that Ubuntu and its derivatives are still using the old X Server.
Is there any major distro that has made the switch from X? Wikipedia doesn't mention anything, but hints that neither Gnome nor KDE are fully ready for Wayland (let alone Mir).
-
RE: Bot Duel!
unfortunately randomly closing Bug topics is out of scope.
Well, we could always petition PJH to give the bot mod privileges... (Yes, yes, that thread is that way )
-
RE: Bot Duel!
I'm somewhat dissapointed by @CodingHorrorBot - no links to random blags.
Filed under: Doing it Wrong - indeed
-
RE: 😈 The Evil Ideas thread
But if the end of the universe is what you want, then that's what it's going to take.
Well, it only expands at the speed of light. Not exactly a quick way to get rid of the universe.
Filed under: Dear physicists, please come up with something slightly more efficient and practical.
-
RE: Your view on cookies?
The pretend-chocolate-chip ones are the worst. I hate raisins. I hate them even more when I'm expecting delicious chocolate.
-
RE: The IT Anecdotes thread
One of my schools also had a NetWare/NT-based setup. During my time there, a progression of new "security" features were added, that at least initially didn't quite work out.
One attempt at keeping people from playing games was to limit what programs could be run. For some reason this was done by whitelisting certain executables - by name. Result: suddenly there's a huge pile of things named "winword.exe".
The fix to this was to disallow executing stuff from any folder, and to prevent normal users from accessing certain folders, i.e. prevent the viewing of folder contents other than home directories and a few other places in explorer. Turns out that the Open-dialog in Word supported (at that time) a fairly large amount of file manipulation operations and wasn't really affected by whatever was done to prevent such things in explorer. Result: there's a "winword.exe" in every directory that had other (whitelisted) executable files.
IIRC the school's sysadmin finally managed to implement something that wasn't immediately worked around. (Result: we started playing MUDs using the built-in telnet.exe. And we figured out what you'd have to tell the proxy to connect through it by hand. This was never fixed during my time at that school.)
-
RE: The IT Anecdotes thread
Lucky him. I've done things like that, and usually, you're made the scapegoat.
For the most part, the IT-guys at that Uni were actually relatively sensible, down-to-earth people with a surprisingly high tolerance for random shit, if you were somewhat courteous and didn't make their jobs harder on purpose.
Now, IT-management on the other hand...
-
RE: The IT Anecdotes thread
From what I remember, the student initially got an angry email from the IT-folks with a nice threat of suspending his account if he didn't explain himself. He told them what had happened, and backed-up by us (I was a TA at the time), they let it go.
I'd assume that the configuration on the server(s) was fixed, but TBH, I never checked afterwards.
-
RE: The IT Anecdotes thread
Had something similar happen here. I don't remember all the details, but for some reasons one of the introductory labs mentioned fork-bombs, and showed the "classic" bash implementation. The lab warned that running it is a bad idea etc etc.
One year, the lecturer mentioned (prior to the labs) that most systems nowadays had mitigation measures against fork bombs (i.e., sane process limits and such), and demonstrated that on his laptop.
Several students decided to try it out one their laptops during the labs (with no ill effects). Except one guy who (accidentally or otherwise) ended up launching the fork-bomb on one of the Uni's central remote-login servers for students. Guess which machines were misconfigured and most definitively crashed from fork-bombs and had to be rebooted manually by the IT-staff? Well, yeah.
-
RE: FUCKING HELL WHY DOES IT override the ctrl + f shortcut WHEN I PUSH CTRL+F ONCE
<img src="/uploads/default/6601/8179b50e3e00174c.png" width="449" height="500">
Oh. Shit.
That's actually sort of convenient. I can use my browser's built-in search to find stuff in the discosearch...
Filed under: Yo, dawg.
-
RE: Markdown Drama Part III - The Revenge of the CommonMark
"no" made sense when I wrote that. Dunno why.
...
On the other hand, it does make sense when taken completely out of context:
It's a Discourse install, what do you think?
No.
Or perhaps more like.
(I'm fairly certain that I stopped making any sense at all at this point. Time to get some sleep.)
-
RE: Markdown Drama Part III - The Revenge of the CommonMark
It's a Discourse install, what do you think?
In hindsight, I maybe should have added
Filed under: rhetorical question
Filed under: I'll answer your rhetorical question: "no"
-
RE: Markdown Drama Part III - The Revenge of the CommonMark
Soooo...
Does anybody know if the Discourse instance at http://talk.standardmarkdown.com/ uses the standard markdown syntax, or Discourse's own bastardized implementation?
-
RE: Sexy Trust levels are a-changing!
Me too. I'd perhaps also switch out Leader to Elder, but whatever. (And why not make the whole thing configurable per-site?)
Filed under: Not a big deal either way
-
RE: Unsexy Zoe Quinn drollness (prepare the lawyers)
Somewhat interesting read:
Apparently, some people are unable to decide just who the game is making fun of. As expected, hilarity, trolling and flaming ensues. So, eh, to the author for a job well done. for introducing me to the term "Social Justice Warrior", I feel dumber now.
-
RE: [en.topic_count_all] Click to show.
Well, in the Discourse Design Handbook, the existence of a workaround seems to imply DONTNEEDTOFIXRIGHTNOW or possibly DONTNEEDTOFIXLIKEVER (but very definitively it implies DONTNEEDTOFIXFORV1).
Filed under: [I was going to link to an example, but couldn't decide which one to pick.](http://what.thedailywtf.com/t/inserting-links-after-hr-fails/825) -
RE: These screenshots have not been altered or staged in any way (Opera Mobile weirdness)
IMO, fluffy covers and mats on/around toilets belong here either way.
-
RE: 🙅 THE BAD IDEAS THREAD
(let's try again.)
Well, it worked for me last night and it's up now, don't know about any 504s.
Weird, I'm getting that error right now. Even tried to reach it from two other machines in different networks... same result. Seems like they doesn't like Sweden.
If you can spare a bit of time, London has plenty to offer a tourist
I'll probably try to put in a quick visit to the city on the return trip. Probably won't have time to see too much, but hopefully it'll be sufficient for a beer somewhere ... and maybe some of that famous British food. :-)
-
RE: 🙅 THE BAD IDEAS THREAD
Not having too much luck with them internets today...
Edit: Hmm, temporary hickup in Discourse?
-
RE: 🙅 THE BAD IDEAS THREAD
If you're coming into Heathrow, you'll be heading into London Paddington, from there National Rail's website tells me your best bet is underground across to King's Cross St Pancras, and up direct to Hull from there. Alternatively, King's Cross -> Doncaster -> Hull seems to be marginally more frequent.
Thanks! That's the route I ended up looking at earlier, so I guess one could say I was on the right track then... Thank you, I'll be here all week etc etc.
Heathrow from the outside is actually fairly dull and lifeless IMO.
I've been to Heathrow a few times, but for some reason never managed to get off there and visit any part of London. Probably won't have much time to visit London this time either, but at least I'll have been outside of the Airport...
Alternatively, fly to Manchester and take the train over to Hull.
Yeah, had checked that out too, but unfortunately there are no direct flights to there. (Heathrow is one of the hubs that I can get to directly, so it's quite convenient because of that.)
National Rail's website
At least they're a bit less sneaky and more up-front about the timeouts...
-
RE: 🙅 THE BAD IDEAS THREAD
Hull.
I'm looking at flying via London mostly because it's way easier to get there than other airports (e.g., Manchester or something). Plenty of direct flights to London... and most of the other destinations go via London anyway (or some other totally random place in Europe that's much further away.)
Besides, it'll be fun to see the outside of Heathrow for once. :-)
-
RE: 🙅 THE BAD IDEAS THREAD
... stupid timeouts.
I've got to travel to some place in the UK I've never been to before, with the closest airport in London (sort of). So essentially, the I'm trying to find out which flight- and train-combination takes me to the right place (more or less) at the right time (more or less). This involves some amount of staring at a list of trains and comparing flights and vice-versa ... to at least make sure that the trip is possible. Suddenly the damn page refreshes and tells me that I need to fucking reenter my search criteria and start from the beginning. *rage*
FWIW, the three tabs for booking flights on different days are still open and work perfectly, even after writing this post.
-
RE: 📹 Blakeyrat's Videos Thread (Robots in the News et al.)
And it's still possible for a rogue OS or drive to corrupt a disk in such a way that both RAID drives are simultaneously corrupted. Unlikely, but possible.
I've had three drives in a machine fail simultaneously (a fourth survived, sort of). Might have been me fucking up, since it happened fairly shortly after I upgraded/swapped something (broken PSU fan? don't remember) in that machine.
Still, after that, I'm making sure that important files exist in at least one additional place.
-
RE: &@#^ YEAH! My estimate was right :D
Ok, I'm slightly jealous right now.
I assume "estimate" refers to when it's going to be shipped. For the v1 kit there were a few 3:rd party resources/pages dedicated to figuring out when yours would ship, based on the Order ID and to where it was going to be shipped. IIRC those got the date for mine right to approx. +- 1 week.
-
RE: Javascript gotchas thread
I find it interesting to note that PHP supports
and
andor
in comparison to&&
and||
but at lower precedence to them.&&
and||
have a bunch of lower precedence operators thenand
andor
.C++ also allows the alternate "and/or" spellings (apparently - don't think I've ever used them). Additionally there's <ciso646>, just to make sure.
At least
and
really is equivalent to&&
... Then again, different precedence would probably enable awesome amounts of creative abuse <3.Ok, so C is slightly less bad than I remember.
Hey, in C++ this is fixable! Just override a few operators.
-
RE: Javascript gotchas thread
The same feature is in Lua. Although, it uses
and
for&&
andor
for||
. This makes code much more fun to read:x = a or b;
Wait, I have to pick? I want both!
x = a and b;
Great!