Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • July 22, 2017, 03:40:24 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - f0dder [ switch to compact view ]

Pages: [1] 2 3 4 5 6 ... 362next
1
It is a apparent that this is one of those things, like religion and politics, that people adhere to and have their own opinions on
That's what people who use filthy spaces would have you believe - us tabbers have the objective facts, obviously.

;)

2
Someone mistyped a . for a /  :huh: (they are quite close together on a US keyboard layout :P)
Yes, yes! That was... definitely!... what happened ;P

3
I don't do much with Python.  However it does seem much more natural to type a block by hitting Enter, then Tab rather than holding down the shift key and hitting a curly brace.  At the end of the block you hit backspace to back off the indentation rather than again holding down the shift key and hitting another curly brace.  I didn't find it all that problematic when using an editor that knows Python.
I don't find adding braces is much bother, and it removes ambiguity - if a language uses indentation for semantic purposes, you run a higher risk of stupid bugs. Especially if you copy/paste snippets of code from the intarwebs, and who doesn't these days? :-)

Quote
You're either using a very, very narrow monitor (for professional development I've been on 120 columns with plenty of real estate for an IDE for 5+ years), or having crazy amounts of indents.
I guess you don't use end of line comments much.
Indeed, I don't.

I find that when I use proper variable and function names - which requires extracting well-defined, single-purpose functions - I don't need end-of-line quotes for anything. The code reads pretty naturally, and when I need comments, it's usually a larger block describing why somethign is done in a special way, performance considerations, external API/service quirks, whatever.

So use an editor that has a hard tab/spaces option.  I don't get the controversy.  But for people who may type in the < 30 wps range hitting shift brace combinations is distracting and causes a lot of lint since it is easy to get a bracket when you want a brace.  Also I notice many IDEs, at least in free tools, lack a reformatting indentation parser(such as Tidy.)  When I used Delphi 5 I found it liberating to just type in the code all messy and hit the function key for Delforex to indent and capitalize according to rules etc..  If everything lined up chances were good I did not have any typos.
The controversy is a people thing, and it's already mentioned above. Tabs means flexibilty, spaces means people shoving their preferred indentation size down your throat.

4
As Deozaan says, it also means that you (you special snowflake!) is trying to dictate how wide my indents are supposed to be, instead of letting that be up to my editor settings. Editor settings that probably vary depending on whether I'm on a machine with big monitors, or editing in Vim through SSH.
Not really.  If that's what the team decides on, then that's what the team does as a rule.  And when others come into the team, they adhere to the standard.  Right?
It sucks if the team has made the misguided decision to use spaces, but yes.

5
I consider languages insisting on indentation for semantics (like Python) to have made a really bad choice in that regard. The intention might have been to make program structure clearer, but it's dictatorial "we know better" that doesn't belong in a language, and it ends up causing more troubles than it solves.

I hate it when source wraps to the next line or kicks in the horizontal scrollbar just because there were a few nested blocks generating a bunch of white space.
You're either using a very, very narrow monitor (for professional development I've been on 120 columns with plenty of real estate for an IDE for 5+ years), or having crazy amounts of indents.

I've been using tab-is-4-spaces indenting for some 15+ years, but I'm considering changing that to oldschool 8, since it forces you to reduce indentation - preferably by splitting your code into shorter, coherent functions.

6
Using spaces for indentation is stupid.

It's treating a semantic piece of information as visual formatting, and that by itself should be enough to disregard space-formatting.

As Deozaan says, it also means that you (you special snowflake!) is trying to dictate how wide my indents are supposed to be, instead of letting that be up to my editor settings. Editor settings that probably vary depending on whether I'm on a machine with big monitors, or editing in Vim through SSH.

I've never seen indentation be a problem for VCS (any of the modern ones, anyway - pre-subversion days don't count), unless you've got non-team-players that insist on reformatting files instead of sticking to the project standard.

The only place where you might need "consistency" is if you have tabular data represented as code - and that's easily solved by tabs-for-indent, spaces-for-alignment, which is a fine compromise until everybody is using automagical IDEs that don't care about source representation and do on-screen format based on language rules :-)

7
Quote
The administrative shares that have been part of Windows for a long time have been a staple for remote file management for IT pros.
s/pros/skiddies.

Sure, they're useful for legit admin actions, but they're one of the first things I disable after I install Windows :)

8
Living Room / Re: Password Managers ... vs. Not
« on: June 06, 2017, 01:13:18 PM »
I disagree.  By insisting on funky characters that make you shift mode on touch keyboards they can always say you made a typo when entering.  Even if they are the ones who changed what you typed.  It amounts to asking the service provider for permission to use your own account.
What on earth are you on about? :huh: :huh: :huh:

9
Living Room / Re: Password Managers ... vs. Not
« on: June 06, 2017, 10:21:54 AM »
Of course the above is simplistic, and you can do things like uppercasing and other character manipulations - but an extended alphabet will always require (quiiiite a bit) more effort for a string of the same length.
I'm sure that technically you have foundation for your argument(s).  But people live day to day fine with getting home from work and using a house key to get into their house/condo/apartment.  It does not stress them that a guy with a couple of battery powered drills can drill out the front door lock in about 30 seconds if he has practiced the procedure.  But the owner/renter can get in his own place in the most likely event terrorists are not waiting inside.
I'm sorry, but that is a silly attempt at an analogy.

Getting your credentials leaked is a very real risk - just look at the monster breaches various big sites have had over the last few years. You really should consider your password hashes to have been breached, and better hope you haven't used any sites negligent enough to use weak hashing (or no hashing at all, or reversible encryption instead of hashing).

So you need to pick your passphrases under the assumption that it will be suffering an offline attack.

There's a balance point past which the customer exists to serve the service instead of the other way around.  We have already tipped the scales in many areas.
Password hygiene has nothing to do with "customer serving the service", but you're right that there's a balance - that balance is between how much effort you put into securing credentials for Site X vs. how much it would hurt if that set of credentials are breached.

For most people, getting facebook or their primary email account taken over can lead to a lot of hurt.

Using a password manager to have unique, strong passwords per-site really isn't much of a hassle. Adding 2-factor authentication is a minor annoyance, but it's worth doing for "primary" accounts like mail, facebook, github and the likes.

10
Living Room / Re: Password Managers ... vs. Not
« on: June 06, 2017, 02:44:22 AM »
My point was that although passwords that are made of actual words were more vulnerable than those "secure" generated ones, if you do not limit the number of attempts at cracking them then nothing is secure.  Also the same thing applies to hijacking the encrypted database.  If the brute force method can be applied offline then just because the passwords have no vowels and some numbers and symbols sprinkled in that will not long delay the cracking.
That is wrong, though - and it all comes down to the number of guesses you have to make.

Assuming a dictionary of ~171k enlighs words and stringing five of them together (one more word than XKCD's Correct Horse Battery Staple) gives 171000^5 permutations. I don't know what the average word length is, but let's be (very) generous to the string-words-together method and compare to a 20-character random string of base64 alphabet - which gives 64^20 permutations. That's 9.091.152.181 times as many password attempts.

Of course the above is simplistic, and you can do things like uppercasing and other character manipulations - but an extended alphabet will always require (quiiiite a bit) more effort for a string of the same length.

Seems to me setting delays on IPs and domains generating invalid logon attempts would be more secure.
False dilemma - using secure passphrases doesn't remove rate limiting. And while rate limiting definitely should be implemented, it only protects against remote bruteforcing of the lamest of lame passwords. Strong passwords guard against offline attacks.

11
For video encoding, if you're not worried about temperature, just setting the encoder process to a low priority should still keep the machine usable, though.

12
Living Room / Re: Password Managers ... vs. Not
« on: June 05, 2017, 11:02:33 AM »
Plain bruteforcing has to search a much bigger keyspace than a smart dictionary-based attack.
See your previous comment about off line attach modes.
I'm not sure what you're trying to say here? I thought you were wondering why "unmemorable passwords" were any better?

13
I'm usually wearing pants at work, though...
Usually?  ;D
There was this one time when a co-worker finger-gun-pointed at me and said "hands up or pants down", which I obviously couldn't let go uncontested.

14
My point above being: A security flaw opening a webcam while I am sitting in a cubicle is way different than if I am sitting at home (may be that's just me though)
Nah, I think they're the same.
I'm usually wearing pants at work, though...

15
Living Room / Re: Can I trust bookdownloadforfree > filesfetcher?
« on: June 04, 2017, 09:48:56 AM »
Curt, how would a "download files to centralized location and let you download from there later" kind of service allow you to get an ebook for free?  :huh:

16
I'm more interested in arguments for limiting a process in using the available cpu power. Do you buy a car with hundreds of hp, just to keep the hand-brake on all the time to get a slower acceleration?
I guess it could be useful in a few scenarios for keeping the thermal output lower - like if you have a long-running job on your laptop that you don't need finished as fast as possible, and would rather not get it running blisteringly hot?

17
General Software Discussion / Re: Record whatsapp calls software
« on: June 04, 2017, 09:39:09 AM »
Keep in mind that this is a somewhat dodgy thing to be doing, so appstores are pretty sure to be full of pretty dodgy applications claiming to be able to do it.

18
Living Room / Re: Password Managers ... vs. Not
« on: June 04, 2017, 09:37:32 AM »
1) Why is the server allowing thousands of attempts on your account so that the entire dictionary is traversed until a successful hit is achieved?
Rate-limiting the service doesn't help if hackers are able to exploit servers and snatch the entire (encrypted) database and do offline attacks.

2) What is to stop the dictionary attackers from just using permutations of numbers and letters just like the unmemorable password generators produce?  If the server is going to allow thousands of logon attempts to the same account why not just brute force it?
Plain bruteforcing has to search a much bigger keyspace than a smart dictionary-based attack.

Lately there seems to be a tendency to make using the internet and computers generally nearly more of a pain in the ass than it is worth.  Especially with phone logon it is a real pita to have to fat finger passwords with mixed case letters plus numbers and funky symbols.  It just seems like it is getting to the point where everyone can get into my account but me.
Your definition of worth is probably different from other people's. Getting key email accounts breached could be enough to cause severe financial harm for some companies, or even death for individuals.

Proper 2-factor authentication is one of the most effective ways to stay safe even in the face of password breaches. I'm pretty happy about services that offer YubiKey (or other FIDO device) with Google Auth (or other TOTP app) as backup.

19
I would have thought UTF-8 subtitles and buffer overruns leading to code execution - specifically mentioning .zip downloads makes me think otherwise.

It could be several different bugs in different players - it could be absolute paths in zip files? - it could be one ore more bugs in one or more common subtitle handling libraries.

Interesting! :)

20
Living Room / Re: [Breaking News] Cyber Attack cripples UK NHS.
« on: May 27, 2017, 09:28:30 AM »
"The same" or "a similarly bad and wormable" security hole?

22
Living Room / Re: [Breaking News] Cyber Attack cripples UK NHS.
« on: May 18, 2017, 02:28:14 AM »
A toothbrush is a product, and electricity produced by a nuclear power plant is a product, but the latter produces nuclear waste as a side-effect that will be causing a headache for our progeny for tens of thousands of years. So you can't just leave it up to the companies or the markets.
The comparison of the current situation to nuclear powerplants is... bordering crazy.

Let's reiterate:
  • XP has had longer general support than most Long-Time-Support OS versions.
  • Product roadmap has been available for ages, EOL is no surprise to anyone.
  • "Special Snowflake" support has been available at a very reasonable pricetag.
  • For "can't upgrade" scenarios, third-party (irresponsible!) vendors are responsible.
  • Mitigations are available for "can't upgrade" scenarios, and there's been plenty of time to implement them.

And it's not unreasonable that security patch wasn't initially released to the general public - XP is EOL, after all. And there's an insane amount of testing needed before releasing a GA patch - can you imagine the outcry if Microsoft released a patch that broke people's systems?

23
Living Room / Re: [Breaking News] Cyber Attack cripples UK NHS.
« on: May 15, 2017, 02:24:20 AM »
It isn't malware research - they actually produced the malware that was used by the hackers. As far as I am aware they weren't reporting the security issue to MS but rather keeping it quiet so that they could illegally exploit it themselves.
Oh, but it *is* malware research - and weaponization of the bugs found. And that's fine, really, it's part of what a national security agency should be doing. We're a lot better off with this model than having intentional backdoors inserted by government agencies.

Of course it's bloody bad that agencies have had their malware treasure troves robbed and leaked by bad actors, but there's no guarantee that the exploits wouldn't have been found by somebody else. You can be sure that the cybercriminals have people hunting for 0days.

Your "govt must have access to everybody's data" worries is something I share, but it's a different issue from TLAs hunting for bugs and weaponizing them.

24
Living Room / Re: [Breaking News] Cyber Attack cripples UK NHS.
« on: May 14, 2017, 11:12:47 AM »
f you have a product (e.g. Win XP) that has fundamentally changed the world and the world in its current form still relies on it to function, then you (MS) can't just decide for commercial reasons to entirely abandon it (and the world). I mean you can, but it is not right and it will have consequences, including commercial ones.
I quite disagree.
Windows XP is 15+ years old, has had way longer support lifetime than you get for LTS version of other software, and there's been a very clearly planned and communicated timeline for support EOL. Now, it would be interesting if some product liability (within limited timeframe) was introuced - Poul-Henning Kamp of FreeBSD frame has some thoughts on this that are worth reading, but for a product as antiquated as WinXP, it really is the fault of the victims for not upgrading.

As I've said, and Stoic Joker confirmed, there's good reasons why some equipment is not upgraded, and it's not easy to secure those machines - but it's not impossible, either. Virtualization, network segragation, proper backups, etc... and obviously a lot of the photos we've seen the last couple of days show pwned machines where there really aren't any good excuses for not having patched.

Anyway, the bugs exploited are pretty bad - the SMBv1 used for worming isn't exactly XP-only, and the Windows Defender/Anti-Malware exploit is probably the worst I've seen in... 10+ years, I reckon.

It is the US governments fault for legislating that the NSA can snoop on American citizens that ultimately got stolen by/leaked to hackers (which everyone knows is inevitable) - this is going to happen more oftne inthe US and UK and we should all be railing against the decimation of our rights and privacy as citizens.
NSA does what National Security Agencies do - I'm appalled at how they're doing mass surveillance of honest citizens, but NSA doing offensive malware research is not a problem - the bugs were there, it's only a matter of time before somebody found and exploited them.

25
Living Room / Re: [Breaking News] Cyber Attack cripples UK NHS.
« on: May 13, 2017, 12:18:30 AM »
An OS that was released over 15 years ago, in an age where people pay for latest phones, latest consoles and other gadgets ... sorry but that's silly.
Yes and no.

In general, I agree that it's silly to cling on to an operating system that's that old - but there might be good reasons for it at a hospital. They have special equipment that sometimes, unfortunately, need drivers that haven't been updated for modern systems.

Pages: [1] 2 3 4 5 6 ... 362next