HackerTrans
トップ新着トレンドコメント過去質問紹介求人

andrewmd5

no profile record

投稿

We made the dev tier free. Go nuts. – Rainway

rainway.com
2 ポイント·投稿者 andrewmd5·4 年前·0 コメント

Why should 0 be a “boring” value in an enum?

github.com
1 ポイント·投稿者 andrewmd5·4 年前·0 コメント

How we added support for Rust to our schema language

rainway.com
2 ポイント·投稿者 andrewmd5·5 年前·0 コメント

NPM silently suspended package adoption after mistakenly transferring one to me

twitter.com
3 ポイント·投稿者 andrewmd5·5 年前·0 コメント

コメント

andrewmd5
·4 年前·議論
Afghanistan?
andrewmd5
·5 年前·議論
It is to support finding devices you can cast to inside the app (like conference calling boxes.)
andrewmd5
·5 年前·議論
If you can recreate a file so it’s hash matches known CP then that file is CP my dude. The probability of just two hashes accidentally colliding is approximately: 4.3*10-60

Even if you do a content aware hash where you break the file into chunks and hash each chunk, you still wouldn’t be able to magically recreate the hash of a CP file without also producing part of the CP.
andrewmd5
·5 年前·議論
The overhead of stream abstractions is negligible if your goal is security when processing arbitrary input files provided from a zero-trust environment.

In environments where you’re prioritizing performance I’d still argue streams are likely your best bet when the size of the file to be parsed is not a constant. You wouldn’t want to load 50 large files into ram on a server environment let alone a phone.

If your input buffer is a bunch of tiny 10 KB files and you trust them? Sure, load them into memory and access their indices on the stack. Make sure you reuse the buffer to avoid unnecessary allocations.

If you want parallel processing with zero-allocations then streams with an array pool for their backing buffer are the best bet.

Not loading arbitrary files into memory will always be safer than doing so.

As for decoding - I believe the functions for validating if an array of bytes is an image should be far removed from the decoding and presentation of those bytes to the frame buffer. You don’t need to decode a JPG to validate that a file is a JPG. It either conforms to the standard or it doesn’t; the pixel data is irrelevant.
andrewmd5
·5 年前·議論
If your goal is validation (i.e. this is a JPG/PNG) and stripping of EXIF data it is entirely possible to write your own parser in a managed and safe language in less than 500 lines of code without sacrificing any performance.

Don’t load them into memory, parse them as a stream byte-by-byte in accordance with the standard for the codec, check every offset before seeking, and reject images that don’t conform to the standard.

And of course, a ton of fuzzing to accompany it.
andrewmd5
·5 年前·議論
The binary is that big on Linux because the debug symbols are embedded in the executable. You need to strip them.
andrewmd5
·5 年前·議論
Rainway | Seattle, WA | Remote | Full Time | https://rainway.work/

We're unleashing the future of computing, collaboration, productivity, and development by using real-time video streaming to change the way that desktop software is built and distributed.

We've opened source all of our code challenges, so if you're interested in any of our open positions you can apply by following the instructions on this page: https://rainway.work/Code-Challenges-f1bc61fecf754d06be253ad...
andrewmd5
·5 年前·議論
The political speech some wish to see silenced revolves around the racial and socioeconomic inequality they benefit from each day. Turning a blind eye to systemic racism does not mean it does not exist, and inherently saying Black lives matter is not a political statement. The ideological aggression against it however is.