HackerTrans
TopNewTrendsCommentsPastAskShowJobs

survivedurcode

no profile record

comments

survivedurcode
·2 jaar geleden·discuss
I stand corrected, it is not a lazy shitshow.

You’re right, fake sudo prompts is how people get exploited all day long. I’ve witnessed it on MacOS.

For UAC, the user still has to learn that the darkening on the screen and the prompt is “serious business.” I think that when a password is present and has been willfully supplied, prompting the user for the password guards against automatic/accidental acceptance (button-only user confirmation prompts). I understand that many users have a joke password that might as well not be something that’s not really any more secure than a click on a button.

I see that Sudo for Windows has been restricted to Desktop only. https://hudsonvalleyhost.com/blog/microsoft-officially-exclu...

From the design article you linked, I know it’s 2006 era:

> You hide the real mouse cursor and show a fake one some number of pixels offset to the real one

I think MacOS only in the recent years has “Full Desktop Control” as an accessibility-category permission (a confusing category to boot) it enforces on apps to prevent faking the cursor.
survivedurcode
·2 jaar geleden·discuss
> programmers can allocate their smarts to something more productive than expertise in programs corrupting themselves

Amen. This is called progress.
survivedurcode
·2 jaar geleden·discuss
When you write C++, you can allocate memory all day long and write ZERO delete statements. That is possible, I’ve been writing C++ like that since 1998 (Visual C++ 5.0 and lcc). Can you imagine allocating memory and never risk a premature or a forgotten delete? It is not possible in C. You can call it opinion, but I see fact. That makes C all that bad.

When I say put it in the bin, I don’t mean that good software hasn’t been written already with it, or can’t be written with it. But you should stop using it given the earliest opportunity. When given the ability to write object-oriented software, clever engineers with too much time add insane complexity justified by unproven hypotheticals. Believe me, I know very well why people shy away from C++ like a trauma response. Overly-engineered/overly-abstracted complexity, incomprehensible template syntax, inadequate standard library, indecipherable error messages, C++ has its warts. But it is possible to write memory-safe software in C++, and it is not in C (unless we are talking about little code toys!). My answer is that you don’t have to write complicated garbage in C++. Keep it simple like you are writing C. Add C++ features only to get safety. Add polymorphism only when it solves a problem. Never write an abstract class ahead of time. Never write a class ahead of time.

Downvote me all day long. Call me angry. When billions of dollars are lost because someone, in our modern age, decided to write new software in C, or continue to develop software in C instead of switching to a mixed C++/C codebase with an intent to phase out new development in C.

It’s hard not to get angry when modern software is written with avoidable CVEs in 2020’s. Use after free, buffer overflows, are you kidding me? These problems should have been relics in 2010+, but here we are.
survivedurcode
·2 jaar geleden·discuss
LOL you should be upvoted as your comment perfectly captures the blind arrogance of the software industry.

When you call people computer illiterate, you are blind to the technocrat injustice imparted onto the general populace.

> The obnoxious behavior and obscure interaction that software-based products exhibit is institutionalizing what I call "software apartheid":”

> ― Alan Cooper, The Inmates Are Running the Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity

> “When programmers speak of "computer literacy," they are drawing red lines around ethnic groups, too, yet few have pointed this out.”

> ― Alan Cooper, The Inmates Are Running the Asylum: Why High Tech Products Drive Us Crazy and How to Restore the Sanity

You too can see the light and rise above the elitism of computer literacy. You know, there are many smart people that are too prideful to put up with what computer people demand as computer literacy. They suffer in silence, you will not have their loyalty, and they will switch to competing software the moment they are able to.
survivedurcode
·2 jaar geleden·discuss
lol UAC is such a lazy shitshow of a security implementation…

A) there is no interception to be had. It’s a fucking “Yes I am Admin” single click a child could do unsupervised.

B) It requires training for the user to know that this is a special UAC mode. That’s high-motivation, high-knowledge user training. Pilots train to recognize unusual signs. Your grandma does not train to recognize what UAC looks like, why it would come up and when. UAC is the biggest cop out of a security excuse and Windows should be ashamed.
survivedurcode
·2 jaar geleden·discuss
Continuing to use a memory-unsafe language that has no recourse for safety and is full of footguns and is frankly irresponsible for the software profession. God help us all.

By the way, the US government did the profession no favors by including C++ as a memory-unsafe language. It is possible to write memory-safe C++, safe array dereferencing C++. But it’s not obvious how to do it. Herb Sutter is working on it with CppFront. The point stands that C++ can be memory-safe code. If you make a mistake, you might write some unsafe code in C++. But you can fix that mistake and learn to avoid it.

When you write C, you are in the bad luck shitter. You have no choice. You will write memory—unsafe code and hope you don’t fuck it up. You will hope that a refactor of your code doesn’t fuck it up.

Ah, C, so simple! You, only you, are responsible for handling memory safely. Don’t fuck it up, cadet. (Don’t leave it all to computers like a C++ developer would.)

Put C in the bin, where it belongs.
survivedurcode
·2 jaar geleden·discuss
I think there’s more to it than just messing with serotonin.

There’s something about Sertraline (Zoloft) that seems to make it quite reliable at causing brain zaps. 3 people I’ve known who stopped Sertraline all experienced brain zaps. 1 of those people also talked about stopping Prozac (cold turkey) and Lexapro (4wk taper) and did not have the zaps, but a 4-month taper of Sertraline was not enough to avoid them.

In fact in the article they recommend switching to Prozac and then tapering that, as a way to avoid the zaps.
survivedurcode
·2 jaar geleden·discuss
I would check your answer. These are pauses due to time spent writing to diagnostic outputs. These are not traditional collection pauses. This affects both jstat as well as writes of GC logs. (I.e. GC log writes will block the app just the same way)
survivedurcode
·2 jaar geleden·discuss
Probably because pages mapped, even if they are locked into memory are not allowed to stay dirty forever. Does this help? https://stackoverflow.com/a/11024388 (In contrast, if you mlocked but never wrote to the pages, you probably would not encounter read pauses)
survivedurcode
·2 jaar geleden·discuss
Beware the trade-offs of interning affecting GC behavior. Now you can’t have a stack-allocation optimization, for example.
survivedurcode
·2 jaar geleden·discuss
Just because there was research from 1970 (as there was in subsequent years) showing that big design up front is a bad idea doesn’t mean that waterfall is a straw man argument. It is probably necessary when you are shipping code with extremely high costs of operation, where mistakes are extremely expensive (i.e. missiles, space shuttles). I imagine automotive ECU software is probably in that category.

The software industry has ignored research from 1970s and on and continues to ignore it today.

Look at the microservices craze. It’s another way that big-design up-front has been brought back.
survivedurcode
·2 jaar geleden·discuss
[flagged]