201

(8 replies, posted in News)

I've never been able to understand security reports like these for open source projects.

I can see how its usefull for products like IIS or MSSQL where nobody but the producing company has the ability to fix the problem. 

but when you have the entire source code in front of you... it's completely retarded to post claims about any open source project.  now if folks post patches (like a diff showing the vulnerable code and hardened code) which fix the problem, well then I see it as useful. 

at least then you can know right away whether somebody's having fun on a saturday night, or there's an actual issue.

alpha fix for png's in IE: http://homepage.ntlworld.com/bobosola/

I was trying to fix a bug where a 24 character string that was stored in a database was being UTF8 decoded into a byte array and used as the key in a triple DES dectyption process.  I was getting an error that the key was invalid for the algorithm.  192 bit keys are allowed in 3DES so I was trying to chase down the problem which led me to this...

the app is an asp.net webservice in 1.1 and I only have 2.0 at home.  when I went home yesterday and tried working on it there, I could never reproduce it. which led me to this bug demo.

very odd.

I know this isnt php nor pun related, but I'd assume somebody out there has a copy of visual studio that you could fire up really quick.

this is driving me crazy.  it only happens in visual studio .net 2003 (Im using enterprise arch. version.  I cant reprduce it in visual studio 2005 team suite version)

can sombody debug this in vs 2003 and let me know what happens:

1. create a C# console app
2. paste in the following code in your main:

string s = "abcdefghijkLMNOPQRSTUVWX";
byte[] b = System.Text.Encoding.UTF8.GetBytes(s);
Console.ReadLine();

3. set a break point on the last line (Console.ReadLine()).
4. start in debug mode (let it hit the breakpoint)
5. bring up the memory window (CTRL+ALT+M, 1) and type s in the address box (1)
6. highlight System.Text.Encoding.UTF8.GetBytes(s) and bring it up in the quick watch window by right clicking on the highlighted text and choosing the quick watch menu item (2)

What happens for me:
(1) Shows unknown location (all ? marks)
(2) shows a 25 byte array starting w/ [0] = 24, [1] = 0, [2] = what [0] should have, and from this point on, its the original truncated byte[]

if I follow these exact same steps in 2005 I get what i'd expect, where (1) shows the memory contents of s, and (2) shows the encoded (24 byte length byte array) of s.


in 2003 if I pin s:

string s = "abcdefghijkLMNOPQRSTUVWX";
GCHandle sh = GCHandle.Alloc(s, GCHandleType.Pinned);
IntPtr sp = sh.AddrOfPinnedObject();

then type sp into the address box of the memory window I get what I'd expect to get by typing in s.


If you try it, post your results (do you get the same wrong thing I do?)

thanks,
MH

205

(7 replies, posted in PunBB 1.2 show off)

text files can have virii in them.  data execution is a means where executable data is loaded where resource data should have been.  its then run instead of read, and the virus lives.  amd's 64 bit processors have data execution prevention built into them so thats not a factor, but the rest of the 32 bit world is still susceptible though good prevention measures are now built in.

ogg files are compressed sound data, and are subject to data execution injections like any other file.  they are not executables though.

206

(7 replies, posted in PunBB 1.2 show off)

unreal game engine.

not all US states obvserve dst either. 

I think we're slated for that right after we convert to the metric system pogenwurst.

208

(2 replies, posted in Programming)

date format has nothing to do w/ text encoding.  if you want it formatted for a different local use the date() function w/ whatever date formatters you want in there.  ifyou want it in a different local (fr or es or ...) use strftime().

after that if you need to encode it utf8 (and its not already utf8 encoded, which I believe http uses by default), then you should encode your output as such.

209

(8 replies, posted in PunBB 1.2 troubleshooting)

print_r($atid);

210

(114 replies, posted in Programming)

lets say you're going on a road trip.  you have several options on how to get there.   lets throw out public transport.  you can either walk, ride a bicycle, or drive an automobile.  If you ask a person who doesnt know how to drive or ride a bike, they'd rather walk because thats what they know how to do (been doing it their whole lives.  they know a few tricks to make walking easier.  they have good shoes, and they dont weigh a ton while traveling).  if you ask somebody who's never driven a car before but knows how to ride a bike, I'm sure they'd rather ride the bike, because it gets them there w/ less effort.  now ask the guy who knows how to drive a car, and they'd pick the car.

now they'd all get to their destination using all 3 different methods of transport.  the car would get there first followed by the bike and the walker would get there last.

software engineering is the same way.  you can write the app in machine code, but writing in assemble is quicker, but writing in a full featured programming language that can comple to machine code is even quicker than writing assembler.  beyond this point you have the same type of thing.  you can write all your code in a text editor or you can write it in an IDE.  each one of these solutions will get you an application executable, but much like the foot, bike, and car situation, there will be one way that will get you to a running app faster and with less effort than the others. 

I could be a genius at x86 assembler and write an app that is faster and more efficient (althoug it would only be capable of doing 1 thing) than the exact same app written in java. the java app however would take less time to write, and it would have more features, and it would be able to run on x86, x64, i64, sparc and mobile devices.

the reason for all this is that as hardware changes (monitor memory now is capable of storing more than 80 characters) the way we program them changes.  as hardware gets more advanced, the code to program it gets more advance, and as that happens the way we write it changes.

vi was great on a little operating system at&t made a long time ago, when sh was the only shell around, and there was no windowing environments, and things were written in c.

when you're working w/ large frameworks, large code bases, and complex conceptual specs, a simple text editor will be like walking to the destination.  it will be like using a very fast app that does 1 thing really good.  unfortunately, the needs of the developer have moved far beyond being able to type letters into a buffer, or be able to run macro's in a text editor to search and replace any occurance of "foo."

if all you're doing is modifying a few lines of an existing application (or script as folks like to call php applications) on the remote server, ssh'ing into the box & using vi to edit the file on the drive, I'll agree that that is a better solution than ftping it to your local box, opening eclipse to change 2 lines of code, the ftping it back to the server only to repeat that process several times to fix what you're trying to do.

if your writing a forum system like punbb I dont think that using vi on the remote box is the best solution.  having a local server / database, and using something like phpedit or zend studio (mmm debugger), or dreamweaver would be faster and more efficient than vi.

when I was in school all I used was vi or emacs.  I wasnt writing huge amounts of code, nor things that required short timelines to develop large apps.  it was a good tool for that.

seeing as how we're talking about little php scripts that probably arent object oriented, and dont do more than generate some little html files, I dont think it matters much if at all.

211

(114 replies, posted in Programming)

deadram wrote:

So you would like bloated software? I like 5 commands to filter out all the junk of that 12Gig into 5Gig

the 12 gig file was the filtered data.  what to do then?

deadram wrote:

Why waste all that CPU on things your not going to use in that session, when your computer could be doing other, more important things; like archiving porn off the web automagically, and rotating each of your 10 virtual desktops to display the images, while hosting a website, calculating the rating to give to you music collection based on your interactions with your music player, reading you an e-book, botting 10 games, building a C++ app, and calculating the relative position of the moon to the sun in 2 billion years, all whilest your writing your latest addition to your php script on less then 1Gig of ram, and not even using 50% of your 3Gig CPU... ;p

because I can do all that w/ out taking up 25% of my system resources.  because there have been great strides in software that increases productivity.  Im not trying to do a "vi 1337" conversation.  I use both linux and window, vi and visual studio, because thats my job.  I'm not just a hobbyist developer; folks pay me quite a bit to do what I do, and not saying that for any other reason but that if I were paying someone quite a bit of cash, I'd expect their output to be substantial.  If you look at the time it takes to do end to end production: from system analysis to maintenance cycles, using tools like photoshop, vmware, visual studio or eclipse, sparx or any of the other products blacklisted in your last post, then compare how long it takes for that cycle to evolve using notepad, and a compiler, you'll see that development time is exponentially more with the "non-tools."  vi has no built in case tools.  it cant template out entire projects.  it doesnt have code insite into code my team has written--if bob wrote some library and added documentation to that object, can vi give me a list of methods available on an object and display what those methods were meant to do? no it does not, so I'd have to open up the source code to those files and dig through to find out what it was intended to do.

I'm not trying to say anyone sucks for using editors like emacs or vi.  they have their place, and I know quite a bit of people who'd rather use them than tools that do so much more.  I'm just pointing out that for enterprise application development, your clients are going to spend way more money on your development, or you're going to loose more money because it takes you longer to code your application, if you use a plain text editor.

that is all.


http://sanity-free.org/misc/vi-emacs-final.png

212

(114 replies, posted in Programming)

deadram wrote:

VS takes ~way~ to long to parse lines of code, or load header (for it's auto-completion), and has serious issues with updating/timestamping resources durring a build (I think I had v2004 or something though).

really odd that you say that.  wednesday I was trying to diagnose a problem we were having at work.  we have a query that takes about 5 hours to run, returns some 3-400 thousand records that are sent via xml (for each record) 200 records at a time to a solr search engine.  well, when the update completed, instead of having the complete set of data it would have about 200 less records than it should have.  so to find the problem, I logged every record sent to the search engine to a file.  that file ended up in the realm of about 12 gig.  I physically could not open it in any other editor.  I could view it w/ head / tail and more, but anything else bombed.  oddly enough, it loaded right up (seconds) into visual studio and I was able to scroll up and down the file as if it were 12k...  so I'm perplexed as to how anything smaller than a 12 gig log file would take an editor so long to load.

as for the time it takes for loading autocompletion, that again has me wondering.

my typical week consists of working on SOLR (my least favorite part of the job.  it runs on linux, and I use vi to update its java code base as the server doesnt have X11 installed so I cant use a GUI editor), an update windows service that post data to that server, which is written in .NET. and use eclipse for other random things we do.  not a week goes by that I'm not using one of these different editors, and given the consistency in working w/ the different variety of editors, I can get a lot more done in eclipse and visual studio than anyone could in vi, simply because so much of the code is generated with the editor, if its not generated, its typed out for me as I code w/ the intellisense / code completion.

anyone who'd prefer vi over visual studio or eclipse either 1. cant afford good development software, 2. cant afford a decent computer made in the last 5 years 3. has a lot of time to kill, 4. still programs in cobol, 5. is out of a job, or 6. is locked away in a mental institution and does programming for therapy.

deadram wrote:

Plus the overhead of 3 blue screen a week... and windows...

sounds like somethings not configured right.  if you're getting 3 blue screens a week, anything could seem like it takes forever to load, and might seem unstable.


I dont do any php professionally (the idiots I work with thing C# is the end all of programming languages and would rather develop web apps in that bloated crappy web technology than a fast clean php) but I like zend studio at home.  then again I have a super computer at home so there isnt anything on the market that could slow this thing down (even swing or SWT).

213

(2 replies, posted in General discussion)

mmm free pron. 


thanks for sharing dude.  that was awfully kind of you to come tell folks here.


perhaps this is some sort of new promotion ploy.  "Free port! the spammers are running wyld!"

214

(114 replies, posted in Programming)

I spend most of my day in some form of visual studio (edit: actually I do spend some time in front of an ssh terminal in vi, but thats not a whole lot).  I've done development in vi and would have to find a tall building to jump off of if I ever had to go back to that as my primary editor.

IMO codegen / refactoring  of eclipse is beyond compare.  same goes for visual studio 2005.

while I certainly could code w/ a plain text editor, its a big waste of time and money (money they'd pay me to hand code everything).

If I have to type more than 2 keystrokes for function, types, namespaces, variables or anything else, I get cranky.  if I had to do a normal text editor, I'd guarentee nothing would be more than 3 letters long.

215

(114 replies, posted in Programming)

unix tabs are like short cut keys to set margins.  I predate the 8088.  my father has been a programmer since before I was born.  It was always fun when I was younger to go to his office and see those univac computers that filled enormous rooms with the big desk sized terminal.

216

(114 replies, posted in Programming)

back when computers were run off of tape and card stacks, when rooms filled with "computers" had less computing power than your typical automatically flushing toilet, people had keyboards that didnt have things like capital letters (complete alphabets) shift or tab keys.  this was back when std out was a printer, or one of these new TV things called a "monitor" and all you had to look at was text, std IO only had enough memory to buffer 80 characters per line and folks used to have to set their margins using special keystrokes which some refer to as unix tabs.

believe it or not there are people from 80 years ago who learned how to program their punch card stack using this type of a word processor, and are way to mentally challenged to learn what this "graphical user interface" thing is all about.  these are folks who run the original BSD unix operating system on their brand new 8088 and think that people who use this new wannabe unix "linux" or "M$" as they term it, operating system, is are bunch of pansies.  they are much too hard core to use an editor concieved or written in the last 20 years and require "unix tabs" so that they can set their margins the same way they've been doing it for the past 50 years.

I was looking at project management apps tonight and came across this one:

http://www.basecamphq.com/forum/

they do recomend putting the config.php file above a publicly visible folder and creating a link to that file where its needed.  since php is preprocessed when requested through the webserver, the file will be parsed regardless, and if they can list the contents of a file, they can get the contents of a linked file as well.

I run a nightly cron job that backs up the databse and compresses it and emails it to me.  thats a pretty fail proof solution for me since my site doesnt get any traffic big_smile

219

(6 replies, posted in Programming)

doesnt matter as long as its registered correctly.

220

(25 replies, posted in General discussion)

thats a pretty grim outlook there elbekko.  guess you've never been fortunate enough to have somebody you care about die.  when it happens, I'm sure you'll see why folks want closure on things.

221

(25 replies, posted in General discussion)

when my brother died 2 years ago I was devastated.  he was my brother, family, somebody I knew and loved.  the reason people are making a fuss about steve and not about other people who died is because they've watched him to the point where they feel they know him.  he may have been a part of our lives like (while it may be sad to say) my brother was to mine.  people die every day, but since we dont know them it doesnt effect us.  thats all.

death is sad.  though its the only thing we're guaranteed of. he did live his life to fullest.  to be known and adored by the world like he was was a testiment to the kind of person he was.

222

(114 replies, posted in Programming)

elbekko wrote:
MadHatter wrote:

the only thing that annoys me about dreamweaver is their intellisense/code insite/code complete (whatever you want to call it).  when I type something, the hint list drops down, and I always use the wheel mouse to scroll up and down the list.  w/ dw, it scrolls the page and leaves the drop down list at the original x/y location on the screen (doesnt scroll the list at all)

You can turn that off tho. And just call it with CTRL+Space when you need it. I just love the function tooltips etc, as I tend to forget the order of the arguments =/ It's syntax highlight is lovely too, but that might just be me being used to it, no idea...

yea control+space is how most code completion lists are brought up (and the reason why most of my code is misspelled:D), but where do I modify the setting for wheel mouse scrolling (so that it scrolls the list not the window)?

223

(25 replies, posted in General discussion)

somehow that doesnt surprise me a bit.

224

(7 replies, posted in Programming)

mysql is not an OS.  it is also file based (as 99.9% of rdbms are. bamboo prevalence being one of the only ones I've heard of thats not).  the difference is that mysql has a larger feature set than sqlite, and can be used remotely.  you can embed mysql into an app but the most common usage is to have a stand alone server and connect over the wire to it.  sqlite doesnt have the network layer, so its used directly like you would w/ an embedded mysql.

there are several reasons why mysql would be better, one of which is more for the hosting company & performance of your web site.  since the db takes system resources to work, distributing that piece helps lighten the load on the webserver, allowing them to put more sites on a single server.  they can then distribute the database (across multiple machines even) to help distribute the workload.

using sqlite is good when your hosting company doesnt provide you with a database (or you're too cheap to buy the package that has atleast one).  with the amount of processing the databases that pun (or most pre-canned websites) use, sqlite would likely be more than enough to run the show.

225

(25 replies, posted in General discussion)

my wife and mother-in-law are / were big fans.

very sad for his wife & kids.  I cant imagine mine growing up w/ out me... then again, I'm not constantly putting myself in harms way nor am I a big fan of animals that see me as a source of food.

he was very entertaining to watch. RIP m8.