There are so many security issues being unveiled that at this point one might wonder if Rails 4 (and a complete redesign) may not be the way to fix the security issues.
Maybe also, if ruby programmers learned to program (instead of doing banana driven lingo development) or committed suicide throwing themselves from a cliff (along with PHP developers) (like lemmings) we could also have a boring yet more secured internet.
I am voiceless: why would the f*ck would someone loose such that much time on a trivial, yet annoying task?
That is the first lesson you have in assembly language: program in assembly language, then in C because it spares you the time (and the mistakes involved in the process) to do such a thing.
Thousands of men year efforts and wisdom ruined in a post, showing how people have too much time on their hands, and so few imaginations (well he could have written something interesting on how to display p0rn pictures in ASCII art at least).
Having spent my years climbing up and down the ladder of abstraction, I think your analysis is way off the mark. This is a great way to learn how ELF works (and binaries in general), learn how machine code is formed, etc. Is it an actually 'useful' task, that produces a useful end product? Yes: knowledge. Knowledge that isn't easy to acquire.
You won't ever do this in the Real World (TM), but it's a fantastic way to get into things.
I studied physics, and I learnt actual programming and assembly language: I actually did this in the real world!
What do you learn in Computer Science then?!
Gibbering useless concepts that makes you non-sensical experts in the field of not delivering your software neither in time, nor in the frame of the specification? Or just
in the unlikely case that your question is sincere, this article on wikipedia touches lightly upon some of daeken's "real world" contributions: https://en.wikipedia.org/wiki/Cody_Brocious
Indeed. He's telling us much more about himself than he is anything relevant to the article.
If you see nothing but a huge waste of time in this post, you're probably on the wrong site. HN in its prime would have really pissed you off, no doubt...
Well it is a known QA practice: never base incentive on metrics or people will cheat one way or another with the metrics.
If your dev have a prime based on SLA or tickets solved guess what? You are giving them an incentive to cheat. You will have nice figures to show your investors, ypur stock options' values will raise and coder will be better paid. Everyone is happy, who cares about the truth, the unfairness, the lie. This is just mis placed moral.
Stats that can be tricked are the prozac of our society. It make the metrics describing a situation improve with mutual benefits for (almost) all the stakeholders.
Who cares about the customers or minorities anyway? I mean not on the paper but honestly?
You really want to play with physics/math with ECMA 262? O_O (hint JS knows nothing of integers)
Floats are way to slow (and faulty when div/mul are called) compared to int to do anything serious.
All 3D engines tricks are about doing complex math with integers (EDIT: or other tricks http://en.wikipedia.org/wiki/Fast_inverse_square_root#Overvi...)
Why would you post a link to an example using floats then? I mean sure, part of the trick involves treating the float as an integer but the number is still meant to be interpreted as a float.
Your assumptions about speed might be true for something like a Nintendo DS which doesn't have a floating point unit but a 3DS does, a vectorised one no less. Also in Javascript integers that can fit into 32 bits are actually integers nowadays.
All in all, I believe your information is outdated.
Not to mention that most modern games and physics engines all use floating point numbers these days. We're not in the 90's anymore - gpu's all support floats natively and are very fast at processing them, cpu floating point units are as fast as integer units, SIMD (eg SSE) supports fast floats and doubles. There's really no reason to avoid floats unless you're doing something very very special (hint: if you're arguing about these things, you're probably not).
Havok, Bullet, PysX - as far as I know they all use floats.
Well, I would discourage playing with math if accuracy was important.
Just open firebug and multiply
>>> 10*1.1198
11.197999999999999
This limitation is intrinsic to IEEE 754, and no alternative are in the pipe (IEEE854 seems stalled).
I have been working for the web ads industry and canvases were pretty disappointing in terms of performance when the number of sprites were growing up.
The funnier part was the inconsistency in result amongst the browsers.
So simulate as much as you want, just don't expect to beat flash or native client in terms of performance...
But for physics, that result is great! An inaccuracy of just one part in 10^12 would be better than practically every physics experiment ever performed. That's like being off by the size of an atom when measuring the distance from LA to New York. (I'm speaking as a physicist rather than as a programmer here, mind you. But my limited experience programming physics would suggest that this is a perfectly acceptable level of error.)
You're totally correct. And honestly, when you're doing numerical simulation like I am in the article, your error stems from the fact that you're only simulating 40 steps a second with only a first-degree solver.
Simulating physics for realsies takes a lot more than that.
The solver algorithm I used is called Euler's method, or ODE1 for short. It's the least accurate numerical ODE solver there is! When people do real physics simulations they use the Runge-Kutta (ODE45) or Adams-Bashforth-Moutlon (ODE113) solves, and they'll have 100,000 steps per second.
So while it's important to be cognizant of these things, it's also best not to stress to much about what's going on in the first of a series of educational articles :)
Unless you have a sensitivity to the initial conditions, hence you have a chaotic system. Which happens as fast as n body interactions in a gravitational field (but how many bodies/iterations do you need, which initial conditions makes the error a problem?)
But as I stated earlier, I think I have to check first because I am not that convinced any more on the performance point of view that JS has a problem, and float representation is not a JS problem, but a problem global to all CPUs.
Well it can be more than 10^-12 sometimes and the problem is not in physics but in trading when errors stack up. That's why I prefer when e-commerce solutions are based on fixed point arithmetic.
Even though canvases are still not homogeneous in terms of performance from browsers to browsers, some works fairly well.
Right, chaotic behavior is a valid issue. But in any realistic situation, you'll have lots of effects that inevitably get left out of simulations that contribute larger perturbations/errors than this rounding error would. (Heck, I suspect that even the thermal motion of the individual atoms in an object would have a larger effect.)
So no simulation will ever get exactly the "right" answer at that level. For practical purposes, all we care about is getting an answer that's within the ensemble of reasonable outcomes for initial conditions like ours.
These articles are not about developing video games or getting performance. They're about learning physics through a common language that most developers know: Javascript. It's ok that it won't beat flash or native client. It never intended to.
If you can read an article, understand what's going on and immediately open up Firebug and start playing with the equations, then Javascript has cut out 10 unnecessary steps (buying Flash, installing, learning actionscript, etc) or your path to playing with physics and numerical models!
All that happened there is you entered your factors in a strange base (albeit the same one the output humors you with) and then didn't like the appearance of the answer.
Are any jailbreaked iphones with privacy patches installed being leaked?
Xhi2 analysis is not only about what triggers the correlation, what does not trigger the correlation is also important.
My guess is jailbreaked are underrepresented in leaked UDID either because jailbreak is shielding users or because users able to install a jailbreak are more aware of computer security issues. Regular Iphone are cell phones remotely controled by a 3rd party, jailbreaked iphones are computers you control.
I am no paranoid freak, I am just a regular sysadmin with a pretty low security awareness.
because if you are really a coder you prefer negative feedbacks than a false confidence. Even though it is yet socially unacceptable, social rules are stupids.
You cannot earn any glory in publishing your code if people don't tell the truth. To be pleased by one «I love what you do», you should ready yourself to get a couple of «you are doing crap». Coders are not expected to publish good code at first, they are expected to improve their work through sincere feedbacks. That is our culture.
Social norms are unproductive when it comes to work in cooperation.
The fact that Asperger (sociopaths) are 10 times more prevalent in coding expertise might not help.
Excellency in coding is an aristocracy that needs no excuses and don't fear critics. You shall not fear the fight if you believe in your creation, because good design can stand the assault of the best criticisms.
Social norms are only their to protect a hierarchy of status. Truth protect the hierarchy of competence.
If you are just a hipster searching for a social status based on consensus then flee for this is war against you. THIS IS SPARTA!!!!!
The fact that Asperger (sociopaths) are 10 times more prevalent in coding expertise might not help.
This is not an accurate characterization of Asperger syndrome or the hacker community. Wikipedia offers the following definition:
Sociopathy is the result of social conditioning which leads to a lack of natural human values. It refers strictly to a social condition where a person knows, yet has been socially conditioned to disregard, the intrinsic human values which are believed to be universal.
The somewhat similar characteristic of Asperger syndrome is a lack of demonstrated empathy. In the case of a harsh review of someone's project, this could manifest as statements that are accurate from the author's perspective but do not take in to consideration how they might make the reader feel. I don't think being blunt in a review is a sign of disregarding universal intrinsic human values.
Well, I like to exaggerate a little bit. Especially since sociopathy/asperger are rather ill defined. So discard all my remarks as pure troll (don't feed the troll :).
The real point is there are no truly acceptable positive feedbacks if one does not equally express negative feedbacks.
So ... one should not whine for getting flamed even if it is socially unacceptable to discard all this work because that's the path for improving...and later maybe getting praised.
Where are your pointers, ASM registers in js? The claim you could inject arbitrary code from JS into your memory and make it executable from user space (not talking of the cross platform issue (BSD,linux, windows, MACOSX) would just be the end of JS.
How can you even accept the claim that it can be doable. Be real. This news is like an april's fool in july.
As Raymond Chen would put it, though, "that would involve being on the other side of this airtight hatchway"[1]. While it's occasionally possible to execute native code from Javascript due to browser bugs, such bugs are uncommon, and are in any case quite separate from the CPU bug that this exploit claims to target.
well, figure that if it were true, Java, python, Perl, c# are useless tools for delivering cross x86 OS code. (I just develop a side effect of the claim one can inject some code in memory bypassing all the HW/OS control).
Why God these stupid Larry Wall, GvR, MS, Sun, Google, linus torvalds lost their time trying to achieve what a JS code can do in less than 1000 lines?
How can I believe a code I can read and that is obviously a fraud would through the sheer power of obfuscated unused strings become such a revolution in the world of CS?
Plus, I have no demonstration nor readable documents to back up the claims of this so called genius.
Science is accepting what you can understand and reproduce. Not being impressed by obfuscated crap.
I have no doubt this is a mystification, and I don't trust blindly what is written on the internet. I still have a brain.
The exploit described in stackoverflow, works only for IE and a version of windows where the memory addresses are not randomized (which most modern OS do have (http://en.wikipedia.org/wiki/Address_space_layout_randomizat...) , and where calc.exe is installed (so windows + IE probably).
Hint MOV + JMP are made @ fixed address.
If the code showed is not an hoax (which I highly doubt) it would imply :
1) a specific browser (to break the gate of OS control on memory/permission by using a buffer overflow) and I don't see at first glance a buffer overflow (but let's imagine it exists),
2) a specific old OS (windows 98 or XP maybe) (for having a predictable address to which to inject the shell code)(I can't imagine an ASM code doing base of registry scanning in less than 4k to get an address of a peculiar exec/lib);
3) since it is based on specific 64bits alignment problem and since there are 32bits legacy application) it would target only the 64bits version
This makes the threat looks more like ripples in a glass of water than the tsunami that was announced.
Basically this (if it is not the hoax I think it is) would be just an exploit of a specific browser in 64bits version on a specific OS. It is not a JS exploit, it is a very specific browser name on OS name exploit in 64bits. So to say ... the whole day life in the world of software.
> The claim you could inject arbitrary code from JS into your memory and make it executable from user space (not talking of the cross platform issue (BSD,linux, windows, MACOSX) would just be the end of JS.
> How can you even accept the claim that it can be doable.
Isn't exactly this how most/all heap spray js exploits work?
I wouldn't be so quick to dismiss the concept of this bug, even though the "poc" presented here is bogus.
I saw this in the morning on my phone with a tiny screen. I couldn't read it properly but figured that since it already had so many votes up, it must be legit, therefore important. So I hit the upvote button too. I know, I'm an idiot! :-D My apologies for playing a part in pushing this up.
I'm more amazed you think you're so brilliant but you don't understand how Hacker News works. People vote up stuff they find interesting, not stuff they know 100% is the truth so-help-you-god.
People think this is interesting. I voted it up. I have no idea if it's true. I don't think a up-vote has ever been code for "also, this is 100% true"
Well, upvoting means I think it is interesting. You usually dont upvote hoaxes I hope (especially the unfunny one).
This is clearly an hoax in the first form (JS exploit).
At most (if real) it is just an exploit of a specific browser (version) on a specific OS. If you go on «hacker» news, I am very surprised you have no IT culture. I suggest you should read http://www.newsoftheworld.co.uk/ if you want untrustworthy sensational news, and consider not upvoting when you are clueless on a topic.
Less noise, more signal is a very old hacker motto. You obviously don't get it.
Maybe also, if ruby programmers learned to program (instead of doing banana driven lingo development) or committed suicide throwing themselves from a cliff (along with PHP developers) (like lemmings) we could also have a boring yet more secured internet.