Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×

Comment Re:I didn't read the whole thing (Score 1) 102

by Harik (#33864980) Attached to: Building the Realtime User Experience

Ugh, don't say 'pixel perfect', I utterly despise pixel-perfect designs. What DPI? 100? 80? 120? 600 for print?

pixel-perfect designs that break when I set a minimum font size are obnoxious as hell, when I have to select text that flows under other elements and paste it somewhere to read it. Ugh. Seriously, don't even think about giving designers that kind of control until they've proven themselves able to design for something other than their own monitor.

Comment Re:Forget the self-advertisement, it's a real issu (Score 1) 488

by Harik (#33641578) Attached to: Linux Kernel Exploit Busily Rooting 64-Bit Machines

Well, for one both the exploit and the detector are broken by default - it's looking for per_cpu__current_task for >=2.6.30 kernels and not every kernel has that - it's just 'current_task' on 2.6.36-rc4. Turn off that check and both the detector and exploit work. Ignoring the l33+, the important bits are the shellcode and any remnants of the exploit when run.

The exploit itself is trivial to understand - compat_alloc_user_space() didn't check the bounds, and one user didn't properly handle the checking first.

Here's the actual exploit:
getsockopt(7, SOL_IP, MCAST_MSFILTER, 0x804b4a0, 0x804b8a8) = -1 EFAULT (Bad address)
and a quick glance at net/compat.c shows that no check is made on optlen. The rest is just stack-trashing and shellcode,
your basic exploit.
Advertising

Anti-Product Placement For Negative Branding 130

Posted by samzenpus from the touch-of-death dept.
An anonymous reader writes "Product placement to promote your brand just isn't enough any more. These days, apparently, some companies are resorting to anti-product placement in order to get competitors' products in the hands of 'anti-stars.' The key example being Snooki from Jersey Shore, who supposedly is being sent handbags by companies... but the bags being sent are of competitors' handbags as a way to avoid Snooki carrying their own handbag, and thus potentially damaging their brand."

Comment Re:If it comes out and works well (Score 1) 273

by Harik (#33403352) Attached to: Native ZFS Is Coming To Linux Next Month

He asked when you could do the equivilant of rm /bin/rm - which you can't in windows. Although I'm not entirely sure that's a filesystem thing, it's a VFS layer thing where an open is an automatic exclusive read lock.

Which is why you get the ridiculous volume shadow copy bullshit and forced reboots to update anything.
Role Playing (Games)

Dungeon Siege III Being Developed by Obsidian 84

Posted by Soulskill from the hack-and-slash dept.
Square Enix has announced that it will be publishing Dungeon Siege III, which is in development at Obsidian Entertainment, makers of Alpha Protocol, Neverwinter Nights 2, and the as yet unfinished Fallout: New Vegas. Obsidian will be receiving input from Gas Powered Games, the developer behind the first two installments in the Dungeon Siege series. No release date has been set, but the game is planned for the PC, PS3, and Xbox 360, and it will include a co-op mode.

Comment Not even released in the US (Score 1) 634

by Harik (#31396728) Attached to: Ubisoft's Authentication Servers Go Down

Assassin's Creed 2 on PC has a confirmed release date on Tuesday 09 March 2010. It is 1 days left until you can play Assassin's Creed 2 on your PC in the USA. View below for more Assassin's Creed 2 release date details.

For US gamers, it's not even out yet, so the only people playing in the US have illicit copies in one way or another.

Comment Re:hugo... (Score 1) 335

by Harik (#31367856) Attached to: Venezuela Bans Hostile Videogames and Toys

So we should allow censorship because of your anecdotal evidence about your nephew-in-law? Thanks, but no thanks.

I flatly refuse to accept that what we watch does not affect us. Movies like Saw and Hostel simply cannot be psychologically inert, the content is just too potent.

Yeah, and I flatly believe that you're qualified to tie your own shoes, much less determine what other people can and cannot do.

Comment Re:No, Learn C++ (Score 1) 396

by Harik (#31256956) Attached to: What Knowledge Gaps Do Self-Taught Programmers Generally Have?

I've always found that testing was simpler when you could outright reject so many bad usages of methods at compile-time.

Maybe you're testing the wrong thing?

First, why do you need to see what happens when you call a method the wrong way? Call it the right way.

Now, how do you know you're calling it the right way, if you don't have a compiler or IDE telling you so? Because you test the point at which you're calling it.

In other words, test the behavior you actually expect, which is more or less the same kinds of tests you'd do in a strictly-typed language anyway. Ignore types. If there's a type issue, it should throw an exception at some point during testing. If it doesn't, your tests aren't thorough enough and you're going to be bitten, sooner or later, by another, non-type-related issue.

See, that's the exact problem, I reject the concept of testing code via an audit of all it's callers. You can't test a future callsite when you write your code now, especially when it may be someone else doing it. Yes, you can throw a runtime error, but then the same guy who used your interface incorrectly ALSO has to handle an exception correctly, and you're asking a lot of a junior programmer doing piddly work. In a typed language, it's impossible to get a method you're not explicitly expecting (and can test for).

I'd honestly be happier without a lot of the boilerplate in C++ (and doubly so in java!), but at the same time I don't want someone accidentally sending an object representing the database table of employees to the network.Serialize() method because they used a CamelCase variable name instead of an lower_underscores somewhere. It gets doubly bad when it's in an unlikely error handler that they didn't test properly - I don't want the validity of MY code depending on someone else implementing their tests perfectly, that's the antithesis of encapsulation.

Comment Re:No, Learn C++ (Score 1) 396

by Harik (#31241264) Attached to: What Knowledge Gaps Do Self-Taught Programmers Generally Have?

I prefer static types,

I guess the next question is, how much real work have you done in a dynamically-typed lanugage?

Mostly cleanup of other people's work. Most of my work is in systems or embedded level, and as you pointed out below, that's not something you can generally throw 10x the hardware at. I'm most fluent in the C-syntax languages (C, C++, Java, PHP which is... well, PHP), although I've hit a good chunk of the procedural languages over the years (Python, ruby, lisp being the big names).

Is sendmail.cf considered turing complete? :)

it's a serious PITA to hunt down every caller and see what types they can possibly call the broken method with.

Why would you want to? This is why I ask what work you've done -- I can't recall ever, in all the Ruby or Javascript work I've done, seeing a method called with the wrong type, or wondering what type a method should be (or is being) called with.

And I was doing crazier things than you seem to be suggesting -- in JavaScript, I can quite literally pull a method out of one object and insert it into another object, on the fly. Yet somehow, proper design meant I never had type issues.

It's probably because most of my work on dynamically typed languages are when someone DIDN'T properly design, and I get to fix it. Or more commonly, someone did design it properly, but they went on to bigger and better things, and someone else made some changes that seemed to work, until another piece somewhere else came online and.... The normal bitrot you see on projects.

Runtime typechecking is more accurately "crashtime type checking",

Or, if you've done your job right, test-time checking. Static type checking could be seen as a subset of unit testing.

"testing" gets pre-empted by "deadlines". You don't get called in to panic-bugfix a system when they implemented "testing" properly.

I see more usage of dynamic typing in webwork than anywhere else.

I think that has to do with two things -- the need to get to market first, and the choice of hardware platform. If you wrote a new video game in Ruby, and your competitors used C++, your framerate would suck relative to theirs, and you can't exactly tell your users to buy ten times the hardware to make up for it. But if you wrote a new webapp in Ruby, and your competitors used C++, you'll hit the market before they have a working prototype, and you can buy ten times the hardware if you need to.

That honestly depends on a lot of things, I wouldn't write a 3d rendering engine in ruby, but it might be the right call for the slower-paced scripting of game events. Right tool for the job and all that. Back to dynamic typing - what's a specific thing that you can do (in a well-designed system) with a dynamic type that you can't do with polymorphism or templating? I've always found that testing was simpler when you could outright reject so many bad usages of methods at compile-time.

Comment Re:No, Learn C++ (Score 1) 396

by Harik (#31208916) Attached to: What Knowledge Gaps Do Self-Taught Programmers Generally Have?

I prefer static types, because when I deal with a project in maintenence mode it's a serious PITA to hunt down every caller and see what types they can possibly call the broken method with.

Runtime typechecking is more accurately "crashtime type checking", good luck managing to keep a system completely operational after you throw an exception deep within a legacy library.

I suppose it depends on what you're doing, I see more usage of dynamic typing in webwork than anywhere else.

Comment Re:It's all stuff that ships with Linux (Score 1) 356

by Harik (#31103330) Attached to: The Hidden Treasures of Sysinternals

And it wouldn't hurt the users to become carpenters and build their own houses, and farmers and grow their own food, and mechanics and fix their own car, and programmers to write their own software, and actors to star in their own plays, and lawyers to argue their own cases, and neurosurgeons to perform brain surgury on themselves, and pilots to fly themselves....

It's an idiotic statement when used for any other profession, patently ridiculous when applied to everything at once, yet strangely common among computer geeks. Why? "Because I know it" is an invalid answer for anyone who is not perfect at every possible profession.

Why is it SO IMPORTANT that every machine have these tools so that you, the hotshot computer guy who knows everything about windows (HAH!) can avoid having to keep a USB stick on your keychain?

Slashdot Top Deals

One small step for man, one giant stumble for mankind.

Close