←2009-01-14 2009-01-15 2009-01-16→ ↑2009 ↑all
00:04:05 <oklopol> oooooooooooooooooooooooooooooooo
00:10:42 <psygnisfive> hey
02:07:52 -!- MizardX has quit ("Blue squares floting about...").
02:10:11 -!- oerjan has quit ("leaving").
02:11:52 -!- MizardX has joined.
04:16:13 -!- CakeProphet has joined.
06:58:46 -!- Slereah has joined.
07:10:10 -!- Slereah_ has quit (Read error: 110 (Connection timed out)).
07:18:06 -!- FireFly has joined.
07:59:59 -!- clog has quit (ended).
08:00:00 -!- clog has joined.
08:03:34 -!- FireFly has quit ("Later").
08:59:58 -!- lament has quit (kornbluth.freenode.net irc.freenode.net).
09:00:22 -!- lament has joined.
09:00:59 <AnMaster> ehird, how did the OO stuff work out?
09:01:31 -!- oklopol has quit (Read error: 110 (Connection timed out)).
10:18:27 -!- jix has joined.
10:25:35 -!- ais523 has joined.
12:14:18 -!- CakeProphet has quit ("lol").
12:17:35 -!- oerjan has joined.
13:17:11 <ais523> hi oerjan
13:17:28 <ais523> (if anyone claims I'm an hour late on that, I'll mumble something about time zones, or DST, or something.)
13:17:41 <oerjan> time dilation. works for me.
13:17:43 <oerjan> and hi
13:18:07 <ais523> grr... RL business is annoying
13:18:14 <ais523> especially when it involves VHDL
13:18:17 <ais523> even though I like VHDL
13:19:39 <oerjan> no, no, RL _business_ is annoying
13:19:53 <oerjan> accounting, cash flow problems, that sort of thing.
13:20:02 <ais523> hmm... I wonder if busyness is a real word?
13:20:09 <ais523> or if business is actually the way it's spelt
13:20:20 <ais523> but agreed, both meanings are pretty annoying
13:20:56 <oerjan> http://www.merriam-webster.com/dictionary/busyness has it
13:22:46 <oerjan> the entry on business claims it's archaic to use it to mean "busyness"
13:30:38 <fizzie> OED lists 'business': "I. State or quality of being busy. (Cf. the adj.) -- (These senses are all obs., but some of them occur as nonce-words with special spelling BUSYNESS, and trisyllabic pronunciation.)"
13:33:34 <ais523> \ul ((\ul )SaSaS(:^)S)((^ul )SaSaS(:^)S):^
13:33:52 <ais523> not that I expect that to run, gunfot isn't here
13:33:57 <ais523> but I still like looking at it
13:34:24 <AnMaster> hi ais523
13:34:31 <ais523> hi
13:49:55 -!- jix has quit ("Computer has gone to sleep").
13:52:47 -!- jix has joined.
14:00:48 -!- oerjan has quit ("leaving").
14:41:27 -!- Hiato has joined.
14:56:56 -!- Hiato has quit ("Leaving.").
15:08:16 <AnMaster> mysql_connect() Connects to a MySQL server (this function is deprecated; use mysql_real_connect() instead)
15:08:17 <AnMaster> heh
15:08:21 <AnMaster> interesting naming scheme
15:08:36 <AnMaster> what if they find out they need a third version of the call in the future?
15:09:05 <AnMaster> mysql_very_real_connect()? mysql_surreal_connect()?
15:09:11 <ais523> mysql_actually_connect_this_time
15:09:21 <AnMaster> heh
15:09:36 <ais523> what lang is that function in?
15:09:45 <AnMaster> ais523, The C API for mysql
15:09:56 <ais523> [CTCP] Received CTCP-PING reply from ehird: 1232032186 seconds.
15:09:58 <ais523> hi ehird
15:10:04 <ehird> hi ais523
15:10:07 <ais523> although something's up with that pingtime
15:10:09 <ehird> holy crap
15:10:12 <ehird> how did that happen
15:10:14 <ehird> did you ping me like hours ago?
15:10:18 <ehird> if so I was offline, and I guess my bouncer phailed at ponging
15:10:19 <ais523> no, that's more than hours
15:10:23 <ais523> that's years, or so
15:10:27 <ehird> ha
15:10:41 <ehird> probably my bouncer decided to play tricks with you
15:10:42 <ais523> I pinged you when offline, and got an away message
15:10:44 <AnMaster> ais523, oh btw postgres' API works better for this: PGconn *PQconnectdb(const char *conninfo); <-- conninfo is a key=value space separated options string
15:10:45 <ais523> AFAICT, when you came online your bouncer ponged me back, but with the wrong number
15:10:47 <ais523> somehow
15:10:48 -!- MigoMipo has joined.
15:10:57 <AnMaster> sqlite uses _v2 _v3 and so on
15:11:13 <ais523> AnMaster: key=value string isn't really very Cy
15:11:14 <ehird> anyway, my object system is >100 lines and it still doesn't work properly yet
15:11:17 <ais523> umm... C-ey
15:11:20 <ais523> or whatever
15:11:22 <ais523> C-like
15:11:29 <AnMaster> ais523, true, but easier to add new features too
15:11:30 <AnMaster> "MYSQL *mysql_real_connect(MYSQL *mysql, const char *host, const char *user, const char *passwd, const char *db, unsigned int port, const char *unix_socket, unsigned long client_flag)"
15:11:30 <ehird> basically, I have a tied hash that delegates to other objects, that you bless with a proxy object.
15:11:43 <ehird> <AnMaster> ais523, true, but easier to add new features too
15:11:50 <ehird> didn't berkley sockets teach you anything?
15:11:52 <ehird> structs
15:11:57 <AnMaster> ehird, yes I agree
15:12:16 <ehird> of course, berkeley sockets _is_ awful, but it is very C
15:12:44 <ehird> wow, I was tired while printf debugging yesterday
15:12:44 <ehird> print"yo, ... in da klub ;-)\n";
15:13:21 <ehird> btw, if you guys ever are coding perl
15:13:22 <ehird> and think
15:13:26 <ehird> "ooh, I could solve this with a tied hash nicely"
15:13:27 <ehird> just
15:13:28 <ehird> kill yourself
15:13:38 <ehird> it's way better than the alternative
15:14:37 -!- FireFly has joined.
15:14:41 <AnMaster> MySQL's C API make very little sense. Compared to PostgreSQL and SQLite APIs
15:14:53 <ehird> mysql makes little sense.
15:14:56 <ehird> sql makes little sense.
15:14:59 <ehird> the relational model makes little sense.
15:15:19 <AnMaster> ehird, agreed for the first. And well SQL does have problems, but I have yet to see something widespread that is better
15:15:33 <ehird> widespread is quite irrelevant.
15:15:40 <ehird> and SQL, amusingly, isn't even relational-model-sane.
15:15:46 <AnMaster> true it isn't
15:16:02 <ehird> http://en.wikipedia.org/wiki/Codd%27s_12_rules
15:16:12 <ehird> "that system must use its relational facilities (exclusively)"
15:16:14 <ehird> ding, mysql fails 1
15:16:22 <ehird> "All information in the database is to be represented in one and only one way, namely by values in column positions within rows of tables."
15:16:27 <ehird> ding, i'm almost certain mysql provides other ways
15:16:28 <ehird> 2
15:16:43 -!- KingOfKarlsruhe has joined.
15:16:57 <AnMaster> ehird, you mean like views?
15:16:58 <ehird> [[All views that are theoretically updatable must be updatable by the system. ]]
15:17:03 <ehird> I don't know if mysql does this
15:17:10 <ehird> sql probably does
15:17:15 <ehird> but, whatever
15:17:17 <ais523> nobody implements SQL
15:17:19 <ehird> sql isn't relational
15:17:21 <ehird> mysql less so
15:17:24 <ehird> ais523: no, these aren't SQL rules
15:17:27 <ehird> these are relational rules
15:17:27 <AnMaster> ehird, oh writable views, hm I know SQLite docs says it is one of the missing features in SQLite
15:17:30 <ehird> written by the guy who invented the model
15:17:40 <ehird> SQL fails a lot of thme
15:17:42 <ehird> MySQL fails even more
15:17:46 <AnMaster> indeed
15:17:49 <ehird> and the best part is that the relational model isn't even good
15:17:51 <ehird> they fail at failing,.
15:18:19 <AnMaster> what would be funny was if MySQL failed in a way that made it better than correct SQL. Sadly it doesn't do that
15:18:46 <AnMaster> oh the irony of missing irony
15:20:39 <AnMaster> <ehird> "All information in the database is to be represented in one and only one way, namely by values in column positions within rows of tables." <-- apart from views and stored procedures, the only way I could think of would be that the result can be fetched both by column position in the result and by column name
15:20:46 <AnMaster> in sql in general
15:20:56 <AnMaster> don't know if mysql provides other ways?
15:21:09 <AnMaster> s/?$//
15:29:17 -!- oklopol has joined.
15:31:00 -!- |MigoMipo| has joined.
15:31:29 -!- |MigoMipo| has quit (Client Quit).
15:34:46 -!- MigoMipo has quit (Read error: 110 (Connection timed out)).
15:46:56 -!- Slereah_ has joined.
15:59:21 <ehird> GRR
15:59:22 -!- Slereah has quit (Read error: 110 (Connection timed out)).
15:59:22 <ehird> A TARBOMB
15:59:30 * ehird considers writing a script that checks for tarbombs and contains them
15:59:37 <ais523> ehird: why didn't you untar it in a separate directory/
15:59:47 <ehird> because normally I assume people aren't bozo
15:59:48 <ehird> s
16:00:09 <ais523> ehird: that's often an unsafe assumption
16:00:16 <ehird> yes, but it keeps me sane
16:08:11 * ehird considers writing a lisp parser that mirrors the structure of the lisp it's parsing.
16:09:07 <ehird> LOL, someone complained that jquery's api docs don't work with noscript.
16:13:53 <jix> haha
16:14:19 <Slereah_> Tone down the nerd humor, I'm back
16:14:39 <ais523> ehird: why should the API docs require JavaScript to read?
16:14:43 <ais523> that's a valid complaint
16:14:53 <ais523> especially as I often load up API docs in w3m whilst programming
16:14:53 <ehird> ais523: it's a _javascript api_
16:15:03 <ehird> if you're programming something with javascript, you have javascript enabled to test it
16:15:10 <ais523> ehird: but that's in your test window
16:15:17 <ais523> it's not in your text editor window
16:15:22 <jix> the complaint is valid to a degree... but funny anyway
16:15:34 <ehird> ais523: it's a good thing the jquery api docs isn't text editor-integrated, then
16:16:09 <ais523> ehird: no, it isn't
16:16:19 <ehird> i meant for the example you gave.
16:16:19 <ais523> with most API docs, I can work around using a tabbed shell, or with Emacs
16:16:35 <ehird> also, I use a text editor to edit text, not look up apis,.
16:16:35 <ais523> I don't see why API docs should arbitrarily prevent themselves being loaded in a text editor
16:16:37 <ehird> or play tetris.
16:16:45 <ais523> ehird: well, I don't use my editor for Tetris
16:16:52 <ais523> but looking up APIs is a pretty sensible use for them
16:16:55 <ehird> someone does, because it's in the base distribution
16:16:58 <ais523> even Microsoft does that, with Intellisense
16:17:10 <ehird> "Microsoft does it" is not a way to convince me something is a good idea.
16:17:23 <ais523> I mean, pretty much every editor does nowadays
16:17:27 <ais523> even vi has syntax higlighting
16:17:37 <ais523> how is API lookup fundamentally different from syntax higlighting?
16:17:44 <ais523> it's one of the things needed when programming, unless you have a perfect memory
16:17:48 <ehird> vi does not have syntax highlighting, as far as I know.
16:17:49 <ehird> vim does.
16:17:53 <ais523> well, OK
16:18:00 <ehird> but vim is essentially emacs--
16:18:17 <ais523> but M-x man and M-x perldoc are commands I use all the time when programming
16:18:20 <ais523> depending on the language
16:18:21 <ehird> also, syntax highlighting is tied fundamentally to the editor
16:18:29 <ehird> API docs aren't
16:18:36 <ais523> ehird: they are very involved with the editor
16:18:44 <ais523> unless you like doing a lot of cut/paste/search, or retyping
16:18:59 <ais523> in the VHDL I'm editing atm, I type for and I get an entire generate-for statement template
16:19:03 <ais523> which in VHDL is not trivial to write by hand
16:19:06 <ehird> that's not an api document
16:19:08 <ehird> that's just snippets
16:19:11 <ais523> yes
16:19:15 <ais523> APIs are similar, though
16:19:17 <ehird> not really.
16:19:20 <ais523> you need to look up which argument's which
16:19:22 <ehird> i wonder why so many people apparently don't have a desktop environment
16:19:23 <ais523> if you can't remember
16:19:39 <ehird> which is, um, _designed_ for passing information between programs concurrently
16:19:57 <ais523> why pass the information when you can use it without passing?
16:20:05 <ais523> do you use the mouse for API lookups, by any chance?
16:20:26 <ehird> no, but I generally don't need API lookups
16:21:09 <ehird> also, I use the mouse for pinpointing both precise pieces on the screen that would be tedious to access with a keyboard, and large fuzzy areas which would also be tedious with a keyboard
16:21:17 <ehird> e.g., input field focusing, text selection, window selection
16:21:18 <ais523> with Mac OS X, I'm surprised that things like API lookups aren't integrated the same way as spell-checkers
16:21:28 <ehird> they probably are if you use xcode. I don't
16:21:48 <ais523> ehird: doesn't that make it silly for jquery's API to require JavaScript, then?
16:21:59 <ais523> what if I'm writing jquery-using code at home without Internet access?
16:22:07 <ehird> you download the api.
16:22:12 <ais523> does that require JS?
16:22:13 <ehird> docs
16:22:20 <ehird> ais523: it uses adobe air or some shit
16:22:25 <ehird> what I am saying is:
16:22:37 <ehird> it isn't bad for the _web version_ of a _javascript api's_ documentation to require javascript
16:22:45 <ais523> yes, it is
16:22:55 <ais523> it's bad for the web version of /anything/ to _require_ javascript if possible
16:23:00 <ais523> demonstrating JS, ok
16:23:09 <ais523> but other things should fallback gracefully, even if they're very JS-related
16:23:24 <ais523> would you think it bad for the web version of the Java API to require Java?
16:23:32 <ais523> (it doesn't, by the way)
16:23:39 <ehird> yes: java isn't inherently web based. jQuery is.
16:23:45 <flexo> in the real world javascript is available everywhere..
16:23:54 <ais523> ehird: I've written non-web-based computer games in JavaScript
16:24:01 <ehird> ais523: you wouldn't use jquery for it.
16:24:07 <ais523> which were entirely client side, and required copy and paste for saving
16:24:10 <ais523> and no, I wouldn't
16:24:17 <ais523> but that's just my personal preferences
16:24:17 <ehird> umm, entirely client side: so it used html?
16:24:20 <ais523> yep
16:24:27 <ehird> file:/// to an HTML counts as the web, imo.
16:24:41 <ais523> well, the lack of any CGI support influenced things somewhat
16:24:44 <ehird> flexo: yes, some people choose to castrate their browser because of their tin foil hats
16:24:47 <ais523> the web normally had that
16:24:54 <ais523> ehird: not just tin foil hats
16:25:06 <ais523> to avoid all sorts of annoying things that people normally use JS for is at least as valid a reason
16:25:23 <ehird> so stop going to those sites
16:25:32 <ehird> i don't know where this mass of annoying JS sites are, because I never come across them.
16:25:37 <flexo> same here
16:25:40 <ais523> ehird: do you use an ad-blocker?
16:25:47 <ehird> nope.
16:25:50 <ais523> pretty much any random non-tech news site will have annoying JS-based adverts
16:26:00 <ais523> apart from reputable ones
16:26:10 <flexo> how about using reputable ones then?
16:26:12 <ehird> most of the sites I go's ads are inconspicuous and ignorable. the ones that have annoying ones, I DON'T GO TO THOSE SITES!
16:26:22 <ehird> why would I go to a site that evidently has no respect for me at all?
16:26:24 <FireFly> The reputable ones has flash based ads instead
16:26:26 <ehird> i wouldn't.
16:26:34 <ais523> ehird: well, they may still have useful content, I just show no respect for them either
16:26:45 <ais523> printable versions, adblock, etc are fair game against them
16:27:02 <ehird> i can get the useful content somewhere that doesn't enjoy pounding me with a giant mass of ads
16:28:18 <ais523> can you always?
16:28:28 <ais523> the BancSTAR page has annoying JS ads, for instance
16:28:31 <ais523> and I don't know of any copies of it
16:28:52 <ehird> http://www.geocities.com/ResearchTriangle/Station/2266/tarpit/bancstar.html
16:28:53 <ehird> I see no ads.
16:29:07 <ais523> ehird: top-right
16:29:14 <ais523> your brain must have just got good at filtering them out
16:29:16 <ehird> Nope.
16:29:19 <ehird> You're hallucinating.
16:29:19 <ais523> either that, or your browser
16:29:28 <ais523> I can even send you a screenshot if you like
16:29:32 * ehird looks at html source.
16:29:43 <ehird> Okay, the ad uses <layer>.
16:29:49 <ehird> I guess it's so old Safari can't run it.
16:29:52 <ehird> That's fine by me.
16:30:20 * ais523 opens in Konqueror out of interest
16:30:35 <ais523> yep, no ad in Konq
16:30:48 <ais523> so it's a WebKit vs. Gecko/Trident thing
16:30:59 <ehird> Incidentally, I used to use an ad blocker. But the web looks nicer without it: tasteful ads are placed into page layouts in a way that makes it look like an odd unbalance if you block them.
16:31:00 <ais523> (I'm almost convinced the ad shows in IE, or they'd never have put it there)
16:33:13 <ehird> Is it just the regular geocities ad?
16:33:22 <ehird> If so, yeah, that's annoying. But it has a close button at the top,
16:34:48 <ehird> No pasting, not even "only one line" -- #perl topic
16:34:53 <ehird> what, you can't put single lines in #per
16:34:54 <ehird> l
16:35:14 <ehird> hmph, they even got rid of gumbyBRAIN. I liked that bot.
16:35:17 <ehird> #perl sux
16:37:36 -!- ais523 has quit (Read error: 104 (Connection reset by peer)).
16:39:33 <Ilari> And enabling Javascript is a security risk. Especially if you browse nonreputable sites or sites containing certain (very common) kinds of external ads...
16:40:22 -!- ais523 has joined.
16:40:44 <Ilari> Plus some sites do quite nasty-looking stuff with javascript.
16:41:02 <ehird> Ilari: 1) Don't go to those sites. 2) Really, like what?
16:41:26 <ehird> The only vaguely scary thing I have seen done with JS is aza raskin's socialhistory.js, and that's just a _bug_, really... plus it isn't even really practical
16:41:51 <ais523> ehird: unclosable websites?
16:42:11 <ehird> geez, do people here just browse serial key sites all day?
16:42:13 <ehird> that's really what it sounds like
16:42:39 <ais523> ehird: I'm thinking more malicious links
16:42:52 <ehird> lik
16:42:53 <ehird> e
16:44:22 -!- jix has quit (Read error: 104 (Connection reset by peer)).
16:44:36 <Ilari> And "Don't go to those sites" extends to sites like Youtube (selective javascript blocking capabilities of Noscript come handy there)?
16:44:46 <ais523> I don't go to Youtube at all
16:44:54 <ais523> I don't have Flash installed, for one
16:44:56 <ehird> Ilari: umm, what annoying things does youtube do with js?
16:45:29 <ais523> ehird: play videos
16:45:50 <ehird> ais523: we know you dislike youtube.
16:45:52 <ehird> I was asking Ilari.
16:46:07 <Ilari> ehird: Youtube was given as example where Javascript does bad things to security (even if you trust Youtube). Some other sites do annoying things with js.
16:46:18 <ehird> "bad things to security"?
16:46:24 <ehird> This vagueness is not very interesting
16:46:49 <ais523> ehird: pretty much any browser is less secure with Flash enabled than without
16:46:59 <ais523> cross-platform critical vulnerabilities pop up every now and then
16:47:05 <ais523> I'm not sure how this relates to JS, though
16:47:06 <ehird> Thannnk you. Go away. I'm talking about JavaScript. Stop talking about how much youtube sucks...
16:47:21 <Ilari> ais523: I don't have flash installed either... :-)
16:47:45 <ais523> tbh, I don't even miss YouTube
16:47:55 <ais523> I have a TV at home, but rarely use it
16:48:21 <ehird> Area Man Constantly Mentioning He Doesn't Have Flash Installed
16:48:30 -!- jix has joined.
16:49:04 <Ilari> s/Javascript does bad things to security/where having Javascript unconditionally enabled degrades security/
16:49:19 <ehird> Yes, I recall asking for examples...
16:49:23 <ehird> I also recall not getting them
16:49:45 <ais523> ehird: Clickjacking?
16:50:02 <ehird> Elaborate
16:50:11 <ais523> ehird: basically it consists of using JS and iframes
16:50:16 <jix> some website that does not use javascript has a bug that allows anyone to insert malicious content ... for example a javascript that makes you do something on that site (submit form whatever) that does harm to you in some way
16:50:34 <ais523> jix: no, not that, that's something else
16:50:40 <ehird> that's xss.
16:50:45 <ais523> although I agree that can be a problem, JS security normally avoids that nowadays
16:50:49 <ehird> xss is the fault of incompetent server-side developers
16:50:56 <ehird> who don't check for the origin of such requests
16:51:02 <ais523> ehird: you have to admit that XSS is blocked completely by turning off JS, though
16:51:12 <ehird> ...
16:51:21 <ehird> ais523: you can't get viruses if you turn off your computer!
16:51:24 <ais523> and yes, XSS is caused by incompetent website designers; but likewise, browser security holes are caused by incompetent browser designers
16:51:31 <ais523> you have to strike a balance somewhere
16:52:16 <ais523> hmm... irrelevant to the current argument, but http://www.kb.cert.org/vuls/id/836068 looks interesting
16:52:25 <ehird> old.
16:52:33 <ehird> Nobody competent has used md5 for years, anyway.
16:52:34 <Ilari> Combine external Javascript and nasty stuff JS can do (and I'm not talking about trying-to-run-malware-nasty), and it can get real nasty.
16:52:34 <ais523> well, that's within the last 3 weeks
16:52:50 <ais523> md5 has been known imperfect for a while, but that's the first practical exploitation of it I've seen
16:52:52 <ehird> your hypotheticals are amusing. are you unable to provide examples?
16:53:01 <ais523> ehird: well, I was going to explain clickjacking
16:53:24 <ais523> http://en.wikipedia.org/wiki/Clickjacking does it better than I could, though, probably
16:53:50 <ehird> ok, that's a browser bug
16:54:12 <ais523> ehird: in what way would you suggest modifying browsers to avoid it without losing functionality?
16:54:24 <ais523> also, I prefer not to assume my browser is 100% bugfree, even though it isn't IE
16:54:36 <ehird> not let sites interact with embedded pages on other sites
16:54:43 <ehird> this is already done to a large degree
16:54:54 <ehird> that's just another aspect that has to be stopped, simple enough...
16:55:34 <jix> ehird: how is clickjacking a browser bug
16:55:51 <ais523> ehird: also, I point out that JS adverts are exactly the sort of thing that might do that sort of thing
16:55:58 <ais523> in which case it isn't an "other site"
16:56:04 <ehird> jix: they allow a site to cause an interaction with an embedded component on another site in a way that hasn't been accounted for
16:56:11 <ais523> "another site"?
16:56:23 <ais523> what if it's an interaction between a website and its own adverts?
16:56:30 <ehird> cross-domain scripting rules.
16:56:32 <ais523> which are hosted there, but haven't been properly checked for security
16:56:37 <ais523> ehird: what do you mean cross-domain?
16:56:42 <ais523> "a website and its own adverts"
16:56:54 <ais523> and please don't tell me all advert-loading is done from external servers
16:56:59 <ais523> although I admit quite a bit of it is
16:57:21 <ehird> i'll continue this conversation when it takes a turn that doesn't consist of me stating why things can be easily fixed and you asking about every trivial term I'm using that someone talking about browser security should know about
16:57:48 <ais523> ehird: I'm not saying I don't understand what "cross-domain" means
16:57:55 <ais523> I'm saying that this will not always be cross-domain in practice
16:57:56 <jix> ehird: then you might fix the wikipedia page which states it isn't a browser bug
16:57:59 <ais523> and you're assuming it is for some reason
16:58:23 <ehird> if a site causes a user to delete all the mail they host in the same site, umm, that's the site's fault
16:58:32 <ais523> yes, but it still affects the user
16:58:33 <ehird> they could easily do it by, you know, just automatically deleting them
16:58:43 <ais523> your problem seems to be that you're assuming all the websites you use are 100% perfect
16:58:46 <ais523> and on
16:58:47 <ais523> *no
16:58:57 <ais523> normally, the advertising division of a website != the content division
16:59:09 <ais523> and they both put more or less their own stuff on the same page
16:59:11 <ehird> so the advertising devision hates the mail devision
16:59:18 <ais523> the advertising division is often relatively easily tricked by outsiders
16:59:19 <ehird> and wants users to delete all their mail via their ads
16:59:28 <ais523> there were quite a few adverts spreading Storm, recently, for instance
16:59:39 <ais523> if the ad people are 100% perfect, no problem
16:59:55 <ais523> in practice, they're quite easily persuaded to do something obnoxious by $EVIL_HACKER
17:00:12 <ais523> which ends up impacting the mail website as a whole and deleting all your mail
17:00:31 <ais523> (you might say this is unlikely, but IIRC Storm spread via a combination of those methods and exploiting flaws in IE)
17:01:15 <ais523> ehird: anyway, it seems clickjacking was even used to change the Flash privacy settings to turn on webcam and microphone
17:01:30 <ais523> that isn't even XSS, or crossdomain, that's affecting local programs on the user's computer
17:01:43 <Ilari> And some sites are probably hosted on computers that are a lot better hardened than the ad servers they reference to via Javascript includes.
17:01:45 <ehird> that's a flash bug.
17:01:51 <ehird> we are talking JS.
17:01:59 <ais523> ehird: it's a combination-of-JS-and-Flash bug
17:02:27 <ehird> i disagree.
17:02:27 <ais523> hmm... can JS in a tab focus a different tab?
17:02:31 <ais523> ah yes, obviously, window.close
17:02:48 <ais523> so, an evil site can reposition your mouse pointer then close the tab just as it thinks you're about to click
17:02:59 <ais523> and you click over something dangerous on the tab you visited just before it
17:03:10 <ais523> a bit unlikely, I suppose, but stranger things have been exploited
17:03:36 <Ilari> Like those file upload control exploits?
17:03:45 <ais523> ah, yes
17:03:52 <ais523> I wasn't thinking of those, but it's a similar idea
17:03:59 <ais523> those definitely are browser bugs, though
17:04:07 <ais523> no way should a file upload box be under website control
17:04:56 <jix> is it still possible to sniff auto fill in data using JS? (i think it isn't) but that would be a browser bug too...
17:05:38 <Ilari> It isn't. IIRC, Firefox 2 is vulernable to those exploits. Firefox 3 prevents them by preventing user from editing file upload control path directly. Konqueror isn't vulernable because it prompts before uploading.
17:06:00 <Ilari> That was to ais523
17:07:07 <ehird> using auto fill-in data is probably a bug in the user.
17:07:17 <ais523> Ilari: yep, old bug, IIRC they fixed both Mozilla (and Firefox by extension) and Safari before it got publically announced
17:07:17 -!- ais523 has quit (Remote closed the connection).
17:07:24 -!- ais523 has joined.
17:07:28 <jix> ehird: it's a usefull feature and can be implemented securely
17:07:37 <ais523> jix: which feature?
17:07:37 <ehird> yes, but it should be user-triggered
17:07:43 <jix> ais523: auto form fillin
17:07:44 <ehird> instead of filling in forms just like that
17:07:51 <ehird> you should be able to click, fill in this form
17:08:04 <jix> ehird: or it could fill in the form but mark the form as auto filled and unaccesable by scripts
17:08:08 <jix> ehird: i think that is how it is done
17:08:17 <ehird> shrug :P
17:08:22 <ehird> that could also mess up JS form validation
17:08:25 <jix> at least ff 3 marks the filled in forms in yellow until you check them
17:08:33 <ais523> ehird: JS form validation is ridiculous
17:08:38 <ais523> and should be repeated server-side, at least
17:08:45 <ehird> repeated server side: no shit
17:08:50 <ehird> it should be generated from a model in both cases
17:08:52 <ais523> having it client-side to warn users slightly earlier is possibly helpful, but dubious
17:08:57 <ehird> no, it's really helpful
17:09:05 <ehird> i get it all the time, oops, I messed up that field, so I fix it
17:09:07 <ehird> instead of doing the whole form
17:09:09 <ehird> submitting
17:09:11 <ehird> and getting 10 errors
17:09:13 <ehird> fixing them
17:09:16 <ehird> oh, now I have 3 errors
17:09:20 <ehird> oh, now it works
17:09:26 <ais523> and really, if you're auto-filling invalid data
17:09:38 <ais523> then you have a problem, and the extra 2 seconds it takes for server-side validation won't really hurt you
17:09:40 <ehird> no, you're auto-filling data that is probably valid
17:09:44 <ehird> websites may disagree.
17:11:56 <ais523> then they can disagree server-side
17:12:01 <ais523> rather than messing up your UI
17:12:07 <ais523> it's not as if that happens very often
17:12:10 <ehird> 'messing up your ui', wtf
17:12:14 <ais523> even better, have an HTTP response code
17:12:18 <ehird> i'm ending this conversation because it's ridiculous.
17:12:20 <ehird> thx
17:12:23 <ais523> which means "this data is invalid"
17:12:31 <ais523> so the browser knows something went wrong with the auto-fill
17:12:34 <ehird> that is outside of http's jurisdiction.
17:12:37 <ehird> i'm ending this conversation because it's ridiculous.
17:12:38 <ais523> ehird: I'm not so sure
17:12:42 <ehird> i'm ending this conversation because it's ridiculous.
17:13:04 <ais523> ehird: you've been doing a lot of arbitrarily declaring things ridiculous recently
17:13:31 <ehird> you're welcome. but I've never convinced you of anything, and vice-versa
17:14:17 <oklopol> ooooo
17:14:24 <ais523> okoko
17:22:57 <ais523> ehird: http://secunia.com/advisories/search/?search=javascript is a list of JS-related security bugs that have been found, btw
17:23:05 <ais523> some more serious and more JS-related than others, obviously
17:23:09 <ehird> software has bugs
17:23:12 <ehird> this is unsurprising
17:23:20 <ais523> yes
17:23:23 -!- MigoMipo has joined.
17:23:39 <ais523> I'm just surprised that you claim that JS-blocking isn't a good idea, as a result
17:50:03 -!- ais523 has quit (Read error: 104 (Connection reset by peer)).
17:51:03 -!- ais523 has joined.
18:02:31 <Slereah_> Guys
18:02:48 <ais523> hi Slereah_
18:02:50 <Slereah_> How old is the oldest machine, theoretical or otherwise, with stacks?
18:03:06 <Slereah_> I am in a wondery mood
18:03:39 * ais523 wonders if it's before or after the Turing Machine
18:03:54 <ais523> I suppose steam engines had cooling stacks, but that probably isn't what you meant
18:04:00 <Slereah_> Yeah.
18:04:15 <Slereah_> Also there prolly isn't a lot before the TM.
18:04:21 <bsmntbombdood> oldest machine?
18:04:28 <ais523> bsmntbombdood: oldest machine with stacks
18:04:38 <ais523> arguably the TM had two, but it wasn't described like that
18:04:41 <bsmntbombdood> a tm isn't a machine
18:04:43 <ais523> and besides, pushing one popped the other
18:05:04 <ais523> bsmntbombdood: it's a theoretical machine
18:05:04 <ais523> which Slereah_ specifically allowed
18:05:05 <bsmntbombdood> anyway, it's a stupid question
18:05:08 <Slereah_> bsmntbombdood : Yes it is
18:05:10 <Slereah_> It's right in the name!
18:05:38 <ehird> how come every finn uses iki.fi
18:05:47 <ais523> maybe because it's a good server?
18:05:47 <Slereah_> Communism.
18:05:52 <Slereah_> They only have one ISP.
18:06:07 <ehird> no
18:06:10 <ehird> its not an isp
18:06:14 <ehird> it forwards URLs and emails
18:06:21 <ehird> i.e. iki.fi/deewiant goes to users.tkk.fi/blahblahblah
18:08:20 <ais523> query AnMaster
18:08:26 <ais523> umm...
18:08:33 <ehird> query fbi
18:08:35 <ehird> disregard that
18:08:42 -!- Corun has joined.
18:08:42 <ehird> xdcc send horse_porn.avi
18:08:43 <ehird> whoops
18:08:46 <ais523> I was trying to open a /query with AnMaster to look at my /query logs with him
18:09:19 <AnMaster> ais523, ?
18:09:24 <AnMaster> ah
18:09:30 <ais523> AnMaster: checking what that rsync command was
18:09:38 <AnMaster> right
18:13:35 <ais523> well, seems the C-INTERCAL repo is back in business
18:13:38 <ais523> http://envbot.kuonet.org/~ais523/c-intercal/_darcs/pristine/ for the file tree
18:13:45 <ais523> http://envbot.kuonet.org/~ais523/c-intercal/ for darcs download
18:25:28 <Ilari> Hmm... Wonder what kind of class would language with no backward jumps allowed, only looping linear in values and with bignums plus builtin hyper operator present...
18:25:39 <ehird> Ilari: like?
18:26:04 <Ilari> I don't know any examples of such language. It would be obiviously sub-TC...
18:26:15 <ehird> in moar practical terms? :D
18:27:07 <ais523> Ilari: isn't that BLooP-class?
18:27:29 <ehird> it'd be nice to have a bloop-alike, without the explicit specification
18:29:14 <Ilari> Plus of course associative tables for storing data during processing.
18:29:46 <Ilari> ais523: Got URL? Googling turns up lots of unrelated links...
18:30:53 <ehird> http://en.wikipedia.org/wiki/BlooP_and_FlooP
18:30:58 <ehird> from Gödel, Escher, Bach
18:31:28 <Ilari> Such language could express function that would have f(1) = 1, f(2) = 4, f(3) = g64 <Graham's number>, f(4) = <Something that makes even Graham's number look small>
18:31:50 <ehird> f(4) = A(g64,g64)
18:31:51 <ehird> :P
18:32:56 <Ilari> ehird: I don't know how f(4) and A(g64,g64) relate to each other and which is bigger. But one thing is sure: They are both really huge even compared to g64.
18:33:08 <ehird> what is this f?
18:33:28 <Slereah_> Isn't any function theoretically able to be defined like that?
18:33:38 <Slereah_> I mean, you could just define it as a primitive
18:35:41 <ehird> What's all this, you ask? We like weasels. You like weasels. Everyone likes weasels. Our mission: to send weasels wherever people like weasels. And that means everywhere.
18:35:41 <ehird> Weasel Trek has shipped fifteen plush weasels to hosts all over the world to be photographed, given a taste of local culture, and then sent on to another who shares the weasel way.
18:35:44 <ehird> http://weaseltrek.com/
18:36:57 <Slereah_> ...
18:37:01 <Slereah_> I want one :(
18:37:14 <ehird> I didn't notice the plush at first
18:37:26 <ehird> and reading their about I was thinking, wtf, you can buy weasels from ikea? What?
18:37:53 <Ilari> 64 times recursed Conway arrow with variable values on sides, starting from four arrows. With x=3, it produces Graham's number.
18:37:58 <ehird> http://uk.youtube.com/watch?v=pW7opOMStZk Skydiving weasel
18:38:04 -!- ais523 has quit (Read error: 104 (Connection reset by peer)).
18:45:47 <Ilari> Actually, that language would be more powerful than BlooP, as BlooP expresses functions that are primitive-recursive, but that language could express A(m,n), which is not primitive recursive.
18:53:47 -!- olsner has joined.
19:11:30 -!- Hiato has joined.
19:25:17 -!- Slereah has joined.
19:38:44 -!- Slereah_ has quit (Read error: 110 (Connection timed out)).
19:40:44 <ehird> nowhere docs the pcm format :(
19:42:50 <oklopol> hiiiiiiii
19:44:59 <ehird> register int *esp __asm__("%esp");
19:45:01 <ehird> that actually works
19:45:02 <ehird> how cool is that?
19:50:27 -!- Corun has quit ("This computer has gone to sleep").
19:53:33 <MizardX> ehird: http://www.wotsit.org/list.asp?search=pcm
19:54:11 <ehird> I like the part where neitherresult was the right one
19:54:28 <MizardX> pcm seems to be part of riff
19:55:07 <MizardX> Pulse Code Modulation (PCM) Format
19:55:21 <MizardX> line 3489 of the first document
19:55:34 <Deewiant> ehird: iki.fi also offers DNS so that the address of your site can be foo.iki.fi
19:55:46 <ehird> Deewiant: why does everyone use it?
19:55:54 <Deewiant> ehird: it works?
19:56:04 <fizzie> Also: because there are no monthly/yearly payments.
19:56:06 <Deewiant> and no, not "everyone" uses it :-P
19:56:11 <fizzie> Just the initial joiningment thing.
19:56:14 <ehird> umm, why not just link to a uri like the rest of the world.
19:56:21 <ehird> instead of PAYING for a url redirection service
19:56:25 <Deewiant> ehird: because if your stuff moves your old URLs don't work.
19:56:40 <ehird> the rest of the world solves that by, um, not doing that.
19:56:41 <Deewiant> ehird: 'iki' is search for 'ikuinen' meaning 'permanent'
19:56:44 <ehird> crazy sedes.
19:56:46 <ehird> *swedes
19:56:50 <Deewiant> ehird: if you change your ISP, what're you going to do
19:56:53 <ehird> ok, technically we have purl.org
19:56:56 <ehird> Deewiant: not host pages on my isp
19:57:04 <Deewiant> ehird: damn straight
19:57:10 <Deewiant> ehird: what if I have no other hosting option
19:57:12 <Deewiant> ehird: +free
19:57:19 <ehird> stop being a cheap bum :)
19:57:20 <ehird> :D
19:57:41 <Deewiant> fuck that
19:57:43 <ehird> corth.c:12: warning: ‘noreturn’ function does return
19:57:45 <ehird> oh shut up gcc
19:58:03 <ehird> by "noreturn" i mean DON'T GENERATE A FREAKING "ret" INSTRUCTION
19:58:22 <Deewiant> put assert (false) at the end
19:58:29 <ehird> does that work? ha
19:58:36 <Deewiant> I don't know
19:58:37 <Deewiant> worth a try
19:58:47 <Deewiant> it's specced to work in D where assert is a language construct :-P
19:58:59 <ehird> Deewiant: well, it makes sense for gcc to be complaining because i'm trying to tell it main() doesn't return
19:59:18 <ehird> (I clobber the stack in this program so I use the genius solution of "Don't ever, ever return, or call functions")
19:59:50 <ehird> lol, it still buts a ret in there but doesn't complain
19:59:56 * ehird tries asm("hlt") instead
20:00:03 <Deewiant> ehird: even with -O2?
20:00:08 <Deewiant> /3
20:00:20 <ehird> -Os would be more likely to do something ther
20:00:39 <ehird> hlt
20:00:39 <ehird> popl %ebp
20:00:40 <Deewiant> I always forget that one exists :-P
20:00:41 <ehird> ret
20:00:43 <ehird> Gcc fail
20:00:50 <Deewiant> switch to D
20:00:51 <ehird> zsh: illegal hardware instruction ./a.out
20:00:54 <ehird> 8-)
20:00:59 <ehird> Deewiant: I'm writing a forth. That would be dumb :D
20:01:03 <ehird> register int *esp asm("%esp");
20:01:03 <ehird> #define PUSHL(x) asm("pushl %0" : : "r"(x) : "%esp")
20:01:08 <Deewiant> why would it be dumb? :-P
20:01:09 <ehird> this is CRAZY LAND
20:01:21 <Deewiant> register, heh
20:01:29 <Deewiant> I wonder if GCC ignores that
20:03:22 <bsmntbombdood> ehird: why use the hardware stack?
20:03:26 <bsmntbombdood> allocate your own on the heap
20:03:28 <bsmntbombdood> please
20:03:42 <ehird> bsmntbombdood: is that BLAZING FAST and CRAZY?!
20:03:43 <ehird> NO
20:03:55 <bsmntbombdood> why are you writing it in C even?
20:05:01 <ehird> bsmntbombdood: because I'm too incompetent to write asm
20:05:09 <bsmntbombdood> but you are using asm
20:05:13 <ehird> only partly :P
20:05:19 <bsmntbombdood> yuck
20:05:30 <ehird> cool, you get a bus error if you don't ret
20:05:32 <ehird> from main
20:05:47 <bsmntbombdood> and really, how much slower can your own stack be?
20:05:58 <ehird> 0.01ms
20:06:12 <bsmntbombdood> less
20:06:34 <ehird> 0.00001ms
20:06:47 <bsmntbombdood> like, 2 cycles
20:07:02 <bsmntbombdood> maybe 3
20:07:14 <ehird> exactly
20:07:21 <ehird> utterly unacceptable
20:08:13 <Deewiant> that's less than 0.00001 ms :-P
20:08:22 <ehird> 0.0000000000000000000000001ms
20:08:23 <ehird> utterly unacceptable
20:08:31 <Deewiant> it's more than that though
20:08:39 <ehird> 1 planck time
20:08:41 <ehird> utterly unacceptable
20:09:25 <ehird> god, calling library functions is so ugly in C
20:09:29 <ehird> well, in asm :P
20:09:30 <bsmntbombdood> ?
20:09:46 <bsmntbombdood> 1.5 × 10**-9 seconds at 2 ghz
20:10:53 <ehird> so 0.0000015ms
20:10:56 <ehird> utterly unacceptable
20:12:15 <bsmntbombdood> uhuh
20:12:21 <bsmntbombdood> i should write a forth
20:12:25 <bsmntbombdood> it'll be faster than yours
20:13:16 <ehird> <__<
20:16:13 <bsmntbombdood> oooh i should write a dc
20:16:32 <bsmntbombdood> i love dc
20:21:35 <bsmntbombdood> would using gmp be cheating?
20:30:01 <ehird> yes
20:30:08 <ehird> write it as a string manipulation routine
20:32:06 <bsmntbombdood> no
20:32:12 -!- Hiato has quit ("Leaving.").
20:42:36 -!- KingOfKarlsruhe has quit ("Konversation terminated!").
20:43:32 -!- jix has quit ("...").
20:44:55 -!- jix has joined.
21:04:22 -!- MigoMipo has left (?).
22:16:43 <ehird> 22:11 <[TEHb]> Guys, help me pls :-)
22:16:43 <ehird> 22:11 <[TEHb]> I need help
22:16:45 <ehird> 22:12 <[TEHb]> I have not eaten for three days
22:16:50 <ehird> IRC is the correct place for advice on this matter
22:17:15 <lament> it's time to learn postscript!
22:17:20 <lament> anyone know a good tutorial?
22:17:56 <bsmntbombdood> hey guys i just wrote a goto
22:17:59 <bsmntbombdood> is this bad y/n
22:18:01 <ehird> n
22:18:06 <lament> y
22:18:14 <flexo> y
22:18:15 <lament> it's bad if you have to ask.
22:18:27 <flexo> exactly
22:18:27 <ehird> gotos are _awesome_
22:18:33 <flexo> well
22:18:38 <flexo> computed gotos are awesome
22:18:44 <flexo> you know, gcc supports them
22:18:56 <bsmntbombdood> flexo: how do computed gotos work?
22:19:06 <flexo> i'll show you
22:19:07 <ehird> bsmntbombdood: you can pass around goto pointers.
22:19:08 <ehird> and go to them.
22:19:21 <flexo> well
22:19:24 <flexo> it's not really a computed goto
22:19:27 <flexo> :
22:19:29 <flexo> but i still rock:
22:19:31 <flexo> http://pastebin.com/m32bb5f
22:19:40 <bsmntbombdood> why is that awesome?
22:19:50 <flexo> i suppose this might only work on 32bit x86
22:20:29 <ehird> flexo: that's not a computed goto.
22:20:37 <ehird> although that IS confusing as fuck
22:20:46 <flexo> thanks
22:20:48 <bsmntbombdood> uhhh
22:20:54 <bsmntbombdood> how did you get those constants in the array?
22:21:03 <ehird> I think they're x86 machine code
22:21:27 <flexo> nawothnig@perez:~$ ./leet
22:21:27 <flexo> 98 9e 37 d5 31 14 30 c3
22:21:31 <flexo> it's kind of a quine. somewhat.
22:21:45 <ehird> endianquine
22:21:46 <flexo> (byteorder is reversed)
22:24:59 <flexo> bsmntbombdood: so, unless your program looks like mine you should restructure it
22:28:04 <bsmntbombdood> now i can't figure out this bug
22:28:25 <flexo> packets are beinng lost again
22:28:25 <flexo> :/
22:28:49 <flexo> will finally get my own line on tuesday
22:31:21 <bsmntbombdood> i hate bugs
22:57:03 -!- oerjan has joined.
23:07:16 -!- FireFly has quit ("Later").
23:12:09 <lament> how do i exponentiate in postscript?
23:15:58 <ehird> with luv
23:19:01 <oerjan> <Ilari> Actually, that language would be more powerful than BlooP, as BlooP expresses functions that are primitive-recursive, but that language could express A(m,n), which is not primitive recursive.
23:19:09 <oerjan> sort of BlooP with oracle...
23:21:48 -!- olsner has quit ("Leaving").
23:24:46 -!- bsmntbombdood has quit (Read error: 110 (Connection timed out)).
23:25:49 -!- bsmntbombdood has joined.
23:41:30 -!- jix has quit ("...").
23:50:36 <Ilari> Even one that could be implemented on Turing machine to run in "finite" time... :-)
←2009-01-14 2009-01-15 2009-01-16→ ↑2009 ↑all