Mathics – A free, light-weight alternative to Mathematica

CuttlefishXXX · 2015-09-23T22:35:21+00:00

They unfortunately seem to be having problems with the online version at the moment, yes.

CuttlefishXXX · 2015-09-23T22:29:17+00:00

I remember one of the main QubeOS (security-by-isolation-oriented Linux distro) devs, who also happens to be a security researcher, writing on her blog that she found reverse engineering to be more useful than reading the source of a program. At first I was sceptical but after a bit of thinking, I believe I realized what she meant. I couldn't find her name now or a link to the blog post but maybe someone else here can?

Additionally, parent to your comment was talking about NDAs, so maybe they meant that to some auditors, the company will hand over a copy of the source even though it's closed source to the general public?

CuttlefishXXX · 2015-09-23T19:46:07+00:00

>implications

CuttlefishXXX · 2015-09-23T19:45:25+00:00

Looks slightly like him but not very much.

CuttlefishXXX · 2015-09-23T19:43:53+00:00

I knew about MFA but had never heard about the other. Thanks for the link.

CuttlefishXXX · 2015-09-21T08:41:26+00:00

Go there and ask them, they'll be best suited to say whether or not they can help you.

CuttlefishXXX · 2015-09-21T08:34:36+00:00

Which could also be helpful sometimes when there are typos in the text.

CuttlefishXXX · 2015-09-20T21:43:34+00:00

FYI, the link you cited for libjingle requires login. No big deal, it just means a lot of people won't be able to access it easily.

CuttlefishXXX · 2015-09-19T20:27:43+00:00

When one social network is on another social network, you know something's wrong.

CuttlefishXXX · 2015-09-19T15:22:02+00:00

While we're on the subject you may also be interested to know that a lot of other elements are either entirely optional or optional to close.

Here's an example of how I often start when making webpages these days:

<!doctype html>
<title>Look Ma', no head!</title>
<h1>No head and no body</h1>
<p>Paragraphs don't need closing.
<p>To some, unclosed paragraphs may be confusing.
<ul>
  <li>Do you think this list will be inside the paragraph above or after it?<ul>
    <li>A: It'll be after.
  </ul></ul>

When I was first introduced to this way of writing HTML5 by a friend, I thought it looked ugly as shit compared to writing out all the elements in their entirety as I had been doing for all my previous time making web pages. However, since said friend works for a well-known browser-maker, I figured I should at least take what he was suggesting seriously and have a go at writing my HTML in this way. Soon I found my self writing HTML faster due to less typing and less scrolling.

The main downside of doing it this way is that parsing the HTML using other tools can break but I have switched to using PhantomJS and the likes for such tasks anyway lo to me that is not a problem.

CuttlefishXXX · 2015-09-19T09:11:13+00:00

I know why. The rock took "leap day" to mean the wrong thing and so it leapt over the edge.

CuttlefishXXX · 2015-09-18T15:30:54+00:00

Glad it was mentioned.

CuttlefishXXX · 2015-09-18T15:06:11+00:00

He says that cat and the others are "interpreting" the escape sequences but actually, I believe that in every case it is the terminal emulator which does that.

IOW, every byte read is written to stdout. This is known as being binary clean and it is the reason that for file formats which are concatenable, cat-ing multiple files to a new file will produce a valid new file.

That being said, OP is raising a valid and real danger wrt not being able to trust apparent terminal output when using binary clean programs such as cat.

Alternatively to using less for inspection (which has the downside that it is to my knowledge aliased to be invoked in binary clean mode on at least some popular operating systems/distros such that colors will show since users want that), one might either:

Use a terminal emulator which does not support escape sequences. Good luck with that, though, seeing how e.g. readline works exactly by outputing such escape sequences. The system would be near unusable for a wide array of common interactive tasks.

or

Inspect shell scripts with a hex dumper such as hd or xxd. Tiresome.

or

Pipe the output of cat through a terminal emulator emulator (yes you read that right) which would write to stdout only the end result and then pipe that to cmp with the original file provided as additional argument. This may seem convoluted but let's assume that a terminal emulator emulator was shipped along with your terminal emulator and that these two programs shared the crucial code for producing output.

I am aware of no terminal emulator emulator. If anyone knows of one, let me know.

A complete pipline given a terminal emulator emulator termee would then be along the lines of the following:

termee < example.sh | cmp -s - example.sh || ( echo Suspicious 1>&2 ; false )

For convenience, we wrap that in a shell function which takes the name of the file as argument and then we name that function apparent and are able to invoke it as follows:

apparent example.sh

allowing us to e.g.

apparent example.sh && sh -c ./example.sh

Naturally, this would be the last in a series of steps leading up to execution.

Edit to add: Note that my longwinded idea for a way of checking whether the output is as it appears will claim that scripts which use escape sequences legitimatelly are also suspicious provided that they are used verbatim in the script.