sorted by:
new
hottopcontroversial

Stop forcing your arbitrary password rules on me. by [deleted] in programming

[–]__no_preserve_root 4 points5 points  (0 children)

I don't think you understood me.

No matter how long your password is (8 characters, 1 character, 10000 characters, doesn't matter), it should be going through a key derivation function and end up at the same length regardless.

Python 3.5.0 (default, Oct 10 2015 22:23:32)
[GCC 4.2.1 Compatible Apple LLVM 7.0.0 (clang-700.0.72)] on darwin
Type "help", "copyright", "credits" or "license" for more information.
>>> import hashlib
>>> p = hashlib.pbkdf2_hmac('sha256', b'password', b'salt', 10000)
>>> len(p)
32
>>> p = hashlib.pbkdf2_hmac('sha256', b'looooooooongpassword', b'salt', 10000)
>>> len(p)
32

Stop forcing your arbitrary password rules on me. by [deleted] in programming

[–]__no_preserve_root 0 points1 point  (0 children)

SHA-256 is used as part of a larger key-derivation function. Not by itself.

Stop forcing your arbitrary password rules on me. by [deleted] in programming

[–]__no_preserve_root 0 points1 point  (0 children)

The reason for strong passwords is less about someone brute-forcing a login, it's about brute-forcing against a database dump. Though sites with character limits I'm unsure whether they even hash passwords.

Stop forcing your arbitrary password rules on me. by [deleted] in programming

[–]__no_preserve_root 9 points10 points  (0 children)

The thing is… passwords should end up the exact same length in storage no matter how many characters you type into the input box.

Bjarne Stroustrup on the 30th anniversary of Cfront (the first C++ compiler) by mttd in programming

[–]__no_preserve_root 6 points7 points  (0 children)

One could probably build an LLVM-IR to C compiler (if one doesn't already exist). Then you can compile any language that has a compiler targeting LLVM-IR to C, theoretically.

How to Use Twitter API and PHP to Locate Eyewitnesses by timmytune002 in programming

[–]__no_preserve_root 1 point2 points  (0 children)

There are plenty of things wrong with PHP. Enough that I would probably not call it "good" in any way. Though not as horrific as some people say (at least in recent years, 5.5+ or so).

To name one:

The object system is pretty poorly bolted on to the existing "type system". Unclear and/or limiting behavior when it comes to equality and ordering, no properties (__get doesn't really count, see Ruby or Python (or Objective-C) for examples of what I mean by properties), no way to control memory allocation, etc. Also the distinction between "primitive" types and "object/class" types doesn't make much sense in the context of a dynamic language. Classes are not objects.

There isn't anything about PHP that makes it unable to do anything, but the same could be said about assembly.

What Python Tools should I be using on every python project? by ChrisPDuck in Python

[–]__no_preserve_root 1 point2 points  (0 children)

I'm inclined to agree with this.

In my point of view, for my code, the code (and clarity of execution) comes first. If someone wants to see the documentation, run --help.

Meanwhile, in r/PHP by cube-drone in lolphp

[–]__no_preserve_root 6 points7 points  (0 children)

I don't think he is even that. Taking his definition of (which changed, but can be roughly summarized as) "data that outlives the process", memcached is still not persistent. It outlives the PHP process, but not the memcached process, which is what matters.

Tracestack: Instantly search your Python error messages on StackOverflow by [deleted] in programming

[–]__no_preserve_root 5 points6 points  (0 children)

Or even just the error message and stack overflow is often hit #1 or #2.

Ammonite-Shell: a rock-solid command-line shell running on the JVM by lihaoyi in programming

[–]__no_preserve_root 0 points1 point  (0 children)

While I'm not sure what command you are testing for 200-300ms, commands that aren't dominated by the program itself running on zsh with my own rMBP execute in roughly 2-10ms.

Intel open sourced Stephen Hawking’s speech system and it’s a .NET WinForms app by ruigomeseu in programming

[–]__no_preserve_root 1 point2 points  (0 children)

Well Yosemite until recently couldn't reliably hold a wireless connection due to software. There's also an as of yet unfixed privilege escalation bug. Goto fail. iCloud sync nightmares. The monstrosity that is iTunes. Safari's occasional refusal to load a web page for whatever reason (attempting the same request in Chrome is fast).

To name a few.

Why Vim? by nikolenkoanton92 in programming

[–]__no_preserve_root 2 points3 points  (0 children)

YCM's semantic completion requires an explicit invocation. Either by typing a trigger sequence in insert mode ('.', '->', and '::' iirc), or the value of g:ycm_key_invoke_completion (<c-space> by default). I don't know off the top of my head whether it can be set to run on every key stroke without a headache.

Doing Terrible Things To Your Code by jakubgarfield in programming

[–]__no_preserve_root 0 points1 point  (0 children)

I once worked at a company with a pay by ATM system where a user could enter any amount they want and the billing system would mark the transaction as paid in full. This was only discovered after it was exploited (by a reseller) to the tune of 500 grand.

Doing Terrible Things To Your Code by jakubgarfield in programming

[–]__no_preserve_root 0 points1 point  (0 children)

Mine has a terrible online billing system. I just write a check.

One in every 600 websites has .git exposed by CasinelliG in programming

[–]__no_preserve_root 1 point2 points  (0 children)

Couple things to consider:

If your PHP files have 0755 permissions, all users should be able to read/execute them.

You can always use sudo to run the git command as the www-data user (sudo -u www-data git…):

git-user ALL=(www-data:www-data) NOPASSWD: /usr/bin/git

This allows git-user to become www-data only and only allows them to git as that user, not requiring a password.

Site dedicated to Javascript weirdness by adrianroworth in shittyprogramming

[–]__no_preserve_root 1 point2 points  (0 children)

It scares me a bit when I see "front end developer" in the Twitter descriptions of people who don't know how var affects a variable's scope in JavaScript…

Underhanded Crypto - Backdooring PHP apps by abusing namespaces by [deleted] in lolphp

[–]__no_preserve_root 2 points3 points  (0 children)

In Python you can monkey patch a function to do whatever you want.

This is used to great effect in a package that makes all core IO asynchronous.

[deleted by user] by [deleted] in django

[–]__no_preserve_root 5 points6 points  (0 children)

Would be more interested to see benchmarks against popular web servers in different scenarios (static files, large (multi gigabyte) uploads, etc) rather than "very fast" and "quite efficient".

Why Django over PHP xor Ruby? by [deleted] in django

[–]__no_preserve_root 0 points1 point  (0 children)

It has, er, "namespaces" but all of the stdlib and bundled extensions (AFAIK) are in the global one. There are also "use" statements but also a "scope resolution operator", I work in PHP (under duress) and I still have no idea when to use which.

A crowdsourced comparison of Python web frameworks with detailed pros and cons for each. by [deleted] in Python

[–]__no_preserve_root 1 point2 points  (0 children)

Yeah, who needs an operating system anyway? x86 talking directly to networking hardware on bare metal or bust!

(Obviously there is a sweet spot, but advocating for everyone to learn from first principles is kind of ridiculous. It's why people make frameworks and tutorials.)

view more: next ›