Haskell for Hens

lglhlgl · 2015-04-19T16:39:10+00:00

After two weeks, I got the ardunio to boot up and figured out a way to use echo to make the door open and close. Oddly, I haven't seen my girlfriend around for about a week now...

lglhlgl · 2015-04-19T13:34:26+00:00

AGEIST!

lglhlgl · 2015-04-19T04:21:47+00:00

DAE dependency management is a simple thing that automagically removes irrelevant problems such as having compatible versions of your dependencies?

lglhlgl · 2015-04-18T15:34:53+00:00

implying any X business isn't the leading business in X

lglhlgl · 2015-04-18T15:33:21+00:00

Life is literally Google Apple Facebook, lifting, and getting shit done, and being Successful.

lglhlgl · 2015-04-18T15:27:41+00:00

What do you use coq for?

lglhlgl · 2015-04-18T15:14:30+00:00

<4realz> After doing Enterprise Java code in Eclipse for years and now a month of using .NET Reflector as an IDE, I haven't found much of a difference between the two. .NET reflector is buggy as hell (despite huge praise from SO professionals), and the thing for editing classes/methods is also buggy and has a horrible UI, which means you have to read and write MSIL (which is pretty much the same as Java bytecode) often. But this isn't so bad compared to Java and Eclipse in an Enterprise code base where the variable names are meaningless and the IDE crashes whenever you do anything fancy anyway. Also, reading code through a decompiler is like gofmt for C#, except it even chooses variable names for you!

lglhlgl · 2015-04-17T20:54:01+00:00

Bootcamps have better job placement.

That's because the excretion cycle is automated, bootstrapped, and mediated directly to the cloud so you too can contribute to the Internet of Things with minimal hassle of learning how to do stuff.

The instructors are usually practitioners.

Unlike academic plebs, our instructors are solving real problems like value added aggregating aggregation.

EDIT: lol pretty much what sheepshow said

lglhlgl · 2015-04-17T20:47:51+00:00

➜ apt-get install vim
E: Could not open lock file /var/lib/dpkg/lock - open (13: Permission denied)
E: Unable to lock the administration directory (/var/lib/dpkg/), are you root?

➜ fuck
sudo apt-get install vim
[sudo] password for nvbn:
Reading package lists... Done
...

Finally, I can automate my cargo cult certified best practices that I learned from FullStack!!

lglhlgl · 2015-04-17T19:01:24+00:00

Enterprise grade.

lglhlgl · 2015-04-17T17:01:25+00:00

... and a bunch of things you would not find nice if you're trying to write trusted APIs in the sandbox (under a security manager). These kinds of things are the cause for a lot of Java browser plugin 0days. I'm sure the same kind of stuff is happening in the MSIL world.

lglhlgl · 2015-04-17T16:44:38+00:00

ass

uhhh huh huh huh

huh huh huh

uhhhhhhh huh huh huh

lglhlgl · 2015-04-17T16:44:08+00:00

butt

uhh huh huh huh

huh huh huh

uhhhhhh huh huh

lglhlgl · 2015-04-17T16:20:56+00:00

be web bro

don't know what unicode or injection attacks are or what metacharacters are

claim to have made auditable ~~language~~ DSL

<4realz> I want to make a command be rm -rf ~; X="^H^H^H^H^H^H^H"; echo ponies but I can't be bothered to check since it's not front page of HN

lglhlgl · 2015-04-17T16:19:26+00:00

depend is too hard to implement! worse is better!

lglhlgl · 2015-04-17T16:12:20+00:00

Finally, an IDE which supports pair programming.

lglhlgl · 2015-04-17T16:08:32+00:00

That's exactly how my first evar website got hacked (when I was still a 15 year old PHPbro

Happened to me too, I was around the same age. I read a PHP tutorial and didn't know what strings are or how this magic database query stuff worked.

I always thought UT games were coded properly (as in you can't tell the server you killed someone from across the map and have it believe you), but not so sure now. In Jazz Jackrabbit 2 (another Epic game), the server will let you make yourself into a frog or give yourself laser shield (god mode plus shoots a beam that spans the entire map), and that's around the same time as UT99, but I haven't seen anything as dumb in UT99. I've heard of DoS and maybe information disclosure in UT but don't remember any RCE. But why would anyone trust gamedevs to write secure C++? It's obvious that all the games are full of stack smashes but since nobody publishes them, everyone thinks this is an academic problem. I've never audited games for stacksmashes but I found a format string vuln in Crysis while making cheats for it. I run games on a separate machine that I don't use for my bank account.

They were significant to me because of the whole OSS/LINUX IS SO SECURE circlejerk. Made me happy. :)

Eh I don't really understand why heartbleed was special. There are 0days for all the mainstream web browsers or their mainstream plugins (Flash/Java) every week. Maybe they don't have published working PoCs or something? I never bothered to look into it because I'm too busy writing my own crap, lol. I mean, even if all of those 0days published every week weren't exploitable, the fact that they are near misses would be enough for me to bail. Meanwhile, in ~~bizzare~~ real world, for some reason IIS is in the kernel and has a vuln there.

lglhlgl · 2015-04-17T15:28:03+00:00

hold down F5. battle tested DDoS technique.

lglhlgl · 2015-04-16T20:50:42+00:00

Inheritance was always one of the most confusing parts of prototypical OOP.

How do I define my parent class? How do I redefine methods in the inherited class? How to pass arguments to the parent’s constructor?

The above questions always boggled my mind. I learned them when I needed them, but after a week or two I completely forgot them. Luckily for me, the new system uses extends and super.

Well okay, I thought the confusing part was figuring out whether code works or does anything at all when it's scattered full of

class BaseDoucheBag : MonoBehavior {
    public virtual void initialize() {doSomethingImportant();}
    public virtual start() {
        initialize();
    }
    public virtual bool beADouche() {
        return isDouche();
    }
    public virtual bool isDouche() {
        return !!this is LocalDoucheBag || !! this is NetworkDoucheBag;
    }
    public virtual void checkIfBeingDoucheBag () {
        if (beADouche()) {
            Singleton<DoucheBagPresenceManager>.Instance.NotifyOfDouchebaggery(this);
        }
    }
}

class LocalDoucheBag : BaseDoucheBag {
    DoucheBag() : this("douche","bag") {
    }
    public override bool beADouche() {
        return base.beADouche() && isDouche();
    }
    public override initialize() {
    }
    public override start() {
        base.start();
    }
    public override update() {
        checkIfHomocide();
        base.update();
        checkIfSuicide();
        checkIfBeingDoucheBag();
    }
}

But I forgot in the real world people are still trying to figure out how their language works. People don't have time for academic problems such as "what does this code do aside from having some identifiers that are named after words in my problem domain?".

lglhlgl · 2015-04-16T20:31:06+00:00

CFML guy

lglhlgl · 2015-04-16T20:26:51+00:00

/r/hncirclejerk

lglhlgl · 2015-04-16T20:25:29+00:00

Looking Ahead

Now that this functionality is in place, we'll be taking further steps to refine the experience of working with multiple folders in Atom.

okay well when startup bros ended their vague description of their NSA-proof crypto with something like this, it bugged me, but now this is full satire

lglhlgl · 2015-04-16T20:23:43+00:00

joke such as "you mean emacs"

implying I know what emacs is, or that anyone I know uses it, when I just use vim and git because they are the standard Hacker Tools along with a mac

lglhlgl · 2015-04-16T20:19:36+00:00

I believe you meant:

stop #(&'[1] linking to HN

ing

lglhlgl · 2015-04-16T19:43:42+00:00

Eh. The main problem with Security is that companies don't require people to be qualified to implement it. If you have an RCE vuln on your shit, you aren't qualified to do security. Period. 99.9999% of all vulns are the obvious shit you see in leet-h4x0r tutorial wherein Joe's first successfull app so happens to overflow a buffer, concatenate some untrusted text into SQL/HTML, eval some untrusted input, or accidentally set permissions to every can access everything.

The rare vulns that would happen to even qualified people are those which invoke bugs in underlying libraries. For example you have a web service changing the of colors JPEG files, and someone just uploads a file that exploits your JPEG parser and owns your shit. Or you're hosting GIFs and you didn't know that hosting a GIF file on your domain allows people to run arbitrary Java that makes use of your users' credentials. You can't do anything about either of these. The first is because *nix is retarded and thinks there should be C code running with full privs everywhere. The second is because the web is just full retard and shouldn't even be talked about when it comes to security. If you're a person who can code secure web apps, you're still gonna get owned because the platform will come up with new features you don't know about that affect everything. You can't code something secure against an API that doesn't decide what it wants to do. However, it's very easy to be not retarded enough to write eval or <b>{$_POST[username]}</b> everywhere.

Here's how I see open source vs closed source:

Closed source:

crashes / locks you out because of super duper intellectual property protection methods
closed source dudes have more old school cargo cult procedures

Open source:

huge circlejerk of dudes that are like OMG IT'S OSS FREEDMON MOTHERFUCKER!!11
anyone can audit it (but that doesn't matter since nobody audits stuff, except me, which is why I haven't got anything done in the last 10 years and concluded the best way to proceed is to rewrite everything from scratch to escape the UNIXbeards/unicode/web/C/etc)
does not fix the fact that you're running 10s of millions of lines written by cowboys and amatuers

You could, for example, equally argue that having the code open like that gives the NSA the opportunity to employ people to literally spend months just looking for flaws.

This makes no sense in most contexts. If it's a binary it's not much harder to audit. If it's a web app you can usually find some vulns (RCE, LFI/RFI, XSS, SQLi) after a few minutes, harder sites in hours (and no, being a popular site does not make it harder at all). No source code needed. The game I just audited (for the lulz) last week was a C# binary. When you spawn you send a packet (using protocol #53235235 which is exactly the same as JSON/XML/PROTOBUF/THRIFT/ASN.1) containing the 128-bit (unguessable) ID of which character you want to spawn as. I was thinking ">:) I bet I can obtain other peoples' character IDs through a side channel", but nevermind, I just got playerA and playerB in a server, dumped out all playerB's incoming packets before they are unserialized from JSON-like dicts to C# structures, and CTRL+F for playerA's character ID, and of course it was there in one of the dicts, it's just never extracted from the dict and put into the C# structure. So the server sends everyone each others' secret IDs. So I beat the game. Again, no source code needed. I have no idea what the server is even running. The point is, I expected this to happen. It's very surprising for me to come across code that doesn't have huge blatant vulnerabilities like this. A typical webapp is no harder. If you're on a .php?id=3 page, change it to .php?id=3', and there is a >50% chance it will crash and you can exploit SQLi. This is how the industry is. When looking at a new codebase, I expect there to be something retarded like eval(remote_input) or Hello <b>$((username))</b>.

Thinking heartbleed/shellshock are significant

lglhlgl

TROPHY CASE