- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Yeah, I wonder were those people get these stupid ideas. And then if they start to enforce numbers + different case letters + special chars people will just write it down and stick it to the display. What do they expect users to do?
Luckily my companies "algorithm" is stupid enough not to notice my pattern which consist of month + year. if they change that I swear I put a sticky note on my display...just to make a point.
It would make a lot of sense to just distribute fingerprint scanners and use them for login. More secure and much easier for the user.
Admin
You got to admit though Santosh has to be some very deep shade of green when he wrote that. Everything about him had to be a lie, no training, no experience, nothing but the ability to bullshit. And yet a very short time later (A month? Four Months?) he can list off all the things he did totally wrong.
Admin
Better than finally, try-with-resources guarantees the close() method is called:
try(PreparedStatement ps = conn.createPreparedStatement("...")) { do stuff }Anything that's AutoCloseable works, and Closeable objects (like streams) work too.
Admin
Admin
Admin
Other biometrics are no better. Iris scanners are subject to a variety of fake-image attacks, and some people cannot use them because their irises have no recognisable pattern. Retina scanners are better, but they are very intrusive, and still prone to failures as the pattern changes slowly over time. Voice print recognition fails miserably if there is a lot of ambient noise, and also is prone to false negatives if the unfortunate user has a bad cold.
And so on.
And the most effective ways to defeat any sort of on-location security? Co-opt an insider (bribes around 5 times annual salary are usually more than sufficient to achieve this with normal office workers) or have the target enterprise hire one of your own people who then acts as a spy. This utterly defeats all sorts of biometrics and token-based security, because the on-location attacker is also a trusted party.
You can't secure it totally. The best you can do is make the cost of the attack higher than the benefit to the attacker.
Admin
Admin
So...you have one password, got it.
Admin
Hardware dongle is useless as we know from Alex previous story.
Admin
if I follow that logic, i will have NULL for password.
Admin
"Sending a message" is the modern, trendy new OOP term for "calling a function".
In the IT field, every few years we have to make up new names for everything. Like this example. Or when databases came out and now "record" is renamed "row" and "field" is renamed "column". Etc.
Making up new names for old ideas accomplishes two things.
First, suppose you come up with a truly idea. You want to write a book and give lectures and become a consultant and make a lot of money. But most valuable new ideas in IT can be summed up in a paragraph. Maybe a few pages to really explain and give examples. That's not enough to make a book. So you have to rename a bunch of old ideas and describe all your new names to pad out the book.
Second, suppose you don't have a truly new idea. But you still want to write a book, etc, and make a lot of money. Then you can skip the chapter with the new idea, and just rename a bunch of old ideas and restate what everybody already knows but with new words, and pretend it's something new.
Also, making new names for old ideas lets all the people who have learned the new name laugh at the ignorant people who are still using the old name.
Admin
I tried it. It works on my machine.
Admin
Admin
If you get keylogged well the strength of your passwords doesn't mean shit.
And to finish off, my favorite quote for passwords: Please Create a password. Your password needs to contain a capital letter, a number, an emoji, 8 elements from the periodic Table, and a plot containing a protagonist with some character development and a twisted ending.
Admin
As best I can work out it's a hang-over from the days when it [u]was[/] a valid security measure. In other words, a large number of untrusted users (otherwise known as "students") who [u]would[/] attempt a brute force attack on the root password if they thought it might work - and insufficient computing resources to log or block failed logins.
Admin
Implementation-wise, it doesn't really matter. An asynchronous message-passing facility (when properly functioning) should be just as reliable at executing methods as a statically-bound function call.
The point was for people to understand how object-oriented design was different from traditional procedural design.
In procedural programming, your goal was to develop one general-purpose agent that has access to a wealth of diverse information, and is capable of performing many different types of tasks. So, if your agent were in a flying craft, and the goal was to blow something up, the general-purpose agent would call one function to select a reasonable mix of bombs, another raft of functions to arm them, open the bay doors, wait for the signal from the operator, and release the bombs when so directed.
Object-oriented design asked you to look at your goals a different way, and I honestly remember the instructor referring to the movie Dark Star, (which I had not yet seen) when the character said:
"Arm Yourself, Bomb"
Instead of calling functions, and getting wrapped up in their structures, you were at arms length, dispatching general instructions to thinking objects within the system.
The movie also serves a good illustration of what happens when the objects are a little too intelligent...
Admin
I'm not sure I follow the crux of your question, Steve.
The vtable is the dispatch process for C++. The only time virtual methods could be called directly (without dereferencing the slot in the vtable) is when they aren't really virtual.
Something would have to be muddled in the object class's inheritance tree -- not all levels defined virtual, or perhaps not properly recompiled. Overloaded method names can also cause fun, either by strangely hiding the methods you thought would inherit, or some implicit type-casting causes a non-virtual imposter to get called.
-- Captcha: ullamcorper -- your final message for someone you don't respect who has passed away
Admin
The key point being that you know definitively what class the object is at compile time, so you can call the member function directly.
Oh, and don't go around thinking that because everyone uses vtables, that's actually required by the standard. Early implementations of C++ didn't use vtables, and virtual function dispatch was horribly, horribly slow as a result.
Admin
By new do you mean new when Smalltalk popularized the concept over 30 years ago? Sending a message means much more than just calling a (static) function.
Admin
Admin
Totally agree. I'm supposed to be the c# expert on my team. It makes me want to cry.
Admin
Or just append "01" at the end of your first password. When you have to change it, make it "02". And so forth. If you want to get fancy, hold down shift first. But yes, forced password changing is a real WTF.
Admin
Perhaps the auditor used to be a proctologist.
Admin
For example, consider this C++ code:
struct Class { virtual void foo(); }; void virtual_call(Class * p) { p->foo(); } void nonvirtual_call(Class c){ c.foo(); }When compiled with 'g++ -c -S -O2 no-vtable.cc', g++ 4.4 produces the following code (I include the -O2 to reduce the size of the code; it is not necessary to see the difference), edited to remove some extraneous things like extra labels and .cfi_* directives:
In the first function, it loads the vptr of the object p[i] points to into [i]rax (the instruction), then loads the first entry of the vtable into rax (the second instruction), then jumps to the corresponding function. (The stack frame is already set up with the appropriate information, as the first parameter to virtual_call is still the first parameter to foo.)
In the second case, there's no such access to the vtable; the call is not made through a pointer or a reference, so the compiler knows for sure what function is going to be called. It can just jump to it.
Of course there's no guarantee that this optimization will be performed, but as evidenced by the fact that two-out-of-two compilers I tried did it without even being told to do any optimization at all, I'd guess it's pretty reliable.
Admin
RAII and scoping should guarantee that, all a try block does is to squash errors.
Admin
Also, you should look up what try-with-resources does. It doesn't swallow anything that finally doesn't -- which is nothing.
Heck, I don't know of a language where try on its own will swallow anything! It's [i]catch[i/] clauses which swallow things. No catch clause, no swallow. (Many languages won't let you have a try with no catch/finally, but conceptually there's no reason why you couldn't.)
Admin
For anyone still reading, it looks like Santosh has taken the whole "message passing" thing to heart, and reinvented the Actor framework from whole cloth. Yes, badly, and incorrectly, but maybe the guy's just a budding genius that needs to be shown Akka in Scala.