- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Yay, first time INB4 unlist.
Admin
Wasn't Yahoo! by any chance?
Admin
Executable configuration files aren't a problem, provided you test them. But then any sort of config really ought to be tested anyway; just because it is not executable doesn't mean that getting it wrong won't cause trouble.
Admin
Doing Paula's job.
Admin
:+1: Brillant!
Can we expect another duplicate topic when she does get around to doing her job?
Admin
Hey, she made @abarker work. That's something!
Admin
I prefer my emergency passwords secure as in "you know it's just that version string printed in the logs, right?" if defaults are used,...
Admin
Depends on if/when @remy decides to poke this article again.
Admin
Poor bert, he's not admin.
Admin
That's because he can't be trusted to write secure code.
Admin
Stuff like this is why I
makewould really like to be empowered to make any assumptions about user-configurable settings dependent on a two-factor check for really being in a pre-beta test environment.Admin
If it's executable, it's not configuration.
Admin
Counter-Strike key bindings file is technically speaking executable script. Is it not configuration then?
Admin
It's a script and should be treated as such.
Admin
Okay... and what's the implication here? Why can't we treat scripts like configuration files? What it means to treat something like configuration file?
Admin
You with the blakeyrat club, it's not user-facing if it doesn't have a GUI?
There may be problems with executable/script-based config files, but this isn't one of them. Insane defaults is the problem here.
Admin
I agree with that
For starters, you can sanitize values from a configuration file, but a script can execute any arbitrary code. If the config is in, for example, javascript, what's there to prevent the config file to set hooks into other parts of the software?
Admin
That's the real problem with script-based configuration, and that's mainly cases like 'both the config and the main app are in js/php/whatever'. Counterstrike config script probably isn't a problem because although it may be a script it's probably got its own interpreter and is appropriately limited in what it can do.
Admin
Is there any advantage on the format used by Counterstrike?
Admin
I haven't used counterstrike myself so I'll pass that back to @Gaska. Given how complicated game engines can be, more advanced configurations in scripts may make sense. The end user of course should get a GUI.
Admin
Have you seen XCOM's config? both XCOM: Enemy Unknow/Within and XCOM 2 have really crazy INI files for config. I guess if you really want, you can make anything with any config format.
Admin
Manipulating them programmatically is fairly hard and the result is pretty fragile. Consuming them from different languages is hard as it likely requires a full VM for whatever it's written in. It's annoying.
Sandboxing, but it's usually not really that much of an issue (same privilege level, breaking your own toys etc).
Admin
It would be fine for a properly protected server app, but a local app is another story altoguether.
Admin
It's important for server apps that start with elevated privileges and need to read config before dropping them (to read TLS keys, bind ports or whatever). For everything else not so much.
And even then the config is probably only writeable by superuser anyway.
Admin
Admin
Didn't you have to write that logic for the script VM?
Admin
Admin
That depends on how moddable you want your game to be.
Admin
In the age where people working on game engines are separate companies from people working on games...
Admin
you mightr as well make it modable... because PC gamers are gonna mod it if the game gets popular and if you make it easy for them to mod it (and put proper protections in place so they can't play modded version against vanilla online but can go modded v. modded online) then the modders will help make your game even more popular!
Admin
Firefox's master preference file used to be a script (run in a sandbox); now it's just parsed text that looks like script. (The serialisation code hasn't changed.)
Admin
Paula doing her job would be the RWTF.
Admin
Well... QA is for assuring quality, QC (Quality Control) is who should actually be performing tests. This is a confluence that has plagued the software industry for most of my 35+ year career (damn, its soon to be 40!).
So when it comes to testing there are the questions of:
[QA "merely" verifies that the various processes are being properly followed]
To answer the above one needs to ask what type of tests...
To hear more, come to South Florida Code Camp this Saturday!!!!!
Admin
Not at all uncommon for Tclers like dkf and myself to source s script for configuration purposes. We tend to call those configuration files regardless of what you might want to call them.
Admin
Admin
That only helps in implementing the mechanical part of the manipulation. You still need knowledge about what the code does, and when the code can do arbitrary things, you are limited in being able to interpret it without executing it (and modify it in a way that doesn't break it, but implements the changes you want). So no, this is hard and error-prone, even if you're using a Lisp.
Plus it makes no difference for interop from other languages.
Admin
I've never actually seen any code writen in Tcl, so I shall not disagree with you.
agree for most cases, only exception being games like league of legends, that are meant to play online and would be a nightmare to manage mods.
Admin
That's the problem with dynamic typing and everything being an S-expression: the AST itself holds no useful information that can be used to differentiate various types of expressions/statements. Lisp was created back when the science of parsing was in its infancy, so they essentially punted on the hard questions and did the simplest thing that could possibly work. But what that means is that the AST does not have all the built-in contextual data that modern languages give you, essentially for free, and you're forced to do a lot of the compiler's work for it.
True enough. Depending on your point of view, though, you might call that "a feature, not a bug." :PAdmin
It tends to not cause most people problems, so it rarely crops up here. :)
Admin
Admin
Or, you know, you could just use a normal text format and an out of the box serializer. Then just validate already parsed values... nah, that would be crazy.
Admin
Admin
Nah, a csv should suffice :trolleybus:
Admin
It's not the difficult part. It only makes parser interface different.
Or, you know, use JSON (or s-exprs without eval or whatever other data interchange format) which is trivial to parse and manipulate, avoids all of these issues, doesn't require implementing any DSLs and has existing well-tested implementations. Especially that you're going out of your way to use a very limited subset of your language and therefore nullify any benefit code-as-config might have (no, using the same or similar syntax is not important at all, it's all about arbitrary logic).
Admin
Admin
Pretty much all the EDA software I've used daily for at least the last 15 years or so uses Tcl as its scripting language, including configuration. Even your saved application state — what windows are open, what's in each window, etc. — is a Tcl script; you restore your session by File -> Run script... ->
foo_debug.tcl. You can go, and I have gone, in and edit the save file to, say, add stuff to be debugged to your current session rather than closing everything and restoring some other session.Admin
The only problem it generally causes for me is that I use it so infrequently that I don't remember its syntax. However, since my most common use is to modify a machine-generated configuration script to remove stuff I don't need, it's not really a problem.
Admin
Admin
You mean the Source Engine mutators? those are awesome. thats an example of multiplayer mods at least partially well done.
Admin
I didn't know @Remy was @Accalia...