- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
Googling "dreamweaver page site:thedailywtf.com" should find what you're thinking of.
Admin
Which I tried before my frist post about this, but it didn't seem to. Or, the bug may have been buried in a bigger discussion, but I didn't wade in very deeply, so maybe I missed it in there.
Admin
Yes, and? The scan will stop at that position, nothing more. At least it won't segfault. It is furthermore irrelevant if the file is memory mapped or accessed with I/O commands. If the file is wrong, it is wrong and the program may behave sanely or be completely insane. The problem of the 8K bug is that it crashes the program with a file that is completely OK. In the article a css file, in my case it was sgml files.
Admin
Admin
You do realize that when C was created, 8K was a fairly typical size for the entirety of RAM, right? So yes, an extra 4/8 bytes per string was significant. At that time the length field probably would have been another 8-bit integer (as it was in Pascal), meaning strings longer than 255 bytes would not be supported. So no, length-prefixed was not "obviously" better in the context in which the language was designed.
Someday in the far future I'm sure TDWTF will host discussions of people claiming that UTF-128 is so "obviously" superior to ASCII that 20th century designers must have been complete morons not to have implemented it first and avoided the whole ridiculous mess of encoding schemes. And it goes without saying that the length prefix needs to be at least 128 bits so that each volume of the entire glorious Vogon collection of epic poetry can be represented in a single string.
Admin
There may be a "Someone didn't get the joke" badge in your future.
Admin
That's much worse than a segfault IMO.
I'm not saying that programs that something like that necessarily have the above bug -- that's why I said that reading in a file and immediately starting to do crap with C string functions is a smell and not an outright error.
If you're saying that the UI code should check for NULs, then that's great; I agree that's a fine solution. I'm just saying you can't just *mmap* a file and pretend it's a string without looking first. (Or that if you do, it's a big smell.)Admin
CROMEMCO really was one of the coolest tech company names ever.
Admin
Possibly, but not "obviously". :-)
Admin
But still pretty bad. At best you might be missing some user's data. At worst you could have a gaping security hole. One SSL library (can't remember which) once had a bug where it didn't handle embedded NULs in certificate subject names properly, so if a website presented a certificate saying it was "
google.com\000evilhax0rsite.ru", the SSL library would pass validation for google.com, and suddenly the user is susceptible to a MITM attack.Admin
It's not even an extra 4/8 bytes. It makes substring an O(1) operation that allocates exactly two words of memory.
Admin
makes string concatenation more interesting though.
not unsolveably so, but interesting is interesting.
Admin
Admin
Admin
project.1,project.2,project.working, etc. basically everyone will raise their hand;I spent about 20 minutes talking about and giving a demo of it in an early class and wrote up a guide that tries to cover SVN/Git/Hg in one shot for someone who hasn't used any VCS, which I haven't really seen elsewhere (though probably there is one somewhere). I've considered requiring it but have shied away from it for a couple of reasons...
Admin
My college didn't, but we had VMS, which has a crude system-wide pseudo-VCS, in that it automatically versions every single file whenever you edit it, appending a ;n to the file name, where n is a sequentially-numbered integer.
then the problem was you had to learn how to purge old versions due to the tiny disk quota we were allocated.
Admin
In the course I am currently in (literally, I am in class right now), the assignments are bare git repositories with Eclipse projects in them that we have to clone over ssh. When class starts on the day the assignment is due, we lose write access to our repositories.
Admin
TRWTF is requiring to use Dreamweaver ... shittest editor ever.
Admin
That's great! I would go a step further and work only with pull requests and code reviews by teacher, students or assistants.
Admin
Source control is a fine art and I think is more important than some of the other subjects taught. Also "build systems" aren't every taught. There has been weeks wasted in the company by people trying and failing the following the "setup doc".
I don't have a project on my machine that isn't in source control anymore.
Admin
I, at least, had basic Makefiles in my 101 classes -- had I had my dibs, Mercurial would be in there as well, since it's well-suited for individual use and will go with you wherever you go.
Admin
I think the idea of a "build system", "automated testing" and source control relate very close together. I wasn't exposed to these things via University and only because I have mucked around with things like ports and git did the picture start fitting together for me.
Admin
Except if someone else opens the same file with some extra length, and wrote garbage into the trailing data. I've seen this happen on linux: If you mmap() an empty file, and write to it, mmap() in another process and read, you see that data. Probably not guaranteed, but at least it is possible.
Just don't use str*() functions on anything if you're not sure about nulls.
NO. Don't do this. Ever. If it's not there your strlen() will read past the end of the buffer, potentially you know the drill.
Use memchr() instead.
Admin
Unit testing is for increasing confidence, and that's just as valid for 3rd party software as it is for 1st party. Unit test anywhere the increased confidence provides more value than the cost of writing the tests.
Unit tests are also useful in bug reports both as an executable specification and as a clear and unambiguous statement of intent.
Admin
In general...you'll have build systems almost no matter where you go (unless you rely on an IDE to do all that for you, but you'll still have one then), source control in many places (TRWTF is the place that lacks it), and automated tests in places that actually care + have code that's testable -- many legacy codebases are simply too tangled for unit testing.
Admin
Admin
that....makes a lot of sense actually....
Admin
It's odd, though, because you can tailor it for build systems too precisely. I've used C# with Git, Subversion, TFS, VSS, SourceOffSite, and a couple of other VCS systems, but I've never used Java.
Admin
Ah hell. A new machine setup here can only be accomplished via sneaker-net. Because not everything is in git. And working on Windows in a Mac-shop sucks. (network == googledocs)
Admin
Admin
The attitude that I have encountered in most places I have worked is one of "there is this box and if it is configured just right, you build onto it and then you kinda tweak the settings until it works" and other braindead methods.
Admin
That sums up what the $vendor I deal with does...
Admin
So you went to college in the 80s... we actually still use the VAX for many of our projects.
Admin
Reality is somewhere between these two extremes. There are only two commas missing, one require and one optional but helpful:
The first one is required; without it, the sentence is a run-on sentence. The second one separates a somewhat parenthetical remark (explaining why you haven't encountered source control) from the statement it is explaining. It's grammatically optional, sort of, but it helps break the complicated sentence into smaller, more digestible pieces.Admin
You can set initial conditions and run a specific test. Also I wasn't necessarily thinking 3rd party == program, I was also thinking 3rd party == library.
Surely you know what resources it uses? Filesystem, network, etc?
But you can report it.
A list of steps isn't executable (by a computer). If it is executable it's code and a unit test.
That vendor is a dick. Dump them. The unit test (bash script) is the documentation for the reason to dump them. You didn't create the bug by unit testing.
Admin
When I say taught, some developers don't seem to ever grok that having a repeatable process that works by firing off a script of some sort is a really essential. Most of my "build" scripts are nothing more than a git pull then running a tool like npm/nuget/composer etc and then setting the right config values.
I have worked too many places now where nobody understands how the build really works and things have to be set and installed manually on the deploy target before anything works at all.
Admin
Posting from Windows Phone where selecting text on Dicksource is virtually impossible, so numbers instead of quotes.
Unit testing third party library is as pointless and impossible as third party app.
No, you don't know what resources and in what way it uses. You don't have the source code. You can't know if it doesn't for example checks 185736th byte of /dev/sda for some magic value.
You can bug report with list of steps too. It's also far more common.
Bug reports should be human-readable, not machine-readable.
It's not up to me to decide.
Admin
Admin
That thread crashed because of an 8192 byte comment in it.
Admin
I'm feeling lazy, so:
Admin
Admin
That's all I could get in my attempted quote just now. It's a really annoying bug, especially when the devs have decided that the tiny "quote full post" button takes up too much space to appear in the mobile view.
With that and the random jumps up the page on load, using the forum on WP8 is a real chore.
Admin
It's Discodiscoverable, but if your problem is not seeing the "quote reply" button, you can select text and just click the main reply button to the post. Of your problem is that you can't reliably select text on WinPhone, you're buggered
Admin
Yeah, text selection is broken. Only on Discourse though (of course).
Admin
I have no idea how they'd manage that, but I'm not surprised
Admin
In Android + Discourse, when trying to paste something, instead of placing the cursor and showing the button (standard), it makes a random selection and shows the button. So you have to make sure to leave some white space to allow for the pasting to work.
Only with Discourse I've seen this behavior.
[image]Admin
I've documented the problem here now.
Admin
That doesn't sound right to me. You at least have an expectation of inputs and outputs. When it has to be upgraded due to some security thing or other dependency run around, at least you have something that will confirm that your expectations are correct.
There are two reasons that a test like this is valuable to me:
The black boxiness of the third party code doesn't change any of that.
Admin
For me, automated software testing has the following goals:
None of the above is possible if you can't modify the product.
Admin