search of the:   for: 
code logs -> 2015 -> Thu, 26 Mar 2015< code.20150325.log - code.20150327.log >
--- Log opened Thu Mar 26 00:00:01 2015
00:11 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has joined #code
00:11 mode/#code [+o thalass] by ChanServ
00:20 Red_Queen [Z@Nightstar-484uip.cust.comxnet.dk] has joined #code
00:20 mode/#code [+o Red_Queen] by ChanServ
00:25
<&ToxicFrog>
McMartin: er. Isn't LXDE a DE, not a distro?
00:25
<&McMartin>
Yes.
00:26
<&McMartin>
That was a mistype above, probably influenced by the fact that back when I was using Xfce the only way to actually get easy access to it was with a blend/spin/custom subdistro.
00:34
< [R]>
No Xbuntu?
00:43
<&McMartin>
That would be a "custom subdistro"
00:44
<&McMartin>
And Xubuntu faded away, I thought.
00:46
< [R]>
I thought it was an official subdistro?
00:47
<&McMartin>
I guess? But the point is still standing exactly?
00:47
<&McMartin>
"It was a totally different download with a different top-level name"
00:47
< [R]>
I suppose, but you could always either: A) uninstall the Ubuntu package installing the Xubuntu one or B) start from Ubuntu-Minimal.
00:48
< [R]>
(Last I checked, all the mirrors shoved all the isos for the same version into the same directory anyways)
00:48
<&McMartin>
(A) is a larger download to get a smaller footprint and (B) ANAICT is "building a custom distro on your own"
00:48
< [R]>
But yeah, there is a lack of XFCE focused distributions.
00:48
<&McMartin>
But yeah, you said "I wanna install Xubuntu" and that was not the same clicky as "I wanna install Kubuntu" nor "I wanna install Ubuntu"
00:49
< [R]>
*shrugs*
00:49
< [R]>
Things changed on me
00:50
<&McMartin>
It's been a v. v. long time since I've had to bother
00:52
<&ToxicFrog>
I believe SUSE lets you pick XFCE at install time, but don't quote me on that
00:52
<&ToxicFrog>
I've been running Tumbleweed so long my memories of the SUSE installer are vague
00:53
<&McMartin>
Yeah, that's the right way to do desktop picks if anyone ever cares about it
00:53
< [R]>
I think Lunar did too.
00:53
< [R]>
But Lunar was weird in other ways. Thanks for defaulting to have /everything/ beep the most it possibly could.
00:55
<&ToxicFrog>
Hee
00:55
<&ToxicFrog>
I liked Lunar as a concept, it did the whole source-based distro thing a lot better than Gentoo, but the community/repos were too small.
00:55
< [R]>
What specifically did you like about it?
00:56 * [R] liked the fact that it actually installed (whereas it took me a while before I could get a working Gentoo install)
01:05
<&ToxicFrog>
The package-management tooling and installer are way more polished and there are no immediately obvious trainwrecks like $USE.
01:06
<&McMartin>
God damn
01:06 * McMartin is still bitter
01:07
<&ToxicFrog>
About gentoo?
01:07
<&McMartin>
$USE specifically
01:07
<&McMartin>
But yeah
01:07
<&McMartin>
I used gentoo for like three years and then switched to, IIRC, Fedora Core 3
01:07
<&McMartin>
Which was a trainwreck
01:07
<&McMartin>
And SO MUCH BETTER
01:08
<&ToxicFrog>
Yeah that tracks my experience with Gentoo pretty well
01:08
<&McMartin>
I must conclude that in fact I never got Gentoo working properly at all
01:08
< [R]>
How's USE a trainwreck?
01:08 * [R] hasn't gotten heavy into Gentoo.
01:08
<&ToxicFrog>
Except I switched from some Fedora version to Gentoo to see what the fuss was all about, went "lol people actually use this?", and switched back, more or less.
01:08
<&McMartin>
Imagine if, whenever you installed a package in Debian, you had to manually set all the configure flags
01:08
<&ToxicFrog>
[R]: it's a single huge flat namespace containing every configuration variable for every package on the system with no standards or commonly-used conventions
01:09
<&McMartin>
And that no attempt was made to keep them consistent across each package or sensible across updates
01:09
<&McMartin>
Also imagine the defaults broke core functionality, and that *no* settings existed that didn't break *some* core functionality.
01:09
< [R]>
wat
01:09
<&McMartin>
Yeah.
01:09
<&McMartin>
Yeah.
01:09
<&ToxicFrog>
There is no guarantee that the defaults for any given package make any goddamn sense whatsoever, and it also mixes general settings, installer-specific settings, and package-specific settings
01:10
<&McMartin>
Specifically, there was a flag that, when set, replaced all strings with wchar_t. Several packages needed it set to compile at all, and then wouldn't run since their dependencies were of course not compiled to do that.
01:10
<&ToxicFrog>
So you end up with, say, "XOrg" means "build and install X.Org when installing the OS", "X" means "build programs with X support where possible, except in places where the package maintainer forgot to respect this flag"
01:11
<&ToxicFrog>
But "X11" means "build this specific program you've never heard of using the X11 UI rather than the Curses or SDL one"
01:11
<&McMartin>
(wxWidgets, I believe, was the one with the epic unicode nothing-works-anywhere-ever-including-copy-pasted-hello-world-samples-from-the-d ocs issue)
01:12
<&Derakon>
wxWidgets' relationship with unicode is complicated~
01:13
<&McMartin>
And by "complicated" I mean "wrong"
01:13
<&McMartin>
"senselessly aping the Win32 API, incorrectly"
01:26 * thalass played with kubuntu today in liveusb. whee
01:31
<&McMartin>
I need to whip up some distro-test VMs.
01:33
< [R]>
Looking for a new distro?
01:33 * [R] is getting in CRUX.
01:34 * [R] is also really hating that most new news-worthy distros are just Ubuntu-forks (that take way to long to discover that they have that disease in them)
01:37
<&ToxicFrog>
I'm still quite happy with SUSE.
01:45
<@Shiz>
~disease~
01:46
<@Shiz>
McMartin: to your gripes with gntoo i say CANTREPRO WORKSFORME
01:46
<@Shiz>
use flags are sensible by default here
01:46
<@Shiz>
then again i've also never seen a char <-> wchar_t useflag
01:51
<@Shiz>
but these are more recent times of course
02:02
< Reiv_>
Man, are there any Linux distros that do not rapidly turn crap?
02:02
< Reiv_>
I remember the days of Fedora, but I get the impression that unless you're Big Business you wouldn't go near it with a ten foot pole these days
02:03 * [R] is hoping CRUX
02:03
< Reiv_>
[R]: What's wrong with Ubuntu, in all seriousness?
02:03
< [R]>
Of course people have different requirements for the status of "crap". Arch Linux is more popular than it ever was, and IMO it's crap now.
02:03
< Reiv_>
It clearly suffers from the More Than Five Years Old stench, but beyond that?
02:04
< [R]>
Reiv_: Not Ubuntu specifically, but deb/dpkg.
02:04
< [R]>
Also the general package layout for any distro that uses it.
02:04
< Reiv_>
Does this matter at a level beyond developers?
02:05
< [R]>
?
02:05
<@thalass>
I quite liked crunchbang, when I was using a netbook and before it was discontinued.
02:07
<&ToxicFrog>
[R]: "is this something end users, as opposed to package maintainers, need to care about"
02:07
<@thalass>
Reiver: This is a channel full of developers (other than me), so probably?
02:09
<~Vornicus>
debian, uh, how do I put this
02:10
<@Shiz>
arch always was crap
02:10
<@Shiz>
debian has gone off the bad end too
02:11
<@Shiz>
but that started with the introdution of their broken multiib gcc patches
02:11
<@Shiz>
so debian-gcc can't build upstream gcc anymore
02:12
<~Vornicus>
there's a common thread among apt-based systems where you end up with multiple packages for a single piece of software in different versions
02:12
< [R]>
1) the entire system has way too many binaries full of a hundred options, either have a single entry point, or have entry points that do much simpler things. 2) Building a package is bullshit complicated compared to every other system. 3) Ubuntu specifically fucks things further by making the default be "install suggested packages as if they were manditory" 4) Some packages (postfix) had blocking CUI scripts run on install (which made synaptic wait days to
02:12
< [R]>
complete a system upgrade) 5) Some packages have the sane upstream defaults completely fucked up (AIDE) while the manual page doesn't mention the damage, requiring the user to trial-and-error to get the package working.
02:14
<@Shiz>
if i may play the devil's advocate
02:14
<@Shiz>
i fail to see why 1) is ubuntu's fault, and 2) goes for a lot of binary distros
02:14
< [R]>
I'm not laying blame on Ubuntu, Ubuntu merely made the disease much more popular.
02:15
< [R]>
#3 is the only thing that is Ubuntu-specific.
02:15
< [R]>
I should've perhaps said Debian rather than Ubuntu earlier.
02:15
<@Shiz>
 ~Vornicus â there's a common thread among apt-based systems where you end up with multiple packages for a single piece of software in different versions
02:15
<@Shiz>
that is some of the real sad stuff
02:15
<@Shiz>
apt still has no thing similar to version slots
02:16
<@Shiz>
instead you get weird package names with sometimes the version as part of and sometimes not
02:17
< [R]>
Is there a package manager that actually does versioning?
02:17
<@Shiz>
portage
02:17
<@Shiz>
at least, it has version slots
02:17
<@Shiz>
which are useful
02:18
<@Shiz>
https://up.shiz.me/YTI0Zjc3.png
02:18
<@Shiz>
the saperate lines are versions belonging to separate version slots
02:18
<@Shiz>
the version with the green bg is the currently installed version
02:19
<@thalass>
So... #code is making their own distro?
02:20
< Reiv_>
gods no
02:20
< [R]>
I've been tempted so many times.
02:20
<@thalass>
I would totally support it, if it had a LCARS interface.
02:21
<@Shiz>
all distros suck, and the distro we would come up with would suck even more
02:22
< Reiv_>
Not least because we wouldn't agree on which bits sucked :p
02:22
< [R]>
Yup
02:29
<@thalass>
haha
02:38
< Reiv_>
To confirm: "1 â 3.3 x10^-(17) of the speed of light" is saying 0.9999999999999999966c or something, right?
02:41
<~Vornicus>
yes
02:41
<~Vornicus>
that's rather close to the speed of light
02:44
< Reiv_>
Yes, and thus while fascinating I think it is one particular fascinating relativistic effect that I can safely ignore for my spaceship game, however ¬¬
02:45
< Reiv_>
(To whit, you get that fast, you start running into drag from *cosmic background radiation*)
02:48
<~Vornicus>
That's some serious drag
02:50
<~Vornicus>
Things I have discovered: "Minsky also invented a "gravity machine" that would ring a bell if the gravitational constant were to change, a theoretical possibility that is not expected to occur in the foreseeable future."
02:56
< Reiv_>
... whut
03:01
<~Vornicus>
I don't know, I've gotten nowhere finding it but part of that is I'm coding
03:01
<~Vornicus>
and thus cannot be bothered
03:02
< Reiv_>
You're coding?
03:02
< Reiv_>
Vorn codes?
03:03
< Reiv_>
What does Vorn code?
03:13
<~Vornicus>
I'm writing a scenario lister for my ncaa bracket thingy
03:14
<~Vornicus>
specifically I want to run over all 2^15 possible outcomes of the remaining ncaa tournament games and determine what person in the bracket pool wins for each one.
03:15
<&McMartin>
19:09 <@Shiz> that is some of the real sad stuff
03:15
<&McMartin>
Added to this is "And legions of fans who insist that this is an advantage"
03:15
<&McMartin>
Re: Fedora: Fedora != RHEL. RHEL is the one for enterprise users.
03:16
<&McMartin>
Fedora is intentionally bleeding-edge, and it's actually regularly more up-to-date for shit I care about than Debian unstable
03:16
<&McMartin>
Granted that I care about weird things
03:18
<&McMartin>
(like gambc)
03:18
<&McMartin>
(Which is six minor revisions behind which is enough to not support the standard make recipes)
03:19
<@Shiz>
latest version here is 4.7~
03:25
< Reiv_>
Vornicus: Do you, in fact, *have* to do 2^15 calculations
03:25
< Reiv_>
Because you could do it in just half the time if you could do it in 2^14!
03:30
<&McMartin>
Shiz: Yep, that's what Fedora has too
03:30
<&McMartin>
Debian and its derivatives are still on 4.2.8
03:30
<&McMartin>
Which doesn't take the -exe linking argument, which is kind of lame
03:32
<&McMartin>
2^15 is... not actually a lot of calculations?
03:35
< Reiv_>
McMartin: c'mon, the joke wasn't /that/ stratospheric was it
03:39
<&McMartin>
The last time I was talking about doing 2^15 calcs people were proposing all kinds of implausible operations to cut that down
03:40
<~Vornicus>
It's not
03:40
< Reiv_>
Oh
03:40
<~Vornicus>
It's just, Excel can't handle it
03:40
< Reiv_>
Wheras I was making a lame mathematical joke~
03:45 * Vornicus gets scoring working correctly...
03:50 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has quit [Operation timed out]
03:51
<~Vornicus>
Done.
03:51 * Vornicus unleashes an army of robots, gets his answer in about 10 seconds
04:06 Derakon is now known as Derakon[AFK]
04:15 Red_Queen [Z@Nightstar-484uip.cust.comxnet.dk] has quit [Ping timeout: 121 seconds]
04:57 macdjord|wurk is now known as macdjord
05:01 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has quit [[NS] Quit: Leaving]
05:07 AverageJoe [evil1@Nightstar-pqipp9.sd.cox.net] has joined #code
05:40 kourbou|zzz [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
06:02
<&McMartin>
Woot. Finished implementing all my Mega Man password generators.
06:03 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
06:14
< AverageJoe>
wha
06:16
<&McMartin>
As a callow youth I cracked all the password systems for the NES Mega Man games. A couple even made it into Nintendo Power.
06:16
<&McMartin>
As a more cunning young man I was finally good enough to also crack Mega Man 7's significantly more sophisticated systems.
06:17
< kourbou>
lol
06:17
< kourbou>
Sounds fun.
06:17
<&McMartin>
And now as I enter my dotage I figured I'd take the old article I wrote on how to do it and implement it in JS.
06:18
<&McMartin>
https://github.com/michaelcmartin/megaforge/blob/master/algorithms.txt is the old article.
06:18
< AverageJoe>
a 6502 debugger is built into fceux (nes emulator) as well as a live memory viewer
06:18
< AverageJoe>
makes cracking games easy for nes
06:18
< AverageJoe>
or making all kinds of weird shit happen
06:18
<&McMartin>
Yeah
06:19
< AverageJoe>
cuz you can edit that memory too
06:19
<&McMartin>
That's actually how we'd cracked 7 (albeit with ZSNES's debugger) but we ended up in a place where we had a password that could not be generated by the rules it followed but which was accepted anyway.
06:19
<&McMartin>
This stuff here though is all brute-force blackboxed with no tool more sophisticated than save/restore state.
06:19
<&McMartin>
Well
06:20
< AverageJoe>
zsnes has the debugger huh? snes9x's a litle lacking
06:20
<&McMartin>
"Brute-force blackboxed" after investigation of generated passwords under specific conditions to run experiments
06:20
<&McMartin>
This was in like 1998, man, my memory isn't *quite* that solid
06:20
<&McMartin>
We might actually have been memlocking the *emulator's simulation of the RAM* with a Windows-level debugger
06:21
<&McMartin>
We'd worked out most of the MM7 technique back then but we didn't work out a few crucial facts that I then deduced late last year
06:21
< AverageJoe>
that works too
06:22
<&McMartin>
That was enough to fire up an emulator and reverse engineer the rest of the system from the outside in with experimental password guessing.
06:22
<&McMartin>
(The only bit we hadn't worked out was the way the checksum bits worked)
06:31 kourbou|phone [holoirc@Nightstar-a84.igd.160.37.IP] has joined #code
06:32 kourbou|phone is now known as kourbou|school
06:33 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Ping timeout: 121 seconds]
06:33 kourbou|school [holoirc@Nightstar-a84.igd.160.37.IP] has quit [Connection closed]
06:35 Kindamoody[zZz] is now known as Kindamoody
06:38 Kindamoody is now known as Kindamoody|out
07:04 AverageJoe [evil1@Nightstar-pqipp9.sd.cox.net] has quit [[NS] Quit: Leaving]
08:00 celticminstrel [celticminst@Nightstar-gmujup.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!]
08:25 Vash [Vash@Nightstar-uhn82m.ct.comcast.net] has quit [Connection closed]
09:18 macdjord is now known as macdjord|slep
10:15
<@Tarinaky>
Another air crash. :/
10:15
<@TheWatcher>
Another far east airline?
10:15
< abudhabi>
And people wonder why I ain't gettin' on no plane, Hannibal.
10:20
<@TheWatcher>
Oh, no, german.. although apparently murder-suicide rather than unanticipated spontaneous exothermic disassembly
10:23
<@Tarinaky>
Murder-suicide is a bit of a jump.
10:24
<@Tarinaky>
The facts as of yet is that one of the cabin crew were locked out of the cabin, and there was no response from inside.
10:30 * TheWatcher sighs, sets about trying to fix all these 'Possible precedence issue with control flow operator' warnings
10:55 Red_Queen [Z@Nightstar-484uip.cust.comxnet.dk] has joined #code
10:55 mode/#code [+o Red_Queen] by ChanServ
11:02 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has joined #code
11:02 mode/#code [+o thalass] by ChanServ
11:23 Red_Queen is now known as Checkmate
12:14
<@Tarinaky>
Hunh. Apparently murder-suicide is looking quite likely.
12:14
<@Tarinaky>
http://www.bbc.co.uk/news/world-europe-32063587
13:01 celticminstrel [celticminst@Nightstar-gmujup.dsl.bell.ca] has joined #code
13:01 mode/#code [+o celticminstrel] by ChanServ
13:08
<@Wizard>
int t() { void ((*volatile p)()); p = (void ((*)()))InitializeMagick; return 0; }
13:18
<@Wizard>
I apologize in advance for this, it will be ten lines
13:18
<@Wizard>
13: /*top*/
13:18
<@Wizard>
14: int t() { void ((*volatile p)()); p = (void ((*)()))InitializeMagick; return 0; }
13:18
<@Wizard>
15: int main(int argc, char **argv)
13:18
<@Wizard>
16: {
13:18
<@Wizard>
17: if (argc > 1000000) {
13:18
<@Wizard>
18: printf("%p", &t);
13:18
<@Wizard>
19: }
13:18
<@Wizard>
20:
13:18
<@Wizard>
21: return 0;
13:18
<@Wizard>
22: }
13:19
< EvilDarkLord>
I didn't want to interrupt, but next time, use pastebin.
13:19
<@Tarinaky>
Or gist.
13:19
<@Wizard>
I'm sorry, my frustration got the best of me
13:20
<@Tarinaky>
I have literally no idea what line 14 is doing.
13:20
<@Tarinaky>
I suspect something evil and smelly.
13:20
<@Wizard>
You would be correct
13:20
<&ToxicFrog>
It's function pointer wackiness.
13:21
<@Tarinaky>
Yes.
13:21
<&ToxicFrog>
This is something demonstrating a stack whack if you pass a completely insane number of arguments to main or something of that ilk, isn't it?
13:26
<@Wizard>
ToxicFrog: As the name may suggest through the strange spelling
13:26
<@Wizard>
This is imagemagick source code
13:26
<@Wizard>
I'm fairly open to the function pointer hijinx, what mainly confuses me is how you get argc to surpass one million
13:30 * TheWatcher greps the imagemagick source
13:31
<@Shiz>
Wizard: my guess is
13:31
<@Shiz>
it prevents the InitializeMagick symbol from being optimized out by the compiler
13:31
<@Shiz>
by assigning it to a volatile variable
13:31
<@Shiz>
literally all i can think of
13:31
<@TheWatcher>
Uh, where in the source? Doesn't appear in the 6.9.0 source
13:31
<@TheWatcher>
Not that I can see
13:32
<@Wizard>
It may be rmagick source in that case
13:32
<@Wizard>
This log file is not very clear on the matter
13:32
<@Shiz>
https://github.com/rmagick/rmagick/search?utf8=%E2%9C%93&q=1000000&type=Code
13:33
<@Wizard>
Alright, time to grep
13:33
<@Shiz>
 found something
13:33
<@Shiz>
oh
13:33
<@Shiz>
it's just a configure checker
13:33
<@Shiz>
it checks if the symbol exists
13:34
<@Shiz>
http://pastie.org/pastes/1293008
13:34
<@Shiz>
see line 51
13:34 * TheWatcher nods
13:35
<@Wizard>
Ohh
13:35
<@Wizard>
Alright, gotcha
13:35
<@Wizard>
Cheers ( ââ¿â)
13:35
<@Shiz>
i agree it's an odd way of doing it
13:35
<@Shiz>
my configure.prelude does the same but easier
13:35
<@Shiz>
sadly i lost the source code
13:37
<@Wizard>
Well, learn something new every day
14:23
<@Tarinaky>
http://blog.shelter.org.uk/2015/03/the-5-most-ridiculous-properties-of-2015-so-f ar/
14:40
<@Shiz>
why does that site have no css
14:41
<@Tarinaky>
Not sure.
14:41
<@Tarinaky>
They might be experiencing a demand issue.
14:41
<@Tarinaky>
Since it's trending on the facebooks.
14:41
<@Shiz>
no, their stylesheet is just a 404 it seems
14:45
<@Tarinaky>
No idea then.
15:23
<@Wizard>
Someone goofed, I presume
15:43
<@gnolam>
Glagharhgl
15:43
<@gnolam>
Time to break out the Code Scotch. :P
15:44
<@gnolam>
(Qt's stylesheets = pain)
15:44
<@TheWatcher>
I was about to ask whether you knew gaelic..
15:46
<@gnolam>
("Glengoolie. For the best of times.")
16:34 macdjord|slep is now known as macdjord|wurk
16:55
<@iospace>
... I what
16:56
<@iospace>
so, in this code, there's an "if (foo < -1)
16:56
<@iospace>
so, in this code, there's an "if (foo < -1)" statement. right after that, inside that if is "if (foo == -1)". I'm like "You can never get there" Dx
16:56
<@gnolam>
Race condition.~
16:57
<@iospace>
this is single threaded here
17:01
<@TheWatcher>
for small values of -1~
17:02
<@iospace>
TheWatcher: this is an int, not a float
17:03
<@iospace>
either way, this codebase is crap
17:21
<@thalass>
Afternoon, all. I've found my concentration background noise thing, after all these years: http://mynoise.net/NoiseMachines/spaceshipNoiseGenerator.php
18:30 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has quit [Ping timeout: 121 seconds]
18:48
<&McMartin>
Hey, uh, TW
18:48
<&McMartin>
Take a look at eternity.obsidian.net
19:16
<&ToxicFrog>
Heee
19:17 Vash [Vash@Nightstar-uhn82m.ct.comcast.net] has joined #code
19:17 mode/#code [+o Vash] by ChanServ
19:44
< abudhabi>
XFCE seems a lot friendlier than LXDE.
19:45
<&McMartin>
That's good. How is it on size and speed?
19:51
< abudhabi>
It's not noticeably slower than LXDE, and it's like maybe twice as big unpacked.
19:52
< abudhabi>
I like how I can choose my DE at login in Mint.
20:00 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
20:02
<&ToxicFrog>
abudhabi: er...that's been a standard feature of every LM except xdm for like five years now
20:02
<&ToxicFrog>
If not more
20:03
<&McMartin>
I don't know about standard but yeah, it's been an option for awhile as long as you know exactly which things to install and configure
20:03
<&McMartin>
And where it's hiding
20:04
< abudhabi>
The last Linux I've used was Debian, and that was years ago.
20:05
<@TheWatcher>
McMartin: ... well now I know who to blame for the insomnia!
20:07
< kourbou>
Does anyone have a simple example of a dynamic allocator in c++?
20:08
<&McMartin>
Uh, besides "calling new"?
20:08
< kourbou>
Oh. lol
20:10
< kourbou>
Nevermind. Find what I was looking for. :P
20:10
<&McMartin>
I mean, sometimes people write their own memory managers - OpenSSL infamously did, which is why Heartbleed wasn't detected by automated tools - but dynamic allocation AIUI is just "grabbing the RAM at runtime as needed"
20:10
< kourbou>
Found*
20:10
< kourbou>
Ah OK. I thought it was more complex.
20:10
<&McMartin>
It can be as complicated as you want
20:11
< abudhabi>
Anyone know how to fix the missing notification area icons in XFCE?
20:11
<&McMartin>
And if the question is "how do you go about actually implementing malloc()", that's an entire class worth of stuff
20:11
< abudhabi>
Skype and Dropbox and stuff are running, but they're absent from that field.
20:11
< kourbou>
So that's heartbleed started? wow
20:11
< kourbou>
I'm curious now. *googles heartbleed*
20:12
<&McMartin>
So, there are tools that will automatically trap when you go outside of memory the OS has set for you
20:12
<&McMartin>
Those didn't find heartbleed (a go-outside-of-memory bug) AIUI because OpenSSL grabs a bunch of memory at the start and subdivides it as needed on its own
20:12
<&McMartin>
So that meant that those tools didn't see it leave that bunch of memory and said "all clear"
20:13
< kourbou>
Oh I see. Sort of like "secret memory"?
20:13
<@celticminstrel>
It still does that?
20:14
<&McMartin>
celticminstrel: I'm specifically talking about the heartbleed bug and how it went unnoticed at the moment, so it's true as of like five years ago~
20:15
< kourbou>
So OpenSSL was totally vulnerable for a few years?
20:15
<&McMartin>
Yeah
20:15
<&McMartin>
Uh, while we're at it, bash was totally vulnerable for something like 25
20:15
< kourbou>
Hahaha. Wait what?
20:15
<&McMartin>
Also google "shell shock" :)
20:16
< kourbou>
lol I Googled "bash 25 year vulnerability"
20:17
< kourbou>
Also what are the chances that hackers found the HB exploit before it was patched?
20:18 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
20:18 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
20:18
< kourbou>
You were saying? My client crashed :(
20:18
<@Tamber>
1.
20:18
<&McMartin>
Heartbleed's severity was classified as "apocalyptic". A sizable fraction of the world's certificates were considered compromised as a result.
20:19
<@Tamber>
Basically, your average "everything sucks" bug~
20:19
<&McMartin>
(This isn't a joke; they really called it that)
20:19
< kourbou>
wow
20:19
<&McMartin>
Tamber: Kinda, but it actually *was* what they say everything is~
20:19
< kourbou>
Didn't know HB was this bad.
20:19
<&McMartin>
HB and SS were the two big ones
20:19
<&McMartin>
If you're running normal systems the autoupdaters caught it super-fast
20:19
<&McMartin>
It's if you're running servers/websites that it was panicmode
20:20
<@TheWatcher>
No kidding >.>
20:22
< kourbou>
lol they called it "Bashdoor". Clever name :3
20:22
<&McMartin>
Apparently there were a suite of issues around this
20:23
<&McMartin>
They all remind me of the format string attack, viz., the language should not permit this shit by default you twazzocks
20:23
<&McMartin>
I would like a --no-l33t-features runtime switch
20:24
< kourbou>
Heh
20:25
<@TheWatcher>
Yeah, my response when shell shock first hit was "why the fuck not just yank the code entirely, I mean whoever would even /use/ that feature?"
20:26
< Reiv_>
what was the feature?
20:26
< kourbou>
$ McMartin --no-l33t-features
20:26
<&McMartin>
Executable code in environment variables
20:26
<@Tamber>
TW: Inevitably some "critical infrastructure" will be relying on that feature. :(
20:26
<@Tamber>
Simply by its existence.
20:26
< kourbou>
^
20:26
<@TheWatcher>
Tamber: they can keep using CentOS then
20:26
<@Tamber>
:)
20:26
< Reiv_>
... executable code in enviroment variables how on earth is that a good idea
20:26
<&McMartin>
The %n argument in printf was when I originally made this observation
20:26
< Reiv_>
Is that so you can procgen your enviroment variables or something
20:27
< Reiv_>
%n ?
20:27
<&McMartin>
Hold that thought
20:27
<&McMartin>
I think it was to procgen them based on the system you just logged into
20:27
<&McMartin>
So one script could do different ("proper") things on multiple machines while being programmed remotely
20:27
< kourbou>
Do you have other epic cussing fails? XD teaches me stuff.
20:27
<&McMartin>
Because remotely programming systems is a feature and not the definition of pwnz0rship right.
20:27
< kourbou>
Coding*
20:28
<&McMartin>
I was just the other day recommending a teaching book on C++
20:28
<&McMartin>
Called "How Not To Program In C++"
20:28
< kourbou>
lol
20:28
<&McMartin>
It's aimed at skilled novices
20:28
<&McMartin>
But it's basically a puzzle book
20:28
<&McMartin>
It's great.
20:28
< kourbou>
Sounds good. I'll check it out.
20:28
<&McMartin>
"Find the horrible failure in this code"
20:28 * McMartin returns from interrupt
20:28
<&McMartin>
So, %n
20:28
< Reiv_>
McMartin: How did a feature like that show up without considerable scrutiny?
20:28
< Reiv_>
The moment I hear "Allows you to execute code remotely" I would be going "That sounds awfully lot like an attack vector"
20:29
<&McMartin>
1990 was a more innocent time.
20:29
<&McMartin>
This is the only real explanation I have
20:29
<@TheWatcher>
Part of it is probably that its age puts it back in the Simple Days, yeah.
20:29
< Reiv_>
... ah, actually, I can kinda believe that
20:29
<&McMartin>
%n is a thing you can put in printf format strings, like %d or %i
20:29
< Reiv_>
The Internet wasn't really a thing, people saw it and went "Oh, neat", the dude who wrote in presumably needed it for simplifying deployment, and...
20:29
<&McMartin>
Or %s
20:29
<@TheWatcher>
The other part is that the feature is was so obscure and arcane that pretty much nobody ever thought to check it
20:30
<&McMartin>
But while those all are "read an argument from the list, interpret it as an __________, and print it out"...
20:30
<@TheWatcher>
(other than the NSA, obv.)
20:30
<@Tamber>
Back when the Internet was that nice little neighbourhood filled with artists and hackers, before the assholes moved in with the burnt-out cars on blocks on the front lawn...
20:30
<@Tamber>
:p
20:30 * TheWatcher waves his cane
20:30
< kourbou>
xD
20:30
<&McMartin>
%n is "take the next argument on the arglist, treat it as a pointer to integer, and write the number of characters printed so far out to it"
20:30 Kindamoody|out is now known as Kindamoody
20:31
<&McMartin>
This is exploitable in roughly the same way SQL injection is.
20:31
< Reiv_>
... how on earth is that possibly considered a good idea
20:31
< Reiv_>
I mean, who *thought that one up*
20:31
< Reiv_>
That is, like, NSA-installing-vulnerabilities level crap
20:31
<&McMartin>
This way you don't have to allocate extra space for an in-memory copy of your string and save yourself a call to strlen!
20:31
< EvilDarkLord>
A guy who thought ahead and figured he'd be one of the black hats when he grew up~
20:32
< Reiv_>
McMartin: Is this, uh
20:32
<@TheWatcher>
Reiv_: Probably someone with a specific problem, who didn't follow through the implications. Or yeah, a deliberate backdoor.
20:32
< Reiv_>
Something so impossibly old
20:32
<&McMartin>
TheWatcher: To be fair
20:32
<&McMartin>
This is printf
20:32
< Reiv_>
That memory was an issue
20:32
<@TheWatcher>
True
20:32
<&McMartin>
So you're already writing in C
20:32
<&McMartin>
So lol to all notions of memory safety
20:32
<&McMartin>
Memory safety is a bug in the C spec, AIUI.
20:32
<@TheWatcher>
snrk
20:33
< EvilDarkLord>
Has this gotten ported when other languages have implemented their printf-likes?
20:33
<&McMartin>
EvilDarkLord: My understanding is no, because most other printflikes are actually either (a) println-alikes via Pascal, which don't do format strings and thus are fine
20:33
<&McMartin>
Or (b) sprintf-likes, which don't bother with this because you could, like, call strlen.
20:34
<&McMartin>
The attack relies on properties of C-style varargs that were, cough, not widely imitated
20:35
<&McMartin>
Reiv_: One mitigating factor for these is that unlike SQL injection, it's a lot easier to say "Any nonconstant format string is a bug, rewrite that code" and you can check that with a *lexer*.
20:36
<&McMartin>
Basically search for printf([\s*][^"]
20:36
<&McMartin>
Maybe some more \s*s in there
20:36
< Reiv_>
Truth
20:36
<&McMartin>
My REs are not swapped in right now
20:36
< Reiv_>
I wrote a regular expression the other day!
20:36
< abudhabi>
"Are you sure that you want to remove "Workspace Switcher"? If you remove the item from the panel, it is permanently lost."
20:37
< Reiv_>
It was seven characters long. It took me an hour. >_<
20:37
< abudhabi>
Does this ACTUALLY permanently removes the item forever without appeal?
20:37
< abudhabi>
-s
20:37
<&McMartin>
At this point you know more about Xfce in its modern incarnations than I do -_-
20:38 * abudhabi bites the bullet and cleanses the workspace switcher.
20:39
< kourbou>
What's AIUI?
20:39
< abudhabi>
As I understand it.
20:39
< kourbou>
Oh thanks. :P
20:40
<&McMartin>
That's what I meant when I used it up there
20:40
<&McMartin>
(Though that line was half joking)
20:41
<&McMartin>
(BUT ONLY HALF)
20:46 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has joined #code
20:46 mode/#code [+o thalass] by ChanServ
20:47
< abudhabi>
XFCE's interface for adding application launchers to the panel reminds me of Dwarf Fortress.
20:47
< kourbou>
lpl
20:47
< kourbou>
Lol
20:47
< abudhabi>
I mean, it can be used, and it makes sense for a certain perspective, but it makes me think that it was designed by a Martian.
20:48
<&McMartin>
I'm sorry I'm going to spend the rest of the day thinking "xterm is in a fey mood, demands bonobo leather trousers"
20:48
< kourbou>
Oh i thought the actual interface was in ncurses. XD
20:49
<&McMartin>
Nah, Xfce is a lightweight X desktop environment, but it's not *that* lightweight. :)
20:50
< kourbou>
:P
20:50
< abudhabi>
The way you do it is you RMB the panel, go to Panel Preferences, you add a Launcher, then you RMB the placeholder icon added to the panel, go to Properties, click the + button then select your application from the list.
20:50
< kourbou>
Well that's what I remember from dwarf fortress: the really really complicated ncurses UI.
20:51
< abudhabi>
Why couldn't the final list be on the first list (where the Launcher is located) is beyond me.
20:56 Alek [omegaboot@Nightstar-03ja8q.il.comcast.net] has quit [Ping timeout: 121 seconds]
21:16 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
21:16 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
21:19 Vashicus [Vash@Nightstar-uhn82m.ct.comcast.net] has joined #code
21:22 Vash [Vash@Nightstar-uhn82m.ct.comcast.net] has quit [Ping timeout: 121 seconds]
21:25 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
21:26 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
21:26 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
21:26 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
21:27 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has quit [Ping timeout: 121 seconds]
21:30 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
21:30 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
21:42 Vashicus is now known as Vash
21:42 mode/#code [+o Vash] by ChanServ
21:42 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
21:42 kourbou [holoirc@Nightstar-deqg8j.fbx.proxad.net] has joined #code
21:44 kourbou is now known as kourbou|willdc
21:44 Kindamoody is now known as Kindamoody[zZz]
21:47 kourbou|willdc [holoirc@Nightstar-deqg8j.fbx.proxad.net] has quit [Connection closed]
22:00 Alek [omegaboot@Nightstar-03ja8q.il.comcast.net] has joined #code
22:00 mode/#code [+o Alek] by ChanServ
22:18 Vornicus [vorn@ServerAdministrator.Nightstar.Net] has joined #code
22:18 mode/#code [+qo Vornicus Vornicus] by ChanServ
22:26 VirusJTG_ [VirusJTG@Nightstar-6i5vf7.sta.comporium.net] has joined #code
22:26 VirusJTG [VirusJTG@Nightstar-6i5vf7.sta.comporium.net] has quit [Connection closed]
23:34 Derakon[AFK] is now known as Derakon
23:58 thalass [thalass@Nightstar-h1qmno.eastlink.ca] has joined #code
23:58 mode/#code [+o thalass] by ChanServ
--- Log closed Fri Mar 27 00:00:17 2015
code logs -> 2015 -> Thu, 26 Mar 2015< code.20150325.log - code.20150327.log >
 search of the:   for: 

[ Latest log file ]