Just generally, don't write SQL queries as strings. An ORM is one option, language-level extensions another. But for that you need some good macros in your language - or convince the maintainers of your compiler to add…
There is a relatively recent audit[1] of EncFS with some damning results. I really wouldn't use it. [1]: https://defuse.ca/audits/encfs.htm
Internet Navigator
The CTFs I've played usually had a good mix of web stuff and binary exploitation. Also, the best way to learn this stuff is to do it. Even if this seems out of your league, I'd suggest to just join a team and start…
You don't have to apply the CBC mode to complete files. If it is secure for a 1 MB file, I don't see why it would be insecure for 100 parts of a 100 MB file. If you manage to merge small files into the same blocks, you…
You do have some information in the browser you can't get to from the outside. For example, the filter with the most hits for me is "@@||192.168.$xmlhttprequest", which whitelists XMLHttpRequests to 192.168.*. A proxy…
What if someone hacked your server and stole, then deleted the private key? (Backing up private keys is bad practice.) What if the CA notices they issued a fraudulent certificate?
> In my opinion, most of TCP's semantics arise not out of the network, but rather the data itself. I can't have packets getting lost in the middle of an SSH session: it just doesn't make sense. My keystrokes are a…
If Github would only host git repositories, you'd be right. But people use Github for the issue tracker, source browser, code review system. Those are just as centralized as the svn server. And in my opinion, they are…
It isn't the default for most people. Download a browser and OS localized to German, French, or British English and Accept-Language defaults to that instead of "en-US".
What's stopping the attacker from reading the user's browser data and replaying it to Google?
For some reason, the #content element is hidden with a `display: none`. Disable that and the content shows.
Either that, or a race condition.
Gcc doesn't have such a warning. Clang has it, but it has to be explicitly enabled. (It's not even in -Wall or -Wextra.)
In Rust, (right now) you can choose between a 1:1 or a N:M mapping between OS threads and Rust tasks. With N:M threading, the runtime necessarily does (some of) that internally.
That works just fine. But if you're working on a big project, a full new download can take a while.
My experience with cgroups is that it's incredibly difficult to get them to do what you want them to do. But systemd seems to be changing that, so maybe their use will get more mainstream soon.
It is for sysadmins. And those are probably Canonical's biggest source of income.
> I don't know how other similar languages deal with GUI. It's always sort of hairy, obscure code when you look at it closely. The best languages for GUIs I've seen are specialized declarative DSLs. Things like QML,…
When there are too many messages, rsyslog will drop them in the default configuration, too. http://www.rsyslog.com/tag/systemlogratelimitinterval/
Who says the function call actually happens? If the function is short enough, they are a very good candidates for the JIT to inline. If they aren't short, the overhead of calling the function shouldn't matter much…
C has variable sized arrays. http://pastebin.com/BEgDNAhu That's no longer backward-compatible to C89, though.
You don't have to simulate multidimensional arrays in C. It's just easier than wrapping your head around the weird syntax required to pass them around: http://pastebin.com/JTjQMfxr
Yes, the 2-4 diagnoses he came up with in the first 35 minutes were always wrong. Only then did he get it always right.
toString() blows up on a null value, the + operator does not. I've written similar Java code for that reason.
Just generally, don't write SQL queries as strings. An ORM is one option, language-level extensions another. But for that you need some good macros in your language - or convince the maintainers of your compiler to add…
There is a relatively recent audit[1] of EncFS with some damning results. I really wouldn't use it. [1]: https://defuse.ca/audits/encfs.htm
Internet Navigator
The CTFs I've played usually had a good mix of web stuff and binary exploitation. Also, the best way to learn this stuff is to do it. Even if this seems out of your league, I'd suggest to just join a team and start…
You don't have to apply the CBC mode to complete files. If it is secure for a 1 MB file, I don't see why it would be insecure for 100 parts of a 100 MB file. If you manage to merge small files into the same blocks, you…
You do have some information in the browser you can't get to from the outside. For example, the filter with the most hits for me is "@@||192.168.$xmlhttprequest", which whitelists XMLHttpRequests to 192.168.*. A proxy…
What if someone hacked your server and stole, then deleted the private key? (Backing up private keys is bad practice.) What if the CA notices they issued a fraudulent certificate?
> In my opinion, most of TCP's semantics arise not out of the network, but rather the data itself. I can't have packets getting lost in the middle of an SSH session: it just doesn't make sense. My keystrokes are a…
If Github would only host git repositories, you'd be right. But people use Github for the issue tracker, source browser, code review system. Those are just as centralized as the svn server. And in my opinion, they are…
It isn't the default for most people. Download a browser and OS localized to German, French, or British English and Accept-Language defaults to that instead of "en-US".
What's stopping the attacker from reading the user's browser data and replaying it to Google?
For some reason, the #content element is hidden with a `display: none`. Disable that and the content shows.
Either that, or a race condition.
Gcc doesn't have such a warning. Clang has it, but it has to be explicitly enabled. (It's not even in -Wall or -Wextra.)
In Rust, (right now) you can choose between a 1:1 or a N:M mapping between OS threads and Rust tasks. With N:M threading, the runtime necessarily does (some of) that internally.
That works just fine. But if you're working on a big project, a full new download can take a while.
My experience with cgroups is that it's incredibly difficult to get them to do what you want them to do. But systemd seems to be changing that, so maybe their use will get more mainstream soon.
It is for sysadmins. And those are probably Canonical's biggest source of income.
> I don't know how other similar languages deal with GUI. It's always sort of hairy, obscure code when you look at it closely. The best languages for GUIs I've seen are specialized declarative DSLs. Things like QML,…
When there are too many messages, rsyslog will drop them in the default configuration, too. http://www.rsyslog.com/tag/systemlogratelimitinterval/
Who says the function call actually happens? If the function is short enough, they are a very good candidates for the JIT to inline. If they aren't short, the overhead of calling the function shouldn't matter much…
C has variable sized arrays. http://pastebin.com/BEgDNAhu That's no longer backward-compatible to C89, though.
You don't have to simulate multidimensional arrays in C. It's just easier than wrapping your head around the weird syntax required to pass them around: http://pastebin.com/JTjQMfxr
Yes, the 2-4 diagnoses he came up with in the first 35 minutes were always wrong. Only then did he get it always right.
toString() blows up on a null value, the + operator does not. I've written similar Java code for that reason.