Working on the next lesson in the Udacity Intro to CS class. Two things I noticed that were weird;
1) We are learning functions but the instructor calls them procedures. My wife explained that at her job, procedures are usually for doing something without returning value while functions do something and return value(s). Is that common for you guys?
2) The instructor has all the variable and functions names spelled out with underscores. Like, first_number instead of the camel case firstNumber. Which do you prefer? I'm used to camel case and the wife agrees that it's usually better.
Anyway, back to your high level programming shit.
What language does your wife mostly work with at work? The only language I've ever dealt with which made the distinction was VB, although VB used subroutine as opposed to procedure.
As #2, what the instructor is doing is the Python standard.
ClassNames
variable_names
STATIC_VARIABLE_NAMES
On occasion you'll run into libs which break from that, but that is usually done to mirror a pre-existing API in another language, particularly if it's just a Python wrapper around that API.
You'll see function, subroutine, procedure, and method all used to describe the same:
def foo():
# Do stuff...
construct. They are roughly interchangeable with function, subroutine, and procedure usually meaning "stand-alone function with or without side-effects and with or without a return value". Method is usually reserved for a function tied to an object (in the object-oriented sense), i.e., a function declared within a class and invoked on a particular object. It is usually assumed that a function has side-effects---printing, opening files, etc.. When a function does not have side-effects, then the function is called pure.
That being said, all four terms are used interchangeably in practice, irrespective of the language, without much care to these nuances as they can usually be inferred from context.
Kambing on
@TwitchTV, @Youtube: master-level zerg ladder/customs, commentary, and random miscellany.
You'll see function, subroutine, procedure, and method all used to describe the same:
def foo():
# Do stuff...
construct. They are roughly interchangeable with function, subroutine, and procedure usually meaning "stand-alone function with or without side-effects and with or without a return value". Method is usually reserved for a function tied to an object (in the object-oriented sense), i.e., a function declared within a class and invoked on a particular object. It is usually assumed that a function has side-effects---printing, opening files, etc.. When a function does not have side-effects, then the function is called pure.
That being said, all four terms are used interchangeably in practice, irrespective of the language, without much care to these nuances as they can usually be inferred from context.
I have co-workers who use the terms functions and free-functions, to refer to methods and functions. That was an interesting miscommunication.
You'll see function, subroutine, procedure, and method all used to describe the same:
def foo():
# Do stuff...
construct. They are roughly interchangeable with function, subroutine, and procedure usually meaning "stand-alone function with or without side-effects and with or without a return value". Method is usually reserved for a function tied to an object (in the object-oriented sense), i.e., a function declared within a class and invoked on a particular object. It is usually assumed that a function has side-effects---printing, opening files, etc.. When a function does not have side-effects, then the function is called pure.
That being said, all four terms are used interchangeably in practice, irrespective of the language, without much care to these nuances as they can usually be inferred from context.
Languages will use different 'names' for specific language structures too, so inside of a language the term they use can matter. Functions vs methods in Python, or procs and methods in Ruby.
Well, it's more hope they don't figure out how to do it with regular accesses in JS
You'd have to be running machine code to bypass caching, higher-level languages mostly wouldn't provide any means to exploit rowhammering.
Not necessarily, it depends on the frequency of access required to trigger the bug. clflush is a very efficient way of clearing the cache, but
for(int i = 0; i < cache_size / cache_line_size; i++) x = array[i * cache_line_size];
will also (possibly) do it. To be safe you do it maybe across 2-3x the cache size to make the chance of clearing it higher. It does make it much harder to do though, and you can't do the mmap tricks they did to turn it into a exploit easily
Well, it's more hope they don't figure out how to do it with regular accesses in JS
You'd have to be running machine code to bypass caching, higher-level languages mostly wouldn't provide any means to exploit rowhammering.
Not necessarily, it depends on the frequency of access required to trigger the bug. clflush is a very efficient way of clearing the cache, but
for(int i = 0; i < cache_size / cache_line_size; i++) x = array[i * cache_line_size];
will also (possibly) do it. To be safe you do it maybe across 2-3x the cache size to make the chance of clearing it higher. It does make it much harder to do though, and you can't do the mmap tricks they did to turn it into a exploit easily
Yeah, I don't think you'll have luck translating that into a working version. To blow the cache you're basically dispersing the effect, and you're totally relying on the physical electrical effect of hammering two specific rows to exploit this.
Well, it's more hope they don't figure out how to do it with regular accesses in JS
You'd have to be running machine code to bypass caching, higher-level languages mostly wouldn't provide any means to exploit rowhammering.
Not necessarily, it depends on the frequency of access required to trigger the bug. clflush is a very efficient way of clearing the cache, but
for(int i = 0; i < cache_size / cache_line_size; i++) x = array[i * cache_line_size];
will also (possibly) do it. To be safe you do it maybe across 2-3x the cache size to make the chance of clearing it higher. It does make it much harder to do though, and you can't do the mmap tricks they did to turn it into a exploit easily
Yeah, I don't think you'll have luck translating that into a working version. To blow the cache you're basically dispersing the effect, and you're totally relying on the physical electrical effect of hammering two specific rows to exploit this.
True, but a single page all maps to the same row, or more than a page depending on layout, so it's not as dispersed (though you would need a cleverer access pattern of course)
GnomeTankWhat the what?Portland, OregonRegistered Userregular
Generally a consider a "procedure" something that doesn't return data, while a 'function' is something that does...but that's purely arbitrary, and learned definitions over years of working in shops where that was the nomenclature. In reality, procedure, function, sub-routine, method and sometimes even delegate, can be used interchangeably and most developers will understand.
Hardware-wise, the solution seems pretty simple, actually: everybody needs to start using ECC memory, everywhere.
Given the ever-increasing density of DRAM, we were bound to get here eventually, but I'm surprised that it's a security problem that hit first and not a reliability problem. Like, this isn't the sort of vulnerability that a software person thinks about.
All these fancy hacking techniques are nice but the ol' "get the sysadmin drunk at the strip club" works pretty well too.
Certainly sounds like the most fun option
0
Options
gavindelThe reason all your softwareis brokenRegistered Userregular
Social engineering works because the adversary is likely to be the most polite person to talk to that sysadmin all day.
"Hey, this is James down in accounting. I know you're busy and I really respect the work you guys do for us, but could you help me out? My account got locked out."
Meanwhile:
"Dammit, my laptop won't turn on! Fix this now!"
I spent over an hour trying to figure out a while loop for finding factorials. I was way overthinking the problem by adding 2-3 unnecessary variables. Found the answer in the forum and wanted to kick myself.
I'm not that dumb am I?
Need a voice actor? Hire me at bengrayVO.com
Legends of Runeterra: MNCdover #moc
Switch ID: MNC Dover SW-1154-3107-1051 Steam ID Twitch Page
I spent over an hour trying to figure out <thing>. I was way overthinking the problem by adding <stuff>. Found the answer in the forum and wanted to kick myself.
Hey guys I need some Python help. I have an image that is base64 encoded and sent to me as a string via JSON.
Here's the code I used to generate the string:
import base64
with open("C:\\dev\\thumbs-up.jpg", "rb") as image_file:
encoded_string = base64.b64encode(image_file.read())
I then took the string and sent it to my API using Postman (which is an awesome tool, btw). And I cannot for the life of me take that encoded string and create a new image file. Here's what I have right now:
I can't seem to figure out how to send the data to the write method.
When I do:
file.write(image_binary.decode('base64'))
It doesn't make any sense since I've already decoded it using the base64.b64decode() up above. But I can't just put the image_binary because it says that it must be a string and not binary. But if I re-encode it back to the string I have the original string that was sent in, but the original string does not create the file.
I should just go ahead and forward my paycheck to you @djmitchella, seriously. So 'wb' means write bytes?
"wb" = "write-only" + "binary mode"
On Windows, 'b' appended to the mode opens the file in binary mode, so there are also modes like 'rb', 'wb', and 'r+b'. Python on Windows makes a distinction between text and binary files; the end-of-line characters in text files are automatically altered slightly when data is read or written. This behind-the-scenes modification to file data is fine for ASCII text files, but it’ll corrupt binary data like that in JPEG or EXE files. Be very careful to use binary mode when reading and writing such files. On Unix, it doesn’t hurt to append a 'b' to the mode, so you can use it platform-independently for all binary files.
Very similar to C, just with a few options missing.
I spent over an hour trying to figure out a while loop for finding factorials. I was way overthinking the problem by adding 2-3 unnecessary variables. Found the answer in the forum and wanted to kick myself.
I'm not that dumb am I?
This is the only way that makes it so you can feel like a fucking boss when you just nail a problem.
Outsiders don't understand why we get so excited about elegance.
It is because a lot of the time we are just slogging through problems.
+9
Options
CreamstoutWhat you think I program for, to push a fuckin' quad-core?Registered Userregular
I have an interview lined up tomorrow as a jr-mid level .Net developer wish me luck!...If anyone has interview questions I may come across please share.
I have an interview lined up tomorrow as a jr-mid level .Net developer wish me luck!...If anyone has interview questions I may come across please share.
Is it at Microsoft? Because the wife mentioned having to do an interview. Wouldn't that be funny.
Need a voice actor? Hire me at bengrayVO.com
Legends of Runeterra: MNCdover #moc
Switch ID: MNC Dover SW-1154-3107-1051 Steam ID Twitch Page
I spent over an hour trying to figure out a while loop for finding factorials. I was way overthinking the problem by adding 2-3 unnecessary variables. Found the answer in the forum and wanted to kick myself.
I'm not that dumb am I?
This is the only way that makes it so you can feel like a fucking boss when you just nail a problem.
Outsiders don't understand why we get so excited about elegance.
It is because a lot of the time we are just slogging through problems.
Posts
What language does your wife mostly work with at work? The only language I've ever dealt with which made the distinction was VB, although VB used subroutine as opposed to procedure.
As #2, what the instructor is doing is the Python standard.
ClassNames
variable_names
STATIC_VARIABLE_NAMES
On occasion you'll run into libs which break from that, but that is usually done to mirror a pre-existing API in another language, particularly if it's just a Python wrapper around that API.
construct. They are roughly interchangeable with function, subroutine, and procedure usually meaning "stand-alone function with or without side-effects and with or without a return value". Method is usually reserved for a function tied to an object (in the object-oriented sense), i.e., a function declared within a class and invoked on a particular object. It is usually assumed that a function has side-effects---printing, opening files, etc.. When a function does not have side-effects, then the function is called pure.
That being said, all four terms are used interchangeably in practice, irrespective of the language, without much care to these nuances as they can usually be inferred from context.
I have co-workers who use the terms functions and free-functions, to refer to methods and functions. That was an interesting miscommunication.
I figure I'll figure it out as they come up and then open tickets then.
The first epic though is "Keep him fed." That should be sufficient.
Languages will use different 'names' for specific language structures too, so inside of a language the term they use can matter. Functions vs methods in Python, or procs and methods in Ruby.
Okay that's it, no more certification tests for me, I'm done thanks.
Time to fall back to lower density DDR!
Or... just not let remote code execute on our custom platform... =P
You'd have to be running machine code to bypass caching, higher-level languages mostly wouldn't provide any means to exploit rowhammering.
Alternatively, it's a server - spend a bit* more and use ECC ram, as the error correction will pick that up, as mentioned in the article.
* in some cases, quite a bit =P
Not necessarily, it depends on the frequency of access required to trigger the bug. clflush is a very efficient way of clearing the cache, but will also (possibly) do it. To be safe you do it maybe across 2-3x the cache size to make the chance of clearing it higher. It does make it much harder to do though, and you can't do the mmap tricks they did to turn it into a exploit easily
Yeah, I don't think you'll have luck translating that into a working version. To blow the cache you're basically dispersing the effect, and you're totally relying on the physical electrical effect of hammering two specific rows to exploit this.
True, but a single page all maps to the same row, or more than a page depending on layout, so it's not as dispersed (though you would need a cleverer access pattern of course)
Well, time to give up on security software. What should I try at next? I'm thinking luddism.
Time to become a therapist and help security software developers through this very trying time
Given the ever-increasing density of DRAM, we were bound to get here eventually, but I'm surprised that it's a security problem that hit first and not a reliability problem. Like, this isn't the sort of vulnerability that a software person thinks about.
Can I do row hammer with my FPGA?
It's directly hooked up to the DDR3 memory, with a rudimentary DDR3 controller.
Effectively, I have raw access to which rows/columns are actually forwarded to the DDR3 chip itself.
Hilarity!
Everyone look around your office and client space!
Now tell me about any threats that concern you more than social engineering.
HIPAA violations all over the fucking place.
I should just make a note of when and where I notice a violation and who I told about it and their response.
Certainly sounds like the most fun option
"Hey, this is James down in accounting. I know you're busy and I really respect the work you guys do for us, but could you help me out? My account got locked out."
Meanwhile:
"Dammit, my laptop won't turn on! Fix this now!"
I'm not that dumb am I?
Legends of Runeterra: MNCdover #moc
Switch ID: MNC Dover SW-1154-3107-1051
Steam ID
Twitch Page
Welcome to programming! We're glad you're here.
Here's the code I used to generate the string:
I then took the string and sent it to my API using Postman (which is an awesome tool, btw). And I cannot for the life of me take that encoded string and create a new image file. Here's what I have right now:
I can't seem to figure out how to send the data to the write method.
When I do:
It doesn't make any sense since I've already decoded it using the base64.b64decode() up above. But I can't just put the image_binary because it says that it must be a string and not binary. But if I re-encode it back to the string I have the original string that was sent in, but the original string does not create the file.
"wb" = "write-only" + "binary mode"
Very similar to C, just with a few options missing.
This is the only way that makes it so you can feel like a fucking boss when you just nail a problem.
Outsiders don't understand why we get so excited about elegance.
It is because a lot of the time we are just slogging through problems.
Is it at Microsoft? Because the wife mentioned having to do an interview. Wouldn't that be funny.
Legends of Runeterra: MNCdover #moc
Switch ID: MNC Dover SW-1154-3107-1051
Steam ID
Twitch Page
New thread means new opportunity to post these.
http://threepanelsoul.com/2013/04/15/on-infinite-loops/
http://threepanelsoul.com/2013/12/16/on-perl/