| --- Log opened Tue Nov 25 00:00:05 2008 |
| 00:04 | | AnnoDomini [~farkoff@Nightstar-28886.neoplus.adsl.tpnet.pl] has quit [Quit: He who fights with monsters should look to it that he himself does not become a monster. And when you gaze long into an abyss, the abyss gazes also into you.] |
| 00:25 | <@Vornicus> | TW: a better bet really would be HSB values. |
| 00:28 | | * TheWatcher nodnod |
| 00:28 | <@Vornicus> | Though the perl module was probably written by people who Know This Shit. |
| 00:33 | | You're now known as TheWatcher[T-2] |
| 00:36 | | You're now known as TheWatcher[zZzZ] |
| 00:52 | | Derakon[AFK] is now known as Derakon |
| 00:59 | | himi [~fow035@Nightstar-13747.lns1.cbr1.internode.on.net] has quit [Ping Timeout] |
| 01:15 | | himi [~fow035@Nightstar-18867.44.83.152.in-addr.csiro.au] has joined #code |
| 01:54 | | Brother_Willibald [lenin@79.136.60.ns-4387] has joined #Code |
| 01:54 | | gnolam is now known as NSGuest-1120 |
| 01:54 | | Brother_Willibald is now known as gnolam |
| 01:54 | | NSGuest-1120 [lenin@79.136.60.ns-4387] has quit [Ping Timeout] |
| 02:00 | | * McMartin reminds himself how to use file locks right. |
| 02:06 | <@MyCatVerbs> | McMartin: fd = open("foo.txt",O_RDONLY), flock(fd,LOCK_EX); write(...); flock(fd,LOCK_UN); |
| 02:06 | <@MyCatVerbs> | McMartin: important thing is to never ever open with O_TRUNC set, otherwise you will erase the file *before* trying the lock. =) |
| 02:11 | | himi [~fow035@Nightstar-18867.44.83.152.in-addr.csiro.au] has quit [Connection reset by peer] |
| 02:12 | < gnolam> | There should really be an O_RLY mode for open(). |
| 02:37 | | gnolam [lenin@79.136.60.ns-4387] has quit [Quit: Z?] |
| 03:00 | <@McMartin> | Heh |
| 03:00 | <@McMartin> | MyCatVerbs: As it happens, I can't do that cleanly without littering the rest of my API with fds. |
| 03:00 | | * McMartin is playing RAII games in C++. |
| 03:01 | <@McMartin> | As such, I was locking it, then trying to get write access to it again, which fails as opening the same file twice gives you different fds. |
| 03:01 | <@McMartin> | (And thus, it is O_RDONLY | O_CREAT) |
| 03:01 | <@MyCatVerbs> | McMartin: I think that doesn't actually matter. |
| 03:02 | <@McMartin> | I have distressing proof that it does~ |
| 03:02 | <@MyCatVerbs> | McMartin: flock() locks go by inode, not by fd, don't they? |
| 03:02 | <@McMartin> | The disadvantage to this approach is that it's advisory. |
| 03:02 | <@McMartin> | Nope. |
| 03:02 | <@McMartin> | From the man page: |
| 03:02 | <@McMartin> | If a process uses open(2) (or similar) to obtain more than one descrip- |
| 03:02 | <@McMartin> | tor for the same file, these descriptors are treated independently by |
| 03:02 | <@McMartin> | flock(). An attempt to lock the file using one of these file descrip- |
| 03:02 | <@McMartin> | tors may be denied by a lock that the calling process has already |
| 03:02 | <@McMartin> | placed via another descriptor. |
| 03:03 | <@McMartin> | And since this is a library that's using fstreams, that means exceptions everywhere. |
| 03:03 | <@MyCatVerbs> | Ah right, that's your problem. But that's the behavoir you want, at least in multithreaded programs. |
| 03:03 | <@McMartin> | Yup. Which is why I'm doing this in the first place. |
| 03:03 | <@McMartin> | And a failure is only inconvenient, not fatal or security-compromising. |
| 03:04 | <@McMartin> | So I'm just having it lock $TARGET_FILE.lck instead and respecting that. |
| 03:04 | <@McMartin> | That way even if you do edit the file in a text editor while it's running or something mad like that the worst that happens is that your edits will be lost or will trash some other settings. |
| 03:05 | <@MyCatVerbs> | Sane. Isn't there a non-advisory one, too? I can't remember what the Heck it's called, though. |
| 03:06 | <@McMartin> | Well, the fact that I'm using a lock on file 2 to control access to file 1, it's pretty fundamentally advisory no matter what. |
| 03:06 | <@MyCatVerbs> | Right, it's fcntl(2) locks that are, I think, compulsory. |
| 03:06 | <@MyCatVerbs> | No, that's wrong, fcntl(2)'s locks are advisory too. But I thought there -was- a compulsory locking interface in Linux somewhere? |
| 03:07 | <@McMartin> | I also have to be cross-platform, so OS-specific extensions do me no good. |
| 03:07 | <@McMartin> | (And actually, the ability of entirely different processes to edit the file is *also* something I want. If you hand-edit the file, the changes should show up the next time you check their values, even if it wasn't changed via the main program) |
| 03:08 | <@MyCatVerbs> | Aye. IIRC, POSIX only guarantees advisory locks and anything else is an extension. |
| 03:09 | <@McMartin> | Yeah, the current behavior is acceptable now. |
| 03:10 | <@MyCatVerbs> | Ah right. There's a Linux extension for mandatory locks, but the man pages say that it's unreliable. |
| 03:10 | <@MyCatVerbs> | And buggy. Besides which, using advisory locks only and shooting anyone who misuses them is the correct solution anyway. |
| 03:11 | <@McMartin> | And relying on file locks for security means you get shot in the first place. |
| 03:11 | <@McMartin> | Fortunately, I am a multithreading demiurge. |
| 03:11 | <@MyCatVerbs> | Well, maybe not for security, but for data integrity perhaps. |
| 03:12 | <@McMartin> | Welll.. |
| 03:12 | <@MyCatVerbs> | "No one is allowed to mess with my repository's files while I'm using them." |
| 03:12 | <@McMartin> | If somebody *really wants* to trash you, and has access to your files... |
| 03:12 | <@MyCatVerbs> | But yeah, you're screwed anyway in that case. |
| 03:12 | <@McMartin> | Yeah, see, most programs just die horribly if you trash their /usr/share directory while they're running. |
| 03:12 | <@McMartin> | So I don't think it's important to defend against that. |
| 03:13 | <@McMartin> | Now, defending against "now I run this file while root" with a file replacement attack... |
| 03:13 | <@McMartin> | ... that is important, and you don't get to use locks to protect against it. |
| 03:14 | <@MyCatVerbs> | open, then fstat to check permissions and that it's not a symlink, then...? |
| 03:15 | | * McMartin prefers "drop your own privileges, then run the other guy. If he deserves to do what he wants, he was setuid in the first place." |
| 03:15 | <@MyCatVerbs> | Linux has fexecve, which should do it, but that's not in POSIX. Am I missing something here, or is the race condition between checking permissions and execve(2) unavoidable? |
| 03:16 | <@McMartin> | It's been awhile since I've studied the minutiae. |
| 03:16 | <@McMartin> | I'm used to just fleeing in terror from the whole problem (as listed before). |
| 03:16 | <@MyCatVerbs> | Heh. |
| 03:16 | <@McMartin> | Or, you know, making the target files be in a directory that only root has write access to. |
| 03:17 | <@McMartin> | That's a pretty good defense too. |
| 03:17 | <@MyCatVerbs> | So you'd, er. Wouldn't you have to either check or assume that all directories between the one the executable is in and the root filesytem are non-writable? |
| 03:18 | <@MyCatVerbs> | I mean, if someone accidentally 777's /usr, it doesn't matter that /usr/bin is still 755. It could be swapped out from under your nose. |
| 03:18 | <@MyCatVerbs> | (In between your checking it and your running /usr/bin/something, naturally) |
| 03:18 | <@Derakon> | Go go principle of least privilege. |
| 03:19 | <@MyCatVerbs> | Derakon: we do not yet, unfortunately, have completely capability-based systems. |
| 03:20 | <@MyCatVerbs> | Derakon: and I maintain that possibly it would not be a good idea to have them. One of the great benefits of Unix's filesystem permissions model is that it's simple enough for mortals to wield without fscking it up. |
| 03:21 | <@MyCatVerbs> | Derakon: so you rarely can quite get to *least* priviledge, though you can often go pretty close. |
| 03:22 | <@McMartin> | 19:19 <@MyCatVerbs> I mean, if someone accidentally 777's /usr, it doesn't matter that /usr/bin is still 755. It could be swapped out from under your nose. |
| 03:22 | <@McMartin> | Don't Do That, Then. |
| 03:22 | <@Derakon> | I'm talking "least privilege" in terms of what your filesystem supports, of course. |
| 03:23 | <@Derakon> | And it's always assumed that you are striking a balance between security and convenience. |
| 03:23 | <@McMartin> | If someone accidentally sets their root password to the empty string, you can root them really easily~ |
| 03:24 | <@Derakon> | Er. Yes. Accident. >.> (not really) |
| 03:26 | <@MyCatVerbs> | Derakon, McMartin: I still get the impression that writing root daemons requires unbounded quantities of paranoia. Up to and including stupid crap like checking the whole directory chain. :) |
| 03:26 | | * Derakon eyes the Ambrosia SW forums. "Code blocks that don't put your font into monospace mode? WTF?" |
| 03:27 | <@MyCatVerbs> | Derakon: KILL IT WITH FIRE |
| 03:40 | <@McMartin> | MCV: It's true, it does. However, that doesn't mean that some other corrupted suid program can't change things after you check. |
| 04:16 | <@MyCatVerbs> | McMartin: if there's a corrupted suid program on the loose, meh. |
| 04:17 | <@MyCatVerbs> | McMartin: I'd say that's the cutoff point after which you're guaranteed to lose, so there's little point in continuing to defend. |
| 04:20 | <@McMartin> | Yeah. The question is how to not get corrupted in the first place. |
| 06:27 | | * ToxicFrog accidentally tells jedit to recursively import $HOME as a project. |
| 06:28 | <@McMartin> | ouch |
| 06:28 | <@ToxicFrog> | Mhm. |
| 06:28 | <@ToxicFrog> | Took me several tries to kill it, too, as the process name is not "jedit" but "java.bin" once the startup script finishes all its execs. |
| 06:29 | <@McMartin> | java.bin? What's your OS? |
| 06:29 | <@ToxicFrog> | OpenSUSE 11. |
| 06:29 | <@McMartin> | Mm. |
| 06:30 | | * McMartin is used to that program just being called "java" |
| 06:30 | | Derakon is now known as Derakon[AFK] |
| 06:31 | <@ToxicFrog> | "java" is a symlink to a symlink to a bash script that does some environment setup and then execs java.bin |
| 06:31 | <@ToxicFrog> | I'm not sure if the bash script is part of normal Sun Java, or something the openSUSE packagers added to work around X problems or whatever. |
| 06:31 | <@McMartin> | Pretty sure it's the latter |
| 06:56 | <@Vornicus> | I keep wanting to zoom out my code. |
| 06:57 | <@Vornicus> | And i don't mean "folding" - I mean "show me the entire source file at a size where it fits entirely on the screen" |
| 07:19 | | Vornicus is now known as Vornicus-Latens |
| 07:19 | | AnnoDomini [~farkoff@Nightstar-29725.neoplus.adsl.tpnet.pl] has joined #Code |
| 07:19 | | mode/#code [+o AnnoDomini] by ChanServ |
| 09:20 | | You're now known as TheWatcher |
| 11:40 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has quit [Quit: <Insert Humorous and/or serious exit message here>] |
| 11:53 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has joined #code |
| 11:53 | | mode/#code [+o Attilla] by ChanServ |
| 14:42 | | little [~u4zubair@221.132.118.ns-11759] has joined #Code |
| 14:42 | | little [~u4zubair@221.132.118.ns-11759] has left #Code [] |
| 14:50 | | gnolam [lenin@79.136.60.ns-4387] has joined #Code |
| 14:50 | | mode/#code [+o gnolam] by ChanServ |
| 15:09 | | Alek is now known as Alek|gone |
| 15:43 | | Syloqs-AFH [~Syloq@ServicesAdmin.Nightstar.Net] has quit [Ping Timeout] |
| 15:46 | | Syloqs_AFH [~Syloq@Admin.Nightstar.Net] has joined #code |
| 15:47 | | Syloqs_AFH is now known as Syloqs-AFH |
| 16:14 | | You're now known as TheWatcher[afk] |
| 17:13 | | You're now known as TheWatcher |
| 17:52 | | Serah [~Z@87.72.35.ns-26506] has joined #Code |
| 17:52 | | mode/#code [+o Serah] by ChanServ |
| 20:27 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has quit [Ping Timeout] |
| 20:33 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has joined #code |
| 20:33 | | mode/#code [+o Attilla] by ChanServ |
| 20:41 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has quit [Ping Timeout] |
| 20:46 | <@Bobsentme> | Thanks guys, you got me kicked out of my C programming class. =) |
| 20:46 | | * Bobsentme ducks |
| 20:50 | <@AnnoDomini> | Story, story, story, story! |
| 20:51 | <@Bobsentme> | Thanks to the assistance of TheWatcher, ToxicFrog, and Derakon, I was able to fix a program so that it ran instead of error out with memory faults |
| 20:52 | <@Bobsentme> | This program was assigned to only 3 people out of my 20 person C programming class, because the teacher thought we three were the only one's ready for it. |
| 20:53 | <@Bobsentme> | Brought it back into class today, fully functional. Showed it to the teacher. |
| 20:54 | <@Bobsentme> | Who then told me that, despite my "C" on the first test and "B" on the second test, I don't have to take the 3rd test or the final, because I'm going to get an A in the class regardless. |
| 20:55 | <@AnnoDomini> | Good for you. |
| 20:55 | <@Bobsentme> | ty |
| 20:59 | <@AnnoDomini> | Sometimes, I wish I had a passion for programming like you guys. Other times, naw. :P |
| 21:01 | | * jerith offers Bobsentme a kernel to debug... |
| 21:02 | <@Bobsentme> | Yeah...I feel sorry for those poor bastards I showed up in the class. |
| 21:02 | <@jerith> | Don't. :-) |
| 21:02 | | * AnnoDomini will need to convert more Verilog to VHDL this weekend. And find out how to generate a frequency dividing PLL using Altera's wizard tools. |
| 21:02 | <@Bobsentme> | The other two students were still struggling with how to call a struct like an array. XD |
| 21:02 | <@Bobsentme> | (I only laugh because I tried the same thing) |
| 21:03 | <@jerith> | If you're anything like me, you don't often get the chance to demonstrate utter awesomeness. |
| 21:03 | <@Bobsentme> | true |
| 21:03 | | * jerith managed it twice this week, actually. |
| 21:03 | <@Bobsentme> | The greatest thing about this, though, is that now I have officially cut the number of midterms I need to study for in half. |
| 21:03 | <@jerith> | And they still upped my meds. |
| 21:03 | <@Bobsentme> | Are you sure the meds aren't a bonus? |
| 21:04 | <@jerith> | (I get to take a brown pill tomorrow instead of a white one.) |
| 21:04 | <@jerith> | That's actually not a bad way of looking at it. |
| 21:04 | <@jerith> | Since the pills make me more awesome... |
| 21:04 | <@AnnoDomini> | Do they make you paranoid? |
| 21:04 | <@jerith> | No. |
| 21:05 | <@Bobsentme> | Just awesome. |
| 21:05 | <@AnnoDomini> | Less paranoid? |
| 21:05 | <@jerith> | That's just what they want you too believe. |
| 21:05 | | * jerith glances nervously around the room. |
| 21:05 | <@Bobsentme> | Hey, just because you aren't paranoid doesn't mean they're not out to get you. |
| 21:05 | | * Bobsentme dons his hat. |
| 21:05 | <@AnnoDomini> | I don't believe in medication for non-critical mental disorders. It cheapens achievements for me. |
| 21:06 | <@jerith> | They make me sleep less (which is a problem) and eat less (which isn't). |
| 21:06 | <@jerith> | AnnoDomini: This reached the point where it was costing me way more than I was happy with. |
| 21:06 | <@Bobsentme> | They also make you break out into show tunes everytime you snore. |
| 21:06 | <@AnnoDomini> | jerith: What reached? |
| 21:07 | <@jerith> | AnnoDomini: My now-official ADD. |
| 21:07 | <@AnnoDomini> | I see. |
| 21:07 | | * Bobsentme still thinks the best cure for ADD is a computer. |
| 21:07 | <@jerith> | Bobsentme: Not if it has a net connection. |
| 21:07 | <@AnnoDomini> | Best cure for any mental disorder is the will to change. |
| 21:07 | | * Bobsentme raises a finger to argue, but gets distracted by a rolling turtle flash game |
| 21:08 | <@Bobsentme> | what were we talking about? |
| 21:08 | <@Bobsentme> | OH! SHINY! |
| 21:08 | <@AnnoDomini> | Flying monkeys. |
| 21:08 | <@jerith> | AnnoDomini: The will's been there for several years. The change just hasn't stuck. |
| 21:08 | <@AnnoDomini> | I suppose it could be different for other people. |
| 21:09 | <@jerith> | The meds aren't a silver bullet, but they do help. |
| 21:09 | <@AnnoDomini> | In my own experience, I've found I could generate and lose habits if I deemed such a course of action necessary. |
| 21:09 | <@Bobsentme> | Yeah. Try going against your pregnant wife's will when it's 3am, snowing, and she demands you get dressed and go to IHOP with her. |
| 21:10 | <@McMartin> | Chemical imbalances are not modified by wishing really hard. |
| 21:10 | <@Bobsentme> | AnnoDomini: Funny, that sounds like obsessive compulsive disorder. |
| 21:10 | <@AnnoDomini> | What's an IHOP? |
| 21:10 | <@McMartin> | A short-order restaurant in the US and, I think, Canada. |
| 21:10 | <@TheWatcher> | International House of Pancakes |
| 21:10 | <@TheWatcher> | It's an american thing |
| 21:11 | <@TheWatcher> | (the irony is quite palpable) |
| 21:11 | <@Bobsentme> | very. |
| 21:11 | <@Bobsentme> | Though, at 3am, it does have a tendancy to not be as funny. |
| 21:11 | <@McMartin> | And if they're stealing pancakes from around the world it still counts. |
| 21:11 | <@Bobsentme> | HEY!!! I represent that remark. |
| 21:12 | <@Bobsentme> | btw...nice pen. *YOINK!* |
| 21:12 | <@jerith> | ADD is especially difficult in that regard because most people in this industry (and, indeed, life in general) have the symptoms to a certain degree. |
| 21:12 | | * Bobsentme respectfully bows out of this conversation, as he has to take a nap before work tonight. |
| 21:12 | <@McMartin> | Unlike, say, clinical depression, yeah. |
| 21:12 | <@Bobsentme> | Later all! |
| 21:13 | <@AnnoDomini> | McMartin: (Re: chemical imbalance) No. I suppose not. I don't feel any less compelled against going into a furious rage at a myriad inconsequential things, but I can control my impulses. To a degree. Most of the time. <_< |
| 21:13 | <@AnnoDomini> | -against |
| 21:13 | <@AnnoDomini> | Damn it. My exertion at NaNo is stealing my grammar. |
| 21:14 | <@McMartin> | This is the definition of the deifference between a mental disorder and an attitude problem. |
| 21:14 | <@jerith> | AnnoDomini: Often, the first time I notice my attention has wandered is when I run out of email to read or something. |
| 21:14 | <@McMartin> | And now, back to work, as lunch is over. |
| 21:14 | <@jerith> | Enjoy, McM. |
| 21:15 | <@jerith> | I shall sleep now, and take a brown pill in the morning instead of a white one. :-) |
| 21:15 | | * AnnoDomini is passive aggressive. Amateur diagnosis based on fitting the vast majority of the symptoms on Wikipedia. |
| 21:16 | <@jerith> | AnnoDomini: Amateur diagnoses can be dangerous. If it's a problem, talk to a psychiatrist. |
| 21:16 | | * jerith learned that the not-quite-as-hard-as-it-could-have-been way. |
| 21:17 | <@jerith> | And now, to bed. |
| 21:17 | <@jerith> | 'Night all. |
| 21:17 | <@AnnoDomini> | I might want to obtain the services of a psychiatrist. In fact, I'm going to add that to the list of specialists I need to visit. |
| 21:20 | <@ToxicFrog> | Java programmers! |
| 21:21 | <@ToxicFrog> | Is there any way to iterate over the classes contained in a module? |
| 21:23 | <@ToxicFrog> | The behaviour I'm looking for is to import modules.*, then create an instance of each class in modules. |
| 21:34 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has joined #code |
| 21:34 | | mode/#code [+o Attilla] by ChanServ |
| 21:42 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has quit [Ping Timeout] |
| 21:45 | <@gnolam> | AnnoDomini: start doing that, and sooner or later you'll come to the conclusion that suffer from every malady known to man (except possibly housemaid's knee). |
| 21:45 | <@gnolam> | (Amateur diagnosing that is. Not seeing psychiatrists.) |
| 21:50 | | Attilla [~The.Attil@Nightstar-9469.cdif.cable.ntl.com] has joined #code |
| 21:50 | | mode/#code [+o Attilla] by ChanServ |
| 21:51 | <@AnnoDomini> | gnolam: Pfft. |
| 21:52 | <@AnnoDomini> | It could happen by seeing psychiatrists as well. :P |
| 22:17 | <@gnolam> | AnnoDomini: http://images.encyclopediadramatica.com/images/8/81/Aspergersdefinition.gif |
| 22:21 | <@AnnoDomini> | Gotta show it to a Norwegian I know. |
| 22:23 | <@AnnoDomini> | I do not have assburgers, though, AFAIK. Laziness is inherent in the human condition. |
| 22:25 | <@AnnoDomini> | And, uh, I am capable of social interaction. Really. :P |
| 22:27 | <@AnnoDomini> | These stupid people need to learn to read. How can one not exhibing the symptoms described on Wikipedia possibly come to a conclusion that he is? |
| 22:36 | <@gnolam> | Diagnostic criteria for regular illnesses are fairly vague. Psychological disorders even more so. |
| 22:41 | | Bobsentme [Bobsentme@Nightstar-26585.dsl.sfldmi.sbcglobal.net] has quit [Quit: Now running PassedOut.bat] |
| 22:54 | <@McMartin> | Asperger's is the traditional excuse for people who can't be bothered to learn to interact with human beings. |
| 22:55 | <@McMartin> | That does not mean that the autistic spectrum doesn't actually exist, but it does mean to be suspicious of self-diagnosed people with it on the Internets. |
| 23:02 | | AnnoDomini [~farkoff@Nightstar-29725.neoplus.adsl.tpnet.pl] has quit [Quit: The purpose of writing is to inflate weak ideas, obscure poor reasoning, and inhibit clarity.] |
| --- Log closed Wed Nov 26 00:00:17 2008 |