×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Comments

top

USB Reversable Cable Images Emerge

Wuhao Re:Reversable? (208 comments)

But if you plug it in the other way round won't the phone charge the car's battery, and the 1's become 0's on the data?

No. You just have to keep the charging device elevated above the charged device. It works like a siphon.

about 8 months ago
top

Stack Overflow Could Explain Toyota Vehicles' Unintended Acceleration

Wuhao Re:Go Amish? (664 comments)

You're not supposed to, but you do routinely have software that has bugs even in aerospace, because there is no development process that can guarantee the prevention of 100% of defects, nor even guarantee that 100% of defects are detected and corrected.

about 9 months ago
top

US Cord Cutters Getting Snubbed From NBC's Olympic Coverage Online

Wuhao Nothing new (578 comments)

That 9% is pretty used to having reduced access to licensed, live television content as a direct consequence of not paying a subscription for licensed, live television content.

about 10 months ago
top

Man Shot To Death For Texting During Movie

Wuhao Re:Sounds like a case of senile agitation (1431 comments)

I rarely recommend smashing someone's hands with a brick until they're unable to post here, but in your case we need to make an exception.

You sound upset. Maybe go relax at a movie?

about 10 months ago
top

Man Shot To Death For Texting During Movie

Wuhao Re:Sounds like a case of senile agitation (1431 comments)

Well, I mean, if he shot him in the leg or something, he'd just be screaming through the whole movie.

about 10 months ago
top

Man Shot To Death For Texting During Movie

Wuhao Re:Double bind (1431 comments)

Really? Deserved to be shot? Wtf?

Yeah, no shit. This is monstrous and so far beyond the pale. I'd say that we should be tazing texters, physically beating serial talkers, and reserving the instant death penalty for people who answer their cell phones.

about 10 months ago
top

Convicted Spammer Jeffrey Kilbride Flees Prison

Wuhao Escape Prison With This 1 Weird Trick (233 comments)

You Won't Believe What Federal Marshals Did When They Caught Him!
12 Great Ways To Pass Your Extended Sentence
Think "Cool Hand Luke" Was Just a Movie? Think Again!

about a year ago
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

Dude, listen. I don't even know what you're trying to argue at this point, and to be honest, I don't really care. You don't understand C (or English!) well enough for me to get anything out of this conversation, which as far as I can tell, no longer has anything to do with anything besides your ego. The basic point -- that it is within the guidelines of the Standard for a C compiler to delete null checks on a pointer after it is guaranteed that said pointer has been dereferenced -- has been proved multiple times. Whatever fucking alcoholism or anger management or insecurity issues or whatever are leading you to ramble down this insane, incoherent road, I'll let you deal with on your own.

1 year,25 days
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

Where did I admit that I made an erroneous claim? Where did I MAKE an erroneous claim? Like, I was worried I would confuse you with all those words, but this is ludicrous. I never said GCC had this optimization by default -- only that it's Standards-legal to make that optimization, you dummy. Re-read the thread. You are very confused.

1 year,25 days
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

Now you're just using a very arbitrary definition of "broken." The compiler, in this specific instance, is working precisely as intended. It's not like someone accidentally went and implemented -fdelete-null-pointer-checks into GCC, Clang and MSVC and then everyone else went on accepting it without question. It's a concept with quite a bit of thought and care and discussion put into it.

The basic premise of an optimizing compiler is this: produce output that is at least as fast as the original code as-written and adheres to all defined behavior. In this case, it's spot-on -- the only way through the example function with defined behavior is to have a non-NULL pointer, in which case, the branch comparison is a waste of CPU cycles. For undefined behavior, the compiler has no obligations. All bets are off. You don't get to dereference NULL pointers, then complain that your program didn't work as expected, unless you're working with a compiler that honors obligations above and beyond the C standard.

There are some environments in which you DO want to have some say in what happens next -- which I guess in my opinion would be anywhere that dereferencing a NULL pointer is legal, or at the very least, not instantly and reliably fatal. Compiler authors have not forgotten about you. In GCC, for example, you have two options:
  1. Do not use -O2 or -O3
  2. Use -O2 or -O3 in conjunction with -fno-delete-null-pointer-checks, in which case, your null pointer checks will be left unmolested.

I know after a similar piece of code to the example was discovered in the Linux kernel, they decided to apply -fno-delete-null-pointer-checks. Not sure if that's still true.

A far more egregious example of a compiler exploiting undefined behavior is GCC 1.x which, when given invalid pragmas, would generate code that attempted to exec nethack, rogue, Emacs towers of hanoi, or failing all of those, just generate a printf making fun of you.

In conclusion... know thy optimizer. It's making decisions about your code that can affect you, and it is configured by default to cover the most common use cases. If your program depends on behaviors that are unusual and not covered by the standard (like being able to dereference a null pointer), then you should review your compiler's documentation and see if you need to tune the optimizer a bit for your use case. But if your standards-compliant compiler is applying a well-documented optimization in a manner that breaks you, then it's your project that's broken, either for using that optimization, or for relying on undefined behavior.

1 year,26 days
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

From your favorite FAQ and mine, comp.lang.c: (http://c-faq.com/ansi/undef.html):
"undefined: Anything at all can happen; the Standard imposes no requirements. The program may fail to compile, or it may execute incorrectly (either crashing or silently generating incorrect results), or it may fortuitously do exactly what the programmer intended. Note, too, that since the Standard imposes absolutely no requirements on the behavior of a compiler faced with an instance of undefined behavior, the compiler (more importantly, any generated code) can do absolutely anything."

In other words, once you do something whose behavior is undefined, you have a program whose execution is (at least, as far as the C standard on its own is concerned) unpredictable. Given that, the compiler can do almost anything it wants in situations where behavior is undefined. It could, for example, just abruptly terminate the program. That would make Chris's comment spot-on.

Alternatively, he could rewrite the comment as, // P was dereferenced by this point, so it is either non-NULL or the programmer's wishes and expectations no longer apply.

So yes, it is a completely legit optimization, in full accordance with the C standard, and if you REALLY want to be able to dereference a NULL and have some expectation about what your program does after that, then you need to choose your compilers and/or optimization settings carefully because the C standard alone is not going to give you what you want.

1 year,26 days
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

Yeah man if only the LLVM team thought to look at the C standard or consult with Slashdot commenter Zero__Kelvin

rolleyes

You're not really a very good programmer if this is your reaction to being proven wrong.

1 year,26 days
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

You're an idiot. I've been an embedded systems programmer for 30 years and he was wrong, which he finally admitted. Since he admitted to it in the post above the one you quoted from I have to assume your reading comprehension skills are on a par with your C programming sk1llz.. Good luck learning C !

Uh, I think you need to re-read his post a little more carefully. This is getting a little embarrassing for you, and if you've been doing embedded development for 30 years and still don't know how optimizing compilers work, I feel REALLY bad for you. I can see why you're so insecure.

1 year,27 days
top

How Your Compiler Can Compromise Application Security

Wuhao Re:Null pointer detection at compile time (470 comments)

Post the code rather than trying to explain it in prose and I'll tell you if you understand it yet, but at least you finally see where you went wrong. That's progress and I wish you well!

It sounds like you are a very passionate hobbyist, but one of the nice things about a forum like Slashdot is that there are a lot of professionals like EvanED who will offer you free advice. I suggest you start listening and stop biting the hand that feeds you! Who knows, Evan might have even made some of the software you're using right now. If you work and study hard and ask good questions (respectfully!) you might even be able to work on it with guys like him someday.

1 year,27 days
top

Dropbox Password Goof Let Any Password Work For 4 Hours

Wuhao Dropbox's followup is no good (185 comments)

Not only was there a serious security issue here, but Dropbox customers are having to find out about this through blogs. Dropbox has yet to email its users about this issue. It claims on its blog that users who logged in during this time have been notified. I logged in during this time, and have received no notice.

I am now leaving Dropbox. I need to review Wuala and Spideroak to see if they meet my needs, but I can safely say that this event and Dropbox's earlier behavior has demonstrated to me that they do not take the security and privacy of their customers seriously.

more than 3 years ago
top

Obama Nominates RIAA Lawyer For Solicitor General

Wuhao Re:Don't worry big media, the fix is in (463 comments)

Why would I want a vicious shark to be an attack dog? It just seems like I either have a suffocating shark, or I was very confused about my requirements when I went looking for an attack dog.

more than 3 years ago
top

Power Failure Shuts Down 50 US Nuclear Missiles

Wuhao Re:Why is this not classified? (338 comments)

Maybe they just classified the really good part: when the lights came back on, there were only 49.

more than 4 years ago
top

BP Permanently Seals Gulf Oil Well

Wuhao Re:Why is the summary whitewashing? (368 comments)

Just as rat poison is not harmful to humans, so long as you don't ingest it.

Or Ke$ha, as long as you don't listen to it.

more than 4 years ago
top

The Scalability of Linus

Wuhao Re:Linux was a derivative of UNIX (239 comments)

Geez, Linux is not some revolutionary, unique software. It copies from other systems and OSes. As long as we know what and where, we can figure out why and how.

As for Linus: not scalable. He needs a break. and do you all really know he's the only one that commits? Really? It's just a git account, i.e. Linus could still be committing in 2310, if he gave someone his password of course... Conspiracies, conspiracies....

Come on, Darl, let it go. It's time to move on.

more than 4 years ago

Submissions

top

Dropbox temporarily makes all user data public

Wuhao Wuhao writes  |  more than 3 years ago

Wuhao (471511) writes "Popular cloud storage service Dropbox revealed yesterday that it temporarily disabled password verification on it's web sign-in process for a period of 4 hours. During this time, all user login attempts were successful regardless of whether the correct password was entered. Dropbox notified users in a blog post the next day, although it chose not to email users or provide assistance to users seeking to determine if their accounts were affected. Dropbox estimates no more than 1% of all accounts were potentially compromised."
Link to Original Source
top

Leopard Incompatible with MacBook, MacBook Pro

Wuhao Wuhao writes  |  about 7 years ago

Jeeves writes "Since the release of Leopard, MacBook Pro owners have complained that their keyboard and mouse stops responding under the new OS. The release of 10.5.1 has introduced a slew of new complaints, and it now appears that MacBook and MacBook Pro owners of all hardware generations are affected, rendering the system unusable without the use of external hardware, and with no simple method of rolling back to an OS compatible with their laptops. There is no discernible link between incidents other than the installation of Leopard, and the issue affects owners of laptops which have been pre-installed with the new OS. Apple has not released any statement on the matter, nor any timetable for when they plan to provide a patch. Apple support technicians are unable to provide any assistance to users affected by this issue."
Link to Original Source

Journals

Wuhao has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?