Domain: thc.org
Stories and comments across the archive that link to thc.org.
Comments · 30
-
Re:Again, HP
That's just a bit racist. It's not the Indians you should be concerned about, it's the short-sighted executives. If you're really smart, start a "consulting firm" and outsource back to them, but have project delays and cost overruns to make offshoring more expensive. The fun part is that they start their day at around 5:30pm to 8:30pm (PST to EST) schedule all your status meetings around then. $50/day gets a person. Charge $150.
Here's a training guide for your new staff =D
Have regular code reviews and bonuses for the most subtle implementation of these guidelines.
As poetic justice, you get management experience and can then replace your old bosses. -
Re:Obligatory
That's what code review is for. You teach the people you work with to be better programmers. If someone wants to write bad code, there are plenty of ways in every language. If you can't trust your coworkers, language choice is the least of your problems.
And how exactly are you going to do that when you are working with ancient code, 3rd party code and/or binaries? You will need to find those bugs and fix them, as I said there are many ways seg faults can and do occur and when you work with other peoples' code you will learn that and encounter them. Not everything you use will be heavily documented and written with best practices safely in C++11.
-
Re:Obligatory
My point is more about other people's code. Your suggestions about things like NULLing references when you free the memory are fine in your code and are good practice but that doesn't stop somebody else from taking a reference to that block of memory and accessing it after you have deleted it, your reference is NULL but theirs isn't
That's what code review is for. You teach the people you work with to be better programmers. If someone wants to write bad code, there are plenty of ways in every language. If you can't trust your coworkers, language choice is the least of your problems.
-
How to Write Unmaintainable Code
This has always been one of my favorites.
-
"How To Write Unmaintainable Code"
You can find this old favourite of mine here.
-
Re:Sooo..
What companies do you know that produce good, high-quality code?
Consistently or occasionally? From what I've seen, your average company produces one or two great products and a lot of half-assed projects. I call this the Lightroom-Flash spectrum. On the upper bound, you have code that is fairly well written (apart from that case-sensitivity maps bug, ahem...), and on the lower bound, you have... well, Flash.
What distinguishes one from the other? IMO, you can roughly quantify it as: q = 1 / (t_sub_r * b_sub_p), where q is quality, t_sub_r is time since the last ground-up rewrite, and b_sub_p is the bug punt rate—the number of bugs that got punted to the next release because you couldn't fix them.
In the average organization, T_sub_r is a linearly increasing variable based on time, because rewrites never happen. Similarly, because the schedule is fixed, the total number of bugs is proportional to the code size, and the number of coders is also proportional to the code size, the number of bugs punted tends to be proportional to the code size.
Assuming your code size increases roughly linearly based on time (but in sudden jumps at every release), then code quality is roughly O(1/(t^2)). With products that are given adequate care, though, the schedule lengthens or the rate of code expansion tapers off over time, so that Q is probably closer to O(1/(t * log_base_k(t))) for some base k.
Either way, though, it's a race against the clock, because the OS is changing under you and the world is changing around you, so even if you did absolutely nothing, the code quality would fall off at a rate of O(1/t^2), because all of your bugs are punted.
Either way, the only way you'll ever do better than 1/t is if you periodically do major rewrites of big chunks of code. Of course, this introduces a whole new set of bugs, but the code quality will improve because you will have learned (hopefully) from the mistakes of the previous version of the code. And you must do this for pretty much every section of your code on a regular basis or else the old, crufty parts will eventually degrade into a black box that everybody is afraid to touch.
Or you could just do everyone a favor and periodically introduce code that looks like this weaved in and among what you consider crap code in an effort to force people to rewrite it.
-
Re:He knows something you don't.
Exactly. If this isn't your style guide, you're doing it wrong.
-
Re:donate
Link to the project web-site: http://wiki.thc.org/gsm
Inexplicably, that link makes me think of weed and sex. I expect a high turnout of volunteers at the college level.
-
donate
Link to the project web-site:
http://wiki.thc.org/gsm
If you're IT admin of school with 5000 idle computers, consider donating some GPU time :-) -
Donate
Link to the project web-site:
http://wiki.thc.org/gsm
If you're IT admin of school with 5000 idle computers, consider donating some GPU time :-) -
Don't worry, this is perfectly safe.
That's right, citizen! Biometric passports are harder to crack and harder to counterfeit!
-
Smart IEDs
From the related article:
"Thanks to the ePassports is it now possible to build Smart-IED's. A Smart-IED waits until a specific person passes by before detonating or let's say until there are more than 10 americans in the room. Boom." -John Doe
isn't that lovely.
- js.
http://blog.thc.org/index.php?/archives/4-The-Risk-of-ePassports-and-RFID.html
-
I recommend
this comprehensive guide: http://freeworld.thc.org/root/phun/unmaintain.html.
-
Happy New Year!
It's 2008 in Europe, the year when GSM encryption will be become breakable: Rainbow tables for a5-decryption are currently being calculated on FPGAs.
-
Re:THC already hit
They do still have the files and projectpage is up at www.thc.org/thc-(projectname)
http://www.thc.org/thc-hydra/
http://www.thc.org/thc-ipv6/
you can use google to find more of them.
grab em while you still can. :) -
Re:THC already hit
They do still have the files and projectpage is up at www.thc.org/thc-(projectname)
http://www.thc.org/thc-hydra/
http://www.thc.org/thc-ipv6/
you can use google to find more of them.
grab em while you still can. :) -
THC already hit
The THC (The Hackers Choice) group has already been forced to discontinue some of it's best projects due to this absurd law.
The Hacker's Choice is forced to discontinue several of its projects, as these might be effected by a new German 'anti-hacking' law. As a consequence all exploits and many releases have been removed from our web site. We are sorry.
http://www.thc.org/Silenced are THC's Credit, Hydra, Scan and War-Drive. Hydra will be the most missed, as it was one of the best authentication bruteforcers. Not dwelling on this defeat to freedom of information and the security community, I suggest everyone in the security community begin resisting this trend towards silencing the messenger of insecurities.
We should be working to create new tools and better means by which to distribute information and code, both securely and anonymously. The foolish politicians and companies who think they can dare enforce security by ignoring the problem and silencing individuals should be shown that this strategy does not work. This is yet another challenge to all the security researchers and programmers, will you allow others to dictate your creativity?
-
Hungary systems ?
It's Microsoft that introduced the (in)famous Hungary notation.
Hungary officials obviously weren't pleased ;)
And I can't resist to link to How to write unmaintainable code, a must read if you didn't read it already ;) -
Re:A Note From the Author
I hope nobody said this already: Man! you're not helping the inexperienced programmer keep his job!
http://www.thc.org/root/phun/unmaintain.html/ is the way to go.
Of course you're right and even if it is obvious there is no harm in reading it and thinking about it for anybody. This is slashdot, you _will_ be stabbed at if you say something ;) -
Software Radio cud be the key !
I've thought abt this, since it wud become an ideal solution for communication in rural areas (forgetting the spectrum issues!), with handset costs at an all time low !! Well, Vanu http://www.vanu.com/ has come up with a good solution, wherein high performance commodity PCs are used for software DSP. In the open domain, we have GnuRadio http://www.gnuradio.org/trac/ doing great work in developing algorithms. Also a project is underway for decoding GSM signals off the air http://www.thc.org/gsm/. May be someday, it can build up into a really working opensource BTS !! Cheers..
-
Re:DNSSec
If your looking for a solution you need to attack the problem, the problem is the insecurities in IPv4 itself. What you need is IPsec or IPv6. (However.. ICMPv6 has issues now too. http://www.thc.org/thc-ipv6/README )
It would be much better to implement a fix for this type of attack in the network level and not the application level.
Again I think this is more of a political issue and less of a security issue. I don't like the government holding the key to our DNS servers. In fact I think the ISP's are the ones that should implement their own standards based system and hold these keys as it will *hopefully* introduce some form of free market element to this problem. The idea is that any ISP that would abuse this power would loose their customer base. I just trust them a shy bit more than the Fed's.. -
if code is hard to write...
It SHOULD be hard to understand.
http://thc.org/root/phun/unmaintain.html
In all seriousness. I would just enforce "header" comments to a particular style (javadoc..etc). The rest is up to the individual programmer.
The trouble as pointed out earlier is that programmers/code reveiwer have to be always be updating comments as the code gets updated. This doesn't always happen and is the caused me personally some problems as I took the comment to be right, when clearly they were not. I use comments as a guide now. -
I bet your boss's code matches this
-
Re:YOU NEED MY CREDIT CARD???
THC Credit can extrapolate numbers from real cards and check them: http://www.thc.org/download.php?t=r&f=thc-c191.zi
p You should signup using Tor as your proxy too: http://tor.eff.org/
Also some cool google stuff:
How to Verify Credit Card Numbers In Perl
Sample credit card numbers to use for testing http://perl.about.com/library/weekly/aa080600g.htm
cardware:
http://www.flashback.se/library/software/carding.s html -
THC Credit
From the people who brought you THC-Scan, the most advanced wardialer ever created, comes THC-Credit. http://www.thc.org/
-
Re:You should not comment on your code
Here's an article that was posted on
/. a while ago about that if you're really looking for some job security. http://thc.org/root/phun/unmaintain.html -
Re:Off to a bad start
If you think I'm wrong, please cite the publication in which Napoleon is recorded as having said it.
I'll take you up on that! Right here! -
Three considerations
#1. Sites vs servers.
Netcraft states they count the sites while they don't mention whether they count 2nd level domains (foo.com), 3rd level domains (www.foo.com, support.foo.com) or what else. They just say they "received responses from 74,409,971 sites" while not defining what a site actually is.
#2. Growth.
There has been a growth of about 3.73% in the number of (so called) web sites. There must be some hidden winner(s). That is, there must be some group of web servers that is getting the great part of the growth all at once! Netcraft is failing to mention who they are!
#3. Webserver (or website) identification.
It's all but trivial to identify web servers. Are they using some special tool like amap and nmap or just looking at the server response content? How accurate this identification can be? -
Unmaintainable code. A job for life?
There are some guys that just don't get the art v science debate
... http://thc.org/root/phun/unmaintain.htmlOK, maybe slightly off-topic but please forgive me
;p (and not my web site BTW) -
Re:Illegally distributed software
Imagine someone who packaged up some illegal-to-distribute physical substance in boxes labeled `private, personal and mine, do not touch', then left them around. Can they be done for distributing the substance if someone comes along and steals it?
Scale this from a box with Plutonium to one with THC. Well.
CC.