Dumb Programming Questions - Pro Programming Answers Megathread!

[Daneel Trevize]

Fucking PHP.

I may be rusty, but my first instinct is: Stop trying to be over-clever with generating code from text. I'd just have a fixed mapping between tasks and function names (like the first switch example), put the mapping data structure in a file to be included, and then do as per the second (if exists in mapping, call, else nope).

BTW, the first example seems to have the feature of using different parameters per function, which the second seems to lack and just treat all functions identically. What's the requirement?
Also, how do you define a 'secure' controller? I'm thinking it shouldn't be a ball-ache if someone wants to add another function to the system that they have to name it in/re-generate the mapping. Rather than have your thing call arbitrary functions with minimal checking. I think this thought loops back to the first one, if you do need to handle different ways of calling the function per task, can you really create a sensible single point in the flow/bottleneck, or is it just for the sake of it? What's the gain, it doesn't seem to be doing much?

[Tarminic]

Fucking PHP.

I may be rusty, but my first instinct is: Stop trying to be over-clever with generating code from text. I'd just have a fixed mapping between tasks and function names (like the first switch example), put the mapping data structure in a file to be included, and then do as per the second (if exists in mapping, call, else nope).

I had considered a registry, but in the end it has the same problem as a switch statement (though I hate the latter much more) - it's a list that has to be manually updated if we want to add a new AJAX call. I prefer that over the current scenario, but I would still prefer it not be necessary.

BTW, the first example seems to have the feature of using different parameters per function, which the second seems to lack and just treat all functions identically. What's the requirement?
Also, how do you define a 'secure' controller? I'm thinking it shouldn't be a ball-ache if someone wants to add another function to the system that they have to name it in/re-generate the mapping. Rather than have your thing call arbitrary functions with minimal checking. I think this thought loops back to the first one, if you do need to handle different ways of calling the function per task, can you really create a sensible single point in the flow/bottleneck, or is it just for the sake of it? What's the gain, it doesn't seem to be doing much?

There's no specific need to have it one way or another. Technically we could load the params inside the called functions anyway but given a choice I'd rather retrieve the input once vs. retrieving it X times. Complexity, security, etc.

The secure controller class operates over HTTPS instead of HTTP and uses an ACL.

[Daneel Trevize]

Think of updating the task->function mapping as confirming you want to expose the function to the wider world/via this secure controller service.

Honestly, what about this is 'Asynchronous JavaScript and XML'? I'm not seeing the consideration of any of these, rather you're just talking about wrapping a service/handling HTTP GET requests. Kinda a super-cutdown version of these points http://en.wikipedia.org/wiki/Service...ure#Principles

Edit: Annotations seems the cleaner solution, see below
Back to the realities of what you have, how about a compromise, each function is defined in a file which is placed in a location/named such that your controller can determine if they're to be exposed or not. Obviously someone has to create the function and do the work for that anyway, but it you don't want them to have (access to) to update the controller/mapping too, you dictate something about the function's physical implementation and your written-once controller depends upon this.
Of course, (unless I'm mistaken) these functions need to be included somewhere else to actually work, so you were always going to put them in an existing piece of code even if just as a 1line include, and should you want to stop exposing them, you'll need to change this include path as they're moved, or change the name everywhere it's called if you're controlling exposure via function name pattern.

Technically we could load the params inside the called functions anyway but given a choice I'd rather retrieve the input once vs. retrieving it X times. Complexity, security, etc.

I haven't really messed with this, but are we talking eval()ing JSON? Regardless...

Annotations seems to be the other way of dealing with this loose-coupling. Have the developers tag the functions, but then you need something to handle annotations as I'm getting the impression PHP doesn't/didn't have one built in. E.g. http://code.google.com/p/addendum/wi...orialByExample
Your controller could then examine the annotations to see if the function's to be exposed (and for what task, using which parameters, etc). Changing the exposure would be adding/removing the annotation while leaving the function name & location unchanged.

E.g.
This goes somewhere once, it's own annotation is for restricting it to being applied to methods/functions only.
For simple solution

Code:

/** @Target("method") *
class SecurelyExposed extends Annotation {}

For more complex solution, basically no different so far

Code:

/** @Target("method") *
class SecurelyExposedForTask extends Annotation {}

This is an example of the tag the developers put for your controller to know whether the function's to be exposed

Code:

/** @SecurelyExposed */
function FunctionToBeExposed() {
   // some code
}

The more complex version is to have it restrict the exposure to a specific task, but the function developer doesn't have to do much more than name that task

Code:

/** @SecurelyExposedForTask ("task1") */
function FunctionToBeExposed() {
   // some code
}

Once we're into the Controller and wanting to call a method/function, there's ReflectionAnnotatedMethod and multi-valued/array annotations which would probably help for dealing with different functions having different parameters, but first things first.
The only problem/barrier to this being really smart comes down to how/when your controller evaluates which function is for which task.
If it doesn't have to and your AJAX call is supplying the function name as per your

Code:

$functionName = $task . 'ForAjax';

idea then we don't need to derive the function name (in these examples 'FunctionToBeExposed', = $task). We're just as brittley hardcoding said name in our calling page, should it wish to be changed in future, but that was your idea. The controller however can cleanly check that it has the annotation flag for being called thusly

Code:

$reflection = new ReflectionAnnotatedMethod($task);
if( $reflection->hasAnnotation('SecurelyExposed') ) {
    // call $task
} else {
  // nope
}

Once we solve the problem of quite when/how the Controller/something should generate the mapping of true task names to implementation-specific function names (see later), we can then do the smarter thing and have the controller do if exists in mapping, call, else nope without having to have function developers do anything more than annotate/tag their functions. And without the controller itself having to check annotations, it can just trust the mapping.

Your second idea with

Code:

if(method_exists(

to me implies a relatively inefficent search of the namespace to check a method/function exists rather than refer to a dedicated data structure containing the app-specific ones (IDK, I've not manged to need method_exists() before). If that search was acceptable, we should just able to do something similar in Controller and have it check, for each function name (in $this scope/class?)

Code:

$reflection = new ReflectionAnnotatedMethod('FunctionPossiblyToBeExposed');
if( $reflection->hasAnnotation('SecurelyExposedForTask') ) {
    $reflection->getAnnotation('SecurelyExposedForTask')->value; // contains string "task1", the name of the task to map this function to
    // put into our mapping "task1"->FunctionPossiblyToBeExposed
}

Now the AJAX call can just name the task it wants to call, and that be dynamically associated with any specific function via changing the annotation. So per AJAX call, the Controller need only do if exists in mapping, call, else nope. Keeping the mapping up to date/cached would probably fall to either doing it each time an AJAX call is made (the dumb way) or only once each time the class is loaded/cached by PHP (smarter, but IDK the details of how atm. This would seem to be why people reinvent Loader classes, and frameworks and :fucking PHP:...).

Remember there were the options for multi-valued/array annotations, so we can dynamically define function paramaters and how they're handled using a slightly more complex annotation, mapping structure, and controller/call-checker.

You know, a static mapping, or switch statement, isn't looking so bad now. It's still given you the consolidation down to 1 place where arbitrary task names & functions calls are associated & individually handled.

FWIW I'm not seeing anything about HTTPS or ACL being involved in this aspect of the controller.

[Frug]

I don't understand the annotations and will have to read again but I thought the idea of mapping strings to functions to avoid maintaining a list was okay. I just didn't like the 'forAjax' bit, and allowing arbitrary function names through a URL.
How about having the functions register themselves with the controller by pushing the names of their ajax functions into an array. The controller compares any attempts to call a function with registered functions in the array and throws an exception if they're not registered. You don't have to maintain the list, and the controller is limited to what functions it lets people call. You can use an associative array so that the function names don't have to match the end of the URL you use for mapping.
Only down side I can think of is that you have to get other people to register their functions.

[Daneel Trevize]

Basically I'm back round to what Frug said, but if you originally had the problem that someone might name some function IBreakEverythingForAjax then it could be put live and callable by anyone trying the task IBreakEverything and breaking everything, well you won't solve that via implementing an amazing SecureAJAXController. Using 'convention over configuration' (the function naming-scheme idea), or annotations, or even having functions register their names in an array/mapping won't save you from having bad developers. Testing and code review might. Or the small'd idea of managing where they put their functions/get their functions put once approved, and having the controller restricted only to the function pool it generates from that scheme.

I think in principle I'm always for the 'define what's allowed' rather than 'try to define all that's not' mentality. Finite state machines, explicit mapping data structures FTW. There's an infinite set of possible AJAX requests your system could try and find a function name for, and only a slowly-changing set of valid ones you need instead restrict it to and maintain.

[Tarminic]

Well, at this point you guys have convinced me. Looking at it a bit differently, having to change the name of a function to expose it as AJAXy isn't any less complex than adding it to a registry. The registry will have a list of mappings in a single location instead of having to check every method of Secure_Controller, and developers can't accidentally expose functions they shouldn't (at least it'll be harder). Thanks for the input.

The final code will probably look something like this:

Code:

class Secure_Controller {
    private $ajaxRegistry = array();

    function registerForAjax($urlSegment, $functionName) {
        $this->ajaxRegistry[$urlSegment] = $functionName;
    }

    function ajax($task) {
        $params = $this->input->post();
        try {
            $this->$task($params);
        } catch(Exception $e) {
            $data = array();
        }
    }
}

Code:

class Derp extends Secure_Controller {

    function __CONSTRUCT() {
        parent::construct();
        $this->registerFunctionForAjax('poo', 'doSomething');
        $this->registerFunctionForAjax('urinateViolently', 'doSomethingElse');
    }
}

[Frug]

Still not getting the need for a registry. Give the controller a registerFunction('functionname') and then have other people call it in their class constructors.

This can always be combined with a registry and you can override and remove them if you don't like them being registered and can't get into their code.

[indeterminacy]

nvm starbucks and I figured it out

[Tarminic]

Still not getting the need for a registry. Give the controller a registerFunction('functionname') and then have other people call it in their class constructors.

This can always be combined with a registry and you can override and remove them if you don't like them being registered and can't get into their code.

That's exactly what I ended up doing, actually. In fact it provided some extra benefits because I could standardize the response format instead of on a case-by-case basis.

[Tyrehl]

Reposting this here as per :Sponk: instructions

(Edit: Lol, this is now tripple-crossposted - i better get some answers )

Not sure where to put this, will cross-post in the emothread (because yes, im kinda at the moment).

Time has come for me to start thinking about a masters degree. I am currently writing my bachelor's thesis (well, starting to work on it) but I still have (almost) no idea what I really want to do.

I know that it's hard to help someone with such a problem, so i'll mention some of my ideas. I'll also include eventual mid- and/or long-term goals


One of the universities im looking at offers 14 areas of specialisation, from which I need to pick 2).
(Added them spoiler-ed if someone is curious)

  Spoiler:

1. Theoretical basis - after checking, this is basically ALGORITHMS EVERYWHERE
2. Algorithms engineering
3. Cryptography and Security
4. Operating Systems
5. Parallel processing
6. Software Engineering and Compiler Construction (wat)
7. Process automation
8. Embedded systems and computer architectures
9. Telematics
10. Information Systems
11. Robotics and Automation
12. Computer graphics
13. Anthropomatics
14. Cognitive Systems

The problem is, Im not entirely sure what I want and what im looking for.




Im studying informatics, but I havent really written anything in the last 2 years (always postponing ). I have little experience with C, C++ and Java. Thats it. I started reading a book about basics in algorithms and different approaches (there's some C# in the book but thats not the main part of the book). After that I might check some frameworks (.net comes to mind).
I think I might be able to catch up and I believe I have the analytical thinking that would be needed.

One of these 14 ... things is supposed to be about (relational?) database systems. Last year I was getting raped on this exam - I had to study really hard, but it paid off in the end. The whole relational database theory was quite interesting, but also looked REALLY hard to master. And by the looks of it (some parts of) the world is slowly moving away from relational databases (i may be really wrong on this one).

Security - now thats something I really wanted to study. After a cryptography/sec. course I took last year I realised that there are a lot of things I find intriguing about the subject. Possible/eventual problem: my :math: isnt that great, main reason is that I was slacking (and drinking) a lot while we were studying Further Mathematics (? ..am I saying it right?). I took my exams but I dont remember much and i'll have to put some effort. Whats the 'name' of the Algebra for cryptography/information security?

Software Engineering, projects management/lead - this goes slightly into the "best case scenario" area. If I will be writing tons of code now, I dont want to be doing this for a living when im 30-35. You probably know what I mean.




At the moment im working in the Networking/Telecommunications sector, took some Cisco courses when I was in high school (yeah lol-Cisco etc, I know - still it helped me learn a thing or two) and the work/pay is really nice for a student. I am NOT looking at a masters in this area, I believe I dont want to do this. It might be the easiest / the only one to combine with Security/Cryptography though.

Basically, im not working on a project or something. Over the years I've tried some sql-magic on a project involving a huge database (for a free-time project), web dev. (php+sql) on top of the things we did in the university (basically nothing). I just have a very basic idea and it doesn't seem that there's an easy way to check what I like.


Just for the record, my bachelor's thesis will be on Embedded systems, sensors, measurements in the time-frequency domain and blah blah. Not really exciting but it might work for me :P







And the TL; DR question:
Is there a 'way' to incorporate cryptography, information security and a programming language/framework (or programming as a whole)? It seems to me that I have to either use pre-defined standarts or go the hardcore Algebra/Math/Algorithms way if I want to work on cryptography in particular. Anyone in the industry?

I know that there's no easy answer to my questions, but where should I start looking and how can I possibly pick a suitable masters in 2-3 months?

[Sponk]

Why go for a Masters anyway? Seems retarded to specialize in a field that you don't have enough experience with to make a good decision.

From what I can tell:
1. Theoretical basis
I hope you like lambda calculus. You will end up teaching.
2. Algorithms engineering
Like (1) but applied. Good if you are good at maths and want a high-paying job as a quant. You will end up coding.
3. Cryptography and Security
An interesting field to get into. Make friends in low places starting now, or you'll be forever mediocre. You will end up consulting.
4. Operating Systems
derp. Enjoy being a cog in the machine. You will end up in Office Space.
5. Parallel processing
A profitable niche. You'll talk a lot about big data and have a nosql t-shirt. You will end up consulting, unless you suck.
6. Software Engineering and Compiler Construction (wat)
I hope you like abstract syntax trees. I have no idea why general software engineering is rolled into this. You will end up in middle management, or coding to support some domain-specific language.
7. Process automation
I hope you like shell scripts and watir. You will end up a devops or automation engineer.
8. Embedded systems and computer architectures
A cool hobby but a shitty career. Stick to software it's much easier. You will end up unemployed.
9. Telematics
Pretty niche. I'd avoid unless you have passion.
10. Information Systems
Generic masters degree subject. Boring, safe, probably effective.
11. Robotics and Automation
assion:
12. Computer graphics
assion:. also easpouse~
13. Anthropomatics
used to be called human-computer interaction. You can run a consultancy on this.
14. Cognitive Systems
This plus algorithms engineering will let you follow in the footsteps of page and brin.

[Hast]

Why go for a Masters anyway? Seems retarded to specialize in a field that you don't have enough experience with to make a good decision.

From what I can tell:
1. Theoretical basis
I hope you like lambda calculus. You will end up teaching.
2. Algorithms engineering
Like (1) but applied. Good if you are good at maths and want a high-paying job as a quant. You will end up coding.
3. Cryptography and Security
An interesting field to get into. Make friends in low places starting now, or you'll be forever mediocre. You will end up consulting.
4. Operating Systems
derp. Enjoy being a cog in the machine. You will end up in Office Space.
5. Parallel processing
A profitable niche. You'll talk a lot about big data and have a nosql t-shirt. You will end up consulting, unless you suck.
6. Software Engineering and Compiler Construction (wat)
I hope you like abstract syntax trees. I have no idea why general software engineering is rolled into this. You will end up in middle management, or coding to support some domain-specific language.
7. Process automation
I hope you like shell scripts and watir. You will end up a devops or automation engineer.
8. Embedded systems and computer architectures
A cool hobby but a shitty career. Stick to software it's much easier. You will end up unemployed.
9. Telematics
Pretty niche. I'd avoid unless you have passion.
10. Information Systems
Generic masters degree subject. Boring, safe, probably effective.
11. Robotics and Automation
assion:
12. Computer graphics
assion:. also easpouse~
13. Anthropomatics
used to be called human-computer interaction. You can run a consultancy on this.
14. Cognitive Systems
This plus algorithms engineering will let you follow in the footsteps of page and brin.

Sponk hit it pretty much nail on head.

[Muffinsrevenger]

Pro as fuck list, can also add that Human-computer interaction is actually fun to work with, if you don't know exactly what you want to do make sure to try it out/get out into the wide world where people suffer to get a basic idea first

[Tyrehl]

Thanks Sponk, great descriptions

Yeah, Anthropomatics is fun - last year I was in Germany for one semester, one of the exams I had to take was Cognitive systems - basically 60% anthropomatics (including neural networks, face/voice etc recognition) and tons of "fuck that, how do I solve this". Its ridiculous how extensive the subject can be, this is by far the hardest exam i've ever taken (lol they even have real robots there :O ). The problem with human/robot interaction is that its you are kinda limited where you can work. On the plus side, im not just theorizing - my work will be put to actual use.
Unlike pure cryptography. For example, we are just starting to use elliptic cryptography and this was developed in the 80's

After looking at the 'new' list you posted I found several things that would be interesting to me. But here's the other problem - as someone else said, Masters is more about specializing in stuff that you are already familiar with. I am not really experienced with the any of these, so its hard to pick the correct field of study.

My main problem is, instead of working on something that I will be studying later I picked the job with the (much) better pay. In my country (lolbulgaria) we have the problem where if you want to be a DB developer (example) you have to do the same amount of work as a senior developer for just a fraction of the money. Yey practice, at some point you even get to work on the same things 'he' (the senior developer) does.
And here's where it gets interesting - a lot of (smaller) companies hire students or less experienced IT's for a 6-month trial and when the trial ends .. "yeah thanks for the good work, but I dont think that you are suitable for our company blah blah". Still, there are places where you can get a proper work but its kinda hard to get there (I failed hard on this aspect, I should've done more in my free time, not just *take my exams and go get drunk with friends*).


Can anyone tell me a bit more about Algorithms engineering and/or Parallel processing. "You'll talk a lot about big data and have a nosql t-shirt. " - lol, sounds like me ;D
At some point the workay ratio will kick in as a factor as well. I am okay with doing something hard where I'll have to excel in my work, as long as I will have the opportunity to grow.


Edit: Forgot to comment on the cryptography-thing. Friends in low places how do i do that, I have no idea (I dont know anyone working in this industry).

[Hast]

Edit: Forgot to comment on the cryptography-thing. Friends in low places how do i do that, I have no idea (I dont know anyone working in this industry).

protip: the industry is not a low place.

[Ophichius]

If you're really interested in security and programming, you may also want to consider reverse engineering. It's not taught as a field really, but the applicable fields would be compiler design, embedded systems design, OS design, and crypto/security. Given that WebGL is on the up, you might want to hit up some graphics programming stuff, but that's a -very- fast-changing attack surface and may not have much to work with by the time you get out of school.

Definitely pick up Practical Cryptography by Schneier if you're interested in crypto. There's a lot of good general security whitepapers at the SANS reading room, take a look around and see what interests you. If you want to get into reverse engineering, dig up the classics by +ORC and Fravia, as well as taking a gander at OpenRCE. Reversing: Secrets of Reverse Engineering by Eilam is also a good read. Rookits: Subverting the Windows Kernel by Hoglund and Butler is a great read on rootkits (The associated rootkit.com site is down after the HBGary stuff though, so the example code samples aren't available. Still a solid book though.)

Is there a 'way' to incorporate cryptography, information security and a programming language/framework (or programming as a whole)? It seems to me that I have to either use pre-defined standarts or go the hardcore Algebra/Math/Algorithms way if I want to work on cryptography in particular. Anyone in the industry?

Crypto is applied math, if you go any route other than hardcore math + programming, you will fuck it up. Hell -even- if you go that route, you can still fuck it up. Crypto is one of the most fascinating, but incredibly sensitive bits of any program to implement, because even if an algorithm itself is sound, you can fuck up your actual implementation in many, many different ways, quite a few of which are subtle enough to slip by almost everyone except the tiny handful of cryptosystems experts in the world.

I know that there's no easy answer to my questions, but where should I start looking and how can I possibly pick a suitable masters in 2-3 months?

To be honest, I'd start doing a lot of general research on the topics that interest you, get your hands on some good books. See if anything grabs you by the throat and makes you think "This is what I really want to study!"

-O

[Kanv]

I want to use Excel to sum a column until it reaches a value found in another cell, and then display the value of cell next to where it stopped counting. Is there a formula for this or do i need to script it?

[balistic void]

Script I think.

Unless you can somehow use a formula to find the coordinates of the "stop point", then use this as part of a dynamic range in the sum function.

Fuck it I would just use script, easier to debug and understand.

While we are on the subject of Excel.... anyone got experience with automatic excel unit tests? I can get it to run fine from command line via batch file, however when I try to integrate this into Jenkins it runs it as a service and seems to just hang. I know about the "enable macros" prompt, but I have included a registry thingy to get around this...

[IceBlock]

I want to use Excel to sum a column until it reaches a value found in another cell, and then display the value of cell next to where it stopped counting. Is there a formula for this or do i need to script it?

Here; http://bit.ly/LMUcnH

[filingo]

how do you make shell shit work in python

if ps -e | grep entroxpronprogram != "" then
killall entroxpronprogram

HOW MAKE WORK IN PYTHAN