Видео

This is why use use the integrity tag every time you use a cdn, would have prevented the hole debacle.

why not use fractions and have numerators and denominators be separate integers? So 0.1 + 0.2 = 0.3 => 1/10 + 2/10 = 3/10. Since denominators are the same, we just add numerators together. If we want output be 0.3 simply print 0.3 a string literal.

One aspect of low level programming this is sometimes tough to understand is "What can be optimized easily?" "what am I doing that is thwarting compiler optimization?" So many times I see programmers doing stuff that the compiler will just trip over.

I was in an air-gapped environment with only C available... Had to write my own linked list utility. That was enough to convince me that C++ was better. As for understanding how C++ works - the only real question is how things like exceptions work - they are more like GOTOs now - they were (20 years ago) a piece of code that ran every time you returned from a function that could throw them. C++ is easier to make faster. C++ is easier to make safer (OK, they are both hard) C++ is better integrated with OS for threading.

I wrote my own I2C device libraries, cause it forced to read the datasheets of the devices, and how to identify what each address was doing. I did this with C, and the same rules applied when I did it in Rust.

Why aren't they solving this issue?

Great video as always thanks for sharing!

Easy snippet copy😂

Off topic, but as an outsider it seems to me that >95% of the JavaScript is not written to enhance my browsing experience, and some healthy percentage of that is just downright annoying. But I'm one of the seemingly very few people who is willing to pay a few cents to access Internet content, sans advertisement and any JavaScript, that took effort to create, if there were a way to do that "on-the-fly" without subscriptions, although I would subscribe to an Internet version of a reader's digest web site that parceled out my subscription fees to the creators who's content I accessed. If you calculate advertising revenue, you realize that you are, in effect, working for a tiny fraction of poverty level wages watching ads.

Wow! That’s crazy! Thanks for the video, much appreciated.

"No thank you" he said, girls are temporary, writing programs and debugging is forever.

😱🔥🕸‼

I'm surprised at how much difference there is between the two. It's probably because I'm still a seed compared to what you all know, but the little bit that I've worked them, they both felt similar

It depends what you want to make. If you have a big project and you want to use C++ more like a high level language as alternative to C# and Java, then C++ is the better option in contrast to C

never liked npm, to me it always looked too dangerous.. happy to see that im not too paranoid (: unfortunate to see that there are so many bad actors.. :/

You are confusing two different notions. What you describe is memory mapped I/O, which is the mechanism by which virtually all modern processors communicate with peripheral devices at the lowest level: rather than having dedicated I/O instructions, the memory bus is configured in such a manner that operations involving addresses in a specific range result not in the usual reading or writing of memory cells, but in receiving and sending signals from/to peripherals. Embedded programming on the other hand means programming for a device (maybe some hardware controller) that operates in a setting where many or all of the usual services of an operating system (files systems, process scheduling, etc) are absent. That could involve a lot of direct communication with peripherals, but that is just because that is the main thing one would use embedded hardware for. There is however no fundamental reaason why one could not use an embedded program to just do some mathematical computation, say.

<script integrity="sha384-........" > I use this, so I know that they are providing the source I checked

Most of what motivates me to learn shit is building something I want/need and I’m having trouble finding that with embedded

At my last job working for an ecommerce client with hundreds of thousands of customers, we did use a few select polyfills, but like everything in our stack we hosted them ourselves and code was vetted by our security department's very experienced red and blue team pros. Rather than being there to support ancient legacy browsers such as IE, our polyfills specifically implemented functionality missing in some or all still-relevant versions of Safari for iOS and Mac. Sadly, Apple ties Safari updates to OS updates, and when users have older OS versions, Safari also remains outdated. Sometimes users can update, but choose not to so they don't burden an older device with a more resource-hungry newer OS. Compounding the problem, Apple is often slow to adopt newer web standards and features compared to other browsers, and many users don't switch to alternate browsers. And until recently, even if you did switch browsers on iOS, under the hood the third-party browsers always used the built-in Webkit engine just as Safari does. That's still the case in much of the world, but thankfully at least in the EU, that last part is changing and third parties will be able to use their own engines, which will be kept much more up to date than Safari is. The situation's a bit better on Mac, but quite often less tech-savvy users stick with Safari despite having better options, and so they end up still using a browser that's behind the standards adopted by other vendors. This leaves web developers with a choice. They can adopt new features but use polyfills for Safari; forgo new features to maintain support for older versions; or drop support for older Safari versions altogether, even though they're still widely used. The right choice depends on the company and their user base, but choosing polyfills certainly doesn't require using an outside vendor, and it's frankly pretty shocking that even companies as large as Nintendo were exposing their users to increased risk when they should have known better. I wonder if it was a matter of greedy cost-saving measures, trading risk for profit, or if they're just incompetent when it comes to enforcing good security practices at scale across the teams that work on their web presence. At that job mentioned above, we weren't even allowed to directly install packages from the npm registry, due to the risk of code injection attacks (not to mention scenarios like the pad-left debacle). We hosted our own registry, and any outside packages also had to be thoroughly audited for security risks before adding to our registry, and any updates to them had to go through review as well.

I know enough about computers that there is no longer problems I come across that I can't easily solve or quickly find out how to solve

Summon all the "linux is vulnerable" guys

The only time I even consider using CDN instead of bundling is if it's a direct provider of 3rd party services with a commercial relationship. And of course even then you should lock your package versions until there's a reason to update and you reviewed what is updated, why and what are the changes.

That's why I kept getting logged out! I should've used NoScript like I normally do. Also, no point in worrying or complaining about systemd when you have modern browsers to scare you!

It's such a shame that web dev's knowingly rely heavily on third-party "supply chain" code and simply trust it😮

Hello. I'm Russian and sorry for my English from the translator))) I'm a beginner programmer and I liked Rust. Are there few vacancies in Rust? Can I start with Rust? I worked in user support for 10 years.

They’re reaching at straws to try and make something new. They should’ve stopped at windows 10 and only released security upgrades, bug fixes, optimizations etc etc. Theres no need for a new operating system or new features.

"Everything is open source, if you can read assembly."

C++ is the King of programming languages. If I could, I would date it instead of human females.

This guy is a Sigma ⚡🥶🐺⛈️

"no thank you" from a programmer translates to " please fuck off"

C > Woman

Isnt this essentially 'poisoning the well'

simple rule why to serve the old version of the browser.I mean the version dead and not able to accept latest updates.

Nice video, but buy from which website? I am from india

No way you just pronounced var like that

i dont understand. One day polyfill was honest and its js was cached in CDNs where shit ton of websites used that URL. Another day polyfill is acquired, does some memory corruption js under the hood and releases url to js from their own CDN. And those shit ton websites have all updated without notifications? What the? Can anyone explain like im a child?

Richard Stallman was right all along

Just in case anyone needed yet another reason for ad-blockers.

Given JavaScript ability to monkey patch globals, can the hacker just monkey patch commonly used object such as fetch to steal away the credentials?

Was it really necessary to demean the Cox employee, someone doing their job, just trying to get by in life? Wow.

A

will you do a follow-up once what it does its reverse engineered? personally I am really curious

No coding skills needed *proceed to show code from another language that I dont use*

Go deeper and explain what this can be used for!

The terrifying thing is that everyone who understands API requests could have done this. What an incompetence of the ISP.

Hey girl, I don't cheat and I'm kinda a bad boy how likes to live on the unsafe memory side

@LowLevelLearning please read article I posted in my other comment. I think yarn is also an issue which is a BIG deal in web dev.

I'm not a web dev but i think it's easy to prevent such an issue (pushing malicious code over cdn of the same version or link) by hashing content of that file to a hardcoded hash verification so whenever website doesn't get the same content it just unload it

Luckily I disable Javascript on my browser and have done since 2000. Who’s laughing now? (͡o‿O͡)

The way you reason about sandbox -> v8 -> c++ -> therefore machine takeover is puzzling to me. I'm pretty sure if that was possible on the sable releases of v8 you would get infected every 1 out of 5 websites you would visit. The internet would be only the 10 most known domains and nobody would dare to leave for riskier territory. I like very much your channel but this is just the type of content that is misleading people.