Re: A modest request of Merlyn
by tachyon (Chancellor) on Jul 13, 2004 at 12:48 UTC
|
Consider this code, which is a trivial modification of the code you posted, and merlyn suggested was foolish. String eval is incredibly dangerous as unless you have perfect control over the input data a cracker can run arbitrary code.....
@keys=( 'warn "merlyn is right, this is insecure and your code *was* f
+oolish!\n"' );
$e = '%hash = (' . (shift @keys) . '=>';
$e .= '{' . $_ . '=>' for @keys;
$e .= '1';
$e .= '}' for @keys;
$e .= ');';
eval $e;
Sometimes you need eval, most times you don't. A wise man knows the difference. There are better faster more secure ways to do it. You apparently did not know this at the time. If you peruse some of the other, better answers in that thread you may learn something. If you are a fool you will insist that this sort of hack could never happen. If you know a little bit about merlyn you may be aware he is a person not unfamiliar with security issues.
| [reply] [d/l] |
|
Thanks for your comments about my code. I agree that eval was not needed, in fact one of the solutions prior to my own was simple and effective, and did not use eval.
However, being the XP whore that I am, I needed to post my own solution and have it be somewhat different from the other attempts.
None of that is the reason for this thread, though. My code: bad. I'm just asking for Merlyn to take his disclaimer down since it isn't accurate, and that he, like me and any other human, is prone to an occasional personal attack on someone.
| [reply] |
|
At the end of the day does it really matter? I think not. merlyn can be abrasive at times see Color coded diff for one of our long dead tiffs, but so what? People suggesting eval without also putting in a disclaimer is like telling a 2 year old to go and play in the traffic.
On the XP whoring front I usually wait for someone to post a string eval and post code like the example above :-)
| [reply] |
•Re: A modest request of Merlyn
by merlyn (Sage) on Jul 13, 2004 at 14:29 UTC
|
I know it may be splitting hairs, but I always see a person's actions as separate from their person. When I say "some fool", that's a shorthand for me of "someone who has exhibited a foolish action". It's still not a personal attack, because I myself exhibit foolish actions from time to time. Of course, my goal is to minimize that amount of time.
Please, rest assured, this is not a statement of your general character. Only that in this case, you did something foolish, and you hopefully learned from that.
| [reply] |
|
I can't resist asking how this theory of actions being separate from persons is supposed to work. If this were so I could do all sorts of naughty things, and then just claim 'it wasnt me, I was just acting like that at the time' .. ?? Also, surely the reason (deep down somewhere), that we do all this cool stuff is so we can walk tall amongst our peers and say 'look I did that', the opposite is also true, if something stupid or unclever is done, we feel responsible/stupid ourselves, when it's pointed out.
Or do you like to distance yourself from your code so that you can't be held responsible when it goes haywire?
I could go on for a while.. But I hope I made some sort of point already.. If the comments are just meant for the code, and not the writer, surely its not too hard to say 'foolish thing to do' rather than 'fool'.
Myself Im convinced you mean exactly what you say and how you say it, and the disclaimer is just to mislead.. But hey, Im going to continue being responsible for my code, and think myself stupid for doing stupid things, and so on. (Just spent several days being responsible for someone elses, since they're on vacation during the customer acceptance test, but such is life..)
C.
| [reply] |
|
You are confusing responsibility with identity.
Choosing to identify with your actions (or your code) solidifies you as an object in a sea of objects, not an actor with moment-by-moment choices. Thus, an attack on your actions (or your code) is seen as an eternal blot on the object that you've now become. It is because you've confused a process with an object. This is why I keep saying "you are not your code, you are not your actions". I'm trying to reinforce the ability to take criticism as against a moment in time, not an eternal blot. I've found in general that choosing to identify with something that is actually a process leads to collectively more stagnant and limiting outcomes over time.
This is completely separate with the declaration that you are responsible for your actions (or code). This means that you welcome feedback, because you want to know how to adjust future behaviors based on past outcomes. And you can instead choose not to be responsible for your actions (or code), and that will lead to a different set of outcomes. I've found in life that choosing to be responsible generally leads to better and more flexible outcomes later.
There is nothing right or wrong about identity. There is nothing right or wrong about responsibility. But confusing one for the other, or not knowing the results of empowering one or the other, leads to outcomes that may not be desired.
I don't want people to "feel bad" (identity) about being a fool (a momentary process). I want people to make adjustments in their actions (responsibility) so as to not repeat the damaging actions in the future.
There. I hope that helps.
| [reply] |
|
|
|
I see it as a conflict between an Aristotelian view and an Operational one: A: A Person "IS" something by definition. O: A Person ACTED a cetain way at one point in time.
The Operational view is more accurate and scientific, it avoids prejudice and stereotyping because it focuses on what is measurable. ie.: How can you say a person "IS" un-trustworthy? You can look into the past and measure how many times they were un-trustworthy in similar situations, but that does not take into account what the person might have changed about their personality in the meantime. According to Aristotelian "ghost in the machine" logic, you should be able to divine some ineffable "trustworthiness" essence within the person; but it wouldn't be measurable.
Therefore, I think Merlyn is speaking Operationally, whereas Delerium has taken it as Aristotelian.
The Map is not the territory. The Menu is not the Meal.
| [reply] |
A reply falls below the community's threshold of quality. You may see it by logging in. |
Re: A modest request of Merlyn
by ccn (Vicar) on Jul 13, 2004 at 12:57 UTC
|
Why don't you just /msg him? It's a personal, not community question
| [reply] |
|
| [reply] |
Re: A modest request of Merlyn
by dragonchild (Archbishop) on Jul 13, 2004 at 12:40 UTC
|
Grow up, or at least grow a thicker skin! If I were to post code that is foolish and is something that I should obviously know, then I am a fool. Same with you, or anyone else. If you were to look hard enough, you would find examples of merlyn and Abigail-II posting foolish code. Heck, every single person on that Saint's list has posted foolish code on this site, and for that moment, that person is a fool.
Of course, this is disregarding that Tarochial connotation for Fool, which is someone blithely wanders through life with n'ary a care in the world. (But, merlyn et al may actually feel this is the best definition for some people, like the proverbial 'Matt'.)
------
We are the carpenters and bricklayers of the Information Age.
Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose
I shouldn't have to say this, but any code, unless otherwise stated, is untested
| [reply] |
|
I'm going to regret posting in this thread I know it now (looks lovingly at XP and says good-bye)
First let me say I'm guilty of derriding people and looking down on newbie and homework posts too. And in the 4 years I've been coming around I'm sure I've said some personal things. For those I apologize.
Acting foolish doesn't make one a fool. A fool is one who acts foolish all or most of the time. I don't think calling anyone a fool here no matter how bad their code is a good idea. As humans we all make honest mistakes, it doesn't mean we are fools, it means we made a mistake. People who are posting here, especially newbies are looking for guidence from people who've already made those mistakes.
I don't take comments by merlyn or Abigail-II personally, however name calling, no matter what you say it is, is personal and unnessicary. I enjoy Fark and /. too and those places are famous for their flamewars, but Perlmonks is generally a place where people generally are respected no matter what their skill level. Calling people names turns people away from this site. Someone new isn't going to learn good security practices or anything else, no matter how true a respondant's comment is if that comment is demeaning or rude and they simply walk away.
Perl is known for its community, its definitely one of the main things that keeps me using it over other languages (that and CPAN :) ). Let's not start turning people away who want to learn because or our egos or senses of superiority.
my $0.02
| [reply] |
|
People are fools (or whatever else they may be) for given moments in time. So, if at 9am I do something foolish, I am a fool at 9am. At 10pm, I am no longer a fool (unless I have done something else foolish in the meantime). That is the point.
------
We are the carpenters and bricklayers of the Information Age.
Then there are Damian modules.... *sigh* ... that's not about being less-lazy -- that's about being on some really good drugs -- you know, there is no spoon. - flyingmoose
I shouldn't have to say this, but any code, unless otherwise stated, is untested
| [reply] |
|
|
Of course, this is disregarding that Tarochial connotation for Fool, which is someone blithely wanders through life with n'ary a care in the world.Ironically, I'd argue that the OP of this thread fits the Eco definition of "fool" (you know, with the world being divided into cretins, morons, fools and lunatics). Of course, I hope this will not also be taken personally.
| [reply] |
|
| [reply] |
A reply falls below the community's threshold of quality. You may see it by logging in. |
Re: A modest request of Merlyn
by Arunbear (Prior) on Jul 13, 2004 at 13:28 UTC
|
In the thread hash problem, the original poster didn't specify in what context (networked or otherwise) the code would be used. merlyn certainly could have pointed out the insecurity and slowness of delirium's code without resorting to name calling - politeness doesn't cost a penny. | [reply] |
|
To me, in an ideal space of time, being both effective and polite is obviously the ideal. But when I have time for only one, I pick effective. Some people I know pick polite instead, and those are usually the ones that rag on me when I choose the other. I understand that, because it's a conflict of goals.
But please let me be clear. I will always take the time to be straight with you. I will not always take the time to package it nicely. In the long run, I believe that is what you want. In the short run, I'll take my licks and mop up the mess later.
I would also ask the same in return. If you have something to say to me, I'd rather you be straight than be nice, if you have to choose.
| [reply] |
|
| [reply] |
|
But when I have time for only one, I pick effective.
Baloney. It isn't a matter of time, it's a matter of frame of mind. There is no excuse for being unnecessarily rude.
We're all rude, from time to time. That's the reality of human interaction. But we have a choice: we can be rude and own it, or we can be rude and be hypocrites about it. For some reason -- which I'll leave to the sociologists among us to figure out -- all perl monks, with only one or two exceptions, choose the former.
| [reply] |
|
|
|
|
| [reply] |
Re: A modest request of Merlyn
by Tomte (Priest) on Jul 13, 2004 at 12:57 UTC
|
The text in •Re^2: hash problem doesn't suggest itself to be interpreted as a personal attack; in my (foreign to english) understanding, it says you acted as the proverbial fool,a role someone obviously has to play in discussions like this. merlyn didn't call you names or attacked you, he simply put forth that you took over an unpleasent role.
personal attack surly reads a lot different than merlyns posting.
regards,
tomte
An intellectual is someone whose mind watches itself. -- Albert Camus
| [reply] |
A reply falls below the community's threshold of quality. You may see it by logging in. |
Re: A modest request of Merlyn
by revdiablo (Prior) on Jul 13, 2004 at 18:06 UTC
|
delirium,
I do not have any substantive reply to your node, but the following makes me slightly nervous:
I enjoy heated arguments, and I think people screaming at each other in their posts over trifles is high comedy. That's what make Slashdot and Fark fun
To me, this makes you sound suspiciously like a troll. Or at least a person exhibiting troll-like behavior. Your behavior in this thread certainly reinforces that, in my mind.
Heated arguments on Slashdot and Fark may be fun for you, but for me (and others I know), they are anything but. In the very least, I think we can agree that certain communities tend to be overrun by such, and I can't imagine that's a good thing. I hope your love of argument is tempered by a desire to maintain a useful community.
| [reply] |
|
| [reply] |
A reply falls below the community's threshold of quality. You may see it by logging in.
|
|
Please let me know what behavior of mine in this thread seems troll-like. I attempted to make very clear that I was not offended by anything said to me, and that a disclaimer linked to in a signature was untruthful and should be removed.
If you would like to search through some of my other posts, you will see that I am a regular contributor to this community, that I am not a troublemaker, and that I attempt to help people with the perl problems they present here.
Here are a few examples:
A number of people are disagreeing with me in this thread. This does not make me a troll. This area of the site is for non-perl problems, and topics like this frequently come up here.
I imagine some members here are assuming that I am trying to be a troll because the object of this post is a valued community member. I value Merlyn as much as the next member, just look at my profile.
| [reply] |
|
Please let me know what behavior of mine in this thread seems troll-like.
These are the behaviors I consider troll-like:
- You took a relatively obscure post of yours (which merlyn failed to reply to) and elevated it to a whole top-level node.
- You have insistently replied to many nodes in this thread. Granted, you started it to engage in a discussion, but there is a point where you should just let the comments stand (e.g. posting 8 levels deep seems a bit excessive to dwell on one minor point).
- In your own words, you described your enjoyment of "heated discussions."
If you would like to search through some of my other posts, you will see that I am a regular contributor to this community
This is why I hesitated to call you an outright troll, and added the caveat that it might just be "troll-like behavior." I have not reviewed your entire post history, and am not prepared to completely write you off. I hope my post wasn't read in that way.
I imagine some members here are assuming that I am trying to be a troll because the object of this post is a valued community member.
Please do not consider me in that group. As I stated, my post had no substantive reply. I do not think merlyn is particularly mean-spirited, but I'm not in any position to defend or condemn his behavior. I was simply commenting on yours.
| [reply] |
|
|
Re: A modest request of Merlyn
by Skeeve (Parson) on Jul 13, 2004 at 15:33 UTC
|
Sorry, Curtis but my impression is, that you proof Randal right. What I observe here to me is foolish behaviour. | [reply] |
|
Well, I'm not going to disagree with you about that.
I do disagree that this thread should be deleted, though. This is the sort of thing that needs to be talked about in a community, otherwise it's just a tech forum where nobody knows each other. The philosopher in me wants to get issues like speaking freely, and a desire for honesty from those we respect out on the table for people to talk about.
Even if the result is nothing more than a few downvotes for me and "why are you wasting our time with this hooey" comments, it's still important that a community be allowed to discuss it openly.
| [reply] |
|
> I do disagree that this thread should be deleted, though.
And you were not the only one ;-) I think, my vote was the only pro-delete one.
> it's still important that a community be allowed to discuss it openly.
My motivation wasn't censorship but my impression that
- this isn't that important
- removing any trace of foolish behaviour of someone who doesn't want to be mistaken as a fool ;-)
| [reply] |
Re:modest request...
by chanio (Priest) on Jul 14, 2004 at 04:40 UTC
|
The philosopher in me wants
Perl uses to be related with language.A more precise programming language wouldn't leave so much doubts. But it is more difficult to program those. (I guess)
Besides, in human languages: English uses to have one word for 2 different meanings of the verb 'to be':
In latin languages, we have two different translations for the same 'I am' depending on the context...
I am intelligent -- translates in 'Yo soy inteligente' in Spanish
And...
I am furious -- translates in 'Yo estoy furioso'
Do you see? 'soy' vs. 'estoy'
This says that latins had understood that we are different persons when we are conditioned by something, than what we are naturally...
So, someone that has to still for eatting, might not be proud of being a thief.Or he might think of himself as a hero when he once stole to Hitler, for example.
We all make mistakes. I don't believe that there is any profit in doing things wrong.We come here to learn or help, not to show ourselves. Not always, I guess...
.{\('v')/}
_`(___)' __________________________
| [reply] [d/l] [select] |
Re: A modest request of Merlyn
by WhiteBird (Hermit) on Jul 14, 2004 at 13:20 UTC
|
I just have to put one more nail in this dead-horse coffin. After looking at all of this it seems to me that Merlyn should absolutely keep his disclaimer. He really is saying that it is all about the code. Nothing else. (read the disclaimer until that sinks in). If he calls me a fool then I need to remember that it's about the code, just the code, not me personally. It would get tedious if he had to explain that every single time his remarks get off center. | [reply] |
|
If one would call the code foolish instead of the person it would remove all doubt.
How much more efficient and maintainable this would be. It would the avoid needless reimplementation of these threads. It would be positive for the community and probably raise the very feeling of community, thus contributing to security in the "neighborhood watch" sense.
| [reply] |
|
| [reply] |
|
Re: A modest request of Merlyn
by Anonymous Monk on Jul 14, 2004 at 06:18 UTC
|
merlyn, you to are a fool!
By your own petard, taking foolish actions makes you so, and ignoring politeness for the sake of expediency is foolish.
Neither making a mistake, nor not knowing better, is foolish. It is lack of knowledge or experience. You have both, but as anyone who has breezed by this place for more than a couple of months has seen, you know being rude offends people, but still you do it.
That's being a fool!
| [reply] |
|
If knowing being rude offends people and doing it is being a fool, what is posting a scathing comment anonymously?
If you have been around for more than a couple months as is implied, why not sign up an account? You don't necessarily have to give up any personal information to do so. If memory serves, you can get an account here with just a throw-away email address as an identifier, and everything else is either optional or you can be another John Doe from Anytown, USA.
Using an account is really the best way to communicate in threads like this. Otherwise it just looks like anonymous bashing and your point is missed because people either ignore the post, or assume it is from a member who doesn't want to show their negativity on the record.
| [reply] |
Re: A modest request of Merlyn
by artist (Parson) on Jul 17, 2004 at 01:34 UTC
|
Lessons:
-
If you call someone 'fool', you need to specify the specifics or you might hurt emotional feelings.
-
If your emotional feelings are hurt, because of someone calling you 'fool', you need to understand the specifics.
| [reply] |
Re: A modest request of Merlyn
by silent11 (Vicar) on Jul 20, 2004 at 16:51 UTC
|
Everybody plays the fool, sometime
There's no exception to the rule, listen baby
It may be factual, it may be cruel, I ain't lying
Everybody plays the fool
Read more...
| [reply] |