AtomicMaster

So when i try to solve problems, i sometimes come up with some pretty neat ideas about how to best express or contain something, that often turns ugly code somewhat more elegant, and i like elegant code So I want share some random programming ideas, in random languages, perhaps some solutions. And you are also welcome to join me, perhaps this may help someone perhaps. Here's an example: This is something i have come up with a couple of years ago. It works when you need to have actions on data, perhaps called at random, or perhaps called every time, but you don't care what those actions are specifically (and they can be easily written or extended by someone else). All you care about is keeping track of some conditions that satisfy those actions (for example, i want to define actions ran at different time intervals, or i want to define action to act on string data, and other actions (or set their-of) to act on numerics). This is useful when you don't care which actions or what order the actions are executed, just that they are. You also get the benefit of a common ds, so you can keep track of data for all actions internally inside the structure. require 'singleton' class Legos include Singleton def initialize #you could initialize a common piece of data that the blocks act on here if you so chose end def blocks(id=1) @blocks ||= {} @blocks[id] ||= [] end def blocks=(data, id=1) @blocks[id].push(data) end # Magic happens here def block(id=1, &block) raise "Windmills do not work that way! Good NIGHT." unless block_given? self.blocks(id) << block end # Main poll loop def build() @blocks.each_key { |key| @blocks[key].each { |block| instance_exec(&block) } } end end castle = Legos.instance castle.block() { puts 'One Block' } castle.block() { puts 'Two Block' } castle.block() { puts 'Three Block' } # So you can identify block types for example (you can extend it to have more than one attribute) castle.block(2) { puts 'Four Block (out of order)' } castle.block() { puts 'Five Block' } castle.build

What is your aversion to using normal functions and maintaining code/data barrier? You also didn't solve the problem i outlined above and abstracted it away... Also by the way, your code: <?php /* * Please copy and paste and execute the following code */ /*Look, form_generator_file and form_generator_usr are complete pages that has all properties of a PHP page * that means it could contain everything a php page may contain. * the variable $form hold the code of the page. * So if I echo the variable $form , you will see it will print the code. * But if you want to execute it , you need to use eval(). * */ $form = ' //page 1 function form_generator_file($form_defination = "") { $to_day = @date("m/d/y"); ?> <div style="border: #ff0000 solid 1px;"> <span>Today:</span> <span><?php echo $to_day;?></span> <p style="background-color:#404040; ">File: <?php echo $form_defination;?></p> </div> <?php } ?> '; $form_usr = ' //page2 function form_generator_usr($form_defination = "") { $to_day = @date("m/d/y"); ?> <style> div{ font-size:12pt; background-color:#bcbcbc; color:#fff; width:50%; } </style> <div style="border: #ff0000 solid 1px;"> <span>Today:</span> <span><?php echo $to_day;?></span> <p style="background-color:#404040; ">User : <?php echo $form_defination;?></p> </div> <?php } ?> '; ?> <html> <style> span{ font-weight: bolder; } p{ color:#fff; } </style> <body> <?php $file_form_definition = "file form definition"; $user_form_definition = "user form definition"; ?> <?php $page = 1; switch($page){ case 1: ?> <h2>Files</h2> <?php echo eval("form_generator_file(\"$file_form_definition\");".$form); ?> <h2>User Info</h2> <?php echo eval("form_generator_usr(\"$user_form_definition\");".$form_usr); ?> <?php break; case 2: ?> <h2>Files</h2> <?php echo eval("form_generator_file(\"$file_form_definition\");".$form); ?> <?php break; case 3: ?> <h2>User Info</h2> <?php echo eval("form_generator_usr(\"$user_form_definition\");".$form_usr); ?> <!-- And so forth --> <?php }?> </body> </html> could just as effectively be written as <?php /* * Please copy and paste and execute the following code */ /*Look, form_generator_file and form_generator_usr are complete pages that has all properties of a PHP page * that means it could contain everything a php page may contain. * the variable $form hold the code of the page. * So if I echo the variable $form , you will see it will print the code. * But if you want to execute it , you need to use eval(). * */ function form_generator_file($form_defination = "") { $to_day = @date("m/d/y"); ?> <div style="border: #ff0000 solid 1px;"> <span>Today:</span> <span><?php echo $to_day; ?></span> <p style="background-color:#404040; ">File: <?php echo $form_defination; ?></p> </div> <?php } function form_generator_usr($form_defination = "") { $to_day = @date("m/d/y"); ?> <style> div{ font-size:12pt; background-color:#bcbcbc; color:#fff; width:50%; } </style> <div style="border: #ff0000 solid 1px;"> <span>Today:</span> <span><?php echo $to_day; ?></span> <p style="background-color:#404040; ">User : <?php echo $form_defination; ?></p> </div> <?php } $file_form_definition = "file form definition"; $user_form_definition = "user form definition"; ?> <html> <style> span{ font-weight: bolder; } p{ color:#fff; } </style> <body> <?php $page = 1; switch($page){ case 1: ?> <h2>Files</h2> <?php form_generator_file($file_form_definition); ?> <h2>User Info</h2> <?php form_generator_usr($user_form_definition); ?> <?php break; case 2: ?> <h2>Files</h2> <?php form_generator_file($file_form_definition); ?> <?php break; case 3: ?> <h2>User Info</h2> <?php form_generator_usr($user_form_definition); ?> <!-- And so forth --> <?php }?> </body> </html> And this maintains code/data separation in PHP, also plays a lot better with syntax highlighting (as i don't have any sections of php defined as a string). So i don't know what problem you are trying to solve with eval, but i know for sure that it does not require eval to be solved. Again in the words of the creator of PHP -- Rasmus Lerdorf

You have in fact not, there is so much disinformation that is evident even in this; there were never any Russian soldiers occupying anything, they are what the media tends to call pro-Russian forces, who are citizens of Crimea who took up arms when they saw what was happening and still is in Maidan; clear distinction, they are not the armed forces of the Russian Federation. This is a good example how things get twisted so much in the media though... Crimean news source, citing the police http://www.c-inform.info/news/id/1154 points out that the shooting happened in two directions from one position, shots were fired both at the Crimean self-defense force and at the Ukranian military base. One member of the Crimean self-defense force and one member of the Ukranian military were killed, two more members of the self-defense force were wounded. Similar tactic was used in Maidan when one sniper fired at both activists and the police force. So a note on this. The deals with the EU and Russia are not and have never been mutually exclusive, they are not picking a side, its not east vs west, and so the deal with the EU was not cancelled, it was not accepted for further negotiations. The people in the government are not stupid, and the actual speech where their president announced his government's decision explained that well. They didn't join EU because doing so would mean plunging the country in an arguably even bigger crisis then what we are currently observing. In order for the Ukraine to join the EU, the entire production system will have to have been modernized to the European standards, many plants would have had to be closed, this would have meant laying off perhaps hundreds of thousands of people. They would have had to change the financial system, plunging the country into inflation, restructure, etc, etc, there were a few points that the government wanted to renegotiate with the EU leaders, and again, being a part of the EU is not exclusive, you can be a member of other trade organizations... Oh yeah meant to note, the current prime-minister also declined to sign the current version of the EU economic agreement (as of today anyways) for the same exact reason as the previous government...

But most try to be pretty close. Problem here is 2-fold. First problem is that there are unnecessary risks that are exposed by the way that your code is written. Evaluating user input is a very error-prone endeavor, and for any complex website (you mentioned thousands of lines of code, thats a pretty much a very small project, tools i write often fall in that range, most actual projects i work on involve order(s) of magnitude more code) where there are multiple people developing in parallel, working on multiple parts of the project, with every user input, having a potential to be exploited. Second problem is a computer-science one. Most typical example is 2 ways to approach a firewall rule-set. You can have a deny unless open set, where the firewall specifically opens ports with the bottom governing rule being deny all, and a open unless denied set, where you deny specific ports with a bottom rule that allows all. So the problem with "we could add some prevention code" is that you have an open unless denied system, which when mapped to Godels' incompleteness theorem, states that there is always potential for some input that will bypass "prevention code" and will still be interpreted by as code by PHP (or JS or SQL)... Because you don't maintain a clear Code/Data separation the second you eval. No you are not an expert, but it is NOT the task of others. It is YOUR primary duty as a programmer to provide a safe and secure environment for the people who are to use it. Since you are proposing a design paradigm, you have to think about how one using your development paradigm could provide a safe and secure environment for their users; really poor security is almost always the result of an afterthought. We have already outlined multiple ways in which your way of executing server-side code is insecure, you have yet to provide an actual solution. So why would anyone want to write code in a paradigm that is inherently insecure and has no defined ways, no solutions to make it secure? So what you provided was a way to fix a "service can not access file a" issue with a "just run the service as root" solution... Why waste the time? I am quite ok with some pseudo code, I highly doubt that you can express something in code that you can't express in pseudo-code. I do not have a use for the code, i mean unless you do.

This is a poor file format idea. To be able to express a raster image in a language, requires a context-free language, which means that you would have to design and (if you want it to be used) safely implement a full programming language into the library that interprets this file format, which is almost always a bad idea... We have languages that are already capable of doing this, OpenGL for an exceptionally good example, and you can write them in the languages that they have already implemented C/C++ for example, which already come with really good parsers and compilers. For a bonus, they even have the ability to export pictures in the above-mentioned formats, and can also write to the video buffer almost directly without using an image compression format (or i suppose it would technically be bmp). Just $.02

Wait if you wanted C++ done differently, wouldn't you do Go? Also C++ is C++ done right, just because someone doesn't learn their language history doesn't meand that C++ is all of a sudden somehow wrong... Python was designed to teach students how to write code correctly, yes, it is a great language to start with.

As i have already posted a different way to write the code in your sample, i see no reason to redo work (albeit a small amount). Here's the first problem that i can think there is a good chance of runing into with your model. Suppose i am serving a site where suppose i need to serve multiple forms, for example if you want to use one form to collect and handle files specifically, and the second form to capture some other information. Lets say form definitions are passed to me from the designers in like a json, so that should make it easy to build a function for building forms. The challenge is that sometimes the forms are served by themselves, but they are also served together, so that depends on some state somewhere. Now here's a problem. (see pseudo-code) // Definitions $form = 'form generator'; $file_form_definition = 'file form definition'; $user_form_definition = 'user form definition'; // Forms $file_form = 'form_generator($file_form_definition);'.$form; $user_form = 'form_generator($user_form_definition);'.$form // Other forms defined here // Sometime later when we are deciding what to serve for HTML switch($page){ case 1: ?> <h2>Files</h2> <?php echo eval($file_form); ?> <h2>User Info</h2> <?php echo eval($user_form); ?> <?php break; case 2: ?> <h2>Files</h2> <?php echo eval($file_form); ?> <?php break; case 3: ?> <h2>User Info</h2> <?php echo eval($user_form); ?> <!-- And so forth --> <?php } I believe that i am following your model pretty closely, correct me if i made a mistake model-wise, but of course this pseudo-code runs into a problem, so how do you suggest resolving it?

Ustream, youtube live or any similar service should work for you. I DJ too, by the way. Welcome to scienceforums.

I suppose I will do this in parts: Part 1 So much misinformation in the media, so many lies from the politicians to push their own agenda; but then again, this is typical politics. Luckily I have the ability to read news in multiple languages from multiple sources, including local sources (blogs, forums, personal media), which actually paints a contrasting picture, and it usually does, but man, this one is just so black and white, but about all of this in turn. I will start with personal surprise; Russia, for the first time in 2 dozen years, did not abandon their own people in a foreign territory, and prevented the armed, US-backed nationalists (and dont get any funny ideas here, they are US-backed and they are nationalists) from Maidan, from following up on their moto 'Moskoli na nozhi' (literal translation: Moscovites onto knives), and prevented a genocide in Crimea by voting to support, if necessary, the use of the Russian army to protect Russian people in Northern Ukraine and Crimea. But Instead of sitting and waiting for Maidan to happen in Odessa, crimeans mobilized making any attempt to send armed forces to overthrow locally-chosen government quite a costly endeavor. To reiterate, physically it is the armed eastern-ukranians who are defending their own homes. I would like to start by clearing out a misconception, what is happening in the Ukraine is not a revolution. A revolution, which comes from latin "revolutio" meaning a turn around, is a fundamental change of power or organizational structure. When people denounce a monarch that governs across the the ocean, and establish a republic, that is a revolution, or when socialism is changed out for democracy, those are examples of a revolution. What we observe in Ukraine is no change in the government type, no change in structure, no change in constitution, merely the change of people in control from people-appointed individuals to pretty much self-appointed oligarchs who are bank-rolling a some part of the rebellion. There is an armed rebellion, forcibly taking control of the government and ousting anyone who does not side with them. And where as if the rebellion was stopped, these people would be rightfully convicted for their actions and thrown in jail according to law (any sensible law, US-law included), they are now the law, so, yeah... There is this thing in the US media that drives me insane; sources are taking about Russian invasion of the Crimea. To the point of if you read the news, you get this picture like everywhere you look, there are Russian tanks pushing into Ukraine. But the articles are talking about Pro-Russian forces controlling the airpots, or blocking a military base. But Pro-Russian forces and the armed forces of Russian Federation are quite different things. So where is the diconnect? I have not found a single article where any Russian forces were actually seen outside of their officially-rented naval bases in Crimea. So if there is nothing to substantiate the claims; stop saying that Russia is invading Ukraine, if they were, there would not be a Ukraine already, Georgia only took 3 days... And they totally do have a claim to Ukraine, Russia started in Kiev... While on the topic of history, I saw some very disturbing images of people vandalizing monuments, such as monuments to WWII heroes, somehow rationalizing this. There is nothing that can rationalize destroying or vandalizing monuments to soldiers who died defending your land, your people, regardless of where they came from, they stood, often to the last, to protect the land, the people behind them, and it didn't matter if they were Russian, Tatar, Ukranian or any other (of over a hundred?) people, they did not care. What their political views would have been I don't know, what I do know is that they did not elect the current president, they did not not contribute to the poor economy, they were dead long before there was Ukraine as an independent country; so then who are the people and what are their views that they are destroying history, especially this piece of it? *all i have time for for the moment, so end of part 1*

I am failing to understand what you are asking me to do. The amount of code in the middle is irrelevant, i mean, unless maybe the 2000 lines of html and php code supposed to do something? Am I supposed to write 2000 lines of code? I don't get it. Can you please formulate a problem? Perhaps give me a sample of code that you would like to see re-expressed as i did above. Please be mindful of my time. Also please don't think that this is how I write code, i'm only using this pattern to directly change your code to work without eval, I never serve CSS or JS out of PHP (except if i use a CSS+JS minifier, which acts on static files and runs at caching layer anyways and so doesn't serve the web browser or any html), and i typically build functions/members around html, because i hate repeating even the html code. I also hate jumping out of PHP, so in 99 out of 100 situations my php code has only the php open tag in the beginning of the file.

Not only do i know the functionality of eval, and how it is implemented (in php and javascript), i know first hand of ease of exploitation of eval... I most certainly did, to make it saner... and to make the same exact paradigm work without evaling code. Not only does my version of your code achieve the same result, my redacted version of your code is simpler, securer, faster and shorter... I know why you wrote it. I am still trying to get through to you that you don't actually need to do what you did, that eval is unnecessary for what you are trying to do, and that what you are doing is nothing new. You call the function that will be defined when the eval runs, and append the function definition to the string before you eval the block. needlessly, carelessly and insecurely What happens in your code when i say that my name is system([some command]) Well, let's test it: php > $a='function p($name){ echo "hello $name"; }'; php > $b='alex'; php > $c="p($b);".$a; php > eval($c); hello alex So what does happen? php > $a='function p($name){ echo "hello $name"; }'; php > $b="system('uname -msr')"; php > $c="p($b);".$a; php > eval($c); hello Darwin 13.1.0 x86_64 Oh look i just dropped out to a shell and i didn't even have to try... Let's try a normal design: php > $a=function($name){ echo "hello $name"; }; php > $b='alex'; php > $a($b); hello alex hey look it works the same... But what happens when i try to exploit it? php > $a=function($name){ echo "hello $name"; }; php > $b="system('uname -msr')"; php > $a($b); hello system('uname -msr') So it's shorter, simpler and more secure; POINT!

1: http://lmgtfy.com/?q=2%5E8 you can figure out 2 from there... c: it's not a trick question, you can figure this one out too. the other 2 and 3 can follow this formula (for the most part): http://bit.ly/PADOfi Also it would probably not hurt to read through http://en.wikipedia.org/wiki/X86

http://www.scienceforums.net/forum/35-homework-help/

There's a homework help section for these types of questions.

This feels like probably basic assembly homework...?

What you are not hearing is that you don't need to use the eval construct to solve this problem, I get that you need to use eval to execute a string; you shouldn't be executing a string to begin with, unless it is absolutely necessary and there just is no other way to do something, which is not the case here. There is no need to use it, there is no reason to use it, it is extremely unsafe and insecure, I hope that this is just an experiment. <?php $snippet10 = function($msg = "",$message_stat = "") { $name = "Samiul"; $address = "world,"; $message = $msg; ?> <table> <tr> <td>Name</td> <td>Address</td> <td>Message</td> </tr> <tr> <td> <?php echo $name ?></td> <td> <?php echo $address ?></td> <td> <?php echo $message ?></td> </tr> </table> <?php }; // Now i could create many more snippet like $snippet10, say $snippet11,$snippet12 // A -- Not only that, you can even put them in an array or a hash for more intuitive referencing // This would be much more optimized and cleaner with a switch statement if($cond == "test1"){ $msg= "WELCOME TO MY WORLD"; $message_stat = 'new_stat'; $BODY = $snippet10($msg,$message_stat); } elseif($cond == "test2"){ $BODY = $snippet12($msg,$message_stat); } elseif($cond == "test3"){ $BODY = $snippet11($msg,$message_stat); }else { - - - } // You could create more variable like $BODY ?> <html> <header></header> <body> <div>Header</div> <div><?php $BODY ?></div> <div>Footer</div> </body> </html> @Endy0816 Oh how I wish that was true... I give this exactly 2 minutes: http://www.exploit-db.com/exploits/30471 http://packetstormsecurity.com/files/118420/Network-Shutdown-Module-3.21-Remote-PHP-Code-Injection.html http://www.exploit-db.com/exploits/27941 http://www.exploit-db.com/exploits/22929 *Shrug. Thats from just a quick exploit-db search... Also i am not trying to be aggressive, I understand that i can come off as such, but it is for a good reason. Security and software are one of the very few passions of my life, so sometimes i can get a bit too passionate about it and defy my typically very respectful social convention. It's not because i don't like you, it is because i believe that any software should be secure and safe for the users who use it.

I only looked out of courtesy, don't, there really is nothing worth spending time on. Yes, in programming it's called a function, in object oriented programming it is called a member of an object. In Most of the website the header and footer are static and body part will be changed.Suppose I need 10 different web pages and each page header and footer will be same and only body part will be changed. Ok, i will try to walk through this in more conventional design pattern to see where what you propose is clearly better. So if i have a static header and footer, i have them in a file called includes.php, and i have 2 functions called header() and footer(). Then if my body is significantly different, then i may create 10 pages, otherwise these pages can be a request to the same php page that will have some variable indicating which body to generate. Suppose that the pages are significantly different, then i will have 10 pages plus 1 include file, with the rough strucuture of the page being: require_once('includes.php'); echo header(); // Body code goes here echo footer(); If i really wanted though i can just as easily keep all the code in one page, and build the page based on some get variable for example. If i wanted to go extreme, the page would never reload and just ajax request all the bits, pages and data. Ok, with you, i did that for the second approach and created 10 functions in include.php, you could create 10 pages to use each one of them, or you could create 1 page that serves one according to some rule. Why? There is no necessity to eval that code, the eval mechanism use is completely unnecessary, and extremely prone to security issues.

If you want to look at areas of unsolved problems in OSes, just for example, look at hypervisors and virtual networking, which, there are projects right now that don't even do IPv4 yet with something like 1.2 million lines of code... Trick there is providing a virtual network that works with real networks, and works like a real network, only it is not, and runs as a process... Just an example of an unsolved problem in OSes

No actually eval doesn't exist so you can do this, that is only assuming that "this" is what he actually does in his code. In fact PHP doc specifically says: I read the code, and the pdf is just silly; I also just re-familiarized myself with the sample code, and the people at my coffee shop were a little concerned about the look on my face... What happens there is that you take the fundamental problem in web security, and you extend it from occurring on mysql and javascript sides to also be applicable in php for good measure. The sample code breaks the data/code barrier at every level in the stack, this is not good. You could have just as easily built the $BODY as a function of $name, and then not evaled, but simply executed the function when putting the template together. And that would already be more secure, and it changes only a little syntax. instead of <?php eval($BODY) ?> you would have <?php $BODY(); ?>, and $BODY definition would literally just not have single quotes around the function, and the function name will have to be taken out maybe. The only other thing i can see is that you may have to add global $name in the beginning of the $BODY function to get access to $name. But that would already be much more secure.

Operating Systems are always under development, and there are tons of unsolved and improvable problems. Both areas are difficult and interesting, with tons of unsolved problems; regardless of which one you pick, you won't have a dull day...

Just because computers operate in binary, doesn't mean that we can't express more complex states. And it's not a matter of not being able to express complex states, because more often than not, things boil down to much simpler states than we think about. For example on one hand, every language on earth is different, some more complex than others, but if you were building a system to represent language, you would start by breaking languages into the sounds, which would significantly cut down the states needed to represent a language, then you cut the sounds down into their patterns, and at the end of all of that you find that representing the language as a set of rules and words, which are themselves a set of sounds, which are themselves a pattern of wave frequencies and amplitudes, which themselves can be stored in whatever base you want (like base 2), and we see that even though a computer can only operate in 2 states, it is indeed enough to be able to represent them speaking any language on the planet. I would have to consult my linguist friends, there is a name for this concept though...

So i have, at least what i think to be an interesting problem. Wondering if you have solved this a different way maybe, of if there is a solution you know of, or maybe just thoughts on how you would approach/implement this. So i have a dataset that is prone to sudden bursts of change, lets say value of A over the course of 10 seconds changes 10 times. The interim states of A are not important to me, but a settled state of A especially in case of the change of A is important. So i am looking for a datastructure that will keep data in a key-value pair, and allow it to change rapidly, but then as some time passes (perhaps a minute, or a few minutes), i need to know that A has entered a settled state, and then act on it. It feels sort of like memcache, with the only difference that when memcache times out data, it simply removed data from the data set, so that next time you request it, it simply returns nothing, but it doesnt trigger any action when data times out, and it also just nulls the data.

Just some notes from the original post: Its Garry Kasparov, if someone cares to bring up a person as reference, I believe they should take care to use their actual name, also, and this is not as relevant here, but also express that person's actual opinion. Between fuzzy logic and genetic algorithms, a computer program can be programmed to improve on its own strategy. Big Blue like Raspberry Pi are just computers, they don't think, they don't do anything to interact with you, everything they are claimed to do are work of the cleverness and ingenuity of the programmers behind the programs that those machines run As to how complex computers are, you would have to define what you are accounting for in the definition of complexity. And that quote is from 1998, and computers have only been getting exponentially more complex since then, worm brains, last i heard, have not changed recently. There is a lot of philosophical questions to answer too, for example, if you transfer your mind to another body exactly teh same as yours, then are you the same person, and so if you live in a computer simulation, are you, you?

Personal realizations about recursion: It is more elegant to use recursion when appropriate from code-poetry side There are indeed things that can be done with recursion that can not be solved with loops (without significant complication) In compiled languages recursive loops are about as fast as loops, though in optimization stages when those are unrolled sometimes which does actually make loop code often faster, but i digress. In interpreted languages recursive calls are significantly slower than loops.

That is however a poor approach to solving this problem, short of implementing a full parser for a language, which is impractical, the programmer way is to use regular expressions, but those can be either too broad, or have potential to be bypassed. That part actually goes with a language theory; you can't parse a context-free expression with a regular expression. Simple example if you would like to ponder, ask yourself if you can parse html with a regular expression? but how can you tell, say, what IP adress sent out that specific request.Networking 101, HTTP is an application layer protocol. And if the user/hacker were clever enough could they send a string to the server that would mask their IP? No, they can change their ip other ways, but they can not send a string that will mask their ip on the server, networking 101.