Jump to content

  • Log In with Google      Sign In   
  • Create Account

Banner advertising on our site currently available from just $5!

1. Learn about the promo. 2. Sign up for GDNet+. 3. Set up your advert!


Member Since 17 Jul 2002
Offline Last Active Yesterday, 09:30 PM

Posts I've Made

In Topic: Pass anything as constructor without varargs

31 July 2015 - 11:15 AM

Honestly I'm not sure, but I would be happily surprised if VC++ abandoned their implementation of dynamic_cast. The rationale for the strcmp is that it's simple and handles many weird inheritance cases that otherwise could be missed (and typically are handled wrong by Joe Coder's Handmade RTTI Replacement Code).

I haven't worked on the PS4 so I don't know what state their compilers are in first-hand. I understand they're a vast improvement though.

In Topic: Safety vs Efficiency

31 July 2015 - 11:11 AM

I just skimmed the thread, but I'm surprised nobody seems to have categorized this as a trust boundary problem yet.

If your API exists at a trust boundary, you damn well better not crash on bad inputs. In fact, you have a sacred duty to the customer to ensure that you are robust in the face of garbage - or even malicious - data forced into your API. At a trust boundary, unit testing is only one part of the reliability picture; you also need fuzz testing and penetration testing. This applies whether you are working in truly "secure" software requirements land, or just writing an open source library. If there is a difference in how much you trust your caller versus how much you trust your callee, you have a trust boundary, and you better be robust in the face of bad data.

On the flip side, if you're contained in a consistent layer of trust, e.g. internal calls that outsiders do not have access to, fail hard and fail fast.

Always know what the failure mode of your code should be. Anyone telling you it's always the same is lying, naive, or both. When people don't understand trust boundaries and how they relate to failure modes, we get software exploits and compromised systems.

In Topic: Pass anything as constructor without varargs

31 July 2015 - 11:04 AM

Note that it is a common belief that rtti is evil and costly and should be disabled in games. I never understood the rationale for it, in particular in cases where people then go out of their way to reimplement a similar but unwieldy type identification system by hand.

Because many compilers implement RTTI in such a way that it becomes a serious performance liability. dynamic_cast<> should not need to invoke strcmp, for example. People roll their own type ID systems because they can do far better than the available compilers on several major gaming platforms.

In Topic: how to run a cmd command on a remote machine(server) with code

30 July 2015 - 02:35 PM

You can use something simple like HTTP to send requests to the server and have it respond to them. Depending on what your program needs to do, writing it as a web service might make sense, or might not. It's hard to say without knowing more details about the software in question.

Using stuff like PSExec should be treated with extreme caution. If an attacker can run arbitrary programs, or send arbitrary input to a known target program, he can probably take over your machine easily.

In Topic: Multiple items in XML

30 July 2015 - 10:26 AM

Once you get a child element with FirstChildElement() there should be something like a Next() or NextChildElement() call you can make to retrieve the subsequent sibling node from the document.