Random Chitchat 2012-2016

tigerw · 09-18-2016, 09:01 PM

(09-13-2016, 07:58 AM)xoft Wrote: I think my bank is retarded. Seriously.

They used to send the monthly account statements (the list of transactions) via email, unencrypted. After I have bugged them over and over again, that sending financial details over a public channel in the cleartext is probably the stupidest thing a bank could ever do, they finally implemented sending the statements "encrypted". So now I get a passworded PDF file, that has an attachment (wtf? did you know PDFs could have attachments in them? I didn't) which is an HTML file containing the transaction list. Why do it simple, when you can jump through hoops? I suppose I should be glad that it isn't "one attachment file per transaction"

Banks here also send by post, which is also cleartext and not perfectly secure. I wouldn't say you're at risk of losing money, maybe just identity theft at most?

Can you elect to use online (website) statements?

tigerw · 09-18-2016, 09:05 PM

(09-15-2016, 04:58 AM)bearbin Wrote: New GitHub changes: https://github.com/blog/2256-a-whole-new...d-features

Would any of these apply to our org? I think we should enforce 2FA at least, do any of the other changes sound good?

I like the project things, am confused about the reviews thing, and look forward to 10 out of 15 members being removed on account of authentication enforcement Tongue

xoft · 09-18-2016, 09:21 PM

@tigerw I can choose not to have the statements sent to me, but then they are only stored at the bank's website and deleted after a year, with no archive available. Not good either.

I'm against 2fa enforcement, it doesn't work globally.

xoft · 09-18-2016, 09:33 PM

My plugin simulator is now "advanced enough" to actually execute the Gallery plugin's Initialize() function in its entirety. I think the API simulation is now pretty good and it's time to move to the big testing tasks - adding more callbacks, test scenarios and specific API implementations.

tigerw · 09-19-2016, 03:14 AM

Now the question is, are you willing to maintain it to keep up with changes over at the C++ side? :)

xoft · 09-19-2016, 04:38 AM

That's the beauty of it - all of the API is auto-generated from the GenerateBindings script (automatically-exported stuff) and the APIDump plugin (manually exported API). So there's almost zero maintenance regarding the API.

tigerw · 09-19-2016, 07:45 AM

So is the simulator just calling callbacks with random values? How are you emulating the server?

xoft · (This post was last modified: 09-19-2016, 09:32 AM by xoft.)

Woo, the simulator has just found its first real error in a plugin:
https://github.com/cuberite/gallery/comm...42a0bfaL94
(A copypasta in Gallery's API function)

More or less yes, right now the simulator just calls the Initialize() function and I'm writing support for fuzzing the command handlers - basically exactly what you said, sending random commands to the registered command handlers just to see how they cope.

The assumption is that later on scenario support will be added - you will be able to define high-level steps that the simulator should simulate (such as "connect player A, connect player B, move A to pos XYZ, execute command C") and at the same time the plugin will react to this.

tigerw · 09-19-2016, 04:35 PM

A plugin fuzzer you say? Pretty impressive. Are you going to have to mock up stuff like cPlayer when you execute hooks?

Seadragon91 · 09-19-2016, 07:09 PM

Wrong return type in description of function cFile:GetFolderContents? Table instead of string?