When reading this, I remember that while I was studying computer science back in the early 90s, such programs was known as "polyglot" programs. One such example that circulated on email and usenet groups back then had at least 6 programming languages. After a bit searching I actually found back to that program:
Pretty disappointing that it relies so much on comments.
You can write an arbitrary 'polyglot' program in any N languages that have incompatible comment delimiters: just write the same program in each language and wrap it in the comment delimiters of the other N-1 programs. That's not interesting, though.
That's not enough, if you start with language A's escape sequence /* that must not break languages B, C, D, E or F when starting a file with /* next B's escape sequence must not cause problems with C, D, E, or F. So, they must be different but still compatible.
Sometimes pushing against the boundaries of what can/can't or should/shouldn't be done is entertaining, educational, or both.
I mean, why would you abuse the spindles and armature in a hard drive to walk it across the floor like a poorly balanced washing machine, make a Unix clone for your 386, turn the Green Building into a Tetris game, write a Brainfuck interpreter in TECO, or run Flappy Bird on a Super Nintendo by exploiting bugs in Super Mario World? Seriously, what kind of right thinking person would engage is such perverse, time-wasting silliness? ;)
Prior to seeing those, I was kind of dismissive of Ruby, but seeing those totally changed my mindset about code, and my prevailing opinion of execution environments and interpretted languages and scripting in general.
Great share, but I'd like to kindly suggest that you think again about your conclusions there. You were dismissive of an entire programming language and its community (we've all been there), and then 1 member of that community did something impressive, and you changed your entire opinion of said language and community (I guess most of us have been there too).
Wouldn't it be a much more interesting conclusion that there's fantastic people and not-so-fantastic people everywhere and it mostly just depends on where you look?
I mean, HN likes to be very dismissive of PHP but at the same Composer (the de-facto PHP package manager) avoids dependency conflicts entirely and provably because it contains a home-cooked SAT solver[1]. In PHP. Tackling an NP-complete problem without breaking a sweat. To me that's both super-awesome and sensible at the same time.
Maybe stereotypes about programming communities have more to do with marketing and accidental who-happens-to-be-most-prolific and less with the language or community just being good or bad.
> I mean, HN likes to be very dismissive of PHP but at the same Composer (the de-facto PHP package manager) avoids dependency conflicts entirely and provably because it contains a home-cooked SAT solver[1]. In PHP. Tackling an NP-complete problem without breaking a sweat. <
Any idea where can I find more details on that. The slideshow you linked does not provide enough information.
Well, I'd like to kindly suggest that you think again about your assumptions, regarding why I was dismissive of Ruby. Ruby was still kinda/sorta new-school in 2013. Yet another technology stack as far as I could tell. Ruby was not quite a thing yet, back in 2008 or so. Probably because Rails was still pretty much somewhat "new."
Back in 2008, I still had yet to learn that Ruby was a compiled language, and that Rails was a runtime environment for web applications. In corporate enterprise 401k cubicle farms, there were only hushed mentions of Ruby among hobbyists as early as autumn, 2009 (the first time I remember hearing tell of such a thing). And mostly among those who developed on Macs, which was actually a little bit rare back then. Ubuntu was similarly revolutionary at that time, even if LAMP stacks were well established.
"Wouldn't it be a much more interesting conclusion that there's fantastic people and not-so-fantastic people everywhere and it mostly just depends on where you look?"
This seems like a strange comment. Your parent suggests that your grandparent should have made a specific different interpretation, and you respond that the suggested interpretation is different?
The awk byte-compiles the initial Forth dictionary into the C file; if you edit the C file, you then run it (as a shell script) and it updates the byte-compiled word definitions. Then you can compile it as a standalone C program.
Amazingly, this was actually the simplest way to solve the problem...
But that's not really surprising, it's each character as a unicode escape (see section 3.2 of the Java spec). It's possible in any language that allows escaped code points.
Most languages only tend to allow them in string literals, or identifiers. Java is fairly unique in that it has a pre-processor that replaces those throughout the source code before actually compiling. Which means that a lot of benign-looking source code can have fairly surprising behaviour, such as exhibited in the polyglot where
> Binary tricks to evade identification, detection, to exploit encryption and hash collisions. * artistic binaries - why they are possible, how they work. - quines - polyglots & chimeras - schizophrenic - AngeCryption - hash collisions
The presentation video and slides are available. It has examples of mixing multiple binary formats together, including valid files for one format which, when decrypted, produce another valid format.
\u000A\u002F\u002A is the unicode for the beginning of a multi-line comment (\u000A\u002A\u002F being the end of one). The Java compiler will translate it as a comment while the PHP interpreter will ignore it (see https://www.reddit.com/r/ProgrammerHumor/comments/50guhc/thi... for more info).
So if you want to sneak in a back door, all you need is the right excuse to put some unicode escapes in a block comment, and you can hide your code in plain sight.
I tried this in Eclipse, and the one saving grace is that while the basic syntax highlighting doesn't pick up on most of the de-commented part, the code intel seems to do an actual parse, and does a very subtle highlighting of "someService". (Edit: After reopening the file, that highlight is gone and it looks like a normal comment).
But if I saw that, I think I'd just assume the syntax coloring was messing up. And of course, if I'm looking at the code in GitHub, it will look just like a normal comment.
GitHub definitely needs to know about this due to their popularity and subsequent lowest-common-denominator status (which isn't a bad thing, just the truth); this sort of attack only requires a PhD in how to use the clipboard, and not any other particular knowledge or skillset.
Since the escape sequences have to be handled everywhere, it seems unlikely that this will ever be fixed completely, but I hope that something will be done about it.
* C (89)
* C (99)
* C++
* Haskell (multiple extensions, not sure how that works)
* Bash
* ZSH
* Posix SH
* Make
* Perl 5
* Perl 6
* Ruby
* Python
* Brainfuck
* HTML
Also interesting are document formats wherein one would embed other document formats. Examples would include embedding malicious files within a PNG; it'd typically start with distributing a PDF file:
The trick here relies mostly on comments that are valid for one language, but not the other (abusing Java's Unicode preprocessing). There are language pairs that offer no provision at all for embedding parts of code that another language won't see or misinterpret. E.g., I haven't been able to write a batch file that also works as a PowerShell script yet, although you can write a batch file that doubles as a VB script through clever use of a conditional jump.
Oooh, right. So, I guess there's some pairs that are incompatible. Hmm :(
Maybe it also work for computationally equivalent (simulation/emulation) math where you're decompiling the machine language into a stream of logical NORs or such. That might connect more languages.
amusing and fairly cool. That calling a non-static function in a static context in the PHP file bothers the heck out of me for some reason, though. (maybe since my coworkers always mess it up).
From the sublime to the ridiculous. When this community is looking for something ridiculous, we find it on Github. Even at the height of hilarity, there is a turn for the nerdy.
We have enough problems in creating programs. This is the equivalent of an instagram selfie or math geek with a favorite way to generate a pattern of numbers, where someone is trying to be overly clever just to say "look it's clever"...it's just noise.
http://www.csd.uwo.ca/~magi/personal/humour/Computer_Audienc...
It is both valid C, Pascal, COBOL, FORTRAN, Postscript, Bash, ksh and apparently also 8086 machine code (.com).