Hacker News new | past | comments | ask | show | jobs | submit login

It's also at 010.010.2056 or 0x8080808 or 01002004010. I made a little tool a while ago that iterates over all the options that I know of:

https://lucb1e.com/randomprojects/php/funnip.php?ip=8.8.8.8

The variant found by OP is apparently the very last option that my tool generates. These days, Firefox is a bit boring (okay, okay, I'll admit it's a good choice for security) and translates these at the first opportunity. Even hyperlinks are translated on hover in the 'status bar' (if we can still call it that). For mobile users, this is what it shows when you paste one of those addresses in Firefox: https://snipboard.io/kbLTso.jpg




Octal is a great way to mislead both human beings and software, and I kind of hope it gets removed by browsers as a result of this new attention. It’s one of those things that isn’t productive or useful in any way in our modern era and serves only to complicate with no benefit in return.


Octal as a base is fine, but that misleading notation where starting with a 0 means octal is not.


Probably useless in the browser, but who uses octal in general? I assume it's still important in some areas (networking?) but I don't actually know.

Only thing I can think of personally is UNIX file permissions.


I would refuse any PR that used octal unnecessarily, and I generally ask people to use chmod plus-addressing rather than octal where possible, so that there’s a lower risk of math errors and a higher chance of good review.

0644|0755: a=rX,u+w

0600: u=rw

Etc.


This is funny for me to read because I converted a bunch of constants for file permissions to octal values in the Linux kernel because they're harder to read and there's multiple ways of arriving at the same value.

You wanna look up what a constant is and you find

    #define S_IRUGO  (S_IRUSR|S_IRGRP|S_IROTH)
or you could see 0444 and immediately know what it means.

I agree in cases where you're modifying existing permissions it's much better to do a `chmod u+w` than to replace the whole thing with octal. When you're defining permissions at the time of creation though, everyone can parse 0644 at a glance.

a=rX,u+w isn't so bad but I don't know if I'd prefer it personally, in code where you can't use chmod syntax I'm definitely preferring octal.


How do you represent a=rX in octal?


Oh, I didn't know what X did and made assumptions.

If you split file permissions into two halves - defining the initial permissions / modifying something that already exists - I can see how it makes sense to do both with the same syntax since modifying existing permissions is worse with octal.


+1 for

    <?php
    if (isset($_GET['source'])) {
        highlight_file(__FILE__);
        exit;
    }
This is such a useful and nice snippet I add to many of my PHP files. Open Source at its finest, literally "in place" :-)


What does it do?


It prints the source off itself, when source is present as a query parameter:

https://lucb1e.com/randomprojects/php/funnip.php?source


If you provide the GET parameter "source" (which means you try /the-url?source"), it prints a pretty-printed version of the source code.

So basically it allows the reader to read the source directly without hunting it down on github of something.


Doesn’t this just highlight that php development ecosystem doesn’t value quality much? What even is a “file” in context of a web request? What about dependencies or logic defined in other files?

This is just bizarre, I can’t see a sane codebase where this would be preferable to going on GitHub and pressing “.”


> Doesn’t this just highlight that php development ecosystem doesn’t value quality much?

As opposed to which web development ecosystem exactly? The only web development ecosystem with overall decent quality software that I could come up with is Java, and their understanding of quality is... enterprise-y.

Give me a mature PHP framework over a NPM dependency tree, python web framework, or ruby on rails any day. At least when looking for 'quality'. Relatively.


Which PHP frameworks do you have in mind?


Laravel, or any Symphony based framework is a great choice.

PHP is a very modern and mature language at this point. If the first thing you think of is Wordpress, then you’re behind.


I agree with these points although going back to the grandparent comment, the value of being able to show the source code of a controller with these frameworks by appending a query string is close to zero.


And how relevant do you think highlight_file is for symphony or laravel?


Probably none.


On the contrary, doesn't it highlight that the PHP development ecosystem values simplicity? That is, a simple application (which this is) can be contained within one file, rather than something requiring several folders, dependencies, and an 'init' command?

I don't understand your criticism and I suggest you might not either.


The irony of thinking files and folders are too much for simple app and also praising a feature that is in direct relation to php’s MO of conflating codebase folder structure with requests’ path.

Edit: this reminds me, I was like this too at the beginning of my dev career, I also was completely in favor of this supposed “simplicity” of php, only much later, thanks to hickey’s nice talk I realized that I was confusing simplicity with ease.

https://www.infoq.com/presentations/Simple-Made-Easy/


Sorry, I don't understand your first point, even after reading it several times. I think I might have inferred what you meant by looking at the second (edited in) point, but I'm not sure.

Are you suggesting that it is bad that PHP applications often have a request path that relates to the folder structure?

In other words, are you suggesting that simplicity means an application should not have a request path that relates to the folder structure?

To give an example, are you saying it's a bad thing that example.com/profile/ loads /profile/index.php, rather than passing /profile through a single controller function to identify what code should be responsible for handling it?

The first approach actually seems pretty straightforward paradigm and it's what most new programmers would expect. Adopting a MVC/routes method is more complex and arguably overkill for a simple application.

If that is what you are contending, it should be said that PHP does not require this approach. Although it is often a preferred approach, because it doesn't depend on additional web server configuration.


I’m not suggesting, I’m saying that conflation is mother of confusion. Conflating request path with file path is not a great idea, especially for new developers that get a mental model of how web apps work that is completely irrelevant for the rest of their careers.


There's plenty of large PHP projects that adopt this paradigm. Is it really fair to say it will be completely irrelevant for the rest of their careers?

Also, let's not lose sight that this arises in a context of criticism of the model adopted for programming a simple form. This is just a simple one page form. More complex or abstract paradigms or design patterns is overkill.


You replace your “init” command with some VIMming of your nginx configuration.

The next on the line is that PHP doesn’t even need anything like version control because you can just copy files over SFTP.

PS: if your project is simple enough to fit in a single file I would argue that most of the time you may use absolutely anything (including a Google Sheet) and you would be equally happy with the results.


__FILE__ returns the path to the source file in which it's used. It's from C's equivalent preprocessor macro.


This program, "ip4dec", converts lists of IPv4 addresses to decimal and prints them as unsigned integers. Wrote this while experimenting with storing domain->ip mappings in a trie, such as https://github.com/tlwg/libdatrie

Name borrowed from https://github.com/ian-hamlin/ipdec

Note the trietool "list" command prints data as decimal not unsigned integer.

   sed -n 's/   //;wip4dec.l' << eof
    /* 
       not a domain name or ip address validator 
       input file format:
       (left-justified, no leading spaces)
       example.com 93.184.216.34 
       example.net 93.184.216.34 comment
    */
    int fileno(FILE *);
    int setenv(const char*,const char*,int);
    int unsetenv(const char*);
    #define echo do{if(fwrite(yytext,(size_t)yyleng,1,yyout)){}}while(0)
    #define jmp (yy_start) = 1 + 2 *
    int x=0,y=0,o=0;
   xa [0-9]{1,3}\x2e
   xb [0-9]{1,3}
   xc [0-9]{4,5} 
   xd ^[A-Za-z0-9\.-]+
   xe ^[^A-Za-z0-9]
   %s xa 
   %option noyywrap nounput noinput
   %%
   {xd} if(yytext[0]=='-'||yytext[0]=='.')jmp 0;else{o=0;y=0;x=0;setenv("x",yytext,1);jmp xa;}
   {xe} jmp 0;
   <xa>{xc} jmp 0;
   <xa>{xa}|{xb} {
    switch(o){
     case 0: y=atoi(yytext);if(y<1)break;x=y*16777216;y=0;o++;break;
     case 1: y=atoi(yytext);if(y>255)break;x=x+y*65536;y=0;o++;break;
     case 2: y=atoi(yytext);if(y>255)break;x=x+y*256;y=0;o++;break;
     case 3: y=atoi(yytext);if(y>255)break;x=x+y;printf("%s\t%u\n",getenv("x"),x);unsetenv("x");break;
     default: break;
     }
    }
   .|\n
   %%
   int main(){ yylex();exit(0) ;}

   eof

   flex -8iCrf ip4dec.l
   cc  -std=c89 -Wall -pedantic -I. -pipe lex.yy.c -static -o ip4dec
usage: ip4dec < input-file


This program, "ip4dec", converts lists of IPv4 addresses to decimal. Wrote this while experimenting with storing domain->ip mappings in a trie, such as https://github.com/tlwg/libdatrie

Name borrowed from https://github.com/ian-hamlin/ipdec

Note the trietool "list" command prints data as %d not %u. To fix, edit list_enum_func() in trietool.c

   sed -n 's/   //;wip4dec.l' << eof
    /* 
       not a domain name or ip address validator 
       input file format:
       (left-justified, no leading spaces)
       example.com 93.184.216.34 
       example.net 93.184.216.34 comment
    */
    int fileno(FILE *);
    int setenv(const char*,const char*,int);
    int unsetenv(const char*);
    #define echo do{if(fwrite(yytext,(size_t)yyleng,1,yyout)){}}while(0)
    #define jmp (yy_start) = 1 + 2 *
    int x=0,y=0,o=0;
   xa [0-9]{1,3}\x2e
   xb [0-9]{1,3}
   xc [0-9]{4,5} 
   xd ^[A-Za-z0-9\.-]*
   xe ^[^A-Za-z0-9]
   %s xa 
   %option noyywrap nounput noinput
   %%
   {xd} if(yytext[0]=='-'||yytext[0]=='.')jmp 0;else{o=0;y=0;x=0;setenv("x",yytext,1);jmp xa;}
   {xe} jmp 0;
   <xa>{xc} jmp 0;
   <xa>{xa}|{xb} {
    switch(o){
     case 0: y=atoi(yytext);if(y<1)break;x=y*16777216;y=0;o++;break;
     case 1: y=atoi(yytext);if(y>255)break;x=x+y*65536;y=0;o++;break;
     case 2: y=atoi(yytext);if(y>255)break;x=x+y*256;y=0;o++;break;
     case 3: y=atoi(yytext);if(y>255)break;x=x+y;printf("%s\t%u\n",getenv("x"),x);unsetenv("x");break;
     default: break;
     }
    }
   .|\n
   %%
   int main(){ yylex();exit(0) ;}

   eof

   flex -8iCrf ip4dec.l
   cc  -std=c89 -Wall -pedantic -I. -pipe lex.yy.c -static -o ip4dec
usage: ip4dec < input-file

example:

   echo example.com 93.184.216.34 icann|ip4dec
output:

   example.com 1572395042


It's weird that this is just a side-effect of the way strtol works, but there's no way (that I can figure out) to get + or - involved.


It can't only be that, or 127.1 would not work. It is doing some parsing beyond just calling a parseInt on each of them in order to recognize domain names and use name resolution rather than directly putting the bytes in the IP header. That must be why 0x9000000.-16250872 doesn't work (if negative worked, that should also resolve to 8.8.8.8).


All of this weird behavior is generally inet_aton. https://linux.die.net/man/3/inet_aton


I looked into this a while back, IIRC BSD added the "omit zeroes" as a nonstandard convenience feature and other OSes copied it. I'm far afk for I'd find my notes on this.


It's not "omit zeroes". It's, "represent the last three octets with just one integer".

127.256 is valid, and would be equivalent to 127.0.1.0. The last integer can be up to 16777215 (2²⁴-1).

Similarly, if you instead include three groups of integers, the first two represents one octet each, and the last represents two. 127.2.256 is equivalent to 127.2.1.0.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: