LWN: Comments on "Fuzz and strings"

--all option to choose to do less extra stuff?

mpr22 — Thu, 04 Dec 2014 15:48:22 +0000

How can an option named "--all" sensibly mean "don't use all of the extra capabilities"?

When it means "print all the strings" instead of "print some of the strings".

--all option to choose to do less extra stuff?

perlwolf — Thu, 04 Dec 2014 15:23:27 +0000

How can an option named "--all" sensibly mean "don't use all of the extra capabilities"? I'd expect a --all option to "turn on everything" not "turn off the binary stuff".

Fuzz and strings

jwilk — Sat, 22 Nov 2014 19:34:50 +0000

-a/--all will be default in binutils 2.25:
https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;...

Fuzz and strings

oever — Fri, 21 Nov 2014 09:51:04 +0000

Yes, there is a more efficient way to do that. You can make that command roughly 8x faster by using + instead of \;. Also, you do not need to escape the {}.

find . -type f -name '*.txt' -exec grep foobar {} +

The difference between \; and + is that \; runs the command for each file, while + uses as many arguments as will fit in 128k bytes.

find ~ -type f -exec bash -c 'echo $#' {} +

Fuzz and strings

raven667 — Fri, 21 Nov 2014 00:22:00 +0000

There is a weird dumbbell curve where efficiency matters a lot for small battery powered systems decreasing as battery power increases, very little for single-user desktops and high powered servers, and then very much again in large environments with consolidation and virtualization.

My co-worker has a funny story from when they managed a team in the late '90s, a developer wanted to write software in a high-level language like C++ or something to save half the time and their response was that even if the developer saved half the time, but the thousands of deployed systems required a ram upgrade of $1k each that this would pay for a developer several times over to make the software more efficient and they don't have time or money to do re-work or deploy upgrades so please just make it efficient the first time though kthxbye.

Fuzz and strings

dlang — Thu, 20 Nov 2014 18:44:49 +0000

> May I postulate for consideration a proposition that computers are fast enough these days and we have enough "space cycles" not to worry about things like that for all except the most CPU-intensive or latency-sensitive programs?

This may be true for your personal laptop, but on servers the question isn't "how much spare processor does this system have?" but rather "how many systems do I need to have to serve my users?". If you do something that takes an extra 10% CPU that means that you have to buy 10% more systems.

Fuzz and strings

jake — Thu, 20 Nov 2014 16:37:58 +0000

> readelf is not affected.

good point ... fixed now, thanks ...

jake

Fuzz and strings

xz — Thu, 20 Nov 2014 16:20:41 +0000

readelf is not affected. Its manpage says:

This program performs a similar function to objdump but it goes into more detail and it exists
independently of the BFD library, so if there is a bug in BFD then readelf will not be affected.

And indeed it is not linked to libbfd.

Fuzz and strings

faramir — Thu, 20 Nov 2014 10:58:56 +0000

For a program that you start and leave running for a long time, you might be correct. However if one is running an intensive shell script, it might startup a simple program thousands of times. Or even one-liners like the following:

find . -type f -name '*.txt' -exec grep foobar \{\} /dev/null \;

I'm sure there are more efficient ways to do that (probably xargs), but I still think it is worth considering.

Fuzz and strings

jezuch — Thu, 20 Nov 2014 08:42:29 +0000

> Fedora doesn't build PIEs for everything because of the extra overhead in executing an ASLR-protected binary.

May I postulate for consideration a proposition that computers are fast enough these days and we have enough "space cycles" not to worry about things like that for all except the most CPU-intensive or latency-sensitive programs?