> The final lib size is few GBs, so distribution may become a problem.
Hahaha!
I admit to being slow; I missed the above sentence the first time, and I actually skimmed the whole thing and made it here to the comments before realizing it was a joke. Reading it again, there are quite a few gems I missed the first time, it's quite funny.
Apparently, the Federal Government, Amazon, Google, and Facebook have known about the security issues of directly using unary negation without the gg-flip table driven approach for some time.
The link claims Shodan found over 20,000 vulnerable government servers and to apply gg-flip immediately.
>>GG Flip is a Golang library which generates the Javascript sign flip library. I preferred Go because lack of generics seemed like a good design choice.
I think Stack Flip is the optimal solution, as it requires very little code and can handle any number, even values the code has never encountered before. The library simply calls out to a web service that posts the question on Stack Overflow.
It should only take a few seconds for someone to post the answer. And the service will then upvote the answer, thus motivating Stack Overflow users to keep providing those results.
Maybe this is a problem we could use ethereum smart contracts to solve. Actually, is flipping a number even in P? Verification is easy - just compare against the negative - but I'm not sure if flipping the number can be done in polynomial time, enumerating all cases (as OP has done) aside.
I was kidding...but I was also thinking of the thread where people were discussing big vs little endian and the idea that since nobody uses big endian any more, it's not necessary to allow for it.
Endianess only matters for how numbers are stored in memory, but operations like bitshifts, boolean operations and arithmetic happen after the number has been loaded into a processor register, so endianess doesn't matter.
Even if that wasn't the case, flipping a two's complement integer requires only negation and addition (as you showed), and those don't really depend on data layout.
The endian-ness is only the in-memory layout of the bits and has nothing to do with how VALUES are treated. 1+9=10, regardless of how those values are stored, similarly 1<<9=512, regardless of how the CPU internally arranges those bits. The same holds true for inverting the value, the internal arrangement of the bits is irrelevant.
Really you only care about endianness when you fail to treat numbers as numbers, for example by treating them as bytes.
There are several security issues related to usage of the negation operator that make it undesirable to use in this situation. The solution presented in the article avoids those holes. It also has the advantage that a switch statement is more explicit than use of a language facility.
Nice, but you really should give some examples, too. Something like:
The Bitcoin client's use of unary negation has caused traders to lose $32.49 Billion over the last three week period, according to a recent study by Price Waterhouse Cooper. From a similar accounting produced by the US Office of Management and Budget, HODLers lost an amazing $1.479 Trillion - That's Trillion with a "T"!
A table-driven Unary NOT solves the issues caused by the use of Bitwise NOTs and direct operator use. To that end, we submitted a pull request. After 4 weeks of repeatedly sending the same pull request to the BC team (and being ignored), we are now disclosing this Bitcoin Client issue for everyone to see. Remember to patch this use in your Bitcoin Client, or your funds may be stolen! If you need to use an editor for this fix, and do not normally program, the use of SED will speed up your client edits tremendously. https://www.gnu.org/software/sed/manual/sed.html*
Now that this critical issue has been disclosed, we strongly urge all Bitcoin users to patch immediately, or their funds will likely be summarily depleted within a week.
Hahaha!
I admit to being slow; I missed the above sentence the first time, and I actually skimmed the whole thing and made it here to the comments before realizing it was a joke. Reading it again, there are quite a few gems I missed the first time, it's quite funny.
BTW check the linked thread on Reddit for more hilarity https://www.reddit.com/r/shittyprogramming/comments/7n35m7/h...