[tor-talk] XKeyScore code authenticity - genuine [was: messing with XKeyScore]

coderman coderman at gmail.com
Sun Jul 6 17:30:01 UTC 2014


On Sun, Jul 6, 2014 at 7:11 PM, coderman <coderman at gmail.com> wrote:
> ...
> a regexp rule like:
> '''
> extractors: {{
>     bridges[] =
> /bridge\s([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}):?([0-9]{2,4}?[^0-9])/;
>   }}
> '''
> is both written by a novice regexp'er, and also took them a bit of
> time. more than they'd spend on an example.


i should have clarified this statement.  this is code someone wrote to
get a job done.  they are pulling bridge addresses out of text (email
bodies?) and getting a job done.

this is fine code and similar to what you'd see in any production environment.

this is not what a regexp guru would use to show their ability to
tightly match with sparse efficiency.

it is also not so simple that a non-PCRE fluent person would use it as
a fictitious example.


to be clear: all signs point to this being real code a person wrote to
get a job done - parse out bridge addresses from text.  the signs
point toward this code being legitimate depricated code, even if not
currently useful.

the code do not point toward this being a non-fictitious example, and
it seems Robert even alludes to as much with.
 "One interesting thing to note about the port number is that it
captures the first non-digit character after the number as well. This
is obvious[sic] a bug, but since it's usually whitespace, one that
doesn't impact the system."
 - implying he believes this is a legitimate rule, and also not
written by an expert.


best regards,


More information about the tor-talk mailing list