WTF Bites

Lorne Kates

why does this exist?

CREATE VIEW [dbo].[DB_VIEW_GetCurrentDate]
AS
SELECT     GETDATE() AS currentdate
GO

And why is it used like this:

DECLARE @StartingDate datetime
SET @StartingDate = (SELECT TOP 1 currentdate FROM dbo.DB_VIEW_GetCurrentDate)

izzion

@lorne-kates
Can't speak to the first question, but using it like that makes sense if you're going to use the date as a date stamp for a LastChanged / Created field later in the procedure -- calling GETDATE() on every query later won't return the same value for all rows.

AIUI, though, GETDATE() doesn't require any special permissions to call, so you should be able to replace the view with a direct call to GETDATE() in the procedure.

djls45

@cvi said in WTF Bites:

@djls45 said in WTF Bites:

You could also simply create a basic abstract class that has a virtual destructor.

Err... this is about creating that abstract class? Or what exactly is your point here?

Requiring all of the functions in the "interface" to be public and abstract eliminates the ability of the class to have default implementations, which could easily increase the amount of code that needs to be written, since now the base class with the defaults itself has to inherit from an "interface".

Whether or not interfaces are a worthwhile thing to have is a different discussion, though. But I'd nevertheless like to point out that anything COM will involve a lot of them, so at least the idea of exposing APIs just through interfaces with only public virtual pure functions is not that far fetched.

Complex types would still need their own specializations for the assignment, copy, comparison, etc. operators. This does nothing to address that.

It addresses the case where you have a lot of types with very similar behaviour. But it neatly addresses the problem with very simple types that are mostly just a pile of boiler-plate code.

For example, have you ever tried to define a BitmaskType with a scoped enum? It's something that's rather common in the standard library (perms, launch, ...), and it's a pain each time. One solution is to use a pile of ugly macros. This would eliminate the need; in fact, with the proposal you could define a bitmask meta-class that allows you to just say bitmask SomeBitmask { one, two, three };, and that would automatically take care of the values too (i.e, set them to 1<<0, 1<<1,...). And as a added bonus, the declaration is rather upfront about what it is.

All of that sounds like it would just turn the C++ standard libraries into something along the lines of the morass that is the JS ecosystem.
If you want to expose an interface to an API, an abstract class works just fine.
We also seem to have different opinions on the difficulty of writing a bitmask. Adding it to the language would just create more that programmers, especially including later developers and maintainers, would have to remember or track down, instead of just seeing one = 1<<0, two = 1<<1, etc. and instantly knowing what each one means. I think, in part due to being able to alter how classes work, it would actually reduce standardization, which is one of the big draws for C++, even today.

dkf

@djls45 said in WTF Bites:

All of that sounds like it would just turn the C++ standard libraries into something along the lines of the morass that is the JS ecosystem.

I find the discussion fascinating, since a lot of the time a bitmask is really a set of (boolean) flags for capabilities. Some languages go one further and make that explicit; you specify a collection of names for the flags and the system works out how to do that efficiently for you.

Other times the bitmask can be other things. (For example, in network addresses or graphics…)

Atazhaia

Seems part of my motherboard is experiencing some wildly different temperatures there...

(Current | Min | Max)

cvi

@dkf said in WTF Bites:

Some languages go one further and make that explicit; you specify a collection of names for the flags and the system works out how to do that efficiently for you.

Yes - this is exactly one of the things that you could under the meta-classes proposal. The difference being that it isn't built into the language directly, but rather that the language gives you the tools to define such yourself. And if it's common enough, it can be added to the standard library (something which is apparently more likely to happen for minor improvements such as this one, compared to a very special-purpose language extension).

topspin

@djls45 said in WTF Bites:

All of that sounds like it would just turn the C++ standard libraries into something along the lines of the morass that is the JS ecosystem.
Adding it to the language would just create more to remember

You seem to be under the mistaken impression that this still matters to the C++ community. The language is already so insanely complex, this ship has sailed long ago.
We've had Turing complete meta programming for ages, by now it's all about adding new layers of meta onto it. And no useful feature is ever added as is without thinking "how could we make this more general (and a million times more complex)".

dkf

@topspin said in WTF Bites:

We've had Turing complete meta programming for ages, by now it's all about adding new layers of meta onto it. And no useful feature is ever added as is without thinking "how could we make this more general (and a million times more complex)".

I'm waiting for them to define an official way to compile the template metalanguage.

topspin

@dkf said in WTF Bites:

I'm waiting for them to define an official way to compile the template metalanguage.

I'm not exactly sure what you mean (probably a joke?), but it reminds me that Sutter and co. mentioned that for all this the tooling support needs to get a lot better. At least for library developers, there ultimately needs to be a (much better) way to debug the compile time code.

cvi

@djls45 said in WTF Bites:

We also seem to have different opinions on the difficulty of writing a bitmask.

You seem to confuse difficulty with inconvenience. There is this talk which introduces the idea of a waist high shelf - something that isn't 100% necessary, but useful and convenient. This is one of them. As @dkf mentions, other languages have bitmask (sets of flags) built-in; that's unlikely to happen in C++ for a number of reasons (too specialized is a common one, though). And by abstracting this a bit, it's trivial to allow more than 64 (or whatever the width of your uintmax_t is) flags, while still remaining convenient to use (unlike the struct X { unsigned one : 1; ... } approach).

I'm also with @topspin here. The complexity boat sailed some time ago. The thing to do now is to try to simplify the complexity once it's been explored and understood (see constexpr/if constexpr, template-using etc). But that shouldn't mean that we should shy away from useful features because they seem "too complicated" (there are other languages that fill that niche, and do so much better because they never went where C++ went).

Filed under: Embrace the complexity. You can do it too!

PJH

@topspin said in WTF Bites:

"how could we make this more general (and a million times more complex)"

auto.

Scarlet_Manuka

@erufael said in WTF Bites:

@djls45 Also if someone currently hasn't uploaded anything, and they didn't get the memo cuz they never uploaded anything, but then did upload before the discontinuation, they'd prolly be a bit upset.

It would be easy enough to send out a differently worded alert to people who hadn't uploaded anything. For instance, you could cut out the part about "make sure you migrate all your content off the platform" and just say "you won't be able to use it any more".

@atazhaia said in WTF Bites:

Seems part of my motherboard is experiencing some wildly different temperatures there...

I told you attaching your toaster to your aux input was a bad idea, but would you listen?

LaoC

@remi said in WTF Bites:

I remember when gcc basically didn't change much for a decade or more. It was just a dependable if rather old part of the system that you just used if you wanted a compiler.

Well, you had to choose whether to use the official or the RedHat version (2.96).

I think that decade included when you had to use egcs if you wanted new features.

Lorne Kates

@izzion said in WTF Bites:

@lorne-kates
Can't speak to the first question, but using it like that makes sense if you're going to use the date as a date stamp for a LastChanged / Created field later in the procedure -- calling GETDATE() on every query later won't return the same value for all rows.

AIUI, though, GETDATE() doesn't require any special permissions to call, so you should be able to replace the view with a direct call to GETDATE() in the procedure.

Yes, that's my point. There's no need for the complicated view. Or the "top 1" because the view will never return more than 1 row.

And also, in the exact same stored procedure, GETDATE() is used several times instead of @StartingDate

fffffffffff

Bulb

@magnusmaster said in WTF Bites:

@bulb Yeah but metaclasses seem to be used to add language features, not to make writing template classes or functions easier.

Since when is reflection about making writing template classes easier? Reflection, usually with attributes, is mostly about adding language features too. For example serialization.

LB_

Amazon's automatic update technology is so hi-tech you don't even notice when Amazon Drive updates itself.

In all seriousness, it definitely used to be automatic.

Zecc

@atazhaia said in WTF Bites:

(Current | Min | Max)

Systin Chapel
Vladimir CPutin
Auxtin, Texas

Bulb

From our Artifactory:

dkf

@bulb What's the WTF?

Bulb

@dkf The date format.

dkf

@bulb dd-mm-yy HH:MM:SS zzzz is a WTF to you? You need to get out more.

Carnage

@onyx said in WTF Bites:

Take those tendrils and JAM THEM!

Sounds like the weirder end of japanese anime.

pie_flavor

@carnage Chinese anime, on the other hand...

Bulb

@dkf said in WTF Bites:

@bulb dd-mm-yy HH:MM:SS zzzz is a WTF to you? You need to get out more.

Yes, it is. It is not client locale's default. It is not server locale's default. (Neither is any of as, es_CL, fy, kok, my, nl, rm, sv_FI, te, wo) It is not default of JavaScript. And JavaScript Date.toLocaleString won't even let you create it by hand, because it only uses the standard formats and the skeletons.

Therefore somebody had to get a date formatting library and explicitly specify this format. And that is definitely a .

japonicus

A certain Berlin-based business college evidently use a networked scanner that returns scans by email (via a UK-based secretarial services company).
That's sort of OK - though a bit convoluted - provided that you use the correct email address. They don't.

For the past three weeks I've received a constant stream of student resumes and application forms. The address used has vaguely similar initials, but completely wrong domain and wrong country.

When it first happened I immediately replied to them - thinking that would be the end of it. I've tried contacting twice more since then, also copying-in the hapless students whose application forms are going astray. Still no joy.

The somewhat secretary is now clearly working on her personal tax returns :) (tax id numbers, payroll details etc.)

Were I more evil than I am I could stir up a lot of trouble.

dkf

@japonicus said in WTF Bites:

Were I more evil than I am I could stir up a lot of trouble.

Don't stir up trouble! Report them for violating data protection rules. That's avoiding as much trouble as possible.

Bulb

@japonicus said in WTF Bites:

A certain Berlin-based business college evidently use a networked scanner that returns scans by email (via a UK-based secretarial services company).
That's sort of OK

It would be sort-of-OK if it was tied to their own Exchange servers with direct access to them, because they (can) actually store stuff encrypted behind the scenes, so it is reasonably protected even from a nosy administrator and even if you don't encrypt at the user level. But through the open internet and relaying through a third party, no, it's not.

coldandtired

WTF Youtube!

topspin

@coldandtired
The "incel" thread is ... ... I don't know, somewhere in the garage.

bb36e

@coldandtired The lady doth protest too much, methinks

Bulb

@coldandtired Yeah, YouTube should only recommend this kind of videos to psychologists and psychiatrists looking for prospective clients. Most others are better off not knowing.

PleegWat

@lorne-kates said in WTF Bites:

@izzion said in WTF Bites:

@lorne-kates
Can't speak to the first question, but using it like that makes sense if you're going to use the date as a date stamp for a LastChanged / Created field later in the procedure -- calling GETDATE() on every query later won't return the same value for all rows.

AIUI, though, GETDATE() doesn't require any special permissions to call, so you should be able to replace the view with a direct call to GETDATE() in the procedure.

Yes, that's my point. There's no need for the complicated view. Or the "top 1" because the view will never return more than 1 row.

And also, in the exact same stored procedure, GETDATE() is used several times instead of @StartingDate

fffffffffff

And it breaks if you call it just before midnight?

Greybeard

@bulb Guess what ticket I filed just yesterday.

Get someone to set Admin / General Configuration / Date Format to yyyy-MM-dd'T'HH:mm:ssZZ

Filed under: yyyy-MM-dd'T'HHssZZ

DCoder

[SECURITY] [DSA 4163-1] beep security update

It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.

Summary: beep is a Linux CLI tool that makes noise through your PC's internal speaker. For security reasons, you can't make noise if you're an unprivileged remote user. There is a documented workaround for that restriction, which was found to have its own security issues.

Someone jumped at the opportunity to make another vulnerability-with-a-logo from it, too: https://holeybeep.ninja/

cvi

So. Apparently some computer crapped out some 1000km from here, and as a consequence I get to spend another 30-40 minutes squeezed into a cattle class economy seat before we can take off. Modern technology is awesome.

PleegWat

@dcoder said in WTF Bites:

[SECURITY] [DSA 4163-1] beep security update

It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.

Summary: beep is a Linux CLI tool that makes noise through your PC's internal speaker. For security reasons, you can't make noise if you're an unprivileged remote user. There is a documented workaround for that restriction, which was found to have its own security issues.

Someone jumped at the opportunity to make another vulnerability-with-a-logo from it, too: https://holeybeep.ninja/

alias beep echo -ne "\a"?

heterodox

@dcoder said in WTF Bites:

Someone jumped at the opportunity to make another vulnerability-with-a-logo from it, too: https://holeybeep.ninja/

Holey Beep is the latest breakthrough in the field of acoustic cyber security research.

Am I vulnerable?

Most likely! If you have beep installed as setuid and it was compiled with a certain compiler version and options and your machine is compromised, [...]

With that long list of prerequisites, that's an interesting definition of "Most likely".

I can't tell if this Web site is supposed to be facetious.

TimeBandit

@heterodox said in WTF Bites:

I can't tell if this Web site is supposed to be facetious.

From the website

Holey Beep is just a simple privilege escalation bug.

Please run this command to find out: curl https://holeybeep.ninja/am_i_vulnerable.sh | sudo bash
If your computer is vulnerable it will beep.

Run a command with sudo, if it works, you're vulnerable.

Carnage

@timebandit said in WTF Bites:

@heterodox said in WTF Bites:

I can't tell if this Web site is supposed to be facetious.

From the website

Holey Beep is just a simple privilege escalation bug.

Please run this command to find out: curl https://holeybeep.ninja/am_i_vulnerable.sh | sudo bash
If your computer is vulnerable it will beep.

Run a command with sudo, if it works, you're vulnerable.

Well, if you go around the internet pasting sudo commands into your CLI, you damn well are priviledge escalation vulnerable. Your OS might not be, but you are.

heterodox

@timebandit said in WTF Bites:

Run a command with sudo, if it works, you're vulnerable.

Uh, yeah. Just looked at the script:

#!/bin/sh
# TODO: Backdoor this machine?
modprobe pcspkr
beep -l 1000 -r 3 -f 44000

Great. Fuckers.

blakeyrat

@timebandit said in WTF Bites:

Please run this command to find out: curl https://holeybeep.ninja/am_i_vulnerable.sh | sudo bash

Ok I'm no expert at Lunix but doesn't that tell you to just run some random-ass script from some random-ass web server with zero code signing or anything and admin permissions?

Erufael

@blakeyrat Yes.

blakeyrat

@erufael So this is a fake "security disclosure" designed to put malware on people's machines? Great.

Erufael

@blakeyrat As I understand it, the vulnerability is real, but this is just a b.s. site about it.

Carnage

@blakeyrat said in WTF Bites:

@erufael So this is a fake "security disclosure" designed to put malware on people's machines? Great.

The script also has a pretty fucking great todo comment in it. For varying definitions of great. :D

heterodox

@blakeyrat said in WTF Bites:

@erufael So this is a fake "security disclosure" designed to put malware on people's machines? Great.

Not malware, it just beeps three times at them but it's still annoying.

topspin

The bickering about Steam in the Status (?) thread reminded me I still have a 7 year old account. Wait, this works on Mac?

Now, what exactly is that start menu they're speaking of? Choices, choices...

Bonus WTF: Posted this in the wrong thread.

topspin

@heterodox said in WTF Bites:

Most likely! If you have beep installed as setuid and it was compiled with a certain compiler version and options and your machine is compromised, [...]

With that long list of prerequisites, that's an interesting definition of "Most likely".

I can't tell if this Web site is supposed to be facetious.

Highlighted that for you.

EDIT: I've skimmed through it, that website is fucking hilarious.

How do I uninstall Linux?

I want to brand my next vulnerability. Can you make a logo for me?
Great idea! Please contact our sales department.

Why didn't you choose the name Dirty Beephole?
We don't know. The world would be a better place.

PleegWat

@pleegwat said in WTF Bites:

@dcoder said in WTF Bites:

[SECURITY] [DSA 4163-1] beep security update

It was discovered that a race condition in beep (if configured as setuid via debconf) allows local privilege escalation.

Summary: beep is a Linux CLI tool that makes noise through your PC's internal speaker. For security reasons, you can't make noise if you're an unprivileged remote user. There is a documented workaround for that restriction, which was found to have its own security issues.

Someone jumped at the opportunity to make another vulnerability-with-a-logo from it, too: https://holeybeep.ninja/

alias beep echo -ne "\a"?

I'm surprised nobody called me out on this yet, but these two are not equivalent. However in most cases the echo does what you actually want.

beep causes the machine executing the command to beep. This may well be a server in a server room somewhere.
echo -ne "\a" causes the terminal or windows SSH client to emit a notification signal. This is probably not a simple PC speaker beep, but may cause a flashing window, a OS-default notification sound, or whatever else is configured. It may also be ignored entirely. Regardless of what happens, even if you execute the command out on a server somewhere, as long as the output is appearing in a window on your machine that's where the notification will be generated as well.

LB_

More fun in the Twitch Uploads/Premieres saga: