WTF Bites
-
@levicki said in WTF Bites:
Oh man, I see no way this can backfire:
https://docs.microsoft.com/en-us/deployoffice/microsoft-search-bing says (well, TFA also said this):
if Bing is already the default search engine, the extension doesn't get installed.
So the sole purpose of the extension is to change the default search engine.
Does this mean by default Bing running on Edge already displays local results? :O
Edit: kept reading. So it's not local at all, it just pulls results *waves hands* from the cloud (if you're logged in).
-
No dots!
The system I've built for the government has to have filters like that "for security" and the security group wouldn't let us put the production servers online without them. No amount of explanations would make them understand.
Now that it's been live for a year I plan on removing those validation rules, because they are dumb.
-
Now that it's been live for a year I plan on removing those validation rules, because they are dumb.
And then some time later there'll be the inevitable hack which you'll be blamed for, because without you knowing some moron touched the backend and also replaced the escaping and stored procedures and stuff because "they're dumb".
-
Now that it's been live for a year I plan on removing those validation rules, because they are dumb.
And then some time later there'll be the inevitable hack which you'll be blamed for, because without you knowing some moron touched the backend and also replaced the escaping and stored procedures and stuff because "they're dumb".
We don't have any escaping in our code but let the ORM deal with that. We use parametrized named queries in JPA. Sure, someone might start doing string concatenation out of pure dumb, but you can't protect against dumb on a source code level. You have to do that on a management level. Don't hire, or keep, idiots.
-
Don't hire, or keep, idiots.
You mean those people who wouldn't listen to you explain that these rules are dumb?
-
You mean those people who wouldn't listen to you explain that these rules are dumb?
Well, no.
My po, pl, tl and lol are all on board with the rules being dumb. Those are responsible for the hirings.
SÄK is an entirely different entity in the organization.Not that that has prevented the hirings of some astoundingly inept front end developers. For backend, where my word is law, idiots don't get their code through code review.
-
-
-
So, apparently, SÄK sent out a mail a few minutes ago with a specification of how to mitigate injection attacks, and it's all about scary unsafe characters and whitelisting/blacklisting. There is not a single word on how you actually handle things, like never injecting untrusted data into a place where it will be interpreted without using the platform provided escaping functions.
And they are going to edumacate us lowly devs later on. I will probably be pretty hard to educate.
Also, they use git to get tracability on who did what when. I'm gonna have fun asking them how they mitigate history rewrites.
-
-
@Carnage And what are they going to tell Mr. O'Neill after he fails to sign up for their service?
-
@Carnage And what are they going to tell Mr. O'Neill after he fails to sign up for their service?
Considering the whitelist of "approved characters" there will be more than him. A lot more.
Not to mention companies and organisations.
Or the text areas that will hold legalese.
-
scary unsafe characters
You probably don't want to allow non-printable characters in, that's true.
-
Or the text areas that will hold legalese.
Who would ever want to use words like select, delete, or where in their legal texts?
-
Who would ever want to use words like select, delete, or where in their legal texts?
I'll just truncate bobby tables then
-
@Carnage Raymond Chen has a fun series you can stump them with.
-
@TwelveBaud said in WTF Bites:
@Carnage Raymond Chen has a fun series you can stump them with.
That's one of the few things I skipped. I could make it through most of the assembly series, but git is too much for my simple mind.
-
@topspin Recently I took a look at some of his "airtight hatchway" posts. Fun stuff
-
Ordered a camera. This came up after finishing the order:
Did you know that we also have...
Broken images? Well, I now know you also serve that! I shall use my new camera to take non-broken images myself however, I kinda prefer those.
-
The ASP.NET Core documentation, everyone. This is the main web framework of a trillion dollar company.
-
Don't hire, or keep, idiots.
Wait. You said government. I'm pretty sure you can't fire anyone. (My old boss now works for the county - he once commented it's very different working with unions. Once someone is hired, they (the employee) practically have to kill someone before the boss can fire them. Even then, it'll take months. Not doing their work is not a fireable offense.)
-
Unpacked the knife set I picked for this year's christmas gift from work. As there sadly was no edible option this year, otherwise I preferred that. So I got my
Báss
Best Steel Kitchen Knife
High Quality Stainless Steelwhich of course have five points of knife advice:
Afterusing knife,wash and dry immediately with a dry cloth.
For longer life on the knife,do not use it on glass or ceramic worktop.
For safety,do not take it by hand,when knife drop dowm.
Do not test sharp by finger.
Keep and store knife away from Children easy to reach.
-
Not doing their work is not a fireable offense.
It isn't with us, not exactly, but people who don't work end up not being able to find funding and getting “encouraged to find a more suitable employer” when the money runs out. The people who get permanent jobs tend to be the ones with track records of doing work even when they don't have to.
-
Don't hire, or keep, idiots.
Wait. You said government. I'm pretty sure you can't fire anyone. (My old boss now works for the county - he once commented it's very different working with unions. Once someone is hired, they (the employee) practically have to kill someone before the boss can fire them. Even then, it'll take months. Not doing their work is not a fireable offense.)
This particular project has a rather extreme staff turnover. It's just me left of the team that started out 18 months ago. And the replacements for the first gang is also entirely gone.
Some quit on their own, some was sent packing.I'm mostly hoping they'll find someone competent for frontend, then the two of us could get everything done. 😄
-
At code review I noticed today I implemented something twice, because I forgot I had already done that after lunch. Then I found a Jira history I created for doing it again, that would be a 3rd time...
-
WTF of my day: So, I've subscribed to XBox Gamepass Ultimate. Worthwhile for me and today I got an email where the campaign creator obviously didn't set the query parameters correctly. Because it offered me a subscription for XBox Gamepass (sans Ultimate) for 1€ for three months if I was a new subscribor...
... but that reminded me to have a look at my current subscription options. Because the usual deal is when you subscribe for longer periods of time then you effectively pay less (e.g. 5€ for one month and 14€ for three months)
Yeah. Someone at Microsoft seems to subscribe to the opposite notion:
Also: "your subscription will be changed to 23.01.2020-monthly invoices on the 3"
MS is always good for a WTF.
Yesterday I tried to reset a friend's Microsoft account password because her Windows phone (in her defense, she doesn't have a lot of money and got it as a present) is all fucked up, giving only error messages of typical redmondian helpfulness ("error 805a0190 occurred") when you try to open the appstore. MS' forum lists six completely unrelated possible reasons (apparently having "SMS Backup" on can affect my ability to open the appstore? ), one of which requires checking the region settings in the account. Obviously you can't do that in the settings, because, see, the region setting on the phone doesn't simply change the one in your account, they're independent settings and they have to match, or shit breaks all over the place.
Obviously she doesn't know her password to check that setting. No problem, after all, that account is linked with her phone number, right? Click "recover password", receive SMS, enter code—nope. Apparently, not all codes are created equal. It took three attempts for them to recognize their own code they just sent me. And yes, I did copy them correctly. Of course they make you wait like 10min between attempts so you don't sap their SMS budget.
In the end it turned out they've gone the exact opposite route with Windows Phone than with the backwards-compatible-to-1789 desktop Windows: now that Windows 10 is out, they simply shut down the app store for 8.1 but Windows is too dumb to tell you in plain text. "Error 805a0190" means "fuck you, buy a new phone"
-
Ze Chermans are teh moddern! Look, you can send encrypted mail to their Federal Buraeu of Information Securityin!. S/MIME, naturally, not that amateur shit called PGP.
Oh, never mind certificate validity, it's secure, we tell you!
-
never mind certificate validity
Is it the validity period or the certification path? (I could check, but ) The the Germans have some really odd rules about the latter if I remember right (from joint projects with them). I've never heard of anyone else bothering with that level of bureaucratic nonsense.
-
never mind certificate validity
Is it the validity period or the certification path? (I could check, but )
I’m not going to check either, but the plain text already contains an expired period, so it’s at least that.
The the Germans have some really odd rules about the latter if I remember right (from joint projects with them). I've never heard of anyone else bothering with that level of bureaucratic nonsense.
Bureaucratic nonsense is one of our main products. Be glad we don’t sell most of it.
-
@topspin I think the US'ians already got a sizeable portion for their HOAs.
-
@topspin I think the US'ians already got a sizeable portion for their HOAs.
Must be an early immigrant export from Swabia.
-
-
@levicki said in WTF Bites:
Every few weeks DAZ 3D shop sees a release of another "DAZ Original" character bundle built upon the Genesis 8 base female figure shape
I read that three times and I'm still not sure I understand it
Just to be clear, this is a different Daz to the washing powder brand, yes?
-
@anonymous234
I would tap that
-
@levicki said in WTF Bites:
happened to femininity?
What do you mean? An honest question, that. Everybody seems to have their own definition of what that means.
-
@levicki said in WTF Bites:
happened to femininity? Does every female character nowadays has to be a badass bitch?
I see you're more info the obese side...
-
-
25,000 GET!
-
@levicki said in WTF Bites:
Every few weeks DAZ 3D shop sees a release of another "DAZ Original" character bundle built upon the Genesis 8 base female figure shape
I read that three times and I'm still not sure I understand it
Just to be clear, this is a different Daz to the washing powder brand, yes?
Daz 3D, is a 3D content and software company specializing in providing rigged 3D human models, associated accessory content and software to the hobbyist as well as the prosumer market.
-
-
@levicki said in WTF Bites:
happened to femininity? Does every female character nowadays has to be a badass bitch?
Since the dawn of time, artists have always had only two modes of operation when portraying women: badass tomboy or hopeless damsel in distress. There's never been any middle ground - the only thing that changes is how often you see one or the other. And it's a cyclic occurence.
https://tvtropes.org/pmwiki/pmwiki.php/Main/RealWomenDontWearDresses
-
never mind certificate validity
Is it the validity period or the certification path? (I could check, but ) The the Germans have some really odd rules about the latter if I remember right (from joint projects with them). I've never heard of anyone else bothering with that level of bureaucratic nonsense.
Their cert expired just before Christmas, and apparently nobody noticed yet. The path is probably a WTF of its own considering that they ask you to import a new root certificate and there's an intermediate cert from Deutsche Telekom, who already have a CA of their own, so Y U NO USE? Or say D-Trust, which is a state-owned company with a CA. Seems like they're the logical choice for the HTTPS cert on the BSI website but the S/MIME shit needs to be more complicated.
I'm not going to check the nasty details either
-
@LaoC it seems patently absurd that BSI can’t get a certificate with a trusted root that comes default installed.
-
@LaoC it seems patently absurd that BSI can’t get a certificate with a trusted root that comes default installed.
It's even more absurd that they obviously can, as demonstrated by their website, but the guy who was tasked with coming up with a way of sending them encrypted email didn't think of that.
-
@levicki Oh please, it's not as if the usual representation of men is so much more diverse.
-
@levicki said in WTF Bites:
@levicki Oh please, it's not as if the usual representation of men is so much more diverse.
Well at least as far as 3D characters go it is. Not all of them are Conan the Barbarian. Also, men don't have the right to complain or they will be seen as biggots "because their complaining diminishes valid complaining made by women".
I see someone is very salty about something here. Please don't apply the interactions you have on the internet to the populace at large.
This forum here should be a prime example of why that is a bad idea.
Also, if you're using the same tone in such arguments as you're showing here then I'm not really surprised that it's not a hit among the ladies.
-
YouTube device activation
The YouTube app on Android offers the ability to connect to a TV. When you do that, it asks for a numeric code that presumably your smart TV will show you in its menu.
Other devices, like the Nintendo Switch, can also be remotely activated on YouTube with a code. However, this option gives you a different, alphabetic, code to enter at some url in a web browser, which is unavailable in the app.
Why can't both these methods be supported in the app? Or better yet, why not just use the same method with the same kind of code?
-
@hungrier update: I just found another option in the Switch menu that uses the numeric TV code that's compatible with the app. So not only are there (at least) two different ways to do the same thing, some devices are apparently smarter than everyone at YouTube, and support both.
-
However, this option gives you a different, alphabetic, code to enter at some url in a web browser, which is unavailable in the app.
What's unavailable in the app? The URL? You're supposed to use a different device.
-
@loopback0 Activating with the alphabetic code is unavailable in the mobile youtube app, but available through a web url. Activating with the numeric code can be done in the mobile app. TVs, presumably, offer just the numeric one (or maybe both). The Nintendo Switch offers both.