WTF Bites

topspin

@bobjanova said in WTF Bites:

@topspin said in WTF Bites:

HTML emails have always been a stupid idea.

HTML emails that are allowed to link to external resources. HTML itself - even including scripts, if run in a proper sandbox - isprograms without any bugs are safe enough.

Too many ifs.

boomzilla

@bobjanova said in WTF Bites:

@topspin said in WTF Bites:

HTML emails have always been a stupid idea.

HTML emails that are allowed to link to external resources. HTML itself - even including scripts, if run in a proper sandbox - is safe enough.

Real sandboxing has never been tried. "Simple" strings of characters have been enough to break stuff.

Grunnen

@hungrier Yet those words are only like one letter apart.

Then what about this?

https://i.imgur.com/HIJVawe.png

Chinese, Korean, it all looks the same to Google. Hmm, it sounds quite discriminatory if I write it like that

Zerosquare

Sos Sosowski on Twitter

Zerosquare

A more serious and Polygeekeric WTF Bite:

BadPower attack corrupts fast chargers to melt or set your device on fire

Attackers can alter the firmware of fast charger devices to deliver extra voltage and damage connected equipment.

topspin

@Zerosquare said in WTF Bites:

It's a 1987 book teaching you how to stretch the standard to write the ugliest possible C code.

But look at how modern it is!

auto var = fun(sub) + two;

It uses auto like it's doing 21st century type inference!
Of course, afaict, it just combines the deprecated auto storage class specifier (i.e. stack variable) with omitting the type and using implicit int.

dkf

@topspin said in WTF Bites:

Of course, afaict, it just combines the deprecated auto storage class specifier (i.e. stack variable) with omitting the type and using implicit int.

The evil part of it is how the definition of sub() “miraculously” causes the result of that function to always be 12. That's why that style of function declaration is now very deprecated.

PleegWat

@dkf said in WTF Bites:

@topspin said in WTF Bites:

Of course, afaict, it just combines the deprecated auto storage class specifier (i.e. stack variable) with omitting the type and using implicit int.

The evil part of it is how the definition of sub() “miraculously” causes the result of that function to always be 12. That's why that style of function declaration is now very deprecated.

I must be missing something. Like the definition of sub(), and both the declaration and the definition of fun(int (*)()).

Filed under: No manual entry for fun

dkf

@PleegWat said in WTF Bites:

@dkf said in WTF Bites:

@topspin said in WTF Bites:

Of course, afaict, it just combines the deprecated auto storage class specifier (i.e. stack variable) with omitting the type and using implicit int.

The evil part of it is how the definition of sub() “miraculously” causes the result of that function to always be 12. That's why that style of function declaration is now very deprecated.

I must be missing something. Like the definition of sub(), and both the declaration and the definition of fun(int (*)()).

Here's the whole of the image:

The part I was talking about was at the bottom:

sub()
{   return 12.8; }

topspin

@dkf just shows that the syntax of K&R C was even worse than it is now.
Whoever thought that int two; was a good idea compared to var two: int;? Oh wait, I already answered that.

Polygeekery

Doing a server migration/replacement this week. DNS scavenging was never configured and is not keeping up and deploying the new server has caused DNS issues. Time to manually clear out some old stale records. Let's sort by timestamp and just nuke any old records.

Fuck off Windows Server.

Tsaukpaetra

@Polygeekery said in WTF Bites:

Doing a server migration/replacement this week. DNS scavenging was never configured and is not keeping up and deploying the new server has caused DNS issues. Time to manually clear out some old stale records. Let's sort by timestamp and just nuke any old records.

Fuck off Windows Server.

Yeah, I noticed that a while ago. Such bullshit...

Polygeekery

@Tsaukpaetra said in WTF Bites:

Yeah, I noticed that a while ago. Such bullshit...

That's basic shit. If you can't program a proper sort of the data as it is, then store it YYYY/MM/DD and do the sort that way. Or even display it as such, people can figure it out.

Doing it the way that they have is clown shoes.

TwelveBaud

@Polygeekery
: But "static" is not a date!

Tsaukpaetra

Status: Being told I need to eradicate code from the product from X Company. Such code includes things like:

...
...
.... Seriously?

I don't know how to fight this, but this seems ridiculous. Especially when (for example) the namespaced code is explicitly for my employer, not X's...

Edit: Oh dear, I may be stirring a hornet's nest...

Tsaukpaetra

@TwelveBaud said in WTF Bites:

@Polygeekery
: But "static" is not a date!

A custom formatter that handles that specific case then. 

Polygeekery

@TwelveBaud said in WTF Bites:

@Polygeekery
: But "static" is not a date!

That was not what I was objecting to.

djls45

@dkf said in WTF Bites:

@PleegWat said in WTF Bites:

I believe scientific consensus here is that wearing a bicycle helmet causes more risk through increased recklessness than they prevent through protection. This may be influenced by NL having a lot of dedicated bicycle infrastructure - a bike on a separated bike lane is a lot less likely to run into a car than one on the main road.

It's one of these statistical things that you have to be very careful with. Helmets make people feel safer so they're more likely to be reckless, but they also make people actually safer so they're more likely to survive an accident and are more likely to not need medical intervention when an accident happens.

My dad has a friend that's a motorcycle instructor in the Pheonix, AZ area, and he requires his family to all wear full leathers and a helmet whenever they ride. He says that at highway speeds, it doesn't matter too much whether you wear a helmet in a wreck or not, except for one thing: with a helmet, you can have an open casket.

djls45

@Luhmann said in WTF Bites:

@dcon said in WTF Bites:

Which is also useful for protecting against branches when on the mountain bike.

so much this ... I just this week had a serious encounter with a low hanging branch. It made a massive *tonk* sound.
Always wear protection during mountain biking: a helmet and goggles.

wait ... always wear two protection items during mountain biking: a helmet, goggles and gloves

Would you like to come in again?

djls45

@Tsaukpaetra said in WTF Bites:

I don't know how to fight this, but this seems ridiculous.

Of course it's ridiculous. Copyright shouldn't apply to boilerplate code that exists in virtually every system that uses that library. </>

But your company has already licensed it, right? So there ought to be no problem with using it. </>

Just remove the mentions of [[X Company]] from the comments.

Steve_The_Cynic

@topspin said in WTF Bites:

@Zerosquare said in WTF Bites:

@Gąska said in WTF Bites:

@Zerosquare still doesn't make it any less silly. Why have passwords at all?

Because Win9x machines could be part of a network, and thus need "real" login credentials for accessing network resources.

For non-networked machines, it didn't matter ; Win9x had no local security anyways. In addition to full disk access, any application could load and run kernel-level code without any check from the OS.

Of course, it seems now, but back then it was considered acceptable ; I believe MacOS Classic had no real security either.

Without hardware support, all "security" is meaningless. When did we get protected mode and virtual memory, 386?
The lack of a security model in Windows 9x was then surely all backwards compatibility.

Protected mode as a thing in the x86 CPU dates back to the 286. Think back to the three modes of Windows 3.1: Real, Standard and Enhanced. Real mode was what it says, essentially a copy of Windows 1 and 2's only mode of operation. Enhanced mode was for 386s and better and used 32-bit protected mode(1). Standard mode was like Real mode except it used 16-bit protected mode and required at least a 286.

But hey, I remember in 1987 using Microsoft Xenix on 286-based PCs.

Gąska

@Tsaukpaetra said in WTF Bites:

...
...
.... Seriously?

Thank the idiots in legal department for fucking up the contract and not obtaining full rights to that code.

Tsaukpaetra

@Gąska said in WTF Bites:

fucking up the contract

Much like my employment contract (which I have not seen or signed), I want to see it!

Gąska

@Tsaukpaetra remind me, why do you even work there at all?

Tsaukpaetra

@Gąska said in WTF Bites:

@Tsaukpaetra remind me, why do you even work there at all?

Haven't yet found a new place. Will start to seriously search Soon™

Jaloopa

@Polygeekery said in WTF Bites:

@TwelveBaud said in WTF Bites:

@Polygeekery
: But "static" is not a date!

That was not what I was objecting to.

Was it the 25 month years?

Tsaukpaetra

@Gąska said in WTF Bites:

@Tsaukpaetra said in WTF Bites:

...
...
.... Seriously?

Thank the idiots in legal department for fucking up the contract and not obtaining full rights to that code.

I'm seriously pondering starting a new thread on this topic.

Opponent's position is kinda odd in my opinion:

Like, what?

"Oh, they paid someone to write some code. Therefore we owe them money in perpetuity because they had someone write it and we use it. No matter if it's literally a copy-paste of something someone else wrote, we still gotta pay!!!"

Gąska

@Tsaukpaetra said in WTF Bites:

@Gąska said in WTF Bites:

@Tsaukpaetra said in WTF Bites:

...
...
.... Seriously?

Thank the idiots in legal department for fucking up the contract and not obtaining full rights to that code.

I'm seriously pondering starting a new thread on this topic.

DO IT!

Opponent's position is kinda odd in my opinion

The first line is all you need to know. The legal fucked up and now they're making it your problem.

Tsaukpaetra

@Gąska said in WTF Bites:

The legal fucked up and now they're making it your problem.

Yeah, that's my mini-ultimatum.

Show me where we have to pay for the boilerplate code, or I'm not going to do this.

Zerosquare

@Gąska said in WTF Bites:

@Tsaukpaetra remind me, why do you even work there at all?

A game with no players.
A developer with no colleagues.
A job with no work contract.

Nothing is what it seems.

@Tsaukpaetra's Paradox, coming soon in a theater near you.

topspin

@Zerosquare said in WTF Bites:

@Gąska said in WTF Bites:

@Tsaukpaetra remind me, why do you even work there at all?

A game with no players.
A developer with no colleagues.
A job with no work contract.

Nothing is what it seems.

@Tsaukpaetra's Paradox, coming soon in a theater near you.

A server with no up-time.
A sex-addict with no sex.

Steve_The_Cynic

@dkf said in WTF Bites:

The part I was talking about was at the bottom:

sub()
{   return 12.8; }

Nothing miraculous about that. The definition, if you can call it that, of K&R C says that if the type is omitted in a context where it can be inferred, it is int. So sub() at the beginning has the type omitted, and therefore the inferred definition in modern C, e.g. C89/90 is:

int sub(void)
{
    return 12.8;
}

Some compilers might yammer about the implied cast from double to int.

And this inference still survives in reasonably common usage in one place even in C++17, and probably C++20. There is no C/C++ type specifically called just unsigned. The compiler infers that you mean unsigned int.

Gąska

@topspin said in WTF Bites:

@Zerosquare said in WTF Bites:

@Gąska said in WTF Bites:

@Tsaukpaetra remind me, why do you even work there at all?

A game with no players.
A developer with no colleagues.
A job with no work contract.

Nothing is what it seems.

@Tsaukpaetra's Paradox, coming soon in a theater near you.

A server with no up-time.
A sex-addict with no sex.

ONE MAN

pie_flavor

@djls45 I think that's the first time anyone's written '</>' and actually have it be the thing I'd write. Congration.

Jaloopa

@Tsaukpaetra said in WTF Bites:

@Gąska said in WTF Bites:

@Tsaukpaetra said in WTF Bites:

...
...
.... Seriously?

Thank the idiots in legal department for fucking up the contract and not obtaining full rights to that code.

I'm seriously pondering starting a new thread on this topic.

Opponent's position is kinda odd in my opinion:

Like, what?

"Oh, they paid someone to write some code. Therefore we owe them money in perpetuity because they had someone write it and we use it. No matter if it's literally a copy-paste of something someone else wrote, we still gotta pay!!!"

I mean, technically you having seen the code means you trying to reimplement it would be problematic. You know the implementation and would rewrite it almost the same (because there aren't exactly thousands of ways to do something this simple).

You need to hire someone else who never gets to see the original code and is just told what outcomes are needed

PleegWat

@Tsaukpaetra said in WTF Bites:

@Gąska said in WTF Bites:

The legal fucked up and now they're making it your problem.

Yeah, that's my mini-ultimatum.

Show me where we have to pay for the boilerplate code, or I'm not going to do this.

If their license seriously covers code like that, you may have been contaminated by having seen their code. I would recommend having person A rip out the problematic code and person B who never saw that code nor talked to person A fix the holes. Which would still result in pretty much the same code but probably a better CYA.

EDIT: by @Jaloopa

Zecc

And make sure the person designing the new code is in a clean room.

dkf

@Zecc Quick, get a duster and deal with those cobwebs!

loopback0

@Zecc said in WTF Bites:

And make sure the person designing the new code is in a clean room.

Another reason to exclude @Tsaukpaetra now we've seen his desk

CarrieVS

Found in the wild this morning:

try {

} catch(Exception e) {
	Logger.info("Failed to send SMS for new message to %s", customer.id);
}

No, there's no snip there. I assumed this was cowardice - someone taking out the code to send the message but wanting to make the very minimum changes possible even if the result was this kind of absurdity - but as it turns out from commit history, just an accident. Someone went through the entire codebase 2.5 years ago inserting try-catch around every instance of SMS sending code, and in this particular instance they evidently goofed. And didn't test every path.

Steve_The_Cynic

@Tsaukpaetra said in WTF Bites:

@Gąska said in WTF Bites:

fucking up the contract

Much like my employment contract (which I have not seen or signed), I want to see it!

If you have neither seen nor signed it, you don't have a written contract. In there's a clear definition of the "default" employment contract, one that's somewhat biased toward the employee, and employers therefore have an incentive to provide a more specific one. In other countries, especially "common law" jurisdictions like or , all bets are off.

bobjanova

If you haven't signed an employment contract then you have whatever statutory rights your country gives to employees. Given that an employment contract isn't even valid where it violates those rights, and things like post-employment non-competition clauses are not really enforceable anyway, an employment contract is a fairly meaningless piece of paper in most places, imo.

But at least here in the UK it's standard practice to have one and to sign it and keep a copy.

Regarding 'remove all code done by Company X', yes, you absolutely should require seeing the thing that mandates you to do that, because it's stupid and almost certainly isn't actually true. Code written specifically for one customer for consultancy money is almost always considered the property of the customer (i.e. you), and the com.MyCompany implies that too. So if that's not the case someone must have some good evidence that that's not true.

I also agree that if you end up having to rewrite it because of legal fuckery, it has to be someone who hasn't actually seen the code that needs replacing who needs to write the replacement.

El_Heffe

@Steve_The_Cynic said in WTF Bites:

Protected mode as a thing in the x86 CPU dates back to the 286.

Protected mode on the 286 was weird. There was no command for switching from protected mode back to real mode, because Intel figured you would never want to leave the wonderful utopia of protected mode once you got there. A program (e.g., early versions of Windows) had to use the HLT (halt) instruction to force the CPU to switch back to real mode.

boomzilla

@Polygeekery said in WTF Bites:

@TwelveBaud said in WTF Bites:

@Polygeekery
: But "static" is not a date!

That was not what I was objecting to.

Yeah but it's the kind of objection you'd get from a programmer. Ask me how I know.

boomzilla

Writing a REST method to receive an uploaded file along with basic metadata (title, some hierarchy / pseudo directory-like information, etc). The information shows up as a (java) Map.

I'm checking the id of the thing to see if this is a new file or updating an old file. So a new file should have a null id. Via the wonders of serialization a null value becomes a string: "null".

djls45

@Gąska said in WTF Bites:

@Tsaukpaetra remind me, why do you even work there at all?

That's an easy one: they keep paying him.

Steve_The_Cynic

@El_Heffe said in WTF Bites:

@Steve_The_Cynic said in WTF Bites:

Protected mode as a thing in the x86 CPU dates back to the 286.

Protected mode on the 286 was weird. There was no command for switching from protected mode back to real mode, because Intel figured you would never want to leave the wonderful utopia of protected mode once you got there. A program (e.g., early versions of Windows) had to use the HLT (halt) instruction to force the CPU to switch back to real mode.

Really early versions of Windows were real-mode only. It was also more common, at least at first, to just ask the keyboard controller to reset the CPU. (HLT doesn't directly force anything. The CPU continues to tick although it's mostly idle, and while there are motherboard circuits to detect a frozen CPU - technically "shut down" - HLT just waits for the next interrupt, although I'm not sure what it does if interrupts are disabled. The "easiest" way to shut an x86 down is to force an exception inside the double-fault handler.)

dkf

@Steve_The_Cynic said in WTF Bites:

In other countries, especially "common law" jurisdictions like or , all bets are off.

In law (especially English law), you can have an employment contract without it being written. It's very unwise as it becomes really difficult for either side to prove anything in the case of a dispute, but the contract only really requires a “meeting of minds” (i.e., the actual agreement that you'll do the work and they'll pay you for it) and that the other terms of the contract do not violate any law. This has all been enormously litigated over (quite possibly far enough back that shares the same case law) and is extremely well settled. It's tended in recent years to come up much more in the definition of what standard working practices are (as opposed to remuneration and ownership of the outputs), as those are much less commonly written into contracts.

Statute always overrides. The consequences of that are… complicated and depend on exactly how the contract is interpreted. See a very expensive lawyer for details.

topspin

@djls45 said in WTF Bites:

@Gąska said in WTF Bites:

@Tsaukpaetra remind me, why do you even work there at all?

That's an easy one: they keep paying him.

Yeah, are you sure about that?

djls45

@topspin Well, no. I'm not sure, but if he's not being paid, then he's doing volunteer work. Which is fine, if that's his hobby or he wants to support their cause out of the goodness of his heart. But (AFAIK) that would mean that he's (technically) not employed, so the question of an employment contract is moot.