WTF Bites
-
Besides, comments is such a common feature of every possible language/format that everyone expects comments to be available.
In every language, yes. In every format, no, definitely not. There are no comments in CSV, GSER or MIME either nor in any of the text-based protocols like HTTP, FTP or SMTP. They are not expected to be there. JSON is closes in purpose to CSV or GSER, so comments are not expected there either.
-
ASN.1 is not a data format, it is a schema format.
I was probably thinking about BER or DER, but the ASN.1 OID mess is its own special piece of horrible.
-
@dkf Yes, OIDs are an abomination.
-
@remi JSONC is pretty simple, but that's a different (albeit related) thing. If you want it, say that's what you want.
-
Besides, comments is such a common feature of every possible language/format that everyone expects comments to be available.
In every language, yes. In every format, no, definitely not. There are no comments in CSV, GSER or MIME either nor in any of the text-based protocols like HTTP, FTP or SMTP. They are not expected to be there. JSON is closes in purpose to CSV or GSER, so comments are not expected there either.
Fair enough.
Though I guess the key question is still whether a stream-of-bytes following that format is likely to be seen (and possibly edited) directly by a human -- typically, because it's written in a text file that is produced/consumed by an application. HTTP or FTP almost never are, so it's no big deal they don't have comments. CSV/JSON, OTOH, very often are -- and therefore I'm pretty sure people have tried many times to put comments in there, even if the standard doesn't allow it.
You might argue that this is people misusing stuff and I wouldn't disagree when it's stuff that is both produced and consumed by an application and where the human is just peeking in between the two (e.g. a CSV file exported from
foo.exeand read bybar.exe). But when those formats are used for things that are intended to be produced by humans (typically stuff like configuration files), then they become a language. And humans expect to be able to put comments in them.(this is IMO even more of an issue with JSON since it was explicitly designed to be human-readable and thus should have foreseen this use by human -- and therefore the need for comments!)
(then again as I said before, I don't into JSON, ever, so I'm probably just spouting bullshit here)
-
@remi JSONC is pretty simple, but that's a different (albeit related) thing. If you want it, say that's what you want.
Well I guess my line of thinking is that it's a bit weird (IMO, which isn't a very informed O) that there is a need for JSONC rather than JSON itself being JSONC.
-
@dkf The pain in the back end with JSONC is that it only allows comments, but not trailing commas. When you want to write it by hand, you want JSON5. That also allows trailing commas, unquoted keys and a few other things from JavaScript to make it more pleasant to write by hand.
-
- I would prefer if JSON was even stricter, because for data objects, written out from code, the less insignificant difference there can be between serializations of formally equal objects, the better.
- There would really not be much issue if standard libraries of common languages just added support for JSON5 in addition to plain JSON.
-
There would really not be much issue if standard libraries of common languages just added support for JSON5 in addition to plain JSON.
You're starting to see it happen, but you're more likely to see "we'll consume it, but won't produce it" than anything else.
-
@Watson well as the meme goes, "life, uh, finds a way."
People will likely abuse comments, that's true, but if you don't explicitly allow for comments, people will find a way to abuse the language itself (maybe with unused keys or whatever) to put in comments. And then they will abuse these "comments" in an even worse way because they will think themselves smart by using language features inside their "comments."
Something something about the universe designing greater fools.
I've seen a few data structures with the field "comment" littered all over just for this very reason. I had an itch in my palm begging for a face to slap for days after seeing it.
-
@dkf Well, since JSON5 is superset of JSON, producing plain JSON is generally fine. Except if you want to patch a JSON5 configuration, which is special-enough case that I wouldn't expect it from the standard library.
-
@Watson well as the meme goes, "life, uh, finds a way."
People will likely abuse comments, that's true, but if you don't explicitly allow for comments, people will find a way to abuse the language itself (maybe with unused keys or whatever) to put in comments. And then they will abuse these "comments" in an even worse way because they will think themselves smart by using language features inside their "comments."
Something something about the universe designing greater fools.
I've seen a few data structures with the field "comment" littered all over just for this very reason. I had an itch in my palm begging for a face to slap for days after seeing it.
… just like you'd have a column ‘comment’ in a CSV table. It's actually … better than having comments in the format, because comments in the format would be discarded by most transformations, but the extra attributes in objects are likely to stay around.
The key should be "$comment" though
-
The key should be "$comment" though
Or "@comment".
Still doesn't beat putting comments in DWARF files using symbols with leading spaces in the name.
-
@Zecc Bard I don’t know about, Midjourney is a bit… special. Basically they have a web app that is a gallery (+billing portal) but the principle way of engaging is via Discord - so you sign into the web app to manage your subscription via OAuth from Discord and you engage with it otherwise via Discord DM to feed it prompts etc.
-
Basically they have a web app that is a gallery (+billing portal) but the principle way of engaging is via Discord
That’s it, I give up.
Y’all might think that’s not insane and I should just get with the times already, there’s good reasons to do it that way, but I’m just too
and grumpy for this “modern” idiocy. Heck, I’m not even that old.
-
Did you ask Bard for help, or possibly Midjourney?
Are they usable without creating accounts?
I'm asking out of mild curiosity. I don't see myself using them anyway.
Stable Diffusion can be used online for free:
You can also run it locally:
GitHub - Stability-AI/stablediffusion: High-Resolution Image Synthesis with Latent Diffusion Models
High-Resolution Image Synthesis with Latent Diffusion Models - Stability-AI/stablediffusion
-
@topspin Hey, it could be worse still. They could make you feed it prompts by miming them in a tiktok video, by writing them on a piece of paper (on a wooden table) and sending them a photo of it via instagram, or *shudder* via Microsoft Teams.
-
@topspin Hey, it could be worse still. They could make you feed it prompts by miming them in a tiktok video, by writing them on a piece of paper (on a wooden table) and sending them a photo of it via instagram, or *shudder* via Microsoft Teams.
Are you trying to not be a Teams Player? We are a 100% Teams Player environment here…
-
We are a 100% Teams Player environment here…
If any manager type ever says that even just half seriously, I'm out. Nuke that place from orbit, it's the only way to be sure.
-
People will likely abuse comments, that's true, but if you don't explicitly allow for comments, people will find a way to abuse the language itself (maybe with unused keys or whatever) to put in comments.
And that's a better world than semantically meaningful comments, because you don't get screwed over if your parser does the sensible thing and discards comments without notice. "Unused keys or whatever" can always be accessed if you learn about them.
-
maybe with unused keys or whatever
That was my first randomly generated workaround. Just put the describing text as another value with the key being the described key suffixed with a "special" label.
-
@Rhywden Another reason why build servers should not have access to the internet.
Then how would they do basic build-server stuff like pull code from source control, restore dependencies, or deploy build artifacts?
-
-
@Mason_Wheeler said in WTF Bites:
@Rhywden Another reason why build servers should not have access to the internet.
Then how would they do basic build-server stuff like pull code from source control, restore dependencies, or deploy build artifacts?
Because they'd be talking to the intranet instead?
-
@Mason_Wheeler said in WTF Bites:
@Rhywden Another reason why build servers should not have access to the internet.
Then how would they do basic build-server stuff like pull code from source control, restore dependencies, or deploy build artifacts?
That's what av artifactory is for. That way you also get a single point where you can check for cves, and deny unsafe packages.
-
@Carnage Fair enough. On the other hand, it also turns the addition of a new dependency package to the project into a bureaucratic nightmare.
Ask me how I know...
-
@Mason_Wheeler said in WTF Bites:
@Carnage Fair enough. On the other hand, it also turns the addition of a new dependency package to the project into a bureaucratic nightmare.
Ask me how I know...
I've not actually had that displeasure yet, and I've worked on classified projects and government with that setup. But I'm sure it happens, and that sucks.
-
@Mason_Wheeler said in WTF Bites:
@Carnage Fair enough. On the other hand, it also turns the addition of a new dependency package to the project into a bureaucratic nightmare.
Ask me how I know...
Ours hasn't been a nightmare (that I know of). But then I haven't tried to bring in a new package. Anything brought in must be approved by legal.
-
Anything brought in must be approved by legal.
Wow, that sounds like an even bigger bureaucratic nightmare than the one I worked with. There, it only had to be approved by IT, and that was bad enough!
-
@Mason_Wheeler said in WTF Bites:
Anything brought in must be approved by legal.
Wow, that sounds like an even bigger bureaucratic nightmare than the one I worked with. There, it only had to be approved by IT, and that was bad enough!
Well, I'm assuming legal... Obviously it has to get past IT first. And we were just polled on any changes we've made to 3rdparty source (I had to make a minor tweak so we could move from Qt5.12 to 5.15). So I "assumed" that info was for legal...
-
@Mason_Wheeler said in WTF Bites:
@Rhywden Another reason why build servers should not have access to the internet.
Then how would they do basic build-server stuff like pull code from source control, restore dependencies, or deploy build artifacts?
- The source-code and package repositories should be enclosed in the same private network, or explicitly white-listed.
- Preferably, the checkout and dependency download phases would have access to these repositories, but the compilation phase not even that, but most development tools are, unfortunately, not designed with that option in mind.
-
@Mason_Wheeler said in WTF Bites:
@Carnage Fair enough. On the other hand, it also turns the addition of a new dependency package to the project into a bureaucratic nightmare.
Ask me how I know...
That's orthogonal to whether the build is forced to go through internal package repository. You can have someone reviewing the package lock files, and spew fire and sulfur if something was added without their approval, and you can have the package repository configured to automatically fetch new packages from upstream, which means adding a dependency is still as easy (but you get a backup of what you used, and the central place to look for vulnerabilities).
-
@Mason_Wheeler said in WTF Bites:
Anything brought in must be approved by legal.
Wow, that sounds like an even bigger bureaucratic nightmare than the one I worked with. There, it only had to be approved by IT, and that was bad enough!
It's common that every new License must be approved (or disapproved, as is usually case with GPL) by legal. Using new package with already-approved license is generally OK.
-
… looking it up, I ran across this critique of TOML.
Frankly reading the article, there's a lot to disagree with and some to agree with.
Agree:- "If you add strong typing, don't stop halfway through." This is pretty sound advice. Enumeration labels are not random strings.
- "The application is the ultimate arbiter of how the file will be parsed." Technically true, but I will elaborate on this.
Disagree:
- The author seems to revere Postel's Law like a sacred cow, but history has shown its limits. Once you're liberal in your inputs, soon everyone must be just as liberal in them to tolerate the same non-canonical inputs, and it all goes downhill from there. See also: Browser war one.
- On the other hand, when defining a format for a communications protocol, it can be impractical to be forced to update both ends simultaneously when shipping. We've had problems adding new fields with a software that (afawk) has no way to mark a field as optional and it's a pain.
- Dates. Dates are enough of a clusterfuck to begin with, you need to tighten the screw immediately. Of utmost importance is avoiding ambiguity over which field is which, which immediately rules out 2-digit dates and common formats that use forward slashes as delimiter.
On self-documentation:
It's true that the application is the ultimate arbiter on parsing. Yet, self-documentation helps other applications make sense of the data and/or verify that it's consistent with how it says it is (A third-party tool capable of parsing ASN.1 DER data is pretty useless if you don't have the data specification handy, because while you know what each field is, you have zero clue what it's for). I think it's a bit like XML:- An XML file can have or not have an embedded schema (and is otherwise entirely stringly-typed, but with named fields unlike DER)
- The application can ultimately ignore the embedded schema since what actually matters to it is its own (in Reflection-capable languages, the schema was likely derived from the code itself)
- The schema is nonetheless useful to third-party programs inspecting the data, or editing programs that will use it to predict whether the application is likely accept your modified data back.
Bonus WTF:
-
@dkf Well, since JSON5 is superset of JSON, producing plain JSON is generally fine. Except if you want to patch a JSON5 configuration, which is special-enough case that I wouldn't expect it from the standard library.
That's also a general problem with comments. Usually, you'll want your parser to ignore comments entirely (that's why they're comments, and it allows anything to be commented out), except when you want your application to modify the file rather than just read it, in which case you want the comments (and possibly whitespace) preserved.
-
@Mason_Wheeler said in WTF Bites:
@Rhywden Another reason why build servers should not have access to the internet.
Then how would they do basic build-server stuff like pull code from source control, restore dependencies, or deploy build artifacts?
Because they'd be talking to the intranet instead?
Well, they should be talking to the intranet instead. Unfortunately, Microsoft disagrees, and has been furiously pushing Azure DevOps and github.
-
Error: errors generating foo files. See /temporary/directory/that/no/longer/exists/abc/xyz.log
Much helpful. So log.
And yes, (except for the abc and xyz) that path is verbatim from the error message.
-
@Mason_Wheeler said in WTF Bites:
@Rhywden Another reason why build servers should not have access to the internet.
Then how would they do basic build-server stuff like pull code from source control, restore dependencies, or deploy build artifacts?
Because they'd be talking to the intranet instead?
Well, they should be talking to the intranet instead. Unfortunately, Microsoft disagrees, and has been furiously pushing Azure DevOps and github.
I didn't look at that for GitHub Actions, but with Azure DevOps you can have it drive your own server or VM and you can set up firewall on egress as you see fit. But of course it's extra work, so only big companies with strict security department and companies with some external requirement do it.
E.g. on a past project the company had requirement they had to be able to rebuild any version currently in the field in case some field problem needed to be investigated. And since the devices had around 10 years operating lifetime, plus a couple years shelf-life, they absolutely had to have everything that went on the build machines stashed somewhere (in TFS in their case). Including the Visual Studio installers and Android SDK and NDK and Xcode bundles etc (and of course their special toolchain targeting the devices, but contractors only worked on the control software, which ran on Windows in the older variants and on tablets in the newer ones). And yes, the company is moving from fully on-prem TFS to Azure DevOps.
-
The author seems to revere Postel's Law like a sacred cow, but history has shown its limits. Once you're liberal in your inputs, soon everyone must be just as liberal in them to tolerate the same non-canonical inputs, and it all goes downhill from there.
It's one of those highways paved with good intentions that nevertheless lead straight to hell.
It's true that the application is the ultimate arbiter on parsing. Yet, self-documentation helps other applications make sense of the data and/or verify that it's consistent with how it says it is
The main argument, as I understood it is, that since the application will say whether it wants to read a number, a string, a boolean or an enum or what, the format is more comfortable for humans if it does not insist on strict syntactical difference between the types. I.e. that
2.3and"2.3"are equivalent instead of only accepting the former where number is expected and the later when a string is. Which I mostly agree with for human writing. Plus it helps when those booleans evolve to enums (e.g. git has a lot of options that started as booleans, so they accept true and false, but later grew new states like auto, native etc.)On the other hand there are cases where some parameter can be a string or a special token or several. Most commonly a string or null. And then the language does have to make distinction between
"null"andnull.Dates. Dates are enough of a clusterfuck to begin with, you need to tighten the screw immediately.
… there is nothing stopping the application from reading a string like
"07/08/09"and interpreting it as a date anyway, but I agree that it makes sense to define how they shouldn't normally be written to establish at least some consistency.That said JSON does not have them and vast majority of users still agreed to follow either the ISO-8601, or unix timestamps as numbers.
-
WTF of my day: So, for some reason or other, there's a school project using a Project Management Software. Don't ask me exactly what they're doing - I'm not interested. Might be something business related (we're a vocational trade school, after all).
Also for
, our existing (and largely free, if you don't count general infrastructure costs and the occasional update) OpenProject installation was not suitable. Okay, not my circus, not my monkeys. Beyond setting up authentication through SAML, I've had zero involvement (though that was egregious enough - it seems that SAML, unlike OpenID, does not have standard names for all the settings and thus involved a lot of blindly fumbling about until it worked).Anyways, now they want to integrate the whole thing into Moodle. Now, whatever you may think of Moodle, they have a standard way of doing things: Namely, plugins. The rules for developing those plugins seem to be rather opinionated but not overly egregious. Plus, each plugin can largely stand alone (yes, there are exceptions).
So they approached a 3rd party vendor to create this integration. Said vendor then asked for admin access to our production site so "they could install some things".
Yeah, no. You can fuck right off with that shit. First of all, if you're incapable of adhering to the plugin scheme of Moodle then you're inept. Secondly, I'm not giving you admin access. Thirdly, even if I did I'd want to know what you're changing. Fourthly, with you obviously not understanding plugins it's highly likely you'll fuck something up that'll either make updates impossible or be reverted right after an update. Fifthly, some unknown fucker having admin access would constitute a data privacy breach. Sixthly, you can tell me what you want to do and I might consider doing it myself - after all, you have a step-by-step manual obtained through your dev-build, right?
Not happening.
-
@Rhywden local plugins for Moodle can do whatever the hell they want, other types (e.g, course module) are very prescriptive in what they can do and how they must do it because each plugin’s type has its own respective API.
I’ve definitely seen folks do “here is a specific type of plug-in” with a paired local plug-in fir supporting features, pretty sure Microsoft’s abominable O365 suite works that way, it has an auth plug-in for student login, but others for the other APIs.
In theory you can enable it so configuration changes are logged automatically as they are made, but in practice this doesn’t work as well as you’d hope. Good job folks.
Fully agree with your assessment, as someone who has written Moodle plugins, it really isn’t that hard unless you want to meet the rules for getting in the official directory and honestly… you probably don’t need that.
-
@Arantor I can't see what they need admin access for - SAML auth is using the same usernames as Moodle so it can't be an issue of not being able to map Moodle users to their app's users. And, in theory, thus they just need to create a Moodle UI which accesses their API after auth. Hell, you could probably do that with an iframe.
-
I can't see what they need admin access for
My guess is to test in production, because they don't have a test instance of the project planning software, Moodle, or either.
-
I can't see what they need admin access for
My guess is to test in production, because they don't have a test instance of the project planning software, Moodle, or either.
It’ll be this, yes. Guaranteed they won’t have done any of the work thenselves otherwise.
And yes, it could be as simple as an iframe with auth, knocking that together as a Moodle plug-in is a couple of hours work (mostly to go through the boilerplate)
So, fuck knows what they’ve cobbled together since they clearly have no idea what they’re doing.
-
Rant Status: Fucking Amazon and fucking Chinese print shops.
I want to buy a C&C shirt, so I looked at Amazon first because I already have an account there. The listing shows a whole bunch of shirts where the thumbnail looks roughly like what I want. All of them different prices and different sellers:
I first checked the cheapest option and then a few others. But wait, they all have exactly the same image. I mean, I do realize that these shirt pictures are just rendered from a blank shirt template with the image they're going to print overlaid onto it. But it's the same black shirt, the exact same image, all of them have some shitty description with parts in English and parts in German (although those have some minor differences, and all of them basically use the wrong picture:
That's the 90's resolution one screen-capped from the FMV intro. I mean, I guess that's authentic, but since it's not a Harry Potter image with a moving picture, not the best option.
What the chances that these are all the same fucking shops with different prices to fake "competition"?
Fuck that shit. So I checked a different site, which is a bit more expensive and of course also just an uploaded image rendered onto blank templates, i.e. these people have never seen those shirts:
But at least they used a higher res picture.
Not taking any chances.
-
@topspin Aren't the T-ees lovely?
-
@Applied-Mediocrity IDGI?
-
@topspin Aw crap.
-
-
@Applied-Mediocrity
The distance from trees to tees is 1, so that’s on me. Not even going to come up with any excuses.
Stable Diffusion Online
