This time it's Mozilla. They apparently forgot to regenerate some certificates used in signing add-ons and they all stopped working.
https://www.reddit.com/r/firefox/comments/bkfte9/if_you_have_issues_with_your_addons_being_marked/
This time it's Mozilla. They apparently forgot to regenerate some certificates used in signing add-ons and they all stopped working.
https://www.reddit.com/r/firefox/comments/bkfte9/if_you_have_issues_with_your_addons_being_marked/
So our company procured, after years of selection and testing, a tool to manage shared passwords (where a team needs access to systems that cannot be easily connected to the federated authentication). So I tried to add the secrets for the service principal and the technical user in there and
⸘Warum, kurwa‽
… the “password” in this case is a “client secret” and is (hopefully) randomly generated by the Azure API, so I can't choose whether it will start with a digit or not.
PS: Note the bonus Engrish.
@Polygeekery I doubt you'll make friends that way, because:
I just got
from GitHub.
How on $planet does GitHub suddenly decide that an account that exists for some years, has repositories, has comments in many bug reports that are not being marked as spam, has integrated merge requests and is member of two organizations is not a human?
@sh_code It's not JavaScript that's kidding you:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/time.h.html:
The <time.h> header shall declare the tm structure, which shall include at least the following members:
int tm_sec Seconds [0,60].
int tm_min Minutes [0,59].
int tm_hour Hour [0,23].
int tm_mday Day of month [1,31].
int tm_mon Month of year [0,11].
int tm_year Years since 1900.
int tm_wday Day of week [0,6] (Sunday =0).
int tm_yday Day of year [0,365].
int tm_isdst Daylight Savings flag.
Javascript just passes those values on.
I would, however, grant you that the getDate
for day and getDay
for day-of-week is somewhat silly.
@obeselymorbid Healthy Living hasn't been available in most of the world for almost two years now
@pie_flavor said in WTF Bites:
M/d/yyyy
Dates should be written in format yyyy-MM-dd. Everybody who says otherwise should be burned at stake.
This organization is insane.
They have a guy working on this project from a different department, and they can't give him permission to the project wiki, because it is department wiki and giving permission to somebody from another department is apparently a big issue—or they would have to make it a company-wide wiki, but then they'd have to pay for it extra to the IT support.
I do have access as external subcontractor though. Unlike other resources where I should have and don't. It is utter mess…
@gleemonk said in NodeJS reality check:
cwd: process.versions.node < '8.0.0' ? process.cwd : process.cwd(),
Hm, I'd personally write it as:
cwd: typeof(process.cwd) === 'function' ? process.cwd() : process.cwd,
because why test an unrelated condition when I can test a related one.
Now of course it wouldn't be JavaScript if even a test for being a function wasn't complicated. The accepted answer here suggests:
{}.toString.call(f) === '[object Function]'
and while the most upvoted one does have the simple typeof f === 'function'
, I actually kinda like this one:
!!(f && f.constructor && f.call && f.apply);
because in a duck-typed language, everything is a function if it quacks like one, i.e. has call and apply methods. It is also fastest, because it is not comparing any strings.
The9GAG said:
Technical debt: Move fast and don't fix things
Agile development: Admitting you have no plan
TDD: Guessing the future, one test at a time
Open source: Asking someone else to fix it
CI/CD: Automating your mistakes into production
API: Asking someone else to do it
DevOps: The belief that more tools fix any problem
Microservices: Creating enough small problems to avoid one big one
Cybersecurity: Play hide and seek with hackers
Serverless: Pretending servers don't exist until the bill comes
Scrum: Group therapy for being behind schedule
@anonymous234 A couple of posts down was this one I like even better (in part because I've been there):
https://www.reddit.com/r/funny/comments/f13y3w/google_earth_is_amazing/
limit her work to her contract hours
That should be, and always should have been, the standard.
@DogsB said in In other news today...:
I like to shit on Microsoft but... this is up there with some of the Apple stuff people went crazy about but kept forgetting to mention: you need physical access to the device.
Given the whole point of BitLocker is to prevent attackers who do have physical access to the device from reading the data (e.g. if they stole your laptop, or you forgot to pick it up from a repair shop), it does not reduce the severity of the attack a iota.
Microsoft does note that these attacks are possible but says it will require sophisticated tools
We need to start calling out this bullshit. It's kind of how security breaches come with the "Possibly an attack by a sophisticated nation-state actor" crap but usually, Dave in security was just phished again. It was a Raspberry Pi and freely available open-source software that a hobbyist put together.
In a sense everything involving computers can be called “sophisticated”—fact is that the attack is within capability of anybody who might have a reason.
Does anybody have a clue which application is orange ballfive-pointed purple rectangle with yellow polka dots?
@laoc Why do I have to lease one character and one number? I hoped to use the characters and numbers that came with my keyboard.
Yesterday near the end of the work day, colleague pointed out to me that we have four logging libraries in the application. Four fucking logging libraries. In one application. All in-house developed and neither of them is particularly good either.
@Mikael_Svahnberg said in Case (in)?sensitive filesystems are :
files that I cant't check in to my CVS because they were created by an idiot who put an ä in the filename, sent it to a windows user who checked it in, and when I pulled it, it got translated to some mac-vernacular.
@Mikael_Svahnberg said in Case (in)?sensitive filesystems are :
I think OSX stores the files with the capitalisation you gave them, but treats all upper/lowercase-mutations as duplicates.
MacOS does preserve case, but it does not preserve normalization. And it chooses the other way compared to anybody else—MacOS always returns decomposed normal form where everything else uses composed most of the time. So when the file with ä
is checked in on windows, the characters is encoded as ä
, but then MacOS filesystem sees that and stores ä
. And returns it. But CVS predates Unicode by millenia and does not have a slightest clue that ä
and ä
are supposed to be equal. Nor does filesystem on the server, because neither Windows (that use UCS-2, but don't really understand it), nor Linux (which does not want to have anything to do with this and uses byte strings) consider them equal:
a) You thought A.txt
and a.txt
in the same directory is confusing? Then behold this!
b) This would be actually easier to handle, because Unicode defines locale-independent normalization rules that cover these cases.
c) That does not make MacOS changing the normalization any less ; most software would work just fine if the filesystem at least returned exactly the same string it got even if it does not know unicode normalizations itself.
d) It also shows that doing these things in kernel does not actually solve the issue, but instead creates a lot of confusion if the programs don't go through the same trouble too.
@BernieTheBernie From the timeline:
- 2023-05-11: Created private security advisory for GHSL-2023-112 with a fix suggestion.
- 2023-05-15: Notepad++ v8.5.3 without the fixes was released.
[…]- 2023-06-18: Notepad++ v8.5.4 without the fixes was released.
[…]- 2023-08-09: Notepad++ v8.5.5 without the fixes was released.
- 2023-08-15: Notepad++ v8.5.6 without the fixes was released.
… so the software apparently is maintained, but they clearly don't care about bugs that cause crashes and possibly security issues.
Who said somewhere around here that their company no longer allows having notepad++ installed? Might actually be a founded decision after all.
libxml2 documentation said:
Function: xmlCleanupParser
void xmlCleanupParser (void)
This function name is somewhat misleading. It does not clean up parser state, it cleans up memory allocated by the library itself. It is a cleanup function for the XML library. […]
Of course, reading documentation is for losers, so colleague just found a call to this in some error handling function that absolutely isn't trying to shut the application down.
Today's is VmWare.
I asked for some space on our VmWare vSphere, and got it. So I started pushing the .iso images I want to start from, and I got an error. A generic error saying just “The operation failed”. But looking into the devtools (when using the web client), the important PUT request simply returned 404.
It did not work for me in Edge, it did not work for me in govc and it did not work for me in terraform vsphere (both saying 404 Not Found
, but I couldn't get the actual request that returned it from either). But it did work in Chrome for the admin.
In edge there was reference to a ‘KB’ article saying I should add certificates for the hypervisor (the vcenter, vctr.dev.company.com
, has certificate signed by the corporate root, but the hypervisors themselves, hyp2.dev.company.com
, have self-signed ones), but that made no difference. Also, I had certificate verification simply turned off in the command-line tools.
Well, it turned out that:
https://hyp-2.dev.company.com/folder/path/to/the-file?dcPath=DC-A&dsName=STORE
), but when called from anywhere else, the same endpoint returns URL to the vCenter front (https://vctr.dev.company.com/folder/path/to/the-file?dcPath=DC-A&dsName=STORE
).So
1 VmWare vCenter does something different based on user agent (because the query for upload endpoint was otherwise the same between the browsers).
2 Permissions are checked if one way gets chosen, but not if the other does.
3 The way that checks the permission returns 404 not found instead of, perhaps, something about permissions (that would be 403 forbidden).
4 The permission has a name that says nothing. Or would you guess that “low-level datastore operation” is actually upload files? The fact there is a delete file permission, but no create or upload file permission might be a hint, but not very strong one.
@Zecc There should be a Rule #342: If you can think of it, but discarded the idea because it was absurd, somebody not only didn't, but proceeded to realize it.
We have a requirement tracking system. It generates Word and PDF exports. The lane-breaking algorithm is somehow totally broken and totally fails to regard words. It produces pearls like:
… application shall … and provide troubles
hooting instructions for …
@cvi said in In other hostile takeover Tweets...:
I don't know if you can transpile Go to Javascript
Of course you can!
@cvi said in In other hostile takeover Tweets...:
please keep it away from me
You are on WTDWTF. Your wish shall not be fulfilled.
Docker has a habit of generating identifiers by picking random adjective and noun from a dictionary. Sometimes…
@loopback0 said in Internet of shit:
Warum, kurwa?
Isn't the point of a license plate that it cannot change?
@Vixen said in In other news today...:
in the business environment Apple Ain't Cheap
It gets even worse when you are trying to develop for Apple. A company development account is limited to 100 testing devices. Even if the company has, say, about 80 000 employees and some subcontractors. Ok, many of those work in manufacturing and domain research and hardware development and the software also has server-side and maintenance of legacy devices, but there is still way more than 100 people working on development and testing of the iPad applications. And one company can't register additional development accounts either. I believe that company has some subsidiaries just to get some additional accounts.
A strict "no magic values" policy means I see shit like this daily:
final int FOUR = 4;
Anybody who thinks 4
is a magic value but FOUR
is not is an idiot. Unfortunately this kind of idiocy seems to be fairly widespread.
“so vast they're visible from space” does not mean that much when a decent ground imaging satellite has resolution around tenth of metre (see also https://what-if.xkcd.com/32/).
When you dump a MSSQL database, it includes the in-database users. Their passwords are stored hashed, so all it can do is dump the hashed passwords, and it does. But the commands it writes assume they are unhashed passwords, so on importing the dump, the passwords are hashed again, breaking access for the (usually technical, i.e. used by some software component) users.
Of course every time somebody tries to restore copy of staging (not yet in production) database into testing they forget about it and then spend a couple of hours wondering why the application won't start.
I've just been delayed 20 minutes because:
net use
, but the passwords, so the drives can't be used.net use x: /delete
and net use x: //pa/th …
, but the account must not be locked at that point.There is a in there, though I am not sure which point is it.
@boomzilla said in The Official Funny Stuff Thread™:
I think the Murphy's Razor should be “Anything that can be simple will only seem so” to be properly in line with his law.
So the tester in one of our projects just came with a bug that he's getting a 502 Bad Gateway from some request.
That usually means the service behind the reverse proxy is dead.
It works for other requests, just not this big one.
Then it can be too big. Apply this to rise the request body size.
applying
Nope, did not help.
fishes out the access log
[warn] 30190#30190: *62863374 a client request body is buffered to a temporary file /tmp/client-body/0000000065, client:
…
[error] 30190#30190: *62863374 upstream sent too big header while reading response header from upstream, client:
…
Can you tunnel directly to the backend and check what it returns?
(developer chimes in) When you try to set entries on dates where they are not allowed, it returns an empty response, but reports the days it ignored in a header…
… and when you try to set it for all days of a year, the hundred and a couple header lines returned for each weekend day of the range make Nginx nope out and cut the response.
Excerpt from maven build of some project I am trying to compile. This is the start of [ERROR]
s. There is 301 of them.
[ERROR] Failed to execute goal org.eclipse.tycho:tycho-compiler-plugin:1.0.0:compile (default-compile) on project com.wtfcorp.wtfproj.whatever: Compilation failure: Compilation failure:
[ERROR] /home/silly/eclipse-workspace/wtfproj/Whatever/com.wtfcorp.wtfproj.whatever/src/com/wtfcorp/wtfproj/whatever/bundleentryfs/BundleFileSystem.java:[1]
[ERROR] /**
[ERROR] ^
[ERROR] The type java.lang.Object cannot be resolved. It is indirectly referenced from required .class files
[ERROR] /home/silly/eclipse-workspace/wtfproj/Whatever/com.wtfcorp.wtfproj.whatever/src/com/wtfcorp/wtfproj/whatever/bundleentryfs/BundleFileSystem.java:[1]
[ERROR] /**
[ERROR] ^
[ERROR] The type java.lang.Comparable cannot be resolved. It is indirectly referenced from required .class files
[ERROR] /home/silly/eclipse-workspace/wtfproj/Whatever/com.wtfcorp.wtfproj.whatever/src/com/wtfcorp/wtfproj/whatever/bundleentryfs/BundleFileSystem.java:[1]
[ERROR] /**
[ERROR] ^
[ERROR] The type java.net.URL cannot be resolved. It is indirectly referenced from required .class files
[ERROR] /home/silly/eclipse-workspace/wtfproj/Whatever/com.wtfcorp.wtfproj.whatever/src/com/wtfcorp/wtfproj/whatever/bundleentryfs/BundleFileSystem.java:[1]
[ERROR] /**
[ERROR] ^
[ERROR] The type java.lang.String cannot be resolved. It is indirectly referenced from required .class files
[ERROR] /home/silly/eclipse-workspace/wtfproj/Whatever/com.wtfcorp.wtfproj.whatever/src/com/wtfcorp/wtfproj/whatever/bundleentryfs/BundleFileSystem.java:[1]
[ERROR] /**
[ERROR] ^
[ERROR] The type java.util.Enumeration cannot be resolved. It is indirectly referenced from required .class files
[ERROR] /home/silly/eclipse-workspace/wtfproj/Whatever/com.wtfcorp.wtfproj.whatever/src/com/wtfcorp/wtfproj/whatever/bundleentryfs/BundleFileSystem.java:[7]
[ERROR] import java.io.IOException;
[ERROR] ^^^^^^^
(only anonymisation was changing the source path and package name)
From the Absurd Theatre of Czechia:
TL;DR the minister of healthcare, nominated about a month ago, was spotted by reporters, a day after decree closing all restaurants that he himself announced, holding a (political) meeting in a restaurant. He wouldn't resign himself, so he'll be dismissed.
Colleague who works on iOS claims that once he needed to rebuild some library, so he deleted it and XCode pulled it back out of the trash instead of actually rebuilding it.
I needed a couple of things in a hardware store (the big “hobbymarket” kind). One of them was a piece of iron bar. As usual, it had a barcode tag on it. But this one was stuck on it in a wrong way, with the code around the circumference and the loose ends stuck to each other, so no chance of scanning it, and the number was too dirty to make out all of it.
So I came to the checkout. The cashier looks at it hopelessly and:
Beside the obvious of not knowing how to stick a barcode to a stick (by the way, the other department seems to do it right with wooden and bamboo sticks) and not being able to find the code given a (correct) description, it highlighted a recurrent —why does the cashier have to call the chief cashier every time they make a mistake and need to cancel anything? (And this one is universal. It works that way everywhere. Except in most grocery stores they've learned to pass the cancellation tag so they don't have to get up and speed things up a bit).