@Luhmann das Menu drunkken af
Posts made by Gustav
-
RE: WTF Bites
TFW you really really really could use TextWatcher for something else than "save in VM" but Android devs in their infinite wisdom haven't ported that to Jetpack Compose, so you're now hand-rolling a diff algorithm to reverse-engineer which parts of text changed. Kilobyte equality comparison every frame woohoo!
-
RE: WTF Bites
@boomzilla said in WTF Bites:
LOL. The salt is strong with this one.
Yeah, @Mason_Wheeler downvoted like every single post in that chain. Is they always like that?
Hmm...is that correct? Shouldn't it be "Are they always like that?"
Of course, that's still less correct than "Is he always like that?"
So @Mason-Wheeler is he/him. I knew someone would reply.
-
RE: WTF Bites
LOL. The salt is strong with this one.
Yeah, @Mason_Wheeler downvoted like every single post in that chain. Is they always like that?
-
RE: The Official Status Thread
Status: I just wrote
value.text.value = text;
. I hope I've got it right. -
RE: WTF Bites
@Benjamin-Hall said in WTF Bites:
are unenforcable garbage.
Well.....it depends on exactly what they say and what jurisdiction you're in. A lot of them have unenforceable clauses (in most of the US, at least), but they also have large chunks that are very enforceable and have been enforced strongly.
There was this trend years ago to buy a Windows-powered laptop, record yourself declining license, then demand partial refund on the laptop. Some of them were successful. Some of them even appeared in court and won.
-
RE: WTF Bites
@boomzilla said in WTF Bites:
@dkf but do you realize how much damage can be done with those authorizations? Your entire business might go poof for hours, maybe days, and it will take weeks to sort out everything that got lost since last backup, especially if anything financial happened.
I'm not saying not to authorize your app to do things it needs to do. I'm saying that since you already authorized it to do so, and don't consider it to be a critical risk to your service's survivability - how much would you be gaining by sandboxing really, and is all the extra effort actually worth anything?
Vulnerabilities I don't
readthink about can't hurt me!Cost vs. benefit. You add a lot of extra work to deployment, and it only protects against a very small subset out of all vulnerabilities you could possibly have. It also gives you false sense of security, which can be a huge problem depending on how self-righteous you are. If you haven't fucked up basic input validation, you're just as safe with or without WAsm sandbox. And if you did fuck up, you have much bigger problems than lack of WAsm sandbox.
-
RE: Spirit
@topspin ah. After careful reading the thread name isn't what I thought.
-
RE: The Official Funny Stuff Thread™
@cheong I'm more curious about that reply from an account named "God bless Ukraine" and a Trump photo in avatar. They replied with hashtag #萬二蚊, which according to Google Translate means either "happy Halloween" or "ten thousand and two mosquitoes".
-
RE: The Official Status Thread
@Zecc said in The Official Status Thread:
While on the subject...
Christmas or Halloween, pick one.
Oh fuck, forgot to buy candies. Thanks!
-
RE: WTF Bites
@DogsB I answered that long ago.
As for going raw and doing vanilla JS only - no, no way in hell. Near impossible to do any decent MVVM/data binding without a framework.
Edit: by vanilla JS, I meant vanilla HTML/CSS/JS. Whether hand-writing or generating them, doing so without a framework of some kind is, will always be, and has always been painful.
-
RE: WTF Bites
@DogsB no, no I didn't. I completely lost your point a couple posts ago. You're just shitting on frameworks for the sake of shitting on frameworks, or is there more to it?
-
RE: I knew Python was slow, but not THIS slow. And I knew JS was bad, but not THIS bad
@cvi well, for one, it's much harder if not impossible to exploit Meltdown and friends in managed environment.
-
RE: WTF Bites
@DogsB it's fully dynamic framework garbage made of extremely stripped down static files and minimal JS. The end result is the same as back in 2005 when we wrote all our HTML, CSS and JS by hand except it's easier and faster for me to put together. Got it?
-
RE: WTF Bites
@DogsB a modern website that's entirely static files is very useful. Yes, you can make React do the same, but instructions are unclear and it's easy to get something stuck in a ceiling fan. In Gatsby, all-static is the default.
If it’s all static files why do you need a “React-based, open-source framework”
Every desktop application is made of 100% static files (well, before cloud hit us that is). Didn't stop them from making rich, highly dynamic GUIs.
The terms "static" and "dynamic" are very overloaded in webdev. They can mean so many different things, and all meanings are used equally common. I have a conspiracy theory that this was fully intentional, to make pro-framework and anti-framework people argue all the time over nothing and breed resentment and force people into echo chambers, constraining spread of good ideas.
-
RE: WTF Bites
@DogsB a modern website that's entirely static files is very useful. Yes, you can make React do the same, but instructions are unclear and it's easy to get something stuck in a ceiling fan. In Gatsby, all-static is the default.
You mean other than the API that powers it that isn’t static?
Yes. Other than the API that powers it and isn't static. Not having to run frontend server lets me put it in CDN which is cheaper and easier to maintain.
-
RE: I knew Python was slow, but not THIS slow. And I knew JS was bad, but not THIS bad
@cvi said in I knew Python was slow, but not THIS slow. And I knew JS was bad, but not THIS bad:
@Gustav said in I knew Python was slow, but not THIS slow. And I knew JS was bad, but not THIS bad:
There are platforms where arbitrary code execution is entirely prohibited for unprivileged users
The question is what you mean by "arbitrary code execution". Being able to execute JVM code could as well count as arbitrary code execution. On the other hand, being able execute x86 machine code might not - there are instructions that unprivileged users can't execute.
I meant managed v. unmanaged. That alone makes a world of difference.
It depends entirely on what you want to prevent/limit.
I want to prevent @LaoC from being right, 's all.
-
RE: WTF Bites
@DogsB a modern website that's entirely static files is very useful. Yes, you can make React do the same, but instructions are unclear and it's easy to get something stuck in a ceiling fan. In Gatsby, all-static is the default.
-
RE: WTF Bites
@DogsB Gatsby is basically that. At least promises to. Haven't tried myself.
As for going raw and doing vanilla JS only - no, no way in hell. Near impossible to do any decent MVVM/data binding without a framework.
-
RE: WTF Bites
@Gern_Blaanston said in WTF Bites:
@Gern_Blaanston said in WTF Bites:
As for using RSVP as a verb, I see nothing wrong with that. Responding to something is an action, you are doing something, and that's what verbs are for.
I respondpleased is like saying I fuckyouverymuched up. It does contain the verb that expresses what you're trying to say, but the rest of it changes the meaning to something different.
Words, and their use, change over time.
Programming languages and their use change too, but it doesn't make those who write in JS any less wrong.
So what are the practical alternatives to JavaScript for web developers?
s/write/choose - happy now?
I didn't choose JavaScript, JavaScript chose me.
-
RE: WTF Bites
@dkf but so does a virtualized, dockerized system. Putting WAsm on top of that (and in 99% of companies it will be on top of that by necessity because cloud) accomplishes nothing.
At my current job, we do use WAsm for a non-web app, but for a completely different reason - to circumvent the certification process of the platform's very protective and very slow-acting owner. That I absolutely agree with, although I'm still shocked we're actually allowed to do it.
-
RE: WTF Bites
The point of a sandbox is to give a finer grained control over what permissions are granted. For example, it might let you use the API guarded by the token but not see the token itself; only a proxy for the API is exposed within the sandbox.
I'm not talking about that kind of sandbox. I'm talking strictly about running code as an ELF executable vs. running it as a WAsm executable. Lots of extra work and extra problems to worry about for essentially no gain.
-
RE: WTF Bites
On another topic...
You think server-side JS is stupid? I just saw a blog post about server-side WebAssembly.
Server-side webassembly is not stupid though. Webassembly isn't really tied to web in any way except the name. It is just a virtual machine, like JVM or CLR, but designed with sandboxing in mind (it has no built-in ways to access the outside world, the host determines that). There are many cases where you want to run sandboxed tasks server-side and webassembly is a good fit for those.
- JVM and CLR are usually primary targets - often the only targets - of the languages targeting them. WAsm is always secondary at best. Which means there always exists another choice than WAsm and it's always better, faster, and more supported - the opposite of most JVM/CLR languages.
A few years back I'd have said, forget JS, it's so slow, why are you trying to compete with real VMs anyway? Then they started optimizing the shit out of it. I wouldn't count on WebAsm not gaining enough traction for a similar thing to happen.
JS gained traction because Apple banned Flash. That was the sole reason why Angular, React, Node, NPM, leftpad and so on exist today. No similar event occurred in WAsm's 10 years of existence so far, and doesn't look like it's going to happen in the next 10 either.
I'm not well versed in JS historiography but I don't see how that should have had a big influence on its server-side adoption.
Apple blocked Flash -> web apps needed a new platform -> HTML5 effort started, championed by Google -> JS was upgraded enough to be barely usable -> Angular was made, championed by Google -> JS projects need real packaging now -> build systems became standard way of working with client-side JS -> JS evolution wasn't tied to browser evolution anymore and could happen at much faster rate -> JS became good enough to make real apps in -> software companies realized the power of locking all their products behind a website -> software companies seen the writing on the wall that smartphones will become dominant market -> software companies that already had web apps realized they can save costs by making the mobile apps simply display their website -> native JS environments were developed to better integrate those mobile/web app hybrids with system features of smartphones -> suddenly you could run JS programs with all bells and whistles without a browser -> software companies still think in terms of hiring developers for specific languages -> this misconception makes them believe a single language across the entire tech stack is amazing -> JS is still the only real possibility in web app space -> it was decided to use JS for everything including the server.
Not all of those happened sequentially, of course. But as soon Google and Apple joined WHATWG, the future was set in stone and things couldn't have happened any other way.
-
RE: WTF Bites
@dkf but do you realize how much damage can be done with those authorizations? Your entire business might go poof for hours, maybe days, and it will take weeks to sort out everything that got lost since last backup, especially if anything financial happened.
I'm not saying not to authorize your app to do things it needs to do. I'm saying that since you already authorized it to do so, and don't consider it to be a critical risk to your service's survivability - how much would you be gaining by sandboxing really, and is all the extra effort actually worth anything?
-
RE: WTF Bites
On another topic...
You think server-side JS is stupid? I just saw a blog post about server-side WebAssembly.
Server-side webassembly is not stupid though. Webassembly isn't really tied to web in any way except the name. It is just a virtual machine, like JVM or CLR, but designed with sandboxing in mind (it has no built-in ways to access the outside world, the host determines that). There are many cases where you want to run sandboxed tasks server-side and webassembly is a good fit for those.
- JVM and CLR are usually primary targets - often the only targets - of the languages targeting them. WAsm is always secondary at best. Which means there always exists another choice than WAsm and it's always better, faster, and more supported - the opposite of most JVM/CLR languages.
A few years back I'd have said, forget JS, it's so slow, why are you trying to compete with real VMs anyway? Then they started optimizing the shit out of it. I wouldn't count on WebAsm not gaining enough traction for a similar thing to happen.
JS gained traction because Apple banned Flash. That was the sole reason why Angular, React, Node, NPM, leftpad and so on exist today. No similar event occurred in WAsm's 10 years of existence so far, and doesn't look like it's going to happen in the next 10 either.
As for "more supported", remember you're dealing with MS and Oracle here.
No, I mean, within the ecosystem. Take Clojure for example. Totally third-party to JVM, but uses JVM as its primary target. There are other implementations of Clojure, but they have like 1% of the already small Clojure's total market share.
- You sandbox code you don't trust. Do you not trust your own code?
Every exploited server is someone who trusted their own code.
Okay, so you don't trust your own code. Why did you give it access to your entire database and all your API keys?
-
RE: WTF Bites
@Carnage well, there's also the problem of https://xkcd.com/1200/ . Sandboxing makes sure the app won't be able to use OS-wide security exploits, mess with other processes, or perform certain memory operations/syscalls depending on how the sandbox is written. But it won't protect you against exploits for the sandboxed program itself, or crashes, or DOS, or accidentally corrupting the entire multi-tenant database due to a logic bug. How likely is it that your problem will be in the first group? And even if it is, with modern cloud architecture there's very little running in the program's VM anyway so the damage will be very limited. Unless the exploit can escape the entire VM but that's incredibly hard to achieve with malicious input alone and doing it accidentally is pretty much impossible. Considering all that, is it still worth it to employ sandboxing?
-
RE: WTF Bites
On another topic...
You think server-side JS is stupid? I just saw a blog post about server-side WebAssembly.
Server-side webassembly is not stupid though. Webassembly isn't really tied to web in any way except the name. It is just a virtual machine, like JVM or CLR, but designed with sandboxing in mind (it has no built-in ways to access the outside world, the host determines that). There are many cases where you want to run sandboxed tasks server-side and webassembly is a good fit for those.
- JVM and CLR are usually primary targets - often the only targets - of the languages targeting them. WAsm is always secondary at best. Which means there always exists another choice than WAsm and it's always better, faster, and more supported - the opposite of most JVM/CLR languages.
- You sandbox code you don't trust. Do you not trust your own code?
- Is WAsm still unable to free the once allocated memory or do I have to look for a new stupid annoying limitation no other tech stack has that I can point to every time WAsm is mentioned?
-
RE: Housing Bubbles? Is this a housing bubble?
@PotatoEngineer said in Housing Bubbles? Is this a housing bubble?:
and then there's a bigger drop in interest at 15 years (.25%-.5% lately).)
That's about as much as the normal week-to-week market fluctuations. It adds up to about 3-6k of 30-year interest per 100k of capital. Totally not worth it.
-
RE: WTF Bites
@Carnage I saw a post somewhere in which a crane operator said they recently completed a construction where the construction management was nowhere to be seen the entire time. The only time in his whole career where they met the deadline, and with a healthy margin.
-
RE: Housing Bubbles? Is this a housing bubble?
@Benjamin-Hall ah, gotcha. That makes sense.
-
RE: Bug Bites
@HardwareGeek said in Bug Bites:
@loopback0 said in Bug Bites:
the topic list is 2.875rem but in a topic it's 1.5rem
Be careful how much time you spend on TDWTF, especially looking at the topic list. The human eye shouldn't be exposed to more than 1500 rem/year.
This much exposure can make you lose your religion.
-
RE: WTF Bites
On another topic...
You think server-side JS is stupid? I just saw a blog post about server-side WebAssembly.
-
RE: WTF Bites
@Gern_Blaanston said in WTF Bites:
@Gern_Blaanston said in WTF Bites:
As for using RSVP as a verb, I see nothing wrong with that. Responding to something is an action, you are doing something, and that's what verbs are for.
I respondpleased is like saying I fuckyouverymuched up. It does contain the verb that expresses what you're trying to say, but the rest of it changes the meaning to something different.
Words, and their use, change over time.
Programming languages and their use change too, but it doesn't make those who write in JS any less wrong.
-
RE: I knew Python was slow, but not THIS slow. And I knew JS was bad, but not THIS bad
@LaoC said in I knew Python was slow, but not THIS slow. And I knew JS was bad, but not THIS bad:
But every system comes with an assembler!
Technically not true. There are platforms where arbitrary code execution is entirely prohibited for unprivileged users. Android tried to be like that by forcing everyone to use Java, before the reality of 2007 mobile hardware performance hit them. I believe it's totally doable with today's technology. We're already most of the way there with everything bding written in JavaScript. Also, unironically WebAssembly.
-
RE: Housing Bubbles? Is this a housing bubble?
@Benjamin-Hall there are different ways of extra payment. You can simply upcharge the loan account, which is what you talk about - extra money that just sits there and does nothing. For people who don't have an impulsive buying problem, this is a straight downgrade from keeping the money in your regular bank account. Another way is extra capital payment. Essentially you bump up the capital part of capital+interest that make up your monthly payment. And the lower the capital, the lower the interest. The earlier you pay, the less you have to pay overall. Whether it makes sense depends on how your interest rate compares to inflation, or if you're feeling adventurous, inflation + ROI after you put that money elsewhere. And because the money immediately goes into capital, it gives zero protection against future missed payments.
-
RE: WTF Bites
Oh for fuck's sake Kotlin doesn't even have tuples.
Neither does Java 1.6, does it?
Didn't stop Scala. 18 years ago, before Android even existed.
-
RE: Housing Bubbles? Is this a housing bubble?
According to this page
$20 extra on 30-year $100k loan at APR 3-9% accelerates repayment by 2-3 years.
I'm starting to think the additional payments movement is a conspiracy by the financial elite to trick common people into voluntarily transfering even more of their wealth to the wealthy.
-
RE: Housing Bubbles? Is this a housing bubble?
@Mason_Wheeler said in Housing Bubbles? Is this a housing bubble?:
Again, see the example I gave of paying down the principal rapidly with $20/month.
$20/month, so $240/year, or $7200 over 30 years... How exactly does that allow to pay up even a puny $100k loan faster by a significant margin? How does the math work out here?
-
RE: WTF Bites
And my C-like brain really misses the semicolons.
There are semicolons in F#. You just don't need to use them. Or sometimes you can't use them because your 40-line function is just one long statement stitched together with
|>
. Which is actually a very nice way to write code if you ask me. -
RE: WTF Bites
Re tuples, common practice is to use an immutable POJO, which has the benefit of naming what the tuple is and what the members are.
If they're long-lived, sure. But in my experience, a lot of time a function simply needs to return two things at once, and they're going to get separated as soon as the function returns. Consider a function creating a matching pair of sockets, one for reading and one for writing. No way around it, it must return both. And the two are going to be passed to the opposite ends of the communication line. Creating a whole new class just so it can be constructed, returned and immediately forgotten about is just wasteful. Doing so for everything that ever returns two or more values at once is wasteful and annoying.
-
RE: WTF Bites
@LaoC I have a suspicion I'd absolutely hate working with the code you wrote.
Weak typing and FP does that you you.
Weak typing, sure. But leave functional programming out of this.
If anything, languages proclaiming to be FP are more likely to have strongly typed tuples.
Neither of the three I've used (Scheme, Erlang and Perl) does. I.e. Erlang has tuples but strongly typed they're not.
Highly recommend checking out F#. It's the best of all pure-blooded FP languages I've ever worked with. It does nearly everything right, and it's not at all obnoxious or annoying to write in. It's the first FP I've seen that doesn't feel like designed by PhD holder for PhD holders. It's basically OCaml stripped of all the stupidities, like having to repeat "in" after every variable because technically it's only good for one expression (said expression being the whole function). It also integrates very well with .Net ecosystem (though mostly one way because F# records and unions, while technically accessible in C#, compile to a bunch of classes with godawful APIs and weird types everywhere. But you can make regular classes in F# too and from the outside they look no different than those from C#.) And because it's not bound to JVM, it's not restricted by that stupid type erasure rule.
-
RE: WTF Bites
@LaoC I have a suspicion I'd absolutely hate working with the code you wrote.
Weak typing and FP does that you you.
Oh my god I just got the flashback to the two days I spent learning Clojure for job interview. It was almost as bad as Python.
I don't get people who insist on dynamic typing in functional languages. About 99% of the cool things about functional programming require a good, strong static type system with generics, inference and type classes to work.