WTF Bites
-
I love how when I need to test something with HTTPS, I just load up a random MDN page and start modifying the page with the inspector and running scripts in the console.
-
@obeselymorbid said in WTF Bites:
If I recall correctly Firefox a couple versions back introduced a feature where it refuses to fill saved passwords without SSL.
The solution is setting signon.autoFillForms.http in about:config to true.I just tried that. Unfortunately it still didn't work. :/
Next I also tried using https. Then of course firefox wouldn't even let me connect without adding a security exception first and complaining "this connection isn't secure". Because obviously this thing is by definition on a LAN. How exactly do they figure it should provide a signed cert?
Anyways, it also didn't save on https.
-
Here's a
Google's multiple-account handling. I have two google accounts: one personal (gmail.com). the other organization-managed (inteach.org). On my home computer, I had the Google Drive Sync set up to use my school account (because that's what I needed access to most of the time). My browser, however, was set to default to my personal account, because that's where all my personal stuff is.
And then they deprecated the google drive sync app for managed accounts and split the two apart:
- Google Drive Backup and Sync for personal accounts
- Google Drive File Stream for managed accounts.
So I get the notification "This is going away, get the new hotness" and click on it. And it pops up a page saying "you can't do that on your personal account." So I switch to my work account (using the account switcher), and...same result. Because it didn't really switch. I had to fully log out of my personal account, log into my work one, do the download, then log out of that and back into my personal account. I couldn't just switch back because it had set my work account as the new default. And now I'll have two separate Google Drive sync apps active (plus OneDrive and Dropbox...)
Sigh.
-
@anotherusername said in WTF Bites:
@pie_flavor said in WTF Bites:
@pie_flavor That's wrong too. It's never been Helvetica. It's always been Roboto. Apparently, Roboto works by default in Chrome, but if you have it installed on your system, it'll override the one in Chrome. I uninstalled Roboto from my computer and relaunched Chrome and now everything's back to normal.
Fuckin' <whatever software is actually at fault here>.Closer, but still not quite right. It's a web font; it does default to local Roboto, but if it's not installed then the CSS specifies to load a woff file and the font works just fine. Go to the fonts section of the inspector and you should see the
@font-face
rule that declares the font.TRWTF appears to be that your local Roboto font had a crappy-looking
r
. Maybe an old version and it was fixed in a later version.No. It works just fine on all pixel text sizes on local programs. It's only Chrome that it does this with.
-
@pie_flavor could just be an artifact of how Chrome uses hardware acceleration / DPI scaling or something like that. I still expect it's something that was fixed in the font itself, in a later version than whatever you had.
-
@benjamin-hall It still amazes me that, despite Google's whole multi sign in thing, which completely extends to Drive and Docs and etc., if you open someone else's Google Doc, you can only open it with /u/0, and it goes to the trouble of creating grayed out radio buttons with the other signed in accounts but doesn't let you use them.
-
another fine example of Google's care about permission granularity.
Google doesn't understand granularity in general. The YouTube Data API is a huge mess to work with. Want to edit a video description? The API to do that requires a bunch of other stuff to be sent too or it will blank those fields, but it takes two separate unrelated requests to get the required information for that.
-
How exactly do they figure it should provide a signed cert?
Easy! You create your own Certificate Authority and add the public key to your Trusted Certificate Authorities store, and get the certificate signed against that! Easy peazy!
-
@tsaukpaetra said in WTF Bites:
Easy! You create your own Certificate Authority and add the public key to your Trusted Certificate Authorities store, and get the certificate signed against that! Easy peazy!
Has anyone done a non-shonky GUI app for that? The only tools I've ever used for it have been both entirely CLI things and nasty as hell but were workable (by me) once I wrapped a bunch of my own scripts around the front end. Since they were just for what I was doing at the time (and driven by CSV) they were totally not built for anyone else to use, but I'd have thought someone could do a better job making a GUI for building small-scale CAs pretty easily. OK, it might not win blakey's approval, but it would be possible to do something reasonable with not particularly much effort; it's only really the initial setup that is truly awful.
-
Has anyone done a non-shonky GUI app for that?
The one in FreeNAS isn't too terrible:
But I think they're revamping the UI so it might end up looking like a cookie cutter Material Design app.
-
@anotherusername said in WTF Bites:
@topspin one weird thing is that Firefox thinks the form is insecure even if it's on a secure (https) page inside an iframe, if the iframe itself is in an insecure (http) page.
I guess it is theoretically possible that the form data could be sent from the secure page to the insecure page (
Window.postMessage
is about the only way that I can think of).But then, if we're talking about what is theoretically possible, a secure page could glom the form data and stick it in a HTTP URL in an image
src
, thus exposing it to potentially be read by a MITM attacker. This will generate a mixed content warning, but it isn't blocked by default for images.I'm not a security guy, but I'm pretty sure that's entirely because you could fake the iframe in any number of ways by modifying the HTTP source in transit. Including setting its source to a MITM that looks (and behaves) exactly like the one you were expecting.
-
@tsaukpaetra said in WTF Bites:
Has anyone done a non-shonky GUI app for that?
The one in FreeNAS isn't too terrible:
That would have been better split into two, one for the identity of the CA (where you need to edit many of the fields) and one for the security features of CA certificate (where changing the defaults is much trickier).
Similarly there. It's not rocket surgery, guys!
-
-
not rocket surgery
No, it's security! Even worse!
You know what they say about that stuff, right?
-
@tsaukpaetra said in WTF Bites:
You know what they say about that stuff, right?
I've always observed security apps to be done by Misanthrope Central…
-
@pie_flavor said in WTF Bites:
No. It works just fine on all pixel text sizes on local programs. It's only Chrome that it does this with
Try Firefox
-
@jaloopa Nah
-
@sloosecannon I was actually about to suggest AD CS (not trolling) but you might need AD DS. I noticed in Windows Server 2016, it added support for offline requests for devices that don't know how to do online requests.
-
-
@coldandtired reminded me of a with 7-Zip: when I try to select items inside the 7-Zip File Manager window, my cursor gets teleported as far right as possible, meaning it ends up all the way on my right monitor and I have to move it all the way back to inside the 7-Zip window on my left monitor in order to actually select anything. Happens 100% of the time.
-
@lb_ That's the bunny. 7-zip window scrolls all the way to the right and the cursor goes flying :(
-
I've literally never seen that, and I just tried to reproduce it. Maybe it's a multi monitor thing? Or some version?
-
@tsaukpaetra Lifetime: 3,650. So usable!
-
@coderpatsy I did a bit of research and it looks like a Windows 10 Fall Creators' Update issue.
Someone has apparently written a fix
-
@benjamin-hall said in WTF Bites:
Google Drive File Stream for managed accounts.
Absolute piece of shit. I uninstalled that on my work account and put Backup back on. Drive letter is assigned, you cannot change it. And it will change if you're using G: already. Fucking useless. (I have a drive on G already - Fuck You Google.)
-
@greybeard said in WTF Bites:
@tsaukpaetra Lifetime: 3,650. So usable!
Not quite 10 years worth of days.
-
@pleegwat Would it have killed them to put a “days” label after that?
And everyone knows that internal CAs should expire in early 2038.
-
@heterodox said in WTF Bites:
@sloosecannon I was actually about to suggest AD CS (not trolling) but you might need AD DS. I noticed in Windows Server 2016, it added support for offline requests for devices that don't know how to do online requests.
Yeah, it's actually not that bad to deal with. But yeah every time I've encountered them, they've been tied into a domain. Not sure if it's possible to run without.
-
I have been told that this is not satire.
-
https://i.imgur.com/EuVTMQb.png
https://i.imgur.com/8tzW6om.pngThis is completely wrong, right?
-
@pie_flavor said in WTF Bites:
https://i.imgur.com/EuVTMQb.png
https://i.imgur.com/8tzW6om.pngThis is completely wrong, right?
What is completely wrong? That the order of evaluation of && and ¦¦ is not guaranteed to be left to right always? Or that evaluation necessarily stops at the first
false
? because I've been bitten by both.
-
@tsaukpaetra Both. And yeah, I just looked at the C++ standard and it's one of the only operators where it is guaranteed. I dunno what this guy is smoking.
-
@pie_flavor said in WTF Bites:
@tsaukpaetra Both. And yeah, I just looked at the C++ standard and it's one of the only operators where it is guaranteed. I dunno what this guy is smoking.
Maybe they've confused the order of expressions in an if statement with the order of evaluation of function arguments. (Which in Java is left to right but undefined in C/C++ until C++17.)
-
@pie_flavor Yeah, completely wrong. I can’t think of a language with && which doesn’t define it to short-circuit evaluation.
-
@greybeard said in WTF Bites:
@pie_flavor Yeah, completely wrong. I can’t think of a language with && which doesn’t define it to short-circuit evaluation.
I guess I'll submit a bug report for the Tiny Expression Evaluation library my IRC bot uses, for it will evaluate all arguments into the if function before actually doing the comparison...
-
@tsaukpaetra What does that have to do with anything? The two sides of && aren’t arguments into a function. Unless the && operator is syntactic sugar for a function call.
-
@greybeard he didn't say anything about it short circuiting or not. He was talking about whether the right side or left side gets evaluated first. His point was that you might assume that the left side would be evaluated, and as it'd be false, the right side wouldn't be evaluated. But his claim was that it just as well might start with the right side.
That said, I'd be pretty surprised to learn of a language where the evaluation order in that sort of situation was undefined.
I do wish the second example wasn't cut off that screenshot, though.
-
@greybeard said in WTF Bites:
@tsaukpaetra What does that have to do with anything? The two sides of && aren’t arguments into a function. Unless the && operator is syntactic sugar for a function call.
IIRC in the parser it actually is an implicit function call, will dig through the source if interest is maintained. Essentially, all the mathematical operators are illicit function calls, and their order is non-deterministic on the same ooo plane.
However, both sides will be evaluated fully for said function calls, which made for fun gotchas for things like
if(truthy, onething(),otherthing())
where I only wanted to execute one of the things.
-
@anotherusername Do you even know what “short circuit” means in this context? For && it means the right side isn’t evaluated if the left side is false. That’s not possible unless the left side is evaluated first.
The quoted balderdash talked about whether the right side could be evaluated when the left was false. It made a false assertion about the semantics of C and C++—in those languages && is defined to short circuit.
-
@greybeard It could just as easily evaluate the right side first, and then short circuit so that the left side wouldn't be evaluated if the right side is false.
Short circuiting just means that when evaluating
&&
, the second one won't be evaluated if the first one evaluated is false. It doesn't mean that the left side is "first" and the right "second"; it could just as easily be defined to go the other way around.
-
I couldn't find the thread where Blakeyrat was talking about it, but someone mentioned that Firefox was the only browser that fires mouse over events on disabled buttons.
-
@anotherusername If it weren't for the C and C++ language specifications defining && as evaluating left-to-right.
Right-to-left might make sense in a language written in a RTL script or in a troll language, but for ordinary development it is reasonable to expect && to short circuit left-to-right.
-
@greybeard said in WTF Bites:
@pie_flavor Yeah, completely wrong. I can’t think of a language with && which doesn’t define it to short-circuit evaluation.
&&
is literally the symbol for the short-circuiting&
operator.There are a few languages with non-short-circuiting AND operators, though, like SQL.
-
@ben_lubar said in WTF Bites:
&&
is literally the symbol for the short-circuiting&
operator.In C/C++? No.
&&
is literally the symbol for logical AND, while&
is the symbol for bitwise AND. Logical AND implicitly casts both arguments to typebool
and the result is abool
. It evaluates from left to right, and short circuits. Bitwise AND requires that the arguments be integral types and compares them bit by bit; as such it obviously cannot short circuit.
-
-
@ben_lubar nevertheless, it was still a logical operator, while the other was a bitwise operator.
a && b
produced an entirely different result froma & b
.
-
@anotherusername said in WTF Bites:
@greybeard It could just as easily evaluate the right side first, and then short circuit so that the left side wouldn't be evaluated if the right side is false.
Short circuiting just means that when evaluating
&&
, the second one won't be evaluated if the first one evaluated is false. It doesn't mean that the left side is "first" and the right "second"; it could just as easily be defined to go the other way around.So are you telling me that every time I wrote something like
if( !ptr || ptr->test() )
orif( ptr && ptr->doit() )
I was doing it wrong?
-
@zecc I think @anotherusername's point is that you could have short circuiting with a different order of evaluation, or without a defined order of evaluation. If the order of evaluation was defined the other way around you would have to write
if( ptr->doit() && ptr )
rather thanif( ptr && ptr->doit() )
.You could even design a language for which the equivalent operators evaluated in any convenient order, but short circuited where appropriate. It'd be the worst of both worlds, because you couldn't rely on short circuiting to do tests like
if( ptr && ptr->doit() )
, but you also couldn't rely on both arguments being evaluated, which you get in non-short-circuiting languages. Nevertheless, you could design a language that way if you really wanted.
-
Screw you, Robin!
It's especially infuriating because the only places I can find these albums is on amazon.com and itunes
Listen to better music, then.
-
@greybeard said in WTF Bites:
And everyone knows that internal CAs should expire in early 2038.
So that's 2 × 3650 = 7300 days?