WTF Bites
-
@TimeBandit Why overcomplicate things?
-
-
@cvi Or, if you want to keep your hands free:
-
WTF of my day (includes some of our favorites--npm, Visual Studio Code, Javascript, and company-side wtfs, all in one):
So we have a github repo that serves as a poor-man's private npm repo. Meaning it houses a project that we refer to in the
package.jsonbygit+ssh://git@github.com/foocorp/foopackage.git#<commit hash>and include the ssh key for that (bot, read-only) github user in the project.
#1. #2: it's referred to by commit hash. Which means that you have to be really really careful in many directions. #3: it contains way too many unrelated things, a lot of which are entirely legacy and deprecated and should never be used. With a bunch of (mostly outdated, deprecated) dependencies.But those aren't the
s of today. Occasionally some combination of npm,typescript, and Visual Studio Code barfs when moving from branch to branch (even between branches that share the same commit hash and thus the same code for that project), throwing red errors about properties not existing in the library objects, despite those existing in the code in the node_modules folder. It still compiles, however.Edit: closing and reopening VSC (or that particular window anyway) makes it go away. Still kinda obnoxious.
-
@Benjamin-Hall IME, this is common behaviour for VS Code, and not just with TypeScript or Javascript, but even with proper languages like C# where it should be easy to figure out what's what
-
@Benjamin-Hall said in WTF Bites:
WTF of my day (includes some of our favorites--npm, Visual Studio Code, Javascript, and company-side wtfs, all in one):
So we have a github repo that serves as a poor-man's private npm repo. Meaning it houses a project that we refer to in the
package.jsonbygit+ssh://git@github.com/foocorp/foopackage.git#<commit hash>and include the ssh key for that (bot, read-only) github user in the project. #1. #2: it's referred to by commit hash. Which means that you have to be really really careful in many directions. #3: it contains way too many unrelated things, a lot of which are entirely legacy and deprecated and should never be used. With a bunch of (mostly outdated, deprecated) dependencies.But those aren't the
s of today. Occasionally some combination of npm,typescript, and Visual Studio Code barfs when moving from branch to branch (even between branches that share the same commit hash and thus the same code for that project), throwing red errors about properties not existing in the library objects, despite those existing in the code in the node_modules folder. It still compiles, however.Edit: closing and reopening VSC (or that particular window anyway) makes it go away. Still kinda obnoxious.
Visual Studio Code is like the free hit of smack that a drug dealer will give you. Except if you keep using it for more than 5 minutes the drug dealer starts lacing it with rat poison and feces, until you wind up in the hospital and have to buy
Visual Studioreal drugs to fix the problem.
-
-
Visual Studio Code is like the free hit of smack that a drug dealer will give you. Except if you keep using it for more than 5 minutes the drug dealer starts lacing it with rat poison and feces, until you wind up in the hospital and have to buy
Visual Studioreal drugs to fix the problem.I've tried. From others' trip reports I expected the combined effects of smack and ritalin with a dash of coke and shrooms for good measure. Felt more like angel dust cooked up with bleach though. Went back to my
red lebanesevim without regrets.
-
This is why I have no regrets about my Sublime licence.
-
@Arantor did you know you are actually allowed to use Sublime trial forever?
-
@Arantor did you know you are actually allowed to use Sublime trial forever?
Can is not the same as allowed.
Sublime Text may be downloaded and evaluated for free, however a license must be purchased for continued use. There is currently no enforced time limit for the evaluation.
-
@topspin as long as you're not entirely sure you'll continue using it in the future, it's 100% legal and in compliance with T&C. Just keep VSCode installed. Maybe even run it once in a while if your conscience requires it.
-
@Gąska I'm not buying it, I find the price range of "continuous trial" and "$100" unfavorable. Just saying that the SCOTUS interpretation of limited time is highly questionable.
-
"Professional use of this software requires a license"
"I happen to think the way we work is extremely unprofessional, so it's cool"
-
"I happen to think the way we work is extremely unprofessional, so it's cool"
I see you are also familiar with academic licensing.
-
Hello, is this the car thread?
How hard do you think it should be to change the car battery?
I mean, I understand that the ECU needs to be positioned somewhat close to the ignition block in order to control ignition timings precisely enough. And that the ignition block is convenient to place close to the battery because it maybe leads to savings on high-current cables or something. And that there's not much volume under the bonnet, so some trade-offs are inevitable.
What I don't get is placing the ECU right on top of the only screw that fixes the car battery in place, in a plastic enclosure that sits so tight that I had to reenact that scene from Merlin with the ECU being the sword, the car being the stone and me being the King fucking Arthur. No, any less force did not suffice. No, we didn't break anything by removing the ECU this way. (We did disconnect the heating tube later by carelessly hitting it with the car battery.)
-
@Arantor Any regrets about your WinRAR license?
-
@Gąska I like to support people who make software I like. To the point where I not only bought Sublime Text 3, I also paid for the upgrade to 4.
Still no regrets.
-
@Arantor Any regrets about your WinRAR license?
Nope. Worth it when I bought it almost 20 years ago.
Less useful now though that 7-zip exists and I’d have to pay again for WinRAR.
-
@Gąska I like to support people who make software I like.
Me too. 10 years and still looking...
-
I*ve been forced to use a Windows machine at work for a bit now, and ... nothing makes sense there. Especially when it comes to security.
So, for some reason, IT locks down the browser, to the point where there is a default search engine that we're not allowed to reconfigure. (I mean, you can still go to Google or something by typing the address in the address bar, and then searching from their landing page, so the whole thing is rather useless, dumb and annoying.)
I have a local admin account. For some reason, the silly settings still apply to that one.
But the silly settings are stored in HKLM, which I can edit with the admin account for my machine.
Why isn't the admin user allowed to override those settings just from the get go? Clearly they're not "managed by the organization" at that point, they're more of a "suggested by your organization".
-
@cvi IIRC, Group Policies overwrite your machine settings every few hours, that's how they work.
-
@cvi IIRC, Group Policies overwrite your machine settings every few hours, that's how they work.
I've noticed that my settings get nuked every few days ...
But that's still entirely pointless. If I can trivially bypass locks/security settings in a few clicks, it doesn't matter that the settings get reapplied every few hours. They're still (at best) a vague suggestion.
-
@cvi IIRC, Group Policies overwrite your machine settings every few hours, that's how they work.
I've noticed that my settings get nuked every few days ...
But that's still entirely pointless. If I can trivially bypass locks/security settings in a few clicks, it doesn't matter that the settings get reapplied every few hours. They're still (at best) a vague suggestion.
You overriding their settings puts the responsibility on you should something happen.
-
@Carnage I'm fine with that. At this point, I'm more
about the way this policy stuff is implemented in Windows. Like, that's the most half-assed thing ever.
-
@Carnage I'm fine with that. At this point, I'm more
about the way this policy stuff is implemented in Windows. Like, that's the most half-assed thing ever.Yeah, I've been stuck on Windows for dev for years now. With being degrees of insanity from on high.
-
@Carnage I'm fine with that. At this point, I'm more
about the way this policy stuff is implemented in Windows. Like, that's the most half-assed thing ever.Yeah, I've been stuck on Windows for dev for years now. With being degrees of insanity from on high.
I had a brief run-in with development on a linux box. Probably the best dev environment I ever worked in. Mac is a close second. Windows' command line is just awful but I'm stuck in it for the moment. I would only wish it on my enemies. I'm a very petty man. Still waiting for Steam Linux Desktop
-
Why isn't the admin user allowed to override those settings just from the get go?
That's your organisation's choice, they can exclude the admin users but they haven't.
If they think they have a valid reason to restrict silly things like default search engine then I imagine they think that reason applies to all users.
-
@Arantor Why would you have to pay again? My key is only a little newer but it still works.
-
@Arantor Why would you have to pay again? My key is only a little newer but it still works.
Because I was under the impression that you had to rebuy it for the latest updates etc (since otherwise you only get updates for a year) and at this stage there is no compelling reason for me to use anything other than 7-zip since for everything I’ve seen, its LZMA compression is comparable, I have limited use for the newer versions of the RAR format and so on.
-
@Arantor Any regrets about your WinRAR license?
I can expense random shit now and have it written off against tax. I might buy a license for shits and giggles. Print it up and hang it on my wall.
-
@DogsB that meme got old like 6 years ago.
-
-
@Zerosquare top comment from official WinRAR account:
Just a little gift for the guy that single handedly made our sales go through the roof.
-
Windows' command line
Why would you even try? It's intentionally hostile for anything but attempting to start a program with possible parameters.
-
@Tsaukpaetra said in WTF Bites:
It's intentionally hostile for anything but attempting to start a program with possible parameters.
For some sets of possible parameters, it's also intensely hostile. The core of the problems with it come from two basic facts: target program parses the command line, and not everyone uses the same runtime. (Even MS doesn't.) You don't have that problem on more POSIX platforms because there the command line parsing is done by the caller; the diversity of command line interpreters doesn't have any impact on the programs. (The main downsides to this are that command lines have to be much larger, a significant problem 20 or more years ago, but not a big deal now.)
-
Windows' command line is just awful but I'm stuck in it for the moment.
- Git comes with bash and all the basic Unix utilities, so if you develop in git, and almost everybody does these days, you can use that.
- There is WSL2 now, in which you install almost normal Linux userland (Ubuntu or Fedora or whatever).
- If you need containers, most use Linux containers, which run on top of WSL2 in Windows, so you have that.
- If you don't use containers, try proposing running the development environment in them as a layer of defence against supply chain attacks—the build only sees the working directory and not rest of your system, so it can't steal you passwords and can be easily torn down if it forks off a bitcoin miner or something.
- Sometimes I use them via the remote - containers plugin in vscode, but I also just ran eclipse or netbeans inside a container, mapping X display either directly or using xpra.
- Just yesterday we discussed at work having to try the rancher desktop installer as alternative to the docker-for-desktop, because we would need licenses for those from February.
So, that's options to Linuxify your development environment when you are stuck with Windows.
-
The main barrier is getting IT to allow me to install them. Git is on their list of allowed applications but bash is somehow blocked. I have a VM so locked down I can't change the homepage in edge or chrome. It wipes the pinned items on the taskbar every now and then.
-
Git is on their list of allowed applications but bash is somehow blocked.
Wow, I really wonder how they managed that, because parts of git itself are implemented in that bash.
I have a VM so locked down I can't change the homepage in edge or chrome. It wipes the pinned items on the taskbar every now and then.
What do you develop in? Do you have dependencies similarly locked? Because if not, they are clearly focusing on the wrong thing (which would unfortunately imply they don't understand what they are doing, so they'll be hard to argue with).
-
Git is on their list of allowed applications but bash is somehow blocked.
Wow, I really wonder how they managed that, because parts of git itself are implemented in that bash.
Every console except for cmd is blocked. I suspect a lot of late nights were involved. They'll throw man hours at the dumbest shit.
I have a VM so locked down I can't change the homepage in edge or chrome. It wipes the pinned items on the taskbar every now and then.
What do you develop in? Do you have dependencies similarly locked? Because if not, they are clearly focusing on the wrong thing (which would unfortunately imply they don't understand what they are doing, so they'll be hard to argue with).
Locked down VM's are the latest fad in corporate security. Nevermind that they're so slow your developers are now building trivial apps at 1999 mega monolith speeds. This is the second company that I've seen this in. I've heard rumours of them turning up in some London council offices.
They did fork out for intellij ultimate and jrebel licenses though.
-
Git is on their list of allowed applications but bash is somehow blocked.
Wow, I really wonder how they managed that, because parts of git itself are implemented in that bash.
Every console except for cmd is blocked. I suspect a lot of late nights were involved. They'll throw man hours at the dumbest shit.
Can't you still run bash from the cmd though? The bash itself shouldn't be blocked or part of git wouldn't work.
I have a VM so locked down I can't change the homepage in edge or chrome. It wipes the pinned items on the taskbar every now and then.
What do you develop in? Do you have dependencies similarly locked? Because if not, they are clearly focusing on the wrong thing (which would unfortunately imply they don't understand what they are doing, so they'll be hard to argue with).
Locked down VM's are the latest fad in corporate security. Nevermind that they're so slow your developers are now building trivial apps at 1999 mega monolith speeds. This is the second company that I've seen this in. I've heard rumours of them turning up in some London council offices.
But they are clearly focusing on the wrong thing to lock down. It makes a lot of sense to have the connectivity from the VM restricted to a proxy that only whitelists the library repositories you need, or even just some internal services and get everything indirectly. So any malware that slips in can't connect to it's command servers.
But you are a programmer. You can do anything from a program you write. So it does not improve security to limit other programs you can use—because you have other ways to do the same thing, just less convenient. So if you wanted to do them for evil purposes, you still can and all it achieves is slowing down the intended job.
They did fork out for intellij ultimate and jrebel licenses though.
But do you have maven or gradle or whatever directed to pull all dependencies only from local server and a thorough review process for adding and upgrading those dependencies? Because otherwise you'll still get the malware.
-
WTF of my day: So, the MS365 suite of apps includes Whiteboard (technically, it's available for all but is included in the management tools nonetheless).
It's actually been my main tool for writing on electronic boards - it includes just enough tools (like a ruler or the ability to "lock" items so you can't accidentally move or erase them) to be very useful while not being overloaded with features. Other teachers use this as well.
Today I discovered that someone at MS had a brainfart and decided to rebase the whole thing. I mean, new UI, okay, I could live with that. But, no, they released a version with a massively reduced list of features.
- You now cannot "lock" items anymore
- Copy&pasting images to the board does not work anymore, you need to go through the "add image" workflow
- the ruler is gone (i.e. no straight lines anymore)
- "export as .svg" is gone as well
- importing a PDF or Word document is gone as well
- and, most importantly, the eraser now only does "erase by stroke" - i.e. you now only erase whole lines. Where before it was "erase by point", i.e. it worked like an actual eraser.
- there's probably more stuff missing
I actually opened a support ticket (after all, we're paying customers for MS365) and told them (diplomatically) in no uncertain terms that this is a massive shitshow and that I'd like the .appx of an older version so I can sideload that unto the schools' PCs and never update until they fix this shit.
But seriously: Who in the fuck thinks this "erase by stroke" thing to be useful? Who? No one I know actually uses that and everybody switches to the "actual eraser and not delete everything!" mode if possible.
Yes, it's easy. I realize that. However, we do not want what is "easy for you", we want "usable for us".
Seems I was not the only one to complain loudly (yes, I was that petty and even created a ticket for our MS365 solution - after all, we're paying customers - and labelled it "missing features after upgrade").
They just rolled back the "update".
The comments for Microsoft's "Welcome to the new Whiteboard" announcement probably had a role to play. The 1st page had some praise, after that 5 more pages full of complaints.
-
@Rhywden It's like MS in general are going backwards. Every new version of a thing brings more features that seemingly no-one wants.
-
@Rhywden It's like MS in general are going backwards. Every new version of a thing brings more features that seemingly no-one wants.
I have no truck with the new features - those are useful. But if you're doing a redesign then the top question should be: "Which features are essential to port to the new version?"
-
@Rhywden It's like they have to take features out to put the new ones in though.
-
Status: do we not have a thread for ServiceHow?
Anyways, so ServiceHow legs you build up these "reports", right? Put in some criteria, choose your column, handy dandy. And you can save them!
Except, the only way to have it presented is in the report editor or adding it to a dashboard? OK whatever.
But now I want to export that data to Excel. Sure! Use the discoverable method of right-clicking the column headers and there's an option for that!
Fine, but I want to get an automatic dump so I don't need to click a dozen times and mess with extra files and Shit.
Easy peasy! Just slap a
CSVin the URL of the bare report subpage parameters! Discoverable! But you do get a CSV file!Ask Excel to treat that URL as a data source. FAIL.
Why? No real clue, Excel just says "unexpected format" or someshit.
It's an ASCII file and has the required extension indicating-- wait.
Inspecting the response headers, it seems ServiceHow is telling us the content is an xls file?
Argh.
-
-
@Applied-Mediocrity said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
ServiceHow legs
It has now grown legs? We're doomed
Sorry sorry, upgraded phone, still teaching the keyboard words.
-
Git is on their list of allowed applications but bash is somehow blocked.
Wow, I really wonder how they managed that, because parts of git itself are implemented in that bash.
Every console except for cmd is blocked. I suspect a lot of late nights were involved. They'll throw man hours at the dumbest shit.
Can't you still run bash from the cmd though? The bash itself shouldn't be blocked or part of git wouldn't work.
Don't know what they've done but they have git and no access to bash.
I have a VM so locked down I can't change the homepage in edge or chrome. It wipes the pinned items on the taskbar every now and then.
What do you develop in? Do you have dependencies similarly locked? Because if not, they are clearly focusing on the wrong thing (which would unfortunately imply they don't understand what they are doing, so they'll be hard to argue with).
Locked down VM's are the latest fad in corporate security. Nevermind that they're so slow your developers are now building trivial apps at 1999 mega monolith speeds. This is the second company that I've seen this in. I've heard rumours of them turning up in some London council offices.
But they are clearly focusing on the wrong thing to lock down. It makes a lot of sense to have the connectivity from the VM restricted to a proxy that only whitelists the library repositories you need, or even just some internal services and get everything indirectly. So any malware that slips in can't connect to it's command servers.
I've a more relaxed environment but the typical user wouldn't be able to run anything that isn't white listed. There's a repository of vetted programs that users can choose from. Doesn't even have 7zip though. They're not fond of open source. There's a white list of sites the VM can connect to. I do most of my research on my personal computer.
But you are a programmer. You can do anything from a program you write. So it does not improve security to limit other programs you can use—because you have other ways to do the same thing, just less convenient. So if you wanted to do them for evil purposes, you still can and all it achieves is slowing down the intended job.
If you can write a program to escalate privileges, get around the firewall whitelist and then escape the VM to do some actual damage send me a link.
They did fork out for intellij ultimate and jrebel licenses though.
But do you have maven or gradle or whatever directed to pull all dependencies only from local server and a thorough review process for adding and upgrading those dependencies? Because otherwise you'll still get the malware.
We can't connect directly to maven central. We have to go through an internal artifactory with a process for adding new libraries. There is a further process for allowing those libraries in a production environment. We're very limited in what we an work with.
-
Depends on the weather
