WTF Bites
-
@Mason_Wheeler said in WTF Bites:
@sebastian-galczynski said in WTF Bites:
JSON is no fun. If you make a typo, it can't be parsed at all and someone has to fix it. CSV can achieve miracles.
JSON streaming parsers do exist.
Pull parsers are fucking fast, too. And light. As hell. It is necessary to swear given the order of magnitude.
-
Imagine if you had to write a large JSON file by hand to configure a system because there’s no installer package because the devs are too (something) to write one.
Imagine if that before you had the JSON configuration file you had an ini file. But now it’s much more better because the devs have less code and can “nest configuration so it’s easier to find”.
-
@Arantor bit of false choice. In either case, if you're starting from empty, it's swearing time.
For an INI file, assuming it's flat, because that's not a well-defined format, you need to infer any structure from the key names, and past the kv format you can't programmatically check it. I'm guessing that the need to quote values is the fridge too far?
-
Imagine if you had to write a large JSON file by hand to configure a system because there’s no installer package because the devs are too (something) to write one.
Imagine if that before you had the JSON configuration file you had an ini file. But now it’s much more better because the devs have less code and can “nest configuration so it’s easier to find”.
Configuration files written in a language that doesn't support comments or trailing commas? Brilliant, this sounds like a Microsoft* idea.
*though I learned recently they apparently use a variant called JSONC that allows comments; I've also learned of another variant, called JSON5, that's apparently actually usable for config files.
-
variant called JSONC
variant, called JSON5
The superset called YAML seems to be winning.
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
-
@Benjamin-Hall said in WTF Bites:
@sebastian-galczynski I have to manually type JSON to do our database changelogs (that get translated into SQL via liquibase). And it's a particularly obnoxious, super-verbose format. And the parser is insanely picky, including rejecting the file if there is the tab character anywhere. It even has an error message to use spaces instead.
Most places I've been the last 10 years have used the XML files for liquibase.
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
Anyone that has had to troubleshoot a few thousand lines of yaml is ready to stab the creators in the face with a rusty spoon.
-
@Benjamin-Hall said in WTF Bites:
@sebastian-galczynski I have to manually type JSON to do our database changelogs (that get translated into SQL via liquibase). And it's a particularly obnoxious, super-verbose format. And the parser is insanely picky, including rejecting the file if there is the tab character anywhere. It even has an error message to use spaces instead.
Most places I've been the last 10 years have used the XML files for liquibase.
Yeah. Funny thing is...we use both in different parts.
Our oldest ones? Actually in SQL, run straight through liquibase (but only in ephemeral environments like sandboxes, to do all the stuff that happened before we started using liquibase[1])
Then there are a group of xml changesets, as well as the master changelog file.
But anything new uses JSON. Why? It was that way when I started.
[1] back when they were making production changes by hand, on the fly, by logging into the master database and running scripts or manual code against it. Release processes? What's that! Rollbacks? Don't need those. Replicatability? Nah. Test environments? We've got production!
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
Anyone that has had to troubleshoot a few thousand lines of %s is ready to stab the creators in the face with a rusty spoon.
This holds for all known config formats.
Except for Apache configs.
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
Anyone that has had to troubleshoot a few thousand lines of %s is ready to stab the creators in the face with a rusty spoon.
This holds for all known config formats.
Except for Apache configs.
Because for Apache you'd rather nuke from orbit?
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
Anyone that has had to troubleshoot a few thousand lines of %s is ready to stab the creators in the face with a rusty spoon.
This holds for all known config formats.
Except for Apache configs.
Because for Apache you'd rather nuke from orbit?
Those are fine, what's your problem?
httpd.conf
is a friendly and welcoming place.
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
Anyone that has had to troubleshoot a few thousand lines of %s is ready to stab the creators in the face with a rusty spoon.
This holds for all known config formats.
Except for Apache configs.
Because for Apache you'd rather nuke from orbit?
Those are fine, what's your problem?
I haven't touched Apache configs in 20 years or so. Back then any obtuse misconfiguration would mean your server would be sharing child porn within minutes of coming online.
-
obtuse misconfiguration
Impossible. There's even helpful examples right in it!
It would be opaque misconfiguration.
-
obtuse misconfiguration
Impossible. There's even helpful examples right in it!
Indeed!
-
@Medinoc see personally I’d go for TOML.
- clear and readable structure
- clear where values start and end, including data types
- nesting if you want it in a way that makes sense
- indentation optional not syntactically relevant
- supports comments
Downside is that streaming is a pain. But it’s all the things we liked about INI files with all of the benefits of what we learned from doing it.
JSON isn’t a configuration format, it’s a serialisation format and any use for configuration is some value of stupid. Use the right tools for the job.
-
I’d go for TOML.
I don't mind YAML for configs, but my IDE supports editing it so it's non-painful. Only a total madman would use YAML for serialization though; JSON is much better for that.
-
Edit: Found it: https://www.arp242.net/yaml-config.html
I mean, the part
And accidentally getting the indentation wrong often isn’t an error; it will often just deserialize to something you didn’t intend. Happy debugging!
makes me want to stab the creator(s) with a dull rusty spoon already.
-
variant called JSONC
variant, called JSON5The superset called YAML seems to be winning.
Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
Edit: Found it: https://www.arp242.net/yaml-config.html
Anyone that has had to troubleshoot a few thousand lines of yaml is ready to stab the creators in the face with a rusty spoon.
How about YAML that's embedded inside a Ruby preprocessing script? Or was it Ruby embedded inside a YAML file? I don't remember.
-
@HardwareGeek Ruby in Bash in YAML? I could believe that...
-
-
@BernieTheBernie said in WTF Bites:
Wanna keep your files secure on a thumb drive?
What about the "Verbatim Keypad Secure"?
OK, then read
https://www.kiratas.com/2022/06/08/verbatim-encrypting-usb-stick-insecure-expert-reveals-vulnerabilities-2/
Of course, Verbatim just ignores these facts.
Are they keeping their web host on a secure thumb drive?
-
@Zecc But... that spoon isn't even rusty.
And it looks quite sharp.
-
https://www.youtube.com/watch?v=yn8Cb-4c5to
TL;DW: Man and woman have "intimate encounters" in an automobile insured by Geico. Woman contracts a disease from the encounters. Woman claims Geico should pay for her "injury" that occurred in the insured vehicle. Arbiter, trial court, and appeal court all agree.
Edit: The trial and appeal courts ruled against Geico basically because they failed to get involved during arbitration, and it is extremely rare for a court to overturn an arbitration award unless there was bribery or some such thing involved in the arbitrator's decision. At this point, the woman has a judgement against the man. Whether the damage is covered by insurance is still an open question in Federal court. (Insurance policies typically cover very broadly "injuries" sustained through the "use of" a vehicle, unless the injury is specifically excluded by the policy, and apparently nobody ever thought of STDs as something that needed to be excluded — until this case, anyway.) It may end up with the woman's judgement standing against the man, with Geico being found not liable for insuring the injury.
-
@HardwareGeek Ruby in Bash in YAML? I could believe that...
I have bash in docker-compose.yml, because it's apparently the only way to start containers in proper order after they removed the healthcheck feature. I tried to find some more civilized solution, but apparently there's none. Every answer just said "use k8s". So I created another container "setup" which checks container A, then opens a socket with
nc -l
, while container B has entrypoint like this:command: - bash - -c - | echo "Waiting for setup to finish..." until (echo -n | nc setup 666); do echo "Waiting for setup to finish..." sleep 10 done; original-entrypoint
And no, I won't run k8s just to write some CSV parser.
-
@sebastian-galczynski Compose can say that a given container depends on another but I think it relates to the given container starting rather than entering some steady state.
-
@BernieTheBernie said in WTF Bites:
Linux is so secure.
From the article:
This flaw allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a privilege escalation threat,
See, that's why Windows is the superior OS. Usually, you don't need a valid local account for privilege escalation
-
@sebastian-galczynski Compose can say that a given container depends on another but I think it relates to the given container starting rather than entering some steady state.
Since version 3.0 yes. In 2.0 there was the possibility to include a healthcheck in depends_on. They removed it in 3.0 because of some compatibility issues or something. Although maybe it can be used again?. The new spec seems to allow that, but will it work?
-
@sebastian-galczynski depends_on is still present but it doesn't check a healthcheck, it just ensures the container has started. For my uses that's enough but I can see how in your it might not be.
-
This is a digital copy of a book that was prcscrvod for gcncrations on library shclvcs bcforc it was carcfully scannod by Google as pari of a projcct
That's the easy part, the part that was obviously written by Google, then printed out, put on a wooden table and photographed back in to be 0CRd.
Why do they do this to themselves? The preamble, at least on my screen, is so badly kerned that the letters almost overlap each other. It's no wonder the OCR has trouble with it.
They're obviously overconfident in their OCR because nobody ever went to check, so they've set up this pipeline that produces the scanned PDF as the master and then derives all other formats from that. They probably scan so many books that most of them are never actually read by anyone in anything else but PDF. Even if every single one of these tried to send them an email asking WTF they've been doing, about 1% would get past the byzantine Google support contact pages and most of those would get a canned response from an AI or a Bangalore call center. What the headofs get to see is "we only receive negative feedback for 0.001% of our scans!!!!1"
-
@sebastian-galczynski said in WTF Bites:
¹ Not exactly walking distance from my place 20 years ago but same island.
The Filipino dude is probably just a hosting company. The producer of the the tablet was based in Prutting, Bavaria.
I know, that was actual walking distance. The hosting is in Germany; the Filipino dude (you can find his Facebook page) seems to be just reselling webspace with his "web design" services.
-
@sebastian-galczynski said in WTF Bites:
Back when I dealt with map coordinates, the Atlantic somewhere off of Gabon was favourite as bad data was inevitably putting things at 0,0. At least in that case, there were no worries about swapping coordinates.
Sadly Google Maps started removing photos from that location. It was a very interesting mix.
They should at least make StreetView available there.
-
The superset called YAML seems to be winning.
Except at Microsoft. Microsoft usually sticks to JSON+Comments.
Also, some places use TOML instead.Except it has its own problems for config files (let's see if I can find that link), and I can't stand a language that demands leading spaces and chokes on tabs.
See also
Found it: https://www.arp242.net/yaml-config.html
… note the article conclusion says
Don’t get me wrong, it’s not like YAML is absolutely terrible – it’s probably better than using JSON – but it’s not exactly great either.
Anyone that has had to troubleshoot a few thousand lines of yaml is ready to stab the creators in the face with a rusty spoon.
… now make that a bunch of go templates expanding to yaml.
Especially all the templates written like
{{- whatever }}
to eat the preceding, but not following, whitespace, are fun . It's a nibble more bearable since they introduced the nindent function because now at least it mostly works with using the same combination of minuses everywhere.
-
@Medinoc see personally I’d go for TOML.
- clear and readable structure
I wouldn't really call those double-bracketed “sections” clear. Or rather, it can usually be described in a way that makes it clear how to configure it, but the correspondence to the loaded data structure is a bit funny.
-
@Bulb I dunno, ini files always seemed so intuitive to me that I never thought to read them any other way. But as standards tell us, you can never have enough interpretations of the same basic idea that are all slightly different and incompatible.
-
@HardwareGeek said in WTF Bites:
It may end up with the woman's judgement standing against the man, with Geico being found not liable for insuring the injury.
… which would be a sane result (from the brief information about the case at least).
-
@sebastian-galczynski said in WTF Bites:
@HardwareGeek Ruby in Bash in YAML? I could believe that...
I have bash in docker-compose.yml, because it's apparently the only way to start containers in proper order after they removed the healthcheck feature. I tried to find some more civilized solution, but apparently there's none. Every answer just said "use k8s".
… which would most likely just result in the same shell script being wrapped in slightly different YAML. Or maybe slightly different shell script, but you'd still need one. Because kubernetes supports running an ‘init’ container to completion before starting the main one, but does not support any dependencies between the service containers whatsoever. It is one of the few points where docker-compose is actually a bit more capable than kubernetes.
-
… now make that a bunch of go templates expanding to yaml.
Especially all the templates written like {{- whatever }} to eat the preceding, but not following, whitespace, are fun . It's a nibble more bearable since they introduced the nindent function because now at least it mostly works with using the same combination of minuses everywhere.
-
@Bulb I dunno, ini files always seemed so intuitive to me that I never thought to read them any other way. But as standards tell us, you can never have enough interpretations of the same basic idea that are all slightly different and incompatible.
Ini files are fairly intuitive, but they can't contain arbitrary structures. And what I am saying is that the way TOML extends them so they can is a bit … well, I see a disconnect between how you'd describe a specific TOML-based configuration format to the user and the actual rules for TOML parsing.
-
seems to be just reselling webspace with his "web design" services.
Your scare quotes aren't scary enough.
Imagine being so bad at something and still selling it as a professional service...
Oh wait, that's
ITindustry for you.
-
@Bulb I think the implication is that if you need to do gnarly shit you can but where possible just keep it simple, TOML is geared to the simpler cases first I think.
-
@BernieTheBernie said in WTF Bites:
Wanna keep your files secure on a thumb drive?
What about the "Verbatim Keypad Secure"?
OK, then read
https://www.kiratas.com/2022/06/08/verbatim-encrypting-usb-stick-insecure-expert-reveals-vulnerabilities-2/
Of course, Verbatim just ignores these facts.
Are they keeping their web host on a secure thumb drive?
Hm. Try some other links.
First of all, Heise.de, where I found the original message - albeit in German:
That article links to a blog by the security researcher. It shows many many technical details...
Have fun with that!
-
@Bulb I think the implication is that if you need to do gnarly shit you can but where possible just keep it simple, TOML is geared to the simpler cases first I think.
Yes, it is geared towards the cases that are simple enough that you can expect a non-technical user to still be able to fill in, and does a fairly good job at those. Trying to serialize something with deep structure, say Kubernetes Deployment specification, in it would probably end up rather weird though.
-
@Bulb configuration != serialisation though.
For something like K8s config, all the choices are just differently horrible because of complexity requirements.
-
@BernieTheBernie said in WTF Bites:
I know it's not but it looks like a USB cheese grater in the thumbnail.
-
@Arantor The Kubernetes objects are kinda complex, but something like JSonnet would work fairly well. Unfortunately, the crowd went the go-templates-producing-yaml way and the ksonnect project is dead
-
@TimeBandit said in WTF Bites:
you don't need a valid local account for privilege escalation
That's what McAfee is for!
-
They're obviously overconfident in their OCR because nobody ever went to check, so they've set up this pipeline that produces the scanned PDF as the master and then derives all other formats from that.
I've seen real OCR pipelines used for digitisation, and they were full of cross-checking to try to ensure that this stuff didn't happen. (You'd still get fuck-ups, but usually those were outright mis-scans of one form or another.) One of the simpler techniques is to use several OCR systems (perhaps with an AI to clean up the result in some cases) and to compare the results, referring to a human in the case of unresolvable failure. (There are also techniques for doing text detection that cope with wildly varying brightnesses of images; it's related to identifying apparent elevations of peaks in a landscape.)
It sounds like the Google digitisation is using none of that stuff, probably because the people working on it are glorified interns instead of proper digital librarians or experts in image processing.
-
ini files always seemed so intuitive to me that I never thought to read them any other way.
They're intuitive for simple stuff, but then so too is YAML and JSON and even goddamn XML.
-
@dkf IME, YAML seems intuitive but the indentation kills you until you learn by having it beaten into you how much it matters, and JSON seems intuitive until you get some numpty throw a large blob at you that’s minified and missing a quote somewhere. Also, fuck JSON’s dislike of trailing commas.