WTF Bites
-
@Applied-Mediocrity said in WTF Bites:
Fartbird v110
Version 38.3 works fine. Why did you fuckgrade?
-
@BernieTheBernie Good question. I think I wanted to test media selectors (print) for some HTML emails for mobile, and old versions didn't support that.
-
@Applied-Mediocrity said in WTF Bites:
(print) for some HTML emails for mobile
the printer hate & passion thread is
(also: printing on mobile - that's a y combination, isn't it? When you run out of cyan - which you will do - your samsung battery is about to explode.)
-
@BernieTheBernie In retrospect it was a metric fuckload of wasted time, because nobody even reads those messages, much less prints them, thank fuck for that. But that's irrelevant, because it came from the top. See, most bosses have iPhones. I was told to arrange the first lines of the preview you see in email apps in such a way that most important information can be conveyed without opening the actual message.
But Fartbird, IIRC around v60 something didn't support CSS media queries, so much was had trying to make it work.
-
@Applied-Mediocrity said in WTF Bites:
I was told to arrange the first lines of the preview you see in email apps in such a way that most important information can be conveyed without opening the actual message.
Just change the raw text version of the template and it will work fine...
-
@Tsaukpaetra The raw version doesn't respect the line breaks, so it was not pretty.
Filed under: Clients from hell
-
Because shitty password practices deserve to be named and shamed... goddammit, Verizon, fix your shit
-
-
@izzion so many WTFs right there.
-
-
@Zecc nope, it’s cannot contain <, > or " which smells like “we don’t know how to deal with XSS and either we blindly convert everything on input and/or we have vulnerabilities we fixed badly”
-
@Arantor But they encourage the use of
&
.
-
@dkf can’t smuggle Bad Stuff in via & alone. Not even with
"
or"
and similar friends.
-
invalid character used in scripting attacks
Good lord, maybe don’t
eval
the password you fucking morons?
It’s opaque data, you don’t need to interpret its contents.
-
@topspin It's sometimes hard to ensure when you stringly type everything.
… maybe don't stringly type everything?
-
@izzion
Oh, and the other issues with that page that I forgot in between incandescent rage and other work things distracting me- You can’t paste into the password boxes
- You can’t auto fill the password boxes with the Keeper browser plugin
- The domain for the page for doing this account signup is unrelated from a computer’s perspective to the domain you’ll sign into this account with later (verizon.com for signup vs verizonenterprise.com for sign in) so the address your password manager saves won’t work with auto fill anyways.
-
maybe don’t eval the password
That could be an interesting idea...
%PATH%
should be long enough for a password.
-
@BernieTheBernie Pathword
-
-
-
@BernieTheBernie alternatively,
../../../../etc/passwd
?
-
@Arantor Servers need to be extremely careful about such things. I've seen what happens when they aren't.
-
Two days ago I ordered
stuff[]
fromvendor
. I got an email fromvendor
thanking me for my order, and I got a receipt from PayPal for my payment tovendor
. Today, I got an email fromvendor
asking if I was still interested instuff[5]
and suggesting I might also be interested instuff[3]
andstuff[8]
.Um, yes, I'm still interested in them. That's why I paid you for them.
(Whether I'll still be interested in them when they actually arrive is a different matter. They are s, to be shipped at the appropriate time for planting them. That will be a few months from now, by which time they will be a pleasant surprise, because CRS will have wiped any memory of having bought them. Unless, maybe, if
vendor
keeps spamming me with daily inquiries about my interest in them.)
-
@HardwareGeek said in WTF Bites:
Whether I'll still be interested in them when they actually arrive is a different matter.
It's pretty optimistic for you to assume you'll ever receive the parcel
-
@Tsaukpaetra said in UI Bites:
It's JQuery!
Why is this here? Is someone fucking with me right now?
Luckily this function is not called at any time, since
_
is indeed not loaded...
-
-
@Applied-Mediocrity said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
Is someone fucking with me right now?
You wish
No, I want someone to fuck me. Not fuck with me. For some reason modern parlance seems to have made what was once a team effort into a destructive stigma.
-
So THAT'S why that fucking library is called
lodash
. Everyday they find new reasons for me to hate it. (Yesterday it was making jsonwebtoken and Next.JS unable to talk to each other, which basically forces me to hand-roll RSA signature verification. And I do NOT want to hand-roll RSA signature verification. I fucking hate webdev.)
-
forces me to hand-roll RSA signature verification. And I do NOT want to hand-roll RSA signature verification.
But if you make it yourself, you can be sure it's correct :badadvicedevil:
-
@MrL well, it's JS land, so anything I handroll is almost guaranteed to be better than the popular libraries.
-
@MrL well, it's JS land, so anything I handroll is almost guaranteed to be better than the popular libraries.
Self-flattery is the best kind of compliment
-
@MrL is it self-flattery if it's also likely factually correct?
-
-
@Tsaukpaetra said in WTF Bites:
No, I want someone to fuck me. Not fuck with me.
So, you expect someone else to do 100% of the work? That's peak .
-
invalid character used in scripting attacks
Good lord, maybe don’t
eval
the password you fucking morons?
It’s opaque data, you don’t need to interpret its contents.I had a long, slow burn, argument about this sort of thing at one of my previous gigs.
-
@Zerosquare said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
No, I want someone to fuck me. Not fuck with me.
So, you expect someone else to do 100% of the work? That's peak .
I mean, the last time I tried it in the other direction literally nobody was satisfied, so why not mix it up a bit?
-
@Arantor Servers need to be extremely careful about such things. I've seen what happens when they aren't.
They slip on the path that's slippery with periods, spill all those unsalted hashes and get a bad eval from the admin?
-
So THAT'S why that fucking library is called
lodash
. Everyday they find new reasons for me to hate it. (Yesterday it was making jsonwebtoken and Next.JS unable to talk to each other, which basically forces me to hand-roll RSA signature verification. And I do NOT want to hand-roll RSA signature verification. I fucking hate webdev.)Just add yet another library that does exactly what you need but breaks in slightly odd ways for everyone else. I hear that's how node works.
-
@Carnage I tried exactly that and turns out I'm everyone else. Barfing on basic, well-formed input in the simplest use case, with exception messages that Google never heard of.
-
@Carnage I tried exactly that and turns out I'm everyone else. Barfing on basic, well-formed input in the simplest use case, with exception messages that Google never heard of.
-
I used FileZilla to scp some files from my Mac to a remote machine with NFS storage. Instead of overwriting / merging an existing folder, it managed to create two folders with identical names. Because apparently Unicode normalization isn't a thing. Or something... Who knows.
Running the output of
ls -l
through a hex editor gives two different forms of mojibake:Also known as "Latin Small Letter U with Diaeresis".
Also known as "Latin Small Letter U" with "Combining Diaeresis".
-
@topspin
German sücks
-
FileZilla
There's your problem.
I remember having a long chat with one of the developers on the notion of 'if a file doesn't have an extension, why do you assume text encoding by default in FTP'. The argument came down to 'well if you're moving binary data in files without an extension, you're doing it wrong'.
Hmm.
-
@Arantor I mean, FTP is legacy bullshit to begin with, so who cares. But I don’t want it to do “text mode” transfer ever.
-
@topspin RIGHT?
Especially in the context in question where these were files uploaded by the user originally, with extensions stripped so if there was some weirdness around paths, you couldn't accidentally upload a .php and make that runnable.
But nope, apparently we were the ones Doing It Wrong and defaulting to text mode for files with no extension is perfectly cromulent.
Never mind that it's been functionally unnecessary for years and is generally a bad idea.
-
Also, I’m no expert on this, but shouldn’t the file system driver take care of normalizing file names?
Unlike what I said about passwords , file names shouldn’t be treated as binary blobs. Ideally, the file system should be case-insensitive case-preserving. Surprisingly,
WindowsNTFS gets this right.Filed under: broken clock
-
@topspin case folding and Unicode normalisation are wildly different topics.
Interestingly this is a behaviour that changed in Apple land HFS+ would normalise (to form D if memory serves, not that it explicitly matters, the key point is that it normalises), while APFS doesn’t.
Sure, some apps do, e.g. Finder does. But it’s higher up the chain and apps don’t have to get normalised, especially if they take their content from raw Unicode as FileZilla seems to be doing here…
Thing about normalisation is that it has both its defenders and its detractors, and yet to me normalisation feels like it should be the logical thing to do - we would logically balk at “README” vs “Readme”, why would we not at different representations of the same thing?
I get the argument when you’re talking about visually-similar-but-semantically-different - semicolon vs Greek question mark level stuff perhaps but much else is mostly just pendantry that doesn’t help the user.
Fun fact: I appear to also have taught my iPad that pendantry is the correct spelling.
-
Also, I’m no expert on this, but shouldn’t the file system driver take care of normalizing file names?
Unlike what I said about passwords , file names shouldn’t be treated as binary blobs. Ideally, the file system should be case-insensitive case-preserving. Surprisingly,
WindowsNTFS gets this right.Filed under: broken clock
This being NFS, the host is probably linux, and the filesystem doesn't even know about character sets.
-
@PleegWat probably. It’s still Doing It Wrong.
-
Unlike what I said about passwords , file names shouldn’t be treated as binary blobs. Ideally, the file system should be case-insensitive case-preserving. Surprisingly,
WindowsNTFS gets this right.For small values of "right"—i.e. it work s often but where it fails, the failure mode is more obscure and potentially more dangerous. You can't use
¥
characters in NTFS file names because some Japanese encoding maps them to the backslash, nor are a whole bunch of "reserved names" allowed because they used to refer to stuff in the 1980s, but while file names are defined as being UTF-16, you can use invalid UTF-16 that will release nasal demons up the abstraction layers. They also have this nasty impedance mismatch between all the ANSI file functions and the Windows specific ones that take sorta-kind-Unicode.