The Official Status Thread

Tsaukpaetra

@HardwareGeek said in The Official Status Thread:

@Tsaukpaetra said in The Official Status Thread:

it works!

Well, there's a first time for everything, I guess.

Give it time, I just plugged it in and booted it to test.

Zerosquare

@HardwareGeek said in The Official Status Thread:

@loopback0 We can expect up to 55.5555555% uptime.

Zenith

Status: It'd be funny if it wasn't so frustrating.

Last ditch effort to was to reboot the PC because some article said the SCHANNEL DLL wouldn't pick up registry changes until the PC was rebooted. Unsubstantiated fantasy! So I went through the laborious effort of defining tests and a single structure to translate the options three different ways (one for each function) and making sure I've got every option and header defined at the right time in the right way. And the results are in:

If I enable anything higher than TLS 1.0:

• NET: shits the bed for the enumerator being out of range
• COM: shits the bed for the enumerator being out of range
• Win32: works on every page except where it really should (SSL/header checkers)

The toy store usually works but randomly flakes out.
The SSL checker connects fine but sends an "invalid response."
The header checker looks like it can't negotiate a protocol.

If I ratchet down the security to TLS 1.0:

• NET: unexpected close on everything but my page and Microsoft's page
• COM: SCHANNEL error on everything but my page and Microsoft's page
• Win32: various errors on everything but my page and Microsoft's page

The toy store looks like it can't negotiate a protocol.
The SSL checker connects fine but sends an "invalid response."
The header checker looks like it can't negotiate a protocol either.

I've got a few more headers to try but I've set just about every option I could find...

dkf

Status: Goddamn it, debugging problems with the Java module path are difficult. In particular, working out what's making everything vanish during dependency injection is really horrible; I think it is because the wrong code is being scanned during testing (and that's related to a feature/bug that was being actively worked on only a few months ago) but I'm not 100% sure. I believe I have a workaround, but I'm not going to go forward with it (for now) because the IDE doesn't work at all with it.

Almost a whole day lost to insane complexity as complicated systems fight over the meaning of my code...

Zecc

I used to like Firefox because I could run a ton of tabs without it spamming too many processes.

loopback0

@Zecc said in The Official Status Thread:

I used to like Firefox because I could run a ton of tabs without it spamming too many processes.

There are two options to stop that...

TwelveBaud

@Zecc option threeeeeee

Edit: Seriously though, don't do that. There are other knobs to twiddle with far less severe security implications.

Tsaukpaetra

Status: AAArrgrgrhhhhghghgh!!!!

---

Filed under: Something terrible has happened here...

HardwareGeek

@Tsaukpaetra said in The Official Status Thread:

Something terrible has happened here...

Yes, PHP.

Zecc

imagines PHP built on electron

balks in horror

Applied Mediocrity

@Zecc said in The Official Status Thread:

imagines PHP built on electron

The Abyss (pronounced uh-BIS) is a plane in the Outer Sphere dedicated to the rule of evil unfettered by law. Also referred to as the Outer Rifts, it is accessible through huge rents in the Maelstrom, opening into fiendish depths, vast beyond imagining.
The Abyssal realms are the myriad pocket layers within the Abyss. They have their own gravity, ecology, and denizens, and are obliterated or changed seemingly at random, as the chaotic nature of the Outer Rifts exerts itself. There is no direction, no meaning, and no safe place in the Abyss...

Arantor

@Tsaukpaetra would love to know what happened to produce this, have never managed this in my time…

Arantor

@Zecc said in The Official Status Thread:

imagines PHP built on electron

balks in horror

No, we’re not that insane even if we did experiment with PHP-GTK and PHP-Qt. We don’t want that nasty JavaScripts near us, precioussssssss, no, no, no nasty JavaScripts near us.

topspin

@Arantor said in The Official Status Thread:

we’re not that insane even if we did experiment with PHP-GTK

I'm not sure how PHP could make GTK worse.

dkf

@topspin said in The Official Status Thread:

@Arantor said in The Official Status Thread:

we’re not that insane even if we did experiment with PHP-GTK

I'm not sure how PHP could make GTK worse.

Chaotic + Evil = Chaotic-Evil.

Tsaukpaetra

@Arantor said in The Official Status Thread:

@Tsaukpaetra would love to know what happened to produce this, have never managed this in my time…

The Atom plugin for making it pretend to be an IDE for PHP apparently creates a new process for each file opened, and doesn't exit said process if the matching file is closed.

dcon

@Arantor said in The Official Status Thread:

PHP-Qt. We don’t want that nasty JavaScripts near us

You do realize what QML is...

Arantor

@dcon if you’re using PHP-Qt, you’re not using QML…

HardwareGeek

Wonderful.

weather-forecasts

Texas, Oklahoma could go from drought to deluge in a week’s time

A change in the weather pattern will bring a needed break to what’s been an exceptionally hot and dry summer for parts of the south-central U.S.

Zenith

Status: What a roller coaster. Just working out the last problems with my pinvoke. I screwed up handling response headers pretty badly.

When I tried to read the response headers, I stupidly included the flag that makes it read the request instead of the response. That was great wondering why the hell my incoming Accept-Encoding always matched the outgoing Content-Encoding. Also when I was marshalling out the headers, I forgot .NET characters a two bytes wide. The WinHttpQueryHeaders() outputs a byte count but PtrToStringAuto() wants a character count.

As a side effect of all of this, I couldn't figure out why I couldn't get anything usable out of a Deflate stream while GZip worked despite reading that they're the same algorithm. Turns out I was trying to deflate uncompressed content and then later it turned out nobody actually sends deflate as a content encoding. You either get gzip or nothing at all if it's uncompressed. I would prefer to get identity back, just like I'd prefer WinHttpQueryHeaders() to return null instead of throwing ERROR_WINHTTP_HEADER_NOT_FOUND.

But I have confidence that, yet again, my stubborn use of Win32 will trump all of the "easy" bullshit I'm supposed to use instead.

Tsaukpaetra

@Zenith said in The Official Status Thread:

But I have confidence that, yet again, my stubborn use of Win32 will trump all of the "easy" bullshit I'm supposed to use instead.

Truly wonderful.

dkf

@Zenith said in The Official Status Thread:

nobody actually sends deflate as a content encoding. You either get gzip or nothing at all if it's uncompressed.

Due to massive screw-ups in some implementations, gzip is the only one that works reliably. The others in the spec get mixed up by some servers. I don't have a good heuristic for when this happens, but the few bytes of gzip overhead is better than having to play guess-the-compression-settings (the party game for programmers that nobody wanted!)

PleegWat

@Zenith said in The Official Status Thread:

I forgot .NET characters a two bytes wide.

For HTTP? Where there's only 95 characters (97 if you count line endings) which are going to show up in practice, and they're all below 127?

Zerosquare

I'm not sure what @Zenith is ultimately trying to achieve, and web stuff is not something I know much about.

Yet I somehow feel he's making things more complicated than they should be.

HardwareGeek

@HardwareGeek said in The Official Status Thread:

Wonderful.

weather-forecasts

Texas, Oklahoma could go from drought to deluge in a week’s time

A change in the weather pattern will bring a needed break to what’s been an exceptionally hot and dry summer for parts of the south-central U.S.

Status: Surprised that my lawn is being mowed. Given the thunderstorms we had yesterday and this morning, I'd have thought they'd postpone due to weather. Not to mention the fact that it's pouring rain at this moment.

loopback0

@Zerosquare said in The Official Status Thread:

I'm not sure what @Zenith is ultimately trying to achieve

Something he'd have achieved in minutes if he'd just used a vaguely recent version of .Net.

@Zerosquare said in The Official Status Thread:

Yet I somehow feel he's making things more complicated than they should be.



Zenith

@Zerosquare said in The Official Status Thread:

I'm not sure what @Zenith is ultimately trying to achieve, and web stuff is not something I know much about.

Yet I somehow feel he's making things more complicated than they should be.

My goal is for my side business to be contained (aside from inventory and backups) on a Windows laptop. My inventrory/financial software is already written for Windows. I want to be able to charge credit cards with that same laptop, even if it means keying in the details instead of physically swiping the card.

The hurdles are:

• the card processors I know about don't make Windows-compatible hardware because they're assholes
• the card processors I know about don't support IE, despite IE being the only browser control that can be embedded in a Windows Forms application (yeah I read something about Edge but I like or have Edge), because they're hipsters
• the card processors I know about require TLS 1.2 encryption
• Windows 7 supports TLS 1.2 but stupid Microsoft tools built on top of winhttp.dll either hardcoded TLS 1.0 or won't support higher

I have one that seems like it's going to let me POST to a URL so that's why I have to write custom code directly on top of WinHttp.

Zenith

@loopback0 said in The Official Status Thread:

Something he'd have achieved in minutes if he'd just used a vaguely recent version of .Net.

"Just buy Windows 10 bro and put up with it forcibly restarting at the stupidest times whether the update is a net gain or not!"

Zerosquare

@Zenith said in The Official Status Thread:

I want to be able to charge credit cards with that same laptop, even if it means keying in the details instead of physically swiping the card.

How do other persons with the same business need solve this? I doubt they're all writing their own software solution.

@Zenith said in The Official Status Thread:

the card processors I know about don't make Windows-compatible hardware because they're assholes

If they don't support Windows, what do they support? Linux?

@Zenith said in The Official Status Thread:

the only browser control that can be embedded in a Windows Forms application

Do you actually need this, or is it just "nice to have"? How about doing the opposite (i.e. integrating your app into a browser)?

HardwareGeek

@Zenith said in The Official Status Thread:

• the card processors I know about don't support IE, ... because they're hipstersit's been deprecated for 6 years and is now unsupported by MS

loopback0

@Zenith said in The Official Status Thread:

instead of physically swiping the card.

Is physically swiping cards still a big thing in the US?
Here in the UK (and IME mainland Europe too) it's basically extinct. Card-present transactions are all done via Chip & PIN or contactless.

@Zenith said in The Official Status Thread:

even if it means keying in the details

Keying in the details counts as card-not-present though. Doesn't that cost you more?

izzion

@HardwareGeek said in The Official Status Thread:

@Zenith said in The Official Status Thread:

• the card processors I know about don't support IE, ... because they're hipstersit's been deprecated for 6 years and is now unsupported by MS

Oh, come on, what's the big deal about some minor PCI-DSS violations. Everyone loves being ultimately responsible for fraudulent charges instead of the card companies eating it, such a small price to pay to not have to install Windows Updates.

loopback0

@HardwareGeek said in The Official Status Thread:

@Zenith said in The Official Status Thread:

• the card processors I know about don't support IE, ... because they're hipstersit's been deprecated for 6 years and is now unsupported by MS

His entire thing is wanting to process customer card transactions on entirely end-of-life software that doesn't receive security updates.
PCI-DSS is for suckers.

Applied Mediocrity

@Zenith said in The Official Status Thread:

yeah I read something about Edge but I like or have Edge

You don't have to like or have it installed. Lugging the WebView2 runtime along with your program is enough. Yeah, it may crash on your x86, because it won't have enough memory. Chrome's gotta chrome, you got them there.

Windows 7 supports TLS 1.2 but stupid Microsoft tools built on top of winhttp.dll either hardcoded TLS 1.0 or won't support higher

.NET 4.8 supports TLS 1.2 just fine, when enabled using the Unified Windows Configuration GUI
I wrote a HttpListener server and had to fumble around before modern hipsterphones accepted it.

Zenith

@Zerosquare said in The Official Status Thread:

that I couldn't do without jumping through a million hoops if done the non-Windows way

This was the cause of a major fight with my brother.

I store the inventory in MSSQL. I had a prototype in mySQL when I was writing a store but it's abandoned. In order to display my MSSQL inventory on an Android app, I had to:

1. Copy it to a website. In my case, mySQL. Sure, I can get Windows/MSSQL hosting, but it's functionally moot because...
2. Write a web service to read the database and export to JSON because Android doesn't have any database drivers.
3. Write an Android application to do HTTP calls for JSON and decode it.

So, effectively, what would be

using Microsoft.SQL.Query q = new Microsoft.SQL.Query("server", "database", "select"))
{
   Window.DataGrid.Source = q.Fill();
   Window.Show();
}

became writing three applications (one to convert SQL queries to JSON and one to make HTTP calls to JSON service and one to sync the two databases.) Pain in the ass.

Zenith

@Applied-Mediocrity said in The Official Status Thread:

.NET 4.8 supports TLS 1.2 just fine, when enabled using the Unified Windows Configuration GUI
I wrote a HttpListener server and had to fumble around before modern hipsterphones accepted it.

Which invalidates exactly no part of what I said. Microsoft wrote the COM winhttp wrapper and Microsoft wrote the .NET 2.0 winhttp wrapper. Neither one of them looks at any of the registry keys used by winhttp to indicate what is actually available. Hell, the stupid COM wrapper can't even coerce its protocol enumerator without throwing a range exception.

But that's par for the course. Start reading through the .NET 4.0 reference someday. The people that wrote that are clinically braindead as far as I'm concerned. Seriously, smart people wrote the Win32 API and then you have this bullshit in .NET where they decided to make everything a signed integer. On what fucking planet would the size of any structure be a negative number? Yet here we are, casting all over the place because they were too stupid to look at the types they were passing through to.

dcon

@Arantor said in The Official Status Thread:

@dcon if you’re using PHP-Qt, you’re not using QML…

But if you're using QML, you're using Javascript!

Applied Mediocrity

@Zenith said in The Official Status Thread:

.NET 2.0

What exactly has ball-and-chained you to this?

then you have this bullshit in .NET where they decided to make everything a signed integer.

So what? I don't like it either. You can have UIntPtr, ulong and uint all over the place. I do myself, and nobody gives a damn.
ADO.NET is the only thing that doesn't recognize them (but that's because the SQL Server, which is a turducken of cosmic proportions, doesn't, so take it up with them).

casting all over the place

And so that's what's holding you back?

cabrito

@Zenith said in The Official Status Thread:

...

• the card processors I know about require TLS 1.2 encryption
• Windows 7 supports TLS 1.2 but stupid Microsoft tools built on top of winhttp.dll either hardcoded TLS 1.0 or won't support higher

Are you sure you have TLS 1,2 AND is set as default?

quoting from

Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows - Microsoft Support

Applications and services that are written by using WinHTTP for Secure Sockets Layer (SSL) connections that use the WINHTTP_OPTION_SECURE_PROTOCOLS flag can't use TLS 1.1 or TLS 1.2 protocols. This is because the definition of this flag doesn't include these applications and services.

This update adds support for DefaultSecureProtocols registry entry that allows the system administrator to specify which SSL protocols should be used when the WINHTTP_OPTION_SECURE_PROTOCOLS flag is used.

This can allow certain applications that were built to use the WinHTTP default flag to be able to leverage the newer TLS 1.2 or TLS 1.1 protocols natively without any need for updates to the application.

One or two years ago some sw complained and I needed to reaply update and re-edit the registry to fix the problem

Zenith

@Applied-Mediocrity said in The Official Status Thread:

And so that's what's holding you back?

No, I'm saying it's the most basic concept and they still fucked it up. If every API you wanted to interact with used UINT for something, would you write every single function of your helper library to use INTs? If you were wrapping enumerators, would you deliberately restrict the range to exactly what the current version uses because software never ever gets updated? There's stuff you can't avoid like not being able to wrap accessors you don't know about but come on.

Forget the total clusterfuck that is the Windows Forms namespace. That is absolute nightmare fuel.

PleegWat

@loopback0 said in The Official Status Thread:

Is physically swiping cards still a big thing in the US?
Here in the UK (and IME mainland Europe too) it's basically extinct. Card-present transactions are all done via Chip & PIN or contactless.

Main variable I've noticed is whether transactions above the contactless-only threshold go to contactless-and-pin or chip-and-pin.

But in the US? I wouldn't be surprised if swipe-and-signature was still common.

Zenith

@cabrito said in The Official Status Thread:

Are you sure you have TLS 1,2 AND is set as default?

Yes. That article, and every copy parroted by screen scrapers, is wrong. I set the keys in [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols] and [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp] and [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727] and rebooted. It just doesn't work outside of P-Invoke.

Applied Mediocrity

@Zenith said in The Official Status Thread:

@Applied-Mediocrity said in The Official Status Thread:

And so that's what's holding you back?

I'm saying it's the most basic concept and they still fucked it up

And it's entirely inconsequential. Typing a couple more letters doesn't seem like a hair-pulling amount of work.

If every API you wanted to interact with used UINT for something, would you write every single function of your helper library to use INTs?

I write every single function with unsigned integers (where appropriate), but especially the pinvokes. Nobody gives a damn.

If you were wrapping enumerators, would you deliberately restrict the range

You can use unsigned types for enumerators.

public enum MyEnum : uint

Forget the total clusterfuck that is the Windows Forms namespace.

Zenith

@PleegWat said in The Official Status Thread:

But in the US? I wouldn't be surprised if swipe-and-signature was still common.

We finally have chip readers (with swipe backup) pretty much everywhere except stuff like conventions where nobody wants to pay $50 for a chip reader with a quick-draining non-replaceable battery and puts up a cash-only sign. I like to run counter to business culture and try to accommodate customers so I still bring the swipe reader but it's hardly worth it with the volume I put through it.

A problem I've been running into is the chips don't have the durability of the magnetic stripe. Card lifetime is about three years and the chips work for about two at best. I never had that problem with magnetic stripes.

Zenith

@Applied-Mediocrity said in The Official Status Thread:

If you were wrapping enumerators, would you deliberately restrict the range

You can use unsigned types for enumerators.
public enum MyEnum : uint

Missing my point. If you used an enumerator for a version, would you write code like this?

public enum FordCarYears
{
  Y1908 = 1908,
  ...
  Y2021 = 2021,
  Y2022 = 2022
}
public void PrintCarInfo (FordCarYears Enumerator_X)
{
  if (Enumerator_X > 2022)
  {
    throw RangeException(LOLWTFBBQ_I_R_A_ENGINEER_buy_my_new_dll_next_year_for_2023_and_again_for_2024_because_nobody_can_see_those_values_coming);
  }
}

Because Microsoft does.

Applied Mediocrity

@Zenith No. In most cases I would write if (!Enum.IsDefined()) to be extra -ic.

And if faced with a legacy DLL problem where I'd absolutely had to have undefined integer value downstream of it, I'd probably patch it with Harmony.

Zenith

@Applied-Mediocrity said in The Official Status Thread:

You can have UIntPtr, ulong and uint all over the place. I do myself, and nobody gives a damn.

I used to get shit about that all the time when I was officially a developer. I wouldn't be surprised if some update to .NET reduces the base types to string, int, and bool. Hell, why not go full retard all the way down to just var? Then every Senior Front End Full Stack Visual Experience Imagineer can be a C# programmer too.

Applied Mediocrity

@Zenith said in The Official Status Thread:

I used to get shit about that all the time when I was officially a developer

Unless you're mangling binary data, which in C# world is super-rare, it doesn't even matter.

I wouldn't be surprised if some update to .NET reduces the base types

They've added function pointers now.

and bool

And I forgot to ask how you feel about Win32 BOOL vs .NET bool. But I think I know the answer.
"Why I have to tell the marshaller not to fuck it up! They had one job! "

Zenith

@Applied-Mediocrity So far I haven't had problems with booleans. I know

@HardwareGeek said in The Official Status Thread:

@Zenith said in The Official Status Thread:

• the card processors I know about don't support IE, ... because they're hipstersit's been deprecated for 6 years and is now unsupported by MS

They stopped supporting IE before IE11 was released. This has been an on-again-off-again problem for several years.

Zecc

@Zenith said in The Official Status Thread:

Android doesn't have any database drivers.

SQLite