WTF Bites
-
@Zerosquare said in WTF Bites:
Add a bit of Javascript that reloads the image using http if the https version fails to load (or just hardcode it to detect IE specifically)?
Way too much work. Especially since the current production version just uses
http
and the change to usehttps
was introduced by me as part of fixing a separate issue (that turned out to be an invalid api key).
-
@Benjamin-Hall said in WTF Bites:
IE and firefox for windows: will only load the image over http. Shows a broken image icon if https is used.
Have you tried to investigate why'dtheydoit? Some unsupported ciphersuite? Perhaps too new? Incorrect handling of subject alternate names?
… definitely a proper WTF, but the cause would be sort of interesting.
-
@Benjamin-Hall said in WTF Bites:
IE and firefox for windows: will only load the image over http. Shows a broken image icon if https is used.
Have you tried to investigate why'dtheydoit? Some unsupported ciphersuite? Perhaps too new? Incorrect handling of subject alternate names?
… definitely a proper WTF, but the cause would be sort of interesting.
I'd love to know, but we really need this thing out the door.
As far as I can tell, if the img src is https it doesn't even fire the request. Doesn't show up in the network inspector at all. Not a trace. Just silently ignores it.
-
@Benjamin-Hall Content Security Policy gone horribly wrong?
-
@Benjamin-Hall said in WTF Bites:
As far as I can tell, if the img src is https it doesn't even fire the request. Doesn't show up in the network inspector at all. Not a trace. Just silently ignores it.
-
@TwelveBaud That's certainly a possibility.
@Bulb yes, that was exactly my reaction, plus a bunch of to some large power.
-
@Zerosquare said in WTF Bites:
Add a bit of Javascript that reloads the image using http if the https version fails to load (or just hardcode it to detect IE specifically)?
I don't like that CORS of action.
@Benjamin-Hall
What does your Content-Security-Policy header look like, and does your page have a<meta http-equiv="Content-Security-Policy">
? Maybe different browser have different preferences towards one or the other.This is a complete guess. It's been a while since I've done frontend, and I haven't actually had much experience with the wonders of cross-origin requests in any case.
-
INB "this is not a help thread".
-
@Zecc He didn't ask for help!
-
@Zecc I'd have to look it up. And my guess is that it's a total --this particular piece of code is...well...not modern in any way. It dates back to the earliest days, mostly unchanged.
-
@Benjamin-Hall said in WTF Bites:
IE and firefox for windows: will only load the image over http. Shows a broken image icon if https is used.
Sounds like a relevant certificate is missing.
-
@Benjamin-Hall said in WTF Bites:
IE and firefox for windows: will only load the image over http. Shows a broken image icon if https is used.
Sounds like a relevant certificate is missing.
Nope. Our site has a valid, non-self-signed certificate. And if google's api certificate were missing or invalid, IMX Chrome is much more likely to scream about such things and fail. Yet it merely says that it's going to automatically upgrade the connection to https if you connect via http, and has no complaint at all (neither does accessing the api directly, manually) on https.
And IE doesn't even make the request, as far as I can tell. Can't check the certificate if you don't even try to load the resource.
-
@Benjamin-Hall said in WTF Bites:
Can't check the certificate if you don't even try to load the resource.
-
@Benjamin-Hall said in WTF Bites:
And IE doesn't even make the request, as far as I can tell. Can't check the certificate if you don't even try to load the resource.
Unless the IE request log is so dumb that it does not log the request if it fails to connect. It would be dumb and insane and even I don't think it's that dumb, but it did fail a couple of sanity checks already, right?
-
@Zerosquare said in WTF Bites:
Add a bit of Javascript
-
@Benjamin-Hall said in WTF Bites:
And IE doesn't even make the request, as far as I can tell. Can't check the certificate if you don't even try to load the resource.
Unless the IE request log is so dumb that it does not log the request if it fails to connect. It would be dumb and insane and even I don't think it's that dumb, but it did fail a couple of sanity checks already, right?
It logged the 404s it got from a CDN issue (of course it made those even worse by prepending the local domain name, so something like
http://our.site.com//cdn.their.site.com/path/to/resource
, but the actual lookup fails even on chrome, as the CDN has changed the paths). So it's logging failures.My only thought is some kind of local policy that IE is using to decide it doesn't even need to make the request. Maybe something about cross-site requests?
-
@Benjamin-Hall I didn't say not logging failures, I said not logging if it fails to connect. First it establishes the TCP connection, then it establishes the encryption, and then it sends the http request over that. Logging 404s means it is logging failures in the last step, but it might still be failing to log the middle step. I don't think it's that dumb, but world sometimes likes to prove things are dumber than I think.
-
@Benjamin-Hall I didn't say not logging failures, I said not logging if it fails to connect. First it establishes the TCP connection, then it establishes the encryption, and then it sends the http request over that. Logging 404s means it is logging failures in the last step, but it might still be failing to log the middle step. I don't think it's that dumb, but world sometimes likes to prove things are dumber than I think.
Possibly. I'd consider that a HUGE , but IE is already not exactly free from such things, so...
As a note, IE is also the only one that considered the insecure request (that it would actually make) an error, rather than just a warning. Of course it would refuse to do any secure requests, so yeah.
-
@Zerosquare said in WTF Bites:
Add a bit of Javascript
What do you mean? JS makes thing tastier!
-
-
@TimeBandit More like...2015? So, in web terms, the Stone Age
But the earliest days of this project. All jQuery, Bootstrap, and spaghetti everywhere.
-
@TimeBandit said in WTF Bites:
@Benjamin-Hall said in WTF Bites:
It dates back to the earliest days, mostly unchanged.
[screenshot]
Woah, at least put a trigger warning!
-
-
@TimeBandit what is that shit, COBOL??
-
-
-
@TimeBandit said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
Google seems to think so.
Google knows too much
Quick! Fuck it into submission!
-
-
@HardwareGeek said in WTF Bites:
He's been mentioning fucking a lot lately.
Probably best not to bend over near him.
-
He's been mentioning fucking a lot lately.
Probably best not to bend over near him.
Nah, it's okay. He's just horsing around.
-
Probably best not to bend over near him.
I don't plan to do anything near him. AFAIK, I'm ~1500km from him, and I have no plans to reduce that distance.
-
@HardwareGeek said in WTF Bites:
He's been mentioning fucking a lot lately.
Have I? I don't believe the rate of fucking has increased any...
Probably best not to bend over near him.
You can be confident I can do nothing without two stage consent. Bending over is not enough, and sometimes I wish my bitches would understand that...
-
@Tsaukpaetra said in WTF Bites:
Have I? I don't believe the rate of fucking has increased any...
I think by "lately", @El_Heffe meant "since he joined WDTWTF".
-
@Zerosquare said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
Have I? I don't believe the rate of fucking has increased any...
I think by "lately", @El_Heffe meant "since he joined WDTWTF".
True. TDWTF is one of the first places I explicitly disabled Censor.
I'm not sure you'd be able to find any material posted by me prior with any explicit language...
-
@Zerosquare said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
Have I? I don't believe the rate of fucking has increased any...
I think by "lately", @El_Heffe meant "since he joined WDTWTF".
I actually just meant the last day or so.
-
It must be the mating season, then.
-
@Zerosquare said in WTF Bites:
It must be the mating season, then.
Don't you just hate it when the Pon Farr sub-routine goes on a rampage?
-
@Zerosquare said in WTF Bites:
It must be the mating season, then.
Don't you just hate it when the Pon Farr sub-routine goes on a rampage?
Has it been 7 years already? My how time flies.
-
@Zerosquare said in WTF Bites:
mating season
I remember some comic strip showing some extra-terrestrials in an UFO observing the transport of space shuttle
"Detected intelligent life on foreign planet. There seems to be mating season just now."
-
@Zerosquare said in WTF Bites:
It must be the mating season, then.
Don't you just hate it when the Pon Farr sub-routine goes on a rampage?
Has it been 7 years already? My how time flies.
....
....Oh fuck!
-
-
@Zerosquare said in WTF Bites:
@Tsaukpaetra said in WTF Bites:
Oh fuck!
You're doing it again!
-
-
Business leaders' attitudes towards digital innovation may also need updating, CISQ said, particularly when it comes to software. "Software quality lags behind other objectives in most organizations," said the report.
"That lack of primary attention to quality comes at a steep cost, which is revealed in this report. While organizations can monetize the business value of speed, they rarely measure the offsetting cost of poor quality."
Glad to see they acknowledge this, and it's not just "stupid programmers, always rushing things".
-
@Zerosquare The article appears to be void of any useful information though.
-
@Zerosquare The article appears to be void of any useful information though.
-
void of any useful information
The estimates of the cost of various blunders relative to salaries in the sector was interesting.
-
Special offer!
Also
You won't know if it works before you pay the full price, sucker
-
Trawling through the Swift (language) documentation as a refresher, this Note stood out to me:
The Swift standard library includes tuple comparison operators for tuples with fewer than seven elements. To compare tuples with seven or more elements, you must implement the comparison operators yourself.
If you have a tuple with 7+ elements...you're
-
And then this note (under Unicode support) which stood out more because it confirms how much of a cluster Unicode is, although I'm not vouching for Swift's implementation either.
Extended grapheme clusters can be composed of multiple Unicode scalars. This means that different characters—and different representations of the same character—can require different amounts of memory to store. Because of this, characters in Swift don’t each take up the same amount of memory within a string’s representation. As a result, the number of characters in a string can’t be calculated without iterating through the string to determine its extended grapheme cluster boundaries. If you are working with particularly long string values, be aware that the count property must iterate over the Unicode scalars in the entire string in order to determine the characters for that string.
The count of the characters returned by the count property isn’t always the same as the length property of an NSString that contains the same characters. The length of an NSString is based on the number of 16-bit code units within the string’s UTF-16 representation and not the number of Unicode extended grapheme clusters within the string.
Edit: Not sure if
String and character comparisons in Swift are not locale-sensitive.