Hacking News
-
-
@MrL said in Hacking News:
@Applied-Mediocrity said in Hacking News:
@Bulb Let me tern this around, though, and ask: what better alternatives are there that you know to a sufficient degree of confidence aren't similarly neglected?
EditPad Pro
Is that the one that defaults to the tab key being 4 spaces being inserted and you have to select “use REAL tabs” in the options if you really want tab characters?
-
@cvi said in Hacking News:
@Bulb Wait until somebody starts fuzzing the various plugins for code completion and so on. I'd be expecting a massacre.
Some do, and it is a massacre, but
- The biggest issue is the javascript-compatidebile indexing: the text is transferred as utf-8, but indices are counted from utf-16 representation! Many of the language server implementations out there get that wrong—though it should really be argued that its the client that gets it wrong, because that indexing is absurd.
- Most of the language servers are written in garbage-collected languages, so while those bugs cause crashes/fatal exceptions, they are usually not exploitable for achieving anything worse.
That said, I'd be expecting that with more or less all editors, not just vim. VS-proper used to have a pile of intellisense/highlighting crashes, and although the obvious ones have been fixed, it'll still go haywire, corrupt its caches and similar, none of which is really a good sign.
Yeah, VS is a mess, and always has been. Dotнет is safe, so you don't have to pay close attention to synchronization, right? And Microsoft and QA always went together like life and arsenic.
-
@kazitor said in Hacking News:
@MrL said in Hacking News:
What's wrong with it?
I don’t speak %LANGUAGE%.
It's an unused subpage, shouldn't popup in searches.
@Arantor said in Hacking News:
@MrL said in Hacking News:
@Applied-Mediocrity said in Hacking News:
@Bulb Let me tern this around, though, and ask: what better alternatives are there that you know to a sufficient degree of confidence aren't similarly neglected?
EditPad Pro
Is that the one that defaults to the tab key being 4 spaces being inserted and you have to select “use REAL tabs” in the options if you really want tab characters?
No, that's VS Code.
-
-
@Applied-Mediocrity
could use a boxing glove
-
@MrL VS Code can’t be the one I’m thinking of that got installed to all the company servers where I worked in 2015.
That one came with a free bundle of malware in the installer that you had to explicitly disable during install.
-
@Arantor said in Hacking News:
@MrL VS Code can’t be the one I’m thinking of that got installed to all the company servers where I worked in 2015.
That one came with a free bundle of malware in the installer that you had to explicitly disable during install.
Notepad2? No idea really.
-
@MrL I could have sworn it was Edit-something, anyway. Don’t know, moved to Notepad++, brought everyone else along for the ride.
-
@Applied-Mediocrity said in Hacking News:
@Bulb said in Hacking News:
There is https://lapce.dev/.
Pre-alpha Stage
Get the fuck back into the shed you crawled out from and do it properly until it's done, you crap-sucking moron clowns!
Looks cute, though. Just like
VS Code AtomSublime they probablystolecopied from.
-
@Arantor said in Hacking News:
@MrL I could have sworn it was Edit-something, anyway. Don’t know, moved to Notepad++, brought everyone else along for the ride.
UltraEdit was a popular target for malware some time ago.
-
@MrL whichever one we had proliferated because it was free. The malware was funding development.
-
@topspin said in Hacking News:
Looks cute, though
I almost thought you said it about the chummer in the picture a couple posts up
-
@Arantor said in Hacking News:
@MrL said in Hacking News:
@Applied-Mediocrity said in Hacking News:
@Bulb Let me tern this around, though, and ask: what better alternatives are there that you know to a sufficient degree of confidence aren't similarly neglected?
EditPad Pro
Is that the one that defaults to the tab key being 4 spaces being inserted and you have to select “use REAL tabs” in the options if you really want tab characters?
That's a perfectly sane default.
Yes, in an ideal world, we wouldn't have tabs vs. spaces flame wars, because everyone would know the only true way is to indent with tabs and align with spaces. But outside of extremely ic BDSM communities like BSD kernels, good luck with that. As "people can't handle
the truthtabs" is a fact of life, dropping them completely in favor of spaces is the only workable approach.
-
@topspin it might be a sane default but not in a codebase that was already 75% tabs indentation before this happened…
-
@Arantor said in Hacking News:
@topspin it might be a sane default but not in a codebase that was already 75% tabs indentation before this happened…
If you can't check such a trivial setting in the options dialog, maybe you shouldn't be allowed to touch the code in the first place.
-
@Applied-Mediocrity said in Hacking News:
@topspin said in Hacking News:
Looks cute, though
I almost thought you said it about the chummer in the picture a couple posts up
I wouldn't want to insult you like that.
-
@topspin said in Hacking News:
@Arantor said in Hacking News:
@topspin it might be a sane default but not in a codebase that was already 75% tabs indentation before this happened…
If you can't check such a trivial setting in the options dialog, maybe you shouldn't be allowed to touch the code in the first place.
There was a reason I eventually pushed the offender out of the company.
-
@topspin Well played.
-
@Arantor said in Hacking News:
@topspin it might be a sane default but not in a codebase that was already 75% tabs indentation before this happened…
If it's a mix of tabs and spaces already, it really doesn't matter any more.
The argument for not making spaces the default is that tab and space are different keys for a reason; each one has its code point and I'd like to be able to rely on Space inserting a space and Tab inserting a tab by default unless I explicitly decide otherwise.
-
@Applied-Mediocrity said in Hacking News:
When someone discloses the problem, it's been a problem for quite some time already.
Not necessarily...
-
@topspin said in Hacking News:
If you can't check such a trivial setting in the options dialog, maybe you shouldn't be allowed to touch the code in the first place.
With a new editor, it seems going thru every option first is critical. Because we know that there are 542362434232523452623452134 different combinations of options that are "the perfect set" according to their user. (And I copy my
.vimrc
to every new machine)
-
@Bulb said in Hacking News:
Who said somewhere around here that their company no longer allows having notepad++ installed? Might actually be a founded decision after all.
Having read that it's going to be removed permanently from any servers my team own tomorrow.
-
-
@loopback0 said in Hacking News:
@Bulb said in Hacking News:
Who said somewhere around here that their company no longer allows having notepad++ installed? Might actually be a founded decision after all.
Having read that it's going to be removed permanently from any servers my team own tomorrow.
Can you elaborate for me why you made that decision? Is it primarily that it becomes an available pivot point if someone gets into the server? More the risk of people opening random crap with Notepad++? Just their overall security posture? I read through the original article and this subthread and didn't really get to the "this software can't be on servers" conclusion, and I'm curious if I mis-assessed the problem.
-
@boomzilla said in Hacking News:
front-page
-
@izzion said in Hacking News:
Can you elaborate for me why you made that decision?
It's not essential software, so rather than get shit from our vulnerability management team about it when the developer's done nothing about it for 4 months it's easier to just get it gone.
I'd deal with the shit if it was essential but it's not.@izzion said in Hacking News:
didn't really get to the "this software can't be on servers" conclusion
I only mentioned servers because the only computers that my team care about that it's installed on are servers. If people have it installed on anything else that's NMFP. The people who's problem it is are free to make a different decision.
-
@loopback0 said in Hacking News:
@izzion said in Hacking News:
Can you elaborate for me why you made that decision?
It's not essential software, so rather than get shit from our vulnerability management team about it when the developer's done nothing about it for 4 months it's easier to just get it gone.
I'd deal with the shit if it was essential but it's not.@izzion said in Hacking News:
didn't really get to the "this software can't be on servers" conclusion
I only mentioned servers because the only computers that my team care about that it's installed on are servers. If people have it installed on anything else that's NMFP. The people who's problem it is are free to make a different decision.
Thanks, I appreciate the response.
-
@Applied-Mediocrity said in Hacking News:
@Watson said in Hacking News:
No support either
Well, it is free, you know!
You become responsible, forever, for what you have released, you know.
Not if it says otherwise in the Sula!
-
@loopback0 said in Hacking News:
The people who's problem it is
-
Äpple OSes have to pätched ürgentzly because a manipuated image could lead to unwanted code execution; also the wallet app could be manipulated with a bad attachment:
-
@HardwareGeek said in Hacking News:
@loopback0 said in Hacking News:
The people who's problem it is
CVE 2023-0420
A exception can be triggered in @HardwareGeek by decieveing him into processing you're maliciously crafted message, leading occassionally to DOS. In principal, their should be no problem getting arbitrary goad execution using return-to-dict.com technics.
-
Nice and easy hack of a subcontractor for the Dutch Electoral Council.
Next-level rooting of a DJI drone
https://www.youtube.com/watch?v=LnXVXEq-Rzc
-
@LaoC is the font that page uses:
-
@boomzilla said in Hacking News:
@LaoC is the font that page uses:
Helvetica Neue—a tad thin but otherwise it looks fine here. Somehow your hinting is shit.
-
@LaoC hmm...yeah, looks fine in FF. Somehow Chrome fucks it up though.
-
@boomzilla I had it as broken in FF on work Windows earlier today, but now I double-checked on Linux FF at home and it looks fine here. And those should be both up-to-date FFs and settings are synchronized, so there shouldn't be much difference beyond which fonts are installed in the system.
-
@Bulb this is comparing two browsers on the same machine. Both claim Helvetica Neue, sans-serif.
-
@boomzilla said in Hacking News:
Chrome fucks it up
-
@HardwareGeek It is surprising, because both the browsers use the same freetype library (soversion 6).
-
@LaoC @boomzilla Looks flawed in both Chromish and Firefoxian browsers here (Windows 11) at 100% system scaling and 100% browser zoom. Looks improved after zooming to ~120%. Presumably the same would be true for system scaling, but I don't feel like messing with that right now.
Someone should give their designers a 1366x768 netbook to test on.
-
@Parody said in Hacking News:
@LaoC @boomzilla Looks flawed in both Chromish and Firefoxian browsers here (Windows 11) at 100% system scaling and 100% browser zoom. Looks improved after zooming to ~120%. Presumably the same would be true for system scaling, but I don't feel like messing with that right now.
Someone should give their designers a 1366x768 netbook to test on.
I'm all for torturing designers, but a 1366x768 netbook running Windows is a bit harsh.
Although @boomzilla is probably using Linux, too? The site don't seem to use any custom fonts so it probably depends more on what your browser ends up choosing. I don't get any of those uneven character heights even at 50% zoom, FF or Cr:
That's Noto Sans on FF and Liberation Sans on Cr.
-
@Parody said in Hacking News:
@LaoC @boomzilla Looks flawed in both Chromish and Firefoxian browsers here (Windows 11) at 100% system scaling and 100% browser zoom. Looks improved after zooming to ~120%. Presumably the same would be true for system scaling, but I don't feel like messing with that right now.
Same here with Firefox and Edge on W11.
Removing thefont-weight
property in dev tools also makes the letters appear correctly
-
@LaoC said in Hacking News:
The site don't seem to use any custom fonts
It's using Helvetica Neue, which depending on where they sourced it from and what combination of things you block may or may not render correctly.
Web fonts are fucking awful and so many people just want to 'use Google Fonts, make it their problem'... FUCK NO. If you're going to force people to read a site using your mandated corporate font, at least have the decency to serve it your goddamn self.
-
@LaoC said in Hacking News:
I'm all for torturing designers, but a 1366x768 netbook running Windows is a bit harsh.
Up until the pandemic it was still the most common resolution seen on the web. (The numbers tipped over to 1920x1080 during the year before, IIRC.)
Just getting them off their (ugh) Retina displays and testing on something without scaling would be fine.
@LaoC said in Hacking News:
The site don't seem to use any custom fonts so it probably depends more on what your browser ends up choosing.
Here it downloads 8 fonts, some of which are various weights of Helvetica Neue. (Thin ones.)
My desktop actually has a bunch of variations of Helvetica Neue installed. No reason to use those and save a bit of bandwidth these days, though. Data is unlimited!
-
@Arantor isn’t the point of that at least partly so that you get caching instead of downloading 10MB of fonts for every site to read 2KB of text?
-
@topspin said in Hacking News:
@Arantor isn’t the point of that at least partly so that you get caching instead of downloading 10MB of fonts for every site to read 2KB of text?
To a point, yes, though in practice I don't believe this happens nearly as much as the advocates claim it does.
In any case, maybe if you saw how much shit was being loaded from your server, you'd be inclined to optimise it down. I've seen people pull in a multi MB font just for stylising the logo on the page, as opposed to making it an SVG.
-
@Arantor said in Hacking News:
as opposed to making it an SVG.
Would you happen to know why ‘icon fonts’ took off when their use case would seemingly be well-served by SVG, despite the XMLitude of it all?
I saw something that icon fonts aren’t even well-optimised, typically encoding things on a grid 2000 units across for what amounts to just a few boxes and circles.
-
@kazitor mostly because compared to images, icon fonts are generally more efficient, not to mention easier to drive with a build process where you dump your SVGs in a folder and have a build process spit out a set of font files (EOT, TTF, WOFF whatever) and spit out a Sass template to make the CSS easy to use.
Even with the likes of WebP, image sprites are a pain to set up while icon fonts are not, icon fonts can really scale nicely compared to icon images (even on high DPI setups) and ever since flat was the design trend, you don’t even need to worry about icons having multiple colours!
It’s always been the case that drawing fonts on large grids was a thing (ISTR the average TrueType was typically designed at 720pt) but it costs basically nothing more to draw 2000px than it does 20px in a vector image because you’re just describing the coordinates of lines and shapes.
-
@LaoC said in Hacking News:
@Parody said in Hacking News:
@LaoC @boomzilla Looks flawed in both Chromish and Firefoxian browsers here (Windows 11) at 100% system scaling and 100% browser zoom. Looks improved after zooming to ~120%. Presumably the same would be true for system scaling, but I don't feel like messing with that right now.
Someone should give their designers a 1366x768 netbook to test on.
I'm all for torturing designers, but a 1366x768 netbook running Windows is a bit harsh.
Although @boomzilla is probably using Linux, too? The site don't seem to use any custom fonts so it probably depends more on what your browser ends up choosing. I don't get any of those uneven character heights even at 50% zoom, FF or Cr:
That's Noto Sans on FF and Liberation Sans on Cr.Yes, Linux. Chrome finally figures it out at 150%. Err...mostly. Still a few weird sizes.