@BernieTheBernie said in Google’s .zip:
Beyond that also:
.htm
,.php
,.asp
,.aspx
...
that will be fun
Next thing you know someone is going to create .pl
!
@BernieTheBernie said in Google’s .zip:
Beyond that also:
.htm
,.php
,.asp
,.aspx
...
that will be fun
Next thing you know someone is going to create .pl
!
@Steve_The_Cynic said in Azure bites:
standards for both C and C++ that all names with a double-underscore anywhere and/or an initial single underscore followed by a capital letter are reserved by the implementation for its own purposes.
Not quite. The "double-underscore anywhere" thing is only true in C++. In C, __
is only reserved at the start of identifiers.
@topspin said in Reddit doesn't want you stealing their new warning:
Easier way: uncheck the box.
Even easier way: Use shift-rightclick. That gives me the default browser context menu.
WTF: NodeBB l10n.
VOR 2 MONATEN LATER
Well, "vor 2 Monaten" is German for "2 months ago". The word "later" does not exist in German; it's just left untranslated from English.
Taken together that means German visitors see time skips as e.g. "2 months ago [later]" with the latter being in the wrong language. The correct translation would have been "2 Monate später".
WTF: Microsoft l10n.
The button is labeled "Updatedefinitionen", which means "definitions of (the/an) update". That's slightly weird because usually buttons represent actions, so they're labeled with verbs, not nouns. The label makes it sound like the button would take you to a list of definitions, like a link.
What happened here is that there was an English button labeled "Update definitions" (intended to be read as a command: go and update the definitions), but the translator thought it was a compound noun and translated it accordingly, without taking context into account. A correct translation would be "Definitionen aktualisieren" ("aktualisieren" being a verb meaning "to update").
You can even see traces of this in the "Tipp" paragraph at the bottom:
Zudem können Sie sie jederzeit manuell aktualisieren, indem Sie auf "Aktualisieren" klicken.
English: In addition you can update them manually at any time by clicking on "Aktualisieren" [= Update].
Of course there is no "Aktualisieren" on the actual button, making the whole thing even more confusing.
In conclusion, Microsoft translates interface elements not just without paying attention to the context they appear in, but without even making sure they are consistent with each other on a single screen.
WTF of my day: I can no longer read this thread without creating an account and logging in.
@dkf I'd probably go for a parameterized type a la Tainted<String>
. That way you could in principle have distinct Tainted<List<T>>
, List<Tainted<T>>
, or even Tainted<Love<Tainted<T>>>
.
Of course, then you'd have to figure out what Tainted<Tainted<T>>
means, so maybe not.
Back in 1996 they've apparently implemented tainting for JavaScript in Netscape and included it as experimental option (off by default) in version 3.0. But they've long since dropped it again.
Why is it that this fairly useful validation check never made it to most languages?
You made me curious so I did some digging. The first occurrence of tainting I can find is in the 1989 release of Perl 3.0, where it was enabled automatically in setuid scripts. See the perl.man.4
file in the repository. From there it was extended and made generally available in the form of the -T
command line switch in the 1994 release of Perl 5.0. See pod/perlrun.pod
. From there it seems to have been copied to JavaScript (along with a surprising number of other features).
I would argue that a good static type system and interfaces that make use of the type system eliminate the need for a special "taint" feature. For example, you could have separate UnsafeString
and SafeString
types and all input functions would return UnsafeString
s. That way you could never accidentally pass unvalidated user input to system functions because the type checker would yell at you.
However, no one seems to do that, so a runtime check is better than nothing.
As for why they dropped it from Netscape, their approach was questionable:
Furthermore, tainting does not even absolutely prevent data from being sent where it shouldn't be; it only prevents it from automatically being sent there. Whenever an attempt to export data violates the tainting rules, the user will be prompted with a dialog box asking them whether the export should be allowed. If they so choose, they can allow the export.
... yeah, that sounds great. I know some browsers that implemented something similar for cookies and it sucked. Just bombard the user with pop-ups because we all know the user always knows what is safe and what isn't.
Everyone else probably never learned about taint mode because everybody knows that Perl has cooties and just studying it makes you go blind, or something.
FWIW, you don't need to do that in C and haven't for quite a long time now.
Did C ever really require that?
I know that before 1999 you had to put declarations at the beginning of a block, but was there ever a version of C where you couldn't just open a new nested block wherever?
@Steve_The_Cynic said in WTF Bites:
And this inference still survives in reasonably common usage in one place even in C++17, and probably C++20. There is no C/C++ type specifically called just unsigned. The compiler infers that you mean unsigned int.
Nor are there types called signed
, short
, long
, or long long
. These all use implicit int
.
(Bonus trivia: signed
is only mostly useless. Unlike with all other integer types, signed char
and char
are distinct types.)
@Applied-Mediocrity Thanks. TIL.
is the German localization of that command, however.
Here's the original documentation:
C:\>timeout /?
TIMEOUT [/T] Zeitlimit [/NOBREAK]
Beschreibung:
Dieses Dienstprogramm verwendet einen Zeitlimitparameter, so dass
der angegebene Zeitraum (in Sekunden) verstreicht oder eine Taste
gedrückt wird. Außerdem ignoriert der Befehl den Tastendruck durch
eine Parametereingabe.
Parameterliste:
/T Zeitlimit Bestimmt die Wartezeit in Sekunden.
Gültiger Bereich: -1 bis 99999 Sekunden.
/NOBREAK Ignoriert gedrückte Tasten und wartet laut
dem angegebenen Zeitraum.
/? Zeigt diese Hilfe an.
HINWEIS: Ein Zeitüberschreitungswert von -1 bedeutet, dass unendlich
lang auf einen Hauptprozess gewartet wird.
Beispiele:
TIMEOUT /?
TIMEOUT /T 10
TIMEOUT /T 300 /NOBREAK
TIMEOUT /T -1
My attempt at translating this back into English:
TIMEOUT [/T] time_limit [/NOBREAK]
Description:
This service program uses a time limit parameter, so that the
specified time span (in seconds) passes or a key is pressed. Aside
from that the command ignores the keypress through a parameter
input.
Parameter list:
/T time limit Determines the waiting time in seconds.
Valid range: -1 to 99999 seconds.
/NOBREAK Ignores pressed keys and waits, according
to the specified time span.
/? Displays this help.
NOTE: A time exceedance value of -1 means waiting infinitely long for
a main process.
Examples:
TIMEOUT /?
TIMEOUT /T 10
TIMEOUT /T 300 /NOBREAK
TIMEOUT /T -1
Ah, yes. I feel enlightened.
I presume you're talking about encoding, which ends up looking kind of like this:
int base64encode(byte * inbuf, size_t insz, char * outbuf, size_t outsz) {
Nit: inbuf
should be a pointer to const byte
.
if( (insz + 2)/3*4 + 1 > outsz ) {
Potential integer overflow in (insz + 2)/3*4 + 1
.
trace( "output buffer is only %zu bytes, %zu bytes needed to encode %zu bytes\n", outsz, (insz + 2)/3*4 + 1, insz ); return -1; } while( insz > 0 ) {
Uh oh. Due to insz
being an unsigned integer variable, this condition is equivalent to insz != 0
.
if( insz >= 3 ) { *outbuf[0] = enctab[ (inbuf[0] >> 2) & 0x3F ];
Type error: *outbuf[0]
should be outbuf[0]
.
// ... inbuf += 3; insz -= 3;
Bug: insz -= 3
can never go negative, only hueg. This will potentially loop forever (see "Uh oh" above).
outbuf += 4; outsz -= 4;
outsz
is written to but never read from.
@Tsaukpaetra said in WTF Bites:
@pie_flavor said in WTF Bites:
the side effect.
What side effect?
The side effect of ++x
is to increment the operand x
. If you just want to get "the next value after x", you can simply write x + 1
.
Another way to look at it is that
stallCountdown = ... ++stallCountdown ...;
modifies the same variable twice within the same statement, which is a code smell.
@djls45 But I only want to hail one world (singular): SALVE MVNDE
It's "hello world", not "hello worlds".
Look at your keyboard. How many character-typing keys with non-ASCII symbols do you see?
12: ^ ° 2 " ² 3 § ³ ß ? \ ´ ` ÷ × E € Ü Ö Ä M µ
If you include Tab (it has both a rightward and a leftward arrow symbol on it), 13. If you include the numpad, 16. (The 8462 keys type characters but also have arrow symbols on them. )
@Lorne-Kates said in Microsoft: IE fucked up everything and wasted untold billions of man-hours. Maybe don't use it anymore?:
Ah, right, Firefox extensions are now just glorified userscripts that rely on Javascript. Man, if only Firefox had some sort of Language that a User could Interface with-- maybe make it XML based for ease of use-- and then that could modify browser behavior rather than just page behavior.
At least for the Content-Disposition thing nothing much has changed. The add-on has no UI. In older Firefoxes it used to be a JS "component" and now it is a "web extension", but fundamentally it is the same thing: Run some startup code (called automatically by the browser), register a listener for HTTP response events, and modify stuff.
@PleegWat https://addons.mozilla.org/en-US/firefox/addon/bypass-forced-download/ removes Content-Disposition: attachment
from HTTP responses.
...but networkmanager said it's down. Not sure where the problem lies.
Networkmanager
. If your network is wired, there's really no reason to use it other than inertia.
Some software is evergreen. Networkmanager
is everbuggy, always in headscratching ways.
You all might be interested in this: https://github.com/GoogleCloudPlatform/container-diff
It gives you at least some idea of is inside a Docker image.
They've added online payment, but you still have to physically scan your card after "filling up"
That's probably not crazy. Scan the card with Farebot (or some other NFC farecard reader) and you'll probably see that the card stores "fare product" purchases. So you have to get the record of that fare product on to the card somehow.
@ben_lubar said in WTF Bites:
I've been wondering if we'll ever get to a point where computers don't turn off in the middle of a reboot and instead the kernel ... starts handing off things to the new version of the OS kernel until all the programs have transitioned (either by calling some application-defined function or by starting up a service on the new kernel and then doing a graceful shutdown on the old kernel) and then suddenly you're on the new version of your OS and nothing has actually stopped accepting input during that time.
Erlang has been something similar with its hot code loading for like a billion years.
For kernel updates, there are ksplice/kpatch/kgraft in the Linux world. I know that CRIU lets you migrate processes from one box to another, so you could maybe use it in combination with kexec to handle the situations where the live-kernel-patching methods can't update the kernel (because of kernel datastructure changes or whatever).
@masonwheeler said in What are graphics cards like these days?:
@bugmenot said in What are graphics cards like these days?:
it doesn't take a pro to do this
But when you're dating a pro (sort of; I'm a professional software developer, not a professional hardware builder but close enough) why not take advantage of it? :P
pshaw, the pro is there to confirm this approach is correct. Nobody is more reliable than google on random compatibility issues
@masonwheeler said in What are graphics cards like these days?:
picking one out.
well then just google {cpu model} {mobo model} {3d accelerator model} {issues | problems | crashing}, it doesn't take a pro to do this
@blakeyrat said in Re: How Windows broke my computer at 42 years old:
Like... even if you're not using the USB ports, what did you think you'd gain by turning them off entirely?
IIRC there had been a minor fuckup in the low-level way the USB interface presented itself to the OS, which could cause spurious memory corruptions in USB-unaware, previously unaffected OS's (and god knows how many DOS drivers!). So disabling the whole controller thing was a plausible action at the time. Can also explain why the Win98 driver could better handle the, back then, probable 'USB controller missing or disabled' case.
(DIsclaimer: I have never done something like this in real life, don't try this at work, yada yada)
@raceprouk said in Monolithic services vs. microservices: which is the least WTFy?:
We're looking into designing an all-new V2 version of our API, and I want to make it as streamlined and simple as I can possibly make it.
What is your data model? I guess it will change significantly until you design V3? What is it that may never change, so you can depend your design on it?
It's intended to be used both internally and externally
And how will you keep the internal access safe from external users? You MUST keep the code paths separate, at a degree - Your system will inevitably need blessed access. If you expose any, any call that is not expected to be called by end or middle users, to the Internet, then an internal call gets exposed to the Internet. Even if you decide to ruin yourself and add AWS instances, put them all inside a VPN !
, and I'm intending to go with a modular design, which will give me better control over access management and security. However, there's one question I need to answer before I get started actually designing this thing: should I design a single monolithic service, or a collection of microservices?
Why should you use microservices? What are microservices to you?
Not to mention all those disgusting sounding named tools that automatically pack everything and minify/compress it as a bonus, (but that is generated code), even if the language doesn't have it there are (non-standard) viable solutions still.
If you really wanted all the code in one file, there should be adequate support from the IDE to have:
All of the wtf points you accrue emulating multi-file support still offset the constant-scroll-athon that happens with current text editors and monitors on special files (btw: anyone using a vertical ultra-wide monitor, does it help any?)
edit: :nod: lost the markdown formatting on c&p, why?
@blakeyrat said in What are the benefits/drawbacks of keeping all the code in one file?:
you didn't really have much of a choice other than to put tons of script in one file.
There are many ways to split code, e.g. creating <script> tags on the fly to load any part of the codebase on the fly and on demand
Not to mention all those disgusting sounding named tools that automatically pack everything and minify/compress it as a bonus, (but that is generated code), even if the language doesn't have it there are (non-standard) viable solutions still.
If you really wanted all the code in one file, there should be adequate support from the IDE to have:
@marczellm said in Video rental stores:
I guess that means I need to connect my monitor with HDMI.
HDMI, DVI, and DisplayPort all can support HDCP. If you're using a VGA connector, you're probably SOL.
@tsaukpaetra said in Where did @fbmac go?:
@lorne-kates said in Where did @fbmac go?:
I bet fbmac deleted himself
I'll just have to let Google tell me his birthday, and see if he'll +1 me when I post wishes on his wall/page/whatever.
Hey, that information is PII
@captain said in Where did @fbmac go?:
Why do I suspect he's @whargarbl? And am I right?
No, @whargarbl isn't related to @fbmac
@heterodox said in I guess it could be worse. It could be phpBB.:
Pot, meet kettle:
DLL blocklist was unable to intercept AppInit DLLs
That's a Mozilla feature that prevents the loading of known-bad/buggy/troublesome DLLs. You can see the list of DLLs currently blocked and the justification for their inclusion on the list here: https://dxr.mozilla.org/mozilla-beta/source/mozglue/build/WindowsDllBlocklist.cpp#90
The initial rationale for the blocklist is mentioned in the description of this bug: https://bugzilla.mozilla.org/show_bug.cgi?id=524904
It seems like a very good thing to me.
Were you running a bleeding edge development version? This bug has a comment that contains a stacktrace that looks related to yours: https://bugzilla.mozilla.org/show_bug.cgi?id=1322554#c96 . The bug in the report was fixed in Firefox 55. The bug in comment 96 was fixed by backing out a buggy change commited into source control.
If there's some other cause for the error you ran into, then Google doesn't seem to know about it.
@heterodox said in I guess it could be worse. It could be phpBB.:
Have you tried reinstalling Windows? Do you use any anti-virus/anti-malware software? There must be something wrong with your machine/OS/CPU.
To be fair, antivirus software is typically shitty, buggy, and intrusive.
Hell, there's a long and robust tradition on Windows of software-that-runs-as-Administrator hooking into system DLLs and injecting their own -often buggy- code for no good reason at all. I'll give it a 1:100 chance that this is some shitty Pro Gamer L33t Full System Speed Enhanzzer!!!-type software poking its nose into places where it shouldn't.
@arantor I should have figured that MySQL would have lacked something fundamental that Postgres has supported since 2003. IPv6 has only been formalized since 1998... It's still brand new!
For years, plugin developers have assumed that IP addresses were always in the standard IPv4, 15-character format ... However, IPv6 has a much longer 39-character format that looks like this: 2001:0db8:85a3:0000:0000:8a2e:0370:7334 [and so Wordpress discards the data because IPv6 addresses are larger than expected].
TR is storing strongly-typed data (like IP addresses) as strings.
@anonymous234 said in Someone poked Blakey about Git again:
These are not things inherently caused by Git being a DVCS, they are simply because Git is doing something better than SVN.
I never said that these desirable features were because I was using a DVCS.
@anonymous234 said in Someone poked Blakey about Git again:
The obvious solution for everyone is to use a fast, centralized VCS that has local checkpoints (I think TFS calls that "shelving"?) and uses whichever algorithm Git uses for merges.
Why? How is that better than just using git as a faster SVN with nice history rewriting and real tags? What about git makes it unsuitable for this simple use case? And what about the locking features of the various git servers make it unsuitable for the case where you need file locking?
I used Visual SourceSafe (Safe? ha!) for a year or so. I used SVN for about five years. I've stuck with git for the past ~seven because once you get over the initial jargon and concept hump, it's by and large a good tool.
@masonwheeler said in Big list of software that cannot handle spaces or accents in paths:
Unless you have a "web-scale" distributed development project, you do not need DVCS, and the benefits (which were designed for massively distributed projects) aren't worth the additional hassle it brings.
None of my projects will ever be "web-scale", and yet I use git as the VCS for all of them. I don't need to use it (in the same sense that I don't need to use an optimizing compiler), but I do. Why?
If I regularly worked on huge repos, I'd miss SVN's sparse checkouts (though there's a actually a multi-step method to do just this that's begging to have some porcelain laid on top of it). If I regularly worked with files that were dreadfully difficult to merge, I'd miss file locking (though gitolite and other git servers offer file locking mechanisms with syntax no weirder than SVN's that is amenable to having some trivial porcelain laid on top of it).
@blakeyrat said in Big list of software that cannot handle spaces or accents in paths:
If your tool is the wrong tool for what a lot of its users are using it for, it's your responsibility ...to modify your tool to work as expected.
Oh. This is the time-honored Featureset-dictated-by-4chan Development Model! I remember that week in school. Our group project was to prove that every software ended up as a Turing-complete CP-spewing Photoshop clone that also functioned as a Tor exit node.
Good times.
@blakeyrat said in Big list of software that cannot handle spaces or accents in paths:
I'm talking about a company that absolutely needed to put binary files into their source control system and changes got stomped-over all the time because Git had no fucking file locking features that every other source control system had decades ago.
If a company stores data that needs to be stored in a relational database in MongoDB and later ends up with performance and data correctness problems because of their choice, does the fault lie with MongoDB for being asked to do what it cannot reasonably do, or with the people who used the wrong tool for the job?
(Before you retort with a "MongoDB is just web-scale garbage!" read and try to comprehend the three data safety analyses of Mongo at jepsen.io http://jepsen.io/analyses .)
@cark said in Big list of software that cannot handle spaces or accents in paths:
@dkf Rebase. I do it like 20 times a day
git reflog
is gonna blow your goddamn mind. It's a history of everything you've ever done to your local repo from now until the last time git gc
pruned old orphaned history. The default threshold for "old" is -I think- 14 days.
So, if you fuck up a rebase and didn't think to tag/branch before you started the rebase, you can poke through the output of git reflog
to get back to where you were before the error happened.
@CrazyEyes said in Linux user-facing software usability:
But, assuming you aren't using a DE or video playing software that is total ass, it really should not be a problem on modern distros to do something as simple as play a video.
As many people have asserted in this thread, it's not a problem to play a video on modern distros. Like I asked earlier, would anyone be surprised when an oddball, inexpertly stripped down version of WinCE failed to play video? No? But it's WINDOWS! Windows always plays video first time, every time! (I hope you see my point.)
I had to remove their stupid community nVidia driver, which was a useless piece of software that did not work at all...
Yep. That's nVidia's fault. They actively frustrate efforts to develop a Freely licensed driver.
(yes, they exist, and yes, you should always install the manufacturer's drivers if they are available)
Only if you're using nVidia hardware... because the open-source NV drivers are painstakingly reverse engineered, and generally don't work well (or at all, depending on the phase of the moon and other factors).
I also had to enter some interesting positional offsets in the nVidia configuration tool for X-Windows to get my multi-monitor setup to work
That's because the closed-source nVidia drivers are (on every axis other than AAA gaming 3D performance) garbage when compared to Team Blue or Team Red's open source drivers. This stuff Just Works(TM) at least as well as it does in Windows with all of the open source drivers. nVidia loves to reinvent the wheel in an incompatible manner and refuses to use really any of the officially supported methods of doing screen configuration.
Just say no to nVidia if you're planning to run Linux. Compared to the experience with Team Red or Team Blue, it's just an endless trail of heartache.
@blakeyrat said in Linux user-facing software usability:
The obvious solution is to make Linux driver development so easy that it takes only $2,000 or less to make a Linux driver for a Woozle.
If you send an accurate, complete spec sheet and a Woozle or two to the folks at the Linux Driver Project, some of their 400+ experienced Linux kernel devs will do the hard work for you and take care of ongoing maintenance. #itcantgeteasierthanthat
@asdf said in Linux user-facing software usability:
If you're using Windows 10 and hardware from this decade, you'll have the same experience most of the time.
I remember having that experience with Windows XP. Everything Just Worked, out of the box. And then -like six months later- I built a new PC that contained a NIC and drive controller that were both made after the XP disk was pressed and shipped. I had to go scrounging around for floppy disks to put the controller driver on so that the XP installer could load the appropriate driver so that it would actually work. And then after that was done, I had to burn a CD-R to get the NIC driver on the machine.
Those few W10 users who use the install media to do fresh installs have a good OOTB driver set now, but its coverage is almost certain to become more and more spotty as time presses on.
@Weng said in Linux user-facing software usability:
I think the actual ring is handled at the OS level, and the blocklist at the phone app level.
My point is that the phone app should be (effectively) running at the OS level... it's a fucking phone!
@dcon said in Linux user-facing software usability:
I get that. But then I'm lucky if I get 1 bar in my house.
I wish I could blame it on signal problems. Five bars 24/7.
@Weng said in Linux user-facing software usability:
Mine likes to do a half ring before it consults the block list...
That's awful. That's kinda worse than having the phone just ignore the block list and let the call through.
That reminds me: on my phone there's a 50% chance that the Phone App will take until the third ring to do the phone number -> contact name lookup and replace the phone number with the contact name.
I mean, I get that I have like thirty people in my address book, so one can't reasonably expect that operation to complete in less than 3000ms for a dataset of that size...
@anonymous234 said in Big list of software that cannot handle spaces or accents in paths:
Programmers should be able to change their programs' human interfaces without breaking other programs.
If the only interface to your program is its CLI, then your program's human and machine interface are one and the same.
And -let's be real here- there are humans out there that are no better at handling unexpected "workflow"-breaking CLI changes than machines.
@anonymous234 said in Linux user-facing software usability:
<rant>It's almost as if things become more complicated when they can do more things.
I've lost track of the number of times my "phone" has failed to remember that its first purpose in life is to be a fucking phone!
I get that it's a computer with a phone attached and that the phone features are handled by a Phone App... but whenever the phone hardware is on a call, I expect the computer to give crash priority to the Phone App. Kill every damn other thing running if you have to, just make sure the phone rings, the screen lights up, and you can actually take the call.
My phone rings on the last ring, sometimes never rings (and just tell me that I missed a call), or rings, displays the Call Answer UI, but is too busy with other things to let me interact with it until the call times out.
I get that a Nexus S is pretty old, but one day your phones will be pretty old, too. This shit is bananas.
[He was using] Banana Pi ... [and an] obscure distribution called Peppermint ... [but n]o matter what he did, no movie would play.
I ... grabbed my Windows 7 laptop... [and things Just Worked(TM).]
Would you expect any more success with an oddball credit-card sized computer running some stripped-down version of WinCE?
The failure's not a fault of Linux, it's the fault of an oddball distro (that's apparently not configured to actually play fucking media) running on oddball hardware. Video playback Just Works on mainstream distros running on full-sized hardware.
@Medinoc said in Big list of software that cannot handle spaces or accents in paths:
The hard part is that *n*x expects escaped spaces in command lines
You sure about that?
$ cat test.sh #!/bin/bash echo "\"$1\"" $ ./test.sh "hello there" "hello there" $ ./test.sh hello\ there "hello there" ./test.sh 'hello there' "hello there"
Space escaping looks like a requirement of the shell when you don't bother to enclose your space-containing words in a set of grouping characters. What am I missing?