"So you put me to sleep? Fuck that, I hibernated instead."
In Windows 10 there's "so you want me to stay asleep/hibernated? Fuck that, I have important things to do in the middle of the night".
"So you put me to sleep? Fuck that, I hibernated instead."
In Windows 10 there's "so you want me to stay asleep/hibernated? Fuck that, I have important things to do in the middle of the night".
Because OSX is better left observed from distance and not used.
@dkf said:
It could be worse. He could be rebooting that machine into a different OS in order to use some ancient nasty WinPrinter, and then booting back into Linux to run GitLab.
GitLab runs on the printer.
@Lorne_Kates said:
What the shaqfu is that?
Welcome to the AAA game industry, an unsustainable mess of terrible ideas driven by bad management. It's not the first, it won't be the last, at least until that segment finally implodes.
A curious thing appeared in my feed: it would seem Google is developing a new authentication method. It's supposed to "kill passwords". If that sounds suspiciously like "kill any semblance of security" to you, you'd be incredibly right!
So it's an API that decides whether you really are who you say you are, based on biometrics. But worry not, banks will require much higher trust score than games! And apparently some people want this to replace 2FA. You can see a handy chart from last year's conference showing estimated entropy of all this bullshit: whole 20 bits.
It "may prove to be ten-fold more secure than just a fingerprint sensor", because you know your security system is great when your selling point is being better than 4-digit PINs or fingerprints. Because people still don't understand that biometrics are usernames, not passwords.
This is probably the most brain-dead idea I've ever heard. And the worst thing is, there doesn't seem to be any way to disable this, so your account may be compromised even if you don't want to use it, because you know that neglecting the security of one of the most critical accounts is fairly important. And because this is Google project and it's an API and people are dumb, this is bound to be used elsewhere too (articles already mentioned that banks want to trial it, because of course, if there is anyone worse at security than Google it would be banks).
There's been reports of users being able to login to their accounts on brand new devices with silly questions like "what city do you login from the most". To be honest I don't really care whether they're true or not. This whole thing has literally no redeeming qualities whatsoever. This is what centralisation brings: morons in charge.
I'd say that this ruins privacy, too, but that ship has sailed a long time ago.
@Lorne_Kates said:
Upgrade page links to https://admin/upgrade
Where we're going, we won't need domains.
Or make ads that aren't multi-megabyte videos. You can create pretty effective ads with a couple KB of text.
And what's next, ads that aren't malware? Ridiculous.
Also, apparently people identify with dried fruit?
It's Tumblr. I'd be more surprised if they didn't.
Don't you think silently upgrading to a whole new OS with a whole new UI is the height of shitty UI?
My laptop (fucking VAIO) can't be upgraded from Win7, because the GPU is special and AMD drivers don't work with it, and Sony didn't bother updating theirs for Win8+. Will that stop the update? WHO KNOWS.
Theoretically, you're supposed to bookmark threads you want to keep coming back to, and use that instead of titles. But since profile page is so fucking slow, no one's using that.
If only browsers had a way to remember URLs you might want to revisit at some point.
WTH? I already read this thread, why is it being marked as new?!
You read the thread. This is the thread: director's cut.
@Yamikuronue said:
101 excels
I can barely handle one!
Operator-as-nameable-function or naming one-liners in general is not a terrible idea, as it can make some code using higher-order functions easier to read. Especially that long form lambdas in JS get really really noisy, and the short form is a relatively recent invention.
It is fairly silly to make a module per function, though. Not sure why that would be a selling point.
We currently have a massive perf problem with longer topics as we send down a list of all IDs of all replies in the topic, which can be enormous -- if the topic is 50k replies long, it includes 50k ids in a list in every request. Longer term we do plan to fix this, but restricting very long topics is something we need to do in the short term, unless there is a very good reason for a topic to have 50k replies, it should be avoided.
API design unnecessary, performance too hard. Commence workarounds.
I'm not convinced it's an actual problem.
Every user complaint means the thing is broken and needs to be changed. Always. Now make everything Comic Sans, the font is too sad.
@cartman82 said:
Signatures
I'd vote for burning. The minimalistic design with almost-white-on-white post separators somehow makes them even more annoying than usual.
In places like reddit, downvotes serve a real purpose. The system is designed to float subthreads with high scores above the ones with lots of downvotes, serving as a way to "sink" low quality content.
All that ever does is create echo chambers. Likes should only ever be a non-consequential counter. IOW reddit sucks.
IMO moderators should immediately hide the downvote button with some custom CSS. Also fix up the interface to move this upvote widget to the left side, where it belongs.
Yeah. There's no need for CSS workarounds though, there is a site setting to disable downvotes.
I miss selective quoting.Select and then use 'reply' instead of 'quote'.
(if nothing else, then for using Wt (a C++ framework) to serve my homepage).
Yes.
Nevertheless, do I really need to manually maintain a list of spiders that might run across my page?
Not if your code doesn't do silly things like the one you mentioned. Appending random query params is typically done to forcibly invalidate caches, but that's only necessary for aggressively cached static content, application-generated pages should just consume and generate proper cache headers.
There should be a public list of bots around somewhere, though.
Should I (temporarily?) blacklist Baiduspider and/or associated IPs?
They might drop the listing if the server stops responding. If it doesn't visibly strain your resources then it's not really necessary anyway.
Consider creating a sitemap and maybe disabling logging of those requests, though.
I do a lot of Python and this post is probably going to be long.
To start with, use Python 3.5. That is the newest official implementation from python.org (also known as CPython). Don't bother with alternative implementations or Python 2. Read the official tutorial, too, it's fairly good.
If my project is named Foo, what would be the path to file containing main() function, relative to repo's root directory?
I'd recommend going with this kind of basic structure:
repo/
<main package name>/
__init__.py
__main__.py
<other modules and packages>
setup.py
Names of packages follow the rules of Python identifiers: must start with underscore or letter, might contain only letters, numbers and underscores, can't be a keyword (see [url=https://docs.python.org/3.5/reference/lexical_analysis.html#identifiers]here[/url]). While it's possible to not have a single root package for everything, it eliminates the problem of name collisions, so it's worth doing (that's pretty universal though).
Python package is a directory that contains an __init__.py
file. This is a module that corresponds to the package name, so e.g.
# package/__init__.py
foo = 'bar'
# somewhere else
import package
print(package.foo)
Otherwise a module is any .py
file. You import nested things by using dot notation, so package/package2/module.py
is package.package2.module
.
If my project is named Foo, what would be the path to file containing main() function, relative to repo's root directory?
That's the __main__.py
in the main package. It should look like this:
def main():
pass
if __name__ == '__main__':
main()
Others explained what the if
means, but you want the __main__
module and a function for two things:
python -m package
and if you ZIP it, via python package.zip
)Plus it's a well-known location so it's easier for people to find your entry points.
* If I want to add module named bar which is all in a single file, where do I put it?
- If I want to add module named qux with a submodule quz, what files do I have to create and where?
As examples, bar.py
and qux/__init__.py
, qux/quz.py
.
Search path for modules is in sys.path
variable. This is determined by few things (you can change it from code, it's an ordinary list, or from environment by setting PYTHONPATH
), but you don't have to worry about it if you structure the project like this and write a proper setup.py
.
* What do I have to do to make the project installable (and uninstallable) via pip? Or is it a bad idea?
You need a setup.py
file that calls setuptools.setup()
. The most basic form looks like this:
from setuptools import setup, find_packages
package_name = '<main package name>'
packages = find_packages(include = [package_name, package_name + '.*'])
setup(
name = '<project name>',
version = '0.1.0',
packages = packages,
)
Then you can install the project in editable mode (that is, without copying the files, only making it a part of sys.path
without manually adjusting PYTHONPATH
, so you only have do it once) via pip install -e <repo>
.
You can use entry_points
argument to make use of that __main__
module like this:
setup(
...,
entry_points = {
'console_scripts': [
'<executable name> = <main project package>.__main__:main'
]
}
)
Then pip install
will generate wrapper executable that calls given function. This is not standalone though, it will still require full Python installation.
You can declare dependencies using install_requires
argument to setup()
, it takes a list. Dependencies are installed from [url=https://pypi.python.org/pypi]PyPI[/url], so search on there. You can also install directly from Git/Hg/SVN repos (you'll need the dependency_links
argument).
From other stuff I recommend using virtualenvs from the start: in Python 3.5 this is built-in, just do python -m venv <directory>
and it will create an isolated environment there. Then in shell use . <directory>/bin/activate
(*nixes), . <directory>/Scripts/Activate.ps1
(Windows, PowerShell) or <directory>/scripts/activate
(Windows, cmd). After that pip
will know what to do.
There's some more story to creating distributions and uploading them to PyPI, not sure if you need that at the moment.
You import them in your package's init.py
Note here: careful with this. Python executes scripts as it goes, and that's also true for imports. And modules are created before the code of the module starts executing (because the names have to go somewhere). Which has a nasty consequence of circular imports having rather unintuitive behaviour:
# a.py
import b
x = 42
# b.py
import a
print(a.x) # AttributeError, because import above returns an already-created but yet-unfilled module
Circular imports are otherwise fine, as long as the module code has a chance to execute to the end before it's imported (import
statements don't have to be at the top-level). But I'd avoid them if possible.
Hmm that could potentially work, but still I would need proof to believe it.
Optimisers are pretty good these days.
@boomzilla said:
OK, so that says you just use grunt. Well...how do I do that?
npm install -g grunt-cli
installs the entry point. The project should have grunt
and plugins in package.json, which all get installed with local npm install
. After that you run grunt <some-task>
and it reads the Gruntfile and does whatever.
Try not to touch or look at the Gruntfile too hard, though. It might not be good for your sanity. Also it might break everything.
Alternative answer: carefully.
As for whether websites should decay gracefully without javascript... I think we're moving out of the age of non-javascript websites now.
Maybe. Not a good thing, though. Vast majority of websites doesn't and shouldn't need 10MB of jabbascript to work properly. But no, we gotta make it 100% React because we have 3 XHR calls across the entire site, and infiniscrolls, and trying not forget to reimplement proper navigation, and other annoying bullshit that's worthless but trendy. I wish we went back to web 1.0. Or 0.9 even. I'd rather browse GeoCities than deal with this.
a decent SPA
@ben_lubar said:
For example, I can hit ^C on less and it'll stop waiting for disk, which wouldn't be possible if it ran IO on the UI thread.
Actually it would be, signals are interrupts: the process wakes up and drops whatever it's executing and switches to the signal handler (which is why you gotta be real careful with what you're doing in signal handlers). less
in particular has more complicated UI so maybe it does have a separate thread for that, but in general I/O can be interrupted just fine even on a single thread.
@Onyx said:
Feature request: add a "Stop helping!" checkbox to
"Helpful" software inevitably does everything wrong and can't be convinced to do it right.
You need ugly hacks like RAII in C++ because the language is broken and it doesn't have a proper try/finally construct.
One of the better code-structure inventions of recent years has been the using/try-with-resources of C# and Java.
The problem with that is they're not transitive, while RAII is (i.e. destruction of an object will always trigger a destruction of all of its members). And it removes the need for designing a disposed state for a type. Which can significantly reduce mistakes ("someone added a disposable thing to this disposable thing but forgot to update Dispose" etc). You can get around that (IoC or generating code or whatever) but RAII gives you that for free, and for all types.
You might not see anything wrong with manually maintained disposing code (it's certainly doesn't bother me most of the time due to not writing anything state-heavy), but calling RAII a hack is dumb. It's automation of correctness.
try/finally is not about resource management.
For vast majority of cases it is. For others it's just syntactic sugar.
Then why are memory leaks so common in released software written in C++? Must not be as magically simple as you claim.
Because people think like you and not use RAII.
The only good thing about it are sprintf and sscanf
Haha, no.
even when it ends up ugly as fuck because GTK.
Let me tell you about [url=http://aurora2.pentarch.org/]Aurora[/url], a 4X equivalent of Dwarf Fortress. Written in VB6, uses Access database for game data and saves, requires you to change system locale settings to work properly (because decimal or thousand separator matters) and outdoes EVE in "spreadsheets in space" department. And still a lot of people love it, and it spawned one of the longest-running LPs on SA (it's been like 3+ years and it's still going).
You really have nothing to worry about.
Re: micromanagment, one approach that might be worth considering is what (I think) Distant Worlds does: it has all the little knobs, but also an AI that manages them all for you if you want, so you can decide whether you want to control absolutely everything or focus on specific things.
@Lorne-Kates said:
Aren't favicons supposed to be heavily, heavily, heavily cached to reduce bandwidth?
The number overlay is not generated on the server, it's all done client-side.
If I had to run MediaWiki on that scale I'd want a lot of money, too.
I'm assuming your issue is with jQuery as well, or with XHR calls in general, or infiniscrolls, because none of that requires a SPA.
"Modern web" gripes in general. With SPAs in particular I've yet to see a thing where I'd be all "yeah this sure benefited from being SPA". Mostly because they usually fuck up navigation or some other thing that browsers already had. It reminds me of all-Flash sites.
Then why are they released?
I "release" (what's "released" anyway, just available on the internet, something that was already arbitrarily marked as 1.0, something that made a press release about releasing?) all things I'm not getting paid for because there is absolutely no reason not to. That's software that is either a) an experiment/research thing or b) something I made for myself for very specific thing (e.g. Git falls into that category as well; that's why it's "released" — it was made for the kernel developers for developing the kernel because alternatives did not cut it). And almost none of things have an ambition of becoming a "product", and I don't bother with the boring parts that aren't useful for me like GUIs and whatnot. How evil.
Because see, open source is not a development model. It's a philosophy. And it's about sharing code, nothing more, nothing less. Because even if it's not a neat 59.99€ ready-to-use-by-literally-everyone package, the bits and pieces of it are often useful to other developers. It's also why initial design is very rarely driven by usability studies and user surveys and whatnot: because the only user it's intended for is the developer themselves.
By all means call out big projects on not getting their shit together, but assuming any single open source project is striving to be that is a fundamental mistake. And telling people to not release their code is more harmful than the released code could ever be, even if the code is bad.
@LaoC said:
No, the operator precedence is like it is for a reason.
"Perl did it" only reinforces that it's a bad idea. :p
@dkf Feature request: change copy to "the [x] server is up to no good".
It's been reported a while ago, by the way. Just didn't get much attention: https://svn.boost.org/trac/boost/ticket/10483
C++11's is_sorted
is documented better, and it's pretty much the same implementation (also probably why Boost's is neglected), so you can use this as a reference: http://en.cppreference.com/w/cpp/algorithm/is_sorted / http://en.cppreference.com/w/cpp/concept/Compare
But on the other hand, PayPal and credit cards can also take money from your bank account if they want, so I guess it's not that different?
Credit cards have chargeback, and as far as I know PayPal can't get money from you other than by charging your card (if you want to do it by transfer, you have to do it yourself). If you share your account credentials and something goes wrong you might have hard time trying to get the money back from the bank.
IOW don't use this.
I'm entirely convinced that it's a joke.
It's been around for quite some time. People are bad at security.
Hosted software plans are not really directly comparable to raw infrastructure costs. Mostly because you need ops effort, which can be non-trivial, esp. with software like this. They also seem to be using their own hardware for the hosted plans, so that has a potential to perform far better than AWS instances.
Does that warrant 1000$/month plan, and for Discourse of all things? Probably not. But it's an offer aimed at probably large companies, so it's not really surprising.
Also note that nowhere do they mention backups of any kind.
Or availability SLA. Always a good sign when details like that are hidden behind 'give us your details, everything will be fine' forms.
How much do you think Let's Encrypt pay for SSL support?
Well, since that site uses COMODO-issued certificate and Discourse CDN, probably $20/month.
Ok, so it looks like it's insecure because it's popularized and doesn't have a formal environment for verifying code.
Heh, verifying code. It would be a good start if it didn't insist on keeping application code in the same tree as user uploads and client assets — you can change upload directory... but it's relative to wp-content which also contains themes and plugins... which contain both server and client code so they can't be moved away.
And getting PHP to only execute some of this and never touch anything else is a pain in the ass, because PHP is also developed by idiots. So if you're not careful it takes very little for RCE.
This may be a side effect of the corporate proxy that MITMs the fuck out of most SSL connections, but the certificate looks genuine for this one, which suggests it is whitelisted.
That's not an SSLv2 connection, it's TLS1.2 (and the certificate name says SHA2, not SSL2). Chrome disabled everything below TLSv1 ages ago. Microsoft servers don't support those either.
There are still web servers out there that accept SSLv2 connections?
Just like there exists software written by bad developers, there exist deployments maintained by bad sysops. Existing configs on ancient last-updated-in-1999 systems etc.
@Lorne_Kates said:
Actually-- does any forum software out there actually encrypt private messages in any way? Like even going so far as to generate a public/private key for each user? I guess that'd be pointless, now that I type it, since the private key would be saved on the same server as the message.
Not any I'm aware of, but half of these things can't even handle passwords properly, so...
For actual confidential data you really should be using vetted software like GPG, but this can be done without hassle of manual key management: you can store encrypted key on the server, and do all crypto on client side — Keybase can do that for example. Downside is that JS crypto is pretty new and untested, and you have to verify and trust the code your browser is running (which is harder than with real native things). Encryption with server-known key could be a layer of protection against leaks, but it doesn't affect the ability of site operators to look at the data.
That meta.horse thread is pretty ugh, but it just reinforces the idea that everything you put online that you did not encrypt yourself is public.
You don't need to setup AD to use group policy on a single computer. Just run gpedit.msc
. Relevant setting is in Local Group Policy > Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates
.
who the hell though this was a good idea/UX?
It's likely DRM, so no UX is by design.
You don't do much GUI work, do you?
Feel free to present examples of how fundamental finally
is in GUI code.
Status: trying to uninstall Illustrator. Clicked 'uninstall' in Programs/Features. Creative Cloud starts and asks me to accept new TOS. It then takes few minutes to update itself, and restarts. When it starts again it does not remember I wanted to uninstall Illustrator.
Bonus: shutting down Creative Cloud leaves behind some background crap running.