@ben_lubar said in Holy shit, they found him alive!:
I would like to make an announcement:
Because this thread is not in Look at Me! the OP does not decide the rules.
And when was that policy enacted?
@ben_lubar said in Holy shit, they found him alive!:
I would like to make an announcement:
Because this thread is not in Look at Me! the OP does not decide the rules.
And when was that policy enacted?
@kt_ said in Holy shit, they found him alive!:
@Vaire said in Holy shit, they found him alive!:
@antiquarian said in Holy shit, they found him alive!:
@Vaire said in Holy shit, they found him alive!:
Maybe mom, as I would bet money it was dad's idea, but I would want to interview them extensively before I let mom have custody again, and dad would have to stay away =_=
THAT'S SEXIST!!!!
No, that is experience. Nine times out of ten, the male has the anger management issues. Sometimes it is the female, but usually it is the male. As I said though, I would want to interview them first though, before coming to conclusions.
I get this feeling recently, that you'd like to interview everybody …
If kids are involved, and I was in charge of the universe, sure.
@TimeBandit said in Holy shit, they found him alive!:
@Vaire said in Holy shit, they found him alive!:
Nine times out of ten, the male has the anger management issues.
That's even more sexist ;)
@antiquarian said in Holy shit, they found him alive!:
@Vaire said in Holy shit, they found him alive!:
No, that is experience. Nine times out of ten, the male has the anger management issues. Sometimes it is the female, but usually it is the male. As I said though, I would want to interview them first though, before coming to conclusions.
I was (obviously) not suggesting that I do the interviews myself
@antiquarian said in Holy shit, they found him alive!:
@Vaire said in Holy shit, they found him alive!:
Maybe mom, as I would bet money it was dad's idea, but I would want to interview them extensively before I let mom have custody again, and dad would have to stay away =_=
THAT'S SEXIST!!!!
No, that is experience. Nine times out of ten, the male has the anger management issues. Sometimes it is the female, but usually it is the male. As I said though, I would want to interview them first though, before coming to conclusions.
@antiquarian said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@Vaire said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
I have said it before, and I will say it again, in an ideal world most people shouldn't be allowed anywhere near a computer without passing a basic knowledge test.
EVERYONE WHO WANTS TO SHOULD BE ABLE TO USE A COMPUTER AND YOU'RE A HORRIBLE PERSON FOR SAYING OTHERWISE! ( @blakeyrat , did I do that right?)
@tufty said in Holy shit, they found him alive!:
So what? There's too many of them already.
Ok, seriously, get the fuck out of my thread you bigot. @mods remove this waste of oxygen please.
@blakeyrat said in Holy shit, they found him alive!:
@Vaire He's a Japanese kid, he'll just commit suicide in a slightly different forest in another 6-7 years.
Dude ... seriously? Come on, he's a kid =_=
@Magus said in Holy shit, they found him alive!:
@Vaire Wow, my friend told me about that a day or two ago, and I was amazed that someone would do a punishment like that, but #japan. Glad he's alright!
That poor boy is going to be traumatized for life. I can't even imagine being 7 and being left behind as my parents drove away. 7 years don't understand a lot of things. He had to be terrified. The parents absolutely shouldn't get him back. Maybe mom, as I would bet money it was dad's idea, but I would want to interview them extensively before I let mom have custody again, and dad would have to stay away =_=
@error said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@Vaire I think I can top it.
I briefly did temp work for company. I found a Jet (i.e. Access) database file in the publicly accessible webroot containing all of their employee HR information. It had no password on it. All you needed was the URL.
I informed management of what I found and attempted to communicate what a terrible idea it was (including possible legal liability), but took no action.
I have said it before, and I will say it again, in an ideal world most people shouldn't be allowed anywhere near a computer without passing a basic knowledge test.
Instead, somehow, the people making the decisions about what is and isn't allowed tend to be the worst offenders [sigh]
I thought for sure he was gone, and that the parents were probably guilty. I cannot believe they found him alive. The JGSDF are freaking heros!
Paging @Magus and @WPT
彼らはたのおかやまとさんを見つけました!信じられない奇跡!ぼくはとても幸せです!
信じられない!素晴らしいです!
http://www.japantoday.com/category/national/view/missing-hokkaido-boy-found-safe
@accalia said in Idiots make their build process reliant on someone else's server, bitch when it goes down:
@error said in Idiots make their build process reliant on someone else's server, bitch when it goes down:
It's not the size that matters; it's how you use it!
said by hundreds of thousands of size deficient males the world over.
rofl
ouch, @accalia , chu be mean today o_O
@blakeyrat said in Idiots make their build process reliant on someone else's server, bitch when it goes down:
The repo holding Docker went down for a few hours.
Turns out a bunch of stupid morons have build processes that re-download Docker every goddamned time they build, and it got them all gummed up, and now they're bitching about it on GitHub.
Example comment:
Docker repo maintainers. You need:
Automatic testing on changes
Healthcheck of your repo
basically monitoring and alarmsI hope this never happens again. Docker was causing production test and deployment issues here (on TravisCI) with this although I'm not using a single Docker container in production.
So you're the moron who set up your continuous integration server to rely on a package you don't even use, but let's give Docker advice on how to run their shit. Because obviously you're the expert master genius man.
I never knew Docker was a 2 tier organisation where the user base is split between the haves and have nots. Surly installing docker is global concern for everyone using the software and therefore the support that "commercial" people get should also apply to the community. A paid tier to an organisation is a good way to make money but that should go beyond basics, like being able to install your software.
Waaah! People who pay them money get better support! Waaah!
I love you blakey <3
In summary:
Hipsters who don't know how to code have setup their automatic lego snapper-together machine to ask a lego vendor to send them new legos every time they want to run, and sometimes that vendor doesn't work.
Schadenfreude meter's needle... buried!
@dkf said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@Vaire said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
Yes, I implement it with the bcrypt algorithm, specifically because it is expensive.
The only downside of using bcrypt is that it forces you to work with sessions, which in turn complicates the design of any API clients (since they have to deal with session refresh and shit like that).
What would you use instead, in that scenario?
@error said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@Vaire said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@oldcoder
just checking in here to make sure my best practices are up to date...
Last time I read the white papers of this subject, best practice was:
-1-way hash things like passwords
-use a random salt for each hash
-use a true random number generator (as best as can be used in language of choice) to generate the salt
-store the salt along with the passwords, to allow for comparison of input passwords
-thus rendering rainbow tables useless, while avoiding the issue of having a single salt stored somewhere which, if found, allows rainbow tables to work.My info up to date?
Almost. Generally you want to use an expensive algorithm like bcrypt. That one can scale the cost of calculating the hash arbitrarily (so as computational power increases, so does the cost computing hashes).
Oh, yes, I forgot to mention that. Yes, I implement it with the bcrypt algorithm, specifically because it is expensive. Sorry, forgot to say that :(
@Lorne-Kates said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@cheong said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
@Polygeekery said in Scrum.org hacked and they stored encrypted passwords along with the key! WTF?!:
You obviously don't have to deal with government websites. Our state websites that are used to access and pay payroll and sales taxes both will send you your password instead of a reset link.
True story. I wish I were joking.
I've done a few websites that the "user" side insist we have feature to send password back in "Forgot password" link instead of just send a password reset link.
Spent half days trying to persuade them this is bad but no use.
I've had to do that, too. I just explain it to them a few times, state in no uncertain terms it's a bad idea and horrible security, then get them to sign a waiver of liability.
STORY TIME!
Yup, been there. Last place I worked at, it was hilarious. They were storing the password for their users for their open-internet accessible website in their database via a 1-way hash (obviously SOMEONE, at some time, knew what they were doing), BUT they were also storing the SAME GOD DAMN PASSWORD in CLEARTEXT in the SAME table, in the column right NEXT TO the hashed version.
When I discovered that and lurched gibbering into the office of the "managing developer" to ask about it (I had assumed it was either malicious, or somehow had been a Dev feature someone had forgotten to remove. I wanted to kill it ASAP for security reasons, and then force a password reset of all the users immediately), he stared at be blankly and told me that was a
"feature" they had always had built into the system.
He explained (like I was the one who was confused), that the password in cleartext was not linked to anything in their application, and the only way to see it was to have access to the database itself. He said they used it to be able to tell their users what their passwords were, when they called in confused (their users were idiots -- involved with government, and generally older, that is all I will say).
I countered that it was WILDLY insecure, and that they were one data breach away from disaster. I stated in no uncertain terms that I WOULD NOT be responsible for it, and would require them to sign a release of liability if they insisted on keeping it that way. I then proposed that I kill that column, and force the password reset while at the same time implementing a "reset your password" function. They flatly refused.
It escalated into a meeting with myself, the manager, my HR rep, the senior HR rep, and the CEO of the company (wasn't a large company), and their lawyer. Where they, I shit you not, gave me my signed release of liability. I still can't believe they did it.
Needless to say, I started looking for my next gig while that was going on, and quit about a week later, and ran away like my ass was on fire. I would bet cash money that the column is still there, and easily accessible if anyone breaches them
@oldcoder
just checking in here to make sure my best practices are up to date...
Last time I read the white papers of this subject, best practice was:
-1-way hash things like passwords
-use a random salt for each hash
-use a true random number generator (as best as can be used in language of choice) to generate the salt
-store the salt along with the passwords, to allow for comparison of input passwords
-thus rendering rainbow tables useless, while avoiding the issue of having a single salt stored somewhere which, if found, allows rainbow tables to work.
My info up to date?
@boomzilla said in And now for something COMPLETELY random:
@Vaire What? I'm not the one with bad gramming.
@Magus said in In Which @Captain asks C# Beginner Questions:
@error it's still dwarfing the actual subject in a thread where someone needs help, with massive detailed descriptions of things no one cares about but you.
I care about JS ... deeply ... in the same sense that I care about a roach infestation, and want to kill it with fire. Does that count?
@boomzilla said in And now for something COMPLETELY random:
@Vaire said in And now for something COMPLETELY random:
where did the phrase, "had you ass handed to you," come from?
Ebonics?
no. Bad boomy :/
Etymology fascinates me, and the U.S. television show "The Big Bang Theory," has an episode that piqued my interest. The question was posed, where did the phrase, "had you ass handed to you," come from?
Discuss :D
@WPT said in Wow ... just wow...:
@Vaire said in Wow ... just wow...:
@Yamikuronue said in Wow ... just wow...:
@Vaire yeah yeah yeah, you're too cool for facebook and whatever.
The current UI only has liking as an action for pages, with various notification preferences under that. Events you can mark that you're "interested", which doesn't RSVP yes but does let you see things from the event feed on your feed, but for pages it's all likes.
I prefer to think of it as too evolved for Facebook ;)
I am addicted to a social network, but it is in all Japanese, so only @WPT and maybe @Magus would care about itI am too anti-social to be participating in social networks. The only reason I am keeping my facebook account alive is because I use that as an alternative for news feed. It is good to have noisy acquaintances all around the world spamming tech articles. ;)
It isn't a social network really, more of a chat platform.
僕にメッセージを送信します。僕が説明します。
@Tsaukpaetra said in Wow ... just wow...:
@Vaire said in Wow ... just wow...:
That sounds suspiciously like work
Nope, it's real easy, and it's not even a really busy thread (unlike some of them)...
I am afraid I am going to have to insist that @ben_lubar send me an engraved and monogrammed notice for each update. We of the royal set simply do not have the time for such frivolities such as monitoring a thread
@Tsaukpaetra said in Wow ... just wow...:
@Vaire said in Wow ... just wow...:
why am I always the last to know anything around here? =__=
Follow the NodeBB Updates thread, it helps.
That sounds suspiciously like work :(
@boomzilla said in Wow ... just wow...:
@Tsaukpaetra Dammit...you had to go and tell him.
http://shelovesmagazine.com/wp-content/uploads/2013/09/all-the-things.jpg
@Tsaukpaetra said in Wow ... just wow...:
@Tsaukpaetra said in Wow ... just wow...:
try
Seems fine, just keep it under 2 MB and I think you're fine.
[Sigh] ... why am I always the last to know anything around here? =__=
@Tsaukpaetra said in Wow ... just wow...:
@Vaire said in Wow ... just wow...:
I have no idea why it isn't animating.
I have no idea why people keep hotlinking things to imgur.
Nothing to do with .gif support when you're embedding another site's content...
Gif uploading doesn't work here, last I checked. Unless it was fixed and I wasn't told?
@Lorne-Kates said in Seriously, browsers? That's how autocomplete is supposed to work:
First, easy stuff:
@Kuro said in Seriously, browsers? That's how autocomplete is supposed to work:
INB4 people telling how it's morally wrong to disable autocomplete and how I am the bad one here
It is morally wrong to disable autocomplete and any dev that does that is a shitburger
@blakeyrat said in Seriously, browsers? That's how autocomplete is supposed to work:
Am I crazy, or is Mozilla?
Yes.
Okay, onto reply:
The only way to disable autocomplete completely is to use random-generated IDs and names on your form elements. But then you're bending over backwards to break a piece of functionality that your users want. And then you're a shitburger.
Or you could break the form in new and interesting ways, like poorly implementing a "placeholder" value inside the input element and using janky javascript to remove it onfocus. That always breaks shit, and makes you a shitburger for not knowing what a
<label>
is.
I love you <3
@boomzilla said in Wow ... just wow...:
@Vaire said in Wow ... just wow...:
I am addicted to a social network, but it is in all Japanese, so only @WPT and maybe @Magus would care about it
This sounds worse than anything a landlord could do to you.
http://i.imgur.com/nD4HkVt.gif
edit: I have no idea why it isn't animating.
@ben_lubar , I fucking hate the lack of gif support on this new platform!
@accalia said in In Which @Captain asks C# Beginner Questions:
@Vaire said in In Which @Captain asks C# Beginner Questions:
@accalia said in In Which @Captain asks C# Beginner Questions:
@Vaire said in In Which @Captain asks C# Beginner Questions:
@accalia said in In Which @Captain asks C# Beginner Questions:
@Vaire said in In Which @Captain asks C# Beginner Questions:
You got resharper on you?
i'v also got sharpie on me.
they make great semi-permanent tattoos.
I would be willing to ignore your use of resharper in exchange for a pony-tat
which pony?
Twilight Sparkle, of course!
@asdf said in In Which @Captain asks C# Beginner Questions:
@Vaire What's wrong with Resharper?
Nothing, I think it is rather unnecessary in VS 2012+, but mostly I just like poking @accalia
@accalia said in In Which @Captain asks C# Beginner Questions:
@Vaire said in In Which @Captain asks C# Beginner Questions:
@accalia said in In Which @Captain asks C# Beginner Questions:
@Vaire said in In Which @Captain asks C# Beginner Questions:
You got resharper on you?
i'v also got sharpie on me.
they make great semi-permanent tattoos.
I would be willing to ignore your use of resharper in exchange for a pony-tat
which pony?
Twilight Sparkle, of course!
@Yamikuronue said in Wow ... just wow...:
@Vaire yeah yeah yeah, you're too cool for facebook and whatever.
The current UI only has liking as an action for pages, with various notification preferences under that. Events you can mark that you're "interested", which doesn't RSVP yes but does let you see things from the event feed on your feed, but for pages it's all likes.
I prefer to think of it as too evolved for Facebook ;)
I am addicted to a social network, but it is in all Japanese, so only @WPT and maybe @Magus would care about it
@accalia said in In Which @Captain asks C# Beginner Questions:
@Vaire said in In Which @Captain asks C# Beginner Questions:
You got resharper on you?
i'v also got sharpie on me.
they make great semi-permanent tattoos.
I would be willing to ignore your use of resharper in exchange for a pony-tat
@Yamikuronue said in Wow ... just wow...:
@theBread said in Wow ... just wow...:
I could understand if it was a 'follow' instead of a 'like',
I believe they are the same for pages, aren't they?
Don't look at me. I know next to nothing about the internet abomination known as Facebook. Which, in yesteryear would have been known as "the sketchy bulletin board down by the docks where the creepy people hang out."
@accalia said in In Which @Captain asks C# Beginner Questions:
@Captain said in In Which @Captain asks C# Beginner Questions:
@accalia don't you ever forget to type a comma and then have to go item by item in a long list until you find which item was missing it?
nah. resharper's got my back on that one. tells me right where it is.
also vs itself will, as will the various lint tools i use for various languages.
You got resharper on you? Eww. You know that shizz don't wash off, right?
@Captain said in In Which @Captain asks C# Beginner Questions:
@JBert Fixity just means "position of an operator relative to its arguments". So, typical functional notation uses fixity like
f x
to apply the functionf
tox
. "Comma fixity" is a term I just made up to distinguish between:list = [ theFirst, theSecond, theThird ]
and
list = [ theFirst , theSecond , theThird ]
The point being, C# doesn't care which I type. (I prefer the latter notation)
I also prefer that format. I picked it up from SQL stuff.
[waves] Hiiiii @accalia
@Captain said in In Which @Captain asks C# Beginner Questions:
I didn't know C# doesn't care about comma-fixity. I like that. A lot.
Yeeeees.
Yeeeeeeeees.
You want this ... don't you?
Join us!
One of us! One of us! One of us! :D
@Vaire Things known about Lon:
Spent time in London as a homestay, hence the name.
Sings songs on niconico.
Has songs on a trap album.
Lon videos often sit above arguments in the comments over whether Lon is male or female.
So Lon is All? :D
Have some Lon. Who is Lon, you ask? Someone who started posting videos of themself singing to songs on niconico douga years ago. Which is about all anyone knows.
Interesting. She has a pretty voice, but the songs aren't really my speed. She would be pleasant to listen to as passive background music though ;)
Speaking as a proud non-owner of a facebook account, I wonder what those fuckers would tell me when I told them to go screw themselves?
Also doubly funny, you CANNOT add an addendum to an executed contract ex post facto. You could add the addendum during the next lease renewal, and to all new leases though. And I would line-out that sumbitch. It would be a deal breaker.
I suppose they could ask their tenants to open negotiations into a new lease to take the place of the existing one. But the tenants would have to agree to that. I suppose if it was me, if those fuckers offered me something for it (-$100/mo off rent, every month, for the length of the lease), I would be willing to create a fake facebook account, and friend them. I would delete it, as soon as I moved though, and in the meantime I would create 5 additional accounts to roast them with, and I would negatively review them everywhere, while looking for a new place to live, naturally.
Social media ... I have said it before, and I will say it again ... fuck it. It is the hive of scum and villainy of the internet, mostly populated by morons and fools.
Filed under: InB4 Vaire is always so negative!!!11!oneoneone
@accalia said in Recommendations for incremental backup tool for Windows:
@Gurth i use crash plan for my file backups.
https://www.code42.com/crashplan/
restore speed isn't phenomenal, but the price is good, and i already have everything truly irreplaceable backed up in multiple places, including a set of printouts in a safe deposit box.
it does a good job, i've got 500GB of data backed up to it now, and when i run a file restore test about once a quarter it always does so flawlessly.
+1 for CrashPlan, it's what I use.
@Grunnen said in Hipster your SQL!:
@dkf said in Hipster your SQL!:
@Onyx said in Hipster your SQL!:
A NodeJS module that does emulated prepares on SQL queries. Using mustache notation. Because why not?
The documentation (such as it is) says that the
{{foobar}}
notation is escaped by mysql. Escaped.It looks like it just provides another notation for node-mysql. And that module has issue reports like true server-side Prepared Statements, with very interesting discussions:
efuquen commented on 22 Feb 2013
So there is event more issues then security with this, which regardless should obviously be the most important reason for implementing this. (..)dresende commented on 22 Feb 2013
I think everyone is convinced but none of us is payed to do it. (..)dresende closed this on 22 Feb 2013
cblage commented on 22 Feb 2013
Why are you closing this issue? You don't think not supporting prepared statements is an issue?felixge reopened this on 7 Mar 2013
And apparently it is still not solved.
That is a perfect line-o-code sample of everything that is wrong with open source everything
@Onyx said in Hipster your SQL!:
@Vaire Your righteous indignation is always welcome.
Hipsters: I have hand crafted this new take on old ways--
Me: My lawn...
Hipsters: --it is a beautiful representation of what technology could be, if we just take a step back, take a deep breath, and let love into our wor--
Me: GET OFF IT! (╯°□°)╯︵ ┻━┻
@dkf said in Hipster your SQL!:
@Onyx I checked the source; I'm not sure if it is doing the right thing or not. The code delegates virtually everything to other libraries; the princess is in another castle…
I have decided this thread is my new happy place today. I shall setup shop here today. :D
@DogsB said in Hipster your SQL!:
@Onyx said in Hipster your SQL!:
@DogsB
E_TOPHAT_NOT_FOUND
http://i.imgur.com/PoJcqEF.png
Better?
@Onyx said in Hipster your SQL!:
A NodeJS module that does emulated prepares on SQL queries. Using mustache notation. Because why not?
WHY THE FUCK IS THIS EVEN A THING?
Because hipsters would rather fuck around with bullshit projects that are "cool" rather than do real work. They don't strike me so much as interested in working as developers/programmers/engineers (whatever you want to call them), so much as doing whatever the fuck they want in their chosen space, and expecting to get paid for it.
Putting mustaches on things instead of working? Sure! Why not?! Reinvent the same damn shit that has already been solved a million times, but this time in JS/Node? Of course! Can't use any of that Business/Enterprise stuff, now can we? That would mean one had sold out/stopped being "true to oneself"/a special fucking snowflake.
One day ... one day I will let them promote me to manager. On that day, the hipsters should feel a MASSIVE disturbance in the Force. Because they will BE the millions of voices suddenly crying out in terror, soon to be silenced into the parking lot with a box of their shit, and a surprised look on their faces.
What? Too much? o_O Sorry, need more coffee :D
@Lorne-Kates said in Mouse and Keyboard: And never the twain shall meet (aka: fuck you Microsoft's UX team):
@Medinoc said in Mouse and Keyboard: And never the twain shall meet (aka: fuck you Microsoft's UX team):
It's that goddamned option invented to avoid scaring computer-illiterate people with underlined letters.
It's goddamn VISUAL STUDIO! You can't get more computer literate than that. You're literally PROGRAMMING COMPUTERS! (inb4 hur hur visual basic).
"Hide underlined letters until I press ALT"
Will check when I'm at work tomorrow.
@Medinoc said in Mouse and Keyboard: And never the twain shall meet (aka: fuck you Microsoft's UX team):
Edited to add: Implementation-wise, I guess menus and controls call SystemParametersInfo(SPI_GETKEYBOARDCUES) and if set, they pass the DT_HIDEPREFIX flag to the DrawText() function. Well, except when some keyboard navigation is taking place. I wonder how they determine that, though... (Edit2: I found how. Thanks Raymond!)
PS: Oh, and additional WTF: The documentation of DrawText does not underline the "normal" text properly in its examples.FFS
Got some nice Friday reading lined up.