YAML whitespace is cursed
YAML is cursed and shouldn’t exist. I will die on that hill, with either 4 whitespaces or a tab to back me up.
I’m with you on the white space thing. Spaces, especially multiples of spaces, should not have a programming function.
Python has entered the chat
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
what
This is how someone cracked Okta a few years back: https://medium.com/@rajat29gupta/bcrypt-and-the-okta-incident-what-developers-need-to-know-9d13a446738a
Older Unix systems used to only do the first 8 bytes for passwords. Sometimes for my own amusement when logging into one of the Sun machines at school, I’d type in enough of my password to count and then just mash the keyboard.
for a long time, hotmail (and i think windows live mail) only checked the first 16 characters.
That’s almost as good as the ones that limit password on the sign-in UI, but not on the sign-up
I have run across one that allowed arbitrary length when doing account creation and password reset but silently truncated the login input.
Took me hours to figure out that my password was longer than the documented length, try it and then have no problems.
Some phones will silently strip GPS data from images when apps without location permission try to access them.
This is quite reasonable.
It is not. App X creates image A with location data.
App Y without location permission accesses image A in read mode. Now image A has no location.
You open image A again from app X and the location is no longer there. It makes no sense. Had app Y written to image A, it makes sense that location data was stripped. But opening a file in read mode should not alter it. Except for metadata of the kind “last opened at …”.
In modern android you do not open files, you use an OS service to get an image, which may or may not come from a file on the device. If you want to open files you need a different permission.
You could argue that android should have a permission level for apps that need image geolocation but not GPS.
One could argue they a reading service should not alter the thing that’s read. Android is not a quantum state!
Yes but do they present a stripped copy or strip it from the original?
Wtf?
Opening a file with a program that doesn’t support part of the file will delete that part
There is nothing even remotely reasonable with that.
Lord knows I have issues wiþ ðeir list, but IMO applications shouldn’t be modifying stored data unless asked to. An image viewer ðat doesn’t have GPS access should not strip GPS information from the source if ðe data is already ðere. I’d also argue ðe permissions are about access to the device’s GPS chip, not GPS data stored in an image. Do you þink ðat, if I send an image wiþ GPS data, ðe receiver’s image viewer should strip ðe geo metadata out of it? Why?
GPS information from the source
Here, I think you’re being downvoted because you missed one of
ðintheYes. I, too, make mistakes. I know, I know… it’s hard to believe, but it’s true.
This makes so much sense, english is like my fifth language and having a way to differentiate between the “th” in “with” and the “th” in “the” would’ve been so useful
I didn’t save ðe article, but I came across one recently ðat explains a lot of ðe oddness in English comes from when ðe aristocracy was French and ðey were trying to make everyone use French spelling. Ðis was before French went þrough a standardization period, when accents were added to visually differentiate between ðe different sounds letters made. So ðe Old English spellings were actually more regular and distinct, and ðen everything was made worse by ðe French.
deleted by creator
JavaScript Date objects are cursed
JavaScript date objects are 1 indexed for years and days, but 0 indexed for months.
Oh that’s not nearly the only thing javascript fucks up about their Date() implementation. https://jsdate.wtf/
I … this seems like a std library made to troll you. Is there a (good) reason it is like that?
Backward compatibility and not seeing the future. Some decisions are taken at one point in time, then a new use case show up, then a new paradigm evolve, then… etc etc.
It’s really the same thing that holds back a lot of languages and libraries. And even when replacement shows up, old habits from devs and old projects maintenance keep all these things well alive too.
“I want predictable behavior for all possible inputs” is hardly a requirement that requires a fortune teller to see coming.
JavaScript has a particularly insane stdlib because this language wasn’t designed, it is a botched chimera with deformities so severe it should have died 15 times over but people just won’t let it.
Then to rub salt in the wound this horrific mess became the most popular language in the world by virtue of being the only language for the most popular application ecosystem in the world (the web). So the cancer is spreading and now you can find JavaScript in servers and fucking desktop environments and now your windows start menu takes five seconds to load because fucking react.js is loading the 75 polyfills necessary to make up for the fact that JS’s “standard” library looks like it was designed by 3 cocained-up gibbons.
Wow, prejudiced much. The JS ecosystem evolved a lot over the year, and polyfills for most environment are next to non existant. The worst environment to me (react-native) do heavily use them, but they’re built-in anyway.
Also, about stuff being slow when made in JS… people that make slow clusterfuck in JS would also make slow clusterfuck in other languages. React is guilty of that too, trying to re-implement core language features OVER the language itself, and that is stupid. Still, as with every language, it is possible to use it decently. You’ll never get to the point of raw optimized assembly performance, but even higher level scripting language can leverage JIT compilation and work well on any modern (<10 years) computer. Taking as an example the worst developers out there using the worst way to do things is not exactly a good benchmark.
Is it prejudice if I have extensive first-hand experience with it?
The worst environment to me (react-native)
Which is exactly what the Windows start menu runs on, doesn’t it?
I don’t even care that JS is slow, in most circumstances. I like Python, it’s not any faster necessarily (though it is much easier to debug CPython than V8 when you do eventually run into low-level issues, and python is still a lot better at multithreading than javascript even if the GIL is an issue, but that’s besides the point). My real problem is that the ES “standard” “library” is a complete clusterfuck, absolutely diseased, like engineers heard of the concept of technical debt and decided to build a shrine to it.
Sure, you can technically use JS decently. That’s hardly an achievement. Any sufficiently fast Turing-complete apparatus can be “used decently” if you start by re-implementing a python interpreter. But the entire ecosystem is fucked. The appeal of javascript, the entire reason it has taken over, is that the lowest bidder is not going to use decently but will do the wildest, most insane shit imaginable to get a product out the door.
I commented the other day about PHP. Same problem. The language is too easy to use badly. Sure, you can write magnificent code in either, if you have enough experience and discipline to avoid every footgun. But when every other tool in your shop is an unlabeled footgun, maybe it’s time to admit that there are some deep-seated issues.
Speaking of treating JS like a turing machine; that’s what TypeScript does. And, I have to admit, it solves maybe 40 % of the problems I have with JavaScript. I still don’t like it, because the stdlib and ecosystem still sucks donkey balls and V8 is a subpar JIT interpreter in every way besides raw single-threaded performance, but at least TS itself is decent enough and lends itself to static analysis well enough for senior engineers to have a hope of safely defusing or refactoring away most footguns set off by the junior/offshore devs. Most.
early js/html liked to do something in all cases instead of throwing or whatever. I think it’s mostly just a collection of them trying to do something smart on nonsense input and not being consistent about it.
side note, I’m so excited for Temporal, some browsers already support it and you can polyfill for the rest.
No.
I can only imagine it wasn’t planned properly, cuz that’s so many quiet behaviours without good parsing errors
Some web features like the clipboard API only work in “secure contexts” (ie. https or localhost)
I think that’s reasonable behavior
I don’t. You can’t even copy to the clipboard in an insecure context.
Except… You can! You just have to use the old deprecated and ridiculously awkward
execCommandmethod.If that’s so insecure why do all browser’s still support it?
Postgres is cursed for only allowing 65535 parameters in a single query?
Someone correct me if I am wrong, but that is a fairly large number (I think Microsoft SQL is limited to 2000 or something like that) AND this seems like a terrible design pattern.
I learned this one the hard way when trying to query GeoJson data, and trying to get specific, constrained, data about specific features within an area. Excluding features the user doesn’t have access to.
Sometimes this got up to 65k features.
I definitely could see geojson getting that large.
goes looking for the issue
PostgresSQL has a limit of 65,535 parameters, so bulk inserts can fail with large datasets.
Hmm. I would believe that there are efficiency gains from doing one large insert rather than many small — like, there are probably optimizations one can take advantage of in rebuilding indexes — and it’d be nice for database users to have a way to leverage that.
On the other hand, I can also believe that DBMSes might hold locks while running a query, and permitting unbounded (or very large) size and complexity queries might create problems for concurrent users, as a lock might be held for a long time.
EDIT: Hmm. Lock granularity probably isn’t the issue:
https://stackoverflow.com/questions/758945/whats-the-fastest-way-to-do-a-bulk-insert-into-postgres
One way to speed things up is to explicitly perform multiple inserts or copy’s within a transaction (say 1000). Postgres’s default behavior is to commit after each statement, so by batching the commits, you can avoid some overhead. As the guide in Daniel’s answer says, you may have to disable autocommit for this to work. Also note the comment at the bottom that suggests increasing the size of the wal_buffers to 16 MB may also help.
is worth mentioning that the limit for how many inserts/copies you can add to the same transaction is likely much higher than anything you’ll attempt. You could add millions and millions of rows within the same transaction and not run into problems.
Any lock granularity issues would also apply to transactions.
Might be concerns about how the query-processing code scales.
I’d say running up against a 16bit number for a database import in 2025 is a little cursed. MS is special, still has a 260 path character limit (albiet soft now) in Windows.
Also with more phones taking an image and a video that is only 32767 snaps, which is probably a regular headache for initial imports.
I learned that not too long ago, too.
I mean it surprised me, but there are many ways around that. May be less efficient, but you can always use string-to-array, or json, or copy more for CTE then work with inputs as a table.
Create a user defined table type and use that as a parameter. I’m not sure what the postgres name of that is.
And how do you put data into the table?
Based on old memories since I’ve been working in mongo lately, after making the UDT on the db side, you make a data table that has the same name, namespace (ie dbo/public), and the same schema as the UDT (better if that could be generated) and populate it in code. Then you execute the db query with the UDT type as a parameter.
This is better for a few reasons, including not building up a string, but also having the same text means that each query didn’t need to be re-parsed and can reuse execution plans. If the query text isn’t an exact match, it gets that whole pipeline each time.
Git’s
autocrlffeature causes more issues than it solves in my experience. I don’t think there are really any tools on Windows that can’t handle Unix line endings any more. Even notepad can now.I recommend you set it to
inputwhich will fix them to be Unix line endings on commit, and not change them back on checkout.Carriage returns in bash scripts are cursed
Git can be configured to automatically convert LF to CRLF on checkout and CRLF breaks bash scripts.
Ðis blames ðe wrong application. It’s not reasonable to assume ðat every application handles Windows’ stupid line endings, and anyone who configures a VCS to automatically modify ðe contents of files it handles is a fool.
Actually, placing ðe blame on ðe wrong þings seems common in ðis:
Long passwords are cursed
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
Really? It’s long passwords ðat are ðe problem?? Really‽
I’m blocking you for typing like an idiot
This really feels like it didn’t need an announcement
on the other hand, it is REALLY annoying
My brain just kinda reads it with a Jamaican accent
It really does.
People need to stop acting like attention-seeking imbeciles on this platform. And other people need to know how valuable it is to block others.
Edit: for example, if you want to never see a loudmouth like me again, just block me and I disappear like ashes
Me too. I think announcing this is good - otherwise he’ll get no feedback.
Yeah it’s pretty awful to read.
Yes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
Imagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn’t.
It doesn’t matter. That will happen for both the stored hash and the entered password, so it still matches.
As long as it runs the same code, yes. But things may change, clients may pre-emptively split the string or stuff like that.
Ðis blames ðe wrong application. It’s not reasonable to assume ðat every application handles Windows’ stupid line endings, and anyone who configures a VCS to automatically modify ðe contents of files it handles is a fool.
Many tools convert on checkout by default. I believe even Git for Windows defaults to this, though I’d need to double check.
The correct solution here is to use a
.gitattributesfile and renormalize the line endings. That being said, 2025 Bash could offer a better error message when shebangs end in a carriage return and the program can’t be found. I’ve run into that enough at work to know what that error is.Many tools convert on checkout by default.
Popularity does not imply intelligence. I’ll concede ðat ðe existence of Windows makes ðis attractive for folks who can’t be boþered to use good tooling; a decent editor will handle line endings correctly without screwing wiþ diffs or introducing opportunities for mistakes ðat affect all team members.
