This happened at my work with internal docs as we switched from an ancient intranet to a new service that had a ton more features but no backwards compatibility so all the pages got updated to PDFs with helpful links that went nowhere and it caused chaos for like 3 months.
"What do you tell someone to type when you want them to send you an email?" should work if the person has irl or phone social connections, which is still the case for a lot of older folks
Yes no clearly clearly. I never would have tried that. Thank you for your insight. I don’t know how I would have missed that. No clue just pure flabbergasted over here
The kind of farming that makes any money isn’t slow work.
It is, however, tangible work with tangible results. Unlike spending months changing the polarity of nanoscopic silicon structure for the non-appreciation of an utterly clueless salesperson whose braindead ideas will have left the world in a worse state than you found it despite anyone’s best efforts.
I should seriously get into woodworking. Kidding. Sorta.
That’s because the new one is just the existing web app that loads inside an Edge instance so they were basically starting from scratch. I realized that when I discovered I couldn’t open the new version on my laptop that I had uninstalled Edge from.
I don’t get why people hate semantic whitespace. The whitespace would be there anyway, and if anything it’s easier to read as long as you avoid 15 nested if statements, and you’re not using a dynamically typed abomination like python.
S-expressions are a hack because the Lisp devs didn’t know how to make an actual compiler, and instead had the users write the syntax tree for them. (For legal reasons I am being facetious).
In all honesty, I can understand the reason people love s-expressions, but to me they’re just unreadable at a glance.
Semantic whitespace is awful because whitespace (something that you can’t actually see) has meaning in how the program runs. Braces {} for scopes gives you the ability to easily tell at a glance where a scope ends. Whitespace doesn’t allow for that. Especially, especially when you can accidentally exit a scope (two new lines in a row with Python) and it’s not actually an error (Pythons global scope). Yeah formatters and linters make this less of an issue but it sucks… Languages with legible symbols for scoping are significantly easier to reason about, see end symbols in Lua.
S-expressions are a hack because the Lisp devs didn’t know how to make an actual compiler, and instead had the users write the syntax tree for them. (For legal reasons I am being facetious).
McCarthy had planned to develop an automatic Lisp compiler (LISP 2) using M-expressions as the language syntax and S-expressions to describe the compiler’s internal processes. Stephen B. Russell read the paper and suggested to him that S-expressions were a more convenient syntax. Although McCarthy disapproved of the idea, Russell and colleague Daniel J. Edwards hand-coded an interpreter program that could execute S-expressions.[2] This program was adopted by McCarthy’s research group, establishing S-expressions as the dominant form of Lisp.
And for anybody thinking of implementing M-expressions, look at Wolfram Mathematica, which is the only popular M-expression-oriented language. It turns out that high-level graph-rewriting semantics are difficult to make efficient! (If you want to try, you might also want to look at GHC or other efficient graph-rewriters to see what the state of the art is like outside Planet Wolfram.)
(Sarcasm/deadpan detected but I’ll respond anyways).
Not when they are visibly the same and the spaces have no other meaning in that context.
Not to mention tabs being annoying in general because of how badly it works to adjust the distance of tab stops. That doesn’t really affect this particular case, but it’s why I generally use spaces instead of tabs.
Most of the annoyance is from vim recognizing that spaces are an error in makefile recipes but still using them unless I copy paste a tab in, including when I hit enter on a line that is using a tab already. It matches the indentation but uses spaces instead of tabs. I’m sure there’s a way to adjust vim config to fix this, but I have yet to acquire the esoteric knowledge required to do so.
It’s just not worth it until your monolith reaches a certain size and complexity. Micro services always require more maintenance, devops, tooling, artifact registries, version syncing, etc. Monoliths eventually reach a point where they are so complicated that it becomes worth it to split it up and are worth the extra overhead of micro services, but that takes a while to get there, and a company will be pretty successful by the time they reach that scale.
The main reason monoliths get a bad rap is because a lot of those projects are just poorly structured and designed. Following the micro service pattern doesn’t guarantee a cleaner project across the entire stack and IMO a poorly designed micro service architecture is harder to maintain than a poorly designed monolith because you have wildly out of sync projects that are all implemented slightly differently making bugs harder to find and fix and deployments harder to coordinate.
I still have to find a name for this disease, but it’s somewhat like “you’re neither Google nor Netflix”.
Everything has to be Scalable™ even if a raspberry pi could serve 200 times your highest load.
I’m currently involved with a “micro service system”, that has very clear, legal requirements, so we know exactly, how much load to expect. At most, a few thousand users, never more than 100 working at the same time on very simple business objects. Complex business logic, but technically almost trivial. But we have to use a super distributed architecture for scalability…
I’m guessing you already got an answer for that though when you asked about it.
Could be either “oh you’re right let’s not do that”, or “because we want to design for horizontal scalability rather than vertical in case the demand grows later”, or “the client has requested and it’s paying for this feature” and so on.
It’s because they think it’s what you’re doing for a large project. Simple as that. There’s no future demand, the client doesn’t care, and I’m not right because they said so.
Micro services always require more maintenance, devops, tooling, artifact registries, version syncing, etc.
The initial transition is so huge too. Like, going from 20 to 21 services is no big deal, but going from 1 service to 2 is a big jump in the complexity of your operations.
Yes. X11 replaced X10’s obsolete cut buffers (which can be modified by any process) with state-of-the-art selections. There are three selections in X11: a primary, a secondary, and a clipboard.
In modern desktops, the primary selection is overwritten every time you select some text (including in the terminal), which makes its content very ephemeral. You can paste it with the middle mouse button.
The secondary selection is generally not used, but it’s present in the specification, and you can use xclip -selection secondary to access it. Wayland doesn’t seem to have a secondary selection.
The clipboard selection is what most people understand to be THE clipboard. You have to write to it explicitly (through a keyboard shortcut, API, or CLI tool), and its content persists until it is overwritten, explicitly cleared, or the X server is killed. While the primary and secondary can only contain text, the clipboard can contain many kinds of data.
Okay I had no.idea. So on Plasma, I’m guessing when I copy anything, it’s writing it both the primary selection, and the clipboard selection and that’s how it stays in the clipboard manager thingy?
Not exactly. When you select a text and copy it, the two selections will end up containing the same text, but you can write to either selection without affecing the other by using an API, e.g. a website’s “copy to clipboard” button, or xclip/wl-copy.
Clipboard managers with a history feature are an altogether different layer on top of the standard selections. Plasma’s clipboard manager only cares about the clipboard selection, and even then, there are exceptions (e.g. copying a password for KeepassXC doesn’t save it in the history).
My current company’s IT team does not know what CAMM RAM is, does not recognise an nvme ssd inside a laptop, and still talk to us like we’re idiots. I hope you guys here are better than them!
The worst. Our IT is outsourced to some bottom-of-the-barrel garbage company, and they both have no idea what they are doing and work in a different timezone, so you have to wait a working day for responses like ‘did you try turning it off and on again?’. Everyone just emails the head of IT with their issues, which defeats the whole point of the system.
Same. At some point, I learned that the bottom-of-the-barrel garbage company, that does our IT support, is apparently one of the most successful IT support companies on the planet.
I guess, the way to get there, is to not actually provide IT support. You just have to get paid for it.
Yea, hire a bunch of underpaid undertrained peons to take support calls from the rest of your underpaid untrained peons. If an exec has a problem they get to bypass the helpdesk and go straight to someone that knows what they’re doing so they never see how bad things are. $$$
Hell, even Dell who came up with the standard chose to switch to soldered memory on the brand new XPS laptops instead of using their own CAMM standard ^because ^money.
My laptop and I are very real! At least my laptop, from last year (a dell as someone mentioned). I even got to know how you screw one in and out since my IT basically told me to go fuck myself when I had to upgrade my laptop.
Assuming the accounting system this thing links with both does not protect from SQL injection attacks (many don’t, despite it being easy to protect against) and also has a table named “Bills” with a field named “amount”; what this would do is go through every single Bills record and half the value in the amount field. This would completely fuck the system, particularly when it came to billing and tax filing as the numbers for accounts billing and receivable wouldn’t even come close to matching each other. The accounting department would have a hell of a time fixing the damage.
Yup. Rand() chooses a random float value for each entry. By default I believe it’s anywhere between 0 and 1. So it may divide the first bill by .76, then the second by .23, then the third by 0.63, etc… So you’d end up with a completely garbage database because you can’t even undo it by multiplying all of the numbers by a set value.
Also, by dividing by a number between 0 and 1, you increase the amount it looks like it billed. So income will look like it’s higher than outgoing funds, which will raise suspicions of embezzlement. And if someone actually is embezzling, whatever accounting tricks they’ve been using to hide it might just stop working because everything might need to be examined with a fine tooth comb. “Oh, the billing numbers aren’t right, and also it turns out the invoice numbers aren’t right either. Billing issue was tracked to a hack, but what’s going on with these invoices?”
if you’re trying to be malicious, wouldn’t it be better to multiply by Rand() instead of divide by Rand()?
assuming there are a decent number of recorded sales, you’d end up seeing many of the calls to Rand() returning values very close to 0. so, if you’re dividing by those values, you’d end see lots of sales records reporting values in the thousands, millions, or even billions of dollars. i feel like that screams “software bug” more than anything. on the other hand, seeing lots of values multiplied by values close to 0 would certainly look weird, but it wouldn’t be as immediately suspicious.
(of course a better thing would just be to use Rand() on a range other than [0,1])
I imagine they could if they knew exactly what you did and when, but if it doesn’t get discovered until later and nobody knows what happened, it would probably be a bitch to figure out
It seems like it would be fairly easy to find. All you need to do is find out where the price drops massively, and work backwards from there, since it doesn’t change the code going forward.
Pretty sure it would be obvious to anyone working there that chicken tenders are $10 not $5. Even a quick glance at any single bill would show the issue.
Yeah, obviously the issue can be discovered. My point is that it’s not going to be immediately discovered by the cashier or a customer. It’ll probably not get discovered until the accountant comes by and notices the discrepancy.
does not protect from SQL injection attacks (many don’t, despite it being easy to protect against)
Every modern database library automatically protects against SQL injection, usually by using prepared statements (where the query with placeholders, and the placeholder values, are sent as two separate things). so a system would have to be written extremely poorly to be vulnerable to it.
This post is just a joke as developers should hopefully be aware of the OWASP top 10 security vulnerabilities.
Edit: Bad developers will do bad things, but any reasonable developer should be well aware of these risks.
Well no. If the programmer uses prepared statements, they are protected. If they use a prepared statement but actually just put their own unsanitized statement in there and execute it, it's not protected.
Now, I'd like to say it is 2024 and everyone should be using AT LEAST prepared statements for security. I've seen people doing some scary things in my time, and that includes quite recently.
Bad developers will do bad things, but most DB framework documentation points people towards the right way to do things, which is why I said it’s not common any more.
Every modern database library automatically protects against SQL injection,
No. Every modern library allows using prepared statements, but very few (of any) force using them. If the developer doesn’t use them the libraries won’t do shit to protect you.
What I meant is that not many people write raw SQL in product code any more, other than for analytical purposes (which are often in a system like Apache Airflow rather than in product code). ORM systems have mostly taken over except for cases where you really need raw SQL for whatever reason.
First, injection attacks are third on the owasp list, although they do roll xss into it too, which changed the name, since “shit sanitization on input” and “shit escaping before use” are the cause of both. owasp.org/Top10/A03_2021-Injection/
Secondly, SQL injection is freakishly common and easy. I don’t know of any database libraries that prevent you from directly executing an SQL literal, they just encourage parameterized statements.
I have personally run into plenty of systems where people build SQL via string concatenation because for whatever reason they can’t use an orm or “proper” SQL generator.
You can find them in the wild fairly often by just tossing ’ or 1=1;– into fields in forms. If it gets mad in a way that doesn’t make sense or suddenly takes forever, you win!
That one was a treat when I check under critical, since it’s an injection attack that can bypass parameterized query protections for the database driver, which is why “defense in depth” and “always sanitize your fucking inputs” are such key things to remember.
I hope that provided what you’re looking for, and maybe increases your awareness of SQL injection. 😊
its an sql injection attack.
its rather unlikely that it works in a modern app.
assuming this would work,
it injects a command in the sql database.
it is assumed that the app runs a sql querry with the input field as a parameter e.g. INSERT INTO “bills” (item, ammount, tip) VALUES (“steak”, “20,00 $”, “content of the custom tip goes here”);
the semicolon indicates the end of the querry,
so the the text would cause the app to run an unfinished querry, and then start a new querry that messes up the content of the bills table.
Nothing. For one, it won’t let you enter letters. Two, the table structure to these POS systems are more nuanced than a simple bills table with am amounts field.
It’s amusing and all, but it’s not something you can do.
Source: work with, and develop around, these types of POS systems.
programmer_humor
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.