|
Scaevolus posted:functions? closures?
|
# ? Oct 4, 2012 12:42 |
|
|
# ? May 27, 2024 09:34 |
|
Wheany posted:What bothers me is that the code is so obviously copy-pasted from php examples. Speaking of writing from examples, we ask every prospective developer to complete a simple test. The ones that check for the existence of magic quotes are almost automatically disqualified. Two reasons: One, you should assume you're on a modern PHP. When I filled out the test, I used PHP 5.3, and they were still on PHP 5.2, but obviously didn't ding me for that. (for those who follow me in other threads: yes, we downgraded to PHP 5.1 soon after that.) Two, this is not a job to create redistributable PHP code. This is a job to code for a company. So there's only two options that could go, either the professional coders at the company already have a framework that checks for magic quotes, or the PHP code will live on a server built around it, and we will know whether or not magic quotes is turned on. (and PS: it's not. It never will be. No one has used magic quotes in years.) The worst was, at my old job, the new developer they hired on to replace me without warning months later (), his first code all included checks for magic quotes. Why not just ... ask? Or look? This is an internal corporate system, WE KNOW if quotes are on. They kept this douche who was copying PHP out of a book over me.
|
# ? Oct 4, 2012 14:35 |
|
Golbez posted:Speaking of writing from examples, we ask every prospective developer to complete a simple test. The ones that check for the existence of magic quotes are almost automatically disqualified. Two reasons: One, you should assume you're on a modern PHP. When I filled out the test, I used PHP 5.3, and they were still on PHP 5.2, but obviously didn't ding me for that. (for those who follow me in other threads: yes, we downgraded to PHP 5.1 soon after that.) Two, this is not a job to create redistributable PHP code. This is a job to code for a company. So there's only two options that could go, either the professional coders at the company already have a framework that checks for magic quotes, or the PHP code will live on a server built around it, and we will know whether or not magic quotes is turned on. (and PS: it's not. It never will be. No one has used magic quotes in years.) This strikes me as pretty unreasonable, if the task they're asked to complete makes it clear that they're responsible for using request variables that haven't been pre-treated or sanitised in any way. I think that writing portable code is a pretty laudable goal and I don't see that the "we know what our server's configuration is" argument is a valid one. What if someone screws something up and magic_quotes somehow is turned on? Then you would be glad someone thought to guard against it by screening for it. (Naturally, the problem should be logged if magic_quotes is expected to be off but is found to be on.) Of course, any code that checks for magic_quotes should be in just one place, in some include file somewhere, not found in every file or anything like that, which has two consequences: 1) it shouldn't get in anyone's way that there is code checking for magic_quotes - you should rarely have a need to look at the code; and 2) it is reasonable to assume, if some pre-treatment of request variables is implied, that magic_quotes has already been dealt with if necessary. In summary magic_quotes is an unfortunate legacy issue when working with PHP and I find it baffling that you would penalise developers who display an awareness of it and exercise appropriate caution!
|
# ? Oct 4, 2012 14:50 |
|
Hammerite posted:This strikes me as pretty unreasonable, I'm going to have to agree with this.
|
# ? Oct 4, 2012 15:24 |
|
Yeah that's pretty unreasonable. You'll be ruling out a lot of people that have strong experience in PHP that know a) every PHP developer is retarded until proven otherwise (and even then, there's no guarantee) b) knowing common "gotchas" from previous releases is a benefit if ever in a situation where they need to work on legacy applications (and maybe the person asking the question wants to know that and hasn't asked). Even defining "... using PHP version 5.3" in the question wouldn't help, I used PHP for about 12 years and couldn't tell you which version was the current latest at any given point and which version introduced/removed/changed feature X, but at least on any given version I'd be able to do my research and avoid the pitfalls. I'd literally red-flag the opposite, new-to-PHP developers with none of the security-conscious coding experience from the past.
|
# ? Oct 4, 2012 15:28 |
|
Edit: It turns out I was mixing things in my head, my hatred of the other developer who used magic quotes, despite there being zero need to because we owned the server, and my dealing with bad PHP tests. I had thought there were some bad PHP tests that contained magic quotes, I was wrong. So basically, my entire reasoning has been stupid and I apologize to all. Though I never said automatic disqualification, just ... almost. Needlessly hyperbolic, though, sorry. I obviously look at the output and the coding, and judge appropriately. On the other hand...Hammerite posted:What if someone screws something up and magic_quotes somehow is turned on? Golbez fucked around with this message at 17:05 on Oct 4, 2012 |
# ? Oct 4, 2012 16:53 |
|
Golbez posted:When you code for a system that you know is 5.3, do you include caveats for if your PHP suddenly reverted to 4.0? Because that's as likely as magic quotes being turned on on my server, so I wouldn't include caveats for that either. Yes? I don't do any PHP, but in perl it's good practice to require the version you need (see http://perldoc.perl.org/functions/require.html). Not doing that seems kind of crazy with a dynamic language to me. I think in python I had to jump through some extra hoops, but I still remember doing this check. If your code depends on some setting in the config being set a certain way to behave properly, then it drat well better fail fast and loud if it's not set as expected.
|
# ? Oct 4, 2012 17:22 |
|
If your code is not being distributed to third-parties and there's any chance of the runtime environment changing on you then you're doing something very wrong. Setting up a fully-functional development or production environment should consist of running exactly one script, with every developer and every server using the result of that script. If you're distributing the source to be run on other people's servers then you of course need environment checks all over the place, but that's not the scenario that Golbez is talking about.
|
# ? Oct 4, 2012 18:45 |
|
Scaevolus posted:functions? Funking Giblet posted:closures? Not the answer I was going for. There's one more place. JavaScript code:
|
# ? Oct 4, 2012 19:07 |
|
Found this today:code:
|
# ? Oct 4, 2012 19:51 |
|
Plorkyeran posted:If you're distributing the source to be run on other people's servers then you of course need environment checks all over the place, but that's not the scenario that Golbez is talking about. Exactly. If our runtime environment somehow changed on us, we clearly have a bigger problem on our hands than magic quotes suddenly being a factor.
|
# ? Oct 4, 2012 20:25 |
|
TastySauce posted:Found this today: Just this week I was teaching my data structures students about algorithm analysis and big-Oh, and I stressed that big-Oh complexity is a property of a specific algorithm, not a property of the problem you're trying to solve. The example I used was retrieving the last element in an array: O(1) if you just do array[size - 1], or O(n) if you write a loop that iterates until it finds the last one and returns that. "But," I said, "doing this with the loop would be brain-dead." Welp.
|
# ? Oct 4, 2012 23:05 |
TastySauce posted:Found this today: Haha, wait, am I reading this right? Instead of simply assigning the value of the last piece returned by the split, (s)he's filling an array with all the pieces from the split, then iterating over the entire array, always assigning each item to viewName, just to get viewName to equal the last item in the array?
|
|
# ? Oct 5, 2012 00:40 |
|
Golbez posted:Exactly. If our runtime environment somehow changed on us, we clearly have a bigger problem on our hands than magic quotes suddenly being a factor. I'm sorry but this is a completely dumb 'disqualifier' without letting the interviewee know that you're at least running PHP5. Do you know how many companies don't upgrade until it's absolutely necessary? My work still has many employees on Windows 2000, and they were pulling in some 12 million a year before the economy crashed. We're also using an inventory system that looks like it was created for MS-DOS (and probably was). The fact the he even knows what magic quotes is probably a good sign not a bad one. Quit being such a about a candidate finding out some background information on a problem you've given him.
|
# ? Oct 5, 2012 00:57 |
|
Never mind whatever bullshit about magic quotes which shouldn't come near an interview, I think doing an interview in PHP at all is a pretty huge horror (especially for a PHP position)!
|
# ? Oct 5, 2012 01:06 |
|
Knyteguy posted:I'm sorry but this is a completely dumb 'disqualifier' without letting the interviewee know that you're at least running PHP5. Do you know how many companies don't upgrade until it's absolutely necessary? My work still has many employees on Windows 2000, and they were pulling in some 12 million a year before the economy crashed. We're also using an inventory system that looks like it was created for MS-DOS (and probably was). The fact the he even knows what magic quotes is probably a good sign not a bad one. Quit being such a about a candidate finding out some background information on a problem you've given him. PHP4 has been EOLed for about 4-5 years now. There's only a few very old legacy systems that still require it, and they will have a very controlled system that won't change for any reason (mainly because anyone who could change it without wrecking things has probably long since moved on). If you're not a PHP developer, then you shouldn't be expected to know this. If you are a PHP developer and you don't know this then you're not worth hiring. bobthecheese fucked around with this message at 03:42 on Oct 5, 2012 |
# ? Oct 5, 2012 01:36 |
|
bobthecheese posted:PHP4 has been EOLed for about 4-5 years now. There's only a few very old legacy systems that still require it, and they will have a very controlled system that won't change for any reason (mainly because anyone who could change it without wrecking things has probably long since moved on). My point still stands though. I run a web host as a side business (and do a little PHP on the side when I want to brush up), and there's still tons of commercial websites that I host that run PHP4. Hell look at the latest couple of posts in the PHP thread and the dev (or at least someone who manages some of the code) was having problems when their host/company upgraded to PHP5. Assumptions in interviews (and pretty much anywhere in life) are a bad thing. X interviewee probably knows jack all about your company, and they should never be penalized for asking questions you may perceive as dumb. How about you just lead with we use PHP 5.1.x write me this code, instead of being a total dick? That will be a far better test of whether the programmer will be able to cut it. Or actually don't; I don't think many people enjoy working under you so it's probably better they find out sooner rather than later (sorry for extending this derail)
|
# ? Oct 5, 2012 03:20 |
|
Just got this gem the other day from the senior developer / project lead:quote:http://msdn.microsoft.com/en-us/library/bb359438.aspx code:
|
# ? Oct 5, 2012 03:36 |
|
bobthecheese posted:PHP4 has been EOLed for about 4-5 years now. There's only a few very old legacy systems that still require it, and they will have a very controlled system that won't change for any reason (mainly because anyone who could change it without wrecking things has probably long since moved on). If you happen to be a PHP developer asked to add something to a system you aren't controlling yourself, it's absolutely safe to assume they're using some balls-old version from the 90s.
|
# ? Oct 5, 2012 03:40 |
|
plushpuffin posted:
|
# ? Oct 5, 2012 08:39 |
|
The horror is that thread safety of a class is dependant on how it is used.
|
# ? Oct 5, 2012 12:56 |
|
plushpuffin posted:
That is awesome.
|
# ? Oct 5, 2012 13:44 |
|
Sagacity posted:This is awesome. He's followed the documentation, so you're not in a position to complain!
|
# ? Oct 5, 2012 15:21 |
|
PrBacterio posted:It did make me wonder, however, did that guy never stop for a moment to think about if the way he was reading that even made sense? Anyone who doesn't immediately stop and say "Why would this make sense?" to that interpretation should probably not be writing any code whatsoever dealing with multiple threads.
|
# ? Oct 5, 2012 15:30 |
|
Zombywuf posted:The horror is that thread safety of a class is dependant on how it is used. I can't tell if this is a joke or not. Curse you Poe's law!
|
# ? Oct 5, 2012 18:01 |
|
I'm still not sure why, in Javascript, the following happens:JavaScript code:
|
# ? Oct 5, 2012 18:25 |
|
It, like most of those hosed up things in Javascript, was probably a bug in the original implementation in Netscape, which IE had to copy in order to be bug-for-bug compatible, which meant all the other browsers had to copy the bugs, which meant that it became entrenched, which meant that it became part of the freaking standard. That or they were smoking too much PHP at the time.
|
# ? Oct 5, 2012 18:27 |
|
McGlockenshire posted:That or they were smoking too much PHP at the time. This may be my favorite sentence in this thread.
|
# ? Oct 5, 2012 18:30 |
|
well at least PHP gets it consistently.code:
|
# ? Oct 5, 2012 18:39 |
|
plushpuffin posted:Just got this gem the other day from the senior developer / project lead: Haha this is so precious, I love it
|
# ? Oct 5, 2012 18:41 |
|
MononcQc posted:I'm still not sure why, in Javascript, the following happens: My guess? <= and >= are soft wrappers around something like !(<var> > <var2>) and !(<var> < <var2>)
|
# ? Oct 5, 2012 18:46 |
|
Zhentar posted:I can't tell if this is a joke or not. Curse you Poe's law! More a terrible commentary on the fact you could believe Microsoft making something work that way.
|
# ? Oct 5, 2012 18:58 |
|
Wozbo posted:My guess? <= and >= are soft wrappers around something like !(<var> > <var2>) and !(<var> < <var2>) The relational operators force their operands to numeric type (unless they're strings), and null converts to 0. The equality operators don't do this, so null is only equal to null and undefined. It's not as unnatural as you might think, but...
|
# ? Oct 5, 2012 19:05 |
|
MononcQc posted:I'm still not sure why, in Javascript, the following happens: My guess: <= and >= coerce both operands to number and Number(null) is 0.
|
# ? Oct 5, 2012 19:05 |
|
rjmccall posted:The relational operators force their operands to numeric type (unless they're strings), and null converts to 0. The equality operators don't do this, so null is only equal to null and undefined. It's not as unnatural as you might think, but... Shot from the hip: miss! Though honestly I probably would never have cared all my life unless I came across this.
|
# ? Oct 5, 2012 19:09 |
|
Zombywuf posted:More a terrible commentary on the fact you could believe Microsoft making something work that way.
|
# ? Oct 5, 2012 19:38 |
|
Well, JS does at least follow IEEE semantics, so you could never implement a<=b as !(b>a) because you'd get the wrong result for NaN. The naive expectation is that (x <= y) is always equivalent to (x < y) || (x == y). Actually writing the spec to make that true means that you can't make (say) undefined==undefined, or you need as complicated a relational algorithm as you do an equality algorithm, so it'd probably be its own set of horrors.
|
# ? Oct 5, 2012 19:39 |
|
Is there really a scenario where relational operators make sense outside of numeric contexts? Why do you expect null <= 0 to give any sort of meaningful or consistent answer?
|
# ? Oct 5, 2012 19:43 |
|
Plorkyeran posted:No, I really couldn't. There are a lot of things I dislike about .NET, but its WTF-quotient is very low. Exactly, you'd be expecting a giant WTF to be lurking under the covers, ready to strike at any moment.
|
# ? Oct 5, 2012 19:48 |
|
|
# ? May 27, 2024 09:34 |
|
rjmccall posted:The relational operators force their operands to numeric type (unless they're strings), and null converts to 0. The equality operators don't do this, so null is only equal to null and undefined. It's not as unnatural as you might think, but... rjmccall posted:Well, JS does at least follow IEEE semantics, so you could never implement a<=b as !(b>a) because you'd get the wrong result for NaN. That makes 'sense'. Thanks for the explanation.
|
# ? Oct 5, 2012 20:08 |