|
Jabor posted:To be fair, I don't think anyone would give someone an amount of medication literally measured in tonnes. MG is a very common way of putting mg, especially in contexts where mg might be expected such as drug dosages. No one uses or expects megagrams (that would me Mg anyway). That bug is horrifying.
|
# ? Mar 15, 2013 06:26 |
|
|
# ? Jun 8, 2024 08:26 |
|
HappyHippo posted:MG is a very common way of putting mg, especially in contexts where mg might be expected such as drug dosages. No one uses or expects megagrams (that would me Mg anyway). That bug is horrifying. http://www.fileformat.info/info/unicode/char/3bc/index.htm
|
# ? Mar 15, 2013 06:35 |
|
Doctor w-rw-rw- posted:Pretty sure mg -> MG isn't the problem - the problem is that both mg and μg capitalize to MG. Oh gently caress, that's pretty nasty. Granted everywhere I've ever seen a string comparison, people ToLower() then compare rather than ToUpper(). Maybe that's why?
|
# ? Mar 15, 2013 06:43 |
|
You mean you can't tell the difference between GREEK CAPITAL LETTER MU (U+039C) and LATIN CAPITAL LETTER M (U+004D) by sight?
|
# ? Mar 15, 2013 06:46 |
|
Non-ideographic writing systems are the true horror.
|
# ? Mar 15, 2013 07:45 |
|
The true true horror is not using scientific notation.
|
# ? Mar 15, 2013 09:54 |
|
You guys all hit on all the major issues. The capital greek Mu is essentially an M, they are indistinguishable in this context. It was never my decision to capitalize everything, the app worked that way when we were brought in to work on it and nobody ever thought much of it. Fortunately this issue was not found in live data, but holy crap was I terrified when it was brought to light. In the end the decision was made to leave it so it capitalized everything. Instead of altering the code, this particular data set was altered so that µg was written out as micrograms (or mcg). I am uncomfortable with that decision for obvious reasons. Edit: Can you tell these apart? http://codepoints.net/U+039C http://codepoints.net/U+004D armorer fucked around with this message at 13:13 on Mar 15, 2013 |
# ? Mar 15, 2013 13:10 |
|
Why mcg instead of ug?
|
# ? Mar 15, 2013 14:02 |
|
I just don't get what makes someone in this day and age think "Hey better convert that to uppercase before displaying it!" Like what, just in case their terminal is a Commodore 64?
|
# ? Mar 15, 2013 14:24 |
|
evensevenone posted:I just don't get what makes someone in this day and age think "Hey better convert that to uppercase before displaying it!" Like what, just in case their terminal is a Commodore 64? When I worked on healthcare transaction software, the EDI standard required for HIPAA compliance was all uppercase. Pretty sure it's the same today. I assume it's for backwards compatibility with technology not significantly newer than C64.
|
# ? Mar 15, 2013 14:37 |
|
Doctor w-rw-rw- posted:Pretty sure mg -> MG isn't the problem - the problem is that both mg and μg capitalize to MG. Yeah I know? Someone thought it meant megagrams and thus wouldn't be that bad because no one could make that mistake. I was pointing out that MG is often read milligrams, which could be mistaken for a reasonable drug dose.
|
# ? Mar 15, 2013 15:53 |
|
armorer posted:You guys all hit on all the major issues. The capital greek Mu is essentially an M, they are indistinguishable in this context. It was never my decision to capitalize everything, the app worked that way when we were brought in to work on it and nobody ever thought much of it. Fortunately this issue was not found in live data, but holy crap was I terrified when it was brought to light. In the end the decision was made to leave it so it capitalized everything. Instead of altering the code, this particular data set was altered so that µg was written out as micrograms (or mcg). I am uncomfortable with that decision for obvious reasons. Just replace 039C with http://codepoints.net/U+00B5 - problem solved forever, right guys?
|
# ? Mar 15, 2013 16:23 |
|
Munkeymon posted:Just replace 039C with http://codepoints.net/U+00B5 - problem solved forever, right guys? No, because that still uppercases to U+039C. Or are you saying actually change the Unicode upper case glyph (which is clearly out of my control)?
|
# ? Mar 15, 2013 16:32 |
|
armorer posted:You guys all hit on all the major issues. The capital greek Mu is essentially an M, they are indistinguishable in this context. It was never my decision to capitalize everything, the app worked that way when we were brought in to work on it and nobody ever thought much of it. Fortunately this issue was not found in live data, but holy crap was I terrified when it was brought to light. In the end the decision was made to leave it so it capitalized everything. Instead of altering the code, this particular data set was altered so that µg was written out as micrograms (or mcg). I am uncomfortable with that decision for obvious reasons. There is a single code point for micrograms, U+338D. It looks the same lowercase as uppercase: ㎍
|
# ? Mar 15, 2013 17:31 |
|
That looks awful. edit: Why the hell is it in the CJK block? Malloc Voidstar fucked around with this message at 18:00 on Mar 15, 2013 |
# ? Mar 15, 2013 17:58 |
|
Aleksei Vasiliev posted:That looks awful. Who cares? You can assign whatever font you want to whatever parts of the plane you want. If you don't like it, U+338E, ㎎, is right next door. edit: That's a good question. Looking at the rest of the characters in the block, I'd have to say that they're generally formatted to fit in the wide-character columns you typically see CJK languages written in. That doesn't restrict their usage, though. Catalyst-proof fucked around with this message at 18:04 on Mar 15, 2013 |
# ? Mar 15, 2013 17:59 |
|
All that assumes it's actually using Unicode, and not Windows-1252 or such.
|
# ? Mar 15, 2013 18:10 |
|
I really like that they implement unicode (or part of it), but not lower case. If it's really an EDI thing whoever came up with that must be completely braindead.
|
# ? Mar 15, 2013 18:14 |
|
evensevenone posted:I just don't get what makes someone in this day and age think "Hey better convert that to uppercase before displaying it!" I mean, I agree entirely, I find this in particular ugly and visually distracting. Some people have a strange sense of aesthetics... (this is Word 2013 for those that don't touch the Microsoft world - if you try to rename the tabs to correct the casing, it forces them back to upper-case)
|
# ? Mar 15, 2013 19:03 |
|
armorer posted:No, because that still uppercases to U+039C. Or are you saying actually change the Unicode upper case glyph (which is clearly out of my control)? What I was trying to get at is that it's not obvious (at least to me!) that the micro sign would uppercase to anything because that makes no goddamn sense (again, at least to me!).
|
# ? Mar 15, 2013 19:06 |
|
Munkeymon posted:What I was trying to get at is that it's not obvious (at least to me!) that the micro sign would uppercase to anything because that makes no goddamn sense (again, at least to me!). Are you stupid? It's a Greek letter. Why wouldn't a five-thousand year old language have capital letters?
|
# ? Mar 15, 2013 19:19 |
|
horse mans posted:Are you stupid? It's a Greek letter. Why wouldn't a five-thousand year old language have capital letters? There is U+003BC, which is the letter. The question is why does U+00B5, which is just as a symbol for micro and micro alone, uppercase.
|
# ? Mar 15, 2013 19:21 |
|
Sinestro posted:There is U+003BC, which is the letter. The question is why does U+00B5, which is just as a symbol for micro and micro alone, uppercase. Because it's decomposed from U+03BC. This means that the two code points, while different semantically, originate from the same canonical human representation. Section 15.5 of the Core spec describes why this is the case in more detail. Catalyst-proof fucked around with this message at 19:34 on Mar 15, 2013 |
# ? Mar 15, 2013 19:24 |
Oh hey just found thiscode:
Don Mega posted:I found a table in my company's database that stores passwords as plain text and I doubt my co-workers will care. They weren't too interested in preventing sql injections either. I have to support software that does this. Everyone's username, everyone's password, right there in a big rear end table. And I have access to them all, every single client. I could dump tens of thousands of name/pass combos with a few minutes of copy+paste. It's a Microsoft product
|
|
# ? Mar 15, 2013 19:37 |
|
horse mans posted:There is a single code point for micrograms, U+338D. It looks the same lowercase as uppercase: ㎍ While this is good to know about (and I wasn't aware of its existence) it doesn't help the general problem. The horror in this case was not that µ was used to denote micro in the system. The horror is that the system capitalized data which originated from external systems where we have no control over the characters used, and that data represented drug dosages. The particular dataset with this problem was manually edited to not use µ before being loaded into the live system. Capitalizing data in a software application is generally not considered to be criminally negligent manslaughter.
|
# ? Mar 15, 2013 20:48 |
|
armorer posted:While this is good to know about (and I wasn't aware of its existence) it doesn't help the general problem. The horror in this case was not that µ was used to denote micro in the system. The horror is that the system capitalized data which originated from external systems where we have no control over the characters used, and that data represented drug dosages. The particular dataset with this problem was manually edited to not use µ before being loaded into the live system. Hey, man, you only have to know the entire Unicode spec and how every single character decomposes in order to understand the output of lowercase(). Are you lazy or stupid or something? This is seriously beginning to sound a like security thing in terms of sheer complexity and ease of loving it up horrifically.
|
# ? Mar 15, 2013 21:21 |
|
I always observe a moment of pondering and reflection upon invoking "#include <ctype.h>". It's rarely a good idea, even if there's no choice in the matter.
|
# ? Mar 15, 2013 21:46 |
|
Jabor posted:I would be seriously worried about some "job security" dead man's switches buried in some of those queries. I've already had 3 people from the client ask me if they thought 'is all this necessary or was he just making it so we had to keep paying him'
|
# ? Mar 15, 2013 22:29 |
|
Munkeymon posted:Hey, man, you only have to know the entire Unicode spec and how every single character decomposes in order to understand the output of lowercase(). Are you lazy or stupid or something? My favorite stupid Unicode-related thing is how old versions of IE could be tricked into parsing +ADw-script+AD4-alert("owned");+ADw-/script+AD4- as UTF-7, leading to code execution.
|
# ? Mar 16, 2013 01:42 |
|
https://github.com/Max00355/IonicDB/ IonicDB, a NoSQL database engine written in Python. code:
code:
|
# ? Mar 16, 2013 04:05 |
|
How did you even find that?
|
# ? Mar 16, 2013 04:10 |
|
yaoi prophet posted:How did you even find that? I was reading https://news.ycombinator.com/newest.
|
# ? Mar 16, 2013 04:14 |
|
Isn't it Ionic, dontcha think? A little too Ionic... yeah I really do think.
|
# ? Mar 16, 2013 06:32 |
|
I'm sure "fix ALL security issues" is on the to-do list. edit haha oh my god code:
code:
evensevenone fucked around with this message at 08:39 on Mar 16, 2013 |
# ? Mar 16, 2013 08:33 |
|
How did you get word2013 to run on win3.1?
|
# ? Mar 16, 2013 12:23 |
|
evensevenone posted:
You quoted a quarter of the server script and missed the best part! Python code:
|
# ? Mar 16, 2013 15:19 |
|
The same author has a remote backup thing which seems to be pretty popular (253 stars, 20 forks). So far I've found:code:
code:
code:
(Hint: set file to "../../.ssh/id_rsa". Same issue in upload() (eg "../../.ssh/authorized_keys") and delete()) But its at least just meant to be on a LAN(?), and isn't as crazy as completely arbitrary shell execution. Hopefully they're still just in school or something, I'd probably have made similar mistakes back then.
|
# ? Mar 16, 2013 16:18 |
|
Munkeymon posted:This is seriously beginning to sound a like security thing in terms of sheer complexity and ease of loving it up horrifically. Because it is. Unicode is one of those Really Difficult Things.
|
# ? Mar 16, 2013 17:30 |
|
Progressive JPEG posted:Unsalted SHA1 for hashing passwords and storing them plaintext in server.py? Not the end of the world given this is probably just for someone's LAN...
|
# ? Mar 16, 2013 22:20 |
|
|
# ? Jun 8, 2024 08:26 |
|
Wheany posted:Because it is. Having a unit symbol that uppercases is going beyond difficult into just plain obtuse, but then it's a big, international standard designed by a committee, so I'm not really surprised that bizarre poo poo like that comes out of it.
|
# ? Mar 18, 2013 20:20 |