|
LOOK I AM A TURTLE posted:In my previous job I spent a lot of my time porting an old VB6 application to C#, so I almost never had to write VB6 myself but I did spend enough time reading and debugging it for one lifetime. The VB6 code actually had surprisingly decent error handling most of the time, but all the important subroutines were hundreds of lines long and the form classes were full of hairy logic. To me, this kind of construct always smells more of a global find/replace than any kind of specific bad coding. I want to believe that somewhere in the past there was a chunk of code between those middle two lines, but they were nuked (along with 150 identical snippets) and nobody cleaned up afterwards...
|
#
?
Mar 10, 2016 17:01
|
|
|
|
| # ? May 17, 2024 14:58 |
|
|
qntm posted:To me, this kind of construct always smells more of a global find/replace than any kind of specific bad coding. I want to believe that somewhere in the past there was a chunk of code between those middle two lines, but they were nuked (along with 150 identical snippets) and nobody cleaned up afterwards... That or a bunch of individual small changes where the person to make the last change doesn't realize they can just replace the entire function. I think the for-case "pattern" usually comes about from the same process.
|
|
#
?
Mar 10, 2016 17:10
|
|
|
Can someone explain the "logic" behind an API creator asking an API consumer for a working implementation of something consuming their nonexistent API to validate that it works? Shockingly this isn't the first person to do this. (So glad I'm out of this place next week  )
|
|
#
?
Mar 11, 2016 01:38
|
|
|
"Sure, I'll implement that for you. Can you write some test cases that you'd expect to pass?" Could be worse, they could be asking for a detailed spec in English instead.
|
|
#
?
Mar 11, 2016 01:46
|
|
|
leper khan posted:Can someone explain the "logic" behind an API creator asking an API consumer for a working implementation of something consuming their nonexistent API to validate that it works? Shockingly this isn't the first person to do this. It sounds like some utterly bizarre attempt at distributed test driven development.
|
|
#
?
Mar 11, 2016 02:36
|
|
|
Cuntpunch posted:It sounds like some utterly bizarre attempt at distributed test driven development. To me sounds like the API creator has no idea what they're supposed to be doing.
|
|
#
?
Mar 11, 2016 02:58
|
|
|
HardDisk posted:To me sounds like the API creator has no idea what they're supposed to be doing. That's my guess but the baffling thing is that in every case it's happened (multiple people, multiple orgs) there's a fully documented spec with example I/O. Hoping  has better people.
|
|
#
?
Mar 11, 2016 03:13
|
|
|
qntm posted:To me, this kind of construct always smells more of a global find/replace than any kind of specific bad coding. I want to believe that somewhere in the past there was a chunk of code between those middle two lines, but they were nuked (along with 150 identical snippets) and nobody cleaned up afterwards... I'm guessing you're not far off, but instead of find/replace it's a copy/paste thing. I remember there were other IsXDeletable methods that would check for the presence of objects in the database that depend on the input object (which is what the count variable is about), but in the case of this particular entity there was nothing to check because there were no foreign keys pointing to the table. This is what happens when you create the structure of your code before you create the contents.
|
|
#
?
Mar 11, 2016 09:32
|
|
|
leper khan posted:Can someone explain the "logic" behind an API creator asking an API consumer for a working implementation of something consuming their nonexistent API to validate that it works? Shockingly this isn't the first person to do this. Maybe I'm misreading this, but perhaps it's to provide example use cases that they should design their API to accommodate? API design is hard and it doesn't seem like thaaaat much of a horror to demand examples of how a consumer expects to use it.
|
|
#
?
Mar 11, 2016 10:28
|
|
|
Soricidus posted:I guess the pages you're visiting aren't bothering to specify the language of the text? Or your phone isn't respecting that specification? Like, solutions exist, it's a shame Unicode isn't perfect but it's not like we haven't had decades to find workarounds. I guess. The problem is that more pages than not do not bother (probably because if your system language is set to the "right" one it defaults to the right thing). Or maybe they are and Android Chrome just ignores it. I think a system that depends on people tagging their Web pages properly was doomed to run into these problems. The same problems exist with native Android applications but I have no idea if there is a possible workaround there besides changing your system language. RICHUNCLEPENNYBAGS fucked around with this message at 13:34 on Mar 11, 2016 |
|
#
?
Mar 11, 2016 13:30
|
|
|
http://download.java.net/jdk9/docs/api/java/util/Map.html#of-K-V-K-V-K-V-K-V-K-V-K-V-K-V-K-V-K-V-K-V- This is a coding horror, right?
|
|
#
?
Mar 11, 2016 14:29
|
|
|
Nah. How else would you do compact inline initialization?
|
|
#
?
Mar 11, 2016 14:49
|
|
|
Subjunctive posted:Nah. How else would you do compact inline initialization? Some kind of easily written syntactic sugar for key-value pairs... oh wait it's Java, never mind.
|
|
#
?
Mar 11, 2016 15:05
|
|
|
On a scale of "put it on the backlog" to "OMG FIX IT NOW", how bad is it if the legacy project I've just been assigned to stores passwords as MD5 hashes? Pretty bad, right? As I understand it, between vulnerabilities and speed-of-attack, MD5 is barely one step above plaintext?
|
|
#
?
Mar 11, 2016 16:01
|
|
|
Unsalted md5 hashes are about as useful as base64-encoding the password these days. It stops a well-intentioned person from seeing the user passwords while looking at the user database, and not much more.
|
|
#
?
Mar 11, 2016 16:14
|
|
|
Plorkyeran posted:Unsalted md5 hashes are about as useful as base64-encoding the password these days. It stops a well-intentioned person from seeing the user passwords while looking at the user database, and not much more. That's kind of what I thought.
|
|
#
?
Mar 11, 2016 16:24
|
|
|
Finster Dexter posted:On a scale of "put it on the backlog" to "OMG FIX IT NOW", how bad is it if the legacy project I've just been assigned to stores passwords as MD5 hashes? Pretty bad, right? As I understand it, between vulnerabilities and speed-of-attack, MD5 is barely one step above plaintext? Yeah unsalted md5 hashes are very vulnerable to rainbow table attacks. If you have the salt and algorithm you can generate your own rainbow tables relatively quickly also. What is the best way to create passwords these days? How do password managers like LastPass store them? I'd imagine a unique salt per password and something with a long hash creation time, but is there anything better than that currently for text-based passwords?
|
|
#
?
Mar 11, 2016 20:17
|
|
|
Knyteguy posted:How do password managers like LastPass store them? I'd imagine a unique salt per password and something with a long hash creation time, but is there anything better than that currently for text-based passwords? Given that the password needs to be fetched, it would have to be symmetric encryption as opposed to hashing.
|
|
#
?
Mar 11, 2016 20:23
|
|
|
ChickenWing posted:Given that the password needs to be fetched, it would have to be symmetric encryption as opposed to hashing. Right, but the whole password container/archive would be encrypted as well (or should be) and that can be encrypted asymmetrically with a hash of the master password+a salt. edit: let me rephrase that: the master password can be encrypted asymmetrically. Obviously the container itself has to be reversibly encrypted, but the key to do that doesn't have to be.
|
|
#
?
Mar 11, 2016 20:26
|
|
|
Illegal Move posted:http://download.java.net/jdk9/docs/api/java/util/Map.html#of-K-V-K-V-K-V-K-V-K-V-K-V-K-V-K-V-K-V-K-V- http://doc.akka.io/japi/akka/2.3.14/akka/japi/tuple/Tuple22.html
|
|
#
?
Mar 11, 2016 20:44
|
|
|
LeftistMuslimObama posted:Right, but the whole password container/archive would be encrypted as well (or should be) and that can be encrypted asymmetrically with a hash of the master password+a salt. Lastpass are open about how all that works, I'm pretty sure the master password is salted (with the username?) and hashed a number of times (5000 I think is the default) on the client before it's sent for authentication. Everything else is encrypted before it's sent to the server, with a key derived from the master password, and only ever decrypted locally
|
|
#
?
Mar 11, 2016 20:44
|
|
|
Plorkyeran posted:Unsalted md5 hashes are about as useful as base64-encoding the password these days. It stops a well-intentioned person from seeing the user passwords while looking at the user database, and not much more. The one exception being users with password managers (or that are extremely dedicated to memorizing noise). 20 random characters is not getting cracked. Though random passwords aren't nearly as important to hide in the first place. Knyteguy posted:Yeah unsalted md5 hashes are very vulnerable to rainbow table attacks. If you have the salt and algorithm you can generate your own rainbow tables relatively quickly also. To create them? Whatever you can remember best, while keeping an estimate of entropy for each part and adding it all up. For login passwords and master passwords you want the same thing. A really slow hash, perferably memory-intense. Apparently LastPass uses a lot of sha256 and KeePass uses a lot of AES rounds with sha256 at the start and end. Not memory-intense, oh well. For storing the passwords in a manager you use whatever block cipher is convenient.
|
|
#
?
Mar 11, 2016 20:55
|
|
|
hahahaha, all these immature languages that don't have native syntax for fancy types! let a real language show you how it's done... https://downloads.haskell.org/~ghc/latest/docs/html/libraries/ghc-prim-0.4.0.0/GHC-Tuple.html bonus: http://git.haskell.org/packages/ghc-prim.git/blob/HEAD:/GHC/Tuple.hs#l134
|
|
#
?
Mar 11, 2016 21:03
|
|
|
Suspicious Dish posted:hahahaha, all these immature languages that don't have native syntax for fancy types! let a real language show you how it's done... If java was a real language they wouldn't have stopped at 22 
|
|
#
?
Mar 11, 2016 21:07
|
|
|
As horrible as that stuff is, sometimes when I see some template abomination to do something like that "well" in C++ I wonder if it's all worth it in the end.
|
|
#
?
Mar 11, 2016 21:29
|
|
|
It's just a band-aid until dependent types can become a mainstream thing. Haskell tuples will be about as relevant as 36-bit integers when there's size-typed lists.
|
|
#
?
Mar 11, 2016 21:32
|
|
|
Sinestro posted:size-typed lists.
|
|
#
?
Mar 11, 2016 21:47
|
|
|
Finster Dexter posted:On a scale of "put it on the backlog" to "OMG FIX IT NOW", how bad is it if the legacy project I've just been assigned to stores passwords as MD5 hashes? Of course, you should be concerned about potential theft of the password database, so it should be changed eventually.
|
|
#
?
Mar 11, 2016 22:09
|
|
|
Sinestro posted:It's just a band-aid until dependent types can become a mainstream thing. Haskell tuples will be about as relevant as 36-bit integers when there's size-typed lists. i think you can have dependent type's favorite datatype, vectors, in haskell now with enough extensions enabled
|
|
#
?
Mar 11, 2016 22:16
|
|
|
Suspicious Dish posted:hahahaha, all these immature languages that don't have native syntax for fancy types! let a real language show you how it's done... http://referencesource.microsoft.com/#mscorlib/system/tuple.cs
|
|
#
?
Mar 11, 2016 22:52
|
|
|
idg what's so hard about tuples just docode:
|
|
#
?
Mar 11, 2016 22:59
|
|
|
Suspicious Dish posted:Maybe I'm misreading this, but perhaps it's to provide example use cases that they should design their API to accommodate? API design is hard and it doesn't seem like thaaaat much of a horror to demand examples of how a consumer expects to use it. Example use cases are in the API doc though. It's not like the thing isn't specified. They just literally don't know how to test their own code.
|
|
#
?
Mar 11, 2016 23:23
|
|
|
Rectus posted:Some kind of easily written syntactic sugar for key-value pairs... oh wait it's Java, never mind. That is the syntactic sugar, fresh from the sugar mines
|
|
#
?
Mar 11, 2016 23:43
|
|
|
fritz posted:What, like pascal? I think what Sinestro means is that you would have lists (or tuples) where the size is part of the type, so a list of 5 integers is a different type from a list of 6 integers. Think C++'s std::array.
|
|
#
?
Mar 12, 2016 00:22
|
|
|
fritz posted:What, like pascal? More like heterogenous lists. The upside is you can have any number and type of elements in the list. You could have an HList '[Int, String, Double] that works like an (Int, String, Double) tuple. The downside is consuming these lists in any kind of general fashion is almost ineffably complicated, and it requires almost every extension GHC has to be turned on.
|
|
#
?
Mar 12, 2016 02:41
|
|
|
I am working on a sizable Haskell program as part of my PhD, and as an experiment, I tried to develop one fairly self-contained leaf module in a kind of dependently typed style, with type-sized lists and all. Don't do it; it's not worth it. You can see the result here if you wish. I ended up spending too much time doing boilerplate crap like proving (m + (n - m)) = n or ((n + m) - k) = ((n - k) + m) - all to convince the type checker of the correctness when I was concatenating and splitting vectors of various sizes. Compared to the amount of work it takes to work with these heavyweight type systems, what you get out of them is very little. It works much better in languages like Agda and Idris, mostly because they have tool support to autogenerate the most trivial proofs for you (but I still think you'd end up doing a lot of elementary school arithmetic, as I did - only Coq has a semi-solution for that).
|
|
#
?
Mar 12, 2016 09:54
|
|
|
Subjunctive posted:Nah. How else would you do compact inline initialization? http://www.scala-lang.org/api/2.10.3/#scala.collection.Map$ almost Java...
|
|
#
?
Mar 12, 2016 22:15
|
|
|
That's actually a little better than the Java syntax specified above. code:
|
|
#
?
Mar 13, 2016 23:40
|
|
|
KernelSlanders posted:That's actually a little better than the Java syntax specified above. It's miles better, that's why I was pointing it out. Sorry, wrong thread?
|
|
#
?
Mar 14, 2016 01:22
|
|
|
|
| # ? May 17, 2024 14:58 |
|
|
Steve French posted:It's miles better, that's why I was pointing it out. Sorry, wrong thread? No, I don't think so, although it's probably worth pointing out that most of the sugar there comes not from Map but form ArrowAssoc at https://github.com/scala/legacy-svn-scala/blob/master/src/library/scala/Predef.scala#L249
|
|
#
?
Mar 14, 2016 04:04
|
|