Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »

Jeb Bush 2012: Apr 4, 2007; A mathematician, like a painter or poet, is a maker of patterns. If his patterns are more permanent than theirs, it is because they are made with ideas.

Bongo Bill posted:

We notice things that don't work; we don't notice things that do.

sure but the whole ~web ecosystem~ seems to have a lot more horrifying stuff in it than other places

# ? May 29, 2018 22:59

Adbot: ADBOT LOVES YOU

# ? May 25, 2024 09:20

Dirty Frank: Jul 8, 2004

Bongo Bill posted:

We notice things that don't work; we don't notice things that do.

anything that works is perfect. therefore I am perfect :hellyeah:

*

* occactionally **
** lol

# ? May 29, 2018 23:25

Athas: Aug 6, 2007; fuck that joker

Thermopyle posted:

transpiling is the very smallest of JS frontend sins

What is the biggest sin?

# ? May 30, 2018 00:06

spiritual bypass: Feb 19, 2008; Grimey Drawer

MrMoo posted:

Web developers like to repeat history like everyone else. See: PHP and PHP template engines, PHP is already a template engine.

Thia actually makes sense, though, since template systems automatically prevent page injection attacks and also prevent your dumbass team members from querying the database in the middle of a bunch of markup

# ? May 30, 2018 00:09

The Fool: Oct 16, 2003

Athas posted:

What is the biggest sin?

Javascript

# ? May 30, 2018 00:09

xtal: Jan 9, 2011; by Fluffdaddy

Athas posted:

What is the biggest sin?

John 4:18:

quote:

I'm a teapot

# ? May 30, 2018 00:19

Thermopyle: Jul 1, 2003; ...the stupid are cocksure while the intelligent are full of doubt. �Bertrand Russell

The Fool posted:

Javascript

Not empty quoting.

(I don't actually know the answer to the question, but there's lots of house of cards)

# ? May 30, 2018 00:19

MrMoo: Sep 14, 2000

rt4 posted:

Thia actually makes sense, though, since template systems automatically prevent page injection attacks and also prevent your dumbass team members from querying the database in the middle of a bunch of markup

So you modify the VM to do that for you, a PHP docker or whatever. You could run a second FCGI PHP instance with all the modules disabled and then you have no DB access.

# ? May 30, 2018 00:38

xtal: Jan 9, 2011; by Fluffdaddy

MrMoo posted:

So you modify the VM to do that for you, a PHP docker or whatever. You could run a second FCGI PHP instance with all the modules disabled and then you have no DB access.

This is even more stupid than using PHP to begin with

# ? May 30, 2018 00:46

Volguus: Mar 3, 2009

xtal posted:

This is even more stupid than using PHP to begin with

This: https://www.theregister.co.uk/2008/04/17/oklahoma_corrections_site_data_exposed/

You can code in COBOL, Javascript, lisp, perl, bash and PHP all in one site, but don't, for the love of all that's holy, create, and execute SQL queries from the client.

# ? May 30, 2018 01:05

putin is a cunt: Apr 5, 2007; BOY DO I SURE ENJOY TRASH. THERE'S NOTHING MORE I LOVE THAN TO SIT DOWN IN FRONT OF THE BIG SCREEN AND EAT A BIIIIG STEAMY BOWL OF SHIT. WARNER BROS CAN COME OVER TO MY HOUSE AND ASSFUCK MY MOM WHILE I WATCH AND I WOULD CERTIFY IT FRESH, NO QUESTION

I don't understand the complaints about transpiling and can only assume the complainers haven't really worked much with JavaScript and don't fully understand how or why it's done.

# ? May 30, 2018 04:08

Taffer: Oct 15, 2010

Transposing is good because it allows having a semblance of a real language.

Everything else is a disaster. Like how I had to work on a web project with 11 direct dependencies and an npm install gave me 1300 indirect dependencies, most of which were single-function libs for the most basic poo poo like array and string utilities, because Javascript has no std lib.

Totally stable and secure! It's a loving house of cards and I can't wait till it collapses.

# ? May 30, 2018 04:25

brap: Aug 23, 2004; Grimey Drawer

I really don't think the tiny module thing in of itself is a big deal, especially when you're trying to write a library that can be used in both a browser and node.js environment and size matters. What sucks is what a brittle pile of poo poo npm is in general.

# ? May 30, 2018 05:57

megalodong: Mar 11, 2008

Sagacity posted:

Agreed. I genuinely don't understand how a community that always has prided itself on doing things "in a simple, non-bloated way" is pooping out things like npm, webpack, "transpiling" which is not a typo for "transpiring", leftpad, is-odd (which is even odder than is-even), etc etc.

To be (very, very, very) slightly kind to NPM, is-odd is made by this guy, who's famous for this and this and is basically just trying to game the system so he can claim that he's written code that's used in thousands of programs and has millions of downloads, by getting one of his trivial packages included as a dep in something, and then making his package depend on a bunch of his other poo poo.

It's a bit of an outlier even for npm.

# ? May 30, 2018 07:25

Sagacity: May 2, 2003; Hopefully my epitaph will be funnier than my custom title.

megalodong posted:

It's a bit of an outlier even for npm.

Oh god, just looking at that 'repeat-element' package.

From the tests:

code:

assert.deepEqual(repeat('a', 5), ['a', 'a', 'a', 'a', 'a']);
assert.deepEqual(repeat('a', 50), ['a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a','a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a','a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a','a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a','a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a', 'a']);

Because certainly if it works for 5 elements it may not work for 50.

(Also the tests forget to check any edge case)

# ? May 30, 2018 08:33

Bruegels Fuckbooks: Sep 14, 2004; Now, listen - I know the two of you are very different from each other in a lot of ways, but you have to understand that as far as Grandpa's concerned, you're both pieces of shit! Yeah. I can prove it mathematically.

brap posted:

I really don't think the tiny module thing in of itself is a big deal, especially when you're trying to write a library that can be used in both a browser and node.js environment and size matters. What sucks is what a brittle pile of poo poo npm is in general.

well like, I recently hit file > new project in visual studio 2017, and I had to figure out how to use this npm poo poo to get the js client for signalR in .net to work, and it actually surprisingly wasn't awful to set up. like, I got typescript to work with import statements, my type definitions automatically download, I set up a pre-build to get the type definitions and browserfy so I don't have to check them into source control, and it's worked without blowing up for all of three day so far, and it only took three hours of reading documentation and writing custom pre-build post-build scripts. I can definitely observe progress from 2012 in this area.

# ? May 30, 2018 14:02

qntm: Jun 17, 2009

megalodong posted:

To be (very, very, very) slightly kind to NPM, is-odd is made by this guy, who's famous for this and this and is basically just trying to game the system so he can claim that he's written code that's used in thousands of programs and has millions of downloads, by getting one of his trivial packages included as a dep in something, and then making his package depend on a bunch of his other poo poo.

It's a bit of an outlier even for npm.

Jon Schlinkert's code is just maddening. A while back I discovered someone in our project had pulled in filter-object to, as the package name suggests, take an object and create a new object with some, but not all, of the keys of the original.

Just watch how many dependencies that thing pulls in.

# ? May 30, 2018 18:58

Zopotantor: Feb 24, 2013; ...und ist er drin dann lassen wir ihn niemals wieder raus...

qntm posted:

Jon Schlinkert's code is just maddening. A while back I discovered someone in our project had pulled in filter-object to, as the package name suggests, take an object and create a new object with some, but not all, of the keys of the original.

Just watch how many dependencies that thing pulls in.

It's like one of those videos where somebody hits a dust bunny with a broom and SUDDENLY THERE ARE THOUSANDS OF SPIDERS AAAAARGHHHHH BURN THE HOUSE DOWN :supaburn:

# ? May 30, 2018 19:37

Tau Wedel: Aug 3, 2007; I'm fine. Everything's fine. There is no reason to worry.

qntm posted:

Jon Schlinkert's code is just maddening. A while back I discovered someone in our project had pulled in filter-object to, as the package name suggests, take an object and create a new object with some, but not all, of the keys of the original.

Just watch how many dependencies that thing pulls in.

The package kind-of shows up in those dependencies in five different versions -- 2.0.1, 3.2.2, 4.0.0, 5.1.0, and 6.0.2. How do you even get to the point where you're relying on five subtly different versions of your own code?

Four other packages show up in three versions, and seventeen show up in two versions, meaning that you could remove 29 dependencies if you could always use the latest version of each dependency. I wonder if the package would still work then, or if some of the dependencies actually need to be older versions.

# ? May 30, 2018 20:02

JawnV6: Jul 4, 2004; So hot ...

Sagacity posted:

Because certainly if it works for 5 elements it may not work for 50.

How's that now?

# ? May 30, 2018 21:05

poemdexter: Feb 18, 2005; Hooray Indie Games!; College Slice

This guy figured out how to be super popular in the javascript world by linking his tiny rear end projects together that don't really do anything. Good for him.

Edit: His only dev experience on his linked in profile is 6 years as a Full Stack Developer working on open source projects and thing stats on his projects. He's just trying to get paid to talk.

poemdexter fucked around with this message at 21:10 on May 30, 2018

# ? May 30, 2018 21:07

bob dobbs is dead: Oct 8, 2017; I love peeps; Nap Ghost

his twitter says crypto and solidity

# ? May 30, 2018 21:28

Athas: Aug 6, 2007; fuck that joker

qntm posted:

Jon Schlinkert's code is just maddening. A while back I discovered someone in our project had pulled in filter-object to, as the package name suggests, take an object and create a new object with some, but not all, of the keys of the original.

Just watch how many dependencies that thing pulls in.

Do you do code review when adding new dependencies?

In related new,s I have a group of undergrads working on some fairly simple webstuff for me (interactive graphs of performance benchmark results over time). They're smart guys and building good stuff, but I was honestly not ready for the fact that their simple data processing pipeline (transposing some JSON files) depends on half a million lines of Javascript and the frontend depends on a million and a half lines of Javascript. Their own code is less than 4000 lines total. I mean, I've read about this stuff for years, but it's quite different when you see it in your file system.

# ? May 30, 2018 21:29

Coffee Mugshot: Jun 26, 2010; by Lowtax

Athas posted:

Do you do code review when adding new dependencies?

In related new,s I have a group of undergrads working on some fairly simple webstuff for me (interactive graphs of performance benchmark results over time). They're smart guys and building good stuff, but I was honestly not ready for the fact that their simple data processing pipeline (transposing some JSON files) depends on half a million lines of Javascript and the frontend depends on a million and a half lines of Javascript. Their own code is less than 4000 lines total. I mean, I've read about this stuff for years, but it's quite different when you see it in your file system.

How do you add new dependencies without changing the code and eliciting a code review?

# ? May 30, 2018 21:48

TooMuchAbstraction: Oct 14, 2012; I spent four years making
Waves of Steel
Hell yes I'm going to turn my avatar into an ad for it.; Fun Shoe

Coffee Mugshot posted:

How do you add new dependencies without changing the code and eliciting a code review?

I believe what was meant is, do you review the code in the dependencies that you are adding? Or do you just assume that "hey, it's published code, it must be reasonable."

Because I can practically guarantee you that 95+% of devs opt for the latter.

# ? May 30, 2018 21:50

Sagacity: May 2, 2003; Hopefully my epitaph will be funnier than my custom title.

JawnV6 posted:

How's that now?

I was saying the opposite of what was actually meant to elicit humour

# ? May 30, 2018 22:09

Coffee Mugshot: Jun 26, 2010; by Lowtax

TooMuchAbstraction posted:

I believe what was meant is, do you review the code in the dependencies that you are adding? Or do you just assume that "hey, it's published code, it must be reasonable."

Because I can practically guarantee you that 95+% of devs opt for the latter.

I see. Yeah, I don't there's much value to reviewing the code in a dependency unless there is a security concern. On the other hand, deciding that an API is good and useful for your own project is a bit of a review itself, albeit informal.

# ? May 30, 2018 22:11

canis minor: May 4, 2011

qntm posted:

Jon Schlinkert's code is just maddening. A while back I discovered someone in our project had pulled in filter-object to, as the package name suggests, take an object and create a new object with some, but not all, of the keys of the original.

Just watch how many dependencies that thing pulls in.

I love there's a library called is-odd, and that it's at version 2.0

edit: scratch that - my favourite thing is the usage of five different versions of kind-of

# ? May 30, 2018 23:05

Rubellavator: Aug 16, 2007

Never forget left-pad

# ? May 31, 2018 00:01

VikingofRock: Aug 24, 2008

canis minor posted:

I love there's a library called is-odd, and that it's at version 2.0

As of 5 hours ago it's on version 3.0. Even better!

VikingofRock fucked around with this message at 00:14 on May 31, 2018

# ? May 31, 2018 00:09

HappyHippo: Nov 19, 2003; Do you have an Air Miles Card?

My company has multiple bureaucracies in place to review dependencies

This is for shipped products however. I don't know how they handle the website.

# ? May 31, 2018 00:12

megalodong: Mar 11, 2008

VikingofRock posted:

as of 5 hours ago it's on version 3.0

code:

function isSafeInteger(n) {
  if (typeof Number.isSafeInteger === 'function') {
    return Number.isInteger(n) && (n <= Number.MAX_SAFE_INTEGER);
  }
  return Number.isSafeInteger(n);
}

uhh isn't that wrong. Shouldn't it be !== in the comparison to check if isSafeInteger is defined?

# ? May 31, 2018 00:15

redleader: Aug 18, 2005; Engage according to operational parameters

megalodong posted:

code:
function isSafeInteger(n) {
  if (typeof Number.isSafeInteger === 'function') {
    return Number.isInteger(n) && (n <= Number.MAX_SAFE_INTEGER);
  }
  return Number.isSafeInteger(n);
}
uhh isn't that wrong. Shouldn't it be !== in the comparison to check if isSafeInteger is defined?

That sounds like a semver-breaking change. Time to rollout 4.0!

# ? May 31, 2018 00:27

Doc Hawkins: Jun 15, 2010; Dashing? But I'm not even moving!

HappyHippo posted:

My company has multiple bureaucracies in place to review dependencies

This is for shipped products however. I don't know how they handle the website.

Do they actually check the code, or just the license?

# ? May 31, 2018 00:30

VikingofRock: Aug 24, 2008

megalodong posted:

code:
function isSafeInteger(n) {
  if (typeof Number.isSafeInteger === 'function') {
    return Number.isInteger(n) && (n <= Number.MAX_SAFE_INTEGER);
  }
  return Number.isSafeInteger(n);
}
uhh isn't that wrong. Shouldn't it be !== in the comparison to check if isSafeInteger is defined?

Open a pull request.

# ? May 31, 2018 00:35

Taffer: Oct 15, 2010

brap posted:

I really don't think the tiny module thing in of itself is a big deal, especially when you're trying to write a library that can be used in both a browser and node.js environment and size matters. What sucks is what a brittle pile of poo poo npm is in general.

It's a big deal in that it's a huge point of failure. What if one of those tiny utility libraries that is depended on by 1000 larger libraries ships an update with a bug? Or worse, what if it it gets removed completely? I'm sure we all remember the disaster of left-pad.

The lack of a std-lib that's maintained by a reliable central authority is a huge weakness of the ecosystem and is why a disaster like npm took over.

# ? May 31, 2018 00:35

CPColin: Sep 9, 2003; Big ol' smile.

megalodong posted:

code:
function isSafeInteger(n) {
  if (typeof Number.isSafeInteger === 'function') {
    return Number.isInteger(n) && (n <= Number.MAX_SAFE_INTEGER);
  }
  return Number.isSafeInteger(n);
}
uhh isn't that wrong. Shouldn't it be !== in the comparison to check if isSafeInteger is defined?

Good thing he disabled the Issues tab, probably because of people trolling him, so all you could do is comment on that commit. Also good thing his tests don't actually cover that branch.

# ? May 31, 2018 00:38

HappyHippo: Nov 19, 2003; Do you have an Air Miles Card?

Doc Hawkins posted:

Do they actually check the code, or just the license?

The licensing is one bureaucracy. There's also security audits. I doubt they manually review third party code however.

# ? May 31, 2018 00:39

HappyHippo: Nov 19, 2003; Do you have an Air Miles Card?

I wonder how long until one of these tiny npm packages that has found it's way into a major package is updated to insert a bitcoin miner or something more malicious.

# ? May 31, 2018 00:42

Adbot: ADBOT LOVES YOU

# ? May 25, 2024 09:20

megalodong: Mar 11, 2008

VikingofRock posted:

Open a pull request.

I don't want my name anywhere near that thing!

# ? May 31, 2018 00:42

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »