|
Gaukler posted:Aren’t javascript numbers not actually 64bit? I thought they were something dumb like 52 or 54 and that leads to fun interop problems with languages that don’t suck (as much as javascript, anyway) I mean, they follow the IEEE-754 standard for double precision floats. You're probably thinking of how the mantissa is only 52 bits, but that's the same in any language that follows the standard.
|
# ? Sep 30, 2020 21:38 |
|
|
# ? May 30, 2024 08:43 |
|
All integers between -2^53 and +2^53 are exactly representable in IEEE754 doubles, so integer math that stays in that range works out without rounding or precision loss. Some integers outside that range are also exactly representable, but there are holes
|
# ? Sep 30, 2020 21:59 |
|
Gaukler posted:Aren’t javascript numbers not actually 64bit? I thought they were something dumb like 52 or 54 and that leads to fun interop problems with languages that don’t suck (as much as javascript, anyway) BigInt exists too!
|
# ? Sep 30, 2020 22:12 |
|
Foxfire_ posted:All integers between -2^53 and +2^53 are exactly representable in IEEE754 doubles, so integer math that stays in that range works out without rounding or precision loss. Some integers outside that range are also exactly representable, but there are holes Right, I was getting it mixed up with trying to use i64/u64s in APIs, Number in javascript is f64.
|
# ? Sep 30, 2020 23:46 |
|
Gaukler posted:Aren’t javascript numbers not actually 64bit? I thought they were something dumb like 52 or 54 and that leads to fun interop problems with languages that don’t suck (as much as javascript, anyway) Bruce Dawson just had a blog post on this https://randomascii.wordpress.com/2020/09/27/floating-point-in-the-browser-part-1-impossible-expectations/
|
# ? Oct 1, 2020 01:07 |
|
The "I don't use a thing, therefore teaching it is bad" thing is so goofy I don't even know how to respond. Like, do I start with foundational knowledge, holistic understanding, and how decent pedagogy works, or do I start with the premise that knowledge can't be valuable fo its own sake? There are just so many ways that those statements don't hold up to scrutiny!
|
# ? Oct 1, 2020 01:20 |
|
Shhh let it go, the slappy fight is mercifully over.
|
# ? Oct 1, 2020 02:43 |
|
Oh ok, didn't realize how far behind I was 🤷♀️
|
# ? Oct 1, 2020 02:44 |
|
A coding/contest horror https://twitter.com/vcsjones/status/1311698647936102400 Apparently Digital Ocean are running a contest where getting PRs merged will get you a t-shirt. That, of course, is leading to tons of lovely spam PRs and wasting everyone's time.
|
# ? Oct 1, 2020 18:36 |
|
Somehow someone created a PR to one of our repositories and subscribed the entire company to it. It's going about as well as you'd expect.
|
# ? Oct 1, 2020 18:40 |
|
DigitalOcean says they're gonna try an automated PR banning scheme. Looking at the repositories created specifically for gaming Hacktoberfest, and the spammed PR's... I say just ban India from participating, that looks like it'd reduce the majority of the spam. https://github.com/lugnitdgp/Hack-Day quote:An event organised by GNU/Linux Users' Group, NIT Durgapur for the promotion of Hacktoberfest 2020 🎃 All for a free t-shirt.
|
# ? Oct 1, 2020 19:01 |
|
Protocol7 posted:DigitalOcean says they're gonna try an automated PR banning scheme. Looking at the repositories created specifically for gaming Hacktoberfest, and the spammed PR's... I say just ban India from participating, that looks like it'd reduce the majority of the spam. As a FOSS maintainer the worst countries I've seen are Sri Lanka, Bangladesh, Pakistan, India, Serbia; some people would submit thousands of PRs a day on obviously named multiple accounts (yourname1, yourname2, yourname3, etc) to farm t-shirts.
|
# ? Oct 1, 2020 19:04 |
|
I'm sad I don't work for an open source org anymore, that was an easy get for a few years.
|
# ? Oct 1, 2020 19:17 |
|
I don't exactly hate Hacktoberfest but yeah there will be garbage PRs every year and tons of people claiming issues on popular projects and then not doing anything. To be fair the organizers do encourage participants to not suck but you know good luck. It does give me a yearly reminder that I can do fun coding outside of my job and the t-shirt (plus my work's swag bag for participating) is JUST enough to push me to do it. And then maybe I've fixed some bug in jest that annoys me and some thing in yarn where it can accidentally delete your whole hard drive so you know that's cool.
|
# ? Oct 1, 2020 19:17 |
|
Biowarfare posted:As a FOSS maintainer the worst countries I've seen are Sri Lanka, Bangladesh, Pakistan, India, Serbia; some people would submit thousands of PRs a day on obviously named multiple accounts (yourname1, yourname2, yourname3, etc) to farm t-shirts. I can kind of get why India would score high in any kind of country breakdown for abuse, since it has a huge population and is training a lot of programmers to work with western companies, but Sri Lanka and (especially) Serbia are much smaller. Is there a t-shirt shortage in those countries?
|
# ? Oct 1, 2020 19:34 |
|
NtotheTC posted:More like two's insult The one saving post of the last 100
|
# ? Oct 1, 2020 19:35 |
|
ultrafilter posted:Somehow someone created a PR to one of our repositories and subscribed the entire company to it. It's going about as well as you'd expect. It's impossible to visualise what this might mean without knowing how big your company is. At my company of 20 or so people it would not cause any significant problem.
|
# ? Oct 1, 2020 21:09 |
|
NtotheTC posted:More like two's insult
|
# ? Oct 2, 2020 01:39 |
|
I mean really, new thread title
|
# ? Oct 2, 2020 01:59 |
|
Hammerite posted:It's impossible to visualise what this might mean without knowing how big your company is. At my company of 20 or so people it would not cause any significant problem. 1300 or so, many of whom are not programmers.
|
# ? Oct 2, 2020 02:01 |
|
The prevalence of India in spammy Hacktoberfest PRs is apparently due to a single Hindi YouTube channel showing that as an example.
|
# ? Oct 2, 2020 08:27 |
|
Athas posted:The prevalence of India in spammy Hacktoberfest PRs is apparently due to a single Hindi YouTube channel showing that as an example. HN comments say that he was explicitly telling people to make tons of poo poo PRs and "maybe some of them will slip through in time", intentionally try to find small repos that might have inactive owners so they don't get spamfiltered or rejected Athas posted:I can kind of get why India would score high in any kind of country breakdown for abuse, since it has a huge population and is training a lot of programmers to work with western companies, but Sri Lanka and (especially) Serbia are much smaller. Is there a t-shirt shortage in those countries? I'm not sure why. I saw a shitload of fraud too, when I was at a hosting place. Forging of transcripts for student discounts, trying to BYO licence pirated malware windows, etc., trying to sell hacked accounts and stolen credit card account funds (by changing account email)
|
# ? Oct 2, 2020 10:43 |
|
https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/ Interesting password reset implementation from Grindr
|
# ? Oct 3, 2020 00:57 |
|
The real horror there is expecting a reply to a tweet at 10pm (and also the password reset implementation, jfc). There should really be a public list of security fuckups, like that bank that truncated your passwords to 8 chars in some situations. Falcorum fucked around with this message at 09:54 on Oct 3, 2020 |
# ? Oct 3, 2020 09:52 |
|
Falcorum posted:The real horror there is expecting a reply to a tweet at 10pm (and also the password reset implementation, jfc). IMO if you're one of the largest dating sites in the world, you should have a 24/7 support team and standby numbers for the secfuck guys.
|
# ? Oct 3, 2020 10:03 |
|
Kazinsal posted:IMO if you're one of the largest dating sites in the world, you should have a 24/7 support team and standby numbers for the secfuck guys. Based on the messages I've received using it, I can assure you there is no dating going on there
|
# ? Oct 3, 2020 10:49 |
|
Falcorum posted:The real horror there is expecting a reply to a tweet at 10pm (and also the password reset implementation, jfc). They wouldn't need to reply to tweet at 10pm, if they responded to any of the previous attempts to communicate via official channels
|
# ? Oct 3, 2020 10:58 |
|
I wonder why they set the token there. Dev setting that got put in production? If it's an easy bug to make when using a particular framework or library for instance, it could be present in many services.
|
# ? Oct 3, 2020 11:37 |
|
I was probably being dense but I had to scan back up the page a couple of times before twigging what the issue was (that you can get the token without needing access to the email inbox). More coffee needed I guess. I enjoyed the coded implication from Hunt that he had more success as a Grindr user than Helme. quote:What that means is access to everything the original Grindr account holder had access to, for example, their profile pic (which I immediately changed to a more appropriate one):
|
# ? Oct 3, 2020 12:48 |
|
the internet is insanely bad and clearly a mistake for humanity
|
# ? Oct 3, 2020 13:28 |
|
Falcorum posted:The real horror there is expecting a reply to a tweet at 10pm (and also the password reset implementation, jfc). 8 character passwords are probably from using DES, which was once recommended (in the 90s) and then preserved for backwards compatibility forever.
|
# ? Oct 3, 2020 16:05 |
|
Falcorum posted:The real horror there is expecting a reply to a tweet at 10pm (and also the password reset implementation, jfc). You're probably looking for Common Vulnerabilities and Exposures. https://cve.mitre.org/
|
# ? Oct 3, 2020 16:24 |
|
repiv posted:https://www.troyhunt.com/hacking-grindr-accounts-with-copy-and-paste/ Implementing a "Bug Bounty" got a grin from me. redleader posted:the internet is insanely bad and clearly a mistake for humanity Yes but we've known this for decades.
|
# ? Oct 3, 2020 18:32 |
|
Thread. https://twitter.com/Foone/status/1312451205814128640
|
# ? Oct 3, 2020 19:16 |
|
Ola posted:I wonder why they set the token there. Dev setting that got put in production? If it's an easy bug to make when using a particular framework or library for instance, it could be present in many services. At a previous job, I was building a backend system that provided a small part of functionality to various client's public facing websites. Our API was a regular old REST service, and allowed an optional http header where anyone integrating with us could add their own correlation ids. Client's javascript front ends wouldn't talk to use directly, it was always via their own backend services. One day I was looking over logs in Kibana to try and solve some issue or other with our biggest client (who you definitely would have heard of), and came across a bunch of requests where the correlation id wasn't a guid like normal, but a word like 'november' or something like that. So I added the correlation id to the columns shown by Kibana, and a whole load of stuff showed up - 'karen1947', 'ilikecheese111' and...of course...'password123'. I was never able to find out what convoluted series of coding horrors somehow managed to end up inserting *users passwords* into the correlation id of backend requests to integrators, and can't even imagine how, but they did.
|
# ? Oct 4, 2020 12:45 |
|
Where is the "User horror" thread? https://twitter.com/MaxCRoser/status/1313046638915706880
|
# ? Oct 5, 2020 10:59 |
|
Tei posted:Where is the "User horror" thread? e: number of rows not columns had reached the maximum, I assume, unless they have cooked up something really special although the max rows should be 1,048,576 ??? so are they doing that many tests a day or have they just been appending multiple days' test results to a single spreadsheet or what? Hammerite fucked around with this message at 11:20 on Oct 5, 2020 |
# ? Oct 5, 2020 11:17 |
|
Hammerite posted:... have they just been appending multiple days' test results to a single spreadsheet or what?
|
# ? Oct 5, 2020 11:44 |
|
DWP being conservative and regressive with their technology? Well I never.
|
# ? Oct 5, 2020 11:50 |
|
|
# ? May 30, 2024 08:43 |
|
My guess is that a lab or health unit uploads an excel sheet to some central server daily, and the daily tests started exceeding the 16k column limit.
|
# ? Oct 5, 2020 13:57 |