Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »

OddObserver: Apr 3, 2009

https://twitter.com/ncweaver/status/1470453024870912000

...wat

# ? Dec 14, 2021 15:44

Adbot: ADBOT LOVES YOU

# ? Jun 7, 2024 03:55

Jabor: Jul 16, 2010; #1 Loser at SpaceChem

It's one of those "it seemed like a good idea at the time" things, where someone thought it might be nice for one URL to compare equal to a different URL if they both pointed at the same server.

It is in fact a terrible idea, but by the time they figured that out it was too late to fix it, so instead they made a new class and tell you not to use the old one.

# ? Dec 14, 2021 16:38

LOOK I AM A TURTLE: May 22, 2003; "I'm actually a tortoise."; Grimey Drawer

The Java URL class has got to crack the Top 10 Worst Programming Language Betrayals list.

Also on the list:
- The null pointer.
- The == operator in JavaScript.
- Those PHP function names that were chosen because the names didn't collide when they were hashed.

# ? Dec 14, 2021 17:13

repiv: Aug 13, 2009

LOOK I AM A TURTLE posted:

- Those PHP function names that were chosen because the names didn't collide when they were hashed.

note: the hash function was strlen

# ? Dec 14, 2021 17:51

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

repiv posted:

note: the hash function was strlen

# ? Dec 14, 2021 17:52

ExcessBLarg!: Sep 1, 2001

NihilCredo posted:

NGL for something as fundamental as a filesystem, I would support a social norm of "pay to ask a question to the maintainer" instead of having too-nice maintainers who spend weekends fixing the problems of trillion dollar megacorps for free.

If you take that line of thinking though to its natural conclusion you get something like Solaris instead of Linux. Which is fine if that's the world you want.

But, as a hobbyist at the time, I was greatly appreciative of being able to email Dave Kleikamp back in 2008 regarding a potential data-loss bug in JFS operating on non-x86 architectures and getting confirmation of the bug and a quick resolution. I mean, I could've hunted it down myself and submitted a patch, but that's the kind of thing you want maintainers (especially file-system) participating in.

# ? Dec 14, 2021 17:56

ynohtna: Feb 16, 2007; backwoods compatible; Illegal Hen

repiv posted:

note: the hash function was strlen

# ? Dec 14, 2021 17:59

ToxicFrog: Apr 26, 2008

Jabor posted:

It's one of those "it seemed like a good idea at the time" things, where someone thought it might be nice for one URL to compare equal to a different URL if they both pointed at the same server.

It is in fact a terrible idea, but by the time they figured that out it was too late to fix it, so instead they made a new class and tell you not to use the old one.

IIRC at least part of the motivation was applet origin validation back in the 90s -- if the underlying IP is used for validation rather than just the textual representation of the URL, DNS spoofing to serve bad applets becomes harder.

That seems like a reasonable to thing to check for, but also completely insane to put it in java.net.URL.

# ? Dec 14, 2021 18:31

Qwertycoatl: Dec 31, 2008

Jabor posted:

It's one of those "it seemed like a good idea at the time" things, where someone thought it might be nice for one URL to compare equal to a different URL if they both pointed at the same server.

It is in fact a terrible idea, but by the time they figured that out it was too late to fix it, so instead they made a new class and ~~tell you not to use the old one~~ expect the knowledge not to use the old one to spread through informal lore.

# ? Dec 14, 2021 18:33

OddObserver: Apr 3, 2009

Looking at the docs, they indeed don't really make this problem clear (except mentioning that hashCode is blocking in it's description, but not really explaining why and how), but it does have this:

quote:

The URL class does not itself encode or decode any URL components according to the escaping mechanism defined in RFC2396. It is the responsibility of the caller to encode any fields, which need to be escaped prior to calling URL, and also to decode any escaped fields, that are returned from URL. Furthermore, because URL has no knowledge of URL escaping, it does not recognise equivalence between the encoded or decoded form of the same URL. For example, the two URLs:
http://foo.com/hello world/ and http://foo.com/hello%20world
would be considered not equal to each other.

Which makes the IP lookup even more bizarre and looks painful in its own right.

Edit: equals() does document the weirdness, though, but it's definitely not going "old API, do not use" in any clear way.

OddObserver fucked around with this message at 19:03 on Dec 14, 2021

# ? Dec 14, 2021 18:50

chglcu: May 17, 2007; I'm so bored with the USA.

The documentation for .equals() mentions name resolution, which would therefore mean .hashCode() also has to handle it since equivalent objects would need the same hash code, though yeah, it's not explicit and pretty idiotic.

# ? Dec 14, 2021 19:00

champagne posting: Apr 5, 2006; YOU ARE A BRAIN
IN A BUNKER

repiv posted:

note: the hash function was strlen

this is what happens when some dudes hobby project for making a blog becomes load bearing

# ? Dec 14, 2021 22:10

more falafel please: Feb 26, 2005; forums poster

Jabor posted:

It's one of those "it seemed like a good idea at the time" things, where someone thought it might be nice for one URL to compare equal to a different URL if they both pointed at the same server.

It is in fact a terrible idea, but by the time they figured that out it was too late to fix it, so instead they made a new class and tell you not to use the old one.

That's not how URLs (or DNS) are supposed to work, though, especially since an HTTP server can serve multiple domains from the same IP:port. If they happen to be the same IP right now, that's fine, but you shouldn't assume they will still be a second from now or were a second ago. The URL should be the "primary key" for a resource, even if multiple URLs point at the same resource.

# ? Dec 14, 2021 22:32

ultrafilter: Aug 23, 2007; It's okay if you have any questions.

It might've been a reasonable assumption when the Java URL class was designed.

# ? Dec 14, 2021 23:03

Qwertycoatl: Dec 31, 2008

Yeah I think the ability to serve different pages based on the hostname is newer than the java URL class.

Even back then it was dumb though, since calling out to DNS made it ridiculously slow, and good luck putting URLs in a set or hash map type collection when your internet connection going down could make URLs that used to be equal stop being so while your program was running

Qwertycoatl fucked around with this message at 23:13 on Dec 14, 2021

# ? Dec 14, 2021 23:10

Plorkyeran: Mar 22, 2007; To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed

Two file paths being equal when they refer to the same file is sometimes a very useful property, so I can kinda see how someone would just take the same idea and apply it to URLs without thinking about it too much. Even for files having to hit the filesystem to compare ./foo and ././foo is already a problem often enough that you'd have to not have written production code using a Path type that does that to be unaware that it'd be a problem for URL, though.

# ? Dec 14, 2021 23:19

Eggnogium: Jun 1, 2010; Never give an inch! Hnnnghhhhhh!

Is there an explainer for how a logging framework ended up downloading and executing code for non-Java devs whose eyes glaze over when reading the JNDI Wikipedia page?

# ? Dec 14, 2021 23:21

more falafel please: Feb 26, 2005; forums poster

Eggnogium posted:

Is there an explainer for how a logging framework ended up downloading and executing code for non-Java devs whose eyes glaze over when reading the JNDI Wikipedia page?

https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/

quote:

Alas, the real problem is that log4j 2.x (the version basically everyone uses) is designed in such a way that all string arguments after the main format string for the logging call are also treated as format strings.

So log4j treats every string as a format string that it should do expansion on, and one of the things it can expand is "get this object from A Source" and since java is all about Data coming from AbstractDataFactorySources one of the supported methods of getting an object is "ask this LDAP server for a .jar"

# ? Dec 14, 2021 23:41

rjmccall: Sep 7, 2007; no worries friend; Fun Shoe

It�s got to be worse than just treating them as format strings, or else you wouldn�t have that vulnerability where you can disclose subsequent log messages until an end delimiter randomly shows up.

# ? Dec 15, 2021 00:23

Eggnogium: Jun 1, 2010; Never give an inch! Hnnnghhhhhh!

tyrelhill posted:

you should check out nodejs

The main thing I know it for was when it showed how fetching code at runtime is idiotic in a completely different way.

# ? Dec 15, 2021 00:44

ExcessBLarg!: Sep 1, 2001

ultrafilter posted:

It might've been a reasonable assumption when the Java URL class was designed.

It's always been bad that a.equals(b) can yield inconsistent results over time even when a and b references themselves haven't changed. That was poorly thought out in 1996 or whatever and vhosts were a thing shortly thereafter too.

# ? Dec 15, 2021 01:00

tak: Jan 31, 2003; lol demowned; Grimey Drawer

vhosts were a thing in 1995 I'm pretty sure. Whenever httpd 1.1 came out

# ? Dec 15, 2021 01:58

leper khan: Dec 28, 2010; Honest to god thinks Half Life 2 is a bad game. But at least he likes Monster Hunter.

The whole point of DNS is that you don't know the IP. The Java thing categorically makes no sense, since DNS has always supported tearing down a host in one data center and rebuilding in another.

# ? Dec 15, 2021 02:04

Tei: Feb 19, 2011; Can't post for 3 days!

Shared hosting is a thing. A single IP can host a miriad of websites. Probably the average website share the ip with others. Is not only a bad practice, slow and dumb, is also wrong.

Edit:
oh, you guys already commented this

Tei fucked around with this message at 19:02 on Dec 15, 2021

# ? Dec 15, 2021 08:57

Jazerus: May 24, 2011

Tei posted:

Is not only a bad practice, slow and dumb, is also wrong.

java: not only bad, slow and dumb, but also wrong

# ? Dec 15, 2021 09:30

Sagacity: May 2, 2003; Hopefully my epitaph will be funnier than my custom title.

Yes, having the URL hashcode method do a DNS lookup definitely means that the entire language and standard library is trash.

Let's all move to Python. Or PHP. Or NodeJS. Or Ruby. Or C# (paging Shaggar).

Or: What about Haskell? It definitely has no side effects! (Side effects may include drowsiness)

# ? Dec 15, 2021 13:42

champagne posting: Apr 5, 2006; YOU ARE A BRAIN
IN A BUNKER

Sagacity posted:

Yes, having the URL hashcode method do a DNS lookup definitely means that the entire language and standard library is trash.

Let's all move to Python. Or PHP. Or NodeJS. Or Ruby. Or C# (paging Shaggar).

Or: What about Haskell? It definitely has no side effects! (Side effects may include drowsiness)

I don't think I've ever had to worry about switching everything to a new language (because the decision to use java/c#/typescript/whatever was taken long before I was onboarded)

# ? Dec 15, 2021 13:45

csammis: Aug 26, 2003; Mental Institution

Sagacity posted:

Yes, having the URL hashcode method do a DNS lookup definitely means that the entire language and standard library is trash.

Yeah if anything it�s the fact that the entire language and standard library are trash means that the URL hashcode method was destined to be trash too

# ? Dec 15, 2021 15:37

ExcessBLarg!: Sep 1, 2001

I genuinely wonder if whatever standard library equivalent of the URL class in a different language has made the same mistake.

# ? Dec 15, 2021 16:47

Ranzear: Jul 25, 2013

Digging through the project I'm forking. I didn't even get around to asking why lights were hitting an opengl uniforms limit of 16. Packing them all into one draw call is neat and all, but means no more than 14(15?) lights and 1 camera in scene. I was wondering why and how and then I found it:

code:

    for (i, light) in lights.enumerate() {
        shader_source.push_str(&light.shader_source(i as u32));
        dir_fun.push_str(&format!("color += calculate_lighting{}(surface_color, position, normal, metallic, roughness, occlusion);\n", i))
    }

That ... is injecting a function per light, named using the light's index, into the shader. Specifically the {} gets replaced with the value of i.

So those functions are filled in elsewhere based on light type, for example a point light:

code:

    fn shader_source(&self, i: u32) -> String {
        format!(
        "
            uniform sampler2D shadowMap{};
            layout (std140) uniform LightUniform{}
            {{
                BaseLight base{};
                Attenuation attenuation{};
                vec3 position{};
                float cutoff{};
                vec3 direction{};
                float shadowEnabled{};
                mat4 shadowMVP{};
            }};
            vec3 calculate_lighting{}(vec3 surface_color, vec3 position, vec3 normal, float metallic, float roughness, float occlusion)
            {{
                if(base{}.intensity > 0.001) {{
                    vec3 light_color = base{}.intensity * base{}.color;
                    vec3 light_direction = normalize(position - position{});
                    float angle = acos(dot(light_direction, normalize(direction{})));
                    float cutoff = cutoff{};
                
                    vec3 result = vec3(0.0);
                    if (angle < cutoff) {{
                        result = calculate_attenuated_light(light_color, attenuation{}, position{}, surface_color, position, normal, 
                            metallic, roughness, occlusion) * (1.0 - smoothstep(0.75 * cutoff, cutoff, angle));
                        if(shadowEnabled{} > 0.5) {{
                            result *= calculate_shadow(shadowMap{}, shadowMVP{}, position);
                        }}
                    }}
                    return result;
                }}
                else {{
                    return vec3(0.0, 0.0, 0.0);
                }}
            }}
        
        ", i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i)
    }

loving...

code:

, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i, i,

Ranzear fucked around with this message at 21:48 on Dec 15, 2021

# ? Dec 15, 2021 21:41

CPColin: Sep 9, 2003; Big ol' smile.

It's what you say when you see that code!

# ? Dec 15, 2021 22:14

YanniRotten: Apr 3, 2010; We're so pretty,
oh so pretty

It's the part of Sweet Child O' Mine right before Axl is like "where do we go where do we go now".

Ay ay ay ay ay ay ay ay ay ay ay.

# ? Dec 15, 2021 23:27

Jabor: Jul 16, 2010; #1 Loser at SpaceChem

The authors didn't realize they could just write {1}, huh?

# ? Dec 15, 2021 23:39

ultrafilter: Aug 23, 2007; It's okay if you have any questions.

https://twitter.com/iwsfutcmd/status/1471254599684083714

# ? Dec 16, 2021 22:02

omeg: Sep 3, 2012

I just spent entire day on debugging weird IMAP stuff like invalid utf8 sequences, newlines in subjects or text with embedded nulls. So I wrote some tests.

Turns out nulls in subjects were converted to utf8 sequence of 0xEFBFBD, which is U+FFFD: "REPLACEMENT CHARACTER", or �. :psyduck:

Then I found out that nulls in message body were converted to 0x80. Which is an invalid utf8 sequence by itself. :psyboom:

I have no idea if the server does that or Python's IMAP library. Emails are like printers, don't touch them if you can help it.

# ? Dec 16, 2021 22:42

Bongo Bill: Jan 17, 2012

I � Unicode

# ? Dec 16, 2021 23:13

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

Bongo Bill posted:

I � Unicode

Mods, new thread title, please

# ? Dec 16, 2021 23:25

Adbot: ADBOT LOVES YOU

# ? Jun 7, 2024 03:55

ultrafilter: Aug 23, 2007; It's okay if you have any questions.

The heaviest book that I've ever seen was a hardcopy of the Unicode standard.

Volmarias posted:

Mods, new thread title, please

# ? Dec 16, 2021 23:32

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1503 »