|
pokeyman posted:Leap years: embraced. I do think the smear approach is pretty neat but lol at ever having to think about it or handle it myself
|
#
?
Nov 11, 2022 01:42
|
|
|
|
| # ? May 21, 2024 04:47 |
|
|
Part of the reason the smear approach is so good is that nobody outside of the folks implementing it needs to care about it or even notice it at all.
|
|
#
?
Nov 11, 2022 01:48
|
|
|
Jabor posted:Part of the reason the smear approach is so good is that nobody outside of the folks implementing it needs to care about it or even notice it at all. Exactly!
|
|
#
?
Nov 11, 2022 01:50
|
|
|
Until you find out that your code was breaking because someone was using a timestamp as a unique ID.
|
|
#
?
Nov 11, 2022 09:14
|
|
|
Beef posted:Until you find out that your code was breaking because someone was using a timestamp as a unique ID. Can you elaborate on this? Part of the point of smearing is that you still get monotonically increasing time around the leap second without any rewinds or discontinuities, so I'm finding it hard to understand what you mean.
|
|
#
?
Nov 11, 2022 10:09
|
|
|
Did not know that about smearing, my knowledge is out of date.
|
|
#
?
Nov 11, 2022 10:21
|
|
|
I did see a bug related to that where someone took a string representation of a timestamp and converted it to an integer without regard for overflow. The process was originally running on a big endian machine so it lost the year, but the time range was such that that didn't matter. When we moved it over to a little endian machine it started losing the second and all hell broke loose.
|
|
#
?
Nov 11, 2022 15:16
|
|
|
Jabor posted:Can you elaborate on this? Can't speak for Beef, but one of our programs appends yyyyMMddHHmmss to the file name of files it creates, plus a random 3 digits at the end. When asked about "what if the program creates two files at the same time and the rng spits out the same 3 digits both times?" I was told this is so statistically unlikely that we shouldn't worry about it 
|
|
#
?
Nov 11, 2022 15:29
|
|
|
Polio Vax Scene posted:Can't speak for Beef, but one of our programs appends yyyyMMddHHmmss to the file name of files it creates, plus a random 3 digits at the end. I'm like "oh shoulda appended a whole GUID" and then got to digging and oh drat the RFC for those specifies a weird time format with a weird epoch quote:4.1.4. Timestamp fuckin clock circles all the way down
|
|
#
?
Nov 11, 2022 16:03
|
|
|
quote:100-nanosecond intervals since 00:00:00.00, 15 October 1582  This poo poo is how lostech and 40k behaviors about technical systems come about.
|
|
#
?
Nov 11, 2022 16:05
|
|
|
shame on an IGA posted:I'm like "oh shoulda appended a whole GUID" and then got to digging and oh drat the RFC for those specifies a weird time format with a weird epoch ....It's a little odd to call the Julian calendar "the Christian calendar"
|
|
#
?
Nov 11, 2022 16:20
|
|
|
Leap smear: Google nonsense Edit: beaten
|
|
#
?
Nov 11, 2022 16:33
|
|
|
Perhaps the horror we uncovered here is that smearing was introduced to as a bugfix for a Google-scale UUID collision on leap seconds.
|
|
#
?
Nov 11, 2022 17:30
|
|
|
I feel like uuids are dumb but I don’t have any real argument to go off of
|
|
#
?
Nov 11, 2022 17:40
|
|
|
Beef posted:Until you find out that your code was breaking because someone was using a timestamp as a unique ID. Regular clock skew corrections could cause this even if leap seconds didn’t exist.
|
|
#
?
Nov 11, 2022 18:42
|
|
|
dougdrums posted:I feel like uuids are dumb but I don’t have any real argument to go off of Active Directory has a bunch and the Dumb of them is that different systems have different ways to identify A Thing to a Resource so that for one system you need to use a Service Principal Id while for another you'll be using an Application App Id even though you're referring to the same thing. They should really stream line it or do something
|
|
#
?
Nov 11, 2022 18:50
|
|
|
Are we talking about the UUIDs that are based on timestamps and encode a bunch of stuff or the ones that are just a whole lot of random bits?
|
|
#
?
Nov 11, 2022 21:33
|
|
|
Even uuid version 4 needs version and variant bits, so to be insanely pedantic you still need to validate it.
|
|
#
?
Nov 11, 2022 22:51
|
|
|
OddObserver posted:....It's a little odd to call the Julian calendar "the Christian calendar" I would suppose that when that text refers to "the Christian calendar", it is talking about the legally recognized calendar in those places where the Gregorian calendar was adopted in place of the Julian. It talks of the "Gregorian reform to the... calendar". That reflects the fact that the calendar in official use changed from the Julian to the Gregorian. The Julian calendar itself wasn't reformed, just ceased to be the calendar in use. The Julian calendar still exists - in as much as an abstract concept like a way of tracking time can be said to "exist" - and you could use it now for tracking time, if you wanted to. It's not been "reformed", just abandoned. Since the Julian calendar wasn't "reformed" or changed, it cannot be the subject of the sentence.
|
|
#
?
Nov 11, 2022 23:41
|
|
|
Do Eastern Orthodox christians use a different calendar altogether or do they use Gregorian, just with the holidays shifted a week?
|
|
#
?
Nov 12, 2022 08:02
|
|
|
Carbon dioxide posted:Do Eastern Orthodox christians use a different calendar altogether or do they use Gregorian, just with the holidays shifted a week? my understanding is that they never switched from julian to gregorian. so their holidays are the same day they've always been in the julian calendar, which is now 13 days different from the gregorian calendar
|
|
#
?
Nov 12, 2022 08:18
|
|
|
Carbon dioxide posted:Do Eastern Orthodox christians use a different calendar altogether or do they use Gregorian, just with the holidays shifted a week? It depends. Romanian Orthodox church is using the normal Gregorian calendar, with Christmas on Dec 25th. The serbian Orthodox, use the Julian calendar, with christmas in January.
|
|
#
?
Nov 12, 2022 17:09
|
|
|
Does this seem like a bad idea to anyone else? https://github.com/rails/execjs I deleted an npm package in node_modules. Our TypeScript all compiled fine, our thorough and extensive tests passed, etc. Deploy to prod and it breaks a random Rails model validator with an ENOENT at runtime because it was hardcoded to loving import a js file from a package's dist folder in node_modules and execute it using rails/execjs. This smells really bad to me, and the rails areas of this codebase are deprecated, but the guy who wrote it defended it as "idiomatic rails".
|
|
#
?
Nov 13, 2022 18:09
|
|
|
I’m pretty sure I’ve met people who are that repo personified
|
|
#
?
Nov 13, 2022 18:10
|
|
|
dougdrums posted:I feel like uuids are dumb but I don’t have any real argument to go off of UUIDs in terms of the actual spec are really dumb because almost invariably any application that needs something like that uses it as an implementation detail, which means making public guarantees about its structure and semantics adds a bunch of completely pointless fragility compared to exposing only an opaque 128 bit (or whatever) value. The presence of specced UUIDs in a system is a sign that the designer is blindly implementing patterns without critically evaluating whether they're relevant, which is a real bad code smell. A similar case of a spec in search of a problem is JSON web tokens, which gave us gems such as specifying a "null" authentication scheme, which libraries faithfully implemented, allowing a trivially hand crafted JWT to be used to "authenticate" anything an attacker would like. As with UUIDs, there's no defensible reason application-specific cryptographic metadata should be intelligible to the outside world at all.
|
|
#
?
Nov 13, 2022 18:49
|
|
|
Wonder how much of the worlds storage capacity is storing the dashes in UUIDs?
|
|
#
?
Nov 13, 2022 18:59
|
|
|
Ralith posted:A similar case of a spec in search of a problem is JSON web tokens, which gave us gems such as specifying a "null" authentication scheme, which libraries faithfully implemented, allowing a trivially hand crafted JWT to be used to "authenticate" anything an attacker would like. As with UUIDs, there's no defensible reason application-specific cryptographic metadata should be intelligible to the outside world at all. I am a newbie wrt auth. With RS256 how does one craft a token client side? I thought the token could only be generated server side.
|
|
#
?
Nov 13, 2022 19:35
|
|
|
If my sickbrain is on the same page, the major issue is that you have to take the algorithm from the decoded token in order to verify the signature, so you can’t verify that the client hasn’t altered that field as there’s no way to know unless you just force an algo server side and ignore the alg field. e: Which means if the server blindly accepts the header alg field being null, there’s no actual auth happening. And probably even if you pin them server side there could be quirks with parsing that bypass it. dougdrums fucked around with this message at 19:52 on Nov 13, 2022 |
|
#
?
Nov 13, 2022 19:45
|
|
|
wolfman101 posted:I am a newbie wrt auth. With RS256 how does one craft a token client side? I thought the token could only be generated server side.
|
|
#
?
Nov 13, 2022 20:03
|
|
|
Cool, I had assumed the whole thing was encrypted.
|
|
#
?
Nov 13, 2022 20:11
|
|
|
wolfman101 posted:Cool, I had assumed the whole thing was encrypted. If it was encrypted, how would you leak security critical implementation details and invite tampering?!
|
|
#
?
Nov 13, 2022 23:03
|
|
|
Actual PROD code received today:VB Script code:
|
|
#
?
Nov 18, 2022 19:37
|
|
|
Toshimo posted:Actual PROD code received today: is the horror that it's VBScript?
|
|
#
?
Nov 18, 2022 22:08
|
|
|
Falcon2001 posted:is the horror that it's VBScript? Well, there's that. There's also that the original version you can steal from StackExchange or 100 other sites looks like this: VB Script code:
|
|
#
?
Nov 18, 2022 23:50
|
|
|
I get nervous about a method called Build*() actually modifying the filesystem. Because that code seems to use VBA's FileSystemObject. Which has a function called BuildPath(), which does path concatenation without even looking at the filesystem. tl,dr: Even the example is a horror. Wipfmetz fucked around with this message at 15:28 on Nov 21, 2022 |
|
#
?
Nov 21, 2022 10:43
|
|
|
was brushing up on my razor after not using it for awhile and never realized that you can do this (this being vb)code:
|
|
#
?
Nov 21, 2022 23:00
|
|
|
https://twitter.com/Sibuna_Switch/status/1596768465095983104
|
|
#
?
Nov 27, 2022 14:20
|
|
|
dougdrums posted:was brushing up on my razor after not using it for awhile and never realized that you can do this (this being vb) drat, I knew time was a circle but I never saw classic Active Server Pages making a comeback
|
|
#
?
Nov 27, 2022 21:22
|
|
|
Looking over a student's Python code, and see this:code:Shockingly, it does parse and run. I pop open a Python REPL and try a few horrors. code:code:code:
|
|
#
?
Dec 3, 2022 18:58
|
|
|
|
| # ? May 21, 2024 04:47 |
|
|
It makes sense if (and probably only if) one keeps in mind that `for <lval> in <expr>` can take any lval; functionally it's not really much different fromcode:I'm increasingly convinced that the world decided python was a good teaching language because somebody (rightfully) got tired of making first-year students memorise "public, static, void, main, paren, String, args, bracket, bracket paren" without understanding it, and (wrongly) not realising that complexity is just getting pushed around Dijkstracula fucked around with this message at 19:24 on Dec 3, 2022 |
|
#
?
Dec 3, 2022 19:19
|
|
