|
company-wide linting rules should be the bare minimum but the guy responsible for them will be the source of many useless meetings about spaces
|
# ? May 15, 2024 12:42 |
|
|
# ? Jun 8, 2024 00:09 |
|
2Fast2Nutricious posted:company-wide linting rules should be the bare minimum but the guy responsible for them will be the source of many useless meetings about spaces just wait until you get me in a meeting about naming conventions
|
# ? May 15, 2024 12:55 |
|
2Fast2Nutricious posted:company-wide linting rules dear god no
|
# ? May 15, 2024 12:55 |
|
my homie dhall posted:*you've been invited to a 4 hour meeting with the most annoying people in your org to decide which of the included preset linting rules you will be following* welcome to the annual naming convention convention
|
# ? May 15, 2024 15:10 |
|
simble posted:welcome to the annual naming convention convention if that's the best the committee can do I don't think I'll be attending call it the lexical thunderdome and I'll clear my schedule
|
# ? May 15, 2024 15:23 |
|
Soricidus posted:yeah that linter sucks. more rules != better. I think you mean: fewer rules == better
|
# ? May 15, 2024 15:27 |
|
Mind_Taker posted:yeah I'll typically favor != if it makes for a cleaner body Yeah, I looked into it further and there's no problem with using a !=, it was just using it and then going to the else statement. So if I did something like your first example, it's just fine.
|
# ? May 15, 2024 15:42 |
|
LanceHunter posted:Yeah, I looked into it further and there's no problem with using a !=, it was just using it and then going to the else statement. So if I did something like your first example, it's just fine. yeah, I think that makes sense. I dunno if people in general have an easier time reasoning about equals than not-equals there, but I do
|
# ? May 15, 2024 16:05 |
i work as a clinical scientist for a mid-sized hospital in the uk. i'm not formally trained as a programmer, i've just written passable python / powershell / c# software for long enough i picked some stuff up. a lot of the laboratory information management systems (lims) - the software that sit between the analysers sipping on tubes of blood and the more doctor-facing systems that handle patient charts and whatnot - are fossils, but every successor product is worse for example, in our shiny new lims, each blood test has a "function" associated with it. the function describes what additional processes to perform on results, stuff like "limit access to users with security level above X" or "Lock Editing of Result". there are about 30 options that are configured via the GUI with a bunch of tickboxes and dropdowns. but that config is stored as a text string; clicking "Only display if Authorised" adds "ª" to the string. Said string is further "[...] limited to 10 bytes. This is stored as dynamic, alphanumeric data which preserves memory usage" as per their product specialist why also again i'm a dumbass but wouldn't a 64-bit flag both take less space than 10 ASCII characters and allow you to store more than 10 options? and why are they mapped to specific characters anyway???
|
|
# ? May 15, 2024 16:07 |
|
Subjunctive posted:yeah, I think that makes sense. I dunno if people in general have an easier time reasoning about equals than not-equals there, but I do i'm with you there, i tend to have this issue with not-equals
|
# ? May 15, 2024 16:09 |
|
CPColin posted:I think you mean: fewer rules == better
|
# ? May 15, 2024 16:11 |
|
lol at preserving memory usage in anything that gets done less than 100 million times a second in tyool 2024
|
# ? May 15, 2024 16:19 |
|
bob dobbs is dead posted:lol at preserving memory usage in anything that gets done less than 100 million times a second in tyool 2024 containers with larger memory foot print do cost more in the cloud and can get oomed externally
|
# ? May 15, 2024 16:40 |
|
Mind_Taker posted:yeah I'll typically favor != if it makes for a cleaner body I think which one is better depends on the context. In your first pattern, if you are trying to communicate near the top of a method that if (x != y), then escape from the rest of the logic, I think it's reasonable to use a negative expression. I might still choose the second pattern if it is more important to that the reader understand the expression guarding the "do stuff" block. In this example it is trivial but we've all seen variable names in expressions like (value != unset) that would be much easier to read as (value == unset). I generally wouldn't write either of the above code if I could help it since the example method has both side effects (implied by missing return in "do stuff" and the use of else in the second pattern) and returns a value.
|
# ? May 15, 2024 16:49 |
|
trying to bisect some poo poo in Awful.app and when I get to stuff that was written for older Swift versions, the deps break in weird ways and I have to go dig out the closed GitHub issues for when the version of XCode came out maybe I can install an old toolchain and convince XCode to use it...
|
# ? May 15, 2024 16:52 |
|
i almost feel like it would be easier to write a somethingawful mobile app using whatever the current equivalent of cordova is, but with some sort of hack thrown in to bypass cors. at least html5 doesn't break and deprecate poo poo constantly. (come to think of it i'm surprised even the regular app gets through app store review, ain't there rules against making arbitrary http requests to servers that the app author doesn't control? i feel like there ought to be some sort of app equivalent of cors or at least some sort of .well-known garbage)
|
# ? May 15, 2024 17:42 |
|
Subjunctive posted:yeah, I think that makes sense. I dunno if people in general have an easier time reasoning about equals than not-equals there, but I do Ember templates have an {{#if thing}} block and an {{#unless thing}} block. They are both syntactically allowed to have an {else} section, but the templatelint program complains when you use one in an unless block. Which is fine, because my brain immediately trips when i see an unless block, even if i can easily deduce that it means just "if not"
|
# ? May 15, 2024 17:43 |
|
unless/else is a great patern
|
# ? May 15, 2024 21:43 |
|
guard in swift is good too, enforces the early return
|
# ? May 15, 2024 21:44 |
|
Sapozhnik posted:i almost feel like it would be easier to write a somethingawful mobile app using whatever the current equivalent of cordova is, but with some sort of hack thrown in to bypass cors. at least html5 doesn't break and deprecate poo poo constantly. the reason you have cors in web browsers is that without it, site a would get to make requests to site b with the user's site b credentials. that's not a problem with apps at all - the webview in an app doesn't share state with the standalone web browser or the webviews in any other app. if you log in to a particular service within an app, the implication is that you're fine with that particular app sending requests to that service with your credentials. the alternative is that every app author would have to run a proxy service to funnel all the internet traffic from their app through (or more likely - use one from someone providing this service to many different apps), which is objectively worse for both security and privacy.
|
# ? May 16, 2024 00:30 |
|
Mind_Taker posted:yeah I'll typically favor != if it makes for a cleaner body Unnecessary use of else. code:
|
# ? May 16, 2024 00:41 |
|
CPColin posted:I think you mean: fewer rules == better if you think it’s safe to simply replace a != b with !a == b, I have bad news about many popular programming languages
|
# ? May 16, 2024 03:53 |
|
FlapYoJacks posted:Unnecessary use of else. [smalltalk voice] unnecessary use of if
|
# ? May 16, 2024 06:36 |
|
hello terrible programmers, long time no post. now that I don't touch actual code apart from SQL in this dog poo poo database that has tables with 100 columns, little or no referential integrity and a view that just barfs out the contents of every single one as the main output because working out what data you need to send is apparently hard I dont have many terrible stories to share, but! one of the less badly designed datasets is a basic grid of a specific data model that includes two time periods that correspond to numbers of days/months/years, years are like 99% of the values but you do see like "18 months" or "30 days" from time to time. When this was build they forgot about this and only put years, or, maybe, they spoke to the main consumer who said "well our system only supports years" or maybe "we type it all in manually anyway so whatever". end result: we only have years. ok so how does the consumer handle typing it in? Motherfucking decimals. Want to do 18 months? that'll be typed in as 1.5 years. 30 days? 0.082 years please lmao and ofc on our side we don't allow decimals in the field
|
# ? May 16, 2024 07:56 |
|
d-d-d-double post if only there was some sort of primary key this would never have happened, sort it out jeffery
|
# ? May 16, 2024 07:56 |
|
Powerful Two-Hander posted:d-d-d-double post who called it a database fuckup instead of a primary key party
|
# ? May 16, 2024 14:26 |
|
Jabor posted:the reason you have cors in web browsers is that without it, site a would get to make requests to site b with the user's site b credentials. that's not a problem with apps at all - the webview in an app doesn't share state with the standalone web browser or the webviews in any other app. yeah, i know how cors works. but it's not just that, it's about web browsers being hijacked to attack other unrelated websites. the rule with cors is that if a third-party http request contains something that couldn't already have been generated using a third-party url in an <img> or script tag since time immemorial, or discloses the result of that request to the first-party server in any way, then the remote server has to explicitly give permission for that request to be generated, whether in the form of a websocket handshake or a cors header. url endpoints that are intended to be invoked from third-party web servers all send cors headers to allow this. somethingawful's server-side web frontend does not. third party website javascript accessing your bank's website using your cookies for your banking session and then reading out the response to that request is the most obvious abuse that is defended against, but not the only one. also the combination of those two conditions is important, you can already insert an <img> tag to issue arbitrary GETs to chase.com or whatever using whatever chase.com cookies the user has in their web browser... well, except that modern web browsers will also include some Sec-Fetch- headers in that request indicating that this is a cross-site image fetch, which will then prompt the site to reject the request due to the values of those headers. like you can't submit a third party reddit app that strips all the ads out, for example. but that's because reddit is well known and also reddit could complain to apple about it, whereas sa is not and jeffrey neither explicitly endorses nor disallows third party clients. you'd think there would be some technological measure against it instead of a human review measure.
|
# ? May 16, 2024 22:33 |
|
Sapozhnik posted:(come to think of it i'm surprised even the regular app gets through app store review, ain't there rules against making arbitrary http requests to servers that the app author doesn't control? i feel like there ought to be some sort of app equivalent of cors or at least some sort of .well-known garbage) no, you can even put a browser on the app store and basically all it does is send HTTP requests to unaffiliated servers what would that app-CORS even do?
|
# ? May 16, 2024 22:40 |
|
browsers have to use system webkit and system webkit is going to enforce cors and same-origin policy and also not allow the application embedding that browser to make unrestricted http requests on its behalf beyond like navigating to particular urls or calling nonstandard application-provided callbacks. system webkit is also not going to disclose the responses to those http requests to the embedding application. app-cors would be something like an allowlist of origins included in the application package, and at startup the os would ask a .well-known url at each of those origins "hey, ios app com.example.fart wants to send you arbitrary http requests, you cool with that?" and require a very unambiguous affirmative response for that allowlist entry to be valid.
|
# ? May 16, 2024 22:48 |
|
I think you are confusing cors with csrf tokens
|
# ? May 16, 2024 23:10 |
|
Sapozhnik posted:browsers have to use system webkit and system webkit is going to enforce cors and same-origin policy and also not allow the application embedding that browser to make unrestricted http requests on its behalf beyond like navigating to particular urls or calling nonstandard application-provided callbacks. system webkit is also not going to disclose the responses to those http requests to the embedding application. you can observe any response coming back from an embedded wkwebview, I thought, since you were able to with uiwebview, and you can certainly just make HTTP requests without a WebKit embedding at all I don’t understand what you think the browser component is trying to protect here e: the embedding application can certainly extract any auth cookies from the webview, and then synthesize HTTP requests with appropriate headers to get whatever it wants Subjunctive fucked around with this message at 23:30 on May 16, 2024 |
# ? May 16, 2024 23:24 |
|
Sapozhnik posted:third party website javascript accessing your bank's website using your cookies for your banking session and then reading out the response to that request is the most obvious abuse that is defended against, but not the only one. this is the only one that cors is supposed to protect against. cors does nothing to protect against a web site being sent cookieless requests that it didn't want to receive - anybody can spin up an aws instance to make millions of those requests, cors does not affect what code you run on an aws instance or what bytes you put in the network packets you send out. cors in a webview is used for exactly the same reason as it's used in browsers - it's to stop a hostile website loaded in the webview from getting to make arbitrary requests with the cookies that the app developer loaded into the webview. it doesn't affect what requests an app chooses to make for itself, at all.
|
# ? May 17, 2024 00:45 |
|
if you don't want the awful app to be able to send requests to sa using your credentials, i suggest not typing your sa account password into the awful app
|
# ? May 17, 2024 00:49 |
|
follow these nine steps to extract your session cookie and enter that instead
|
# ? May 17, 2024 01:09 |
|
Sapozhnik posted:browsers have to use system webkit and system webkit is going to enforce cors and same-origin policy and also not allow the application embedding that browser to make unrestricted http requests on its behalf beyond like navigating to particular urls or calling nonstandard application-provided callbacks. system webkit is also not going to disclose the responses to those http requests to the embedding application. i don't know what makes you think any of these things but they're all entirely wrong? applications embedding webkit can do approximately whatever the gently caress they want, including observing all of the details of requests made in the embedded browser and making arbitrary http requests. you also can inject arbitrary js into the pages displayed by wkwebkit, which lets you doubly do whatever the gently caress you want. if you've been under the impression that embedded webviews are a sandboxed environment isolated from the host app you may have committed some secfucks.
|
# ? May 17, 2024 06:09 |
|
i don't do mobile development and god willing i won't ever have to. but alright, i thought they behaved like iframes or something. guess not.
|
# ? May 17, 2024 19:42 |
|
you used a very confident tone for someone coming from a place of inexperience!
|
# ? May 17, 2024 19:52 |
|
Subjunctive posted:you used a very confident tone for someone coming from a place of inexperience! hell yeah, promotion comin up
|
# ? May 18, 2024 02:16 |
|
grats pozhnik
|
# ? May 18, 2024 02:17 |
|
|
# ? Jun 8, 2024 00:09 |
|
Subjunctive posted:you used a very confident tone for someone coming from a place of inexperience! hi welcome to the internet
|
# ? May 18, 2024 03:37 |