YAML whitespace is cursed
YAML is cursed and shouldn’t exist. I will die on that hill, with either 4 whitespaces or a tab to back me up.
I’m with you on the white space thing. Spaces, especially multiples of spaces, should not have a programming function.
Some web features like the clipboard API only work in “secure contexts” (ie. https or localhost)
I think that’s reasonable behavior
I don’t. You can’t even copy to the clipboard in an insecure context.
Except… You can! You just have to use the old deprecated and ridiculously awkward
execCommandmethod.If that’s so insecure why do all browser’s still support it?
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
what
This is how someone cracked Okta a few years back: https://medium.com/@rajat29gupta/bcrypt-and-the-okta-incident-what-developers-need-to-know-9d13a446738a
Older Unix systems used to only do the first 8 bytes for passwords. Sometimes for my own amusement when logging into one of the Sun machines at school, I’d type in enough of my password to count and then just mash the keyboard.
for a long time, hotmail (and i think windows live mail) only checked the first 16 characters.
That’s almost as good as the ones that limit password on the sign-in UI, but not on the sign-up
I have run across one that allowed arbitrary length when doing account creation and password reset but silently truncated the login input.
Took me hours to figure out that my password was longer than the documented length, try it and then have no problems.
Some phones will silently strip GPS data from images when apps without location permission try to access them.
This is quite reasonable.
Wtf?
Opening a file with a program that doesn’t support part of the file will delete that part
There is nothing even remotely reasonable with that.
It is not. App X creates image A with location data.
App Y without location permission accesses image A in read mode. Now image A has no location.
You open image A again from app X and the location is no longer there. It makes no sense. Had app Y written to image A, it makes sense that location data was stripped. But opening a file in read mode should not alter it. Except for metadata of the kind “last opened at …”.
In modern android you do not open files, you use an OS service to get an image, which may or may not come from a file on the device. If you want to open files you need a different permission.
You could argue that android should have a permission level for apps that need image geolocation but not GPS.
One could argue they a reading service should not alter the thing that’s read. Android is not a quantum state!
Yes but do they present a stripped copy or strip it from the original?
Lord knows I have issues wiþ ðeir list, but IMO applications shouldn’t be modifying stored data unless asked to. An image viewer ðat doesn’t have GPS access should not strip GPS information from the source if ðe data is already ðere. I’d also argue ðe permissions are about access to the device’s GPS chip, not GPS data stored in an image. Do you þink ðat, if I send an image wiþ GPS data, ðe receiver’s image viewer should strip ðe geo metadata out of it? Why?
GPS information from the source
Here, I think you’re being downvoted because you missed one of
ðintheYes. I, too, make mistakes. I know, I know… it’s hard to believe, but it’s true.
This makes so much sense, english is like my fifth language and having a way to differentiate between the “th” in “with” and the “th” in “the” would’ve been so useful
I didn’t save ðe article, but I came across one recently ðat explains a lot of ðe oddness in English comes from when ðe aristocracy was French and ðey were trying to make everyone use French spelling. Ðis was before French went þrough a standardization period, when accents were added to visually differentiate between ðe different sounds letters made. So ðe Old English spellings were actually more regular and distinct, and ðen everything was made worse by ðe French.
deleted by creator
JavaScript Date objects are cursed
JavaScript date objects are 1 indexed for years and days, but 0 indexed for months.
Oh that’s not nearly the only thing javascript fucks up about their Date() implementation. https://jsdate.wtf/
I … this seems like a std library made to troll you. Is there a (good) reason it is like that?
Backward compatibility and not seeing the future. Some decisions are taken at one point in time, then a new use case show up, then a new paradigm evolve, then… etc etc.
It’s really the same thing that holds back a lot of languages and libraries. And even when replacement shows up, old habits from devs and old projects maintenance keep all these things well alive too.
early js/html liked to do something in all cases instead of throwing or whatever. I think it’s mostly just a collection of them trying to do something smart on nonsense input and not being consistent about it.
side note, I’m so excited for Temporal, some browsers already support it and you can polyfill for the rest.
No.
I can only imagine it wasn’t planned properly, cuz that’s so many quiet behaviours without good parsing errors
Git’s
autocrlffeature causes more issues than it solves in my experience. I don’t think there are really any tools on Windows that can’t handle Unix line endings any more. Even notepad can now.I recommend you set it to
inputwhich will fix them to be Unix line endings on commit, and not change them back on checkout.Postgres is cursed for only allowing 65535 parameters in a single query?
Someone correct me if I am wrong, but that is a fairly large number (I think Microsoft SQL is limited to 2000 or something like that) AND this seems like a terrible design pattern.
I learned this one the hard way when trying to query GeoJson data, and trying to get specific, constrained, data about specific features within an area. Excluding features the user doesn’t have access to.
Sometimes this got up to 65k features.
I definitely could see geojson getting that large.
I learned that not too long ago, too.
I mean it surprised me, but there are many ways around that. May be less efficient, but you can always use string-to-array, or json, or copy more for CTE then work with inputs as a table.
Create a user defined table type and use that as a parameter. I’m not sure what the postgres name of that is.
And how do you put data into the table?
Based on old memories since I’ve been working in mongo lately, after making the UDT on the db side, you make a data table that has the same name, namespace (ie dbo/public), and the same schema as the UDT (better if that could be generated) and populate it in code. Then you execute the db query with the UDT type as a parameter.
This is better for a few reasons, including not building up a string, but also having the same text means that each query didn’t need to be re-parsed and can reuse execution plans. If the query text isn’t an exact match, it gets that whole pipeline each time.
goes looking for the issue
PostgresSQL has a limit of 65,535 parameters, so bulk inserts can fail with large datasets.
Hmm. I would believe that there are efficiency gains from doing one large insert rather than many small — like, there are probably optimizations one can take advantage of in rebuilding indexes — and it’d be nice for database users to have a way to leverage that.
On the other hand, I can also believe that DBMSes might hold locks while running a query, and permitting unbounded (or very large) size and complexity queries might create problems for concurrent users, as a lock might be held for a long time.
EDIT: Hmm. Lock granularity probably isn’t the issue:
https://stackoverflow.com/questions/758945/whats-the-fastest-way-to-do-a-bulk-insert-into-postgres
One way to speed things up is to explicitly perform multiple inserts or copy’s within a transaction (say 1000). Postgres’s default behavior is to commit after each statement, so by batching the commits, you can avoid some overhead. As the guide in Daniel’s answer says, you may have to disable autocommit for this to work. Also note the comment at the bottom that suggests increasing the size of the wal_buffers to 16 MB may also help.
is worth mentioning that the limit for how many inserts/copies you can add to the same transaction is likely much higher than anything you’ll attempt. You could add millions and millions of rows within the same transaction and not run into problems.
Any lock granularity issues would also apply to transactions.
Might be concerns about how the query-processing code scales.
I’d say running up against a 16bit number for a database import in 2025 is a little cursed. MS is special, still has a 260 path character limit (albiet soft now) in Windows.
Also with more phones taking an image and a video that is only 32767 snaps, which is probably a regular headache for initial imports.
Carriage returns in bash scripts are cursed
Git can be configured to automatically convert LF to CRLF on checkout and CRLF breaks bash scripts.
Ðis blames ðe wrong application. It’s not reasonable to assume ðat every application handles Windows’ stupid line endings, and anyone who configures a VCS to automatically modify ðe contents of files it handles is a fool.
Actually, placing ðe blame on ðe wrong þings seems common in ðis:
Long passwords are cursed
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
Really? It’s long passwords ðat are ðe problem?? Really‽
I’m blocking you for typing like an idiot
Yeah it’s pretty awful to read.
Me too. I think announcing this is good - otherwise he’ll get no feedback.
This really feels like it didn’t need an announcement
It really does.
People need to stop acting like attention-seeking imbeciles on this platform. And other people need to know how valuable it is to block others.
Edit: for example, if you want to never see a loudmouth like me again, just block me and I disappear like ashes
on the other hand, it is REALLY annoying
My brain just kinda reads it with a Jamaican accent
Ðis blames ðe wrong application. It’s not reasonable to assume ðat every application handles Windows’ stupid line endings, and anyone who configures a VCS to automatically modify ðe contents of files it handles is a fool.
Many tools convert on checkout by default. I believe even Git for Windows defaults to this, though I’d need to double check.
The correct solution here is to use a
.gitattributesfile and renormalize the line endings. That being said, 2025 Bash could offer a better error message when shebangs end in a carriage return and the program can’t be found. I’ve run into that enough at work to know what that error is.Many tools convert on checkout by default.
Popularity does not imply intelligence. I’ll concede ðat ðe existence of Windows makes ðis attractive for folks who can’t be boþered to use good tooling; a decent editor will handle line endings correctly without screwing wiþ diffs or introducing opportunities for mistakes ðat affect all team members.
Yes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
Imagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn’t.
It doesn’t matter. That will happen for both the stored hash and the entered password, so it still matches.
As long as it runs the same code, yes. But things may change, clients may pre-emptively split the string or stuff like that.
