Cursed knowledge we have learned as a result of building Immich that we wish we never knew.
-
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
what
wrote last edited by [email protected]Older Unix systems used to only do the first 8 bytes for passwords. Sometimes for my own amusement when logging into one of the Sun machines at school, I'd type in enough of my password to count and then just mash the keyboard.
-
It doesn't matter. That will happen for both the stored hash and the entered password, so it still matches.
As long as it runs the same code, yes. But things may change, clients may pre-emptively split the string or stuff like that.
-
Some phones will silently strip GPS data from images when apps without location permission try to access them.
This is quite reasonable.
It is not. App X creates image A with location data.
App Y without location permission accesses image A in read mode. Now image A has no location.
You open image A again from app X and the location is no longer there. It makes no sense. Had app Y written to image A, it makes sense that location data was stripped. But opening a file in read mode should not alter it. Except for metadata of the kind "last opened at ...".
-
This post did not contain any content.
Some web features like the clipboard API only work in "secure contexts" (ie. https or localhost)
I think that's reasonable behavior
-
It is not. App X creates image A with location data.
App Y without location permission accesses image A in read mode. Now image A has no location.
You open image A again from app X and the location is no longer there. It makes no sense. Had app Y written to image A, it makes sense that location data was stripped. But opening a file in read mode should not alter it. Except for metadata of the kind "last opened at ...".
In modern android you do not open files, you use an OS service to get an image, which may or may not come from a file on the device. If you want to open files you need a different permission.
You could argue that android should have a permission level for apps that need image geolocation but not GPS.
-
In modern android you do not open files, you use an OS service to get an image, which may or may not come from a file on the device. If you want to open files you need a different permission.
You could argue that android should have a permission level for apps that need image geolocation but not GPS.
One could argue they a reading service should not alter the thing that's read. Android is not a quantum state!
-
I ... this seems like a std library made to troll you. Is there a (good) reason it is like that?
Backward compatibility and not seeing the future. Some decisions are taken at one point in time, then a new use case show up, then a new paradigm evolve, then… etc etc.
It's really the same thing that holds back a lot of languages and libraries. And even when replacement shows up, old habits from devs and old projects maintenance keep all these things well alive too.
-
I learned that not too long ago, too.
I mean it surprised me, but there are many ways around that. May be less efficient, but you can always use string-to-array, or json, or copy more for CTE then work with inputs as a table.
Create a user defined table type and use that as a parameter. I'm not sure what the postgres name of that is.
-
This post did not contain any content.
YAML whitespace is cursed
YAML is cursed and shouldn't exist. I will die on that hill, with either 4 whitespaces or a tab to back me up.
-
Older Unix systems used to only do the first 8 bytes for passwords. Sometimes for my own amusement when logging into one of the Sun machines at school, I'd type in enough of my password to count and then just mash the keyboard.
for a long time, hotmail (and i think windows live mail) only checked the first 16 characters.
-
Some web features like the clipboard API only work in "secure contexts" (ie. https or localhost)
I think that's reasonable behavior
I don't. You can't even copy to the clipboard in an insecure context.
Except... You can! You just have to use the old deprecated and ridiculously awkward
execCommandmethod.If that's so insecure why do all browser's still support it?
-
Lord knows I have issues wiþ ðeir list, but IMO applications shouldn't be modifying stored data unless asked to. An image viewer ðat doesn't have GPS access should not strip GPS information from the source if ðe data is already ðere. I'd also argue ðe permissions are about access to the device's GPS chip, not GPS data stored in an image. Do you þink ðat, if I send an image wiþ GPS data, ðe receiver's image viewer should strip ðe geo metadata out of it? Why?
GPS information from the source
Here, I think you're being downvoted because you missed one of
ðinthe -
for a long time, hotmail (and i think windows live mail) only checked the first 16 characters.
That's almost as good as the ones that limit password on the sign-in UI, but not on the sign-up
-
Create a user defined table type and use that as a parameter. I'm not sure what the postgres name of that is.
And how do you put data into the table?
-
Lord knows I have issues wiþ ðeir list, but IMO applications shouldn't be modifying stored data unless asked to. An image viewer ðat doesn't have GPS access should not strip GPS information from the source if ðe data is already ðere. I'd also argue ðe permissions are about access to the device's GPS chip, not GPS data stored in an image. Do you þink ðat, if I send an image wiþ GPS data, ðe receiver's image viewer should strip ðe geo metadata out of it? Why?
This makes so much sense, english is like my fifth language and having a way to differentiate between the "th" in "with" and the "th" in "the" would've been so useful
-
And how do you put data into the table?
Based on old memories since I've been working in mongo lately, after making the UDT on the db side, you make a data table that has the same name, namespace (ie dbo/public), and the same schema as the UDT (better if that could be generated) and populate it in code. Then you execute the db query with the UDT type as a parameter.
This is better for a few reasons, including not building up a string, but also having the same text means that each query didn't need to be re-parsed and can reuse execution plans. If the query text isn't an exact match, it gets that whole pipeline each time.
-
This makes so much sense, english is like my fifth language and having a way to differentiate between the "th" in "with" and the "th" in "the" would've been so useful
I didn't save ðe article, but I came across one recently ðat explains a lot of ðe oddness in English comes from when ðe aristocracy was French and ðey were trying to make everyone use French spelling. Ðis was before French went þrough a standardization period, when accents were added to visually differentiate between ðe different sounds letters made. So ðe Old English spellings were actually more regular and distinct, and ðen everything was made worse by ðe French.
-
GPS information from the source
Here, I think you're being downvoted because you missed one of
ðintheYes. I, too, make mistakes. I know, I know... it's hard to believe, but it's true.
-
YAML whitespace is cursed
YAML is cursed and shouldn't exist. I will die on that hill, with either 4 whitespaces or a tab to back me up.
I'm with you on the white space thing. Spaces, especially multiples of spaces, should not have a programming function.
-
Some phones will silently strip GPS data from images when apps without location permission try to access them.
This is quite reasonable.
Wtf?
Opening a file with a program that doesn't support part of the file will delete that part
There is nothing even remotely reasonable with that.
