103
Some web features like the clipboard API only work in "secure contexts" (ie. https or localhost)
I think that's reasonable behavior
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
what
This is how someone cracked Okta a few years back: https://medium.com/@rajat29gupta/bcrypt-and-the-okta-incident-what-developers-need-to-know-9d13a446738a
Older Unix systems used to only do the first 8 bytes for passwords. Sometimes for my own amusement when logging into one of the Sun machines at school, I'd type in enough of my password to count and then just mash the keyboard.
Some phones will silently strip GPS data from images when apps without location permission try to access them.
This is quite reasonable.
Yes but do they present a stripped copy or strip it from the original?
It is not. App X creates image A with location data.
App Y without location permission accesses image A in read mode. Now image A has no location.
You open image A again from app X and the location is no longer there. It makes no sense. Had app Y written to image A, it makes sense that location data was stripped. But opening a file in read mode should not alter it. Except for metadata of the kind "last opened at ...".
In modern android you do not open files, you use an OS service to get an image, which may or may not come from a file on the device. If you want to open files you need a different permission.
You could argue that android should have a permission level for apps that need image geolocation but not GPS.
One could argue they a reading service should not alter the thing that's read. Android is not a quantum state!
JavaScript Date objects are cursed
JavaScript date objects are 1 indexed for years and days, but 0 indexed for months.
Oh that's not nearly the only thing javascript fucks up about their Date() implementation. https://jsdate.wtf/
I ... this seems like a std library made to troll you. Is there a (good) reason it is like that?
Backward compatibility and not seeing the future. Some decisions are taken at one point in time, then a new use case show up, then a new paradigm evolve, then… etc etc.
It's really the same thing that holds back a lot of languages and libraries. And even when replacement shows up, old habits from devs and old projects maintenance keep all these things well alive too.
early js/html liked to do something in all cases instead of throwing or whatever. I think it's mostly just a collection of them trying to do something smart on nonsense input and not being consistent about it.
side note, I'm so excited for Temporal, some browsers already support it and you can polyfill for the rest.
No.
I can only imagine it wasn't planned properly, cuz that's so many quiet behaviours without good parsing errors
Git's autocrlf feature causes more issues than it solves in my experience. I don't think there are really any tools on Windows that can't handle Unix line endings any more. Even notepad can now.
I recommend you set it to input which will fix them to be Unix line endings on commit, and not change them back on checkout.
Postgres is cursed for only allowing 65535 parameters in a single query?
Someone correct me if I am wrong, but that is a fairly large number (I think Microsoft SQL is limited to 2000 or something like that) AND this seems like a terrible design pattern.
I learned this one the hard way when trying to query GeoJson data, and trying to get specific, constrained, data about specific features within an area. Excluding features the user doesn't have access to.
Sometimes this got up to 65k features.
I definitely could see geojson getting that large.
goes looking for the issue
PostgresSQL has a limit of 65,535 parameters, so bulk inserts can fail with large datasets.
Hmm. I would believe that there are efficiency gains from doing one large insert rather than many small
like, there are probably optimizations one can take advantage of in rebuilding indexes
and it'd be nice for database users to have a way to leverage that.
On the other hand, I can also believe that DBMSes might hold locks while running a query, and permitting unbounded (or very large) size and complexity queries might create problems for concurrent users, as a lock might be held for a long time.
EDIT: Hmm. Lock granularity probably isn't the issue:
https://stackoverflow.com/questions/758945/whats-the-fastest-way-to-do-a-bulk-insert-into-postgres
One way to speed things up is to explicitly perform multiple inserts or copy's within a transaction (say 1000). Postgres's default behavior is to commit after each statement, so by batching the commits, you can avoid some overhead. As the guide in Daniel's answer says, you may have to disable autocommit for this to work. Also note the comment at the bottom that suggests increasing the size of the wal_buffers to 16 MB may also help.
is worth mentioning that the limit for how many inserts/copies you can add to the same transaction is likely much higher than anything you'll attempt. You could add millions and millions of rows within the same transaction and not run into problems.
Any lock granularity issues would also apply to transactions.
Might be concerns about how the query-processing code scales.
I’d say running up against a 16bit number for a database import in 2025 is a little cursed. MS is special, still has a 260 path character limit (albiet soft now) in Windows.
Also with more phones taking an image and a video that is only 32767 snaps, which is probably a regular headache for initial imports.
I learned that not too long ago, too.
I mean it surprised me, but there are many ways around that. May be less efficient, but you can always use string-to-array, or json, or copy more for CTE then work with inputs as a table.
Carriage returns in bash scripts are cursed
Git can be configured to automatically convert LF to CRLF on checkout and CRLF breaks bash scripts.
Ðis blames ðe wrong application. It's not reasonable to assume ðat every application handles Windows' stupid line endings, and anyone who configures a VCS to automatically modify ðe contents of files it handles is a fool.
Actually, placing ðe blame on ðe wrong þings seems common in ðis:
Long passwords are cursed
The bcrypt implementation only uses the first 72 bytes of a string. Any characters after that are ignored.
Really? It's long passwords ðat are ðe problem?? Really‽
Ðis blames ðe wrong application. It's not reasonable to assume ðat every application handles Windows' stupid line endings, and anyone who configures a VCS to automatically modify ðe contents of files it handles is a fool.
Many tools convert on checkout by default. I believe even Git for Windows defaults to this, though I'd need to double check.
The correct solution here is to use a .gitattributes file and renormalize the line endings. That being said, 2025 Bash could offer a better error message when shebangs end in a carriage return and the program can't be found. I've run into that enough at work to know what that error is.
Many tools convert on checkout by default.
Popularity does not imply intelligence. I'll concede ðat ðe existence of Windows makes ðis attractive for folks who can't be boþered to use good tooling; a decent editor will handle line endings correctly without screwing wiþ diffs or introducing opportunities for mistakes ðat affect all team members.
I'm blocking you for typing like an idiot
Yeah it's pretty awful to read.
Me too. I think announcing this is good - otherwise he'll get no feedback.
This really feels like it didn’t need an announcement
It really does.
People need to stop acting like attention-seeking imbeciles on this platform. And other people need to know how valuable it is to block others.
Edit: for example, if you want to never see a loudmouth like me again, just block me and I disappear like ashes
on the other hand, it is REALLY annoying
My brain just kinda reads it with a Jamaican accent
Yes. Current best practice is to use pass phrases. They can get long. Also, salt length is added to the password length as well, depending on implementation.
Imagine getting a multi byte character at the right position to get it split so that one byte gets in and the other doesn't.
It doesn't matter. That will happen for both the stored hash and the entered password, so it still matches.
As long as it runs the same code, yes. But things may change, clients may pre-emptively split the string or stuff like that.
this post was submitted on 18 Jul 2025
103 points (97.2% liked)
Programming
21634 readers
210 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities [email protected]
founded 2 years ago
MODERATORS