Friday Facts #287 - Just bugs again

[Klonan]

https://factorio.com/blog/post/fff-287

[darkfrei]

Changes: old bugs fixed, new bugs added.

[steinio]

Oh Sanqui that was your chance to bring XKCD on again: https://xkcd.com/327/

[mexmer]

well, since factorio login didn't accept my steam name in kanji, spaces in name are less issue imo

[raiguard]

99 little bugs in the code.
99 little bugs in the code.
Take one down, patch it around,
117 little bugs in the code.

[burisk]

That's awesome that bug fix! I notices it many times. But that usernames.. really? No server-side validation? :/ I hope that you store our passwords in slow hashes like 'bcrypt' (or another alternatives) and not in MD5 or at worst in plaintext.

[glee8e]

For some reason every pic/webm went 404. Is it my local ISP blocking stuff? Anyone else with same problem?

EDIT: it's gone. Refresh do the trick. Perhaps I came too earliy that cdn didn't fetch stuff properly yet.

[Jap2.0]

I think just hearing some of those usernames must have made that mistake more than worth it.

Was ' or 1=1; -- the cause of your matching server problems yesterday?

Anyway, good work continuing to fix bugs and tell me my 1-in-a-million flukes aren't going to get fixed. It's also nice to hear of (hopefully) an end to the obscure splitter bugs.

[Sanqui]

That's awesome that bug fix! I notices it many times. But that usernames.. really? No server-side validation? :/ I hope that you store our passwords in slow hashes like 'bcrypt' (or another alternatives) and not in MD5 or at worst in plaintext.

Server-side validation is the thing that got accidentally broken (bypassed).

Passwords are hashed with bcrypt.

[SuperSandro2000]

Press F for NOT THE BEES!!!!!, your mum lives in a tent, and ' or 1=1; --

[ledow]

Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".

The restrictions on usernames just suggest laziness around the "we don't want to have to care about sanitising our string-handling, we'll just limit what the user can put in a username", with knock-on effects like unbannable users because of a string-handling mistake in an entirely different service months before.

Seriously, guys, there are TONS of sensible string-handling libraries that could have managed this for you, and then people could have spaces in their names... like... ooh... I don't know... 99% of the English-speaking populations out there?

It's all very Windows 3.1. What next, we can't have more than 8 characters?

[someone1337]

Code: Select all

' or 1=1; -- '

Is a legitimate username!!11!1!11oneeleven

https://xkcd.com/327/

[Sanqui]

Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".

The restrictions on usernames just suggest laziness around the "we don't want to have to care about sanitising our string-handling, we'll just limit what the user can put in a username", with knock-on effects like unbannable users because of a string-handling mistake in an entirely different service months before.

Seriously, guys, there are TONS of sensible string-handling libraries that could have managed this for you, and then people could have spaces in their names... like... ooh... I don't know... 99% of the English-speaking populations out there?

It's all very Windows 3.1. What next, we can't have more than 8 characters?

There's some quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.

[BlueTemplar]

Our UX guy is asking us to allow spaces in usernames. The caveat is that they should be allowed anywhere.

suppose I enter my username as Experts Exchange, the system will silently translate it into expertsexchange, and the system will direct queries for a user with username Expert Sex Change to my account?

P.S.: Doesn't "email (for login)" have its own set of problems ?
(Albeit, a much smaller set... mostly an issue when email change is not allowed ad/or that email gets undesirable/unavailable...)

[dee-]

Just hash the username on the way in and store that in the DB.

[Dixi]

I don't see a difference between 1st and 2nd animated gif with splitters.
I see fully filled belt of fuel, where you inserting plates, two in a row. They fit like ...fffffPfPfff... Splitter takes one from each side and move to output. What else could we expect? Actually I never thought how splitters merge two belts, now I see - they do it one by one. Other possible way was, that they works like inserters, and grab several items at once.
Do you mean that on 1st picture output belt becomes not fully compressed, and there was a gap at some point?

[coderpatsy]

I don't see a difference between 1st and 2nd animated gif with splitters.
I see fully filled belt of fuel, where you inserting plates, two in a row. They fit like ...fffffPfPfff... Splitter takes one from each side and move to output. What else could we expect? Actually I never thought how splitters merge two belts, now I see - they do it one by one. Other possible way was, that they works like inserters, and grab several items at once.
Do you mean that on 1st picture output belt becomes not fully compressed, and there was a gap at some point?

In the first gif, the splitter introduces gaps in the output when it merges in the iron plates, highlighted by the debug option (the white lines). In the second gif it's fully compressed.

[azurill_used_splash]

I notice that you're using a loader in the belt compression examples, albeit with the placeholder asset. Loaders also show up in the NPE, although they cannot be crafted by players. Is this indicative of plans to fully implement loaders, or are you planning on leaving them as 'campaign only' items? Will there be any benefit to using a loader for, say, side-loading a belt, as in the example you're using compared to direct belt side loading or using a stack inserter?

[Jon8RFC]

Very interesting to see the crash data graph, especially since the changelogs aren't showing as many "fixed crash" lines in the past week.

[5thHorseman]

Very interesting to see the crash data graph, especially since the changelogs aren't showing as many "fixed crash" lines in the past week.

Maybe one bug caused 1000 crashes.