Page 1 of 2

Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 3:56 pm
by Klonan

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:00 pm
by darkfrei
Changes: old bugs fixed, new bugs added.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:05 pm
by steinio
Oh Sanqui that was your chance to bring XKCD on again: https://xkcd.com/327/

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:06 pm
by mexmer
well, since factorio login didn't accept my steam name in kanji, spaces in name are less issue imo :D

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:09 pm
by Raiguard
99 little bugs in the code.
99 little bugs in the code.
Take one down, patch it around,
117 little bugs in the code.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:11 pm
by burisk
That's awesome that bug fix! I notices it many times. But that usernames.. really? No server-side validation? :/ I hope that you store our passwords in slow hashes like 'bcrypt' (or another alternatives) and not in MD5 or at worst in plaintext.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:13 pm
by glee8e
For some reason every pic/webm went 404. Is it my local ISP blocking stuff? Anyone else with same problem?

EDIT: it's gone. Refresh do the trick. Perhaps I came too earliy that cdn didn't fetch stuff properly yet.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:13 pm
by Jap2.0
I think just hearing some of those usernames must have made that mistake more than worth it.

Was ' or 1=1; -- the cause of your matching server problems yesterday? ;)

Anyway, good work continuing to fix bugs and tell me my 1-in-a-million flukes aren't going to get fixed. It's also nice to hear of (hopefully) an end to the obscure splitter bugs.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:18 pm
by Sanqui
burisk wrote:
Fri Mar 22, 2019 4:11 pm
That's awesome that bug fix! I notices it many times. But that usernames.. really? No server-side validation? :/ I hope that you store our passwords in slow hashes like 'bcrypt' (or another alternatives) and not in MD5 or at worst in plaintext.
Server-side validation is the thing that got accidentally broken (bypassed).

Passwords are hashed with bcrypt.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:22 pm
by SuperSandro2000
Press F for NOT THE BEES!!!!!, your mum lives in a tent, and ' or 1=1; --

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:24 pm
by ledow
Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".

The restrictions on usernames just suggest laziness around the "we don't want to have to care about sanitising our string-handling, we'll just limit what the user can put in a username", with knock-on effects like unbannable users because of a string-handling mistake in an entirely different service months before.

Seriously, guys, there are TONS of sensible string-handling libraries that could have managed this for you, and then people could have spaces in their names... like... ooh... I don't know... 99% of the English-speaking populations out there?

It's all very Windows 3.1. What next, we can't have more than 8 characters?

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:37 pm
by someone1337

Code: Select all

' or 1=1; -- '
Is a legitimate username!!11!1!11oneeleven

https://xkcd.com/327/

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 4:48 pm
by Sanqui
ledow wrote:
Fri Mar 22, 2019 4:24 pm
Would have been simpler, and a better idea, to just let the ban commands have proper quoting applied, so you can ban "awkward user name".

The restrictions on usernames just suggest laziness around the "we don't want to have to care about sanitising our string-handling, we'll just limit what the user can put in a username", with knock-on effects like unbannable users because of a string-handling mistake in an entirely different service months before.

Seriously, guys, there are TONS of sensible string-handling libraries that could have managed this for you, and then people could have spaces in their names... like... ooh... I don't know... 99% of the English-speaking populations out there?

It's all very Windows 3.1. What next, we can't have more than 8 characters?
There's some quite good reasons to disallow spaces in usernames on principle. The question is if we should have usernames at all. In my opinion the best setup is permanent id + email (for login) + display name, where the display name can be anything. But that is quite difficult to change at this point, even though it's on my roadmap.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 6:17 pm
by BlueTemplar
michael wrote:Our UX guy is asking us to allow spaces in usernames. The caveat is that they should be allowed anywhere.
user568458 wrote:suppose I enter my username as Experts Exchange, the system will silently translate it into expertsexchange, and the system will direct queries for a user with username Expert Sex Change to my account?
:lol:

P.S.: Doesn't "email (for login)" have its own set of problems ?
(Albeit, a much smaller set... mostly an issue when email change is not allowed ad/or that email gets undesirable/unavailable...)

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 6:34 pm
by dee-
Just hash the username on the way in and store that in the DB.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 7:43 pm
by Dixi
I don't see a difference between 1st and 2nd animated gif with splitters.
I see fully filled belt of fuel, where you inserting plates, two in a row. They fit like ...fffffPfPfff... Splitter takes one from each side and move to output. What else could we expect? Actually I never thought how splitters merge two belts, now I see - they do it one by one. Other possible way was, that they works like inserters, and grab several items at once.
Do you mean that on 1st picture output belt becomes not fully compressed, and there was a gap at some point?

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 7:47 pm
by coderpatsy
Dixi wrote:
Fri Mar 22, 2019 7:43 pm
I don't see a difference between 1st and 2nd animated gif with splitters.
I see fully filled belt of fuel, where you inserting plates, two in a row. They fit like ...fffffPfPfff... Splitter takes one from each side and move to output. What else could we expect? Actually I never thought how splitters merge two belts, now I see - they do it one by one. Other possible way was, that they works like inserters, and grab several items at once.
Do you mean that on 1st picture output belt becomes not fully compressed, and there was a gap at some point?
In the first gif, the splitter introduces gaps in the output when it merges in the iron plates, highlighted by the debug option (the white lines). In the second gif it's fully compressed.

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 8:24 pm
by azurill_used_splash
I notice that you're using a loader in the belt compression examples, albeit with the placeholder asset. Loaders also show up in the NPE, although they cannot be crafted by players. Is this indicative of plans to fully implement loaders, or are you planning on leaving them as 'campaign only' items? Will there be any benefit to using a loader for, say, side-loading a belt, as in the example you're using compared to direct belt side loading or using a stack inserter?

Re: Friday Facts #287 - Just bugs again

Posted: Fri Mar 22, 2019 9:17 pm
by Jon8RFC
Very interesting to see the crash data graph, especially since the changelogs aren't showing as many "fixed crash" lines in the past week.

Re: Friday Facts #287 - Just bugs again

Posted: Sat Mar 23, 2019 1:50 am
by 5thHorseman
Jon8RFC wrote:
Fri Mar 22, 2019 9:17 pm
Very interesting to see the crash data graph, especially since the changelogs aren't showing as many "fixed crash" lines in the past week.
Maybe one bug caused 1000 crashes.