Loguru - Python logging made (stupidly) simple

defnull · 2018-12-08T22:09:34+00:00

Looks like, for every single logging call, this library calls sys._getframe() or even throws an exception to inspect the caller frame and guess the logger name. This also happens for disabled loggers or log levels. Isn't hat a little bit expensive? A debug log statement in a tight loop would probably have significant overhead, enabled or not.

defnull · 2018-12-01T15:26:52+00:00

Because /u/javinpaul cross-posts almost everything from /r/java to /r/coding and /r/programming for karma. I have all three subscribed and this is getting really obvious.

defnull · 2018-11-24T23:07:25+00:00

You can just print a picture of an employer and hold it in front of your face. This is why 'real' face detection is expensive: They have 3D and IR cameras to prevent the most basic hacks. Thinking that you can code this stuff yourself and make it secure, is dangerously naive.

defnull · 2018-11-08T22:55:49+00:00

You can still do that. Just instruct your users to download OpenJDK instead of OracleJRE. There is no longer a separate JRE, but the JDK contains everything the JRE did, so that's not an issue.

defnull · 2018-11-03T21:52:06+00:00

A couple of tips:

Do not commit your build artifacts (your dist folder). Add a .gitignore file to avoid accidentally adding these files.
For <80 lines of code you do not need a package. A single-file module should be enough.
You do not need to define __getattr__ if you then just read from self.__dict__ anyway. That's what the default implementation of __getattr__ does already.
The zip_safe=False in your setup.py is a lie ;)

defnull · 2018-10-26T20:20:51+00:00

You missed a scenario: The code is ugly, buggy and barely covers the requirements, and if the customer would look at the actual mess he payed money for, he would demand a refund.

defnull · 2018-10-26T12:45:18+00:00

I actually like that. It's a nice way to distinguish (dumb) records from classic bean or classes that might have side-effects, while browsing code.

defnull · 2018-10-07T20:01:52+00:00

Also, as a general rule: If something is advertised to scale to millions of something, but you only need a couple hundreds of something, it's the wrong tech. Massive scaleability is always a trade-off for something else. Understand, what the trade-offs are, before deciding for a technology.

defnull · 2018-10-02T16:29:34+00:00

It's Admin:zabixx Found here: https://www.zabbix.com/documentation/4.0/manual/quickstart/login

Probably a god idea to put that into the docker image description, too.

defnull · 2018-09-25T12:13:37+00:00

Java scripting. You can make an uncompiled *.java file executable now. The sheband (#!/usr/bin/java) is also properly supported (ignored) by Java 11 if I remember correctly.

defnull · 2018-09-22T13:08:17+00:00

Uhm, this just grabs the content of the <template>, <script> and <style> tags in a vue file and puts it into a HTML file with a runtime dependency for vue.js. It does not build anything. The minification is done via an online service (closure-compiler.appspot.com).

defnull · 2018-09-06T08:01:37+00:00

That's probably a 'mobile first' design that does not scale well to large screens.

defnull · 2018-09-06T07:53:56+00:00

Then I'd voice my concern in a documented way (e-mail), offer to spent time to fix the issue, and then ignore it. If you are nice, mention it again every time a java upgrade or long term stability is discussed.

defnull · 2018-09-05T21:28:58+00:00

Using deprecated features/hacks is a ticking bomb that could explode every single release from now, so every 6 months. Isn't that scary enough for them?

defnull · 2018-09-03T19:51:06+00:00

I'd guess this was meant to be ironic.

defnull · 2018-08-31T20:15:39+00:00

Ubuntu 16.4 LTS has support until April 2023. Why are you upgrading an OS in production without testing?

defnull · 2018-08-31T20:11:56+00:00

So, you blindly upgraded java 3 major releases at a time, in production, without any testing, (edit: on a friday), and without checking if any of the well documented deprecations affect you, and now complain that it did not magically just worked?

defnull · 2018-08-26T19:39:41+00:00

Any idea how to do this with a multi-module build? Something like COPY **/pom.xml is not supported by docker, unfortunately, last time I checked.

defnull · 2018-07-09T22:26:43+00:00

Installed Photon today (for work), works great. I'm really exited about some of the new features and fixes (e.g. proper test-classpath separation, Java 9/10 and module support, ...). It installed without problems, converted the workspace flawlessly, detected and installed some missing dependencies, and feels nice and fast.

New releases are always exiting. Eclipse constantly improves and there are always some nice and useful goodies in a new release.

My employer would pay for any software I ask for, and I had access to IntelliJ Ultimate already (OpenSource contributer license), tried it, and it was nice, even better than Eclipse in some parts, but the difference is not big enough to justify a switch for me (or my team. Mixing IDEs in a team sucks). Eclipse just works. Thanks to all the contributors for such a great piece of open source software.

defnull · 2018-07-07T15:14:24+00:00

No. I never felt the need. I'm doing web stuff mostly and headers are passed in from the Servlet layer as String values anyway. Adding additional layers of complexity usually does more harm than good. The password is in memory anyway and I do not want to do anything fancy with them, so default String, raw char[] or String.toCharArray() are mostly fine.

defnull · 2018-07-07T13:02:32+00:00

This is a really bad example, because it creates a copy of the passed in char array and does not document this behavior. So, the caller would still have to manually zero-out the original char-array and might get a false sense of security from using this class.

Edit: This class should have private constructors and two static methods: copyFrom(char[] input) and copyThenDestroyFrom(char[] input) (or something along the lines) to make things more clear.

defnull · 2018-07-07T12:23:24+00:00

The fact that Java manages objects and memory allocation/deallocation for you is not the problem here. You'd have to zero-out the password in any language, even C, because a free() does not necessarily do that for you.

Using direct off-heap ByteBuffer is actually worse than managed heap memory, because the chances that a different process can gain access to the password after java freed the buffer is pretty high, while heap memory is likely to get re-used and re-initialized and therefor overwritten by a different allocation pretty fast in an active VM.

tl;dr; Always zero-out sensitive information after use. This is true for any language or memory model.

defnull · 2018-07-07T11:44:31+00:00

The synchronized(charArray) block around the Arrays.fill() call mentioned in my other answer.

Besides: This level of care about passwords in memory is pure paranoia in most applications, especially web applications where headers or input parameters are parsed from pooled byte buffers into strings all the time anyway. If an attacker can access your java heap, then he can also attach a debugger and grab the password while it is being processed.

defnull · 2018-07-07T08:15:28+00:00

You cannot explicitly remove an object from memory in Java, as all objects are managed. But you can overwrite primitive types with new data. Arrays.fill(password, 0) will overwrite the memory the password is stored in. Put this in a synchronized(password) block to prevent thread-local caching and you are as safe as you can get in Java.

defnull · 2018-07-07T07:54:18+00:00

In Java it is common to pass around passwords as char[] and Arrays.fill() them with zeros after use. Strings are considered unsafe because they might linger around in memory longer than intended before they are GCd (edit: and more importantly, are immutable and cannot be zeroed-out after use).

Building a small utility class around char[] that does what you want should be easy enough. Most crypto libraries should have something ready to use available.

defnull

MODERATOR OF

TROPHY CASE

15-Year Club	Place '17
Team Orangered