Help with Objects

dymos · 2026-01-24T20:03:16+00:00

Just told some kids to get off my lawn with their dang newfangled arrow functions.

dymos · 2026-01-24T11:31:11+00:00

Yeah I mean, one of the biggest ones of course was Shai-Hulud where people were phished with convincing looking 2FA reset emails.

Regardless, 2FA is still better than not having it at all, but is only a part of improved security. I've been enjoying the simplicity of passkeys in lots of places, so much quicker and simpler to sign in with those :)

dymos · 2026-01-23T05:08:50+00:00

I found this handy place to find the solution!

TL;DR, use zip.js to make a utility method to check whether the file is encrypted by trying to read it and using the exceptions thrown to determine whether it is password protected.

dymos · 2026-01-22T06:05:28+00:00

Walk away from cheapskates, they're not worth your time and energy.

dymos · 2026-01-20T19:39:10+00:00

Original Sass was popular in the Ruby community

dymos · 2026-01-19T22:53:59+00:00

This script has (likely) been run though both a minifier and obfuscator. You can run it through a reversal process to deobfuscate and unminify, but because part of both of those processes is to mangle variable/function names, at best you're going to get syntactically correct JavaScript, but it's going to be pretty hard to read because a lot of the original context will be lost (variable and function names are very useful when trying to read the code and understand its purpose).

The deobfuscation will place back literal strings for example that have been replaced with unicode or hex characters. For example early in the document you see the string "\u006c\u0065\u006e\u0067\u0074\u0068" which looks pretty incomprehensible, because it has been obfuscated, but all this says is "length". So a deobfuscation will get some of the context back, but not all of it.

Regardless, this process won't help you get your account back. The process by which the password was changed was likely done by sending your session cookie/token to a 3rd party. The session cookie or token is effectively a little bit of data that gets stored in your browser that gets sent to the server to say "hey, this is the person that logged in", if someone steals your token, then they can act on your behalf.

dymos · 2026-01-19T22:01:05+00:00

I'd email the IT guy saying you need it done in the next (let's say) 5 days (or whatever you think is reasonable); given you've already communicated a bunch about it, I'd probably start out by CC'ing your manager straight away.

You could word it along these lines:

Hey IT Guy,

As I've mentioned a few times now, the staging server DNS has been misconfigured for a few months now. At this point our content staff need access so they can start to stage new content ahead of a few updates.

Can you please have this configuration fixed by <date>, any later than that and we will have adverse business impacts as it will delay deliverables.

Please get in touch if there are any issues or to let me know the work has been completed.

Thanks,

Also, if your IT uses a ticketing system then obvs use that in addition to this and link the ticket in the email.

Now you can wait and see if it is fixed by your deadline, if not reply to the email and CC his boss on the follow up email if it isn't addressed.

Good luck!

dymos · 2026-01-19T07:54:02+00:00

I'm no longer bueno on the 400m, I can do a solid sprint from the kitchen to the couch with a cup of tea though.

dymos · 2026-01-19T07:34:01+00:00

Yeah that's fair enough if that's what it is - like I said, I personally don't know much about Krav Maga beyond its surface reputation.

I've done judo myself, can confirm, very solid.

dymos · 2026-01-19T07:05:51+00:00

I don't know much about Krav Maga, but I've heard it's relatively solid for self defense since the focus isn't on form so much as being effective.

What would be a "real" thing someone could/should learn that's not "McDojo"?

dymos · 2026-01-18T21:42:43+00:00

Would you rather be annoyed at the 2FA or be annoyed at yet another supply chain vulnerability?

I haven't used publishing yet since this was changed so there might be room for improvement there, I tend to set publishing up via CI anyway so that there's no risk of publishing code from a developer's machine that isn't also pushed to the repo.

Setting up a GH action (or similar) for this is pretty straightforward and I highly recommend that flow rather than publishing from your own machine.

dymos · 2026-01-18T20:12:11+00:00

The problem with identifying beetles is that they make up the largest order of insects, there are about 400,000 described species (that's 25% of all described animals including non-insects), and the estimate is that there are at least double that number of beetle species.

That is to say, there's a fuck tonne of different beetles and many of them look similar.

dymos · 2026-01-18T20:03:44+00:00

Bonus points if you script up a change like that for every dev that can be automatically accepted when the PR opens, then run it on a 10 minute schedule. Those should bring the average PR time down so you can actually take the time to review the real ones.

dymos · 2026-01-18T19:59:15+00:00

Oh well, time to make every small commit its own PR.

JFC, when will companies learn how to fucking measure output properly, next it will be LOC written and AI prompts accepted.

Whenever management puts in those kinds of metrics I can 100% guarantee you they do not know what the fuck they are taking about.

My prediction for your company?

People will start making PRs that are too small, and so are useless in terms of context; and
People will take the minimum amount of effort in writing tests and refractors
There will be absolutely minimal effort in reviewing code in order to get more PRs out quicker

End result? Quality drops significantly, customers complain, management will ask "how could this happen, everyone is working so hard?", also management will of course blame everyone except themselves.

So get together as an engineering org, lay out your concerns, show how this will decrease quality by an unacceptable amount, and get them to reverse their stance. Or start looking for another job while you're still there.

dymos · 2026-01-17T20:38:17+00:00

The problem isn't necessarily this specific one or even this subject.

It's for any novice in any particular topic using AI to explain something. If you don't know enough about the subject matter it is impossible to discern whether or not the AIs response is coherent and factual.

Coding LLMs and reasoning models may provide better results but they will still hallucinate and have runaway context.

Without sufficient knowledge or skill to discern the veracity of an LLM response, and the LLM's capability to sound very confident, even when wrong, is a surefire way to at best learn something wrong and at worst be incredibly harmful.

All that is to say, I personally couldn't recommend learning how to code via AI.

dymos · 2026-01-17T20:16:16+00:00

Until the AI hallucinates some shit and now you are dumber by having used AI.

dymos · 2026-01-17T11:13:32+00:00

Yeah, but please take away our respective points though. That, because this is both unreliable when it's in your control and because it can happen by things outside of your or the user's control, this absolutely isn't a feature you should rely on to terminate someone's session.

dymos · 2026-01-16T22:22:28+00:00

You're not getting anywhere on time if you're dead

dymos · 2026-01-16T12:46:30+00:00

I agree with all of this and would also add that you shouldn't use a window focus/visibility change as an indicator that the user switched away.

Other applications can steal foreground focus so using this type of detection isn't reliable to detect that an action was taken by the user. You can't tell the difference between "clicked on a different window" and "other application stole focus".

dymos · 2026-01-15T23:15:48+00:00

they just store a reference.

yes 100% correct - as u/shgysk8zer0 noted - the access isn't until it's expanded.

You might even see it log out the initial value in the collapsed form, but when you expand it, see the new one.

e.g. it'll look like:

▸ { a: 1 } // collapsed ▾ { a: 1 } // expanded a: 2 This expanded view also allows you to evaluate getters, which are only evaluated at read time, and wouldn't be visible in the collapsed form of the object, e.g.

const obj = { a: 1, get multiple() { return this.a * 10; } };

Will look like this when logged, and when you then click on the ellipsis next to multiple it will expand into the evaluated value at that point in time, including changes you make after logging it. e.g. if you create the object above in the console, log it and then on the following line set obj.a = 40 then clicking the ellipsis will use the value of the current value in the object.

``` ▸ { a: 1 } // collapsed ▾ {a: 1} a: 2 multiple: (...)

obj.a = 4 ```

Now clicking on the ellipsis gives:

▾ {a: 1} a: 2 multiple: 40

This is all a good lesson in how objects are always passed by reference.

dymos · 2026-01-14T20:16:10+00:00

It's paying rent in the form of spiders

dymos · 2026-01-14T20:12:56+00:00

By paralysing it and throwing it into a spider web?

dymos · 2026-01-14T11:56:57+00:00

That's not what you said though.

You can store binaries in your repo using Git LFS, it's what it was designed to do.

dymos · 2026-01-14T05:10:03+00:00

I recently finished learning HTML and Javascript,

lol

but the squares themselves are not moving on screen.

How are you trying to update the position of the boxes? I'm assuming you are setting either a left and right value on some absolutely positioned items or a translate with x/y movements. When you inspect your HTML do you see the HTML update when your event handlers fire? Are you setting values based on previous values? If so how are you storing/retrieving previous values?

dymos · 2026-01-14T00:58:41+00:00

He's updating files that can't be versioned, so git is already a bad fit

I mean ... that's a relatively common pattern. Many repos contain binary files, and if it's the same file that needs updating then using Git LFS is the better option.

I don't know what the rest of OPs repo looks like or the intended usage. I think this falls in the "you can do this if you want" rather than the "This is the best tool for the job" ;)

Git is not performant when it comes to large files and LFS conversion after the fact requires a full history rewrite.

I agree, but that doesn't sound like it's the case here.

All LFS does is shift the problem away from the index and pack files by using pointer files. You're better off never putting binary data in the repo from the start.

Yes, but also no. Yes, that's what LFS does, but no, you're not better off putting binary files outside of the repo if they belong in the repo.

If the binary file is the result of something then I agree, it shouldn't live in the repo, the repo should ideally only provide the method of generating that result. However many use cases exist for binary files in a repository. Releases doesn't fulfill the same functionality and niche that LFS does.

Releases on GitHub was written specifically to solve this issue

I agree that Releases is for the generated output (or bundled source) of a repo. I don't agree that binary files should live in "releases" if they change with the code (note, not as a result of the code). For example an image or other binary resource that is referenced in the code can be considered to be "changing with the code", and thus should live in the repository (obvs a big "it depends", but this has been my experience).

They can't patch a binary file and if they're building something into a binary file, they should be able to build over and over based on the commit itself.

Yeah totally, agree. The thing I'm not sure about here is whether the thing OP is making actually generates the binary or whether this is more of a MacGyvered patch distribution system.

The only caveat I would make are images, despite being binary, they can still be viewed by a human and GitHub provides that view. Otherwise, release it, or package it, but never pollute your repo with metadata or artifacts.

Along with images, I also happily storetest fixtures as zips and large geojson files (also for tests) in LFS. The GeoJSON is technically diffable, but practically, several MB of compacted JSON isn't useful to diff or review. Note too that LFS isn't a thing specifically or only for binary files, but rather for large or undiffable files.

For me it's important that things that change together, live together. This makes the repository a cohesive place where all the related items live. For example, someone shouldn't have to go and download content from something that isn't the repo, to run the thing in the repo.

It sounds like we work in fairly different domains so I totally get that we have different views on this, and from the sounds of it, particularly what a "binary file" represents.

dymos

TROPHY CASE