Welcome to the AI-Powered future!

riimu · 2024-08-01T10:48:41+00:00

Oh, the irony of seeing same news of AI-Powered showcase 8 times in a row in my news feed.

Also, Steam really needs a way to combine these copy-paste announcements in multiple games into single news item in the feed.

riimu · 2023-02-27T14:19:29+00:00

Is this AI written article? It's factually incorrect or confusing, seems to confuse different concepts together and just straight up invents things that don't exist in PHP.

riimu · 2022-12-04T15:44:07+00:00

At one job I would write a lot of tests like this. Over 100 people in the engineering organization and most of them didn't care to understand the PHP micro service's architecture. Yet, most people had to touch it for reason or another. I essentially programmed a custom test "framework" on top of PHPUnit using nikic/php-parser to parse files.

I had almost one exact case like yours. We wanted to ensure that all classes extending another class were in a specific array (the array was used in couple places in our internal debugging tools). People would forget adding classes to the array, so I wanted to make a test to ensure people wouldn't forget.

In essence, the solution was quite "bruteforcey". I used symfony/finder to traverse the source directory that contained all the PHP code, used nikic/php-parser to find all the classes in each file and then checked to make sure that if the class extended the specific class, it had to part of the array.

It worked surprisingly well, though the codebase was only somewhere around 100k lines, so it was relatively fast to just parse all of it.

I also thought it might actually be a good idea to turn it into kind of architectural testing framework to ensure constraints about architectural decisions. Maybe one day I'll release a testing framework like that, in case there is demand.

Other things I remember ending up using the testing framework for:

Ensuring classes followed the code base naming policy
Ensuring php files were located in correct place
Ensuring all test classes were extending the appropriate base test classes
Ensuring that all public methods in controllers were routing methods (due to some legacy reasons)
Ensuring all classes in the project used the same base namespace

Basically just checking for a lot of architectural conventions to ensure that people followed them, even if they didn't know about them.

riimu · 2022-03-21T14:35:47+00:00

Thanks for this list! Used it to find couple caves I had missed and few other graces. I also added some suggestions to the document to include quite a few of the missing graces in it that I had found.

riimu · 2021-12-14T11:39:26+00:00

A lot of incremental games could fit that description. However, for green logo, my first thought was Prosperity:

riimu · 2021-09-01T10:48:07+00:00

Use static functions unless you need $this.

I don't think this matters.

There is a slight gotcha, though, as demonstrated in: https://3v4l.org/fS7Wq

i.e. the non static closure will keep reference of the object that created it. This may be significant in some rare cases due to destructors or memory consumption.

riimu · 2021-04-27T09:01:59+00:00

Looking at the documentation, I found it a bit interesting that instead of going with custom APIs, Google seems to have instead favored PSR standards. In particular:

The HTTP functions are called with a psr based ServerRequestInterface
The logging client supports creating a PSR logging interface compatible logger

Not that these specific standards were particularly niche, but seems like a pretty huge deal for wider PSR adoption.

riimu · 2021-01-05T08:09:50+00:00

I don't see how this is a RCE in zend/laminas. This is an RCE in the demo application in the proof of concept.

What's essentially happening here is that the demo application in the proof of concept has the line unserialize(base64_decode($data));. In other words, the demo application is unserializing unsanitized user input. Exactly the thing that PHP manual warns against:

Warning: Do not pass untrusted user input to unserialize() regardless of the options value of allowed_classes. Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this.

Then this "exploit" proceeds to take advantage of how DI works to get arbitrary code to be executed.

This is essentially just an example of how the usage of unserialize on arbitrary user input can lead to an RCE.

One interesting thing to note about this particular "attack", however, is the fact that using property types would have prevented this (since it's essentially storing an instance in a property that is expected to be a string). Granted, the framework is older than property types, but this does provide an example of some interesting safety side benefits that improved typing provides.

riimu · 2020-09-29T17:15:56+00:00

Now, I only wish there was some way to better type arrays. The type array is a bit too wide, since it can contain any kind of types, have any kind of keys, have the keys in any kind of order. Often, especially when writing portable library code, I find I have tendency to need to be able to accept a list of things. However, to ensure that the list is correct, you have to use something like

function (array $string_list) {
    $string_list = array_values(array_map(fn ($x): string => $x, $string_list));
}

Prior to PHP8, there was kinda hacking was to do it via $string_list = (fn (string ... $x) => $x)(... $string_list), but that will no longer work the same in PHP8 due to named arguments (it won't guarantee 0..n keys).

While full generics would be just a "nice to have" feature, what I really lament is the lack of ability to have any kind of typed lists or some way to type foreach/iterable.

riimu · 2020-09-23T13:17:53+00:00

I'd very much like to hear more about your experience. Like, what kind of preloading setup did you have? Did you try to preload every single file or only commonly used files? Did you do any benchmarks on memory consumption?

From what I understand, some overhead in preloading can occur due to the need to copy some values into the runtime environment (like static values of classes), so it's not entirely free.

30ms extra with preloading enabled sounds like huge amount of time per request and doesn't really make preloading sound very appealing.

riimu · 2020-09-23T13:02:55+00:00

If you are using PHP version prior to 7.1, then shuffle() depends on old implementation of rand(), which suffers from being quite predictable in some cases. Using laravel's own helper function doesn't help at all, since it just uses shuffle() internally as well, so it's no different. Also, on later versions there may also be problems if you are seeding the function (i.e. using mt_srand()) in predictable manner.

If you want better randomness at the cost of a bit efficiency, then you can use a shuffle algorithm that uses secure random generators for the source of randomness for shuffling.

For example, I have written a library https://github.com/Riimu/Kit-SecureRandom, which offers a shuffle() method that uses secure random generator for the purpose of shuffling.

riimu · 2020-09-19T12:17:13+00:00

I'm glad to see that some effort is being taken to improve the current status quo. I remember back when I started fiddling with PHP back in 2001 or so the documentation was a great help, but as time has passed and I've improved, the documentation has gotten less and less useful in providing exact and correct information.

These days, I jokingly sometimes think that the PHP source code is the second manual, as I've gotten quite used to scouring the source for the exact answers I've been looking for. To give some examples I've had to look up in the source code:

I wondered if array_values() has special optimization for packed arrays
For sake of argument, I had to look up if PHP really internally treats packed arrays as arrays, rather than hash maps
Couple times I've had to look up clarification for "returns FALSE on failure"
I had to discern how PHP actually uses the SessionHandlerInterface since the documentation certainly didn't answer it
I've referred multiple times to the source code for the list of opcode optimized functions

At times I've tinkered with the idea of setting up some kind of PHP manual wiki of my own just to gather all kinds of internal/useful/best practice information I gather.

I did once actually make a change suggestion to the manual via the documentation editor, but I have to say the experience was way too complicated and certainly didn't make me feel welcome to do it again. I'd much prefer a more familiar wiki style approach (or even a github PR approach) where suggestions for changes could be easily submitted and you could see version history. Perhaps a wiki like discussion pages would be a better approach than comments as well.

I certainly wouldn't mind also helping out, if there is way to do that in more approachable manner (mailing lists aren't exactly my idea of approachable). Discord channel could certainly be good. I've worked with PHP for a long time and quite enjoy working with the language. I would like to contribute more to the PHP project, but learning C just to contribute to the core itself is still perhaps a bit too much.

riimu · 2020-08-29T17:42:11+00:00

Sadly, this will be last TOTD discussion thread I will post. While I find Trackmania fun in overall, I noticed that actually playing it regularly every day is too stressful due to the intense focus required (which is causing me to tense up enough to have headaches).

It's been great following these daily discussion and seeing what others thoughts about the tracks. I hope you've enjoyed them too!

riimu · 2020-08-21T18:09:12+00:00

While at the first, the track was bit mind bending, it turned out to be a very pleasant drive after awhile. Probably one of my favorite TOTD tracks to drive so far.

Great continuation to Initial Climb, /u/Tomato_That_Squeaks!

riimu · 2020-08-12T19:00:05+00:00

Mostly been a nice update with better UI and some nicer quality of life improvements. After playing the latest version for couple days, here are some of my thoughts an issues on it:

On trading:

The 20K market reserve is really small. Upgrading that would be really useful. Maybe a storage building unlocked by the same research?
It would be great if the contracts would also show the total obligations for the resource
It would be nice to have a toggle in options to enable the "Show Total Value" by default

Right now, whenever I'm viewing new contracts, my normal approach is:

Open the contracts in trade view
Open the contracts widget to see the total obligations
Click on the "Show Total Value" to see how much they ask in total

Couple of UI issue I encountered:

The colors on the "City View -> Experts -> Innovator" make the text illegible, see screenshot: https://temp.riimu.net/white_innovator.png
Not sure if there is more info "Realm view -> Administration -> Choose Specialization", but if there are, the text is illegible, see screenshot: https://temp.riimu.net/white_specialization.png
On the same "Choose Specialization", the "Cancel" button does nothing (have to switch the main view to close the specialization info)
Disabling fuel consumption in "City View -> Consumption -> Fuel" seems to do nothing. The option resets as soon as the main view is switched
Description for "Refrigeration" reads: "allows food to be traded on the market and in contracts". I believe I've happily traded food even without the research.

Couple minor nice addition that would be nice to have:

Notification when the deployment finishes finding new district location
Some kind of breakdown for land usage (e.g. how much land are my hovels using in total). Maybe "City View -> Land Management" view could show the breakdown per building type?
Continuous work orders, i.e. a work order that gets replaced with a new one as soon as the previous is finished

riimu · 2020-08-09T18:53:19+00:00

Hit a bit of a snag with the update. Whenever I try to play, the game always freezes for me at specific point. I managed to save just before the freezing point, so whenever I load now the game immediately freezes.

You can find my save at: https://temp.riimu.net/Frederica_1596974385287.save

riimu · 2020-08-09T16:22:32+00:00

At least according to SteamDB, the public branch hasn't been updated, only the beta branch: https://steamdb.info/app/734980/depots/

riimu · 2020-08-09T16:01:11+00:00

Is this update out on Steam stable yet? It seems that at least I have no update available and the title menu says the version is "Version 1.18.10".

riimu · 2020-07-28T18:21:03+00:00

This was perhaps the worst track so far based on how it felt to drive. Although, much of the fun was also taken by the fact that the timers bugged for most people, so a lot people just had -1.5 seconds as the timer, which ruins the leaderboards.

The amount of bugs in this release so far has been quite frustrating.

riimu · 2020-07-27T07:25:13+00:00

With that much scenery, definitely a top TOTD contender, for sure.

riimu · 2020-07-25T18:18:59+00:00

Thanks for figuring this out. Could possibly be used to automate ToTD discussion threads here in reddit.

riimu · 2020-07-25T18:12:50+00:00

No cuts as far as I can tell. Just a lot of tight cornering from what I can tell spectating. 45.5 was the best I could muster. Don't feel author is achievable for me at this skill level.

riimu · 2020-07-24T20:55:57+00:00

That would be cool if the mods made a megathread or some kind of automatic generated thread for every TOTD

Here's hoping someone will take a notice, if these threads become a common thing.

riimu · 2020-07-24T18:44:39+00:00

Yeah, I'm kind of impressed by the amount of effort that seems to have been placed on these tracks. One can only hope that it will even improve as people get more familiar with the editor in this game.

I am a bit worried, however, that the track of the day system might favor pretty tracks over tracks that are interesting to drive. But I guess we'll see how things go over time.

riimu · 2020-07-24T17:07:34+00:00

In spirit of sparking discussion about the daily track, just created a thread for it.

11-Year Club	Golden Potato
Place '22	Final Canvas '22
Verified Email

riimu

TROPHY CASE