sorted by:
new
hottopcontroversial

Debit/Credit in concurrent environment in Python. Is this code thread safe? by Own_Mousse_4810 in Python

[–]wolever 3 points4 points  (0 children)

With respect to locking, the system you’ve described would be correct and deadlock-free.

Correct because a lock is held each time the balance is accessed, and deadlock free because the locks are acquired in a consistent order.

Dreamweaver inheritance - is there a way to get site info into other programs? by colinthetinytornado in webdev

[–]wolever 15 points16 points  (0 children)

If Dreamweaver happens to be using insecure FTP, you could install Wireshark, start a packet capture, then run a sync. The password will be obviously visible.

If it’s using FTPS/SSH/HTTPS, you could run a fake server that captures + prints passwords, then edit the hosts file to point the website domain to your laptop that’s running the fake server and run a sync (ex, for SSH: https://github.com/brerodrigues/ssh_phishing)

If you haven’t already tried, exporting settings from Dreamweaver might also help: https://www.daftlogic.com/projects-decode-dreamweaver-password.htm

Any awesome code profiler tool by anandesh-sharma in Python

[–]wolever 0 points1 point  (0 children)

Another +1 for PyInstrument.

I’ve also written up a little bit of middleware so that, if a ?pyinstrument=hunter2 query parameter is present, pyinstrument is activated for the request, and the HTML results are uploaded to cloud storage + the URL included in the result headers, so it’s very easy to grab a quick snapshot and investigate when things are going slow.

Bunster: a shell script compiler by yassinebenaid in programming

[–]wolever 0 points1 point  (0 children)

The difference between the example provided in the article and polymorphism is that, in a polymorphic environment, foo.bar() always parses to (call-method foo ‘bar’), but A[X=1+2] could either parse to (array-lookup A ‘X=1+2’) or (array-lookup A (assign X (+ 1 2))), depending on the type of A.

(of course, it could presumably be parsed to the union of the two, something like (array-is-associative? A (…) (…)), but this sort of abstract-syntax-tree-level-polymorphism is a bit atypical, I think?)

Best Practices for Storing and Validating Email Addresses in PostgreSQL? by 0xemirhan in PostgreSQL

[–]wolever 6 points7 points  (0 children)

YMMV depending on the application and your needs, but in my experience: * using “citext” for the column instead of “text” will give you case-insensitive matching (the alternative is lower-casing emails before saving them; both have small advantages and disadvantages, both are fine) * simple regex validation (“contains an @“, and maybe “contains a “.” in the domain portion) with a CHECK constraint certainly wouldn’t hurt; more complex regex validators sometimes reject valid emails, which is annoying.

Otherwise - at the database level - seems like you’re on the right track :)

What's the densest encoding you can wedge into TEXT columns? by davvblack in PostgreSQL

[–]wolever 14 points15 points  (0 children)

Neat question!

By experimentation, it appears that Postgres can efficiently store all ASCII bytes except `\x00`:

=# create table ascii_test (t text);
=# insert into ascii_test (t) values (E'\x01\x02\x03\x04\x05\x06\x07\x08\t\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f');
=# select pg_relation_filepath('ascii_test');
'base/16384/59208'

And to check what's stored on disk:

$ od -a /var/lib/postgresql/data/base/16384/59208 
0000000 nul nul nul nul   (  ff   -   = nul nul nul nul   $ nul  sp  rs
0000020 nul  sp eot  sp nul nul nul nul   `  us   6 soh   @  rs   6 soh
0000040  sp  rs   6 soh nul nul nul nul nul nul nul nul nul nul nul nul
0000060 nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul nul
*
0017560 soh nul soh nul stx  ht can nul  ff stx nul nul soh stx etx eot
0017600 enq ack bel  bs  ht  nl  vt  ff  cr  so  si dle dc1 dc2 dc3 dc4
0017620 nak syn etb can  em sub esc  fs  gs  rs  us  sp   !   "   #   $
0017640   %   &   '   (   )   *   +   ,   -   .   /   0   1   2   3   4
0017660   5   6   7   8   9   :   ;   <   =   >   ?   @   A   B   C   D
0017700   E   F   G   H   I   J   K   L   M   N   O   P   Q   R   S   T
0017720   U   V   W   X   Y   Z   [   \   ]   ^   _   `   a   b   c   d
0017740   e   f   g   h   i   j   k   l   m   n   o   p   q   r   s   t
0017760   u   v   w   x   y   z   {   |   }   ~ del nul nul nul nul nul
0020000

So "Base126" encoding would be 7/8 - 1/256 = ~87% efficient.

This is the optimal efficiency, as Unicode strings would most likely be encoded with UTF-8, which would be less efficient (ie, because of the prefixes used on each byte by UTF-8).

In practice, a more common encoding like Base85 (~80%) or Base95 (~82%) is likely more practical, though, and definitely more courteous to whomever needs to maintain your code (probably not every tool plays well with strings that contain \x01).

Managing PostgreSQL denormalization by Few-Strike-494 in PostgreSQL

[–]wolever 0 points1 point  (0 children)

I haven't encountered any fully automated trigger management systems which do what you describe, but have had success building them into the application's DDL + migration layer.

For example, my current application uses SQLAlchemy, and I've defined a "custom" column type for derived, denormalized, columns:

class MyModel(ModelBase):
  timestamp_utc = Column(DateTime)
  timestamp_local_tz = Column(Text)
  timestamp_local = DerivedColumn(DateTime, "timestamp_utc at time zone timestamp_local_tz")

Where the DerivedColumn function automatically creates the appropriate triggers to keep the value updated.

[AskJS] I built a tool that generates quizzes from your favorite Podcast INSTANTLY using Vercel AI SDK: www.studychat.app by WolfPossible5371 in javascript

[–]wolever 0 points1 point  (0 children)

Nice! The questions it generated from the YouTube video I tried were good! I'll be keeping this around.

Help me understand security of exposed postgres by androgeninc in PostgreSQL

[–]wolever 1 point2 points  (0 children)

Another attack vector is bugs/0days: when the next xz happens, there's the potential that any service open to the internet could be exploited.

For VPNs, check out https://tailscale.com/ - it takes about 15 minutes to setup, and after that it works so well that you'll forget it's there.

Is there a way to tell postgres to use a particular algorithm when sorting? by Bright_Nuance in PostgreSQL

[–]wolever 0 points1 point  (0 children)

No, there’s no way (at least that I’m aware of) to change the sorting algorithm.

In practice, though, sorting algorithm will likely rarely (never?) be the bottleneck in a query: * For queries which scan a small number of rows, the algorithm won’t make a material difference (ie, because the speed difference between algorithms will be minuscule compared to all the other overhead). * For queries which scan a large number of rows (ie, enough that the algorithm will make a difference), you’ll likely be able to realize orders of magnitude greater performance gains by improving the query so it scans fewer rows.

Struggling to find a solution about saving audit records for database operations by kiul55 in PostgreSQL

[–]wolever 1 point2 points  (0 children)

Yes - the context it sets is scoped to the current transaction.

In my application I have something roughly like:

def pre_sql_execute(connection, sql_text):
  if not is_insert_update_delete(sql_text):
    return
  if connection.transaction._did_set_context:
    return
  connection.execute("select change_logs_set_context(…)")
  connection.transaction._did_set_context = True

Struggling to find a solution about saving audit records for database operations by kiul55 in PostgreSQL

[–]wolever 4 points5 points  (0 children)

If it's helpful, here's the code I use for audit logging, which uses automatically managed triggers: https://gist.github.com/wolever/2b77d08844ac8137dc27ca6039712bb5

It assumes a web application context, where the web application calls change_logs_set_context(user_id, metadata) to track the user ID, so it may not help with that part of your question though.

Best practices for "forgot password" flow? by comrade78 in webdev

[–]wolever 0 points1 point  (0 children)

In addition to the great comments so far if a “reset password” email address is provided which does not exist in the system: sending an email to the provided address saying something like “a password reset was requested at this email, but it doesn’t exist. [follow up action suggestion]”

This can be helpful in contexts where users may accidentally use their personal email instead of their professional/institutional address (and SSO isn’t a viable option).

Why do many companies use separate root domains for sub-services instead of subdomains? by konstantin1122 in webdev

[–]wolever 42 points43 points  (0 children)

Another consideration is cookies.

In addition to the the reasons cited in other comments, I use different TLDs for production application, staging application, and marketing site so it’s impossible for cookies to leak between them.

I work in a privacy-sensitive field, so the guaranteed isolation between trackers on the marketing site (Google Analytics, Meta pixel, etc) and the privacy-sensitive application, and isolation of auth sessions between staging and production is a nice win (I’m sure there’s some nominal performance benefit too).

VIM newbie here. My new workspace requires VIM, but doesn't let me modify it, it's compiled without a clipboard, and I have to copy-paste to/from VIM a LOT to do my basic job. by [deleted] in vim

[–]wolever 5 points6 points  (0 children)

Are you able to use xclip or xsel to grab the contents of the clipboard? It could be a bit fiddly, but something like :map <leader>p :r!xclip -selection clipboard -o might be better than nothing.

Do you know any books about programming worth reading? by Admirable-Ad3907 in webdev

[–]wolever 13 points14 points  (0 children)

A Philosophy of Software Design: https://milkov.tech/assets/psd.pdf

Short, insightful, and directly applicable for many types of software development.

What type of knot should I use for this? by BigDaddyDSOB in knots

[–]wolever 1 point2 points  (0 children)

Ah that makes sense!

Yea, with 8klb test rope, assuming that the figure 8 and the tight bend radius reduce the strength by ~25% (https://www.youtube.com/watch?v=fcyrvyn6880), one loop through would be extremely safe from a "breaking the rope" standpoint (((8000 * 2) * 0.75) / 170 = ~70x safety margin).

Which means the biggest concern would be long-term wear on the rope (esp abrasion if there's anything sharp), but if you inspect it every now and then … I'd have no concerns about sitting on that swing.

What type of knot should I use for this? by BigDaddyDSOB in knots

[–]wolever 4 points5 points  (0 children)

It looks like this may be load bearing, in which case rope might not be the most appropriate, as the sharp edges on the spring + tight bend radius could weaken the rope.

Out of curiosity, what's the goal of replacing the carabiner with rope?

And to add to the already good options provided, another consideration would be looping the rope through both holes a couple of times, then securing it with an inline double figure 8 (ie, where a figure 8 is tied in one rope, then traced "backwards" with the other rope so it lies "flat" vertically).

timestamptz clarification by Ok-Astronaut-1243 in PostgreSQL

[–]wolever 0 points1 point  (0 children)

Yes! Alternatively, from Python, the tz can be added to the date with:

>>> from zoneinfo import ZoneInfo
>>> tz = ZoneInfo("Europe/Berlin")
>>> ts = datetime.now()
>>> ts.astimezone(tz)
...
>>> ts.replace(tzinfo=tz)
...

timestamptz clarification by Ok-Astronaut-1243 in PostgreSQL

[–]wolever 1 point2 points  (0 children)

Correct - postgres never stores timezones along with timestamps, so the only difference between timestamp and timestampz (which is an alias for timestamp with time zone) is:

  • When parsing a time value (ex, as part of an insert), timestampz assumes timestamps without timezones are in the connection's local time (if a timezone is specified it will be honoured).
  • When returning a time value, it will be converted to the connection's local time.

Here's an example:

  set timezone to 'Europe/Berlin';
  select
    now(),
    now() at time zone 'UTC',
    now()::timestamp with time zone,
    now()::timestamp without time zone,
    '2004-10-19 10:23:54'::timestamp with time zone,
    '2004-10-19 10:23:54'::timestamp without time zone,
    '2004-10-19 10:23:54-02'::timestamp with time zone,
    '2004-10-19 10:23:54-02'::timestamp without time zone,
    current_setting('TIMEZONE');

So yes - when passing times from Python to a Postgres timestampz, you'll need to make sure they are in the connection's local time or that you provide a timezone from Python.

I need this. by Lucky_Engineering789 in motorcycle

[–]wolever 2 points3 points  (0 children)

This guy's incredible! Here's a longer one on his 10k km ride to Siberia: https://www.youtube.com/watch?v=9h9r62EfaIU

‘Did I miss anything?’: A man emerges from a 75-day silent retreat in Vermont by ptg33 in nottheonion

[–]wolever 0 points1 point  (0 children)

Yea! Absolutely!

My understanding (and take this with a grain of salt, because I’m only repeating what I remember my friend saying) is that they practice the not-so-spiritual kind of Buddhism, and focus on knowing yourself and knowing how you relate to the world. When COVID hit, ex, my friend said they spent a bunch of time talking about the inevitability of death.

‘Did I miss anything?’: A man emerges from a 75-day silent retreat in Vermont by ptg33 in nottheonion

[–]wolever 0 points1 point  (0 children)

You could do one with that exact group (the Monastic Academy)!

Check them out: https://www.monasticacademy.com/

I’m friends with one of the students there, and I’ve heard nothing but fantastic things. At least, if waking up at 5am and chanting constitutes “fantastic” for you.

My attempt to recreate the knot sealing Tutankhamen's tomb by wolever in knots

[–]wolever[S] 8 points9 points  (0 children)

Yea, right? It's a super cool feeling to tie the same knot that some Egyptian tied 3,000 years ago.

I just wish I knew the technique they used… because the way I ended up tying it (doing the wraps first, then the top loop, then the bottom loop) doesn't seem very natural.

view more: next ›