- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
I talked to someone recently who was extolling the virtues of server-side java script. Well, ok, not so much talked to him as sat in stunned silence while he talked, but still.
Admin
Now I suppose it is possible that despite haunting a tech site, you're one of those who reflexively clicks "OK" on any message that pops up asking to approve installing something on your computer. In which case, yes, you're at as much risk from software you install as from software embedded in web pages. But that doesn't make the class of software equally dangerous, it only makes you dangerous.
Oh dear! Not the dreaded "gonzo" insult! I wither under your contempt, withdraw my objections, and promise to let everyone rape my computer from this day forth! Thanks for freeing my soul.Admin
Admin
I presume you'd be using a server-side language to accept the request and generate the JSON response, in which case you already know the contents of the json response and would just log that shiznit in whatever format you want, rather than creating json and then massaging that into the log. Example WTF.
Admin
(Hmm, I've run into ASN.1 and I'm fluent in Esperanto.)
Admin
Akismet, this is neither spam nor troll...
Admin
NO. NEVER DO THIS.
Admin
Dear reader: What We've Learned So Far
TRWTFs are:
The Winter Solstice is, indeed, the first day of Winter -- for those in the US ( http://en.wikipedia.org/wiki/Winter#Period "In the USA (and sometimes in Britain) the season is regarded as beginning at the solstice")
Ralph is one of the paranoid 1% who have javascript disabled. Security trumps UX for him.
Admin
We have a little server-side JS here. Not a lot. It's the "node.js is good for fast lightweight i/o oriented network services because it makes callbacks easy and blocking operations hard" kind of deal.
I wouldn't drag it much further than that, though. It's a specialty tool, not a very good hammer.
Admin
Are you asserting that all javascript is written by these people? gets out a globe You must live in ... the Indian Ocean?
Also, are you asserting that javascript apps carry the same amount of risk posed by desktop apps? Ever heard of the "browser sandbox"? I mean, as an example, javascript has to get permission to store data on your computer, and even then it only gets a few MB of space.
Admin
It's an academic monstrosity.
Admin
But I will take comfort in knowing that identity thieves can only grab the money that's in my sandbox, leaving the rest of my assets safe.
Oh wait. Banks, investment firms... they all seem to be online with scripts enabled. So, yeah, all your $ belong to the sandbox.
Admin
Admin
I'm going to cry foul on this one. Maybe say that "it may as well be Afrikaans" since, if Wikipedia is to be any indicator, Esperanto is used at least 10 times as often.
Admin
Wait, you mean to say that stealing someone's identity / money is as easy as writing a bit of javascript? Do tell... maybe I needing later O:-)
Admin
Admin
And the reason for the stunned silence was...? JavaScript is a much-maligned language, but an extremely powerful one, particularly when you put CoffeeScript on top to make the syntax more pleasant. I'd seriously consider server-side JS/CS for my next Web application; among other things, it means you can share code between server and client more easily (which becomes an issue in certain types of Ajax work).
Admin
Admin
Admin
Dee oh en - kay ee wye.
Admin
Sorry, meant "segment codes".
Admin
Admin
Now then, let's guess why JSON is popular and ASN.1 isn't.
Just maybe, human readability is more useful than the things ASN.1 is good at.
Admin
You're talking about HL7v2. HL7v3 is much harder to use than HL7v2 and must be much closer in complexity/horribleness of implementations to ASN.1 that HL7v2 is.
Admin
I would like to point out that this is, in fact, also the case on the 48th parallel. The sun is reflecting off the snow through the window, and I thus am sweaty and have no vision in my right eye.
Admin
That was in reply to this, because TRWTF is the "reply" button.
Admin
Admin
Oh, by all means, you are quite allowed to disable scripting, and any other enhancements, on your own computer(s). You just aren't allowed to use BS arguments to back up your decision on a public forum :P
Admin
Admin
But how could you be sure? After all you can't perform your own security testing against your bank... unless you live in a country without extradition. You're safer to just shut off scripts (e.g. NoScript) for as many sites as you can. It is really about the only defense you have available to you, short of converting all your accounts to gold and going to live in a cave with a shotgun.
Admin
P.S. I guess the next step up from troll is when you can get other people posting using your fake name! Thanks for playing along, everyone!
Admin
You're not the real fake Ralph, I am!
Admin
I suppose because I'm only familiar with client-side JavaScript, which I don't particularly enjoy, and so it's hard for me to see how someone would react to JavaScript by thinking "where else can I use this language?" I also assumed that it wouldn't have as many tools and libraries as more popular server-side languages.
But I don't do all that much web programming, and the guy I was talking to did talk a lot about how JavaScript is a well-designed language at heart, so I admit I may be wrong to dismiss it out of hand.
Admin
Sorry, this just isn't a WTF. It's merely a poorly constructed regex.
Using a regex to examine results is a perfectly valid method examining a result string -- certainly leagues better than the insane suggestion of using eval() on arbitrary strings.
Admin
Totally off topic, but there are two definitions of winter used in the U.S.: Astronomical winter and meteorological winter.
Astronomical winter is as you describe, but meteorological winter starts on Dec 1. Likewise for other seasons.
Admin
Thought about it, but well... it's the last day of the working year, and my motivation to do anything vaguely associated with work is non-existent.
Admin
I'd wager that you don't particularly enjoy it because, like (at a guess) 98% of people who write client-side JavaScript, you never learned to write it correctly. Not your fault, really; the language has traditionally been marketed in a way that leads people to its weaknesses, not its strengths -- that is, it's been too often used as an extension of HTML, or as an inferior version of Java, rather than the decent language in its own right that it actually is, and the syntax makes some of the best features too hard to use (which is why I recommend CoffeeScript). I'd advise reading some of the stuff at http://www.crockford.com , as well as books like JavaScript: The Definitive Guide (Flanagan) and JavaScript: The Good Parts (Flanagan & Crockford), to get a feel for what the language is really about.
Personally, I was just really dumb lucky to stumble into Crockford's website as I was trying to learn JavaScript...got me started off on the right foot. I claim happy accident here, not personal brilliance.
Node.js has become extremely popular, and of course, many of the client-side libraries are already useful on the server side, since the core language is the same.
I think you are. I've been pretty happy with Ruby on the server for the last few years (and other languages before that), but JS (or rather, CoffeeScript) is definitely a serious contender.
Admin
Learn Esperanto, the translate this:
I think "Frapmont de Fulmo" would be a great assumed name to use, if I ever had to use an assumed name.
Admin
This is fine. It could be an embedded system where you cannot assume the availability of a JSON parser. Most embedded systems have regex support, though.
Admin
I'm Spartacus^H^H^H^H^H^H^H^H^HRalph!
captcha: consequat. If you don't disable javascript, there will be consequats.
Admin
I'd say Global Warming, but it's obvious you're not on Earth.
Here on Earth, Winter's just started - it starts on the Winter SOlstice (and ends at the Spring Equinox). But from where you are, your solstice marks the middle of winter...
Admin
Hoot, mon! Would ye outlaw the internet, then?
Admin
Considering where this sort of thing is being promoted, I assume it's more a case of thinking, "Where else can I use these damn Javascript programmers?"
Admin
Ha ha. Girl programmers are dumb.
Admin
[quote user="Fedaykin"][quote user="Andrew"] "In the USA (and sometimes in Britain) the season is regarded as beginning at the solstice")
Totally off topic, but there are two definitions of winter used in the U.S.: Astronomical winter and meteorological winter.
Astronomical winter is as you describe, but meteorological winter starts on Dec 1. Likewise for other seasons.[/quote]
Recalling being a child collecting Halloween treats from the neighbors very often in the first snowstorm of what seemed most definitely the beginning of winter (near the 45th parallel), I'm wondering how the powers-that-be managed to foist either one of these lies upon us.
Admin
Admin
Because you say so? Oh, sorry, because ESR says so, that makes all the difference. There was an attempt to enshrine this some years ago in a protocol called BEEP, a text-mode universal protocol for the entire Internet (RFC 3080/3081). ASN.1 is a global rockstar compared to where BEEP ended up.
ASN.1 provides an efficient, compact, easy-to-parse format, which can't be said for any text format I've ever seen (JSON is about the closest to ASN.1).
And parsers for anything else don't? Look at the chaos that is XML for an example of a real parsing mess.
The opposition to ASN.1 seems to have originated from within the IETF, and was based on (1) the fact that ASN.1 was binary and not text, which was clearly an abomination against the Lord, (2) the fact that ASN.1 was an ISO and not IETF design and therefore an abomination against the Lord, and (3) the fact that the 1980s vintage ISODE tools for working with it sucked.
That was twenty years ago, get over it.
Admin
Having implemented both, HL7 is much, much nastier than ASN.1. ASN.1 is actually relatively simple, you use a standard library... and there go about 99% of your problems to start with, and then occasionally you have to handle something way off the scale, but in general with a decent library that handles DER and BER you're sorted, because you can't get that odd within the confines of the encoding rules. OTOH with HL7's "stuff anything between a lot of '|'s"... ugh.
Admin
Yup, because when my mother gets an IJK305I Encoding Error when she clicks "Submit" on her knitting club's web site she immediately fires up Notepad, loads the JSON into it, hand-edits the missing escape character into place, and then uses Firebug to manipulate the data back to the web site. Thank God it's in text mode, because if it was ASN.1 she wouldn't be able to do that.
Puh-leeze. An encoding format depends on the tools that are used with it. JSON is popular because support for it is built into a large pile of web development tools and systems, not because of its format. You could have it encoded using chimpanzees banging coconuts together and it'd still work because all the developer sees is a JSONWriter or whatever. By that token ASN.1 is also a text format, because no-one would ever use a hex editor on the binary, you use a text-mode ASN.1 browser and editor just as you use a text-mode JSON (or XML, or whatever) browser and editor.
Admin
"I did it that way because no one would be idiotic enough to add a blank between { and ", right?"
"They did?"
"Those idiots!"