code logs -> 2020 -> Tue, 09 Jun 2020< code.20200608.log - code.20200610.log >
--- Log opened Tue Jun 09 00:00:59 2020
00:18 Kindamoody is now known as Kindamoody[zZz]
02:12 Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has quit [Connection closed]
03:35 Degi [Degi@Nightstar-98i279.dyn.telefonica.de] has quit [Ping timeout: 121 seconds]
03:42 Degi [Degi@Nightstar-9ek5k3.dyn.telefonica.de] has joined #code
04:46 Pink [user1@Nightstar-g7hdo5.dyn.optonline.net] has quit [Ping timeout: 121 seconds]
04:49 Pink [user1@Nightstar-g7hdo5.dyn.optonline.net] has joined #code
04:49 catalyst_ [catalyst@Nightstar-v6lb30.cable.virginm.net] has joined #code
04:49 catalyst [catalyst@Nightstar-v6lb30.cable.virginm.net] has quit [Connection closed]
04:55 catalyst_ [catalyst@Nightstar-v6lb30.cable.virginm.net] has quit [Connection reset by peer]
04:55 catalyst [catalyst@Nightstar-v6lb30.cable.virginm.net] has joined #code
05:15 celticminstrel [celticminst@Nightstar-ovl74f.dsl.bell.ca] has quit [[NS] Quit: And lo! The computer falls into a deep sleep, to awake again some other day!]
06:10 VirusJTG [VirusJTG@Nightstar-42s.jso.104.208.IP] has quit [Connection closed]
06:10 VirusJTG [VirusJTG@Nightstar-42s.jso.104.208.IP] has joined #code
06:10 mode/#code [+ao VirusJTG VirusJTG] by ChanServ
06:35 mac [macdjord@Nightstar-rslo4b.mc.videotron.ca] has joined #code
06:35 mode/#code [+o mac] by ChanServ
06:37 macdjord|slep [macdjord@Nightstar-rslo4b.mc.videotron.ca] has quit [Ping timeout: 121 seconds]
06:42 McMartin [mcmartin@Nightstar-c25omi.ca.comcast.net] has quit [[NS] Quit: upgrading TLS and stuff]
06:45 McMartin [mcmartin@Nightstar-c25omi.ca.comcast.net] has joined #code
06:45 mode/#code [+ao McMartin McMartin] by ChanServ
08:01 Kindamoody[zZz] is now known as Kindamoody
08:23 Vornicus [Vorn@ServerAdministrator.Nightstar.Net] has joined #code
08:23 mode/#code [+qo Vornicus Vornicus] by ChanServ
08:33
< Pink>
Sometimes you just get that feeling, wondering whether the code you are looking at is genius or the opposite of that. I thought the 200 vertex limit on this script was due to someone just setting it to that... turns out it is because the guy wrote a separate case for all 200 predefined vertices being active, and...
08:37
<~Vornicus>
Oh boy.
08:37
<&McMartin>
oh no
08:50
<@sshine>
Pink, "loop unrolling!" it's a technique! ;-) (unfortunately, it's only cool if computers do it by themselves.)
08:52
< Pink>
Like I said, not sure if genius. Because for all I know it might be worth it, but what little commentary there is is in Russian and also doesn't refer to that function at all..
08:53
<~Vornicus>
No, that's the opposite
08:57 Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has joined #code
09:00 Pink [user1@Nightstar-g7hdo5.dyn.optonline.net] has quit [Ping timeout: 121 seconds]
09:45 Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has joined #code
11:17
< catalyst>
my library has 623 downloads
11:17
< catalyst>
that's probably cool
11:17
<~Vornicus>
only 43 more and it will be evil.
11:18 Alek [Alek@Nightstar-kaiguq.il.comcast.net] has quit [Ping timeout: 121 seconds]
11:18
< ErikMesoy>
67 more and it will be nice
11:19
<~Vornicus>
ten-nice even
11:21 Alek [Alek@Nightstar-kaiguq.il.comcast.net] has joined #code
11:21 mode/#code [+o Alek] by ChanServ
12:01
<&ToxicFrog>
catalyst: that is pretty cool, yes
12:33
< catalyst>
oh, it's 677 now
12:34
<@TheWatcher>
yaay :)
12:36
<~Vornicus>
evil + 11!
12:45 catalyst [catalyst@Nightstar-v6lb30.cable.virginm.net] has quit [Ping timeout: 121 seconds]
12:54 catalyst [catalyst@Nightstar-v6lb30.cable.virginm.net] has joined #code
13:22 celticminstrel [celticminst@Nightstar-ovl74f.dsl.bell.ca] has joined #code
13:22 mode/#code [+o celticminstrel] by ChanServ
13:33
<@sshine>
why did the inventors of the CRUD acronym not pick CURD?
13:34 Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has quit [Connection reset by peer]
13:34 Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has joined #code
13:40
<&[R]>
Because usually Create and Read are the first two things you code
13:40
<&[R]>
Update and Delete are done later
13:40
<~Vornicus>
they're also the order you actually do things in
13:41 Attilla [uid13723@Nightstar-2dc.p8m.184.192.IP] has joined #code
13:41 mode/#code [+o Attilla] by ChanServ
14:21
<~Vornicus>
ok I should stop getting distracted by billions of guns and actually figure out what my 3d code has to do.
14:23
<@TheWatcher>
... billions of guns, wat
14:23
<~Vornicus>
I decided to play Borderlands~
14:24
<@TheWatcher>
ooooh
14:24
<@TheWatcher>
Right
14:25 * TheWatcher aughs at this c++ material he's been asked to comment on
14:27
<@TheWatcher>
This guy is stressing that ++i is more efficient than i++, and banging on about sticking to char * strings rather that std::string because "of all of its complexity and memory usage"
14:27
<~Vornicus>
Someone has forgotten the first rule of optimization
14:30
<@TheWatcher>
Or used a modern compiler
14:51
<@gnolam>
In today's "if you ever do this, you should be fired as a UI designer": spell check that can't be disabled.
14:51
<@gnolam>
Looking at you, Microsoft Teams.
14:52
<@gnolam>
(Which is actually *two* sins rolled into one: single-language spellchecking and undisableable spellchecking.)
14:54
<@TheWatcher>
At least it's not going for the hat-trick: single language spellcheck, undisableable spellcheck, and autocarrot.
16:39 Kindamoody is now known as Kindamoody|afk
16:51 catalyst [catalyst@Nightstar-v6lb30.cable.virginm.net] has quit [Connection closed]
16:51 catalyst_ [catalyst@Nightstar-v6lb30.cable.virginm.net] has joined #code
17:08
< Emmy>
ducking autocarrot
17:08
< Emmy>
By the way, do we have any GitHub guru's here?
17:13
<&ToxicFrog>
I'm hardly a guru, but I do release most of my projects on it so I have some familiarity with it
18:53 catalyst [catalyst@Nightstar-v6lb30.cable.virginm.net] has joined #code
18:53 catalyst_ [catalyst@Nightstar-v6lb30.cable.virginm.net] has quit [Connection closed]
18:55
<@sshine>
in CS theory, what's the right way to characterise a blockchain VM? I mean, computation is bounded to a number of steps, is that what you call a bounded Turing machine? I looked at the definition for 'linear bounded automata', but this puts restriction on the tape (memory); with blockchains you're limited by the gas (virtual clock cycle) cost of memory operations, so a calculable limit but not a fixed one
18:55
<@sshine>
(since gas can be used for any operation).
19:07 Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has quit [Connection closed]
19:08 Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has joined #code
19:11
< Emmy>
ToxicFrog, sorry, got distracted, then dinner, so i didn't see
19:12
< Emmy>
long story short, my company has a github organisation, and a bunch of repos (naturally)
19:13
< Emmy>
one of these repos was set up, had access granted to certain people, amongst most importantly, my intern.
19:13
< Emmy>
henceforth known as Bob.
19:14
< Emmy>
Said access was granted to the newly made BobAtCompany account.
19:14
< Emmy>
A BobAtCompany github account, i mean.
19:14
< Emmy>
trouble is, he also has a private Bob github account.
19:15
<&ToxicFrog>
Ok, we're already outside my expertise, but maybe I can act as a rubber duck and/or someone else here has experience with github org accounts
19:19
< Emmy>
Now, he likely cloned it to his private private laptop as BobAtCompany.
19:20
< Emmy>
But from that moment on, he was somehow branching, committing and merging as the private Bob
19:21
< Emmy>
using the ordinary Git command-line interface.
19:21
< Emmy>
My question: HOW!?
19:22
< Emmy>
since that repo is private, and only his BobAtCompany account was granted access, as proven by both my repo admin panel and the repo people panel that only the boss can see as GitHub org owner.
19:23
< Emmy>
and more importantly, how to prevent it in the future?
19:24
<&ToxicFrog>
Oh, the how is easy
19:24
<&ToxicFrog>
When you `git commit`, it reads your local git configuration to see what name and email address should be associated with the commit.
19:25
<&ToxicFrog>
His personal laptop is presumably set up to commit as his personal email by default, and he didn't change that for the work repo.
19:26
<&ToxicFrog>
Meanwhile, when you push, the author of the commits isn't checked -- all github wants to know is if the account you've logged in as has permission to push to that repo. (After all, you might have merged in patches from someone else who doesn't have those permissions, so rejecting pushes because they contain commits from outside the org would be bad.)
19:26
<&ToxicFrog>
So, presumably, what happened was:
19:26
<&ToxicFrog>
- he clones the repo as BobAtWork
19:26
<&ToxicFrog>
- he makes a bunch of commits using his default git configuration, which is Bob
19:26
<&ToxicFrog>
- he pushes the new commits as BobAtWork
19:27
<&ToxicFrog>
- github looks at the commit authorship info and goes "oh, I recognize this email, these were authored by Bob, I'll display Bob's username/avatar/etc next to them"
19:27
< Emmy>
hmmmhm, plausible, but i suspect that the pushes were as Bob as well
19:27
<&ToxicFrog>
Like, he pushed it to a personal repo?
19:28
<&ToxicFrog>
I don't know if github actually tracks who did what push; plain git definitely doesn't.
19:28
< Emmy>
organisation repo
19:29
<&ToxicFrog>
Why do you think he pushed as Bob?
19:30
< Emmy>
Used the same commandline, afaik
19:30
< Emmy>
but i shall check it tomorrow
19:30
<&[R]>
Does he have the same private key associated with both accounts?
19:30
<&ToxicFrog>
^ check that
19:30
<&[R]>
Because there's a few levels of different authentication going on
19:31
<&[R]>
Git doesn't check *any* authorization at all
19:31
<&[R]>
It has no means to do so
19:31
<&[R]>
You *can* PGP/GPG sign a commit though
19:31
<&[R]>
And when you push, it's usually to an ssh server, which does do authorization
19:32
<&ToxicFrog>
Yeah, I've been focusing on the "how does github know who wrote each commit" aspect, which is based solely on the email in the commit authorship, which can be basically anything you want to put there (and the fix for that is to use `git config --local` in the work repos to select the correct email)
19:32
< Emmy>
Afaik there's no private key?
19:32
< Emmy>
hold on, i'll do some screencaps and such, make an imgur album
19:32
<&[R]>
What's the URL he's pushing to?
19:32
<&ToxicFrog>
"how goes github know who you are when you connect to it to upload new commits" is a separate issue, and as [R] points out is usually done with SSH keypair authentication
19:33
<&[R]>
Because IIRC github only allows SSH based pushes
19:33
<&[R]>
And the only other transport they support is HTTPS
19:34
<&ToxicFrog>
[R]: it allows pushing to HTTPS URLs as well using HTTP authentication
19:34
<&[R]>
Ah, fair enough
19:35
<&ToxicFrog>
But yeah, the typical and recommended approach is that you push over SSH and github figures out who you are via SSH keypair matching.
19:35 * [R] needs to figgure out how to sit inbetween recvieve-pack and push-pack so he can do similar authorization stuff
19:37
<&ToxicFrog>
Might be worth studying something simple like gitolite, there's loads of prior art out there
19:38
<&[R]>
Yeah
19:51
< Emmy>
https://imgur.com/a/8q9mySG
19:51
< Emmy>
Probably censored more than i needed to, but eh
19:55
<&ToxicFrog>
"deploy keys" is something different and I'm not sure what it's used for -- automatic pushes to prod from github, I think?
19:57
<&ToxicFrog>
Re "bob does not show up in contributors but certainly made commits"
19:57
<&ToxicFrog>
The stats page is "contributions to master"
19:57
< Emmy>
ah, as i thought already
19:57
< Emmy>
only for master?
19:57
<&ToxicFrog>
It says so right on the page
19:58
<&ToxicFrog>
There might be a way you can ask for stats for the whole repo or something, idk
19:58 * Emmy facedesks
19:58
< Emmy>
obviously. RTFM, emmy
19:58
<&ToxicFrog>
But in the screenshow below it you're viewing a different branch, so maybe those commits haven't gotten merged yet
19:58
<&ToxicFrog>
So that explains why bob isn't showing up in the stats
19:59
<&ToxicFrog>
As for Bob(notatwork) showing up as the "latest commit", that's because github bases that on the commit authorship information and completely ignores who pushes it, so that probably just means that when he ran `git commit` on his laptop he had the wrong email configured, as discussed above
20:00
<&ToxicFrog>
`git filter-branch` can be used to bulk rewrite the commits to change the committer and author
20:00
< Emmy>
hmmmh, but wouldn't the push ordinarily be done in the same way as the commit?
20:00
<&ToxicFrog>
The push uses a completely different authentication mechanism
20:01
<&ToxicFrog>
Which is to say, the commit doesn't have an authentication mechanism
20:01
<~Vornicus>
(because commits are distributed)
20:01
<&ToxicFrog>
It just looks at your local git config file and goes "what email address is configured here? ok copy that into the commit metadata"
20:02
<&ToxicFrog>
Yeah. When you `git commit` github isn't involved at all, it just writes to local disk.
20:02
<&ToxicFrog>
When you `git push` either (a) you push over HTTPS and github prompts you for username and password or (b) you push over SSH, your SSH client goes "here's the public keys for all the identities I can be" and github goes "ok this one corresponds to an account you're allowed to commit to, proceed" after the cryptographic dance.
20:03
< Emmy>
ahah.
20:03
<&ToxicFrog>
And once that authentication step is completed git just uploads all the commits you made as-is with their original metadata, whether that metadata matches the github account you just logged in with or not.
20:03
< Emmy>
logical.
20:03
<&ToxicFrog>
(which is important because, as noted, you might be merging in commits made by other people and then pushing the whole lot to a repo only you can write to)
20:08
< Emmy>
Thank you very much! most Enlightening.
20:08
<&ToxicFrog>
You're welcome!
20:10
< Emmy>
Github is still fairly new to us as a company. It's still a learning process
20:32
<&ToxicFrog>
In the immedaite case, you can fix this retroactively with `filter-branch` (this is even one of the examples given), and on his machine with `git config --local`; more generally I think you'll need some kind of receive-pack hook or similar on the github side to reject pushes containing "the wrong" commits.
20:33 Kindamoody|afk is now known as Kindamoody
20:35
< Emmy>
hmmmh, i don't think using an extra tool on the hub side will be necessary/wanted, but at least we'll know what to watch out for.
20:37
< Emmy>
i was mostly concerned about a potential security leak, but if it's only a matter of making the commits with the right config...
20:42 * [R] suggests he has a work-user on his laptop
20:42
<&[R]>
So it's all isolated
20:43
< Emmy>
That's what i do
20:44
< Emmy>
I'm going to suggest to the boss he make it a requirement for future interns
20:45
< Emmy>
For now, bob the intern has 2 weeks left, so it's a bit overkill now, but i'll suggest it to Bill the intern since he stil has 2/3rd of his internship to go
20:50
< Emmy>
For the record, we will not be taking in a Jebediah or Valentina the intern.
20:50
< Emmy>
I LIKE my office staying on the ground, structurally intact. :P
20:53
< Emmy>
0.o
20:53
< Emmy>
.o0
20:53
< Emmy>
apparently Telegram somehow manages to syntax format github commands within a random text.
20:56
< Emmy>
or not. did you format something, ToxicFrog?
20:57
<&ToxicFrog>
I used backquotes.
20:59
< Emmy>
oh right. those don't show up in telegram
21:02
< Emmy>
yup, they're the markup characters for monospace.
21:15
<~Vornicus>
stop trying to guess, vorn, you can do this the right way, gosh
21:23 * TheWatcher sighs at this c++ code, is coming to the conclusion that it may be simpler just to fire it into the sun and rewrite than to refactor it
22:06 Pink [user1@Nightstar-g7hdo5.dyn.optonline.net] has joined #code
22:07 Pinkhair [user1@Nightstar-g7hdo5.dyn.optonline.net] has quit [Ping timeout: 121 seconds]
22:48 Emmy [Emmy@Nightstar-9p7hb1.direct-adsl.nl] has quit [Ping timeout: 121 seconds]
23:02 Netsplit Golgafrincham.Nightstar.Net <-> Traal.Nightstar.Net quits: @[R], @VirusJTG, @crystalclaw, @Vornicus, @celticminstrel, @gnolam, Pink, Yossarian, @Kindamoody, @Tamber, (+1 more, use /NETSPLIT to show all of them)
23:02 Netsplit over, joins: Pink, Yossarian, @Tamber, @Kindamoody, @celticminstrel, &VirusJTG, &Reiver, &[R], @crystalclaw, @gnolam (+1 more)
23:07 * McMartin swears profusely in four languages
23:07
<&McMartin>
How did this code ever work?
23:53 Attilla [uid13723@Nightstar-2dc.p8m.184.192.IP] has quit [[NS] Quit: Connection closed for inactivity]
--- Log closed Wed Jun 10 00:00:00 2020
code logs -> 2020 -> Tue, 09 Jun 2020< code.20200608.log - code.20200610.log >

[ Latest log file ]