#off-topic-tech

There was a time when people said it would replace classic gaming.

But I cannot see it happen. Maybe exist next to eachother, like handhelds aren't the same as a PC or a console.

Hype, not reality.

Really only works for very specific game types.
And very large percentage of people gets motion sickness from it if the movement is free.
Etc.

i tried playing HL2 vr... i almost puked as soon as i tried to go up stairs

I get motion sick. Didn't help that I did eat right before going into a VR session.

And the game; we were on a raft on a river and needed to shoot zombies.

so was easy to get motion sick, got it so bad I had to stop and go outside.

My first and last VR experience.

i actually tried to make a VR game once. The development started well. Then i tried to test it. I goofed some code and shot off towards the stratosphere. That ended my time developing vr games

I should pick up my game development again.

Here is the true battle of Titans

I also got motion sick the first time I tried VR - in a VR Arcade near work before covid. Because I was stupid and went with racing simulator first - colleague crashed into my car and that made me almost vomit. I needed to pause for half an hour but then played arizona sunshine which I enjoyed a lot. I pre-ordered the Reverb G2 for home so that was about 1.5-2 years later?

I also didn't feel comfortable, it was a big hall where everyone was "running around" with VR headset, and then people at the bar could look down into the hall to see us chickens move around and shoot.

Got no issues with that, have done worse in public 😄 I play theatre from time to time... the real thing, on stage, with an audience 😉

This is not related to VR, but might also cloud my first experience if you get my drift?

yeah sure, I get it, not for everybody... but then again, at home it's just me

Exactly, maybe I would enjoy VR in my own room.

I also want to continue fallout 4 vr, had it running quite well on my machine, but the game is even "slower" in vr than in "2d"... and adds another level of quirky to my set up, so I'll re-attempt with the new hardware and whatever HMD I'll buy next year

the starwars squadrons I also enjoyed... although I'd very much like to have a longer campaign.... don't have enough friends with enough time for multiplayer

I got 100% on steam for fallout 4 few months ago, the game is clunky even on modern systems.

performance drops, bugs, glitches, ... I can't imagine what happens when they add the VR layer to it 😄

yepp.... the power armor HUD on an ultrawide

It's going to be different when games get developed with VR in mind though.

yes, but I think it needs about 1-2 more generations/iterations because there is still soooo much vendor-exclusive or specific quirks in there...

Tip; if you see trucks with the back open (so you can enter the back of the truck), be carefull to not get stuck on crates.

where the games only work on one specific controller, all others are crap

Tip 2; if you get stuck on crates, there is a console command to make you no_clip so you can fly out.

I agree with you.

There is also a VR mod for the game we can't talk about in this channel.

It didn't look terrible tbh. But videos can deceive

I've seen that, it uses vorpx, right? which itself is a subscription as far as I know... which so far kept me from trying it also for other games..... maybe with the new machine and HMD.
Borderlands 2 VR was also kinda cool for a few minutes, but these WMR <-> SteamVR quirks sometimes take an hour until the game runs properly, because reboots, multiple compatibility layers inbetween etc. and at some point you just want to play something so it's then rather one of the less quirky games...

it uses Unreal Engine Virtual Reality (UEVR) Tool

i used to get pretty motion sick in VR but a day or two of flying about in google earth cured that for me. now I can't play a game without continuous motion

alyx remains the absolute best example

alyx was just wow 😄 stood about an hour on that balcony at the start and threw things around... looked at water in the bottles, drew on the glass....
a few weeks later a friend came by... did exactly the same 😄

I don't think it uses vorpx

https://tenor.com/view/liquor-half-life-gif-17336104

even better, or maybe I saw a different video and both ways exist... well... next year 😄

there is a backlog of other games and ficsmas to play on the new hardware... and also advent of code

I understand that all too well 😄

holy fuck that thumbnail

lol yeah

thats a 1080Ti and a 2080Ti in that thumbnail right? lmao

Yup

i don't have much spare wires (thin DC ones from old PC, seems like 28awg) , so i am looking to buy one.
but the choice... store i have looked at have various AWG, but it seems to have different purpose
My goal is 12v at 1A, max hopes are for 24V 2A. distance up to 0.3m total.

AWG## is just wire thickness.
And then there is the max voltage and temperature wire insulation can handle.

temperature is not a problem here. and voltage isn't high

And then how much voltage drop you can handle determines minimum thickness.

unless 0.25 will drop like 1V I should be fine by just adjusting the module to compensate

so i really don't get how to choose given parameters.

there's nothing stopping me from taking whatever cheapest one is

30cm of AWG28 would be about 0.065 ohms of resistance from the wire itself.

30cm of AWG24 would be about 0.026 ohms.

so if load is 12 Ohm.... that's practically nothing both cases

AWG28 won't burn from 1A, right? 🙂

oh wait, that's probably wrong question

Just about that power loss caused heating.
You know resistance, you know voltage, you know current.
You can calculate how much power is lost in the wire.

And that gives how much that wire will heat up.

And then from that you kind of can determine temperature rise, and then the limiter is when the insulation starts to melt.

yeah but i have no idea if equilibrium will ever be above what is safe for it (200C)

But on low voltage DC, the limit is usually voltage drop, not heating.

Just from resistance and current.

So about 0.2V of drop for 3A in that 30cm AWG28.

Which would 0.6W power loss, which I would count as excessive, when on battery.

Even when 3A on 24V would be 72W

So not really, less than 1% loss.

i ordered a bus of awg28 to scavange from. should be colourful enough, hehe

don't think i will have 3A running through.
but it's possible i will make 24V - > 2x12V one

wait that doesnt make sense...

but idk if i will be brave enough to put 2 12V devices in series

Cannot be done in that way except.

Except with identical loads, which don't use power supplies, but input directly.

i feel like i am too lazy to properly think and realize the problem,
but i have somewhat promising idea:
put large resistors in parallel to loads so that their resistance will ensure even voltage distribution without allowing much current to flow through

Doesn't work that way.

i never really practically engineered much in electronics.
our course practice was to simulate some dumb R/S switch on semiconductor
i mean, it was fun, but pretty obsolete tech

Because you combine resistance and reactance of that actual load and that parallel resistor, and then you get what the voltage drop over that part will be.

So high resistance resistor does basically nothing.

aka Ohms law doesn't apply all that much to tech like routers?

And as those two aren't fixed for modern PSU, that is where you get problems.

Applies, but you need to simplify each step to get the combined effect.

So two loads in parallel, and then in series with another load, you need to first calculate the combined parallel equivalent, before you can check what the series part will be.

just signed my work contract les goo

well, i meant that these should be that high to make (varying) resistance of load be neglegable enough for voltage to be apropiately stable

What 12V loads then?

ok i need to refresh how reactance works

wifi router and that optical -> ethernet thingy

And if the actual input current isn't exact same, etc, then you get one getting more voltage than the other.
And if the input current varies over time, then you again get changing voltage.

cause in my head right now it's just an R with 90 degree phase

Absolute nogo.

bs or?..

Does exist with changing load and current, even on DC.

Just that on the normal simplified stuff, the load and current don't change.

yeah, that's also what i remember...

But CPU changing utilization will cause current change etc.
And with the devices having switched mode VRM inside them, even when buffered by input capacitors, you can still get differences in current pull in subsecond times from that, and depending on the exact VRM implementation, that kind of two in series is just way to get problems.

well, they list the same current.
so i thought it will be a matter of ensuring right voltage is applied.
But I agree that I have no guarantee that they will draw the same current actually during work

That is just the max current the device will never go over without HW fault.
Not the actual pull in usage.

ok, but... right now i have those devices pwoered from same single 12V DC output

But parallel doesn't care in that way.

my mind playing tricks - it imagined them being in series lmao

Parallel shares voltage, serial shares current.

*wired

it optimized topology for wire length 🙂

so there's double Y, not some |U| thing

makes sense

Parallel doesn't care how it is wired.
Daisy chain is in parallel still etc.

Well, the wiring resistance will be serial load to each etc.

If you go into nitty gritty.

well, it's a Y cable, but it's a pair. so for whatever reason i imagened that connection be wired as series so got confused

https://www.ceb.cam.ac.uk/research/groups/rg-eme/Edu/series-parallel-circuits

Later ones in this one go to annoying ones
https://www.electronics-tutorials.ws/resistor/res_5.html

Ah, no that was still pretty simple in the second one too, mixed the second reference to being on right for some reason, and not bottom left.

But as almost nothing is purely resistive anymore, the real life is much more complex.

Yeah... Rule of thumb is to disregard any model i learned, hehe

*until tested

It was fun at first, but then it was just math behind radio transmission lines

RIP printer of 9 years.

Brother HL-L2340DW with self diagnose restart after 15 minuts for infinity. So the printer is in "cool down mode, I hear the fans spin" but is cold.

Something with the spool too "hot" or too "cold" but problem started yesterday and printer was turned of over night.

If the machine's display displays the following self-diagnostic messages, follow these steps:
Self-Diagnostic

Cause
The fuser unit does not work correctly.
The fuser unit is too hot.

Action

(For a certain model)
To prevent you from losing the received fax data in the machine's memory, transfer the data to another Fax machine or to your computer before turning off the machine.
Press and hold Power(Power) to turn off the machine, wait a few seconds, and then turn it on again.
Leave the machine idle for 15 minutes with the power on.

So broken temperature sensor circuit (sensor, wiring, reading electronics)

maybe...

So far I read:

1. restart can fix it.
2. firmware update can fix it.
3. hitting the printer a few times with a hard object can fix it (opens circuit).
4. taking printer apart can fix it.
5. installing new spool can fix it.
6. buying new printer can fix it.

1: if the problem is in that reading electronics part
2: same
3: sensor or wiring
4: sensor or wiring
5: sensor (gets replaced with the heater unit)

Guess what?

firmware update fixed it.

So firmware had gotten corrupted as the NAND lost charge.

Making that reading and interpreting step fail.

• Yesterday: stuck in loop.
• Turned it off over night to cooldown.
• Turned it on, problem again.
• Reset printer. Didn't help.
• Firmware update; fixed.

Question is; for how long is it fixed 😄

If the printer had same firmware for that 9 years, and now had problems, I would expect 5-10 years before the same problem repeats.

maybe it was just an issue in the firmware?

Because I was just following brothers advice.

It's possible that the spool was indeed too hot yesterday (a lot of printing) but that the printer bugged out and stayed in that mode.

Regardless of what the sensors were saying.

If the hardware (sensor) was giving wrong signal, a firmware update shouldn't fix it. Because the hardware sensor should still be telling the software "the spool is too hot go into cooldown modus".

Point was that FLASH cells lose charge over time.
And lose their contents via that.

So that might have happened to one+ cells to flip their state when the firmware was into use on power up.
Causing it do wrong things.

And reprogramming that NAND FLASH that contains the firmware would fix that issue.

Nevermind, problem is back after printing a few pages.

Huh?

HL-L2340DW (old one)

HL-L2445DW (new one I have my eyes on)

Why does it feel like this information is incorrect.

First is keeping that fuser prewarmed.

Second one isn't.

That's a difference of 116x times, meaning new one is 116x more efficient?

That 58W standby is very high.

That 0.5W is perfectly normal for todays electronics when done right.

Official HL-L2445DW specs:

Approx Power
Consumption13,23
Printing: 470W
Printing in quiet mode: 270W
Ready: 43W
Sleep: 3.8W
Deep Sleep: 0.5W
Power Off: 0.08W

And that Ready lines pretty well with the old ones number.

Which is with everything on and fuser being kept warm.

Official for 2340:

So seems tweakers was wrong once again...

So whatever is the source for that first, has changed what it considers "standby".

they used ready as stand-by and deep sleep as stand-by for the other one.

"ready" for both machines is 58W and 43W.

But Ready, Sleep and Deep Sleep can all be considered "stand-by", as in you can just start printing and the device will answer.

"Sleep" for both is 3.9W and 3.8W. "Deep Sleep" is 0.7W or 0.5W. This seems better.

But with varying delay on how fast that printing starts.

Yeah, but you can see that the numbers don't make sense.

On tweakers.

58W vs 0.5W is a big difference. Doesn't make any sense.

Yeah, and doesn't really make sense to name any of those three as "stand-by"

And when you dig in the specs, you see they used wrong values.

Because they all are, but at different levels of that.

thought I'd ask here as I got good recommendations for headphones; anyone have recommendations for a replacement 5.1 surround sound system? movers stripped the connectors off one of the speakers, but I'm not overly attached to that system as it was gifted by a narcisstic asshat of an employer (server went boom, bunch of us had to work over the weekend to get sites restored).

It's tweakers.

These people aren't newbies.

They should know better than this.

And has been owned by various big companies since 2006.

Or just one for the whole time?

not many, it's owned by DPG media atm.

DPG Media Group is a Belgian media group.

It's more like a monopoly.

They buy up everything, all the competition, just buy it up.

But what does that have to do with entering wrong specifications on a tech savy website?

All the data I provided is from official Brother website.

Just for the older printer I can't find the PDF anymore.

Race to the bottom.
Where maintaining that kind of data is handled by the cheapest possible people.

Nah, there are passionate people behind tweakers.

So when it comes to power usage, L2445DW is barely an improvement on L2340DW

Main improvements seems to be:

Memory: 32 MB -> 64 MB
Speed: Up to 27 pages/minute (Single side, Letter size) -> Up to 34 pages/minute (Single side, Letter size)
Wifi: 2.4GHz -> 2.4GHz + 5GHz

Resolution: Up to 1200 x 1200 dpi -> 600 dpi × 600 dpi, HQ1200 (2400dpi × 600 dpi) quality

Just funny how they make this small incremental upgrades over 9 years. Barely any big changes.

well after a certain point stuff plateau's and theres also a certain point were something better just isent necessairy

over 1 page per second is plenty fast

34 pages/minute is 0.56666666 pages per second 😉

you know what im not even going to correct myself because i dont know how i even managed to screw that up 😅

it's alright, I can still live with this speed.

double sided printing is ofcourse even worse.

i did 60/34 instead of 34/60

is there a good way to compute coordinates of circle (points on its edge) at equal distance in km from center?
I can easily do it in angular distance, but I need like 400km distance which makes for quite stretched circles even on latitude of like central Europe...

Simultaneous double sided is such a weird thing to me.
One of our printers at work does that and it's just so much faster than the much bigger and "more complex" one next to it (which can't scan both sides at the same time)

Are you calculating for the globe or on a projection?

And does 400km distance mean distance on the surface or radius of the section (clipping below the surface)

Oh mine prints one side, then the paper goes back into the printer for the other side.

Yeah, but that thing basically has two printers, one on each side of the paper.

With probably combined fuser.

But color laser already has 4 printers in it with single fuser, just all printing on same side of the paper, one after another.

good question: my output should be in coordintes (lat lon)
so i guess that's a globe 🙂

also good.
I pick distance on surface

if i had to just do it, it would probably be something like rays, and then sort of trial and error distance

I meant simultaneous double sided scanning, whoops - haven't seen it for printing yet

Use sphere geometry

Coordinates are rather rough because of how unevenly they are distributed over the globe

like taking a cone from center?

I actually use my phone to scan documents. It has a special feature that scans the paper itself and makes PDF from it.

nah wait that's the same

😦 readthedocs is not white listed...

I was thinking more like a circle segment but 3D

Taking a plane to cut off a part of the sphere

found this to properly get distance
geopy.readthedocs.io/en/stable/#module-geopy.distance

idk why but my school never taught me how to do something like that. at least i really don't remember. and i was the stereometry guy...

this uses ellipsoid

Because that is the simplest normally used earth replacement?

hehe, there's a simpler method that uses perfect sphere

Ah, it even supports multiple different ones that are used as earth-standins.

So it wasn't the simplest, just supports the common ones.

you can set ellipsoid params yourself

But that WGS84 is what GPS etc. use.

Where as that GRS80 seems to be most "accurate", but its center isn't in center of earths mass.

Tyson: "So Earth throughout its life even when it formed, it was spinning, and it got a little wider at the equator than it does at the poles. So it's not actually a sphere, it's oblate. It officially is an oblate spheroid, That's what we call it. But not only that, it's slightly wider below the equator than above the equator."

I always forget what the "proper" shape name is for our earth 😄

Additionally, GRS80 is meant to be a best fit to Earth's geoid while WGS84 is sort of the GRS80 ellipsoid shifted to Earth's center of mass. WGS84 actually was originally meant to be just that, but "refinements" were made to the axis size after a few years of satellite observations to ensure minimal anomalies with Earth's surface/ geoid.

That center of mass is important for satellites etc.

But not while on surface.

but even with that, there's a gap since...
suppose i shoot N rays in lat,lon coords
i can get a good estimate of where on that ray is desired distance
well, it should work, even without even distance between points on these rays

so it's a fat egg

Tyson: "Chubbier is a good word, it's like pear shaped." So, it turns out, the pear-shapedness is bigger than the height of mount Everest above sea level."

But then people got tilted at "pear shaped".

i don't get what is needed to do it and what will be in results ( i mean, crossing 3d objects?..)

my display is in lat, lon still. i can't change it

egg earth theory confimed

oh, better, there's destination
geopy.readthedocs.io/en/stable/#module-geopy.distance

turns out i don't need that lib, i need this:
https://github.com/geographiclib/geographiclib-python/blob/main/geographiclib/geodesic.py

Direct or ArcDirect
but still no neat way for just putting in radius and num of points

This was my idea - but using pre-existing libraries designed for geographics is definitely the better way to go
https://en.wikipedia.org/wiki/Spherical_cap

until today i thought the only thing there was shapely haha

yeah, and i meant that if you connect edges of it with center - you get a cone.
but i'm not sure if you can convert convert lat&lon to angle and sort of draw circle on them with sin&cos - that feels too much like what i was doing with shapely providing margin around the point

Oh, yeah, r/a/delta in that graphic makes a cone

It probably doesn't translate to coordinates at all because of the asymmetrical nature of our coordinate system

asymetrical nature?..

A 400km circle around the North Pole is a wholy different calculation than a 400km circle around some point on the equator

oh that

The longitudes converge on the north and south pole

that's symmetry to me because 2 poles 🙂

which it is...
polar coordinates wont work

every time i read code that does its job i feel like i have been lied to about code style & conventions

don't open without camomile tea:
https://github.com/geographiclib/geographiclib-python/blob/main/geographiclib/geodesicline.py#L189

hey Baldur, new update on the laptop it did it again but this time it dident BSOD so i now know exactly the cause

its not that anything it is quite literally just that it dosent have enough ram capacity to function

memory runs out and then drivers start getting disabled 1 by 1 until windows eventually gives up on existing

i also confirmed the keyboard driver is indeed crashing but thats clearly a side effect since it got yeeted and it dident BSOD

You have done something to disable SWAP completely?
Like many bad SSD instructions tell you to?

The priorities for coding, in order:

1. Make it work
2. Make it understandable
3. Make it efficient
4. Make it elegant

Coding styles and conventions usually tell you how to do number 2

5. use CVE tool/linter to find vulnerabilities and fix those 😄

One could argue that understandable code is easier to make work - which is a viable opinion too.

I'd put that on par with efficiency - and depending on the project can also be part of core functionality, so without it number 1 wouldn't be fulfilled

6. Write unit tests.
7. Write system tests.
8. automate?

Those are all tools you use to accomplish the other things

Definitely part of elegance

elegance

some would say it's core.

What's the job of a unit test?

It's to ensure your code still works as intended after you made changes

No

It's meant that the code works as expected.

I've worked in teams, we first write the unit test.

And then we write the actually code/implementation.

But why would you want to know that your code works as expected?
Either because it doesn't or because you expect that it won't.

In the beginning the unit test will fail because there is no code, then you write the code untill unit test works. It's a common practice.

And now you've circled back to number 1

Promoting test-driven development—unit testing is a core component of TDD, where tests are written before the actual code. This approach ensures that the codebase is designed to pass the tests, leading to better structured, more reliable, and easier to maintain code.

Also: technically speaking you don't need unit tests

You said it was elegance.

I say that it can be core.

I meant that as: if it ain't anything of the above, it's at least a part of making code elegant

Also, TDD isn't the only way to do things (albeit one of the most intuitive ones)

A software tester walks into a bar.
... Walks into a bar
... Runs into a bar.
... Crawls into a bar.
... Dances into a bar.
... Flies into a bar.
... Jumps into a bar.

And orders a beer.
... 2 beers.
... 0 beers.
... 99999999 beers.
... a lizard in a beer glass.
... -1 beer.
... "qwertyuiop" beers.
Testing complete.

A real customer walks into the bar and asks where the bathroom is.
The bar goes up in flames.

Yup. And the average developer is just a customer.

Who pushes code into production without tests, then production goes down, then developer blames the single tester in a 50 man team.

Testing is such a strong tool if used properly, it can even make your code more understandable.

Crowdstrike intern moment

public void testIfFirstNameFieldCanHandleString(){}

That's clever

the test name literally tells what the code does.

And if you do this for all your features, the tests will just tell the developer what the code is doing.

Or you can write documentation.

"ever since we fired the testers, our bug reports and issues dropped to a record low"

Or you can use comments. Or JIRA tickets

Also use comments for a broader scope of code blocks

rofl

And use comments to state WHY you're doing that stuff. Not how.

The code should tell you the how

so many developers are of the opinion that if you use comments, you doing somethign wrong. Code just be readable.

Use proper function names.

Yeah, that's bogus

Only time I use comments, is when I do something that isn't normal. So I add a comment to why I implemented that code that's "unnusual".

That helps you understand what the code does, but not why it does it

So mostly, ugly fixes

According to a survey done by stackoverflow, the average coder believes they are more competent than the average coder.

lol

Coding is a means to an end to me. It serves a purpose.

Like in almost anything asking something like that.

"are you a good driver?"

Nope, and I do it for a living

If I'm asked if I'm good at my job, my answer is only on some days.

"I do my best" 😂 is the most honest answer I can give.

"I try to be"

Haven't fucked up yet this month!

I'm a lousy coder but damn am I good at telling people they're doing stuff wrong

huh, sounds like the average developer

did you mean

1. make sure your manager wants you to do it
2. make it look like progress is going
3. make it work just enough to make manager happy
4. make it work so that customer is happy
5. add refactoring and optimization to backlog
   ?

i honestly think that understandability is often somewhere behind security

*in practice from what i have read

You put in just a thumbnail version.

CVE warnings of dependencies, then understanding the warning and then taking the correct action.

i think one of my tech leads started hating me for couple comments about his code, even though i didn't think they are all that important... he made many arguments with me since. one of them was that make is obsolete and bad tool that shouldn't be used... I found out that it's used heavily used in ansible, that he was integrating into project - I got him good

Which, is to me, part of security.

1. Schedule thousands of meetings with manager to clear up any questions you have
2. Not code anything
3. Tell manager progress is slow because of meetings

I don't think this is sustainable

You run out of questions eventually

What ide is that

i hated my last workplace for not having proper meeting and than asking bs requirements when work was presented
it's like i was working freelance with classical requirements drift

IntelliJ

but I believe there are also websites/plugins for code repositories that scan your repo for vulnerabilities.

Github does that

There are also some external ones but I forgot.

there's a human factor. hoenstly it's too important everywhere

testRaisesException()
{
setup(); // raises exception
myTestCode; // the test
}
I've seen this kind of code 🙃
And since the setup raises exception, the test passes

what testing framework?

because the frameworks I remember, always fail on exceptions. No matter where it happens.

idk, that was like 5 years ago.

was some java shit

wild...

where you can tag that a test should raise an exception

fucking idiotic if you ask me.

but what do I know...

it should be the other way around;

• always fail on exception
• mark with "@ignoreExceptionsForTest" to ignore exceptions and let test pass.

Exception testing is not done much, but it has a logic. It shows that you as developer/tester though about the cases for exceptions.

I'm happy we don't use exceptions at work 😄

And I prefer return code functions instead.
Forces the user to handle the error right there and now 🙂
Buut we're also doing realtime stuff so exceptions are bad for that.

We used project lombok in our project. It let's you tag and lombok makes the code for you based on tags.

@Getter @Setter public String name = "";

So I don't have to write the methods to set and get the value. But the Lombok also had this one: @SneakyThrows which just handles the exceptions without us writing the code. Man, the lead did not like that.

Why...

I'm gonna rant... but

Just use a public variable

You crazy?

I hate getters and setters.

No no no no ... no no no ... nop. nop. nop nop nop.

😂

It makes for clean code, it improves readability. And 100 other benefits for getters and setters.

Fine if you do more logic when getting the variable I guess... I'm still "against" it to some degree.

I understand, but I was talking professional work environment.

Not home/kitchen coding 😄

www.baeldung.com/java-why-getters-setters#significance-of-getters-and-setters-in-java

I always liked baeldung.com. Good website for java + spring related things imo.

It is inexcusable to not use them if you're working on code that anyone else will ever need to interact with

Otherwise, they're just a pain and I don't use them

that's why we used lombok.

so we didn't have to rewrite the same methods/functions over and over. Just add tags.

That's why I argue it's bad to use them... because you need a FUCKING LIBRARY TO GENERATE THEM

But Me be me 🙃

When you have a project with over 1000 files?

and 2 teams of 50 people working on it?

If we wanted control over setter/getter, we could still write them manually.

In the end, the field was still protected as stated in the article I posted.

Nobody could interact with the variable by accident, since you need to use setter or getter.

There is a whole spring framework that reduces boiler code for Java.

Because in the end, they don't want only good code. They also want us to be efficient.

That's how we got to the whole ML/"AI" code generation plugins for IDE's.

oh boy...

Yup ...

Gotta be fast

I'm never winning this argument

Honestly, I have nothing against plugins creating boilerplate code.

but it has to be boilerplate.

Anything other than that, code it yourself.

Better than that I guess.

And to be fair, Java has a lot of "you have to write code like this". It's not flexible, forcing developers to follow the boilerplate.

And if you have the write the same thing over and over again, for hours, you go a little bit crazy. And as a deleloper you think; "this can be automated".

my 3 issues with java.

1. Everything interfaces
2. Everything exceptions
3. We've talked about it.

It's not about winning to me, I understand you. I just wanted to add that I can see a few use cases where the tools have benefits. The problem is that people use it nilly willy without thinking, that can be dangerous.

I don't have an issue with interfaces per say, but when everything is... I do.

That's how historical, we got all these automation tools that do coding for us.

Because people got sick and tired of writing the same thing over and over again 😄

But the ML code generation has more to do with "let's see the potential of machine learning and coding".

me watching this arugment and not understand coding but still being entertained:

I don't have "high" hopes for it because of limitations of "context"
TBH it's getting better but still a long way to go.

Pretty much.

real

I love how it's actually two jokes in one.

One dissing that Machine Learning is called "artificial intelligence" and the other that it's just statistics.

Why I'm probably never touching java again 😄
C/ C++ too flexible.
just create a struct of data and access it directly

Also, if anyone is into physics:

https://www.youtube.com/watch?v=AqwSZEQkknU

I really like Sabine Hossenfelder, but a lot of times it's going over my head.

Yup, have to agree 😄

Speaking of "AI" cough prediction models. The hitting the wall is "iirc" (not seen the video) we're hitting the limit where it's getting more expensive to run/train models that can be more accurate in it's working context. And we need a new way of working/ structuring with that kind of data.

Well, OpenAI made a total new model. But haven't released it, because employees rumor that the model is better at certain tasks, but worse at other tasks.

and according to video, google and co are reporting the same.

So not sure if it's more expensive, or it's a hardware limitation, or a model limitation.

Tbh both.

because the models get so large, you cannot run them as a user. And I don't want chatty gippity to get my data.

so impossible to run them locally.

I can't listen to her, hearing German accent in English is super annoying for me

I also love it when AI companies are releasing new products exclusively in places not covered by GDPR

She hits the nail on the head though; "I am puzzled why these people think this will work, plausible reason is that they need investors" 😂

Like me listening to swedes talking.

She is poking fun at them because they all ssaid that AI will solve all physic problems.

Då yoåu tålk låik this.

"Solve" hahaha

Aid, maybe.

This is the stuff I am tapping out:

🤯

The problem with todays AI is that it will just "predict" what the physical model of the world is 😁

I will laugh my ass off if the "AI" bubble really pops.

Same 😄

And that the best the thing will do, is answers on questions on google.

or create "art" or "songs" rofl 😂

noise is art

Ok, finished the video. Verry interesting stuff.

And I agree with her.

Honestly, I moreso want the real estate bubble to burst

Or any financial bubble tbh

Make crypto bros eat shit

Physics is based on data. So far AI to solve physic models etc, it needs to correct data. BUT even the scientists don't have the data yet, so how can AI have it. She gives an example; why did we make a giant particle accelerator (Large Hadron Collider) if AI could have solved this easily? Because AI can't solve it. We need to particle accelerator, to get the data.

I love how the bunkbed conjecture was proven false:
Researchers used an AI model and lots of computing time to churn through loads of simulations only to take a step back and solve it with good ol pen and paper maths

Maybe it was better if AI wasn't so hyped up and we approached it with level heads.

It's a good start but the future will improve upon it.

But hype sells.

hype for brainz!!!

People need to more

its literally exactly how i got it i havent changed a thing that could affect the hardware in anyway because i expected this shit to happen

encoding cases in return values is a good option.
raising exception is a cheat that ignores encapsulating logic, and to not make it bad you have to catch them...
it has it's uses but basic premise of it somewhat meh
though i like how explicit it is.
maybe somewhere there's a language that makes exception go only 1 stack up

so people wrote a bunch of code to get around a bunch of code but it wasn't enough so they fed billions of line of crappy code into statistical model in hopes that it will write a bunch of code faster? i mean, yeah, it will write code faster, but am i the only one who sees problem in this?

No.

didn't Welch Labs made vid on same topic few weeks ago?

maybe, not sure. That video popped up in my feed

sometimes you take a wrong turn to exclude it from your list of possibilities

https://youtu.be/5eqRuVp65eY?si=sAvd_BtH8aoJeOqa
Bro is cooking tasty videos

btw... are there any meta-AI tools?
I mean, like 'ok, we have prediction model that uses natural language - what's next?'
the clsoest thing i found was DSPy

I'm gonna say this, both ways have it's ups and downs.

• Return value
  Problem with return value, is that you can ignore it. (god knows what will happen next)
  Unless you're running like a modern version of C/C++ that has a nodiscard tag, so you cannot ignore return values from that function
• exception
  Ignore it and you crash here and now (which "could" be a good thing)
  You can always claim "Someone elses problem now"

why did me brain read DSPy as "dipshit"?

fireworks

remember when samsung put out an eight hundred dollar phone that could explode in your pocket at any moment we need to bring that shit back

why?

you're asking the wrong questions

Note 7 my favorite

Exploding Galaxy Note 7 Burns Down Jeep To Ashes

"Apple wants to build battery that explodes stronger than Samsung's"
der-postillon.com/2016/09/galaxy-note-7.html

it's all plan of israel's intelligence

this is extremely wrong

Test-driven development (TDD) is a way of writing code that involves writing an automated unit-level test case that fails, then writing just enough code to make the test pass, then refactoring both the test code and the production code, then repeating with another new test case.

tldr: if you design for a test
it will always be designed to fail around the test

it's how you lock yourself into bad designs

Also : yes, unit testing is absolutely necessary

You can disagree with TDD, but that doesn't change the fact it exists.

I never said it does not exist

You said what I stated was extremely wrong.

While what I said was the literal definition of it.

I said what you are talking about extremely wrong

I just came to see messages

All I said is, that's how we developed.

And it worked.

www.geeksforgeeks.org/test-driven-development-tdd/

anyway off to bed 👋

Industrial grade blue laser 3D scanner on robotic arm. At BaumaChina exhibition

Oh that's awesome

www.3dscan.cn/en/

That is about $15k for the scanner and robo arm another $15k

Would be nice to compare it to machines our resellers have, with similar claimed accuracy

It wont be designed to fail around test... That's not the connection

But i find that sometimes writing test cases is pretty much like implementing requirements for it, so that when the implementation of the code is there i can just test if it's up to requirements

yes it, that you think about it or not, it's how focus and designing work, if you have test in main think, you dont have other around as main purpose, the matter need to stay key otherwise its bullshit design
but I do agree that these "failsafe" coding languages are very well liked because it gives you the ability to code thousands of useless lines that do not give out errors in limited time
"productivity"

code, limit testing, testing, regression testing, and implementation requirement definitions are all very different things and must not get overlapped at all cost

but I do understand this is the current bullshit desiging rush methodology for "successful" commercial marketing products that move so much money currently

but no wonder our societies are struggling more and more while all this happens,
dont you get that some grounded shit is missing ?

it does not actually work

business will use whatever brings money

and premise of writing tests before actually implementing feature is not one of them

depends on how clever the business is and if you have a straight specification to work on... having a mockup for your code and a test before doing the real implementation can save quite a bit of time and money

but getting a good specification is often a headache itself

that's why I insist in fucking not confusing these things

you need to be fully aware of each
yet each requires different specific skill sets

afaik the most obvious of all is regression testing

it's the less error prone

(and the most valued in production currently)

designing is the most complicated one
then comes limit testing
then coding
then production testing
(unit testing is required and include all of them and is a method for testing more than a type of testing)

btw implementation documentation and code documentation are again different things respectively

and ofcourse interface/application documentation
but that one is tied to product, not dev

😄

the enemy of good tests is often just the management

explain limit testing
i was dev in QA and today is first time i hear these two words together

i hope that production tesing isn't test in prod lol

Yeah, because that's a best practice, testing in production

even better, screw environments. One to rull them all: production.

also, lol black friday and tech website goes down.

remember talks from couple years ago that staging just wastes time because it's still not equal to prod

Not really. But I've heard most of it.

Testing is a waste of time. Automation is a waste of time. Environments is a waste of time. Clean code practices is a waste of time.

And then they stand crying next to my desk because costumers aren't happy the application is down all day.

people want a candy put in their mouth

Just do what makes you comfortable.

I think there is a way to still be efficient and have great QA. It's not easy, but possible.

You will always sacrifice efficiency for quality. That's the price you pay.

And you need to pay QA testers as a company.

Because developers think they are above QA testers 😄 And don't need to do peasant work.

some care only about short-term gains. that's where quality doesn't matter as much. but past that... quality has its final say

I've literally seen a company, lose millions in a day because of bad software.

and those same people rant that games they play have bugs

in a DAY.

And then the blaming started throughout the whole company. The conclussion was: we need more QA.

i know company that literally finds cheapest labor across world for QA

So since that day, the company made a 360 turn and started to invest in QA, too late, but not too little. Once QA was good, they fired everyone 😂

i do mean physical labor as well
and literally across the world

including QA?

No, only QA. They left one tester in a team or something.

That's how companies think.

bruh

You fix the problem. But after a while you forgot the problem, you see QA as an expense.

Then they hit a wall, costumers get angry, they fix the problem again. And repeat.

i now think that people who solve problem are value that companies should keep - not the code, not the documentation or tests... people.

code doesn't write itself. nor does documentation or tests.
human who solved problem can do it in different language, for new requirements etc

unless business is a hungry ethereal being wanting money
it should remember that it's run by humans for humans, and that includes the team

Yeah, tell that to the boss. They don't give a -bleep-

They see numbers on papers in colors. Red is bad. Green is good. 📈 📉

If red, start firing people.

MBAs are taught that people are just interchangeable identical cost centers.

People are a resource for companies. Nothing more, nothing less.

Even if you are the best developer, the technical lead of the whole company, doesn't mean jack.

If a CEO needs to choose between saving a company and firing one person, decision is quickly made. It's a rational world.

If a CEO needs to choose between saving his own ass and letting the compawny go, the decision is also quickly made.

They don't give a damn about all the extra hours you've done for the company or anything. You get fired pretty easily.

But point was, MBA schools teach things that aren't true, and kill companies.
Which leads to stuff like Intel and Boeing.
Where the expensive, experienced people were let go years ago and replaced with new people, and then stuff stopped working because of that.

Because the MBAs really thought that straight out of school cheap hires are just as good as the people who had been in company for 20 years.

And the resulting brain drain bit HARD

It's all about the 💰

experience people cost more than juniors from school. a LOT more.

For same amount of worktime.
But not for same amount of actual usable work.

we get paid by the hour, not based on actual work.

So a company; never thinks like that.

Yup.
But the profits come from actually accomplished stuff.

Not really.

Once everything is up and running, you need to just keep it up and running, at a low cost as possible.

If you can manage that, big profit.

It happens to games all the time, the games get handed over to a maintenance team.

And both of those examples were from engineers actually developing the new stuff.
In industries where you cannot just sit still.

WoW is still making billions as an example but the veterans are gone ages ago.

And that game is 20 years old btw.

I see it even happen in OS systems. A sudden downgrade in quality, weird bugs that they didn't make in previous applications, then you google around and stumble on articles about junior teams making software for apple and co.

And that the old veterans left or are fired.

and it only works liek that in modern time where we have somewhat stable OS and drivers etc. and engines
if your game has self-made engine an user has shiny new OS you never heard while developing - maintenance team is probably screwed for good

and we know it happened.

KSP 2.

I think it was Baldur who told me that.

it's not a used terminology because nobody learn to fucking test things correctly and for what sack
you just do "testing" whatever that means for better or for worse
limit testing is similar to coverage testing
but including data integrity control, not only execution pathing/branching control

i.e get all the intrinsic way you system perform and work or does not work anymore
this include internal buffer size checking/testing, loop start and end state and conditions
etc..
let's say you code i<50 for loop
you'll unit test with 49 50 0 1 inputs and check what happens

or internal structure size and overflow limits testing

like "do I hit this maximum 50000 managed object count, and if I hit it anyway, what happens"

the second part is much more important than people may think
because it will show you if you ever confused the system working state for its none working state because of a bug
you will be like "wait it 'works' with 70000 objects wtf, I'm missing something"

and it's tightly linked to why unit testing is extremely important

you can't assert anything is working reliably if you can't assert each part of it is

then production testing
is testing how it behaves and performs with a typical production workload data set
and again assert all the part of it is according to expected AND spec

then comes regression testing
which is kind of a "old production" testing
you test for how the typical dataset and limits, typical to current production system (expected to use your newer version), performs compared to what it is currently performing and expected to perform

once limit are good, production are good and matching documentation and spec, and no regression is asserted
you are on the clear
good bet you can push it

you can't assert regression testing without production testing first, whatever the 'result' is
you can't asset production testing without limit testing first, whatever the 'result' is
and even if all that fails, it's useless because you will need the limit test results for actual debugging

pretty sure in classics its classified differently
pretty close to load testing by idea, but on a smaller scale
i have done those, found a nasty bug in paging

i got the thing

load testing is only a part of it
"limit testing" includes :

• stability
• load
• integrity
• coverage
  but not isolated from each other's (check integrity for each branch, and load)

load is also in "production" testing
but not same kind of load

and yes, it's not a sphere

I'm aware I may be the only one who is using this testing categorization
but it's the practical one for reasons I explain and others

i think i need a brake, i start seeing things...

not the only one

i hate how they are classified classicaly

because it's just a mess that makes little sense

aside from selling courses

it's like they found the least practical way to categorise that is not rising eyebrows

I think it looks great with just 16 rays
(yep, it should have filled color inside, not outside...)

oh wait, it works fine if i just reverse order of looping through azimuths

i got bumboozled by it twice!

looks pretty much perfect circle with 3*16 rays

i guess AMD drivers arent going to get updated this month

huh...

Im planning on making a nas for my family but dont know what program to use. Any suggestions? I kinda want it to be all one system as in my main pc is also my nas but dont know if thats a good idea.

File sharing is basic part of Windows?
And on anything else, same Windows file sharing server is used (SAMBA)

Depens on a few criteria :
How much storage do you want?
How many hours of the day do you need it to available?
How failure resistant do you want it to be?
How many users will use it?
Do you want it accessible over the internet?

1: around 30TB minimum
2: 24hrs per day
3: very
4: around 6
5: yes

Btw, i have 2 18TB Western digital gold HDDs

I think they are 18TB, gonna check when i get home

AMD has been very active with patches lately

sarcasm detected?

No?

the last update was a whole month ago

So?

Don't push out updates just for the sake of pushing out updates.

I count 10-12 driver updates for 2024.

11 i think judging from their naming scheme

So what's the problem? 😄

i never said that there was a problem with that

Those are year, month then serial number inside month.

So if 24.10.1 is current, then if two months have had .2:s too, then we are up to 12 now.

24.10.1 WHQL 24.20.19.01 32.0.12019.1028 2.0.317
24.9.1 WHQL 24.20.11.01 32.0.12011.1036 2.0.317
24.9.1 for Polaris and Vega WHQL 23.19.21.01 31.0.21921.1000 2.0.279
24.8.1 WHQL 24.10.37.04 32.0.11037.4004 2.0.310
24.7.1 WHQL 24.10.29.01 32.0.11029.1008 2.0.302
24.7.1 for Polaris and Vega WHQL 23.19.16 31.0.21916.2 2.0.279
24.6.1 WHQL 24.10.21.01 32.0.11021.1011 2.0.302
24.5.1 WHQL 23.40.33.01 31.0.24033.1003 2.0.299
24.4.1 WHQL 23.40.31.05 31.0.24031.5001 2.0.299
24.3.1 WHQL 23.40.27.01 31.0.24027.1012 2.0.299
24.3.1 for Polaris and Vega WHQL 23.19.12 31.0.21912.14 2.0.279
24.2.1 WHQL 23.40.19.01 31.0.24019.1006 2.0.299
24.1.1 WHQL 23.40.02 31.0.24002.92 2.0.294
24.1.1 for Polaris and Vega WHQL 23.19.10 31.0.21910.5 2.0.279

So actual 14?

Or else 10. (without Polaris and Vega).

And then there have been several releases that aren't in the normal numbering, as they were kind of "beta" releases of per game drivers.

For example 24.10.37.10 preview driver for Space Marine 2 and Black Myth: Wukong

Why do some games get special drivers? And others don't.

To make the drivers tolerate bad programming from game devs.

Did AMD put driver out for Stalker 2?

Yes, but why for some games they do it. Like I said, why not for Stalker 2?

Or do the developers need to pay AMD some fees or lobby to get support.

Seems to arbitrary and mostly aimed at tripple A games.

When the game devs have worked with AMD in advance?
To get day 1 driver?

No idea what is needed to get that kind of co-operation.

afaik, SF didn't get special update either.

here i am preparing to test a whole bunch of stalker 2 perf mods

but then

the update drops(finally)

Yeah, I was reading patchnotes too.

650 different bugs and issues

Access violation just screams bad programming.

Also, potential memory leaks... it might be one. but maybe not. we are not sure. we patched it up nonetheless.

did we patch it WDK🤷‍♂️ BUT we know our players will eventually find out:)

Haha, yeah something like that. "Let us know if it helped. Else we change around some more code."

but this update should be a step the right way.i'm not that mad either since there is a literal W*R going on over there

I am thinking to buy it but not sure.

What's up with the voice actors? Why do they all sound so british?

(let me answer your question with a question) is there a problem with that?

Oh there is ukrain voice acting.

Yes. A lot.

It's not immersive.

Unless there is a reason we speak british, like a UK team went to chernobyl to help the zone out or something. But still the citizens of the zone should have accents lore-wise.

a bit of look into how to work with UE5, including Lumen
https://www.youtube.com/watch?v=ds_jC_Nv380
(also looks like they sort of leaked what is being teased in recent community events)

I've put well over 40 hours into STALKER 2 this past week, grinding my way through the gigantic open-world survival horror shooter to get my review done for launch day. For all of that time, I played the game with its Ukrainian voice acting and subtitles; after all, it's the native language of the developers at GSC Game World who made it, and it's also the one that makes the most sense for a game set within the Chornobyl Exclusion Zone in Ukraine.

it's always more interesting and immersive to hear native voices.
be it The Witcher (Polska), Tomb Raider (Espanol with modern locals and Aztec(?) with older ones) etc
different languages and accents

do you mean in english va?
it's probably that historically british accent is used to imitate unfamiliar languages - it's kinda foreign to US

also it's very articulate, which is used for rich and villains

and, i am probably digging to deep, the north/central Ukraine is a place where more articulation is used, compared to west, for example

I pretty much can't understand people from west when they speak first couple sentences

dialects used in Transkapatia are, well, dialects. but even without unkown words there's considerable difference to how it sounds

It's a common feedback about Stalker 2. The voice overs.

A colleague of mine, though, has been playing in English, and told me that dub of the game is pretty cheesy — an impression I also got when catching bits and pieces of dialogue watching video reviews of the Xbox and PC exclusive this morning. Curious, I booted up the game, switched the voicework over to English, and ran around a base full of NPCs to talk to.

And, uh. Wow.

does anyone still compress files with WINRAR/7zip? oh well this is going to take a while

Don't use 7zip.

WinRAR or Windows File Explorer seems a bit safer.

i'm using WINRAR

every time i see winrar i curse

file explorer can do it too?

Why do you say that?

perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/

I'm a 7z fan

7zip only shows innocent file and hides malware.

WinRAR and Windows File Explorer shows both the innocent file and harmful file.

When opening our sample combined.zip with 7zip, it will only display the contents of the first archive (pt1.zip), showing only the “benign” first.txt. A warning such as “There are some data after the end of the archive” may appear, but this is easily overlooked.

WinRAR, on the other hand, reads the second central directory and displays the contents of the second archive (pt2.zip), including the “malicious” second.txt. This makes it a unique tool in revealing the hidden payload, which attackers rely on when targeting specific systems.

Windows File Explorer struggles with concatenated ZIPs. It may fail to open the file altogether or, if renamed to .rar, will display only the “malicious” second archive’s contents. In both cases, its handling of such files leaves gaps if used in a security context.

WinRAR is also worse in terms of compression effeciwncy and speed

Posted: November 7, 2024 (so it's recent)

Its not a 0-click vulnerability and still requires you manually extracting a malicious archive

No?

You double click it; it shows "good content".

Bad content is hiding in background to be executed.

This makes it a unique tool in revealing the hidden payload, which attackers rely on when targeting specific systems.

either way my SSD cant handle it

**Windows File Explorer and WinRAR: “Smoked Out” the Trojan **

On the other hand, opening the same attachment with the built-in Windows File Explorer or WinRAR fully exposes the hidden danger. Both tools display the contents of the second archive, including the malicious executable SHIPPING_INV_PL_BL_pdf.exe, which is designed to run and execute the malware.

@night girder I am so confused what you're trying to say

Note that this has been fixed already, update 7zip to 24.07 or later

Because they didnt have any ukrainian voice actors who could do english

7ZIP has a weakness/vulnerability.

@night girder you didn't even think to check that?

GSC had to redo all the voice lines when they moved to Czechia

LOL!

Cause their voice actors didnt leave ukraine

yeah, it's fixed after a 3rd party company found out.

while the other tools didn't have the issue. Because they didn't do dumb dumb stuff.

Yeah, that's how... nearly every vulnerability gets fixed

Literally I am not goign to fight over this.

It's your system. Do what you want.

That's a very dangerous assertion

That's normal though?

OTHER PROGRAMS DIDN'T DO THIS!

Bro, 7zip dropped the ball.

Just face it. Ok they fixed it. Good for them. They had vulnerability.

Also, isn't 7z open source?

Every single piece of software ever written is vulnerable to some sort of attack
Your hardware is fundamentally flawed and insecure
That in and of itself is not a reason to stop using it

github.com/ip7z/7zip

Yep

You don't have to tell me that.

Mate i got some news for you

I think you should contribute to the repo @night girder, since you appear to know better than the current developers

Then don't make the argument that I should stop using FOSS because they had a vulnerability and handled it well

Why is everyone so butthurt?

Did you know that Windows had a level 10 vulnerablity in the print system!?!

Just because I said 7zip failed one thing that other didn't.

Windows cannot be trusted!!

It's just facts.

I'm not "butthurt", I just want to see you put your money where your mouth is :V

Go read: perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/

And make your own conclussions.

Where did I say I can do it better? Quote me.

Because you're saying that them handling a vulnerability(which happens to all software) well is reason to not use said software

No, its that you are saying that vulnerabilities mean that software cannot be trusted, even after a patch which is simply not true

the problem is you are demonstrating ignorance about how vulnerabilities are found, reported and fixed

Just quote where I literal said: "I can do this better than the 7zip developers did".

Because it's really easy to go "Durrrr they're so stupid why would they ever do that if I were in charge they'd never do that!!!!!" when you don't actually take the responsibility and do better

Get out. That's not this discussion.

Nah

that is terrible advice

☝️you are behaving as if a vulnerability existing in the first place makes that software less safe or worse

That's how it started. All I said. WinRAR or Windows File Explorer are a "bit" safer.

Wait.

I said SEEM.

So that's even more subjective.

When they've both had their own vulnerabilities? And they're both closed source

"Don't use 7zip" is not subjective, that's an assertion

If anything that makes them seem less safe

It certainly does

i am afraid you don't get to state an absolute like "do not use 7zip" then get mad when people challenge you on this

I gave you the article. Read. Or don't.

i read it yesterday

i know the 7z code base is unreadable weird shit that's maintained by like two people

then i might try it at some point

Article is now irrelevant as a reason to avoid 7z because the issue was dealt with promptly

🤦‍♂️

I finally switched to NanaZip (7zip fork with Win11 features etc.) some time ago.

or i might try that then

vulnerabilities happen in all software; what really matters is how people respond to them. if 7z refused to fix the issue, we would have a problem and everyone would be yelling "don't use 7z". this happens quite often with companies that don't understand what a bug bounty is

I find it very interesting that you're intent on dying on this hill while also sounding pretty uninformed with the conclusions you seem to be making

NIST NVD has 52 entries for WinRAR and 25 for 7zip

But that switch was for those UI reasons.

also, if this makes you scared of 7z, i beg of you not to read into the many failings of windows over the decades

Yup. I am uninformed.

what is NIST NVD?

Database of vulnerabilities & security flaws

Vulnerability database

nvd.nist.gov/

Ooohh

This should be whitelisted ngl

How does one whitelist all .gov sites?

Perception Point security researchers contacted 7zip developers to address this specific behavior of concatenated ZIP files. The developer confirmed that it is not a bug and is considered intentional functionality – meaning this behavior is unlikely to change, leaving the door open for attackers to continue exploiting it.

But I am not allowed to question the actions of developers behind some software. Or even question the software itself.

also why is every WINRAR VS 7zip benchmark done on some 10year old garbage PC?

And I'm looking at cert.europa.eu which clearly states that CVE-2024-11477 is fixed in 24.07

So please, question the software. But for all our sakes, question the software in an issue report on that software's issue tracker

Doesn't inspire confidence in said software.

But not stated in changelog in any way,.

The fact a developer said it's not fixable. And now it's "fixed".

And not in the source extract between 24.06 to 24.07.

i think that this is a pretty good compression ratio (but IDK how 7zip would do here)

Then I would highly suggest emailing CERT-EU with evidence of a working exploit on those principles on 24.07 or later

If you're compressing text, I've seen as low as 15% with 7z

And remember, lower is better

wait, LOWER is better WHAAAAAAAAAAAAAAAAAAAAAT

🤯

https://tenor.com/view/cat-huh-cat-huh-etr-gif-15332443943609734737

Yes
Compression ratio is the percentage of the original file size that the resulting archive will be
Lots of people don't realize that at first, me included

how is 15% compression better than 70%?

what a ass backwards way to do that lol

See? 💀

** CVE-2024-11477 Detail **

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.

I don't think this is even the CVE of that issue. The issue is Concatenation. So not even sure what Ttree is on about.

But I don't have knowledge according to Ttree.

I'm clueless here. How is concatenation itself an issue?

7-Zip 24.07
The bug was fixed: 7-Zip could crash for some incorrect ZSTD archives.
So not related to this "multiple archives in same file"

Don't think so no.

Two ZIP archives as one file, one after another.
Most software only check the first one, and some trojan is using that second "hidden" archive for bad stuff.

So, there is no CVE for it. It's not fixed.

To bypass antivirus checking etc.

But as far as I know it doesn't allow for code execution, just to hide stuff that still gets extracted

But it isn't really bug to not handle that kind of spec-noncompliant file in way that would read both/all of them.

You can read the article fight or flight. And just do what they do to check it out yourself.

I did read the article 💀

It's just putting two zip files together. Both get's extracted, but only one is shown.

And WinRAR doesn't handle it "correctly" either.
It just shows the LAST concenated file.

When 7zip only shows the FIRST.

Indeed

And Windows doesn't read it at all.

People at work, open zip, get to see harmless file. Think all is good. And in background there is malicious file ready to get executed.

Nothing gets executed when you extract it

Well, that's when other vulnerabilities come in.

So if they can combine that + extra vulnerabilities shit can go wrong.

i do NOT think the avarage person can tell the difference between a harmaless and harmfull file

The malicious executable SHIPPING_INV_PL_BL_pdf.exe is identified as a variant of a trojan malware family that leverages the AutoIt scripting language to execute a range of malicious activities. This trojan is designed to **automate malicious tasks **such as downloading and executing additional payloads, which could include other types of malware like banking trojans or ransomware

If you see an exe when you expect pdf...

Letter, I'm 100% serious when I say that if you think that there's an improvement to be made, the tech channel in a funny factory game discord is the wrong place to discuss it. Please, I implore you to continue this discussion on the 7zip github

Yeah and email encryption is unsafe cuz you can bypass it - by attaching html code as MITM that'll send the decoded email to you upon execution.
And it's automatically executed when you enable HTML elements of an email (which you shouldn't anyway)

people can still miss that (think back to the LTT hack)

And even that "extract" doesn't get the second file?

It's a cyber security company, if they warn us for stuff, sorry, but I take them or their word.

Hell, I take their word over most words in here.

7zip doesn't allow you to see that there is extra.
But neither would WinRAR, if you concenated 3 zips, with that payload in the middle one.

Or in first one.

Winrar warns.

No.
It doesn't.
It just shows the LAST ZIP in the concenated file.
Which in the specific instance contained the malicious file.

7zip works on the FIRST zip in concenated file.
And only the first.

WinRAR only works on the LAST zip in concenated file.
And only the last.

Neither shows both in concenation of two zips.

Oooh yeah and people ALWAYS pay attention to that.right guys right?

And if you concenated three zips, first as legit, second as malicous, last as legit, neither would show it.

According to this article, the only one that manages to properly get the threat is Perception Point's Recursive Unpacker, which is convenient because Perception Point is also the owner of that blog

The "Fix" is that antivirus programs that look into archives are updated to check all possible archives in concenated file.

Or, alternatively, that (IIRC, I'm not good with zip files internally) the entire CD gets ignored and the unzipping program does all the work done there again just to be sure

Reminds me of one of the worst and funniest Luca app security issue - an app designed to track contacts during COVID for events/locations/etc so you wouldn't have to leave your contact data out on the table.

If you tested positive, the local health departments could request the location's present guests from your stay and download the reports as an excel document.

Turns out that you as a user could modify your user data in a way that upon automatic creation of the Excel export, it'd be transformed into a macro that auto-runs.

Developer said it's a non-issue cuz "everyone knows you shouldn't enable macros in Excel"

Can't you sanitize that data?

So what should 7zip do?
Work on all the concenated archives in file?
Against archive format spec?

Which no other archiver does either?

Like how do you prevent lil Johnny Macros from popping up if you can't sanitize your input data

Simple: you tell the federal government that it's their fault for executing the macro and not yours for allowing it in the first place

Baldur, I get to see all 3 files.

merged 3 zips together, unzip and this is what I get.

Merge != Concenation.

Actually, why wouldn't they just throw out a CSV

let me concenate

Because that writeup is very badly done.
As what WinRAR is doing isn't any better than what 7zip is doing.
Just that the specific malware was written to go around 7zip, but not WinRAR.
And doing it other way would work against WinRAR users, but not 7zip users.
And doing that concenation of three would work against both.

Unless Excel automagically manages to extract macros from a CSV file in which case huh

Merge combines the contents of the three files, into one archive.
It doesn't just slap them bit-by-bit behind each other like concenation does.

Costs money and they're looking to make quick cash

The whole Luca app was a disaster

Yeah but like, what would you use for sending tabular information otherwise if you didn't have the time or space to set something smart up?

To me this sounds like they went for the "simple" solution (Overengineered and underdesigned)

You gotta understand: the people there weren't smart programmers, they were smart businessmen.
They saw a global crisis and managed to make a huge profit off it

crisis? what do you mean as i dont remember anything like that in this context

And only the first file got extracted from concenated file on right-click and extract too.
Like that shows.

As expected when it only deals with that first ZIP header in file.
While WinRAR only deals with last ZIP header.

Underengineered and underdesigned.
The data was so annoying to access and analyze that there were only a few thousand contacts traced that way - compared to a different app implemented on Google's blueprint which traced millions and was neither a security nor a privacy hazard

As I mentioned in the introduction to the topic (Luca App): COVID

.

Windows ZIP functionality errored twice on the file.

When as .zip
And when renamed as .rar, it extracted both.

Even when it was zip.

oh so thats waht you were referring to

Winrar gives you warning. Like I said.

So Windows internal ZIP notices both headers, but doesn't deal with it correctly when extension is .zip.

I'm saying overengineered because I'd imagine that building an xlsx file to the point it can and will include macros isn't the quickest and easiest way to kill that chicken

What kind?

That was NanaZip/7-zip

Ok, but that's what researchers also said.

It's not that you as a dev allow that, it's that you didn't disallow it and people found out

Like the article said.

It can give a warning about extra data.

While you said it doesn't?

Yes, 7zip does that if the first archive doesn't end at the absolute end of the actual file.

I said WinRAR doesn't.

True, but my point was more that using a file format where you can't even get close to sending macros would be easier to set up, sorry if I wasn't clear on that :V

It would be easier if you knew what you were doing

WinRAR shows nothing about anything before the LAST concenated archive,.

I wouldn't be surprised to hear that they didn't know how csv worked

So If you concenate 10 archives, WinRAR deals only with the LAST one, and ignores the 9 before it.
7zip deals only with the FIRST one, and ignores the 9 after it, and gives that generic warning.

What does windows explorer do?

Breaks

And Windows would happily extract all 10, on Extract All, if you had renamed it to .rar instead of .zip.

And would throw 10 identical errors if still .zip.

One after another as you click ok.

Man, when did this channel get so much less friendly than I remember it?

I can't remember this ever being a friendly place 😛

wait...what

Maybe it was you then 😉

Probably 😄

Because it for a long time has been one of my favorite places on the internet

I miss a few people though. They all left because of it.

Which technically makes it the safest in the same way that a car without an engine block never gets into a 100km/hour crash because it can't get to the freeway

Amber dissapeared.

this has ALWAYS been a friendly place ( IMO)(until now anyway)

And my life got too busy for me to talk here, now I'm coming back occasionally and it just feels pretty hostile

Traffic announcer: "we have an idiot driving on the wrong side on A7"
Driver: "ONE?! THOUSANDS!!!"

Nah, not much changed.

Did they tell you why?

Yup.

I first started talking in here almost four years ago, it's changed a lot since then
The whole server has

It's probably gotten a lot bigger

The whole world has

It has, that's for sure

I don't really feel that in my little corner of the world, maybe it has for some of y'all

I dunno, I think that this place isn't particularly toxic but that's more because there's no randomly throwing slurs around or bullshit like that

We're talking Q4 2020

does anyone know why this could be? or am i just stupid?

But basically the basic premise in this is faulty:
The writes only deals with concenation of two zips, with the malicious as the second one.

If the malicious was first, 7zip would show it, and WinRAR wouldn't.
Windows Explorer wouldn't change.

And if you had that benign, malicious, benign second time set of three concenated zips, neither 7zip or WinRAR would show the malicious files.
And Windows Explorer wouldn't change.

Honestly mate, I just wanted to spread awereness 😛 I really don't care what people use, I just spread information and make descissions for myself.

And none of this has to do with the actual vulnerability, which is that such a second archive would through methods I don't understand cause an integer underflow which would lead to execution of arbitrary code, which according to everything I've seen should be fixed in 24.07 or higher

I'm kubuntu pilled now

And dealing with intentionally malformed files isn't something that program should be coded to do, except to not crash or execute code.

That was for completely different thing.

Zstd != zip.

Yeah

The whole time I am trying to remember someone else who was fed up with this channel.

Because of hostilities. And people calling them more or less dumb.

if only past me knew........

Basically there WAS bug in how 7zip handled malformed Zstd streams, which would crash 7zip, and possibly allow for code execution.
But that is in no way related to the concenated zips thing.

Which was fixed in 24.07.

'cat' is not recognized as an internal or external command,
operable program or batch file.

Linux example.

I wonder what OS I am using.

am i just stupid or does this just not work

I don't know what you're trying to do?

I know

trying to open my C drive

Hm

Because depending on how you installed, NanaZip can be sandboxed by Windows.

oh,wait when i double click it tries to start compressing

i installed it trough the microsoft store