Should have instituted a char limit, that’ll teach you!
I tried to contact a company the other day about something with a complex back story of context the other day, and their website contact us form had a 200 character limit. I pretty much just had to type “please email me so I can email back why I’m contacting you”.
Cannot imagine how this could be legit - you’d run into a hard limit unless you explicitly designed that field to be unbounded.
It’s not hard to find badly designed webpages.
Meh, not that hard to default things to “string”, or similar. For example, the “text” type in PostgreSQL explicitly says “unlimited”, though it seems it’s up to 1Gb. See https://www.postgresql.org/docs/current/datatype-character.html
Similarly, it’s not like text fields on web pages automagically apply limits.
It’s not unimaginable that some dumbass could vibe-code themselves up an easily exploited form.
100% accurate, though vibe coding is optional.
If I have a set of requirements that don’t mention any type of restriction, then I won’t arbitrarily add one - as far as I know, I could be breaking intended functionality. If I’m invested in this, I’ll add it to the list of stuff that needs clarification, otherwise it’s gonna ship as specified, and eventually someone’s gonna file a change request.
Sincere question, are you not expected to clarify questionable business rules? I’ve never worked somewhere that leaving such an obvious issue like “unrestricted fields in a public-facing application” without getting it explicitly stated that that’s intended functionality wouldn’t have gotten me fired instantly.
Look around you, you’ll find “unrestricted fields in a public-facing app” (from a practical perspective) everywhere. Shrek’s script has what, less than 50k characters? That’s nothing, you can fit that in a Facebook post and still have more than enough to write a full movie review.
Where this would likely raise flags is when somebody decided that it needs to be printed, but that could be a different team, maybe outsourced, maybe after the main app was developed, maybe it’s just some “plug-and-play” system that also handles bulk printing jobs, who knows.
I wasn’t really referring to this post with that question - though it is relevant that leaving even an effectively unconstrained field like one that allows for the shrek script to be submitted would have seen me fired (if it had somehow passed QC, field sizes are one of the first things checked).
I was more curious about how different our experiences seem to be: you seem to imply a background where you’re expected to take the requirements as gospel with what you write based solely off that unless you’re personally invested, whereas in my experience engaging critically with the project is the single most important aspect of the development process, and not questioning potentially unwanted behavior leaves you open to firing (or criminal neglect if you’re dealing with medical PII, criminal records, etc…)
I’m quite genuinely interested in the different approach to development philosophy you present here.
A more serious answer - it depends greatly on where I’m working and what we’re doing.
I’ve worked in places where we’d receive outsource work. Usually we’d get fairly detailed instructions about what to do and what to avoid, that were discussed between our PMs/architects and the client, including tests for example that were agreed upon. You were supposed to follow those to the letter, but the most important part was that you needed to deliver quickly because the customer wanted to keep costs to a minimum. “Useless questions” (from their perspective) were seriously frowned upon, so if it wasn’t specified, the expected approach was to do whatever was quicker.
This occasionally lead to situations where their QC/UATs would identify issues with their business rules, but as long as it was compliant with the requirements we received, it would then come back to be changed (at additional cost, depending on how big the change needed to be).
Once accepted though, job done, grab your next work item and move on. Months later they could run into a situation like the one in the printer and come back asking for a fix, but very likely that would go into the CR bucket and a quote would be provided.
Of course if you’re working for a company that actually cares about what they’re building, the philosophy is completely different. If I’m working on our products, then I build a good understanding of what I’m working on, and I’m expected to flag any concerns or issues I encounter even before it reaches QC.
That said, I’ve never heard of a developer ever being criminally charged other than intentional misconduct - like, in the world. Look at the IBM Queensland Health payroll system fiasco, I’m not sure anyone was even fired, let alone prosecuted.
Or even the Boeing 737-MAX crashes - how do you build a system that pitches the nose down repeatedly, without limitations? Those guys who worked on the MCAS software would 100% have considered a scenario where an angle-of-attack sensor would provide bad data, and the consequences of repeated trim, but alas - 2 planes crashed, 350 people died, and what are the consequences? Some payouts…
Yeah, sleepy and wasn’t thinking about file sizes. That 1Gb limit (or, the Tsql 65,536 * [something] limit) was what I was referring to, but rather obviously the plaintext script for the movie is a just a little tiny bit smaller than that (51kb).
It’s still a good deal larger than what in my experience can be fit into a receipt printer, but I can forgive their phrasing even if it was only a small part of the whole script. And aside from that, it does look to be a pretty modern device so it’s very possible that the stupid stupid 20kb file size limit that was so common has since been expanded (Last time I had to deal with a receipt printer the file was streamed over a serial connection into the printer cache before being run off G-code style. Incredibly charming piece of tech…)
Speaking of which - can someone find the link for “Unicode does not work like this” kind of website that emphasizes that there is no simple “character limit”? Like "how many characters is an emoji? " or “Is NBSP a character”, “are non-latin punctuation marks a character”
Bound check all data input, folks.
Ideally during input and on the API request.
if (str_contains($order['comment'],'Shrek')) { die('ONIONS HAVE LAYERS!'); }Try to make sure the “choose a password” field allows fewer chars than the “enter your password” field.
I was just in a literal CVS an hour ago and they have a sign on the receipt printer that says “please don’t grab receipt until it is done printing.” It’s like, shouldn’t the fact that you had to write a sign like that be an indicator that you’re printing out too much shit?
Yeah but clearly corporate knows that wasting paper and your time is better, we’re the problem to them.
Don’t stand in the way of their money. Hand it over!
Why does everything require “pov:”?
POV: you’re reading Lemmy comments
Nobody:
10 print “Hello, world!”
20 goto 10
The most perfect code ever written
DO BEEP LOOPreally got on my mom’s nerves when I was a kid 😼
You are the one
What I think is funny is every time this gets reposted, people start talking about food orders when it’s obviously* a Canadian weed dispensary.
This was 100% bound to happen.
*To Canucks who stopped buying all of their weed from Steve.
Input sanitization is important, y’all
And setting upperbound limits on input length. Because if you expose it to users, it’s not a matter of if some joker will insist on entering precisely 4,294,967,297 bytes of random data into it to see if they can crash your shit, it’s a matter of when.
QA strikes again
Not saying Id spit on their food, well ya I guess thats exactly what Im saying.
Why? How does this negatively impact you, I’ve literally worked togo in a restaurant and this would have me rolling and giving extra goodies.
I gotta change that roller sooner, i gotta wait longer for the next order to come through. And maybe even other inconveniences I cant think of.
Now, someone else pointed out the sticker has a weed sticker on it, so maybe its not a food place, and Id expect weird shit like that at a pot shop I guess.
Also, I guess you and me have different senses of humor. (Nothing wrong with yours, just saying I wouldnt get any giggles outta this)
I do think one aspect is frequency, if it’s like a one-off, hilarious and unexpected IMO (prior to now already seen this meme it wouldn’t be as funny).
If it happens more… Yeah extremely annoyed real quick.
Look all im saying is the printer has a weed sticker on it.
Please go find a sense of humor, and stop punishing people for imagined slights with biohazards.
The fuck is wrong with you.
What the fuck are you talking about? Not agreeing on whats funny with someone does mean I don’t have a sense of humor.
And what imagined slights? I mentioned two inconveniences, not slights.
Edit, never mind the two inconveniences I mentioned, I thought you were responding to another comment I made in this thread. First part stands.
So the intern who hacked up the order website forgot a size limit on that field? Maybe one should check out what other things he messed up…
he didn’t, was some coding AI
I don’t think so. If it was AI, it would not even print the order…
I hope the prankster typed all that out with his thumbs. No copy paste allowed.
SomeBODY once told me the world was gonna troll me…
Photo from Ghislaine Maxwell’s cell.
Printed out all her pre-deleted u/MaxwellHill reddit history
She has infinite toilet paper. none of us have infinite toilet paper.
Ah yes, that was from a recent Jon Stewart monologue wasn’t it?
