d@nny disc@ mc²i am implementing the zip file spec for a fourth separate time because every time i feel like i must be aware of every trick cpython has pulled to make not migrating your entire codebase once a year more painful than keeping up this collective charade and this time it is because writing non-contiguous data to a zip file entry is mysteriously missing from 2.7 while the implementation of the zip spec in 3.14 is noticeably more inscrutable than the implementation i first learned from back in 2020 and includes changes which do not make the state of a ZipInfo entry any easier to audit or model in your brain but do ostensibly address a security vulnerability that nobody noticed for the past 40 years and limits the ability to leverage their linear and pre-indexed structure that enables parallelism in so many ways i have flip-flopped three times in my life over whether parallel splitting or merging is more useful
same language where the maintainer of the reference impl of packaging standards refuses to merge the PEP standard JSON schema for wheel METADATA because that's my emotional support parser confusion vulnerability in the email message parser which lets you inject arbitrary delimiters in the format used to make automated decisions between which dependencies go in your production app
investigating url quoting performance led me to find the C codebase has 13 distinct string search files all of which call libc memchr in equally boring ways and none of which has ever considered searching for more than a single match in each call
we have a good C API for byte buffers now but mutable buffers are orthogonal to string search and meanwhile json decoding still has no fast path which lets you avoid consing up every single node while retaining parser state
god imagine slapping a BRIGHT RED BOLDED NOTICE on your stdlib json module about 30-50 EVIL HACKERS IN YOUR BACKYARD WHILE YOU SLEEP because the library actively chooses not to provide that functionality https://docs.python.org/3/library/json.htm
Be cautious when parsing JSON data from untrusted sources. A malicious JSON string may cause the decoder to consume considerable CPU and memory resources. Limiting the size of data to be parsed is recommended.
just above it in gray
The term “object” in the context of JSON processing in Python can be ambiguous. All values in Python are objects. In JSON, an object refers to any data wrapped in curly braces, similar to a Python dictionary.
"all values in python are objects" actually contains negative 1 * the imaginary number i bits of information when you go to hell they're chucking your ass into the fascist dictatorship of flatland
getting paid to put up a sign warning users to avoid reading json with the standard library because if you read too much you might learn something or otherwise risk independent thought
someone's gonna propose some fucking mediocre rust code that's subtly spec-incompliant and people will cheer because the handling of string search and matching operations across the entire language implementation has been an alternating sequence of (a) completely uncommented load-bearing python-level NOP which becomes progressively more obfuscated each year to address security vulnerabilities by making it easier for our hardworking agents to hide the zero-days the manufacturer gave them (b) a new file named fastsearch.h each year which calls memchr after performing a process known as purifying the call stack in which the author gives thanks to richard nixon for absorbing their sins
and that's also why we celebrate july 1st, 1970 as the dawn of the unix epoch because that's when nixon died for our sins
i refuse to read the richard nixon wikipedia page because war makes me cry but i liked this very direct acknowledgement that being evil has been demonstrated to haunt people after their death
In keeping with his wishes, his funeral was not a full state funeral,
yeah we all know he liked to keep things on the DL
Mourners waited in line for up to eight hours in chilly, wet weather to pay their respects.[324]
the citation goes to a newspaper clipping https://news.google.com/newspapers?id=i_RHAAAAIBAJ&dq=nixon%20funeral&pg=6218%2C5816141 quoting people who affirm that getting physically close enough to the lifeless body of nixon to conclusively confirm the kill with their own eyes is extremely important to them but do not elaborate further on what designs they may or may not have regarding any "reanimation" of his "undead" corpse or whether they're leaning more towards making him a fast or slow zombie
"millions vote, undeterred by car bomb" is a work of art in headline form or perhaps a real piece of work. does the car bomb induce a two-stage fission-fusion reaction
i was gonna go with "IRA nuclear program" but remembered that terrorists with access to detailed information on the design and construction of practical nuclear warheads is not just in the vivid imagination of tom clancy's ghostwriting sweatshop but also describes the colonialist's wet dream every day in occupied palestine
IRA nuclear program would be a great name for an experimental album by danny l harle with vocals from carly rae
it would of course be illegal to play the record in public or interpersonal settings, since our hardworking dragnet surveillance operations are structurally incapable of rendering informed consent at the current stage of technological development. the stock price of elon musk's neuralink surged in response
tali@hipsterelectron if everyone's an object... noone is
some kind of orange shape@milo @hipsterelectron I totally understand how that line got there, because not all values in Python were objects, in earlier versions
Nerds forget the rest of the world sometimes
zrb@hipsterelectron what are they doing in my backyard it's COLD out there! Come inside!