Hacker Newsnew | past | comments | ask | show | jobs | submit | brianmario's commentslogin

I've noticed this with drums too. Trying out more complex things that required more coordination than I'd typically been able to use up to that point... I noticed that after taking a long break - like 6mo, between bands, etc - with me playing very little in between, I could then sit down and play the thing I couldn't before effortlessly.

I still don't understand it, but I'm here for it.


You can use the gear icon in the upper right to turn the sliders into text boxes.


ah thank you :)


The `trilogy_escape` call (https://github.com/github/trilogy/blob/main/inc/trilogy/clie...) should do it.


I wrote a non-blocking MySQL client C library about 10 years ago or so. I felt that requiring the caller to build up a query string across multiple statements made it too easy to forget and miss instances where quoting was needed. The nice thing about prepared statements is that even from a pure syntactic standpoint they force you to be explicit about the points where dynamic values are inserted.

So the high-level query function for the library was a variadic function that took a prepared statement-like string using unquoted literal `?' for parameters, and much like printf a very simple switch statement machine would iterate the query string and insert parameters itself, ensuring that quoting happened properly. (I forget how integers were handled; possibly with `#', or maybe some macro and type introspection hacks.) This way you could grep all lines where the query routine was invoked and verify that ? was in use. If ? was used, then clearly the developer was at least paying attention. Someone would have to go out of their way to use ? for some parameters, but manually and directly insert other parameters. Not an insurmountable barrier, but a tall one nonetheless for people even remotely conscious of security. The few places where ? wasn't used would standout and could more easily be reviewed.

Admittedly, this wasn't a complete solution, and normally I avoid stringy types and free-form string processing entirely when programming in C. But most uses of the library occurred from Lua via C bindings. You couldn't directly invoke a C variadic function from Lua, so Lua code actually called a query function that reimplemented that API, reusing the same low-level string escaping routine.


Cool! I agree that using prepared statements is indeed the best way to handle this stuff.

There were plans to build out the binary protocol in Trilogy as well, it just hadn't been wrapped up by the time it was made open source. And if I recall, that branch fell pretty far behind. Maybe now that it is OSS, someone can contribute that :)


Curious why this was marked as a dupe?


Unicorn, but the idea is the same. Forcing a GC between requests can have consequences on overall request throughput.


The Co-authored-by trailer isn't actually new. In fact it was already being used by over ~1M commits on GitHub before we launched the feature! :)

The git-core commit message conventions docs mention it (https://git.wiki.kernel.org/index.php/CommitMessageConventio...) as do the OpenStack commit message convention docs (https://wiki.openstack.org/wiki/GitCommitMessages#Including_...).


Using the Co-authored-by trailer is also really useful when pairing, where there is actually more than one author for the content.

This is especially useful when using https://teletype.atom.io :)


One common way to attribute multiple authors in a commit is to add a `Co-authored-by` commit message trailer. You can read more about git commit trailers at https://git-scm.com/docs/git-interpret-trailers.

As an example, if this was a commit message, the trailer adding my attribution would be like this:

`Co-authored-by: FirstName LastName <myemail@domain.com>`


Wonder if they knew about GitHub Organizations?

https://github.com/blog/674-introducing-organizations


This only provides repo level access control. They want ACL's to control down to the branch level.


Think certially and not distributed there :-)

This is handled in projects like the Linux kernel.

Could easily enough have the commitor push to a different repo than he pulls from. Then you could have person manually review pull his changes into manager (like Linus does with Linux).. or if you wanted some automation, have a script import his changes if they match a set of rules.

The other option is submodules.


> Then you could have person manually review pull his changes into manager (like Linus does with Linux)

this assumes that there are enough trusted people in the PHP project with enough time to spend for doing nothing but reviewing pull requests.

> The other option is submodules.

that's a very good idea, especially when you consider how modularized PHP's build system already is. Give them time though. Moving from SVN to git is already a huge step in the right direction, even though the keep most of the old model the same.

Once all of that works nicely, a further step can be to move to submodules.


You can use this library in 1.8 or 1.9. It's especially nice in 1.9 because you can use it to tag strings with the correct encoding based on it's content, which has been a huge source of frustration in 1.9 up to this point.

Really though, the pain in the ass has little to do with 1.9 - encodings are just a pain because they aren't universally supported. So we'll often times get handed bytes with no encoding context so we have to assume or use detection libraries like this.

One argument is "well just use UTF-8 for everything" or "just pass everything around as binary then it'll be fine" - but unfortunately we don't live in a world where either of those solutions will work for everyone.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: