If you're going to draw lines with characters, use the line drawing characters. We have Unicode now.
I have a program which takes text files with ASCII line art and automatically turns them into text files with UNICODE line art.[1] I wrote this for some very old documents, but it's still useful.
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Source Port ┃ Destination Port ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Sequence Number ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Acknowledgment Number ┃
┣━━━━━━━┳━━━━━━━━━━━┳━┳━┳━┳━┳━┳━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Data ┃ ┃U┃A┃P┃R┃S┃F┃ ┃
┃ Offset┃ Reserved ┃R┃C┃S┃S┃Y┃I┃ Window ┃
┃ ┃ ┃G┃K┃H┃T┃N┃N┃ ┃
┣━━━━━━━┻━━━━━━━━━━━┻━┻━┻━┻━┻━┻━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Checksum ┃ Urgent Pointer ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━┫
┃ Options ┃ Padding ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━┫
┃ data ┃
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
Not everyone and not everywhere, and depending on the font, the line-drawing characters may not be the same width as the others even if it's a monospace font (e.g. see https://blog.helftone.com/ascii-art-unicode/ ). The whole point of text files in things like RFCs is to be as portable as possible, and using Unicode somewhat defeats that point.
That's a problem. The above example looks good in a Ubuntu terminal window and in Firefox, but misaligned in the "gedit" text editor. In the SciTE editor, the line drawing characters show as four hex values in a box. groff, even with the "preconv" preprocessor for Unicode, can't display them either.
The box drawing characters aren't even in the astral planes. They're in plane 0 in the 0x2xxx range. So even old 16-bit Unicode implementations should support them.
(The TCP header from an RFC was just an example. I'm converting some old troff documents to PDF, and they have lots of box drawings.)
My take-away from the Monodraw writeup was that Unicode is just as portable, and all Unicode line drawing glyphs are the same size in monospace fonts -- they're just not available in all fonts. When that happens, a different font may be substituted by browsers (probably not by Terminal, though).
I wouldn't put the finger on Unicode but rather that not all fonts have all Unicode glyphs yet, as I seem to recall was the case with ASCII line drawing glyphs years back. Definitely seen that before and it's good to know why. Thanks!
Hey, I'm the author (thanks @zoodle for notifying me).
Obviously, this is a security issue that is pretty much bottom-of-the-barrel-shitty.
My explanation is that I didn't feel like standing up a middleware service to direct traffic through in order to obfuscate the server token. Especially for a tool that I anticipated being used by pretty much only me.
Not a satisfying answer, but thanks for exposing this security flaw - definitely going to add it to my project task queue.
It's an NPM package that people download - how would you store it outside the repo such that people that download the package can reference the token? Can't really use an environment variable at that point, right? There probably has to be some HTTP request to some service that ends up forwarding the request to Uber with the token. Maybe I'm over-thinking this...
$ uber time '123 anywhere st'
No API key found. Please create one using the
instructions at <site> and call 'uber set-key <key>'
$ uber set-key <key> # writes <key> to a file in home dir or a .gitignore location in the repo
Well done!
$ uber time '123 anywhere st' # reads <key> from file, works as you have it
...
A friend of mine accidentally pushed his Heroku or New Relic API key to a toy repo which was public and that information was immediately scraped and used. He was billed a non trivial about which he disputed but cost some time and headache.
Enforce best practices and don't do that even if it's for something trivial and won't have real world consequences.
You would have access to my server token, certainly. But I checked the documentation and in order to request rides, I think you would need other pieces of information that I did not expose. Additionally, there are various scopes that Uber grants regarding the API exposure that any application has.
I think / hope that the worst damage that can be done is hitting Uber's rate limit.
Definitely not defending my decision to include the server token, but I don't think it's the end of the world (just terrible practice).
Do tell me, why are you still using Uber? What needs to happen? Let's see: Weakening the rule of law by deliberately ignoring taxi legislation, that's not enough. Rebuilding indentured servitude via subprime mortgaged cars where the payment comes out of the drivers' wages, that's not enough. Launching self driving cars going again against regulations and putting cyclists in deadly danger, that's not enough. Treating women like shit, that's not enough. Stealing Google tech brazenly, that's not enough.
You could make the case that, since they have a -140% profit margin, the best way to hurt them is to use them all the time ^_^ Every $1.00 you give them costs them $2.40, every dollar you don't give them costs them nothing.
But ip geolocation usually gives you city or zipcode level accuracy, which may or may not be good enough to get an accurate uber estimate depending on how big your city/zip area is.
clearly you haven't been in too many third world countries :)
try getting a reliable yellow taxi driver in those countries who WON'T try to pull a trick on you :) they exist, but are a minority (or at least not a majority)
The goal of this project is to be able to check it from the command line. So while you're at the computer, you can check it via CLI rather than opening a browser.
I think the authors intent was just for his own use and some fun.
If of the all evil things Uber has done since its inception it's the harassment of an employee that brings in the most attention, then something is seriously wrong with people.
It's difficult for most people to relate to arbitrary laws that don't affect them but it's very easy to relate to sexual harassment. I'm not saying it's right or wrong , that's just how we all function. I think everyone knows someone close to them that has been a victim of sexual harassment. Not everyone knows a struggling taxi driver.
Edit: Furthermore , the Susan Fowler incident has just been the key that opened up the flood gate of internal problems. Everyone to this point has been too afraid to speak out about many other issues, its just an harassment case that happened to open it.
I have a program which takes text files with ASCII line art and automatically turns them into text files with UNICODE line art.[1] I wrote this for some very old documents, but it's still useful.
[1] https://github.com/John-Nagle/pasv/blob/master/src/Util/picf...