Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "code leak"
-
New guy: There's a memory leak in my code.
Me: You need to free the memory you previously allocated.
New guy: Already did that, deleted everything from my "Downloads" folder and some stuff from my Desktop.
Me: *Long Pause* Have you tried "rm -rf /" yet ?4 -
Had a PR blocked yesterday. Oh god, have I introduced a memory leak? Have I not added unit tests? Is there a bug? What horrible thing have I unknowingly done?
... added comments to some code.
Yep apparently “our code needs to be readable without comments, please remove them”.
Time to move on, no signs of intelligent life here.39 -
So, I grew up on the US/Mexican border, in a city where saying there's no opportunity is like saying the Titanic suffered a small leak on its maiden voyage. There were two kinds of people in said town: Mexicans trying to find something less shit than juarez and white trash reveling in their own failure. I came from the latter, for whatever that's worth.
I graduated high school when I was almost 16 years old. Parents couldn't really afford to support three kids and pay the rent on the latest in a long line of shit holes we migrated in and out of. If being a serial eviction artist is a thing, my family were savants.
I applied to college and got accepted only to be told by my father that he didn't see the need. Turns out the only reason he'd helped me graduate early was so I could start working and help pay his bills. I said okay, turned around and tossed a bag and my shitty af spare parts computer into the back of the junkyard Vega I generously referred to as a car and moved cross country. Car died on arrival, so I was basically committed.
Pulled shifts at two part times and what kids today call a side hustle to pay for school, couch surfed most of the time. Sleep deprivation was the only constant.
Over the first 4 months I'd tried leveraging some certs and previous experience I'd obtained in high school to get employment, but wasn't having much luck in the bay area. And then I lost my job. The book store having burned down on the same weekend the owner was conveniently looking to buy property in Vegas.
Depression sets in, that wonderful soul crushing variety that comes with what little safety net you had evaporating.
At a certain point, I was basically living out of the campus computer lab, TA friend of mine nice enough to accidentally lock me in on the reg. Got really into online gaming as a means of dealing with my depression. One night, I dropped some code on a UO shard I'd been playing around on. Host was local, saw the code and offered me a job at his firm that paid chump change, but was three times what all my other work did combined and left time for school. Ground there for a few years until I got a position with work study at LBL that conflicted too much for it to remain mutually beneficial. Amicable parting of the ways.
Fucking poverty is what convinced me to code for a living. It's a solid guarantee of never going back to it. And to anyone who preaches the virtues of it and skipping opportunity on grounds of the moral high ground, well, you know.12 -
My team handles infrastructure deployment and automation in the cloud for our company, so we don't exactly develop applications ourselves, but we're responsible for building deployment pipelines, provisioning cloud resources, automating their deployments, etc.
I've ranted about this before, but it fits the weekly rant so I'll do it again.
Someone deployed an autoscaling application into our production AWS account, but they set the maximum instance count to 300. The account limit was less than that. So, of course, their application gets stuck and starts scaling out infinitely. Two hundred new servers spun up in an hour before hitting the limit and then throwing errors all over the place. They send me a ticket and I login to AWS to investigate. Not only have they broken their own application, but they've also made it impossible to deploy anything else into prod. Every other autoscaling group is now unable to scale out at all. We had to submit an emergency limit increase request to AWS, spent thousands of dollars on those stupidly-large instances, and yelled at the dev team responsible. Two weeks later, THEY INCREASED THE MAX COUNT TO 500 AND IT HAPPENED AGAIN!
And the whole thing happened because a database filled up the hard drive, so it would spin up a new server, whose hard drive would be full already and thus spin up a new server, and so on into infinity.
Thats probably the only WTF moment that resulted in me actually saying "WTF?!" out loud to the person responsible, but I've had others. One dev team had their code logging to a location they couldn't access, so we got daily requests for two weeks to download and email log files to them. Another dev team refused to believe their server was crashing due to their bad code even after we showed them the logs that demonstrated their application had a massive memory leak. Another team arbitrarily decided that they were going to deploy their code at 4 AM on a Saturday and they wanted a member of my team to be available in case something went wrong. We aren't 24/7 support. We aren't even weekend support. Or any support, technically. Another team told us we had one day to do three weeks' worth of work to deploy their application because they had set a hard deadline and then didn't tell us about it until the day before. We gave them a flat "No" for that request.
I could probably keep going, but you get the gist of it.4 -
The time my Java EE technology stack disappointed me most was when I noticed some embarrassing OutOfMemoryError in the log of a server which was already in production. When I analyzed the garbage collector logs I got really scared seeing the heap usage was constantly increasing. After some days of debugging I discovered that the terrible memory leak was caused by a bug inside one of the Java EE core libraries (Jersey Client), while parsing a stupid XML response. The library was shipped with the application server, so it couldn't be replaced (unless installing a different server). I rewrote my code using the Restlet Client API and the memory leak disapperead. What a terrible week!2
-
Application has had a suspected memory leak for years. Tech team got developers THE EXACT CODE that caused it. Few months of testing go by, telling us they're resolving their memory leak problem (finally).
Today: yeah, we still need restarts because we don't know if this new deployment will fix our memory leak, we don't know what the problem is.
WHAT THE FUCK WERE YOU DOING IN THE LOWER REGIONS FOR THREE FUCKING MONTHS?!?!?! HAVING A FUCKING ORGY???????????????
My friends took the time to find your damn problem for you AND YOU'RE GOING TO TELL ME YOU DON'T KNOW WHAT THE PROBLEM IS???
It was in lower regions for 3 MONTHS and you don't know how it's impacting memory usage?!?!?! DO YOU WANT TO STILL HAVE A JOB? BECAUSE IF NOT, I CAN TAKE CARE OF THAT FOR YOU. YOU DON'T DESERVE YOUR FUCKING JOB IF YOU CAN'T FUCKING FIX THIS.
Every time your app crashes, even though I don't need to get your highest level boss on anymore for approval to restart your server, I'M GOING TO FUCKING CALL HIM AND MAKE HIM SEE THAT YOU'RE A FUCKING IDIOT. Eventually, he'll get so annoyed with me, your shit will be fixed. AND I WON'T HAVE TO DEAL WITH YOUR USELESS ASS ANYMORE.
(Rant directed at project manager more than dev. Don't know which is to blame, so blaming PM)28 -
TL;DR I'm fucking sick and tired of Devs cutting corners on security! Things can't be simply hidden a bit; security needs to be integral to your entire process and solution. Please learn from my story and be one of the good guys!
As I mentioned before my company used plain text passwords in a legacy app (was not allowed to fix it) and that we finally moved away from it. A big win! However not the end of our issues.
Those Idiot still use hardcoded passwords in code. A practice that almost resulted in a leak of the DB admin password when we had to publish a repo for deployment purposes. Luckily I didn't search and there is something like BFG repo cleaner.
I have tried to remedy this by providing a nice library to handle all kinds of config (easy config injection) and a default json file that is always ignored by git. Although this helped a lot they still remain idiots.
The first project in another language and boom hardcoded password. Dev said I'll just remove before going live. First of all I don't believe him. Second of all I asked from history? "No a commit will be good enough..."
Last week we had to fix a leak of copyrighted contend.
How did this happen you ask? Well the secure upload field was not used because they thought that the normal one was good enough. "It's fine as long the URL to the file is not published. Besides now we can also use it to upload files that need to be published here"
This is so fucking stupid on so many levels. NEVER MIX SECURE AND INSECURE CONTENT it is confusing and hard to maintain. Hiding behind a URL that thousands of people have access to is also not going to work. We have the proof now...
Will they learn? Maybe for a short while but I remain sceptic. I hope a few DevrRanters do!7 -
!rant, but you're my friends and I want to share my day...
We've had a problem open since last March (before I started), but our teams identified the issue with the customer's code 2 years ago. No one made progress on it until I took it over. The newest version deployed 3 months ago and has no memory leak. I closed out oldest problem today.
On a personal note, I got quotes for my dj and photographer for my wedding next month, and the price for both is what I would've been willing to pay for one. My wedding was supposed to be very inexpensive, with these and my bartender being the most expensive parts, but due to unfortunate events, my wedding is 4x the cost (have to use a venue, backyard unavailable, which changes ALL my plans).4 -
Boss: Any idea why ColleagueX's code might be blowing out the memory?
Me (internal): Cos he's a fucking retard who can't code for shit, doesn't listen when I tell him to do stuff properly because he's fucking lazy, has no idea what stack and heap are, uses goto everywhere, doesn't know how to debug, doesn't write any unit tests, and generally WASTES MY FUCKING TIME!
Me (external): Probably a memory leak. I'll take a look.2 -
- Let's write some code to check for memory leaks
- Oh shit, memory is leaking like crazy
- In fact the program crashes within 10 minutes
*Some hours of debugging and not finding the cause later*
- Starts thinking about the worse
- Hell yeah, the memory leak is caused by the code that checks for memory leaks. But fucking how
- Finds out the leak is caused by the implementation of the std C lib
- In the fucking printf() function
- Proceeds to cry5 -
I took this contract and made the suggestion that we backup to the cloud and create a private repo on GIT. Client said no, local should be fine, they don't want someone stealing their code. I said okay fine.
AC just went out in the server room and they apparently had a leak from the AC to the power supply which they happened to put on top of the rack servers and switches. I'm surprised that place didn't catch fire, might be to early to call it.
All this on a Friday and we were 2 weeks away from launch party.
Not my fault, I clearly said we backup to cloud and use GIT on private repo.3 -
Why are people complaining about debugging?
Oooh it’s so hard.
It’s so boring.
Can someone do this for me?
I honestly enjoy debugging and you should too..
if it’s not your code, you’ll get to understand the code better than the actual author. You’ll notice design improvements and that some of the code is not even needed. YOU LEARN!
If it’s your own code (I especially enjoy debugging my own code): it forces you to look at the problem from a different perspective. It makes you aware of potential other bugs your current solution might cause. Again, it makes you aware of flaws in the design. YOU LEARN!
And in either case, if it’s a tricky case, you’ll most likely stop debugging at some point, refactor the shit out of some 50-100 line methods and modulize it because the original code was undebuggable (<- made up a new word there) and continue debugging after that.
So many things I know, I know only because I spend days, sometimes even weeks debugging a piece code to find the fucking problem.
My main language is java and i wouldn’t have believed anyone who told me there’s a memory leak in my code. I mean, it’s java, right? We refactored the code and everything worked fine again. But I debugged the old version anyway and found bugs in Java (java 6.xx I believe?) which made me aware of the fact that languages have flaws as well.. GC has its flaws as well. So does docker and any other software..
Stop complaining, get on your ass and debug the shit out of your bugs instead of just writing it in a different way and being glad that it fixed the issue..
My opinion.3 -
I fucking hate Electron, what ever happened to developing software natively? It's not like you have to stick to dot Net and C# or whatever, there's literally Lazarus or Delphi, which, at least Lazarus, not only is open source but also supports all major platforms.
Even Python has GTK, Qt and Pywin32 or whatever its called. While not exactly cross platform, it's still not eating up 1GB of RAM when you launch it.
I don't care if Bob from across the street uses it because he's too lazy to learn anything new, but when huge companies like fucking Discord (valued at 10B dollars) use it, it's insane.
More than once has Discord had a memory leak and was reaching upwards of 6.5GB of RAM usage.
Whats the most popular code editor? VSCode, Electron.
Chat client? Discord, Electron.
Wanna use something other than Discord? Maybe Matrix? Well guess what, while they do have multiple clients, the most developed and usable one is Element, yeah, Electron.
Slack? Electron
My crypto wallet? Exodus, Electron.
I genuinely don't think 16GB of RAM is enough nowadays. Thankfully I'm running a very minimal install of Arch Linux and do most of my work in a KVM, but it still hurts my brain.
By the way things are looking nowadays, We'll be using Javascript for Kernels soon.
Thanks for coming to my Ted Talk.
Also apparently the filter on this site sees ". net" as an url.10 -
So I'm making a file uploader for a buddy of mine and I got an error that I had never seen before. Suddenly I had C++ code and some other weird shite in my terminal. Turns our that I got a memory leak and the first thing that sprung to mind was "Fuck yes, I get to do some NCIS ass debugging".
Now the app worked fine for smaller files, like 5MB - 10MB files, but when I tried with some Linux ISO's it would produce the memory leak.
Well I opened the app with --inspect and set some breakpoints and after setting some breakpoints I found it. Now, for this app I needed to do some things if the user uploads an already existing file. Now to do that I decided to take the SHA string of the file and store it in a database. To do this I used fs.readFile aaaaaaaaaand this is where it went wrong. fs.readFile doesn't read the file as a stream.
Well when I found that, boy did I feel stupid :v5 -
I once interviewed for a role at Bank of America. The interview process started off well enough, the main guy asked some general questions about career history and future goals. Then it was off to the technical interviewers. The first guy was fine. Asked appropriate questions which he clearly understood the answers to.
The next guy up, however, was what I like to call an aggressive moron. After looking at my resume, he said I see you listed C++. To which I said, yes I have about 7 years of experience in it but I've mostly been using python for the past few years so I might be a bit rusty. Great he said, can you write me a function that returns an array?
After I finished he looked at my code, grinned and said that won't work. Your variable is out of scope.
(For non C programmers, returning a local variable that's not passable by value doesn't work because the local var is destroyed once the function exits. Thus I did what you're supposed to do, allocate the memory manually and then returned a pointer to it)
After a quick double take and verifying that my code did work, I asked, um can you explain why that doesn't work as I'm pretty sure it does.
The guy then attempted to explain the concept of variable scope to me. After he finished I said, yes which is why I allocated the memory manually using the new operator, which persists after the function exits.
Einstein then stared really hard at my code for maybe 10 to 15 seconds. Then finally looked up said ok fine, but now you have a memory leak so your code is still wrong.
Considering a memory leak is by definition an application level bug, I just said fine, any more questions?4 -
We had 1 Android app to be developed for charity org for data collection for ground water level increase competition among villages.
Initial scope was very small & feasible. Around 10 forms with 3-4 fields in each to be developed in 2 months (1 for dev, 1 for testing). There was a prod version which had similar forms with no validations etc.
We had received prod source, which was total junk. No KT was given.
In existing source, spelling mistakes were there in the era of spell/grammar checking tools.
There were rural names of classes, variables in regional language in English letters & that regional language is somewhat known to some developers but even they don't know those rural names' meanings. This costed us at great length in visualizing data flow between entities. Even Google translate wasn't reliable for this language due to low Internet penetration in that language region.
OOP wasn't followed, so at 10 places exact same code exists. If error or bug needed to be fixed it had to be fixed at all those 10 places.
No foreign key relationships was there in database while actually there were logical relations among different entites.
No created, updated timestamps in records at app side to have audit trail.
Small part of that existing source was quite good with Fragments, MVP etc. while other part was ancient Activities with business logic.
We have to support Android 4.0 to 9.0 of many screen sizes & resolutions without any target devices issued to us by the client.
Then Corona lockdown happened & during that suddenly client side professionals became over efficient.
Client started adding requirements like very complex validation which has inter-entity dependencies. Then they started filing bugs from prod version on us.
Let's come to the developers' expertise,
2 developers with 8+ years of experience & they're not knowing how to resolve conflicts in git merge which were created by them only due to not following git best practice for coding like only appending new implementation in existing classes for easy auto merge etc.
They are thinking like handling click events is called development.
They don't want to think about OOP, well structured code. They don't want to re-use code mostly & when they copy paste, they think it's called re-use.
They wanted to follow old school Java development in memory scarce Android app life cycle in end user phone. They don't understand memory leaks, even though it's pin pointed by memory leak detection tools (Leak canary etc.).
Now 3.5 months are over, that competition was called off for this year due to Corona & development is still ongoing.
We are nowhere close to completion even for initial internal QA round.
On top of this, nothing is billable so it's like financial suicide.
Remember whatever said here is only 10% of what is faced.
- An Engineering lead in a half billion dollar company.4 -
This is embarrassing, but the first days of learning about AngularJS I had to implement functionality about a new component of the WebApp I was building.
I did a good templating, I build the component along with its controller and services, I verified there wasn’t any memory leak and that everything was in an isolated scope. Yet nothing at all appeared on the app. It took me more than 30 minutes until I realized...
I didn’t put the source code on the index.html file 😅
For people who know more about compiled languages such as C or Java... that’s like not putting your source code file in the makefile. 😅
I felt literally like the dumbest person in the planet at that moment. 😀🔫1 -
"Our Data Service comes PRE-P0WN'D"
Those SHIT-FOR-BRAINS data service providers GLOAT that their data can be natively integrated into most BI platforms, no code required.
How? Because they will EXPOSE THE ENTIRE FUCKING THING ON THE INTERNET.
LITERALLY.
UNAUTHENTICATED URL WITH THE ENTIRE DATASET.
STATIC. WON'T EVER FUCKING CHANGE.
NO VPN REQUIRED. NO AUTHENTICATION HEADERS. NO IN-TRANSIT ENCRYPTION.
"It is safe! No one will know the secret token that is a parameter in the url"
BLOODY BYTE BUTTS, BATMAN! IT IS A FUCKING UNAUTHENTICATED URL THAT DOES NOT REQUIRES RENEWAL NOR A VPN, IT WILL LEAK EVENTUALLY!
That is the single fucking worst SELF-P0WN I have ever seen.
Now I know why there are fucking toddlers "hacking" large scale databases all over the globe.
Because there are plenty of data service providers that are FUCKING N00BS.4 -
I need guidance about my current situation.
I am perfectionist believing in OOP, preventing memory leak in advance, following clean code, best practices, constantly learning about new libraries to reduce custom implementation & improve efficiency.
So even a single bad variable name can trigger my nerves.
I am currently working in a half billion $ IT service company on a maintenance project of 8 year old Android app of security domain product of 1 of the top enterprise company of the world, which sold it to the many leading companies in the world in Govt service, banking, insurance sectors.
It's code quality is such a bad that I get panic attacks & nightmares daily.
Issues are like
- No apk obfuscation, source's everything is openbook, anybody can just unzip apk & open it in Android Studio to see the source.
- logs everywhere about method name invoked,
- static IV & salt for encryption.
- thousands of line code in God classes.
- Irrelevant method names compared to it's functionality.
- Even single item having list takes 2-3 seconds to load
- Lag in navigation between different features' screens.
- For even single thing like different dimension values for different density whole 100+ lines separate layout files for 6 types of densities are written.
- No modularized packages, every class is in single package & there are around 100+ classes.
Owner of the code, my team lead, is too terrified to change even single thing as he don't have coding maturity & no understanding of memory leak, clean code, OOP, in short typical IT 'service' company mentality.
Client is ill-informed or cost-cutting centric so no code review done by them in 8 years.
Feeling much frustrated as I can see it's like a bomb is waiting to blast anytime when some blackhat cracker will take advantage of this.
Need suggestions about this to tackle the situation.10 -
Yeah, fuck all the authentication/authorization framework I build, just access manage resources directly and leak stuff, assign it to wrong accounts and don't even check if they should be able to with that eye shore you call code1
-
Production goes down because there's a memory leak due to scale.
When you say it in one sentence, it sounds too easy. Being developers we know how it all goes. It starts with an alert ping, then one server instance goes down, then the next. First you start debugging from your code, then the application servers, then the web servers and by that time, you're already on the tips of your toes. Then you realize that the application and application servers have been gradually losing memory over a period of time. If the application is one that don't get re-deployed ever so often, the complexity grows faster. No anomaly / change detection monitor can detect a gradual decrease of memory over a period of months.2 -
So I recently finished a rewrite of a website that processes donations for nonprofits. Once it was complete, I would migrate all the data from the old system to the new system. This involved iterating through every transaction in the database and making a cURL request to the new system's API. A rough calculation yielded 16 hours of migration time.
The first hour or two of the migration (where it was creating users) was fine, no issues. But once it got to the transaction part, the API server would start using more and more RAM. Eventually (30 minutes), it would start doing OOMs and the such. For a while, I just assumed the issue was a lack of RAM so I upgraded the server to 16 GB of RAM.
Running the script again, it would approach the 7 GiB mark and be maxing out all 8 CPUs. At this point, I assumed there was a memory leak somewhere and the garbage collector was doing it's best to free up anything it could find. I scanned my code time and time again, but there was no place I was storing any strong references to anything!
At this point, I just sort of gave up. Every 30 minutes, I would restart the server to fix the RAM and CPU issue. And all was fine. But then there was this one time where I tried to kill it, but I go the error: "fork failed: resource temporarily unavailable". Up until this point, I believed this was simply a lack of memory...but none of my SWAP was in use! And I had 4 GiB of cached stuff!
Now this made me really confused. So I did one search on the Internet and apparently this can be caused by many things: a lack of file descriptors or even too many threads. So I did some digging, and apparently my app was using over 31 thousands threads!!!!! WTF!
I did some more digging, and as it turns out, I never called close() on my network objects. Thus leaving ~30 new "worker" threads per iteration of the migration script. Thanks Java, if only finalize() was utilized properly.1 -
After brute forced access to her hardware I spotted huge memory leak spreading on my key logger I just installed. She couldn’t resist right after my data reached her database so I inserted it once more to duplicate her primary key, she instantly locked my transaction and screamed so loud that all neighborhood was broadcasted with a message that exception is being raised. Right after she grabbed back of my stick just to push my exploit harder to it’s limits and make sure all stack trace is being logged into her security kernel log.
Fortunately my spyware was obfuscated and my metadata was hidden so despite she wanted to copy my code into her newly established kernel and clone it into new deadly weapon all my data went into temporary file I could flush right after my stick was unloaded.
Right after deeply scanning her localhost I removed my stick from her desktop and left the building, she was left alone again, loudly complaining about her security hole being exploited.
My work was done and I was preparing to break into another corporate security system.
- penetration tester diaries2 -
One of the MS libraries for directory services has a known memory leak and there is an easy fix for it but rather than fix it, our systems architect decided it was best to just restart the app pool nightly for one of his apps.
I don't get lazy coding. My apps that use the same MS library don't suffer from that problem all because I spend a little time on the code... -
They tried to mark him, they even tried compacting him and his children, but this old generation instance is not going down without a fight. He’s in a big heap of trouble, and he’s running out of time. You better count your references, because this summer’s stop-the-world event will have you staying at work all night: Memory Leak: Production is in your code NOW
-
reading the project's code, following "save" callback in jvascript, i find this comment "IMPORTANT : this is a workaround to solve memory leak" and below it code that basically removes all elements from th DOM and adds them again.
so basically, someone could not find a cause to a memory leak and decided "solve it" in a specific place by reloading almost an entire page -
so I spent an entire day tracking a major memory leak (10mb/s!!!). when I find it, it turns out that It's in a deep part of C++ code that I'm not allowed to touch. now I live in fear of just crashong my 16gb machine every time I debug.
-
Recently joined new Android app (product) based project & got source code of existing prod app version.
Product source code must be easy to understand so that it could be supported for long term. In contrast to that, existing source structure is much difficult to understand.
Package structure is flat only 3 packages ui, service, utils. No module based grouped classes.
No memory release is done. So on each screen launch new memory leaks keep going on & on.
Too much duplication of code. Some lazy developer in the past had not even made wrappers to avoid direct usage of core classes like Shared Preference etc. So at each place same 4-5 lines were written.
Too much if-else ladders (4-5 blocks) & unnecessary repetitions of outer if condition in inner if condition. It looks like the owner of this nested if block implementation has trust issues, like that person thought computer 'forgets' about outer if when inside inner if.
Too much misuse of broadcast receiver to track activities' state in the era of activity, apપ life cycle related Android library.
Sometimes I think why people waste soooo... much efforts in the wrong direction & why can't just use library?!!
These things are found without even deep diving into the code, I don't know how much horrific things may come out of the closet.
This same app is being used by many companies in many different fields like banking, finance, insurance, govt. agencies etc.
Sometimes I surprise how this source passed review & reached the production.