Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there
19 -
I have been creating mods for Skyrim and Fallout for a few years now. One day another modder wanted to make his own game using Unreal Engine 4. I wanted to learn UE4 anyway and the other members have made many mods before, so I joined in.
Well, it turned out I was the only one with a professional programming background (this is where I should have run). The others were all modders who somehow got their shit working. "It works, so it's good enough right?" On top of that UE4 has a visual scripting system called Blueprint. Instead of writing code you connect function blocks with execution lines. Needles to say that spaghetti code gets a whole new meening.
There was no issue board, no concept, no plan what the game should look like. Everyone was just doing whatever he wants and adding tons of gameplay mechanics. Gameplay mechanics that I had to redo because they where not reusable, not maintainable or/and poorly performing.
Coming from a modding background, they wanted to make the game moddable. This was the #1 priority. The game can only load "cooked" assets when it got packaged. So to make modding possible, we needed to include the unpacked project files in the download. This made the download size grow to 20+ GB. 20 GB for a fucking sidescroller. Now, 1 year after release we have one mod online: Our own test mod.
Well we "finished" the game eventually and it got released on Steam. A 20 GB sidescroller for $6.99. It's more like a $2.99 game in my opinion. But instead of lowering the price they increased it to $9.99, because we have spent so much time creating the game. Since that we selled less than 5 more copies. And now they want to make it work on mobile. Guess who will definetly NOT help them.
I have spent ~6 month of my freetime for this project, my rev share is < 100€ and they got me a lot of headaches with all their dumb decisions. Lesson learned. But hey, I am pretty good with UE4 now.4 -
Waterfall Project Stages:
Requirements, Analysis, Design, Coding, Testing, Operations
When you promote project managers to program managers and tell them to switch to Agile, you get the Agilefall project stages:
Best guess, Timeline, User stories, Execution, Blame the devs when the project plan trends late.
I want to beat them with a copy of the PMBOK wrapped in lead.3 -
The more I work with performance, the less I like generated queries (incl. ORM-driven generators).
Like this other team came to me complaining that some query takes >3minutes to execute (an OLTP qry) and the HTTP timeout is 60 seconds, so.... there's a problem.
Sure, a simple explain analyze suggests that some UIDPK index is queried repeatedly for ~1M times (the qry plan was generated for 300k expected invocations), each Index Scan lasts for 0.15ms. So there you go.. Ofc I'd really like to see more decimal zeroes, rather than just 0.15, but still..
Rewriting the query with a CTE cut down the execution time to pathetic 0.04sec (40ms) w/o any loops in the plan.
I suggest that change to the team and I am responded a big fat NO - they cannot make any query changes since they don't have any control on their queries
....
*sigh*
....
*sigh*
but down to 0.04sec from 3+ minutes....
*sigh*
alright, let's try to VACUUM ANALYZE, although I doubt this will be of any help. IDK what I'll do if that doesn't change the execution plan :/ Prolly suggest finding a DBA (which they won't, as the client has no € for a DBA).
All this because developers, the very people sho should have COMPLETE control over the product's code, have no control over the SQLs.
This sucks!27 -
Update about my boss:
I was early too judge. Maybe still early to form an opinion.
But dude seems pretty level headed. Yes, he is agressive. Yes, he has weird way of complicating things.
But I got to learn things from him. I earned his trust, just like I did in the past with other managers. He is confident about my performance now. He gave me space to ramp up and pushed me to limits.
But now, Floyd is settled. Maybe with time, I might get occasional unpleasant interactions, but those are part of every job.
However, we as a society decided to be in agile mode. Fix a problem and the solution gives rise to another one.
The business head of my pod is going crazy over the deliverables.
They were surviving for years with a product manager. Everything was driven by tech without any research.
And now when I am in, they want everything to be done yesterday.
We spent some decent amount of time on strategy and it turned out to be good. Now they are questioning that why ain't I delivering?!
It's been a week we finalised the strategy, let me get some space and time to structure and plan the execution.
Business heads are pretty nice and level headed people. Just that I don't understand the sense of urgency. I get it that my pod often has to deal with fire fighting given the nature of the business, but holy fuck! Stop pressurising to deliver everything together on a war foot.
They are like, we'll ask for more resources. But whose gonna tell them that 9 women cannot deliver a baby in 1 month.
I need time for discovery and research. Without that, don't expect impact.
As the only PM space, leading the entire vertical, how can I even focus on multiple initiatives?
I really miss my previous life of my first company. It's exactly an year when I left them and I changed two companies since then.
My learning and earnings sky rocketed, but WLB took a toll.
I miss the time when I could finish my work in an hour and did whatever the fuck I want while at work like browsing new topics to learn, exploring places, attending events, connecting with people, making social posts to learn, finance as a hobby, yada yada..
These days, I feel too burned out. Not that I am worried about job stability, because I trust my skills.
But more due to the fact that I have to constantly focus on work for the time I am in office. No free space or time to collect myself together, process things, and focus.
This leads me to thinking about work (read processing office discussions), at home too.
I cannot enjoy music. Feels like a load.
I no longer attend events or meet people after work. No more wasting time on the internet.
And most importantly, I am not bored anymore. I miss being bored. I miss living a boring, mediocre lifestyle.
I miss doing my side projects and polishing my portfolio site ten times a day, because I got nothing better to do.
I used to spend time learning right grammar and why American and English words are different and which to use where.
I miss spending time of Google Maps exploring borders and remote regions.
Weekends fly by. No hobby to pursue. No free time.
I miss the days when I had nothing to do and I was bored and I could do anything.
I used to be always happy. Because no responsibilities. I used to be always up for a meetup. I used to be available for a phone call.
Now it's nothing but work which is surely exciting and some foundational learning with good enough money, but I miss my time when I used to get bored because I had nothing to do.5 -
Wow...a talented developer created a 3 via SQL execution plan. The query runs like crap but the execution plan art is pretty.
Top Tags
Weekly Rant
View