Let me tell you a story.

Our company has a homegrown monitoring solution. Keeps track of our deployments and alerts us when something is broken. Really nice for the most part, except a little issue where we get up to 25 alerts PER DAY that our PRODUCTION ENVIRONMENT IS DOWN. Including weekends.

With this many false positives, we quickly learn to ignore the alerts and miss real incidents.

So we approached this team, remember its our own tool, and told them about the problem. Turns out it is a known issue. And here's the kicker: they aren't planning on fixing it!

It gets better. Rather than fix this glaring issue, their solution is to make ANOTHER ALERT that lets us know the monitoring is misbehaving.

To recap, we can now expect to get up to 25 false positive alerts per day that our production is down, followed immediately by more alerts that the monitor is broken, which means we can ignore the previous alert.

As our PM said when he heard this: fuck that noise. We are escalating the shit out of this!

SM = Scrum Master

SM: "Card #130, you added a comment saying you aren't going to do update the report?"
Me:"Yea, I explained why in the comment"
SM: "Product owner wants it."
Me: "Product owner isn't the manager using it. I talked with Steve, he said the data is accurate and they have to go to the database anyway to verify the error. That report has no way of knowing the message logged could be a false positive."
SM: "That's not our job to decide. If the Product Owner wants the feature, we add the feature."
Me: "It is absolutely is our job. Steve is the user of the report. I could really care less what the product owner said. The only reason he created the card was because Steve told him a specific error logged could be a false positive, and only happens, maybe, once a month. I'm not wasting my time, Steve's time, or this project's time on wild goose chases."
SM: "I'll schedule a meeting this afternoon to discuss the issue with the product owner. Don't worry, if you can't figure out how to filter out the false positives, I'll assign the ticket to me."

fracking fracking kiss ass. I swear, if he goes behind my back again ....I... deep breath....ahhh...OK..Thanks devrant. Work place incident diverted.

The awkward moment when AVG flags your newly created executable as a Trojan 😓

Installed SonarQube and Snyk on the CI/CD of a 2.5 year old project that only had a linter enabled previously.

Practically zero problems found. One minor problem (same code in different branches), a few false positives, and a few possible problems in dependencies that I have no control over.

Now wondering:
Am I really that good or are those tools just shit?

Lets play a game of spot the bug...

Too easy you say?
What if I told you that this code was written by a well paid dev over an exceptionally large period of time?

Crazy huh, but that's still nothing. The most ludicrous thing about it - is that you (like me) probably suffer from a mild case of impostor syndrome.

I just ended that suffering. The only thing worse than impostor syndrome is believing you actually know what the fuck your doing. Keep it in check but learn to love it... it's probably the reason you could spot the bug after all.

PSA: negate your tests and make sure they fail!

I have what I thought was a weird and slightly paranoid habit. When I write tests sometimes just as a sanity check negate the assertion to make sure the test fails and isn't a false positive. Almost always fails as expected.

But not today! Turns out I had forgotten to wrap my equality check in an assertion so it would always pass. It freaks me out to imagine pushing a test that always passes not just because it doesn't do its job, but could also obscure a bug and trick me into thinking it works differently than it does. Broken tests are the worst!

But it pays to be paranoid.

The development department got an order to remove certain functionality from our current server monitoring solution, so that we had to use a new, still very in development solution, that is full of bugs and super unreliable.

End result? We now have to have two windows open all the time, while also hoping the new solution actually works, as it tends to stop refreshing randomly, and tends to give false positives a lot.

In the 90s most people had touched grass, but few touched a computer.

In the 2090s most people will have touched a computer, but not grass.

But at least we'll have fully sentient dildos armed with laser guns to mildly stimulate our mandatory attached cyber-clits, or alternatively annihilate thought criminals.

In other news my prime generator has exhaustively been checked against, all primes from 5 to 1 million. I used miller-rabin with k=40 to confirm the results.

The set the generator creates is the join of the quasi-lucas carmichael numbers, the carmichael numbers, and the primes. So after I generated a number I just had to treat those numbers as 'pollutants' and filter them out, which was dead simple.

Whats left after filtering, is strictly the primes.

I also tested it randomly on 50-55 bit primes, and it always returned true, but that range hasn't been fully tested so far because it takes 9-12 seconds per number at that point.

I was expecting maybe a few failures by my generator. So what I did was I wrote a function, genMillerTest(), and all it does is take some number n, returns the next prime after it (using my functions nextPrime() and isPrime()), and then tests it against miller-rabin. If miller returns false, then I add the result to a list. And then I check *those* results by hand (because miller can occasionally return false positives, though I'm not familiar enough with the math to know how often).

Well, imagine my surprise when I had zero false positives.

Which means either my code is generating the same exact set as miller (under some very large value of n), or the chance of miller (at k=40 tests) returning a false positive is vanishingly small.

My next steps should be to parallelize the checking process, and set up my other desktop to run those tests continuously.
Concurrently I should work on figuring out why my slowest primality tests (theres six of them, though I think I can eliminate two) are so slow and if I can better estimate or derive a pattern that allows faster results by better initialization of the variables used by these tests.

I already wrote some cases to output which tests most frequently succeeded (if any of them pass, then the number isn't prime), and therefore could cut short the primality test of a number. I rewrote the function to put those tests in order from most likely to least likely.

I'm also thinking that there may be some clues for faster computation in other bases, or perhaps in binary, or inspecting the patterns of values in the natural logs of non-primes versus primes. Or even looking into the *execution* time of numbers that successfully pass as prime versus ones that don't. Theres a bevy of possible approaches.

The entire process for the first 1_000_000 numbers, ran 1621.28 seconds, or just shy of a tenth of a second per test but I'm sure thats biased toward the head of the list.

If theres any other approach or ideas I may be overlooking, I wouldn't know where to begin.

!rant
Started Data Science course on big data universuty. The outcomes are heavily dependent on domain experts/stakeholders!!! Since all the answers are false positives and need to decide what make sense with the help of domain experts. And most of the Data scientists are not from programming background, they are domain experts who turned into Data scientists. Thoughts if I should continue with learning big data/data science, knowing that I have knowledge in information retrieval and search engines.

PC-Lint is such a useless piece of shit! Tons of warnings with no actual benefit. The obvious motivation behind this crap was to throw as many warnings as this cheap sucker can even generate with no effort to minimise false positives. Typical snakeoil shit, reminds me of ZoneAlarm back then which reported every ping as "attack" just to fool the clueless into buying. Meanwhile, the actual bugs that sophisticated tools can find pass unnoticed through PC-Lint.

Boss wanted our AES implemented to use an Initialization Vector. I changed the implementation to add an IV and all the tests passed on the first try!

I changed the implementation to fail just to make sure I wasn't getting false positives.

TL;DR: What do you hate about the current interview process for software dev positions?

I have been reading interview related posts on reddit and other places and I have noticed that there is a lot of hate, especially from more senior devs, towards the typical software dev interview pattern i.e. the one focused on algorithms and data structures and I don't understand why. The current methods may be far from ideal but I think they do a good job of eliminating the false-positives. Plus, I can't think of a better alternative. Sure, by using current interview methods some good devs might get rejected because they haven't used/needed/studied many algorithms and data structures after they left college, but for any big company that gets thousands of applications every year, that wouldn't be a big issue compared to the negative impact a false-positive may create. I am still in college so I maybe biased, I would like to hear your thoughts on this.

Can someone help me? I'm getting this error in VS Code while working on my Unity project. Everything was working fine for last few months. Now I'm getting false positives, because everything works fine in Unity. The problem's gone when I open "ObjectInfo" class file and save it, but I have to do it every time I start VS Code.

The type or namespace name 'ObjectInfo' could not be found (are you missing a using directive or an assembly reference?) [Assembly-CSharp]

describe logic/algorithm you would use to detect a (presence of) full name in a string. goals: obvious == Most reliable, hardest to fool, least false positives, as generic as possible ( == as few hardcoded data as possible)

I hate Intellij Idea but it's best option available to develop in Scala. Improvements in VSCode/Metals is my last hope.

The (few) things I NEED from Intellij:
* Very good autocompletion
* Refactoring tools (renaming, auto imports)
* Search tools (find usages, sub/super-types)

The (many) things I hate of Intellij:

* Layout with panel sizes doesn't behave properly and it scales instead of remaining fixed.

* Tedious 2-hands shortcuts makes the right hand to move a lot from the mouse

* Delays and lag in the UI, freezes on garbage collection

* High memory consumption, high CPU usage and generally slow and cumbersome

* The delay in the UI between commands is so that it's accidentally possible to introduce typos

* Can't move tabs around and organize them as I like

* Ugly font rendering and missing typography settings

* Multi-caret implementation as a different editing mode is annoying because requires frequent switching

* Unnatural code folding regions, why method arguments are not folded with the method?

* Unhelpful support forum, sometimes dismissive answers

* Highlighting of current word under the caret doesn't work

* Very slow editor, can't keep spacebar pressed to move text or it hangs!

* Several settings reset at every update. Like the auto fetch of git

* New features are added and enabled by default which is very invasive

* Some of the features mentioned above are really annoying and it's not possible/not trivial to disable them

* It uses its own compile and several times it highlights false positives

One of the worst practices in programming is misusing exceptions to send messages.

This from the node manual for example:

> fsPromises.access(path[, mode])

> fsPromises.access('/etc/passwd', fs.constants.R_OK | fs.constants.W_OK)
> .then(() => console.log('can access'))
> .catch(() => console.error('cannot access'));

I keep seeing people doing this and it's exceptionally bad API design, excusing the pun.

This spec makes assumptions that not being able to access something is an error condition.

This is a mistaken assumption. It should return either true or false unless a genuine IO exception occurred.

It's using an exception to return a result. This is commonly seen with booleans and things that may or may not exist (using an exception instead of null or undefined).

If it returned a boolean then it would be up to me whether or not to throw an exception. They could also add a wrapper such as requireAccess for consistent error exceptions.

If I want to check that a file isn't accessible, for example for security then I need to wrap what would be a simple if statement with try catch all over the place. If I turn on my debugger and try to track any throw exception then they are false positives everywhere.

If I want to check ten files and only fail if none of them are accessible then again this function isn't suited.

I see this everywhere although it coming from a major library is a bit sad.

This may be because the underlying libraries are C which is a bit funky with error handling, there's at least a reason to sometimes squash errors and results together (IE, optimisation). I suspect the exception is being used because under the hood error codes are also used and it's trying to use throwing an exception to give the different codes but doesn't exist and bad permissions might not be an error condition or one requiring an exception.

Yet this is still the bane of my existence. Bad error handling everywhere including the other way around (things that should always be errors being warnings), in legacy code it's horrendous.

It annoys me immensely when I struggle with myself, criticizing my own lack of knowledge in certain areas and my colleagues say: "You'll learn by doing". No, I won't, that's a foolish dogma.

I won't and I have never learned by 'doing'. The best results I've obtained have been through understanding every last bit of what's under the hood of a particular functionality. I'm not going to understand the white box by constantly probing the black box, it's just unsatisfactory and insufficient information. It's even dangerous to base yourself on the black box results because you often might get false positives.

I got through university by massive multilateral sensory focus: kinesthetic (writing things down), auditory (listening to the professor), visual (observing graphs and models of the material taught), conscious (mentalizing it all and interlinking information so that later it's accessible from long-term memory). I can confirm this is necessary for the brain because a Neurologist once told me just that.

At least for me, I had the most horrible grades (D's and F's) in freshman year with the 'learn by doing' method and the best grades (A, A+) with the multi-sensory method in later years as I matured my studying methods. In fact, with that method I've continuously outsmarted other people who had 10 years more experience than me ('experts', 'consultants',..) but they preferred to stay in the ignorant 'bro zone' rather than learning things properly. Even worse, the day they arrived on the scene, they completely broke the production environment and messed it up for the whole team. I felt like banging my head on my desk. It just makes me disappointed in the system.

If you follow popular method, you'll soon find yourself in the same problems that arise from doing what everyone else does. What happens at that point? That's right, they have to call in someone who actually bothered learning things.