Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "logging"
D: “Did the attackers exfiltrate any data?”
M: “I can’t say for sure, but most likely based on—”
D: “—but did you find any undeniable evidence of it?”
M: “Keep in mind that the absence of evidence isn’t necessarily evidence of absence. There was very limited logging to begin with and the attacker erased artifacts and logs.”
D: “If there’s no evidence, then there was no exfiltration.”
M: “If a business doesn’t have cameras on its front door and then gets robbed, it can’t claim there was no robbery just because they didn’t video-record it.”
D: “That’s a poor analogy. Nothing’s missing here. I couldn’t care less if a robber made a *copy* of my money. That isn’t robbery.”
M: “... If the Titanic really hit an iceberg, then how come no pieces of an iceberg were ever found in the wreckage?”20
Some guy my girlfriend knows, heard I'm a software developer. He had this 'great' idea on how he wanted to start a new revolutionary way of paying on the internet. He wanted to create a service like paypal but without having the hassle of logging in first and going through a transaction. He wanted a literal "buy now" button on every major webshop on the internet. When I asked him how he thought that would work legally and security wise, he became a bit defensive and implied that since I'm the tech guy I should work out that kind of stuff. When the software was ready, he would have clients lined up for the service and his work would start.
I politely declined this great opportunity14
Hoorah! My code finally works! Now gotta remove those 1000 print statements I used to identify the bugs 😥11
** The most hilarious authentication implementation I've ever seen **
They stored password in cleartext, but never mind, this is sadly quite common.
For some reasons credentials were also case insensitive (maybe to avoid silly tickets from CAPS LOCK lovers?).
Then I had a look to the query executed during the login:
SELECT * FROM users WHERE username LIKE ? AND password LIKE ?;
So I tried logging in with user "admin" and password "%"... and it worked!
I laughed all the day.31
So my friend has two-step authentication for his smartphone.
Now he is not able to find his phone.
So, he tried to find his phone by logging into his google account via Android Device Manager.
Now, it is asking for the authentication pin which is in his phone.😂
He just got deadlocked.12
My classmate just fell for a phishing email from "PayPal."
She was talking about her payment being declined to her friend.
It peaked my attention when she said after logging in, she was lead to a blank page.
I asked if I could see it and it was definitely a phishing email
I will admit, it's one of the most professional phishing email I've ever seen, but the grammar wasn't very professional and the PayPal logo wasn't completely accurate.
Why do these idiots fall for everything?33
After several months of bug fixing, I can proudly say the application I inherited at work has gone a whole day in production without an unhandled exception (from a peak of above 1200 a few months ago).
Well, either that or I've broken the error logging and am now living in blissful ignorance.4
Me: opens mobile banking app
app: Swipe right to see account balance without logging in
Me: swipes right
I worked on a greenfield project a couple of years ago. The company had an old solution written in Omnis (heard of it? Yeah, me neither) with an SQL database. My team was to create a completely new web based system... on top of the old database, so the customers could keep their existing stuff.
The dba was an intelligent man, one of the nicest people I've met, and over the course of fifteen years he had made a remarkably terrifying monstrosity of a database. Some years before me they wanted to "future proof" the system and make it "easier to switch to new technologies". So they moved the entire business logic into the database...
I used a tool to create a visualization of said database when we started. It had no views, only tables and sprocs. Look at it! Tables and sprocs are rectangles (well, dots) and any connections are drawn in grey lines. There were no foreign keys, so a tables only visualization only yielded a collection of independent rectangles without a single line.
Now, the stored procedures were bloody MASSIVE. A single procedure that only registered a new interested party and attached them to a property had 2500+ lines and over 150 parameters.
Also, this dba added features and fixed bugs by logging into the respective customers production server and writing SQL.
That database is the stupidest thing I've ever seen a developer do.37
Remember the Ububtu mobile OS ?
I remember working on the community UI drive for this project. To know that something as awesome as ubuntu would come down into the form factor of a phone , was just ecstatic.
The first build was out , people liked it. People nagged a bit about the performance issues , but it was going fine. Then the second build .. then the third no one heard about and the 4th that never came.
The interface for this system was unique because after Wondows , this is the only other OS developer that embraced the one ecosystem mantra of design.
Using Ubuntu phone was natural , it was a small desktop OS.
I remember logging on to launchpad one day and seeing the Ubuntu mobile channel with it's last post " Thank you and goodbye "
It was heartbreaking , but i could understand. Like windows phone ( which if you guys weren't aware of , had APK support by the end of its lifecycle ) felt crushed under the weight of android and iOS.
Waiting for a day when there will be a third champion in game. I miss having to see Ubuntu being on my phone , but they seem to be doing great in everything else , so good on that. 😄
Ok done .. thanks32
Did you know logging into chrome will auto sync all your fucking bookmarks to that other person's account??
(I use Firefox mainly and chromium for testing.)
I use chrome only for porn. Got shit tons of bookmarks. I login to my friend's sister Gmail on my chrome(for remote desktop - to help fix her computer. Somehow,remote desktop doesn't work on chromium)
Was browsing her pc via remote session and suddenly all of my porn bookmarks appear at the top bar.)
Had to manually select each bookmark in the bookmark manager and delete since CTRL+A won't work during the remote session. Don't know why.
I'm logging my DevRant time as training ... I read all these dumb things that people do, and make mental notes so that I don't do the same thing. Best. Training. Ever.6
Worst thing you've seen another dev do? Long one, but has a happy ending.
Classic 'Dev deploys to production at 5:00PM on a Friday, and goes home.' story.
The web department was managed under the the Marketing department, so they were not required to adhere to any type of coding standards and for months we fought with them on logging. Pre-Splunk, we rolled our own logging/alerting solution and they hated being the #1 reason for phone calls/texts/emails every night.
Wanting to "get it done", 'Tony' decided to bypass the default logging and send himself an email if an exception occurred in his code.
At 5:00PM on a Friday, deploys, goes home.
Around 11:00AM on Sunday (a lot folks are still in church at this time), the VP of IS gets a call from the CEO (who does not go to church) about unable to log into his email. VP has to leave church..drive home and find out he cannot remote access the exchange server. He starts making other phone calls..forcing the entire networking department to drive in and get email back up (you can imagine not a group of happy people)
After some network-admin voodoo, by 12:00, they discover/fix the issue (know it was Tony's email that was the problem)
We find out Monday that not only did Tony deploy at 5:00 on a Friday, the deployment wasn't approved, had features no one asked for, wasn't checked into version control, and the exception during checkout cost the company over $50,000 in lost sales.
Was Tony fired? Noooo. The web is our cash cow and Tony was considered a top web developer (and he knew that), Tony decided to blame logging. While in the discovery meeting, Tony told the bosses that it wasn't his fault logging was so buggy and caused so many phone calls/texts/emails every night, if he had been trained properly, this problem could have been avoided.
Well, since I was responsible for logging, I was next in the hot seat.
For almost 30 minutes I listened to every terrible thing I had done to Tony ever since he started. I was a terrible mentor, I was mean, I was degrading, etc..etc.
Me: "Where is this coming from? I barely know Tony. We're not even in the same building. I met him once when he started, maybe saw him a couple of times in meetings."
Andrew: "Aren't you responsible for this logging fiasco?"
Me: "Good Lord no, why am I here?"
Andrew: "I'll rephrase so you'll understand, aren't you are responsible for the proper training of how developers log errors in their code? This disaster is clearly a consequence of your failure. What do you have to say for yourself?"
Me: "Nothing. Developers are responsible for their own choices. Tony made the choice to bypass our logging and send errors to himself, causing Exchange to lockup and losing sales."
Andrew: "A choice he made because he was not properly informed of the consequences? Again, that is a failure in the proper use of logging, and why you are here."
Me: "I'm done with this. Does John know I'm in here? How about you get John and you talk to him like that."
'John' was the department head at the time.
Andrew:"John, have you spoken to Tony?"
John: "Yes, and I'm very sorry and very disappointed. This won't happen again."
John: "You know what. Did you even fucking talk to Tony? You just sit in your ivory tower and think your actions don't matter?"
Me: "Whoa!! What are you talking about!? My responsibility for logging stops with the work instructions. After that if Tony decides to do something else, that is on him."
John: "That is not how Tony tells it. He said he's been struggling with your logging system everyday since he's started and you've done nothing to help. This behavior ends today. We're a fucking team. Get off your damn high horse and help the little guy every once in a while."
Me: "I don't know what Tony has been telling you, but I barely know the guy. If he has been having trouble with the one line of code to log, this is the first I've heard of it."
John: "Like I said, this ends today. You are going to come up with a proper training class and learn to get out and talk to other people."
Over the next couple of weeks I become a powerpoint wizard and 'train' anyone/everyone on the proper use of logging. The one line of code to log. One line of code.
A friend 'Scott' sits close to Tony (I mean I do get out and know people) told me that Tony poured out the crocodile tears. Like cried and cried, apologizing, calling me everything but a kitchen sink,...etc. It was so bad, his manager 'Sally' was crying, her boss 'Andrew', was red in the face, when 'John' heard 'Sally' was crying, you can imagine the high levels of alpha-male 'gotta look like I'm protecting the females' hormones flowing.
Took almost another year, Tony released a change on a Friday, went home, web site crashed (losses were in the thousands of $ per minute this time), and Tony was not let back into the building on Monday (one of the best days of my life).10
Gahaa!!! Finally back home, after 7 fucking hours of sitting in busses and trains!
BUT I GOT MY NEXUS 6P!! Yoo-hoo!!! :D
And I've got a nice story about it.
So when I bought it, the guy selling it to me was a nontechnical type (I think?) whose wife was the previous owner. So I thought to myself, cool a nontechnical user used it.. probably no hardware mods or anything to worry about. Apparently they even factory reset it for me :)
Now, when I left to go back home, I of course immediately booted up the thing and did the whole doodad of logging into it, setting up the device etc.
Then it struck me. When I booted up the device and wanted to log in, there was a lock from Google that required me to first authenticate as either a previous account of the device, or their unlock pattern. So I figured, eh fuck it, I'll just flash some AOSP without GApps or send the owner an email asking what the previous pattern is.
But I still had to wait 30 minutes at the bus stop so I thought to myself.. previous owner was a nontechnical woman.. maybe I could crack it. No way to know if I don't try. So I started putting in random unlock patterns.
3 attempts later - I shit you not! - pattern accepted.
Do you want to add this account?
Oh boy Google, of course I do! Thanks for letting me in pal!
3 fucking attempts. That's all it took to crack the unlock pattern of an unknown person. 😎26
Boss asked one of our senior Linux engineers to look into an issue. When restarting a service, the person renting the server would get the errors e-mailed which occurred during the restart (it wasn't reachable so the service trying to reach it would throw errors).
Although this was very expected behavior, the client found it unacceptable! Boss asked the engineer to look into this while acknowledging that it was probably an impossible task except for if you'd just disable logging but then all debug info would be gone which we frequently use to debug stuff ourselves.
After two minutes:
E (engineer): fixed it.
V (boss): wait, WHAT? HOW?! I'VE BEEN TRYING TO FIND A FIX OR WORKAROUND FOR AGES!
E (with the mist nonchalant/serious face): I disabled the log mailing in the configuration.
Everyone was laughing. The client thanked us for 'solving' it xD7
So Nvidia doesn't let you use their GeForce Experience app anymore without logging in.
Fuck that, I don't want to login so I can see an FPS counter in my ganes or record them to my local disk or something like that... Fuck you Nvidia and fuck whoever decided that would be a good idea.8
We're having an ongoing credential stuffing attack right now. Hackers hit us hard over the weekend and the web team sent out an email congratulating themselves that they stopped the threat.
I decided to look to see how they "fixed" the issue.
They modified their code to stop logging the errors to prevent Splunk from sending the automated emails to management (how we have been able to spot/monitor the attack).
They literally just put their heads in the sand, stapled a sign to their ass that reads "Meteor? We see no meteor approaching. Everything is fine."5
Fucking wix advertisements! Getting real tired of the "want a website? Why not make it yourself?" ads. You're already logging all my fucking google searches to display relevant ad info so maybe wrap your head around the fact that I'm a web dev and make my own fucking sites??6
Not necessarily dev related but I need to get this off my chest.
So a bit of a backstory. I had to stay late from school the other day and ended up having to take an Uber home. The ride was fine lady was nice. Everything seems to be going well and there were no signs of any payment failure.
Then yesterday, I had to stay late again. I never said that I had an outstanding balance on my account. Apparently Uber was having problems charging my Android pay account.
So I ended up being stuck at school for like 3 hours. Great!😑
So I emailed Uber when I got home. And this is when I started pulling my hair out. I don't know how many replies I had, but each time I had to tell them that I was not using a prepaid card.
This was one of my replies:
"I'm sorry, are you real? If you are, here is a quick summary of the issue. I am using ANDROID PAY with my CHASE DEBIT CARD. Not, NOT, NOT a prepaid card. I happen to know that CHASE DEBIT CARD(which is the card I use, in case you have already forgotten) works with uber because MY FATHER USES THE EXACT SAME TYPE OF CARD with uber. He uses a CHASE DEBIT CARD(again I use that same type of card as well). So by using LOGIC I am able to deduce that a CHASE DEBIT CARD is in fact compatible. AGAIN THIS IS NOT A PREPAID CARD!!! If the card is incompatible, WHY DOES THE APP ALLOW BE TO ADD IT?!?! Also in response to your last email... Because I am using Android pay, do you really think that an ANDROID would be able to use APPLE pay? Also Google wallet is DISCONTINUED! Finally, PayPal DOES NOT CONNECT TO UBER. Returns a "Server Error." So please stop wasting my time with generic help solutions. Believe me, I have already googled my issue, and nothing comes up. That is why I contacted Uber. I want my driver to be paid, and, uber had made it SO painful with unhelpful "Solutions" to problems that don't even APPLY TO MY ISSUE. No not even mention PREPAID cards in your reply or I will consider you a robot built by monkeys banging their heads on a keyboard. Uber HAS my VALID payment information, USE IT! If there is a phone number I can call, please, enlighten me"
And the response was:
"Thanks for reaching out with this.
Happy to help with this issue you are having.
After reviewing your I can see that the only payment method associated with your account is an ANDROID PAY card and it is also a prepaid card. Some cards and methods are not compatible with our billing processes and can't be used with Uber. This includes prepaid cards."
So I concluded that they are monkeys.
Then Uber banned me from logging into my account because I didn't pay.
So now it is impossible for me to pay because I can't do anything with my account.
Now they want my SSN and a bunch of other shit that I won't give them.
I told them that they were being illogical, and I got the exact same response about the prepaid bullshit.
So I sent them this photo as a goodbye.
I get my driver's licence next weekend, so I won't need Uber anymore. YAY!
Also mind grammatical errors, I talked it in and am to lazy to proofread14
My team handles infrastructure deployment and automation in the cloud for our company, so we don't exactly develop applications ourselves, but we're responsible for building deployment pipelines, provisioning cloud resources, automating their deployments, etc.
I've ranted about this before, but it fits the weekly rant so I'll do it again.
Someone deployed an autoscaling application into our production AWS account, but they set the maximum instance count to 300. The account limit was less than that. So, of course, their application gets stuck and starts scaling out infinitely. Two hundred new servers spun up in an hour before hitting the limit and then throwing errors all over the place. They send me a ticket and I login to AWS to investigate. Not only have they broken their own application, but they've also made it impossible to deploy anything else into prod. Every other autoscaling group is now unable to scale out at all. We had to submit an emergency limit increase request to AWS, spent thousands of dollars on those stupidly-large instances, and yelled at the dev team responsible. Two weeks later, THEY INCREASED THE MAX COUNT TO 500 AND IT HAPPENED AGAIN!
And the whole thing happened because a database filled up the hard drive, so it would spin up a new server, whose hard drive would be full already and thus spin up a new server, and so on into infinity.
Thats probably the only WTF moment that resulted in me actually saying "WTF?!" out loud to the person responsible, but I've had others. One dev team had their code logging to a location they couldn't access, so we got daily requests for two weeks to download and email log files to them. Another dev team refused to believe their server was crashing due to their bad code even after we showed them the logs that demonstrated their application had a massive memory leak. Another team arbitrarily decided that they were going to deploy their code at 4 AM on a Saturday and they wanted a member of my team to be available in case something went wrong. We aren't 24/7 support. We aren't even weekend support. Or any support, technically. Another team told us we had one day to do three weeks' worth of work to deploy their application because they had set a hard deadline and then didn't tell us about it until the day before. We gave them a flat "No" for that request.
I could probably keep going, but you get the gist of it.7
My last wk93 story, the time we discovered school faculty was spying on students and we uncovered student's deepest secrets.
I call it, kiddiegate.
So if you've read my past rants you've noticed I did some pretty childish and reckless stuff with my highschool's systems when I was younger, but nothing compares to this thing.
After resetting the sysadmin account pwd on some machines it occurred to me I could write a keylogger to capture teachers Moodle accounts and so on, I decided to try it out on a regular lab computer first.
Imagine my surprise when I found a hidden keylogger already installed! I couldn't believe it but then I thought, what if other PC's have it? So I recruited my mates and teached them the process to check if a PC had been infected...ALL PCs were, over 30 computers we checked had been logging for over 3 months! That damn sysadmin! >:[
We were shocked and angry, but then I thought "hey. . . My work has been done for me, better take advantage"
So we did, we extracted each log and then removed it from the PCs along with the keyloggers. There were hundreds of records and then one day we started snooping into the fb accounts of some students (we shouldn't have) we uncovered so many nasty, shocking secrets...
One of the school's lady's man had a drunk one nighter with one of our gay friends, the most secluded and shy guy was sexting like crazy with 15 chicks at the same time, things like that...we promised to never say a word and deleted the logs.
After that we didn't do much and continued highschool as every teenage minor should, getting drunk and avoiding responsibilities, though we could never see many of our classmates the same way. The sysadmin was fired shortly after I graduated, no reason was stablished.
I want to clear out we were minors and laws in my country weren't clearly stablished at the time plus no harm was ever done. I don't condone hacking or any kind of illegal activity, just thought I'd share.7
I literally cringed today when my neighbor wanted help installing an app, she didn't tell me it was her banking app... And the thing I needed to help with was logging in... So she told me her bank details...
Even though I said (multiple times) it was dangerous to do so, and that she can't just trust people with this kind of information...
WHY ARE PEOPLE SO GOD DAMN STUPID WHEN IT COMES TO SECURITY!9
Spent most of the day debugging issues with a new release. Logging tool was saying we were getting HTTP 400’s and 500’s from the backend. Couldn’t figure it out.
Eventually found the backend sometimes sends down successful responses but with statusCode 500 for no reason what so ever. Got so annoyed ... but said the 400’s must be us so can’t blame them for everything.
Turns out backend also sometimes does the opposite. Sends down errors with HTTP 200’s. A junior app Dev was apparently so annoyed that backend wouldn’t fix it, that he wrote code to parse the response, if it contained an error, re-wrote the statusCode to 400 and then passed the response up to the next layer. He never documented it before he left.
Saving the best part for last. Backend says their code is fine, it must be one of the other layers (load balancers, proxies etc) managed by one of the other teams in the company ... we didn’t contact any of these teams, no no no, that would require effort. No we’ve just blamed them privately and that’s that.
Boss: "Yeah we have a logging project coming up that has to be done in C" Me: "I know C, I can give some pointers on that"6
Yes, you fucking retards, I will read this article about logging in NodeJS when the cover photo
- Isn't about logging
You really seem to know what you're talking about!17
Well this is a new one.
Had to download some forms online from a governmental institute. Tried logging in and I shit you not I got a message saying "we are currently closed, are opening times are X to Y"
BruhFuckingWhat.exe since when did servers get human rights and working hours7
Day 1 10:00 am
Login to email account (Zimbra)
Your password is incorrect (I entered it correctly, this was a permanent issue ,used to happen in the company with many employees)
Reset your password by logging into internal company portal.
Logged into company portal, somehow. 2 Mbps internet shared among 104 people, you can imagine the speed.
Reset email password
* your password has been sent to your email id*
Are you fucking kidding me? U have emailed me the password to the same email I can't log in to?
Where did the architecture designer get this top notch weed from?
Asked HR to reset my password (using a colleague's email)
No reply from HR yet
I went to meet HR, she's on vacation. So they have 1 person managing the password reset, for 5000 people with no backup person. Cool.
Your internal company password has expired. Check your email for link to create new password. This is some next level shit going on.
I called up Internal IT team to generate a new email for me.
They asked me to raise a ticket.
I can't raise a ticket because the only way to do so, is through the portal.
Nothing. Btw, personal email and all social networks were banned. You can't even open stackoverflow.
And this was a research lab, amazing huh?
Loss of pay for 4 days since I can't login to company portal to fill timesheet.
HR comes back. Resets my password.
I try to generate my new password for portal.
The password policy:
Password can't be same as last 10 passwords
Passwords expire every week
8 characters minimum, 2 upper case, 2 lower case, NO SPECIAL SYMBOL. WTF. How long do u think its gonna take to crack that?
Fuckers had a company wise policy to automatically lock PC every 1 min if not used. Who the fuck can keep on using it continuously! I'm reading an article, and bam ! Locked. 2 wrong entries and that's it, repeat all steps again. Fuckers really didn't want to let me do my job, just keep on logging in all day.21
- devRant TOR rant! -
There is a recent post that just basically says 'fuck TOR' and it catches unfortunate amount of attention in the wrong way and many people seem to aggree with that, so it's about time I rant about a rant!
First of all, TOR never promised encryption. It's just used as an anonymizer tool which will get your request through its nodes and to the original destination it's supposed to arrive at.
Let's assume you're logging in over an unencrypted connection over TOR and your login information was stolen because of a bad exit node. Is your privacy now under threat? Even then, no! Unless of course you had decided to use your personal information for that login data!
And what does that even have to do with the US government having funded this project even if it's 100%? Are we all conspiracy theorists now?
Let's please stop the spread of bs and fear mongering so that we can talk about actual threats and attack vectors on the TOR network. Because we really don't have any other reliable means to stop a widely implemented censorship.12
I now know another person's password without even wanting to.
He was sitting in the row in front of me, logging into our course page and then *brrrrraaaaapppp* - ran his index finger along the top number row and hit enter.
I don't even know what to say.13
ANTI VIRUSES AREN'T ALWAYS YOUR FRIEND!
So I'm under a little pressure to get an assignment done so I came home an was planning on working on it but Windows had other plans and decided to finish its update which I suspect copied my hard drive and uploaded it to the NSA at dial up speed because it it forever!!
But anyway back to the text in caps lock... I started working on it then when I hit compile I got an "access denied" error in the console and didn't know what the f*** was going on. So I decided to copy my filed to another directory and tried again... amazingly this worked so I carried on and after about 2 hours I get the same error -_- So instead of messing around and loosing my work I decided to commit it... but I cant... again "access denied" error.
After threatening my computer with a trip out the window, I finally decided to reboot it... cause "have you tried turning it off and on again" kept on rattling in my head.
After logging in I tried again and still the same error... Then I opened up my anti virus dashboard and went through the logs and found the screen shot attached.....19
I used to work as an all-in-one IT guy in a company. One day I got a call from our HR team and the HR said "my Internet banking account has been hacked! It's logging in automatically!!" So I went to see the issue, and the so called "hack" was because she allowed Mozilla Firefox to save her login credentials, and because of that the login form was automatically filled. Such a stupid ass4
I wrote a database migration to add a column to a table and populated that column upon record creation.
But the code is so freaking convoluted that it took me four days of clawing my eyes out to manage this.
BUT IT'S FINALLY DONE.
Why so long, you ask? Just how convoluted could this possibly be? Follow my lead ~
There's an API to create a gift. (Possibly more; I have no bloody clue.)
I needed the mobile dev contractor to tell me which APIs he uses because there are lots of unused ones, and no reasoning to their naming, nor comments telling me what they do.
This API takes the supplied gift params, cherry-picks a few bits of useful data out (by passing both hashes by reference to several methods), replaces a couple of them with lookups / class instances (more pass-by-reference nonsense). After all of this, it logs the resulting (and very different) mess, and happily declares it the original supplied params. Utterly useless for basically everything, and so very wrong.
It then uses this data to call GiftSale#create, which returns an instance of GiftSale (that's actually a Gift; more on that soon).
GiftSale inherits from Gift, and redefines three of its methods.
GiftSale#create performs a lot of validations / data massaging, some by reference, some not. It uses `super` to call Gift#create which actually maps to the constructor Gift#initialize.
Gift#initialize calls Gift#pre_init (passing the data by reference again), which does nothing and returns null. But remember: GiftSale inherits from Gift, meaning GiftSale#pre_init supersedes Gift#pre_init, so that one is called instead. GiftSale#pre_init returns a Stripe charge object upon success, or a Gift (and a log entry containing '500 Internal') upon failure. But this is irrelevant because the return value is never actually used. Pass by reference, remember? I didn't.
We're now back at Gift#initialize, Rails finally creates a Gift object using the args modified [mostly] in-place by all of the above.
Another step back and we're at GiftSale#create again. This method returns either the shiny new Gift object or an error string (???), and the API logic branches on its type. For further confusion: not all of the method's returns are explicit, and those implicit return values are nested three levels deep. (In Ruby, a method will return the last executed line's return value automatically, allowing e.g. `def add(a,b); a+b; end`)
So, to summarize: GiftSale#create jumps back and forth between Gift five times before finally creating a Gift instance, and each jump further modifies the supplied params in-place.
Also. There are no rescue/catch blocks, meaning any issue with any of the above results in a 500. (A real 500, not a fake 500 like last time. A real 500, with tragic consequences.)
If you're having trouble following the above... yep! That's why it took FOUR FREAKING DAYS! I had no tests, no documentation, no already-built way of testing the API, and no idea what data to send it. especially considering it requires data from Stripe. It also requires an active session token + user data, and I likewise had no login API tests, documentation, logging, no idea how to create a user ... fucking hell, it's a mess.)
Also, and quite confusingly:
There's a class for GiftSale, but there's no table for it.
Gift and GiftSale are completely interchangeable except for their #create methods.
So, why does GiftSale exist?
I have no bloody idea.
All it seems to do is make everything far more complicated than it needs to be.
Anyway. My total commit?
IN FOUR FUCKING DAYS!
We found out today that one of our customers uses our cloud software through a remote desktop with IE on Windows XP. What the fuck? They are a multinational corporation with God knows how much revenue a year, and they still use XP???
We found out because logging in didn't work anymore for them, so they sent a screenshot. 😶7
So the Microsoft rage continues as I tell a story about my father, the company that he works for and that companies whole IT structure.
So my father is forced to use Windows because, get this (he hates W10 with a burning passion, like me).... Office and other crap. Cool cool
Seems like Libreoffice isn't enough for you.... YES IT FUCKING IS. MY DAD GAVE ME EXAMPLE DOCUMENTS FROM HIS WORK AND GUESS WHAT, THEY ALL OPEN WITHOUT A FUCKING PROBLEM. But OK, maybe not all employees are familiar with Libreoffice/Openoffice, JUST KIDDING THEY ARE SOME FUCKTARDS WHO WORK FOR THEIR COMPANY THAT DON'T KNOW HOW TO FILL OUT A FORM IN EXCEL (aka. PROBABLY NEVER USED AN COMPUTER IN THEIR LIFE/OFFICE SPACE AMNISH). Okay, some employees might be incapable, but their infrastructure might be alright.
IT RUNS ON MICROSOFT SQL AND DIVX (YES, FUCKING DIVX, CAUSE THAT MAKES SENSE) FROM..........2008.
At this point I just feel bad for them. Because there were no IT guys at the company (they didn't understand shit that I said half of the time). I've warned them that their infrastructure might have more holes than fucking swiss cheese. I see they value their data since the front door is a 60 kg one (that's 132 lb in retard units). And there's a 1.8 m fence around the building.
And they've told me that the parent company, which hosts the server also hosts for 100+ other companies around the world.
100+, you say. I'm legit scared for them right now.
So naturally, I've asked them if they have backups... they do, thank god.
But still they use 2008 shit in 2018 and expect it to be secure. Fun fact, logging into their server (which is an HTTP running on Windows Server...... 2008 (that hurts to say)) with a browser other than.... not Edge.... but IE, *drum roll* breaks it, since... it runs authetication dll's (YES FUCKING DLLS) on the host system. THOSE POOR MOTHERFUCKERS COULDN'T EVEN SETUP SERVER SIDE AUTHENTICATION. EVEN CHANGING THE PASSWORD REQUIRES A FUCKING SYSADMIN TO BE CONTACTED, OH YEA YOU CAN'T SINCE THERE ARE NONE.
GOOD DAY TO YOU <INSERT COMPANY>, SORRY BUT YOU'LL GET FUCKING OBLIRIATED IF SOMEBODY DECIDES TO HACK YOU.10
This is from my days of running a rather large (for its time) Minecraft server. A few of our best admins were given access to the server console. For extra security, we also had a second login stage in-game using a command (in case their accounts were compromised). We even had a fairly strict password strength policy.
But all of that was defeated by a slightly too stiff SHIFT key. See, in-game commands were typed in chat, prefixed with a slash -- SHIFT+7 on German-ish keyboards. And so, when logging in, one of our head admins didn't realize his SHIFT key didn't register and proudly broadcast to the server "[Admin] username: 7login hisPasswordHere".
This was immediately noticed by the owner of a 'rival' server who was trying to copy some cool thing that we had. He jumped onto the console that he found in an nmap scan a week prior (a scan that I detected and he denied), promoted himself to admin and proceeded to wreak havoc.
I got a call, 10-ish minutes later, that "everything was literally on fire". I immediately rolled everything back (half-hourly backups ftw) and killed the console just in case.
The best part was the Skype call with that admin that followed. I wasn't too angry, but I did want him to suffer a little, so I didn't immediately tell him that we had good backups. He thought he'd brought the downfall of our server. I'm pretty sure he cried.5
Coworker: I give up! Please help me!
Me: What's up?
C: Take a look at this. I have this function here that gets the tab index and I'm passing it to the Tabs component over there. I'm logging the index and as you can see it's 3, but the Tabs component isn't working. However if I replace the function call with a 3 it works!
Coworker 2: While you were explaining all that, shellbug already thought about at least 3 reasons why that isn't working.
Me: **sighs** Of what type is the value that function is returning?
C: **stares at me for a few seconds** It's a number.
Me: Are you sure?
C: Well, it's returning 3.
Me: Please do a typeof.
It was string.8
Yesterday the web site started logging an exception “A task was canceled” when making a http call using the .Net HTTPClient class (site calling a REST service).
Emails back n’ forth ..blaming the database…blaming the network..then a senior web developer blamed the logging (the system I’m responsible for).
Under the hood, the logger is sending the exception data to another REST service (which sends emails, generates reports etc.) which I had to quickly re-direct the discussion because if we’re seeing the exception email, the logging didn’t cause the exception, it’s just reporting it. Felt a little sad having to explain it to other IT professionals, but everyone seemed to agree and focused on the server resources.
Last night I get a call about the exceptions occurring again in much larger numbers (from 100 to over 5,000 within a few minutes). I log in, add myself to the large skype group chat going on just to catch the same senior web developer say …
“Here is the APM data that shows logging is causing the http tasks to get canceled.”
Me: “No, that data just shows the logging http traffic of the exception. The exception is occurring before any logging is executed. The task is either being canceled due to a network time out or IIS is running out of threads. The web site is failing to execute the http call to the REST service.”
Several other devs, DBAs, and network admins agree.
The errors only lasted a couple of minutes (exactly 2 minutes, which seemed odd), so everyone agrees to dig into the data further in the morning.
This morning I login to my computer to discover the error(s) occurred again at 6:20AM and an email from the senior web developer saying we (my mgr, her mgr, network admins, DBAs, etc) need to discuss changes to the logging system to prevent this problem from negatively affecting the customer experience...blah blah blah.
FRACKing female dog!
Good news is we never had the meeting. When the senior web dev manager came in, he cancelled the meeting.
Turned out to be a hiccup in a domain controller causing the servers to lose their connection to each other for 2 minutes (1-minute timeout, 1 minute to fully re-sync). The exact two-minute burst of errors explained (and proven via wireshark).
People and their petty office politics piss me off.2
My dad used to be a Marketing Manager. He used to make a lot of presentations et al for his meetings. We got our first computer in our house when I was around 7 years old. It was first Windows 95, but I wasn't fortunate enough to even touch the machine. My dad was very protective about the machine. He himself would not use it unless he had to complete some work overnight. For me, it was an absolute wonder as to how and what that thing in the bedroom sitting on the desk next to my parents bedside was. I used to hide and peek around the door sill when my dad was working on it. He became a bit more lenient with the Windows 98 and let me and my sibling play DOS games under his supervision for a limited time.
Over time, I managed to look over his shoulder for the passwords - both BIOS and OS user passwords and started logging in myself. By now, my dad would let me sit on the bed near him when I looked curiously as he worked. Then I had to figure how to connect to the internet and surf the web. And there folks is how my journey with computers began.4
I just finished setting up an instance of searx.me for the public to use.
You are free to use it at https://search.privacy-cloud.me
I can't prove it but I've disabled logging with searx and ip logging in the nginx access logs (catching ddos's another way). If you don't find that enough proof then I suggest you don't use it :)
Let's go to sleep now.16
For a week+ I've been listening to a senior dev ("Bob") continually make fun of another not-quite-a-senior dev ("Tom") over a performance bug in his code. "If he did it right the first time...", "Tom refuses to write tests...that's his problem", "I would have wrote the code correctly ..." all kinds of passive-aggressive put downs. Bob then brags how without him helping Tom, the application would have been a failure (really building himself up).
Bob is out of town and Tom asked me a question about logging performance data in his code. I look and see Bob has done nothing..nothing at all to help Tom. Tom wrote his own JSON and XML parser (data is coming from two different sources) and all kinds of IO stream plumbing code.
I use Visual Studio's feature create classes from JSON/XML, used the XML Serialzier and Newtonsoft.Json to handling the conversion plumbing.
With several hundred of lines gone (down to one line each for the XML/JSON-> object), I wrote unit tests around the business transaction, integration test for the service and database access. Maybe couple of hours worth of work.
I'm 100% sure Bob knew Tom was going in a bad direction (maybe even pushing him that direction), just to swoop in and "save the day" in front of Tom's manager at some future point in time.
This morning's standup ..
Boss: "You're helping Tom since Bob is on vacation? What are you helping with?"
Me: "I refactored the JSON and XML data access, wrote initial unit and integration tests. Tom will have to verify, but I believe any performance problem will now be isolated to the database integration. The problem Bob was talking about on Monday is gone. I thought spending time helping Tom was better than making fun of him."
<couple seconds of silence>
Boss:"Yea...want to let you know, I really, really appreciate that."
Bob, put people first, everyone wins.11
My code broke for no reason.
I added a log statement to see why.
What the 何?!7
My secret joy. Logging into our "automated email do not reply" mailbox and reading folks futile attempts to argue with an automated system6
For my privacy advocate friends... They are logging keystrokes, clicks, and scrolls...
Worst WTF dev experience? The login process from hell to a well-fortified dev environment at a client's site.
I assume a noob admin found a list of security tips and just went like "all of the above!".
You boot a Linux VM, necessary to connect to their VPN. Why necessary? Because 1) their VPN is so restrictive it has no internet access 2) the VPN connection prevents *your local PC* from accessing the internet as well. Coworkers have been seen bringing in their private laptops just to be able to google stuff.
So you connect via Cisco AnyConnect proprietary bullshit. A standard VPN client won't work. Their system sends you a one-time key via SMS as your password.
Once on their VPN, you start a remote desktop session to their internal "hopping server", which is a Windows server. After logging in with your Windows user credentials, you start a Windows Remote Desktop session *on that hopping server* to *another* Windows server, where you login with yet another set of Windows user credentials. For all these logins you have 30 seconds, otherwise back to step 1.
On that server you open a browser to access their JIRA, GitLab, etc or SSH into the actual dev machines - which AGAIN need yet another set of credentials.
So in total: VM -> VPN + RDP inside VM -> RDP #2 -> Browser/SSH/... -> Final system to work on
Input lag of one to multiple seconds. It was fucking unusable.
Now, the servers were very disconnect-happy to prevent anything "fishy" going on. Sitting at my desk at my company, connected to my company's wifi, was apparently fishy enough to kick me out every 5 to 20 minutes. And that meant starting from step 1 inside the VM again. So, never forget to plugin your network cable.
There's a special place in hell for this admin. And if there isn't, I'll PERSONALLY make the devil create one. Even now that I'm not even working on this any more.9
Sometimes the design decisions of big companies amazes me.
I wanted to contact support of Cloudflare. The only way to submit a new support query is by logging into the account first.
My problem is that I can not log into my account. What a bunch of retards.6
I've got a confession to make.
A while ago I refurbished this old laptop for someone, and ended up installing Bodhi on it. While I was installing it however, I did have some wicked thoughts..
What if I could ensure that the system remains up-to-date by running an updater script in a daily cron job? That may cause the system to go unstable, but at least it'd be up-to-date. Windows Update for Linux.
What if I could ensure that the system remains protected from malware by periodically logging into it and checking up, and siphoning out potential malware code? The network proximity that's required for direct communication could be achieved by offering them free access to one of my VPN servers, in the name of security or something like that. Permanent remote access, in the name of security. I'm not sure if Windows has this.
What if I could ensure that the system remains in good integrity by disabling the user from accessing root privileges, and having them ask me when they want to install a piece of software? That'd make the system quite secure, with the only penetration surface now being kernel exploits. But it'd significantly limit what my target user could do with their own machine.
At the end I ended up discarding all of these thoughts, because it'd be too much work to implement and maintain, and it'd be really non-ethical. I felt filthy from even thinking about these things. But the advantages of something like this - especially automated updates, which are a real issue on my servers where I tend to forget to apply them within a couple of weeks - can't just be disregarded. Perhaps Microsoft is on to something?13
My family hosts an 100 mile (160km) run once every year for ultra-runners. 11 hours in the first runner has done 105 km. And I'm sitting at this checkpoint logging their times and working on a project. But rain started pouring down and this not so waterproof tent has just become the worst developing workplace I have ever been in because the umbrella ain't big enough for me and the laptop. So I'm soaked and won't be relieved for another 8 hours. The things you do for family.8
Team quarterly capacity planning:
- Confluence document created with a big table (+100 rows) by product / business. Each row is something that needs to be worked on for the coming quarter.
- Row 1 could be an Epic with 15 tickets attached. Row 2 could be adding a single log to our analytics. No consistency.
- For each row, we create a separate confluence document with the "technical details". 75% of the time these remain blank. 1% of the time there is something useful, the rest its a slightly longer version of the description from the bigger document.
- Each row gets a high level estimate by the leads. 50% of the time without sufficient background info to actually do get it accurate.
- These are then copied into the teams excel spreadsheet, where it will calculate if we are over/under capacity.
- We will go backwards and forwards between confluence and excel until we are "close enough" to under capacity without being too much.
- Once done, we then need to copy them into the org/division's excel spreadsheet. This document is huge, has every team on it and massive 50pt text saying "Do not put a filter on this document".
- Jira tickets + Epics will now be created for each one, with all the data be copied over by hand, bit by bit, by product. Often missing something.
- Last week, at the end of this process for Q2 (2 weeks late), 6 of the leads were asked to attend a 30 minute meeting to discuss how to group the line items together because we had too many for the bigger excel spreadsheet.
- This morning I was told business weren't happy with one of our decisions to delay one line item. Although they were all top priority (P0), one of them was actually higher than that again (P-1?) and we need to work it back in.
... so back to step 1
- Mid way through Q2, a new document will be created for Q3. Work items that didn't make the cut will be manually copied from one to the other. 50/50 whether anything that didn't get done on time in Q2 will make its way to the Q3 doc.
- "Tech excellence" / "Tech debt" items (unit/UI tests, documentation, logging, performance, stability etc) will never be copied over. Because product doesn't understand them and assumes therefore that they are unimportant.
PS: I'd like to say this was a rare event for Q2, but no. Q4 and Q1 were so bad, we were made assurances from the director of engineering that he would fix this process for Q2. This is the new and improved process (I shit you not) that has resulted in nothing tangible.7
Every single fucking time:
Developers: Maybe we'll do something nice for the users, like signing in with Facebook account?
Business: Nah, nobody is gonna pay for that and it sounds useless. We're good with current solutions. Just do your job!
half a year later:
Business: Hey, I just came up with the idea that we could have logging in with Facebook.
Also business: Wow, great idea!
Management: Here's your bonus for a great idea!
Me: Hello. I'm from dept. ABC. My system isn't working.
IT: Have you tried logging OFF & ON again?
Me: (Let me rephrase) No the system isn't turning ON 😅
IT: Before I come over to your desk, can you try restarting once? 🤓
Me: (Motherfuck..) 🙂5
So I thought I will set up a PIN to make logging into the corporate PC easier. Hm... based on these requirements I can probably stick with password.12
I think I've got a working searx instance which I'd open up for the public.
NOTE: I cannot prove that I don't store anything because for that you'd need root access to the server which I won't give obviously. If you're not comfortable with that, just don't uses it.
I still have to do something for ip address logging anonymising or stripping, though. (nginx + CSF provided enough abuse prevention).
Tips on that?31
Client: “I’m sorry I just don’t understand the issue with the contract?
You said logging into Facebook was easy, what’s the issue with feature X (= complex graph API queries based on opinions and sentiment) and displaying images and videos, it’s the same thing!!!”
... no sir, it is NOT2
The day I discovered Schrödinger's lesser known paradox of simultaneously being fired and not fired.
This isn't really much of a dev story, but I figured I'd share it anyway.
About two minutes into signing into all my stuff, I suddenly was kicked out of everything. I tried logging in a few more times, and then suddenly started getting the error, "Your account has been disabled for security reasons." I couldn't sign into chat, and co-workers confirmed that I was missing from the company directory. My manager didn't come in for another two hours, and we couldn't get anyone else to answer what the hell was going on. So I was kinda panicking.
Eventually, we found out from one of our coordinators that someone else with the same name as me was leaving the company, and they had deactivated the wrong person.
It ended up getting a lot better. They told me that it could take up to 48 hours to restore my access (it took longer), so I found stuff to do so I could maintain my paycheck. One of those things was assisting someone with data collection and processing, where I eventually said, "Dude, I could totally automate this," and now that's what I'm getting paid to do.1
Installed Miami Street earlier today.. some random free Shaftgame.
Late at night now, I figured "let's try this out".
> Logging in...
*goes to the settings for this crap game*
Fucking worthless piece of Microshit.. yet another data collection hook that REQUIRES your shit to log in just to fucking work? Fucking Shaftfuckers, 5GB of internet traffic I spent on this?! Just to see it be a worthless data-hungry paperweight?!! Luckily my residential connection is unmetered and has some decent speeds.. but still, FUCK YOU MICROSHAFT!!!
Coincidentally, keyboard input completely broke when I wanted to do a minor edit to the drafted rant. Microshit can't even design a decent keyboard driver anymore, huh.. I DIDN'T WANT TO HAVE TO REWRITE THIS SHIT FOR A SECOND TIME, FUCKING REDMOND MICROCUNTSUCKERS!!!!7
I came back here, after not logging in for about a year just to say that patents are fucking stupid. Thanks, see you in another year!5
PM: Can we have it so the usernames are case-sensitive?
Me: uhh, sure I guess.. But thats like really pointless and adds no real usefulness.. In fact makes the whole logging in thing a tad more complicated for no reason..
PM: Well this one other product we have uses "Admin" for the login versus yours that used "admin" so it needs to be implemented.
(note that mine accepted "Admin" anyways...) *implemented it*
PM: So there's a problem with the username sort, it sorts by capitals then lowercase.. eg:
Me: Yeah, you asked for case-sensitive usernames..
PM: Well can you fix it?
Me: I could create a second field within the user data that is the username in all lowercase and sort by that. But that negates like all of the whole case-sensitive usernames thing.. OR I could drop all this actually important work I'm doing and do a whole bunch of work on a custom sort for this useless fucking feature you wanted me to put in..
*it's been 2 weeks and still no reply...*
TL;DR: Sometimes it okay if all you did the entire day was to breathe and survive.
There's heavy downpour since early morning and water logging is frequent and common in my area.
I had to catch the office bus, but being dependent on local transport to get to the office bus stop, got me all soaked.
I literally had to jump in a puddle of water (like a kid and it was fun 😂😂), to catch the bus.
Anyway, the journey begun and I started sneezing. Damn! I forgot the handkerchief and had nothing to wipe my head dry.
I have serious sinus issues and just prayed that shit doesn't start until I reach office, because I had no tissues as well. I didn't want to be embarrassed with running nose and watery eyes.
Reached office all soaked and dripping. Now the fun begins. The cunts keep the air conditioning temperature to -99 degree celsius. Yes, MINUS 99 DEGREES.
People are fucking freezing to death and motherfuckers refuse to increase the temperature 😂😂😂
By 12:00 PM, my body was numb. I was shivering and could hardly feel anything. Thanks to my reserved body heat, managed to dry myself by 01:00 PM.
Then was assigned a shitty task, which was to clean up a co-workers steaming shit.
Earlier, I had to deal with numb body, but now my mind was numb as well.
Managed to finish the task and call it a day.
Well on the way back, I had to pick some groceries.
It took me literally two minutes to put them in a basket and FORTY-FUCKING-FIVE MINUTES TO STAND IN QUEUE AND PAY FOR THEM.
While in queue, the illiterate and ill-mannered cunts in the supermarket annoyed me to death. Pushing and squeezing me between their tits and ass.
Somehow managed to reach home, all tired and depressed with no mood to do anything at all.
Might just browse through rants for a while now and retire to bed.
Hope tomorrow's a good day. 😊13
When a colleague left their computer without logging out, I created a shortcut to internet explorer, named it Google Chrome, and changed the icon to Chrome's icon. I couldn't remove Chrome's shortcut from the desktop or modify it because I didn't have permissions, so I turned of icon snapping and dragged it off the screen. I also replaced Chrome in the task bar with my fake icon. I then set the Internet Explorer to open a bunch of useless pages when it opens, set it to the default browser, and changed the search engine to Yahoo!18
Got an email earlier this week. It went something like this:
"It looks like your team still hasn't delivered the logging and monitoring solution that we asked for. Can you get it done in time for our production deployment next Friday?"
Um, wait, excuse me, WHAT?
1. You never actually asked for the thing you claim we didn't deliver. In fact, when we brought up the fact that you should probably have some monitoring set up for your servers, you said it would be handled entirely by your own team.
2. I HAVE BEEN WORKING ON THIS PROJECT FOR SIX MONTHS WHY DIDN'T YOU TELL ME YOUR DEADLINE UNTIL NOW
3. I won't even have time to start working on this until the Monday after your prod deployment date. Sorrynotsorry.
I really shouldn't be surprised though. This project has been a clusterfuck from the very beginning so this is just par for the course.2
TLDR: Small family owned finance business woes as the “you-do-everything-now” network/sysadmin intern
Friday my boss, who is currently traveling in Vegas (hmmm), sends me an email asking me to punch a hole in our firewall so he can access our locally hosted Jira server that we use for time logging/task management.
Because of our lack of proper documentation I have to refer to my half completed network map and rely on some acrobatic cable tracing to discover that we use a SonicWall physical firewall. I then realize asking around that I don’t have access to the management interface because no one knows the password.
Using some lucky guesses and documentation I discover on a file share from four years ago, I piece together the username and password to log in only to discover that the enterprise support subscription is two years expired. The pretty and useful interface that I’m expecting has been deactivated and instead of a nice overview of firewall access rules the only thing I can access is an arcane table of network rules using abbreviated notation and five year old custom made objects representing our internal network.
An hour and a half later I have a solid understanding of SonicWallOS, its firewall rules, and our particular configuration and I’m able to direct external traffic from the right port to our internal server running Jira. I even configure a HIDS on the Jira server and throw up an iptables firewall quickly since the machine is now connected to the outside world.
After seeing how many access rules our firewall has, as a precaution I decide to run a quick nmap scan to see what our network looks like to an attacker.
The output doesn’t stop scrolling for a minute. Final count we have 38 ports wide open with a GOLDMINE of information from every web, DNS, and public server flooding my terminal. Our local domain controller has ports directly connected to the Internet. Several un-updated Windows Server 2008 machines with confidential business information have IIS 7.0 running connected directly to the internet (versions with confirmed remote code execution vulnerabilities). I’ve got my work cut out for me.
It looks like someone’s idea of allowing remote access to the office at some point was “port forward everything” instead of setting up a VPN. I learn the owners close personal friend did all their IT until 4 years ago, when the professional documentation stops. He retired and they’ve only invested in low cost students (like me!) to fill the gap. Some kid who port forwarded his home router for League at some point was like “let’s do that with production servers!”
At this point my boss emails me to see what I’ve done. I spit him back a link to use our Jira server. He sends me a reply “You haven’t logged any work in Jira, what have you been doing?”
Any bikers around here?
I recently bought my first motor bike ( super cheap ) and I'm excited to add some enhancements to it like GPS logging and collect relevant data about my bike.
Have you don't anything similar to your ride? I would like to put my Dev skills and improve my bike as a hobby.18
Not a rant, just feeling pretty happy about my current situation so thought I'd share!
Been stuck in a dead end job at a small web design agency - you know the type, web design, development, SEO, anything in between - for the past 5 years (I was the only dev and was relied upon to do everything).
Finally got myself a new job this year and I'm loving it so far. Was dreading actually logging my time spent on projects / tickets as my old job was pretty much a chaotic free for all, but it's left me with a sense of achievement / accomplishment and I feel more organised in my personal life too.4
They always say "Stop wasting time".
They always say "Just use the tools we are all using".
They always say "I get it, you're the OSS guy. IDC, go to work now".
They always say "I hope you won't be logging this time on our customer's timesheet".
And they always come back to me "Look, I've heard that tool you've made/found is really cool and efficient, saves lots of trouble and makes us go faster. Can you send it to me via slack? TIA"
I see things that could/should work better and I make them do exactly that. It's my gift. It's my curse.3
I like logging into public wireless networks where the admin credentials are the default and mess with their wireless settings...
Am I wrong?18
So this bloody hilarious, I submit my PWA to windows store, mainly for shits and giggles, see how the whole thing works and all that.
According to them, this is 'Opening within my application" and I am apparently able to access user details via google own sign in link, not SSO.
This exists solely for the benefit of Microsoft who are having trouble comprehending the fact that RTMS Events does NOT have Authentication.
Microsoft believes that as the application uses Google Maps, and when Google Maps opens a “Sign In” button appears, that I am able to access your personal information.
As any reasonable person will understand, that is not the case, logging into Google Maps/Google for the benefit of using Google Maps in NO WAY gives anyone else access to your personal information.
"WTF? These records should have been inserted into the table!"
...Hours of checking code, trying to figure out how this is possible, can't find a way to have this scenario happen...
...Add additional debug and troubleshooting code, add more verbose logging, redeploy to all the containers, reset all the tables, many apologies to the boss for the delay....
...Co-worker comes in: "oh, hey, sorry, accidently deleted some stuff from the database last night before i left."1
When I see two fields, one for username and one for password, I expect I can fill them out immediately subsequently with only a tab in between. While typing my password I DON'T want to get sent to a page where I can enter my password only: I was entering it already! Sometimes I even make it until I pressed the enter key that was supposed to log me in, but then I'm kindly requested to reenter my password. At that moment I not-so-kindly think: FUCK YOU Microsoft, you should know better. Even when logging into Visual Studio for fack sake3
Started part time job at a company, had to log my time on timesheets. Said fuck this and now the whole company logs their hours on a custom web based time logging system which I built.5
Trying to learn some golang after a break.
Made http / https transparent proxy for personal project.
Mind: You need to add configuration file with domains you allow traffic and block everything else using list of regex.
Me: Ok I can do it, 4 hours later ok done
Mind: Why not make it differently by making list of url you can block and test this shit on fucking ads and stop using adblock that downloads content.
Me: ok that will be handy I can watch websites faster and drop traffic I don’t want to.
Funny fact, it works I broke analytics, logging, quantum shit fucks and even youtube plays ok.
Go is awesome for networking stuff lol.12
On a 5 hour bus ride for which the company advertised that they have WiFi. Technically they did, it just didn't seem to be connected to anything. (it was but it was unusable). I tried logging into the router as i always do and one default "admin" password later i was in.
I didn't want to mess up anything too badly, however i did change the wpa password to "YouShouldMakeThisABitMoreSecure"5
Introduced a ‘new’ logging framework for our web site. Web team is testing the integration and I get an email saying the logging wasn’t working. Instead of sending me how she is searching the logs, she sends me a screen shot of the code (which is ass-backwards of how I documented the logging library, but that’s another rant). OK, she wrote 5 lines of code that should be one line, but OK, the error still should have logged fine. I search the logs, and sure enough, there they are. Errors logged just as they should.
So I email back (with screenshot of the search query and results) asking how she searched for the errors.
Hour later she responds ..”I don’t know.”
WTF do you mean “I don’t know”?…WTF…you are a –bleep-ing developer too! This is not the first –bleep-ing splunk query you’ve written!
OK..I’m calm..feeling better. Wouldn’t be so bad if she emailed just me with the question (I’m not a splunk query expert either, we can figure it out together), but she was sure to cc 3 of the PMs involved in the integration, my boss, and other team members to make it sound like the problem was my code.3
<just got out of this meeting>
Mgr: “Can we log the messages coming from the services?”
Me: “Absolutely, but it could be a lot of network traffic and create a lot of noise. I’m not sure if our current logging infrastructure is the right fit for this.”
Senior Dev: “We could use Log4Net. That will take care of the logging.”
Mgr: “Log4Net?…Yea…I’ve heard of it…Great, make it happen.”
Me: “Um…Log4Net is just the client library, I’m talking about the back-end, where the data is logged. For this issue, we want to make sure the data we’re logging is as concise as possible. We don’t want to cause a bottleneck inside the service logging informational messages.”
Mgr: “Oh, no, absolutely not, but I don’t know the right answer, which is why I’ll let you two figure it out.”
Senior Dev: “Log4Net will take care of any threading issues we have with logging. It’ll work.”
Me: “Um..I’m sure…but we need to figure out what we need to log before we decide how we’re logging it.”
Senior Dev: “Yea, but if we log to SQL database, it will scale just fine.”
Mgr: “A SQL database? For logging? That seems excessive.”
Senior Dev: “No, not really. Log4Net takes care of all the details.”
Me: “That’s not going to happen. We’re not going to set up an entire sql database infrastructure to log data.”
Senior Dev: “Yea…probably right. We could use ElasticSearch or even Redis. Those are lightweight.”
Mgr: “Oh..yea…I’ve heard good things about Redis.”
Senior Dev: “Yea, and it runs on Linux and Linux is free.”
Mgr: “I like free, but I’m late for another meeting…you guys figure it out and let me know.”
Me: “So..Linux…um…know anything about administrating Redis on Linux?”
Senior Dev: ”Oh no…not a clue.”
It was all I could do from doing physical harm to another human being.
I really hate people playing buzzword bingo with projects I’m responsible for.
Only good piece is he’s not changing any of the code.3
I had security reopen our test-user last week. I could run the tests once, then they started failing with "blocked user due to too many attempts at logging in". Huh, that's weird. I go through everything, every script, every scheduled task, every nook and cranny of every drive on every machine I could reach, and make sure the password is updated everywhere. Reopen account. Same shit.
I email around to some people, they don't use it, one guy asks if I checked x, y and z, I did. Then he's sure we don't use it anywhere else.
It's one of our fucking contractors that took one of our scripts (that they're supposed to have duplicate copies of) and forgot to change to their own credentials. That's literally the agreement, take our scripts and change the user and run them on your machines.
Afhfjdkdhdjdbd stop locking me out of everything with your incompetence. I email them, some cunt gets back to me asking for the new password. NO. USE. YOUR. OWN. CREDENTIALS. I KNOW YOU HAVE THEM, THEY'RE HERE IN THE LIST AND BEING USED IN ALL OTHER SCRIPTS AAAAAAAAAHHH6
I was noticing some slow network and it was dropping some connections. So I booted up my old XP install with Java 6 so connect to the ASA 5505, I see it’s logging max connections of 10000 has been reached.
Fine, I recon it’s my colleague backing up his entire machine to Google Drive.
Because when he shut it off, n connections dropped.
I check back in the log, and I see there’s 4-500 connections happening per second, I think WTF and check the source IP. Lots of random IPs from Vietnam, all going to a Windows2008 Server using rdp.
(I didn’t setup our servers, so I didn’t know which server it was accessing)
Ask my other colleague, he told me it’s a windows server from an earlier project that’s not used anymore.
I rdp into it, see there’s users logged in from around the world, and I immediately do a shutdown.
Would you look at that, connections per second dropped to about 50.
I guess that server isn’t going back online ever.
And I now need to ask management for a budget to update our network infrastructure, because the old ASA 5505 is begging me to die.
TL;DR gg previous employees didn’t shut down old servers and left them open to the world to enjoy9
So Patanjali(aka Ramdev Baba trying to sell you even a fucking underwear as ayurvedic and locally made) released their chat application "Kimbho" and was taken down within 24 hours because of major security flaws.
Some obvious ironies I would like to point out here.
1. Coming up with a chat application with gaping security flaws at this stage when privacy related discussions are happening at every nook and corner, worst move ever.
2. There are elections in 2019 and 1 year would be the right amount of time to gather data on public and start targetting and influencing people. It shouldn't be so obvious and everyone knows which political party Patanjali leans towards.
3. You are promoting an app citing Make In India initiative. You are the biggest Indian based FMCG operating in India, courtesy exploiting nationalist sentiments. Whatever you aim of doing, at least invest a decent amount of money in hiring good developers and designers. If not anything get a content writer who will write you an original description of your app for as low as ₹1000.
4. Promoting a competitor of whatsapp on whatsapp is a brilliant move. Give that marketting fellow a big raise.
5. Replacing the phone icon with a shankh is not innovation. Also, everyone knows about spam farms in Bangladesh and many places in India. So boasting about 1.5 lakh downloads in less than an hour only speaks more about your ignorance and lack of technical knowledge.
6. If you really are promoting "swadeshi app", why are you offering logging in through facebook? I mean even a blind person can clearly see your agenda here.
7. Hike is a messaging app made in India and they are here since long and still it are nowhere near the usage of whatsapp. Selling shit in the name of Make in India is not cool and its high time Patanjali realises this. But then again, it is their only marketting strategy because how else can you sell something as gross as cow urine and that too people buying it voluntarily.
8. If this stunt was carried out to be in the news, well played. You are getting a good amount of publicity, but this time a bad publicity will do more harm than good. People are calling out your bluff and you will get to see the results.
Mr. Baba Ramdev, fraud karo, itna blatant mat karo. India ki public sentimental hai chutiya nahi.7
I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.
That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.
However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'
oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.
Each server access takes roughly half an hour. 4 servers -> 2hrs.
So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...
That was the time I discovered skrillex.6
Is it just me, or does anyone miss logging into a Unix/Linux machine, doing a 'w' or 'who' and seeing a long list of folks all using the machine simultaneously? I still reflexively run 'who' as soon as I log into any real or virtual Unix or Linux machine and I am still slightly disappointed to find I'm all alone on it.5
What features would you want in a logger?
Here's what I'm planning so far:
- Tagged entries for easy scanning of log file
- Support for indenting to group similar sequential entries
- Multiple entry types (normal, info, event, warning, error, fatal, debug, verbose)
- Meta entries, so the logger logging about itself, e.g. disk i/o failures.
- Ability to add custom entry types, including tag, log-level, etc.
- Customizable timestamp function
- Support for JS's async nature -- this equates to passing a unique key per 'thread'; the logger will re-write all the parent blocks for context, if necessary. if that sounds confusing, it's okay; just trust that it makes sense.
- Caching, retries, etc. in the event of disk i/o issues.
- Support for custom writers, allowing you to e.g. write logs to an API rather than console or disk.
How about these features?
- Multiple (named) logs with separate writers (console, disk, etc.)
- Ability to individually enable/disable writing of specific entry types. (want verbose but not info? sure thing, weirdo!)
- Multiple writers per log. Combined with the above, this would allow you to write specific entry types (e.g. error, warning, fatal) to stderr instead of stdout, or to different apis.
- Ability to write the same log entry to multiple logs simultaneously
What do you think of these features?
What other features would you want?
I'm open to suggestions!19
Managed to make myself look like a fucking moron again today...
Can't mount NFS share, get "permission denied". Huh, that's weird... It's correctly exported.
Well it's correctly exported and rpcinfo -p $HOST times out... Must be firewall rule.
Firewall rule is changed but still no joy "permission denied"... Fuck sake networks, can't you do anything right first time?!!!
Firewall rule is correct I am reliably informed... Go about proving that it's not fucking correct and provide "evidence" to show this, I was a little bit more blunt than was strictly required.
Networks say they will take another look.
I turn NFS logging to verbose for my own interest and notice the line "path/to/directory is not a valid directory".
I, as a moron, had missed a "/" at the start of the path. That's why I still couldn't mount after the firewall change.
Go over and apologise in person and explain how I'm a total idiot.
OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..
Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!
Here it goes..
Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.
OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.
Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.
Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..
I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..
Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.
I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..
I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.
WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...
WTF..Ok, cig break to let me think..
I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?
So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o
Unfuckin believable.. How did this ever work?!
Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!
So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..
If only the original procedure was working as it should.. bloddy hell!!8
Inmates are trying to take over the asylum again.
Got a message from the web team manager deeply concerned because since switching to the new logging framework, the site is significantly slower.
She provided no proof or any data to what 'significantly slower' means.
#1 The 'new logging' has been in place and logging for 5 years. We only recently depreciated the ILogger interface ('new' ILogger interface only has 1 method instead of 5)
#2 The 'old logging' was modified 5 years ago, so even if you were using the 'old' interface, the underlying implementation is still the same.
She tried to push the 'it wasn't this slow before' argument, so I decided to do some fact based analysis.
Knowing they deployed their logging changes couple of weeks ago, I opened up AppDynamics, looked at the average call time to Splunk (along with a few other http calls they are doing)
- caching services - 5ms
- splunk - 30ms
- Order Service - 350ms
- Product Data Service -525ms
Then I look at the data they are logging, for the month of June, over 5 million messages. At 30ms each, that's almost 42 hours spent logging errors...yes errors. Null reference exceptions, Argument exceptions, easily fixable stuff.
So far for the month of July (using the 'new' logging), almost 2.5 million errors. Pretty close so far with June's numbers.
My only suggestion was to fix the bugs in their code so they don't log so many errors.
Her response.."Can we have one of our developers review your logging code? We believe we can find ways to optimize the http requests"
Oh good Lord. I'm not a drinking man..but ...I might start.2
I've started logging my sleep patterns on a spreadsheet. Hoping to get some interesting statistics eventually.17
Thanks to mandatory password change, today:
- My windows account got locked because my phone kept logging into wifi using
- Google Hangouts were silently running in background with old session until I re-opened it. Work of others delayed by 4 hours due to missing message notifications.
- Docker for Windows lost credentials needed to use SMB mounts - 1h of debugging why my containers mount empty folders ( now I will know)
- Google G-Sync for Outlook asked for new password on outlook restart - few mails delayed.
All of that for sake of security that could be easily solved with 2FA instead, not faking that "I do not change number at the end of my password"
When you take procrastination to another level... Adding Good looking table style output with emoji in a logging script which is only to be used once in a lifetime 😁3
I'm planning on writing an open source (and much improved) version of my logger, but I'm stuck on picking a name :<
So, anyone have naming suggestions for a tagged and branching/nesting logging library? (ES6)
(I don't think "deforestation" is a good choice. sounds kinda bad.)23
You know the worst thing about being a freelancer? You're expected to wear every fucking hat and you don't get normal hours.
Over the past few days I have been working with a client of a client attampting to fix his server. He's running CentOS on VMWare and somehow ended up breaking the system.
Upon inspection there was no way to fix his system remotely. It wouldn't even boot in recovery mode. So we've been attempting to recover his data so that we can reinstall CentOS and not have to start completely from scratch.
So for the past 3 days straight I have been remotely logging in to a Debian Live CD and manually sending folders to a FTP server of his. He has somewhere close to 30 sites on this server, and upwards of 1 million files in total.
Yesterday either the system freaked out or he did something, but the entire fucking system stopped responding which forced me to reboot it, reinsert the live CD, reinstall evertything, and re-mount his broken systems drives.
Here we are 3 days in, we're still not done, and I'm getting slightly pissy because if you don't know Linux well enough to fix this shit yourself, you shouldn't be acting as your own sysadmin for 30+ sites.
Also, backups are a thing right? VMWare also has snapshots. I know the extra storage isn't cheap, but it's a hell of a lot cheaper than paying soemone like me $35/hr to go and fix all of your shitty mistakes.2
My predecessor used auth as a bool. The only way he kept basic users from accessing admin functions was by including the word "admin" or "user" in the URL so any user could be the administrator by just changing the URL parameters after logging in
For example, mysite.com/admin/editorderdetails vs. mysite.com/user/editorderdetails
So we have an API that my team is supposed send messages to in a fire and forget kind of style.
We are dependent on it. If it fails there is some annoying manual labor involved to clean that mess up. (If it even can be cleaned up, as sometimes it is also time-sensitive.)
Yet once in a while, that endpoint just crashes by letting the request vanish. No response, no error, nothing, it is just gone.
Digging through the log files of that API nothing pops up. Yet then I realize the size of the log files. About ~30GB on good old plain text log files.
It turns out that that API has taken the LOG EVERYTHING approach so much too heart that it logs to the point of its own death.
Is circular logging such a bleeding edge technology? It's not like there are external solutions for it like loggly or kibana. But oh, one might have to pay for them. Just dump it to the disk :/
This is again a combination of developers thinking "I don't need to care about space! It's cheap!" and managers thinking "100 GB should be enough for that server cluster. Let's restrict its HDD to 100GB, save some money!"
And then, here I stand trying to keep my sanity :/1
Having trouble logging into an app I am suppose to be working on with another dev. Debugging and found this:
// TODO: Temporary Optional because the API is not working properly
... i'm not happy for so many reasons
Hello devRant, this is going to be my first time posting on the site.
I work for a gaming community on the side, and today one of the managers asked me to implement a blacklist system into the chat and reactivate the previously existing one temporarily. This shouldn't have had any issues and should've been implemented within minutes. Once it was done and tested, I pushed it to the main server. This is the moment I found out the previous developer apparently decided it would be the best idea to use the internal function that verifies that the sender isn't blacklisted or using any blacklisted words as a logger for the server/panel, even though there is another internal function that does all the logging plus it's more detailed than the verification one he used. But the panel he designed to access and log all of this, always expects the response to be true, so if it returns false it would break the addon used to send details to the panel which would break the server. The only way to get around it is by removing the entire panel, but then they lose access to the details not logged to the server.
May not have explained this the best, but the way it is designed is just completely screwed up and just really needs a full redo, but the managers don't want to redo do it since apparently, this is the best way it can be done.7
ALMOST HALF AN HOUR SPENT TRYING TO LOG INTO MY FUCKING RASPBERRY PI OVER SSH.
you know what the problem is?
I’m not gonna tell you because I want you to feel the agony too.
> be me
> want to set up a nextcloud instance on pi to play with
> boot up
> ssh pi
^tries like 60 more times with different things
> pulls HDMI out of PC
> connect to pi direct
> check the logs
>try login from phone
>Tries resetting password
>tried logging into other pi
>type @ sign
So I was logging into google today and my password is very long so I often make mistakes while typing it so I went to inspect element to change input type to text so that I can check the password and I see that Firefox is storing my password already as plain text. Wtf Firefox???8
I walk into the kickoff meeting today. The first part of this project had 5 developers and a project manager. Former project manager handled communication and sheltered us from bullshit. We built an amazing piece of software in a very short time. Customers were so amazed that they decided to reboot the project, boost the funding by several million, and let us go again. They specifically requested the same team.
Now the team looks like this: the neediest tester guy, a UX lady that doesn't have any UX background, an agile "visionary", a project manager that doesn't understand how development works, a solutions architect, 3 COTS platform specialists, a devops specialist, and an account lead. They have booked all kinds of workshops and other shit to kick things off.
So development capacity is only 60% of what it was. Management ratio was 1:5 before. Now the management ratio is 9:3. The new project manager thinks developers should be on more customer calls and responding to all customer emails during sprints. We already built this system and devops pipelines end to end. The COTS people, solutions architect, or the UX person can't program. They want us to magically convert this custom application into one based on COTS. What we need to do is make the rest of the business processes that we omitted, integrate known feedback, rework the backend, build better automated testing, improve logging and reporting, add another actor to the system, add a different authentication method, and basically work through the massive backlog.
How do they think this is going to work? Do they think we can download a custom engineered enterprise grade software system from Microsoft and double click all the way to customer satisfaction? The licenses alone are too much for the customer on an ongoing cost basis. I guess we can discuss it during the agile team-building weekend at some remote lake that the team "visionary" has set up. For the sake of fuck.
Like development isn't hard enough. Hire two more developers and lose all of the dead weight. Get a project manager that won't let the trivial shit roll down on us. What the fuck.5
"Wait, we're logging all web traffic now?"
Me: You're the security engineer, you asked him to do it!
"I know but I didn't think he would actually do it!"
It was the first time I worked on a big project with a big team, I looked at the given code and copied their code style.
I finished very fast and everything was working fine, was really proud of myself. I'd like to add some logging though.
Programm failed it was heavily async and parallel so 2 days of debugging had past the whole team was on board nobody knew what went wrong there.
As I stared into the darkness of my code I suddenly saw what went wrong 😂
As I adopted no curly braces style of the Team for
And I added logging above without braces everything broke 😂 it was indented properly so as a heavily python user everything looked fine2
So I have a script that runs every time I turn on my PC. The script copies a few files to a ftp server in my basement. Forgot to turn off logging....
Opend the file in Notepad, and would you look at that, 1 GB of ram..? WTF?
Edit: Managed to open the file, turns out that it's been exactly one year since I started using the script.3
In order to reduce support costs, manager instructed his team to remove all logging/reporting of errors in the company’s CRM application.
Team’s support tickets went down 80%, manager received an award for his efforts, but mysteriously, DBA/support workload increased, bad/missing data,
increased support tickets in other areas of the business (shipping, etc. that relied on correct data from the CRM) and other side-affectual behavior.
Even after pointing this out this correlation, showing before/after code, no one believed the two were related and I was accused of not being a ‘team player’.
“You and the other teams need to learn from his example!”. As ‘punishment’ was I was moved to the team managing the CRM application.1
The problem I have with atom, vscode, sublime, and notepad++ is that none are available on the command line over SSH, inside tmux. And that's where I do the vast majority of my text editing.
The first text editor I used on the command line was pico, the technological successor of which is nano. I used it because when I was in college in the late '90s, we used pine for our email, and pico was the default editor for pine.
When I got my first job out of college in 2000, I found out about vi, and very quickly fell in love with it, and its technological successor: vim.
The only reason I've never gotten into emacs is because I've never wanted for more than vi/vim. And also because as a system administrator, I'm logging into dozens, of not hundreds of servers a day. While vi or vim is guaranteed to be on all of them, emacs is not.
So, for me, the use of a desktop text editor like the ones I mentioned at the beginning of this post, just doesn't make sense to me. I almost never edit files that live on the computer where I'm sitting, and I'm not interested in doing a commit/push every single time I want to rerun a script.20
Putty, you son of a bitch. Why do you call the logging option "All session output" if you don't include binary zeros in the output? Zeros don't count as "all" or what?
Then call the option "All session output without zeros", that would have saved me some time and prevented handing out false data.6
Wow. Can't access a news article in an incognito tab without logging in or subscribing. This happened in Firefox and Chrome in mobile and desktop views on Android.8
Wanna hear a story? The consultancy firm I work for has been hired to work on a WPF project for a big Fashion Industry giant.
We are talking of their most important project yet, the ones the "buyers" use to order them their products globally, for each of the retail stores this Fashion giant has around the world. Do you want to know what I found? Wel, come my sweet summer child.
DB: not even a single foreign key. Impossibile to understand without any priopr working experience on the application. Six "quantity" tables to keep aligned with values that will dictate the quantities to be sent to production (we are talking SKUs here: shoes, bags..)
BE: autogenerated controllers using T4 templates. Inputs directly serialized in headers. Async logging (i.e. await Logger.Error(ex)). Entities returned as response to the front end, no DTOs whatsoever.
WPF: riddled with code behind and third party components (dev express) and Business Logic that should belong to the Business Layer. No real api client, just a highly customized "Rest Helper". No error reporting or dealing with exceptions. Multiple endpoints call to get data that would be combined into one single model which happens to be the one needed by the UI. No save function: a timer checks the components for changes and autosaves them every x seconds. Saving for the most critical part occurring when switching cells or rows, often resulting in race conditions at DB level.
What do you think of this piece of shit?6
TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.
Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.
Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.
Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.
I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.
What the duck? Could have been anybody giving any phone number. So much for extra security.
Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.6
Client: "I cant logging me in"
Me: "Ok do you know your username? "
Client: "yes, off course"
Me:"ok, which password do you use?"
client: "I looked to my colleague... 5 stars"
We are required to use corporate SSO for any authenticated internal websites, and one of the features they require you to implement is a "logout" button.
They provide a whole slew of specifications, including size and placement/visibility, etc. They provide an SSO logout URL you must redirect to after you take care of your own application logout tasks.
Makes sense... except the logout URL they provide to serve the actual SSO logout function broke over 3 months ago, and remains non-functional to this day.
Apparently I'm the first person (and perhaps one of the only people) who reported it, and was told "just not to worry about it".
So, we have a standing feature request to provide a button... that doesn't actually work.
Corporate Security - Making your corporation _appear_ more secure every day...2
logging in to SO,
used wrong google account,
spent 10 minutes trying to find logout button,
googled the issue,
found the answer on meta SE,
login with google, stuck in the same account,
googled how to switch account,
cleared browser cache,
switched account successfully,
forgot why I'm logging in,3
Hello fellow devRanters, this weekend I've been working on devRant CLI client I want to share with you: https://github.com/stepnivlk/rrant
I'm using it as a fortune when logging into terminal and since it stores rants locally it is fast.
I spent only couple of hours developing it so there is some space for improvement :).
Enjoy it and feel free to comment/do codereview.4
Me: After 3 days of deliberation, I finally picked a framework, I can jump into the rewrite
*2 hours of inspired coding later
I finished the configuration validation and logging setup! What was that framework again?1
Got 1 star and 1 fork in git feels awesome. Or been a year since I joined git.
Todo conky widget for Linux I build received a star. U can add and delete to-do using terminal, so I feel its cool. https://devrant.com/rants/1402297/... has screenshot.
A bash script I wrote was forked. That was for logging into college wifi page. The routers used to disconnect very often and downloads u to be stalled on fluctuation in electricity. This login script would re-login on connecting back to college WiFi using polling mechanism
Currently working alone, hope soon i will put up some colab work.3
Deleting debugging/logging lines instead of commenting them out, when there is 95% chance that I will need them again3
Finding the right balance between well written, need-one-week, maintainable software, and fast-written, ready-in-2-hours-and-never-look-at-it-again software.
Last time it took me 20 minutes to integrate with a new API. I had a script that did everything you needed. I then spent 2 weeks on handling error responses, unexpected responses, exceptions, intelligent retries, logging, unit tests, integration tests, caching, documentation, etc.
Was logging in my student account to check whether the system actually registered my admission and here I go.
And this is not just some college. This is a website every engineering student shall use throughout the country.
Also this is not the first time this happened.
First rant, technically a sysadmin but getting into the nitty-gritty of programming with some things to improve my job (and hopefully moving into something more technical).
Have been doing a paid internship at my utility company. I do patch management with SCCM and sometimes the updates break. I've been using Powershell to reset the Windows update cache to make the computers work again. Unfortunately, this sometimes involves logging into machines to do some manual work and I have to notify users before I log in if they're already logged in.
Scripts can be run silently but I've spent a few weeks trying to automatically retry Software Center updates with Powershell … before realizing just today that the system center action "Application Deployment Evaluation Cycle" does indeed do the thing I've been attempting to do with Powershell for weeks now.
Wish me luck as I automate that part of the process and completely automate the sole job they gave me to do. Don't tell on me!5
At NYU doctor's office that forces me to register a temp account to use their WiFi.
I get an email saying my medical records have changed so I try logging into the site to check.
Site can't be accessed on the network..,1
I dont need DuckDuckGo,
I dont need any VPN
I dont need all of this "Internet Privacy Service" BULLSHIT which my ISP wants me to use,
I DONT NEED ANY OF THIS FUCKING SHIT!
AND I DONT WANT IT EITHER!
I HAVE MY OWN PI HOLE!
AND THATS FUCKING ENOUGH FOR WHAT I NEED! STOP TELLING ME ABOUT ALL THIS "We are clearly not logging your shit" WHILE YOU DO!!
Because I have my own shit!
Google is just a steaming pile of shit!!
I've recently installed LineageOS onto my phone and wanted to degooglify my life.
So my current Smartphone doesn't have any GApps installed and I get along fairly well.
Should I need anything, I should just be able to use it in my browser right?
Nono!! As soon as I want to log into a third party Service using Google (older acccounts with the other choice only being Facebook) I need to "verify my identity". And the only option are my old smartphone who still have Gapps on it but are slow and don't accessible when I'm away!
For those who say: "Google is just beeing secure. They don't want anyone to steal your account.". I USE 2FA AND HAVE BACKUP CODES.
BEFORE DEGOOGLING MY DEVICE IT NEVER ASKED SUCH A THING!!! WHAT A PILE OF SPYING SHIT!!!
And the best part, after I remotely started my PC at home and just want to take a screenshot of the message for this post before just using a working session, the message didn't appear.
Somehow google decided that me logging in 15 mins later (same ip) proves my identity?!?!?!
IF THIS CAN BE ATTRIBUTED TO AI. FUCK THIS SHIT. GOOGLED SHOULD BE TREATED LIKE AN ONLINE CASINO BECAUSE THE CHANCE OF JUST GETTING LOGGED SEEMS COMPLETELY RANDOM!!!
(I also had this prior when using my smartphone browser. There I couldn't "circumvent" this and I was at home. But having this shit on my browser which should've a session is unacceptable.)6
Upgrading. We like to upgrade our stuff, whether it's software, operating systems or hardware. When it works its great but when it dosen't...
All my BAD experiences have been with upgrading.
One day I was using Jumla (a CMS) that controlled a big online clothing store. Noticing that Jumla was 0.01 versions behind I decided to 'upgrade'. This caused the entire site to break, maxed out the space on the server and eventually lost my job and that day the company supposably lost $10,000.
Today's f#ck up made me write this rant. Me and a friend own a local development company and we have a small Digital Ocean server for client website previews (before they get there own hosting). We have a few projects going at the moment and yesterday we sent a few links to clients so they could see there new website. This morning I woke up, read a few emails and ssh'd onto the server to read logs and what not. I got a bit side tracked, reading about the benefits of Ubuntu 17. You can already see where this is going... I innocently Google: "How to upgrade to Ubuntu 17". Surprisingly after running the commands and downloading the updates it was worked well. Everything was working. Then I restarted. I waited about 15 seconds and tried logging in again. Timeout after timeout. Something was wrong. I checked the console via the online Dashboard and see a page full of Kernal errors. I contacted the hosting people and they were able to help by referring to some guides but after 5 hours of cranking through errors and not winning I give up.
*Email from client*
The website you sent via link isn't working, can you fix this as I would like to show our CEO,
I destroy the droplet (server), making a new one. I have to setup and secure the server. Generating new SSH keys, new user accounts as well as installing AND configure Apache, PHP and MYSQL. I then had to upload 5gb of backups via SSH (not fast), go through each clients backup, including web files and databases and distributing where it needs to go.
Discovering that one of the DB's name changed last week and therefore our backup script failed to save it, we were forced to rewrite 10 pages of website content.
From 10 yesterday morning to 2 this morning, a total of 14 hours (I think) sitting in front of my computer trying to fix a problem that would have never occured if I didn't "upgrade"8
I can't login ffs
I don't care that it shows an impossible number of characters honestly, but I don't get why that should prevent me from logging in to any of these servers
For that matter, why the fuck is number of characters a signed int?2
Yay! My first bash project :D
disclaimer - my bash is not pretty. yet.
Why I created it?
I encountered several footlong scripts in a new project at work. And they had no logging. And I am in charge of making it sing again. So here it is a tiny logging framework.1
Fuck! I check my server before leaving and it's fine. I leave to go to see my dad for the weekend and maybe I can remote ftp&mysql into it. No! it crashes the minuet I try logging on!!!!!2
Last year I planned to start a startup. I've started many good things but not the startup yet.
* A new data format
* A new data type
* A new web framework
* A new concept for logging
* And many other opensource tools and libraries3
You are a developer and you will only log time you're actually working. This means you will not be logging time spent in meetings, chasing for specs, requirement clarifications and similar. You must log 8 hours each day.
^^-- wtf?!? Is anyone else working in similar conditions?13
Ok, so one of the oldest guy is leaving from my company (on a good note) and he was involved in multiple things in our organization. From having access to almost everything (AWS, Github and owning multiple projects and our legacy code). I am supposed to take KTof one project and man THE CODE IS MESS. YOU DONT PUT A RANDOM NUMBER WHILE CALLING A FUNCTION. You are supposed to define a constant and use that. I've told my manager that I need at least 1 week just to improve logging.3
We found a binary string on our Loggly server. It's a PDF file .. the entire PDF file, being sent, to our logging service.3
Goes back to high school.....
Me: This laptop is having issues logging into the network. I have tried restarting as well as restarting the WiFi. You probally should submit a ticket so IT knows it is broken.
Teacher: They would not fix it anyway.
TL;DR: Teacher thinks that telling IT to fix a computer would result in nothing happening.2
The scrum master for the project I'm working on decided to help out with changing some code (I'll add he's got a master's in software engineering and very proud about it..aka..big ego). It took him two days...yes two days to write the attached code.
I reviewed his code and sent back a response (code took about 15 seconds to write) including the link to the logging documentation explaining what fields were and were not necessary. Not sure how will look in devrant ...
var data = new InformationalDataPoint
["RMANumber"] = rma,
["InvoiceID"] = invoiceId
He's stopped talking to me. Our next scrum meeting with the product owner should be ...um...awkward.
Jeez maybe it's just me, not a very smart user, but after at least 6 years with iPhone5, just before changing it, I discovered how to raise the volume without logging in the phone first:
I press the home button, Siri show up, and THEN the fucking raise/lower audio buttons are working.
6 years typing the fucking pin just to raise the volume.
6 fucking years missing notifications and calls just because I forgot the fucking volume on the lower tone. Almost lost a girlfriend for that.4
So here's a rant I never thought I'd write.
I'm pretty happy with my current job. I'm working for a small non-tech business where I'm making a complete solution by myself. It's pretty chill just coding away all day and being my own project owner and manager.
The iffiest aspect is that my boss(es) don't know what (or if) I'm working on when I'm implementing a vital logging system, fixing bugs that cropped up due to implementing necessary, baseline security, and so on. They see a login page and figure the entire project is shippable, and when the login breaks because I'm configuring the wsgi for https the reaction is "it worked, why mess with it; just put it how it was". But I digress.
Today I got a job offer with a pay increase that made me exclaim "are you fucking serious" irl, in a business with a more professional environment consisting of senior devs, and with benefits I had never heard of.
I can't not accept, but that means just legacying the entire project I'm working on here. They'd basically be left with nothing after shelling out wages for me for these few months. Keep in mind this is a fairly small business who debated if they could afford this to begin with.
Disregarding whether they are willing/able to make it hard for me to leave, it stabs me in my scrubby dev soul to up and leave on a personal level.
They had a 3d printer at the other place though.15
Yesterday, I put the final touches on a massive system using hundreds of classes, with thousands of lines of code, all easily maintained because of the way I used abstract classes, and coding to an interface, stubs, etc. And all instantiated with a near english fluent api. With detailed logging and even contacts me when there's problems, result of a year's work. I felt like a genius
Today, this fucking simple contact form that won't do what I want it to for the past 4 hours...1
I'm performing a pentest for my client.
So after scanning my client's network I understood they're using IIS 4.5 and windows server 2012 (or 2012 R2)
I know the systems are real old.
And there are known exploits for them.
The tricky part is I have to stay hidden and I only have my own credentials for logging in to the asp page. (Uploading a script is almost crossed cuz it will reveal my identity)
Also I have access to the local network with some of the other employees user/pass.
Any recommendation for exploiting and staying hidden at the same time ?
One more question : will exploits for newer versions work for the older ones necessarily?8
So, this incident happened with me around 2 years ago. I was pentesting one of my client's web application. They were new into the Financial Tech Industry, and wanted me to pentest their website as per couple of standards mentioned by them.
One of the most hilarious bug that I found was at the login page, when a user tries logging into an account and forgets the password, a Captcha image is shown where the user needs to prove that he is indeed a human and not a robot, which was fair enough to be implemented at the login screen.
But, here's the catch. When I checked the "view source" option of the web page, I saw that the alt attribute of the Captcha image file had the contents of the Captcha. Making it easy for an attacker to easily bruteforce the shit outta the login page.
You don't need hackers to hack you when your internal dev team itself is self destructive.4
Why doesn't Twitter have a public API without authentication for simple stuff, such as reading tweets. One can do that without logging in on the website, why shouldn't code be able to do it.5
I made Skype Bot which queries the data using wsdl authentication on our ticketing tool and send the data whoever has requested in skype itself(without logging or touching the ticketing tool).
Manager: Is that even possible?
Me: (In excitement) Everything is possible if you have the will.
Now, He wants me to work on his pet project. I dont know how to react!4
Logging into my school website when... WHY DO YOU USE 🤬 FRNCH FOR BOOLEAN IN THE URL M🤬F
Ok, I know this is a francophone college, but come on!5
At work, all errors within the site are logged into our database with a subject and error column. SQL errors are logged in the subject field while the traceback is put in the error column. However, a lot of SQL errors are really large and exceed the max character width of the subject field, causing yet another SQL error, and the cycle repeats. This recursive error has been the bane of my existence, because 1) it times my local dev instance out and 2) the error doesn't end up getting logged because the server both freezes and the error can't be inserted in the database. You can't even begin to imagine how many hours I've wasted trying to find what line I changed cause total and utter failure with absolutely 0 error logging. Next thing on my todo list is to fix this fucking issue since the head dev refuses to get it done.2
Boss: I don't want centralized error logging
Me: But we have 50+ client sites running the same web app, why the fuck wouldn't we?
Boss: What if the database is offline, then we wouldn't be able to log exceptions
Me: *beats head against desk*1
Just spend about 2 hours debugging a simple piece of code just to find out it actually worked but never wrote to the logs as it was supposed to...
Docker's encapsulation is amazing! I don't have to know anything about networking to get a swarm running with some demo services all talking to each other and central logging and... oh I fucked something up... better read about networking so I know what I broke1
Nothing makes me not want to take a full-time job at your company more than having to go through IT tickets every quarter year when my password expires to actually change my password. Why have a fucking self-service portal for employees if logging in with an expired password doesn't work and the reset password link tells me that I need to log in to enroll with security questions (???). It feels like these websites are glued together with sticks and spit and there's a million of them each sporting one specific purpose! I have to go through this shit multiple times since I'm an intern and I didn't have access to my account through the course of the semester. Get your fucking shit together!1
Just got handed a dozen servers. Documentation shows a (Linux) database cluster is using ldap authentication. I try logging in with my creds. No joy. I look up the root password and log in.
Not only is it not configured to use ldap, it's also not clustered.
I need more coffee.
Logging work in Jira, because it goes against the whole ethos of trusting people to get the work done when they have to log exactly how much time they spent on each individual story. It also doesnt account for pair programming. so 2 people log the same time and it looks like the story took twice as long. I’ll stop now because I’m precariously close to opening the “time based estimates” can of worms and thats for another rant.4
SO MAD. Hands are shaking after dealing with this awful API for too long. I just sent this to a contact at JP Morgan Chase.
1. I'm having absolutely no luck logging in to this account to check the Order Abstraction service settings. I was able to log in once earlier this morning, but ever since I've received this frustratingly vague "We are currently unable to complete your request" error message (attached). I even switched IP's via a VPN, and was able to get as far as entering the below Identification Code until I got the same message. Has this account been blocked? Password incorrect? What's the issue?
2. I've been researching the Order Abstraction API for hours as well, attempting to defuddle this gem of an API call response:
NOWHERE in the documentation (last updated 14 months ago) is there any reference to this^^ error or any sort of standardized error-handling description whatsoever - unless you count the detailed error codes outlined for the Hosted Payment responses, which this Order Abstraction service completely ignores. Finally, the HTTP response status code from the Abstraction API is "200 OK", signaling that everything is fine and dandy, which is incorrect. The error message indicates there should be a 400-level status code response, such as 401 Unauthorized, 403 Forbidden or at least 400 Bad Request.
Frankly, I am extremely frustrated and tired of working with poorly documented, poorly designed and poorly maintained developer services which fail to follow basic methodology standardized decades ago. Error messages should be clear and descriptive, including HTTP status codes and a parseable response - preferably JSON or XML.
This whole piece of garbage is junk. If you're big enough to own a bank, you're big enough to provide useful error messages to the developers kind enough to attempt to work with you.2
This one happened to me two years ago:
Off on holiday overseas, just arrived and decide to check my Emails. Easy peasy..."Hey, we noticed you're logging in from a different country. We sent a security code to your backup account."
Welp, fine, login to my backup account: "Hey, we..." Can anybody guess the problem here? Yep, my primary account was the backup account for my backup. Lovely circular dependency.
Microsofts solution: Play the guessing game, where you name us Emails, Contacts and Folders to prove it's yours and we might unlock your account... or not (managed to get it back on the 2nd try)
Thank you Microsoft for ensuring my workfree, email-free holiday.2
Once I implemented a giant ASCII skull for logging a fatal error in the company's app. Let's just say my feature did not get to production.4
Spent hours troubleshooting an internal app that had zero logging today. It would just terminate, no exceptions, no feedback to the debugger, NOTHING.
Turned out to be the damn corporate virus scanner blocking "malicious" behaviour. Good thing my desk is so heavy or I woulda flipped it...
Microsoft and their dev tools...
> Trying to login to Azure VM
> Get an error, saying that password needs to be changed before logging in the first time
> Head over to Azure portal, try resetting password
> Password reset is not successful. Reason: Account already exists (???)
> Google the error message. Found solution (coming from a Microsoft employee!): Create a new user, login with that, fix the password for user #1 inside the VM, then delete the new user
What's wrong with these people? 😂3
Presented my project at uni, teacher was pretty pleased and I'll get my grade some time next week, but for those that are interested, here's a small video of it in aciton:
Uses: Raspberry Pi 3B, Mifare RC522 RFID reader, a breadboard, ribbon cable, neopixel rgb led ring and a TowerPro sg90
For the ui I used PyQt5, almost got the threading completely working, there's only 1 blocking thing left, that's when the message for logging in doesn't disappear
They call it security questions.
I call it social engineering backdoor.
I'm supposed to enter those questions after logging into my account and I'm not able to skip it nor to set a proper two factor method.
Well, fuck you. Did you ever thought about dying by a two factor method? Ever watched a Saw movie? You got the idea.
Helpdesk: We can't figure out our own ambigious error message, you should solve it in another way...
Me: I see in the console that I get an execption response with an ID, you must be logging these exceptions, can't you check those?
Me thinking: you've just reduced yourself to desk without the help part
Project managers moved all the tickets around and then got mad that we couldn't find them to log our time.
Mass mutiny about logging time in general and expected dev hours per week.
They returned the tickets to the old system at least
2 hour meeting to brainstorm ideas to improve our system health monitoring (logging, alerting, monitoring, and metrics)
Never got past the alerting part. Piss poor excuses for human being managers kept 'blaming' our logging infrastructure for allowing them to log exceptions as 'Warnings', purposely by-passing the alerting system.
Then the d-head tried to 'educate' everyone the difference between error and exception …frack-wad…the difference isn't philosophical…shut up.
The B manager kept referring to our old logging system (like we stopped using it 5 years ago) and if it were written correctly, the legacy code would be easier to migrate. Fracking lying B….shut the frack up.
The fracking idiots then wanted to add direct-bypass of the alerting system (I purposely made the code to bypass alerting painful to write)
Mgr1: "The only way this will work is if you, by default, allow errors to bypass the alerting system. When all of our code is migrated, we'll change a config or something to enable alerting. That shouldn't be too hard."
Me: "Not going to happen. I made by-passing the alert system painful on purpose. If I make it easy, you'll never go back and change code."
Mgr2: "Oh, yes we will. Just mark that method as obsolete. That way, it will force us to fix the code."
Me: "The by-pass method is already obsolete and the teams are already ignoring the build warnings."
Mgr1: "No, that is not correct. We have a process to fix all build warnings related to obsolete methods."
Mgr2: "Yes. It won't be like the old system. We just never had time to go back and fix that code."
Me: "The method has been obsolete for almost a year. If your teams haven't fixed their code by now, it's not going to be fixed."
Mgr1: "You're expecting everything to be changed in one day. Our code base is way too big and there are too many changes to make. All we are asking for is a simple change that will give us the time we need to make the system better. We all want to make the system better…right?"
Me: "We made the changes to the core system over two years ago, and we had this same conversation, remember? If your team hasn't made any changes by now, they aren't going to. The only way they will change code to the new standard is if we make the old way painful. Sorry, that's the truth."
Mgr2: "Why did we make changes to the logging system? Why weren't any of us involved? If there were going to be all these changes, our team should have been part of the process."
Me: "You were and declined every meeting and every attempt to include your area. Considering the massive amount of infrastructure changes there was zero code changes required by your team. The new system simply worked. You can't take advantage of the new features which is why we're here today. I'm here to offer my help in any way I can with the transition."
Mgr1: "The new logging doesn't support logging of the different web page areas. Until you can make that change, we can't begin changing our code."
Me: "Logging properties is just a name+value pair dictionary. All you need to do is standardize on a name and how you add it to the collection."
Mgr2: "So, it's not a standard field? How difficult would it be to change the core assembly? This has to be standard across all our areas and shouldn't be up to the developers to type in anything they want."
- Frack wads smile and nod to each other like fracking chickens in a feeding frenzy
Me: "It can, but what will you call this property? What controls its value?"
- The look I got from both the d-bags I could tell a blood vessel popped.
Mgr1: "Oh…um….I don't know…Area? Yea … Area."
Mgr2: "Um…that's not specific enough. How about Page?"
Mgr1: "Well, pages can cross different areas, and areas cross different pages…what do you think?"
Me: "Don't know, don't care. It's up to you. I just need a name."
Mgr2: "Modules! Our MVC framework is broken up in Modules."
DevMgr: "We already have a field for Module. It's how we're segmenting the different business processes"
Mgr1: "Doesn't matter, we'll come up with a name later. Until then, we won't make any changes until there is a name."
DevMgr: "So what did we accomplish?"
Me: "That we need to review the web's logging and alerting process and make sure we're capturing errors being hidden as warnings."
Mgr1: "Nooo….we didn't accomplish anything. This meeting had no agenda and no purpose. We should have been included in the logging process changes from day one."
Mgr2: "I agree, I'm not sure why we're here"
Me: "This was a brainstorming meeting as listed in the agenda. We've accomplished 2 of the 4 items. I think we've established your commitment to making the system better. Thank you all for coming."
- Mgr1 and 2 left without looking at me or saying a word.1
No your nested if statements dont make an ai the same way logging into a txt is not machine learning3
I like my log messages to indicate automatically where in the code something happened, so that I can easily identify where a message originated from while tracking down problems.
In C/C++ this is nice and easy - write a logging routine, wrap it in macros for the different log levels and have that automatically output __FILE__, __LINE__ etc.
I wanted to do something similar in NodeJS, as I'd found myself manually writing the file name in the log message and then splitting functionality out into new files and it became a mess.
The only way I found to be able to do this was to create an "Error" object and access the "stack" member of it. This is a string containing a stack backtrace, suitable for writing to console/file. I just wanted the filename/line/routine.
So I ended up splitting the string into lines, then for each of the lines, trimming the surrounding spaces (or tabs?), and parsing them to see if the stack entry is inside my logger module. The first entry outside of that module must therefore be the thing that called it, so I then parse out the routine or object and method, filename and line number.
It's a lot of clumsy work but the output is pretty neat. I just wish it were simpler!2
I needed to log in on a website in someone else's pc and didn't know the password by heart. I thought I'd log into chrome, if I log out later, what could go wrong right?
Apparently, a lot. It facking merged my bookmarks, history and passwords with hers! And she had shitloads of them! It took me facking hours to clean up the mess chrome created. I trust her, but I still didn't want her to have my passwords etc.
Omg I'm never logging into chrome again elsewhere, what a frustrating facking waste of time10
"Let's just add a logging system to our dependency"
No. You fucking idiot. DON'T INCLUDE A CUSTOM LOGGING SYSTEM INTO A DEPENDENCY FOR IMAGE MANIPULATION. I DON'T WANT YOUR FUCKING BULLSHIT LOGGING WHEN I'M FUCKING HANDLING IT MYSELF FOR MY ALREADY EXISTING SOFTWARE!! HOW DUMB CAN YOU STUPID MOTHERFUCKER BE TO TELL ME TO JUST "IGNORE" THE MESSAGES IN THE CONSOLE WHEN I'M BUILDING A FUCKING CLI BASED SOFTWARE??!!1
When older family members have entire notebooks dedicated to logging obscure, easily-hackable passwords, but then download any app in the world that promises to "make your phone run like new!" (by using 30MB more RAM on God-knows how much malware)
We aren't doing a good job of educating people if anyone we know can fall victim to those kinds of hackneyed procedures and snake-oil apps. It's almost painful to watch, and have to be the bad guy by telling someone dear to me they've been making things worse for themselves because of a seemingly harmless app that they were almost proud of.4
Bunyan is a simple and fast JSON logging library for node.js services
Server logs should be structured. JSON's a good format. Let's do that. A log record is one line of JSON.stringify'd output. Let's also specify some common names for the requisite and common fields for a log record.11
This rant is about myself and anyone whos like me: using logs over a debugger
So, sometimes when I wanna quick check something or make sure, if and when something get's executed or I've ran into a Problem, I add a few log/print statements to check in console.
But I don't think about proper and helpful messages, since they aren't supposed to stay in code. So I often type what comes in my mind, like memes or song lyrics.
The last time this became a huge act, was Code review/ Prototype demonstration with Clients (which I didn't knew about, otherwise I would have removed them, I swear) and Boss and my Code printed "show bob and va...", "send nudes" and stuff... in loop... to stdout2
This rant exsists for @ReportBot's logging.
I do not recommend commenting on this unless you want to be spammed with notifications8
Spotted a new feature that had just recently being completed: "Disable all Logging due to noise". What.
Us on the Ops team just died a bit inside...
Change their prompt.
# put this in their .bashrcexport PS1="Login: "
Add an alias for their username, and for any other account names they might try logging in as, for example, 'root'.
# put these in their .bashrc too:aliasjoe='stty -echo; echo -n "Password: ";read;echo;echo "Login failed.";stty echo'aliasroot='stty -echo; echo -n "Password: ";read;echo;echo "Login failed.";stty echo'
Try not to laugh your head off, as they struggle.
Login: joePassword:Login failed.Login: joePassword:Login failed.Login:Login:Login: rootPassword:Login failed.Login:Login: pwd/home/joeLogin:
Truly devious folks may want to explore setting the "command-not-found" hook to prompt, read, and echo "Login failed" rather than using various aliases. You can combine that with changing the PATH to be "/" or some other directory which is devoid of executable programs.
That doesn't cover every case - your victim could still, for example, run /usr/bin/vim or similar - but it goes sufficiently further that I'll omit the implementation for moral reasons.
Logging literally everything from every service into one giant super log db for us to sift through.
It is expensive, it is stupid, and it is set to .info() level always forever no exceptions.3
I spent 2 hours on Python logging system instead of doing real data science.
Really this module feels poorly designed.
Ran the build today 4:30 and found out our grunt file is missing some pretty critical error checks without even logging a warning. A dependency was unavailable and it was pushed to production. The site was down for 30+ minutes.1
Royal Mail in the UK have an online service to view invoices they have issued to your business.
To sign up, you are given a link where you create a login email and password. You then provide some info. This is verified (takes a day) and then approved.
Logging in after you are approved prompts you to immediately set a new password. Have to enter existing password as well.
First attempt results in error “must contain upper and lowercase”
Second attempt results in error “password too long”
Thirds attempt results in error “password too long”
Had to set an 8 character password.
At no point was any advice given on how to avoid the errors b fore submitting the password change request.
Old password had to be entered on each attempt.1
For the past 5+ years all I’ve heard from DevA and DevB is what a mess our source control is, we should be using our own custom nuget feeds,..Monday morning quarterback this…Monday morning quarterback that.
This year the department manager gave them the green light to start from scratch. Like ‘green field’ start from scratch. If I were involved, I would have been excited with such an opportunity.
For the past two hours all I’ve heard is ..
DevA: “What should we call this namespace?”
DevB: “I don’t know, I can’t make that decision.”
DevA: “Yea, that’s a business decision. Let’s call it Common for now.”
DevB: “Yea, it’s stupid, but we can change it later.”
DevA: “What about logging project?”
DevB: “Well, how about Core? Every project should have a Core.”
DevA:”Ha ha…like .Net Core. I like it.”
On and on…it’s all I can do from throwing my chair right now.1
The real life of me as a trainee developer:
New system works locally but fails to work in production and dev.
Proceeds at futile attempts to debug for hours to find out that my connection strings in the transforms were nested inside logging.
Boy I'm proud of myself! I just managed to produce a nice little awk script, which makes printing a file in a log look good!
At my last place we launched a new payment page and added logging.
Who ever set the logging up didn't obfuscate the user card details and stored them in the db for anyone with access to see. :-O1
This morning, I was logging in on the site I was working on without problem.
After lunch, I couldn't log in. No reason why.
Then I found out why. Someone modified the login in database, and warned everyone.
Everyone except the ones that are working on the website (me and my team).1
I remember learning how to program 5-6 years ago. It was completely broken. All of these “courses” just teach the syntax of a language. They usually don’t even teach how it works or what it’s used for. Knowing the syntax is great and all, but what’s important is learning to apply it to solve problems.
A lot of other basic things are often overlooked as well. For example, introducing a text editor and the command line would have been incredibly valuable.
For a long while I was using online editors and logging the output of functions instead of actually making projects.
I’m glad I kind of created my own way of learning: by making projects. Just hopping into something was the best way to learn from me. If I got stuck, I’d simply look it up. As a result, I was able to actually apply my skills to learn.
React Native developers:
Is it normal for the Expo app to suddenly go blank and stop working for no apparent reason, without showing any errors or logging anything? It happens all the time since I started using it and it's extremely frustrating2
Windows is so magical. I mean it doesn't support syslog which is in a way essential in large environments. Today my coworker told me about a tool named nxlog which has the function to send log messages from windows directly to a central syslog server. It can also read files... well theoretical because nxlog does not accept ":" as a valid character... cya C:\something2
I was told to build a logging app for one of the work streams on my project. The lead briefly brainstormed about the data fields they'd need to log and told me to go make it.
I am handing off the app and they ask me what they are supposed to put in each field.
Me: oh [team lead] just told me to put in these fields, but you guys are going to use it so why don't you tell me which fields you need and I can change it easily.
They refuse to tell me how to build the app they're going to use and will definitely complain about it not doing what they want later.
Finally managed to get my CNN working with proper tensorboard logging. Think I'm starting to understand how it works.
But it got overfitted...4
As a novice programmer, learning about the logging package in Python and how to utilize it is really exciting to me. It's basically what I've been working with recently (besides the script for macOS that won't fucking work).
In my previous rant i complained about no irregular sprite collision detection libraries.
So after messing up with curves and line in p5.js I gave up on creating the fish like a complete caveman.
I wrote a simple vector paint program which can return the set of points on console logging, and here is the result5
In appraisal discussion,
Boss : Give me good reason why should we give you 30% appraisal!!!
Employee ( After logging into prod machine) : I am going to quit this job 😅😅
Developer just emailed our team a complaint that our logging assembly was resulting in their poor test coverage and they sent a change request to give them the ability to mock the underlying log provider (ex. from the event log to ‘something else’).
Looked at their tests, and they are testing whether or not the .Log was executed (on an exception, if the .Log method was not executed, the test failed), which seemed a bit worthless because we’ve already got coverage in our unit tests.
We had a meeting to discuss the issue.
Me: “I’m OK with changing the logging code if it’s necessary, but I want to understand why.”
DevA: “Logging errors is crucial to the database transaction. If someone removes the logging, the tests should fail.”
Me: “If someone removes the error logging on purpose, then they likely have an agenda and will remove the test validation too. It wouldn’t be an accident.”
DevA: “That’s not my problem. They will have to deal with HR.”
Me: “We purposely prevented someone from intercepting the logging just for that purpose. Your test code already covers the business rule, testing the logging seems out of place. That would like writing a test to make sure the System.IO.File.ReadAllText actually reads all the text from a file. You kinda assume a few smart Microsoft engineers already wrote tests for that.”
DevA: “Yea, I guess that would be silly.”
Got cc’ed an email a little bit ago from DevA to his boss..
“We’re not going to be able to change logging assembly. This may have some impact on our overall test coverage as those lines of code will not get testing coverage. You will have to let the DevMgr know we will not meet our test coverage goals.”
Spent the weekend geeking out getting my head around a proper Docker based environment for my development env at home and for the team... 90% done and I couldn't figure out why I couldn't start my Splunk instance up.... I'd set the default logging to Splunk.... Chicken & Egg probs!
But how awesome is docker with portainer and app templates eh?!
Main branch running locally - fine
Main branch locally connected to QA dB - fine
Main branch on QA server with QA dB - NOPE
OK - build main locally, push to QA server - fine
Main build by build server, push to QA - nope
Rebuild QA vm and dB - build main, push to QA - nope
Turn on full server logging - PASS.
Had Arduino for months, couldn't get MPU6050 working, because of a lack of time and other stuff. (Need it for long term college project, data logging blah blah)
Gave it to project teammate to figure it out, who hates even touching hardware, BTW.
He figures it out in an hour (adjusting baud rate for supply voltage)
I feel like a complete idiot.
Adding noip.com to the list of services that accept more passwords for signup than for logging in. Damnit how does software even get to that point. Isn't it, like, more effort to get this wrong than to get it right?
FUCK YOU GITKRAKEN
After all the suggestions in https://devrant.com/rants/1540091 I decided to give Gitkraken a try.
Here's the shitty experience you can expect:
1) It doesn't even ask you where to install it. Turns out, it spontaneously installs itself in "%LOCALAPPDATA%\gitkraken" - who the fuck installs software there??
2) It is "seamlessly integrated with GitLab", except the first time you open it you can only log in with your GitKraken or GitHub account, and NOT with a GitHub one. Just brilliant
3) After logging in, it spontaneously changes your global git username and email config, because fuck you that's why
4) If you have a repo on AWS CodeCommit with an remote that looks like "ssh://git-codecommit.us-east-2.amazonaws.com/...", *after the first push* it will spontaneously change it to "<user>@git-codecommit.us-east-2.amazonaws.com/bla/bla", causing future actions to fail. Because FUCK YOU, THAT'S WHY.
And they expect people to pay for this shit, just to be able to manage more than one account at a time (and some "additional features" that are not even listed on the site)?
FUCK OFF, AND FUCK YOU FOR WASTING MY FUCKING TIME, HOW ABOUT I CHANGE YOUR FUCKING SETTINGS TO FUCK YOU22
>closes laptop to let it cool down at 5:10PM
>5 minutes later, boots back up on its own and doesn't go back to sleep
>opening and logging back in
"We have an important update for you planned for 5:30PM"
OH NO YOU DON'T, you fucker!
Shit like this makes me wanna call Windows the McDonald's of operating systems.3
One of our integration solutions (via Webservices) had some issues. I had to switch on http logging to see what might be the issue.
On average, those logs are around 20MB when there is a bunch of traffic. But the solution brought a heap pf traffic through, those logs shot up to 1GB in size.
Had to delete the logs, since they took a million years to open, and told our vendors that the logs are not showing us anything 😅 I told no lies
It's on sale !
Lets buy one !
But wait, we already have 'one' and its offline, because everyone is logging theirs in and the servers can't cope..
On the other hand, lets not buy something that doesn't work reliably..
Mycroft AI looks a promising alternative..
My companys custom logging library is not thread safe and has problems with multiple instances of the endproduct as well.1
Spent hours trying to connect to a remote desktop using RDP, it was logging from win 7 but gives error with win 10.
Later, I discovered the solution was to add the computer name before the username!!!!
Just moved flats with a last minute confirmation, sadly the flat in question is not eligible for fibre broadband (high-rise) so had to settle for good old ASDL.
Find a good deal (as all providers are offering the same speeds/technology, all ASDL broadband is provided in the UK through BT landlines) to discover there is a mandatory 2 week waiting period to switch over ownership...
Fine, will wait 10 days for internet (torture except from dev rant on mobile internet, thanks for being text only), box arrives 3 days ago stating not to plug it in until activation date...
Fine I shall wait, today I get impatient and setup the router without connecting it to the landline so I can use the WiFi to connect to my Nas etc, login to WiFi navigate to Nas IP .... Automatic reroute to "login" page "We have detected your router is not connected to the landline, ensure your router is properly connected". Try logging into management site, works, change admin password etc. No setting to disable "self heal" functionality. No setting to setup static routes for my lab router, No setting to switch to modem only mode for when I inevitably buy a new wireless router for when this piece of crap can't handle the internal network traffic...
All this for a pitiful 10/? Mbps average, I want my fibre connection back :'(1
Attendance logging software which integrates a website, physical devices and Android/iOS app.
I'm working on it right now.
One responsibility of our team is general code QA for the entire dev department, DevMgr walks in our area yesterday…
DevMgr: “Has anyone reviewed the new WPF threaded model execution code?”
- everyone on the team responds “no”
DevMgr: “Can we get a review on that code ASAP? If it works as well as the developer said, it’s going to solve the lock up problems users are experiencing and automatic logging of errors.”
DevA: “Well, no amount of code is going to stop users from performing bad searches locking up the user-interface. That code is just a band-aid around the real problem. If the developers would write unit tests first …”
- rant about 5 minutes on unit testing that had nothing to do with why the DevMgr was here
DevB: “Yea, the code probably isn’t written to handle threads correctly. All the threading they’ve done so far is –bleep-”
DevMgr: “Oh, I wasn’t aware of that. Get me the results of the code review and if they don’t have unit tests, delete it from source control and let the developer know it’s not up to our standards.”
OMFG!! You have not even seen the code!
OK, DevA ..what the –bleep- does unit testing have anything to do with the user interface! You know the DevMgr is too dim to understand the separation of concerns. Shut your pompous ‘know-it-all’ mouth.
DevB…what the –bleep- have ever done in WPF? You manage the source control and haven’t written any C# in two years and never, ever written code for any significant project. Take that “handle threads correctly” and shove it up your –bleep-. Pompous –bleep-hole. Go back and watch youtube and read your twitter while the grown-ups get the work done.3
Has anyone else encountered this issue with installing a distro before?
So my colleague has installed Elementary OS 5.0 and he recommended me to do the same (on my personal dual boot laptop). However after the installation it doesn't reboot after clicking the button, and when I turn my laptop off and on again I get the grub as I should, choose elementary, I get the login screen all fine. But after logging in I only get the wallpaper and my cursor. I can't even open a terminal...
I've searched my ass off and everyone is saying to wait around 5 minutes before everything shows up after which you get to install graphic drivers. I've tried that but nothing happened so I just left it for the night hoping I could at least open a terminal in the morning, but there is still only the wallpaper and cursor.
I've tried pretty much anything at this point but I just can't get it to function. Is there anyone that has had such an issue before that could share a solution?18
Is there an SSH app like Putty that can login to multiple servers at a time and execute the same command?
We have multiple servers and trying to locate a request in the logs. The structure of all the machines are the same so I want to just toe each command like CD, grep, etc one time and see the output from all of them.
Rather then logging in one by one.22
So I was having problem logging in to slack. It seemed like their two-factor authentication was not working. So I kept on pondering and pondering. Then suddenly a light bulb was lit in my brain. I said to myself, "what would an ordinary muggle do? They surely will click on this contact us button and raise a ticket with them." So that's exactly what I did.
so after a while slack did sent me 16 text messages together as a sweet reward of my trials. I was happily working in Slack and then I realised they in fact did answer my ticket. The only thing is I just needed to log in to get the answer I need. I am happily reminded I wasnt the only fuckwit left into existence...
I logged out of your site because somehow you had me logged in and I don't like being tracked.
In the future, don't be petty by reloading all my OTHER tabs the moment you detect im logged out, intentionally breaking/disabling the backbutton, and then demanding I log back in.
- unsubscribed from your useless god damn spam emails.
If I can't even fucking read your site after logging out, like I USED to be able to, and you go so far as to detect my log out on OTHER tabs, disable/break the backbutton on all the OTHER tabs, and reload the page, then your site is useless as dogshit to me.
If I were the CEO of the executive who made this dumbfuck marketing decision I would fire him.
And then spitefuck his wife to drive home the message of how god damned fired he is.3
anyone else get second thoughts about their bank when they see this kind of message after logging in?
"Online Banking is unavailable
We are really sorry we are preventing you from completing your banking today. Our technical teams are aware and actively investigating. Please know they are working hard to restore service as soon as possible.
Please call us at 123-456-7890 for banking assistance or information."
Switching from Linux to Windows on my personal production server... because sometimes logging into RDP is so much easier than SSH.3
Aside from simple programs I wrote by hand-transcribing code from the "Basic Training" section of 3-2-1 Contact magazine when I was a kid in the '80s, I would say the first project I ever undertook on my own that had a meaningful impact on others was when I joined a code migration team when I was 25. It was 2003.
We had a simple migration log that we would need to fill out when we performed any work. It was a spreadsheet, and because Excel is a festering chunk of infected cat shit, the network-shared file would more often than not be locked by the last person to have the file open. One night after getting prompted to open the document read-only again, I decided I'd had it.
I went to a used computer store and paid $75 out of pocket for an old beater, brought it back to the office, hooked it to the network, installed Lunar Linux on it, and built a simple web-based logging application that used a bash-generated flat file backend. Two days later, I had it working well enough to show it to the team, and they unanimously agreed to switch to it, rather than continue to shove Excel's jagged metal dick up our asses.
My boss asked me where I was hosting it, as such an application in company space would have certainly required his approval to procure. I showed him the completely unauthorized Linux machine(remember, this was 2003, when fortune 500 corporations, such as my employer, believed Ballmer's FUD-spew about Linux being a "virus" was real and not nonsense at all), and he didn't even hesitate to back me up and promise to tell the network security gestapo to fuck off if they ever came knocking. They never did.
I was later informed that the team continued to use the application for about five years after I left.
Out of the frying pan, into the fire:
So in my first job, I thought it's just us operating so crazy: meddling with arcane C/C++ code from the 80's, shooting our code to production without testing, fixing hundred of customers data base entries by hand, letting an intern alter some core component (to have more logging) and directly push it to prod...
I mean I suspected, that maybe it's not only this tiny little company acting wild, that also the bigger companies with all their ISO certified processes, agile blabla, professional tooling whatsoever - will also have their skeleton in the closet,.. like some obscure assembler part buried in the heart of your code base nobody dares to touch...
How Pieter Hintjens asked about the state of the industry and all the fads so bluntly put it:
"It's all bullshit."
But we are humans, so we better jump on the bandwagon if we want to keep our jobs... and somehow try to keep that trashy house of cards from crashing down.
When I run tests, I like to enable the debug logging. All the SQL queries and template tracing just flies by. Freaks the others out.
Microsoft certsrv is returning UTF-8 on the authorization error page but UTF-16 when logging in via basic auth...
Debugged this for 2 hours today to parse the response correctly. Thanks Microsoft
Few months ago we move into a new Building, Company buys new Polycoms for 2 of the boardrooms - fancy ones with the Skype for Business and stuff.
Provision the boardroom accounts get them set up and all is working well.
Director asks if we can swap 2 boardroom phones around because their dept. just got a remote user and video calling would be awesome.
I set to work changing sign in details, provisioning accounts, assigning licenses, etc which is a long process because 365 needs to update throughout.
Finally get everything right, time to login... Failed...
Login fails on the Polycom, my laptop & an android tab - all 3 with different errors.
Decide to test account by logging into the web version in OWA - logs in perfectly.
Why Microsoft?? Why must you make it so hard? Why not just work?2
That moment you setup 17 domains on sparkpost as a email delivery system
make your account secure with 2 factor authentication like a good infoSec enthusiast
Go on with your life
Having a Phone crash but nothing to worry because you made them backupz
once again go on with your happy life.
Having to setup a different bounce action on sparkpost
logging in to sparkpost to make the adjustments
opening google authenticator
realising the backup you restored was before you added the sparkpost entry
mailing sparkpost asking to deactivate 2factor authentication
Having them tell me that they have no access to Google authenticator so they can't help me and all they can do for me is delete my account if i answer their 7569357 questions that i entered a year ago ..
You have access to your database yes ? You can delete my account but you can't adjust a fcking Boolean column from true to false? #@?#&!
Why even offer a feature where you have apparently no control over. Stuff like this happens all the time and almost no one saves that fcking authenticator secret.
Make people use authenticators to keep the hackers out, forces them out instead.4
So following my previous post, the issue happened again. And actually for background what I've been telling my boss, for years, we need ELK setup and integrated into all our APIs ASAP.
I think it's a punishable crime if any program is released into prod at a tech company with out real time logging/monitoring built in?
So issue still happening, user sent us the request details. So now need to find the actual now that handles the request and look into it's logs to see the details.
Now he's doing it the hard way.... Just finished took 1hr, and the best answer her can come up with is "I think .... Maybe ..."
And if course this is based on infinite data. He stopped after finding a "probably cause"
I have a script that is like promotion ELK, downloads all looks and parsed then so I can run queries to pinpoint the exact call and which log it's in. And can see what's happening around it.
We'll see what my way find but definitely does not take more than 1hr...
Loading data maybe but that's because it needs to download the logs and parse them all...
On a side note, guess I'm Beck on devrant as I have something to rant about. Though it's the same something that I was wanting about years ago... Monkeys...1
So, I rarely ask questions, I usually find the answer myself, but, I'm just tired today and maybe my fellow dev ranters can help here.
Is there a way to write a bash script that automatically runs a pre-defined mysql query on local DB and throws that up into production DB?
it's just a simple select and then insert.
Been looking at select into out file, from infile etc
I could do it manually, but I'm going to have to do this more than a few times over the next few weeks and would love to just alias it and be done with it
doesn't seem possible without actually logging into mysql cli each time...on both sides, which sucks
this isn't export/import a table, it's export/import the result of a query
So let's break this down: it's now 2017, the world of development is overflowing with flexible systems written in dynamic coding languages running on powerful hardware. A great deal of which is available to use for free.
This morning I FINALLY got one member of our "R&D" team at work to implement a proper logging system in one of our numerous Java apps... So she adds "log4j-1.2-api.jar" to her project.
I'm still (3 years down the line) trying to convince them to let me rewrite their build scripts to integrate some sort of dependency management system, since they still use the default generated build for Ant as provided by Netbeans.
There is one bright side though: we're so-fucking-close to being able to ditch MS VSS!
*queue slow clap*
At this rate, how long do you think it will be before we can finally get away from using JDK 1.6 for everything?3
Hell of a Docker
One application in c++. 4 in c# targeting Linux. Several logging places, Several configuration files , dozens of different folders to access (read/write). Many applications being called from just one that orchestrates everything.
OS is Linux. Installation is to be made inside a docker image and later placed in a container by means of several bash files and python scripts. All these are part of a legacy set of applications.
They’ve asked me to just comment out one line which took 3 days to find out because they didn’t remember where it was and in which application it was and what was in that line.
After changing it, I was asked to create a test environment which must have resemblance to the current server in production. 12 days later And many errors, headaches, problems with docker, I got it done.
Test starts and then, problems with docker volumes, network, images, docker-composer, config files and applications, started to appear.
1 month later, I still have problems and can’t run all applications at least once completely using the whole set.
Just one simple task of deploying locally some applications, which would take one or two days, is becoming a nightmare.
Conclusion: While still trying to figure out why an infinite loop was caused by some DB connection attempt in an application, I am collecting a great amount of hate for docker. It might be good for something, that’s for sure, but in my experience so far, it is far worse than any expectations I had before using it.
Lesson learned: Must run away from tasks involving that shit!4
We use celery at work, and one of the issues we face is that we use Django logging.
I'm not sure how it happened, however we only get 1 level of tracebacks from it now.
This has made debugging painstakingly difficult, since we have to manually traverse the code every time.
(we're in the process of moving to sentry, and we'll get our full logs back soon)1
So to give you a feel for what evil, clusterfuck code it was in: this projects largest part was coded by a maniac, witty physicist confined in the factory for a month, intended as a 'provisional' solution of course it ran for years. The style was like C with a bit of classes.. and a big chunk of shared memory as a global mud of storage, communication and catastrophe. Optimistic or no locking of the memory between process barriers, arrays with self implemented boundary checks that would give you the zeroth element on failure and write an error log of which there were often dozens in the log. But if that sounds terrifying already, it is only baseline uneasyness which was largely surpassed by the shear mass of code, special units, undocumented madness. And I had like three month to write a simulator of the physical factory and sensors to feed that behemoth with the 'right' inputs. Still I don't know how I stood it through, but I resigned little time afterwards.
Well, lastly to the bug: there was some central map in that shared memory that hold like view of the central customer data. And somehow - maybe not that surprisingly giving the surrounding codebase - it sometimes got corrupted. Once in a month or two times a day. Tried to put in logging, more checks - but never really could pinpoint the problem... Till today I still get the haunting feeling of a luring memory corruption beneath my feet, if I get closer to the metal core of pure C.1
Name two production service, metrics and logging included, after a famous woman and an armored vehicle.
Dude, no. When those services go down in the middle of the night some poor soul on call duty will have to handle it without the faintest idea wtf is going on.1
Helping out a team, I was documenting some code/processes when I came across several classes that was logging a lot of, IMO, 'junk' that was unnecessary (and I knew wasn't being used in any Splunk alerts/reports)
I offer a refactoring suggestion, simplifying the data being logged, moving the duplicate code to a central location, maybe saving 10~20 lines of code. Didn't think it was a big deal because they were already actively working on the code and it was all new code (nothing deployed to production yet). Sent the suggestion to the lead developer and he responds:
Dev: "Yes, the changes looks fine, but not in scope of the project. Any out of scope work will need to be suggested at the end of the project, reviewed by the team, the project manager and approved by the vice president."
"Out of scope"? Logging data to Splunk needs a vice president's approval? WTF?
YOU PROBABLY HAVE THE PROJECT OPEN IN VISUAL STUDIO RIGHT NOW!!!
Along with the documentation the lead dev said they didn't have time to do, I send his boss and the dev team my suggested changes (before-after screen shots of the code) and offered to do the 2 minutes worth of work (again, this was new code, nothing in production and zero side affects to anything).
I even offered to create the splunk reporting/alerting against the data being logged (another item they said they would not have time to do)
About a minute later the lead dev responds..
Dev: "Those changes look good. I'll have Jake make those changes and we can test the logging when we deploy to dev on Monday. Thanks!"
Of course you will...fracking ass hat.
I'll bet my Battlestar Galactica DVD box set he was going to make the changes himself, brag to his boss how he refactored the code, saving X lines of code..blah blah blah to help *me* with documenting the logging portion.
I want to thank my EU lawmakers for always thinking about our logging industry. I still don’t see why I need gdpr, though. I still dont know how the voters can stop this kind of non democratic nonsense in the future.
Wanted to get to bed early tonight, but ended up wasting two hours after I moved code from my development machine over to a test system and it was failing. After adding all kinds of logging to figure out where it was failing on the test machine i realized i fixed am error in an input file on my dev machine, but that error in the input fine was still there on the test machine. Another night with little sleep and tomorrow is Monday. 😭
Our company's first open source project: https://github.com/digineers/...
It's a Symfony bundle that enables logging changes to entities to allow simple mutation logging systems.
Would love to read some of your opinions :)1
Trying to debug an app for twenty minutes, and wondering why it was crashing and not logging anything strange.
Realising only after some compulsive head scratching that logcat has been filtered the whole time
So i'm trying to upload a file to an SSH server using node. First I try the obvious putFile method provided by the obvious node-ssh package. On any other server this would work fine but this server doesn't have sftp installed so that doesn't work.
So I log into the server and check and the file isn't there. I try again several times, file still isn't there. I try running scp -t manually on the server, typing in exactly what my program is sending, and it works. This goes on for a while until I realize that I've been sending a file to one server and logging into a different server to check if the file was sent. grrr4
Mini witch hunt going on with broken builds last couple of weeks. Change satellite assembly/project A, breaks random unit test that hasn’t been changed for months and the TFS nazi sends out emails demanding the “broken” projects be fixed. Doesn’t matter the unit/integration tests are likely out dated and team responsible for the tests needs to fix it.
Yesterday I deleted some logging code out of a security assembly, broke an integration test that hasn’t needed to be ran since January (test database didn’t exist anymore).
I would have had to re-create the database, re-import the test data (not trivial), re-deploy a service using the test database…blah. All because I removed some logging code.
I deleted the gated check-in TFS build definition. Code check in … no sirens …whew! I win!
So I figured out why I was running out of space on my workstation
I misplaced an asterisk in crontab and was running rkhunter and tripwire twice an hour instead of twice a day
With logging set to info
Stupid timeline, there is this company I was working for. It was sub-contracted by another company to do a government project. Government only pays after you deliver in my country. It was a complex system I must say. We were to work with my buddy on this project...now the timeline we were given were not feasible since another company had been given the same project and were not able to deliver. We had a meeting and discussed with our CEO about the project timelines. From the workload the feasible timelines were around 8months if we were to work as two devs. My CEO said that was not going to happen.. The only timelines that was allowed was not more than 3 months. So we suggest use an existing system to customize. .The meetings with the clients were to be weekly demos. So we choose to go with google docs api for the document management part. We were working around 20hrs a day to be able to achieve the target deadline..we management to complete the project within the given timeline..on the commissioning date of the project we faced a government panel and this was my worst disappointment. At the point of login we had to use Google email for business to obtain the API. Just as I was logging in the guy noticed and yelled. "Is that google account ?" and I replied yes..and he said "no need of proceeding since it will be of no use and they won't approve the system". That was my lowest moment in programming. I thought I had done the best project in my life as a programmer only for stupid man to declare my project as null. I felt like calling him son of a bitch but I knew that would have made me more angry...i just walked out. I went to the toilet and all I did was cry for the first time as I can recall.. My question was I was doing weekly demos. Why didn't they raise any questions by then so as to change the entire system??? Later after that demo we went and discussed about the issue and there was time extension. I redid the project using 'open office' but just before deploying the system I got a better job. I wasn't feeling like working on that project anymore. I want to release that project as open source. Recently after one year they haven't yet deployed the system. They are calling for my help. And I don't feel like helping after the humiliation...
Django Logging im a nutshell:
Do something. Logging stops working. Revert. Loggin works now as wished.2
How hard is it to build an Android app? It's going to have features such as logging in, register, feed, account pages, posting, and private messaging. I'm guessing it'll be tedious but building a simple app is that easy? I don't even know how to make it go to another page from the home page.6
It be cool our if SVN got fixed so I could commit changes again. Or while it's down look at other vc options, maybe git?
Nudge, nudge wink, wink.
But in all seriousness wtf did the dba's do to break SVN? Logging my changes in a spreadsheet sucks raw balls.1
Just uploaded my latest project!
A logging library made in c#.
If anybody could take a look and let me know what you think I'd appreciate it.
I wish I could get our technical lead fired for incompetence. No transparency about deadlines (it's always "Oh and we need it today"), always overpromises to business ("I told them you can deliver this in two days" - we estimated a week's worth of work), and she never documents anything except through email (she never uses Jira, which we use for our task logging - we end up creating the tickets ourselves, which she never reads or updates either when there are blockers she needs to address).
Dozens of retrospectives later trying to find a solution to her poor organizational skills have failed to produce anything remotely close to an answer. She just stubbornly refuses to change or improve. I'm at my wits' end just dealing with this on a daily basis to the point I can't wait to clock out and go home.
It's a Friday tomorrow. I intend to slack off and just put in a couple hours of work because fuck her and fuck this company and its inability to fix itself.2
For fuck, fucking sake I literally spent 10 hours trying to setup Celery logging with Django but no, ohhh no Celery has some ninja handlers that don't even show up in logging_tree. If I try to change date format for Celery then I get big "fuck off" in my face. One more hour and I will explode.1
A python solution for Digital Ocean backups using Dropbox, including encryption and logging.
Any feedback, suggestions, or pull requests would be welcome! :)4
not me, but my co-workers left del logging active for about 6 months, then one day it became severely slow for finding free filenames to save into.
mine is DROP DATABASE in prod, after that i have been like I will never keep open console to prod
What the hell is the point of this small projects team spending 2-3 months on developing extensive logging system for an internal application for inside and outside customers to use if your application isn’t going to log any of the fucking errors. Sure you write the failure status to the database, but it just says failure with an even more vague explanation than microsoft’s errors. “An error occurred”. No shit, that’s why I’m looking in the logs and database to debug the application to get these files on their merry way so our company can stay in compliance with the state, feds, and not pay out the wazzoo in fines. All our other applications state where the error occured such as “failed to connect to the email server”, why can’t this one.
Productivity Hack: I'm a java developer who decided to write a productivity app that integrates to-do, pomodoro and eisenhower matrix altogether with reports generation. this will also help me logging at work. I'm also using electron + angular2 + typescript, just because, well, I'm trying to learn new stuff.
Long story short, many many many many days later, i'm still waiting for that productivity boost. What is dis webpack? Wat u mean loaders? Wat promises? electron-prebuilt is now electron? Wat u mean npm and node should be updated? .....
Please send help1
When the services team asks the mobile team what the response on a request is... And then requests console logging on the app so that they can test their code.
So, do any of your poor fuckers have the opportunity - nay, PRIVILEGE of using the absolute clusterfuck piece of shit known as SQL Server Integration Services?
Why do I keep seeing articles about how "powerful" and "fast" it is? Why do people recommend it? Why do some think it's easy to use - or even useful?
It can't report an error to save its life. It's logging is fucked. It's not just that it swallows all exceptions and gives unhelpful error messages with no debugging information attached, its logging API is also fucked. For example, depending on where you want to log a message - it's a totally different API, with a billion parameters most of which you need to supply "-1" or "null" to just to get it do FUCKING DO SOMETHING. Also - you'll only see those messages if you run the job within the context of SQL FUCKING SERVER - good luck developing on your ACTUAL FUCKING MACHINE.
So apart from shitty logging, it has inherited Microsoft's insane need to make everything STATICALLY GODDAMN TYPED. For EVERY FUCKING COMPONENT you need to define the output fields, types and lengths - like this is 1994. Are you consuming a dynamic data structure, perhaps some EAV thing from a sales system? FUCK YOU. Oh - and you can't use any of the advances in .NET in the last 10 years - mainly, NuGet and modern C# language features.
Using a modern C# language feature REMOVES THE ABILITY TO FUCKING DEBUG ANYTHING. THE FUCKER WILL NOT STOP ON YOUR BREAKPOINTS. In addition - need a JSON parsing library? Want to import a SDK specific to what you're doing? Want to use a 3rd party date library? WELL FUCK YOU. YOU HAVE TO INDEPENDENTLY INSTALL THE ASSEMBLIES INTO THE GAC AND MAKE IT CONSISTENT ACROSS ALL YOUR ENVIRONMENTS.
While i'm at it - need to connect to anything? FUCK YOU, WE ONLY INCLUDE THE MOST BASIC DATABASE CONNECTORS. Need to transform anything? FUCK YOU, WRITE A SCRIPT TASK. Ok, i'd like to write a script task please. FUCK YOU IM GOING TO PAUSE FOR THE NEXT 10 MINUTES WHILE I FIRE UP A WHOLE FUCKING NEW INSTANCE OF VISUAL STUDIO JUST TO EDIT THE FUCKING SCRIPT. Heaven forbid you forget to click the "stop" button after running the package and open the script. Those changes you just made? HAHA FUCK YOU I DISCARDED THEM.
I honestly cant understand why anyone uses this shit. I guess I shouldn't really expect anything less from Microsoft - all of their products are average as fuck.
Why do I use this shit? I work for a bunch of fucks that are so far entrenched in Microsoft technologies that they literally cannot see outside of them (and indeed don't want to - because even a cursory look would force them to conclude that they fucked up, and if you're a manager thats something you can never do).
Ok, rant over. Also fuck you SSIS
When u are traversing the logs to find how flow went...and find out the bastard who wrote it forgot to put in logs at all...1
Why does #Devrant (idk if #'s are a thing here) not have a confirm password field?
Come on... I doubt it annoys users and it saves people a lot of hassle, especially when we are logging in on multiple devices :/ I know lots of people who type their password wrong the first time and later on they can't login and get frustrated and confused then end up resetting via email.
Also why no login with Google etc~ that's kinda annoying too...3
Imagine enabling verbose logging for a complex ETL process that typically takes 8 hours to run but has been failing for some reason after running for about 7 hours. Naturally, you want to check the log file to find out what went wrong.
Now imagine not having read access to the log file.
While logging a boatload of bugs on the code my junior dev checked in, I added a couple of items to our product backlog.
Instead of fixing his bugs, junior dev started pulling things from the backlog. I found this out when he messaged me about the requested search results sorting.
His message was:
"hey, the sorting is going to be harder than I thought. Angular 2 dropped native support of filters. But I did find an MIT licensed npm package that should let me add sorting functionality to our JSON data objects. "
BTW, junior dev has more than 3 years of professional experience in addition to a degree.6
Wanted to add a simple log entry when a model changes state in a certain way.
Unit tests pass, functional tests pass, manual tests through application GUI pass.
But for some fucking reason the single line logging call I added results in an error 500 when the application is accessed through a REST API.
Going to have a fun day tomorrow debugging this shit.
Quick question for anyone who's a guru in networks.
The WiFi where I stay keeps on logging me out every ±25-35 minutes. You could browse the internet then suddenly you have to log in again, then it works, and the process repeats itself. Is this normal or is it a huge problem I should bring up?8
Working with Crystal reports, getting ready to deploy my changes. Guess what? My tiny changes to output has successfully broken 12 other fields, and 1 that is in absolutely no way related! Comes right from the database!
And it's crystal, so there's no debugger or logging. Plus, the report takes an hour to run! Today's gonna be a fun one!6
npm ERR! publish Failed PUT 403
npm ERR! code E403
npm ERR! You cannot publish over the previously published versions: 1.1.69. : weschemajs
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/lopu/.npm/_logs/2018-09-29T11_20_28_594Z-debug.log
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! firstname.lastname@example.org run: `./src/index.sh`
npm ERR! Exit status 1
npm ERR! Failed at the email@example.com run script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.
npm ERR! A complete log of this run can be found in:
npm ERR! /Users/lopu/.npm/_logs/2018-09-29T11_20_28_638Z-debug.log
lopu@lopu-pro:~/Dropbox/git/weyoume/wepublish/dev-wepublish$ npm view weschemajs version
lopu@lopu-pro:~/Dropbox/git/weyoume/wepublish/dev-wepublish$ npm view weschemajs version
When logging in, why is there no reminder like 'your password was at least 8 characters long with at least one digit'.8
Learning to use logging in Python for an existing application.
🙇Feeling enlightened looking at the first log file output.3
How to implement freakin OTPs ...
Loggin in ...
Click on Request OTP -> Not available
Click on Forgot password -> Send the OTP to both phone and Email.
The OTPs on phone and mail must not be the same.
So basically, user can't Login by entering OTP received on one of mail or phone.
Just ... fk the user while logging in already ... Entering the order entry in the database in twenty one minutes will do the rest. 😒
So as a personal project for work I decided to start data logging facility variables, it's something that we might need to pickup at some point in the future so decided to take the initiative since I'm the new guy.
I setup some basic current loop sensors are things like gas line pressures for bulk nitrogen and compressed air but decided to go with a more advanced system for logging the temperature and humidity in the labs. These sensors come with 'software' it's a web site you host internally. Cool so I just need to build a simple web server to run these PoE sensors. No big deal right, it's just an IIS service. Months after ordering Server 2019 though SSC I get 4 activation codes 2 MAK and 2 KMS. I won the lottery now i just have to download the server 2019 retail ISO and... Won't take the keys. Back to purchasing, "oh I can download that for you, what key is yours". Um... I dunno you sent me 4 Can I just get the link, "well you have to have a login". Ok what building are you in I'll drive over with a USB key (hoping there on the same campus), "the download keeps stopping, I'll contact the IT service in your building". a week later I get an install ISO and still no one knows that key is mine. Local IT service suggests it's probably a MAK key since I originally got a quote for a retail copy and we don't run a KMS server on the network I'm using for testing. We'll doesn't windows reject all 4 keys then proceed to register with a non-existent KMS server on the network I'm using for testing. Great so now this server that is supposed to connected to a private network for the sensors and use the second NIC for an internet connection has to be connected to the old network that I'm using for testing because that's where the KMS server seems to be. Ok no big deal the old network has internet except the powers that be want to migrate everything to the new more secure network but I still need to be connected to the KMS server because they sent me the wrong key. So I'm up to three network cards and some of my basic sensors are running on yet another network and I want to migrate the management software to this hardware to have all my data logging in one system. I had to label the Ethernet ports so I could hand over the hardware for certification and security scans.
So at this point I have my system running with a couple sensors setup with static IP's because I haven't had time to setup the DNS for the private network the sensors run on. Local IT goes to install McAfee and can't because it isn't compatible with anything after 1809 or later, I get a message back that " we only support up to 1709" I point out that it's server 2019, "Oh yeah, let me ask about that" a bunch of back and forth ensues and finally Local IT get's a version of McAfee that will install, runs security scan again i get a message back. " There are two high risk issues on your server", my blood pressure is getting high as well. The risks there looking at McAfee versions are out of date and windows Defender is disabled (because of McAfee).
There's a low risk issue as well, something relating to the DNS service I didn't fully setup. I tell local IT just disable it for now, then think we'll heck I'll remote in and do it. Nope can't remote into my server, oh they renamed it well that's lot going to stay that way but whatever oh here's the IP they assigned it, nope cant remote in no privileges. Ok so I run up three flights of stairs to local IT before they leave for the day log into my server yup RDP is enabled, odd but whatever let's delete the DNS role for now, nope you don't have admin privileges. Now I'm really getting displeased, I can;t have admin privileges on the network you want me to use to support the service on a system you can't support and I'm supposed to believe you can migrate the life safety systems you want us to move. I'm using my system to prove that the 2FA system works, at this rate I'm going to have 2FA access to a completely worthless broken system in a few years. good thing I rebuilt the whole server in a VM I'm planning to deploy before I get the official one back. I'm skipping a lot of the ridiculous back and forth conversations because the more I think about it the more irritated I get.1
Once again, I got a little stumped when writing one thingmajig in Python.
I am normally not a programmer (Work as sysadmin), so I don't really know all the fancy abstract ways things are done "properly", which is why I need to ask here:
I have a program, separated into parts. The "core" is a part that sets commandline argument structure (using the argparse library), loads master configuration file, sets up the main logging facility, and then proceeds to load "plugins" - python files with one or more classes that implement one specific abstract class that forces them to implement a common interface of init, run, cleanup functions.
The core then proceeds to initialize those classes, run the "run" function, and run the "cleanup" function.
If the plugin class throws a Warning, it is only logged and runtime continues. If it is anything else, the program logs it and stops.
Now, the issue is, sometimes, a user may want to continue even if a non-warning occurs.
Lets say that I am creating a user, and the user already exists. Sometimes, the program user might want to continue with further plugin execution. And what I was told was to implement specific commandline switches that force continuation of runtime despite the plugin failing.
How should I implement it? The most obvious thing is to add a specific switch for every plugin, but that is exactly what I am trying to evade. I want to have the core as abstract as possible.
Other solution I thought of is to have a file of some sort that would list extra switches to implement, then it would be up to the class to implement if it uses the switch or not (I pretty much pass the entire Namespace received from parse_args() function), but this also feels kinda hackish.
I thought about having some sort of function that the plugin could call in the core to add a new argument, but at the point that plugins start loading, the argument parser is already compiled and cannot be changed further.
Any other ideas of how to re-implement the program are also welcome! I may not do it this times, but I'd at least learn something new again.3
So I wrote a while ago .ndjson shapes dataset player.
https://quickdraw.withgoogle.com/ this site contain peoples shitdrawings of particular object.
Grab dataset from here in .ndjson format logging into google account
go to here
browse the file and press play when it's enabled.
Attached picture is a frog.2
Relatively often the OpenLDAP server (slapd) behaves a bit strange.
While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.
Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?
To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...
The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).
But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.
The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.2
What's your go-to logging word/message for when you just need to see if a function is executing/reaching a certain point?
I usually go with "dude"5
At what point does it get easier to just log your errors than to add a to-do that this needs to be logged?
Asking for my boss who clearly prefers Todos to actual logging
-i won't follow logging practices
-i won't follow secure coding
-i won't leverage profiling n monitoring tools
-i won't reuse best practices
-i won't listen to thought leaders
-i will outsource writing UT
-i will outsource code quality checks
-i will outsource all testing
-i will ignore n overide CTO team
But I still want high stability, security n 4 9s availability. Just want it done. My team is best. Am a fast-track leadership program leader who never has or ever needs to cod. I just know ...
People I have to deal with every sprint. Site reliability is not easy ...
Teaching good code makes great products to morons, toughest ...
"Beginners mind needed"2
I need to change how payments are applied to invoices.
ApplyPolicyPayments() looks promising! Make changes to the method to look at the bills in order of the invoice due dates.
Run a test on the DEV environment, and the system is still exhibiting the same bug.
At this point, I wrote a quick logging plugin that I could attach to the DLL and start telling me what is going on.
Turns out, payments are actually applied in a method named BalancePolicy(). So what does ApplyPolicyPayments() do? It DOES apply payments to bills, but then just doesn't save the work. Having it commit the transactions breaks the billing system. FML.
Logging to the console in an aesthetically appealing manner makes the development experience 1000x better!2
Does anyone use Winston JSON? or know what the perfomance impact is vs standard text logging? (serializing an object to JS)?7
What is your favorite method of debugging?
Mine is a debug log. I like a key value setting for enabling/disabling, and logging most transactions, calculations, and variables, even if they seem trivial. I've been able to locate bugs much quicker with detailed logs while some coworkers are still stepping through the process line by line. I don't fault the step method as I use it when logging uncovers nothing (it usually means I didn't log something critical :p) or when logging is not possible.1
After attempting logging into FB Messenger with every browser I have, boy was I surprised when I found out Adblock was causing it to refuse to render with no errors displayed. Why would you block Adblock from an ad-free service !?1
Many years ago, when the web was still a niche thing, there were many web servers deployed with Linux distros with default user/pass of "news/news".
Capabilities were limited, but I liberated many a file using uuencode and logging my session.
Which ons is less risky and which one Is most profitable to succeed ?
0- telling the admin you forgot your password and as he's logging in, sniff his password (you already placed sslstrip)
1- gain access to router using its vulnerabilities and redirect the traffic to a fake page and get the password.
2- exploiting smb port of admin's system and placing a krylogger or stealing his cookies if available
3- brute forcing admin password :/
4- pressing forgot password on admin account and staying close to him and sniff the SMS containing the otp using rtl-sdr (and of course you will be prompted to set a new password)
5- any other way .
Also the website itself is almost secure.
It is using iis 8.5 and windows server 2012
Only open ports are 80 and 443.6
I love my little services like a cobweb with solid bases of communication, security, logging and measuring. It can't get more fulfilling to build a service that is used by just more than one frontend.
Getting frustrated with errors I can't replicate or identify! After spending ages trying to find what's gone wrong and failing, its so embarrassing to suggest "try logging off and logging back in again"
Nothing to rant about today, ok, except maybe the logging format and goaccess incapability to eat the laravel monologs without being a pain in the ass.
tail -f it is for now until I find time to do this properly1
Can anyone recommend a good password manager that is 'in the cloud', can be used on my mobile and makes life easy for logging into apps on my phone that aren't logged in via a browser. Ideally something free but I'm willing to pay for something that is worth it10
Saw my colleague debugging. He's got a try-catch, then I asked, "Why aren't you logging the stack trace?". He answered, "I don't cause it will be a security risk". So there he was having a hard time debugging.🤯
Can you guys confirm if what he said is true?4
Question directed to devs who know a bit about setting up middle sized architecture.
Prestory: Joined into development of a middle sized online game. Figured they created a monolith over the last 6 years up to a point where nothing works properly and nothing can be changed without wrecking the whole system. Figured a monolithic approach isn't such a great idea.
Current Situation: In a different, same scale online game development team, game itself working but team is struggling with architecture.
My job is to come up with an approach on how to set up masterserver/matchmaking/database etc. Reading through various articles about common principles (SOLID etc.), i figured that a microservice+event-/servicebus architecture may work for that kind of project.
The idea would be to have a global interface in which microservices can be hooked. So a client registers to a client handler on startup, then starts to queue for a game, the client handler throws an event on the bus to register the user to matchmaking. The matchmaker happens to listen to those events (Observer Pattern) and adds him to matchmaking, when a match is found it throws an event on the bus to connect the user to the server, etc. One can easily imagine a banhandler throwing in a veto to cancel such an action, metrics and logging is fairly simple to add (just another service listening to all events), additionally Continuous Delivery, FRP and such are also beneficial advantages and it is said to scale well.
The question is, would you do the same, is there maybe something i might be overlooking? Do you have better ideas?
Keep in mind that we are not too experienced and are bound to different languages (python, C++ and java mostly) and are a small (4 Devs) Team with different strengths.
Thank you for your feedback and criticism!1
So I'm tasked with creating a single sign on link using documentation from the third party we are logging into. So far so good.
Well they don't support some of the fields our users will need--that we don't want to support (otherwise why use a third-party?).
Their solution is to make us the system of record so that when a user goes through the single sign on we pass this info as well. But it needs to be editable on their side well--because they won't give us an API for our system of record to update their side.
That's right only a user signing on from our system will update their side. Tough luck admins on our side. You get double duty due to the poor business decision to work with a company with lazy devs.
Thought that it might be a good idea to ask this question here.
Im looking for a nice logging events service for a side project that is a b2b (so my clients got their own users). My targets are tracking users behavior/events/actions in the app while been able to shred the data that belongs to each customer. A great benefit would be having a solution that would allow me to export part of the data (in sql like way) so i could provide the users the option to download their users data as well.
Was thinking about mixpanel but i dont think they have any option to export the data via api. Heap analytics is also an interesting one, but their nice features are limited to corporates..
Any suggestions? Thanks!4
Tracking/logging hours, how do you do it? Is there some decent software for Linux that does this?
I wanna start tracking my time doing specific tasks, so I'm just wondering what other ppl use, if at all hehe1
Any good recommendations on how to gather user metrics/instrumentation and visualize data?
The program is a WPF application with not internet connection so logging to file and get file is probably the only solution.
I've played a little with Serilog to file and trying to import the log into elastic search and visualize data with Kibana.
Ok this is either my code, socket.io or China. So I wrote DApp for my crypto project but for some reason our Chinese users have problems using it... So i dig through our code for HOURS! and finally resort to making an AJAX call from the client to a hideous PHP script for logging and what do i find?
For some reason the WebSocket cannot connect. I haven't mapped this so it's only conjecture but I think the GFW is blocking my users connections? (Also using a VPN seems to fix it)
Anyone else had this issue?1