Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "positive news"
-
Soms week ago a client came to me with the request to restructure the nameservers for his hosting company. Due to the requirements, I soon realised none of the existing DNS servers would be a perfect fit. Me, being a PHP programmer with some decent general linux/server skills decided to do what I do best: write a small nameservers which could execute the zone transfers... in PHP. I proposed the plan to the client and explained to him how this was going to solve all of his problems. He agreed and started worked.
After a few week of reading a dozen RFC documents on the DNS protocol I wrote a DNS library capable of reading/writing the master file format and reading/writing the binary wire format (we needed this anyway, we had some more projects where PHP did not provide is with enough control over the DNS queries). In short, I wrote a decent DNS resolver.
Another two weeks I was working on the actual DNS server which would handle the NOTIFY queries and execute the zone transfers (AXFR queries). I used the pthreads extension to make the server behave like an actual server which can handle multiple request at once. It took some time (in my opinion the pthreads extension is not extremely well documented and a lot of its behavior has to be detected through trail and error, or, reading the C source code. However, it still is a pretty decent extension.)
Yesterday, while debugging some last issues, the DNS server written in PHP received its first NOTIFY about a changed DNS zone. It executed the zone transfer and updated the real database of the actual primary DNS server. I was extremely euphoric and I began to realise what I wrote in the weeks before. I shared the good news the client and with some other people (a network engineer, a server administrator, a junior programmer, etc.). None of which really seemed to understand what I did. The most positive response was: "So, you can execute a zone transfer?", in a kind of condescending way.
This was one of those moments I realised again, most of the people, even those who are fairly technical, will never understand what we programmers do. My euphoric moment soon became a moment of loneliness...21 -
A group of Security researchers has officially fucked hardware-level Intel botnet officially branded as "Intel Management Engine" they did so by gathering it all the autism they were able to get from StackOverflow mods... though they officially call it a Buffer Overflow.
On Wednesday, in a presentation at Black Hat Europe, Positive Technologies security researchers Mark Ermolov and Maxim Goryachy plan to explain the firmware flaws they found in Intel Management Engine 11, along with a warning that vendor patches for the vulnerability may not be enough.
Two weeks ago, the pair received thanks from Intel for working with the company to disclose the bugs responsibility. At the time, Chipzilla published 10 vulnerability notices affecting its Management Engine (ME), Server Platform Services (SPS), and Trusted Execution Engine (TXE).
The Intel Management Engine, which resides in the Platform Controller Hub, is a coprocessor that powers the company's vPro administrative features across a variety of chip families. It has its own OS, MINIX 3, a Unix-like operating system that runs at a level below the kernel of the device's main operating system.
It's a computer designed to monitor your computer. In that position, it has access to most of the processes and data on the main CPU. For admins, it can be useful for managing fleets of PCs; it's equally appealing to hackers for what Positive Technologies has dubbed "God mode."
The flaws cited by Intel could let an attacker run arbitrary code on affected hardware that wouldn't be visible to the user or the main operating system. Fears of such an attack led Chipzilla to implement an off switch, to comply with the NSA-developed IT security program called HAP.
But having identified this switch earlier this year, Ermolov and Goryachy contend it fails to protect against the bugs identified in three of the ten disclosures: CVE-2017-5705, CVE-2017-5706, and CVE-2017-5707.
The duo say they found a locally exploitable stack buffer overflow that allows the execution of unsigned code on any device with Intel ME 11, even if the device is turned off or protected by security software.
For more of the complete story go here:
https://blackhat.com/eu-17/...
https://theregister.co.uk/2017/12/...
I post mostly daily news, commentaries and such on my site for anyone that wish to drop by there19 -
Never have I been so furious whilst at work as yesterday, I am still super pissed about going back today but knowing it's only for another few weeks makes it baerable.
I have been the lead developer on a project for the last 3~ months and our CTO is the product owner. So every now and then he decides to just work on a feature he is interested in- fair enough I guess. But everything I have to go and clean up his horrendous code. Everything he writes is an absolute joke, it's like he is constantly in Hackathon mode "let's just copy and paste some code here, hardcoded shit there and forgot about separation of code- it all goes in 1 file".
So yesterday he added a application to the project and instead of reusing a shared data access layer he added an entirely new ORM, which is near identical to the existing ORM in use, for this one application.
Being anal about these things, the first thing I did was delete his shit and simply reference the shared library then refactor a little code to make it compatible.
WELL!! I certainly hit a nerve, he went crazy spamming messages on Slack demanding I revert as it broke ONE SINGLE QUERY that he hadn't checked in (he does 1 huge commit for 10 of everyone else's). I stuck to my principals and explained both ORM's are similar and that we only needed one, the second would cause a fragmented codebase for no benefit whatsoever.
The lead Dev was then forced to come and convince me to revert, again I refused and called out the shit quality of their code. The battle raged on via the public slack group and I could hear colleagues enjoying the heated debate, new users even started joining the group just to get in on mine and the cto's difference of opinion.
I even offered to fix his code for him if he were to commit it, obviously that was not taken well ;).
Once I finally got a luck at the cluster fuck of shit he had written it took me around 5 minutes to fix and I ever improved performance. Regardless he was having none of it. Still the demands to revert continued.
I left the office steaming after long discussions with the lead Dev caught in the middle.
Fortunately my day was salvages with a positive technical discussion that evening at a company with whome I had a job offer from.
I really hate burning bridges and have never left a company under bad terms but this dictator is making me look forward to breaking the news today I will be gone in 4 weeks.4 -
Breaking news!
An anomaly in human communications was discovered!! It appears that when a person asks a tech oriented friend "can you help me with my computer?" And receives a positive response, what he actually hears is "yes, I agree to be your slave for any technical issue you have from now and until the end of time"!
Scientists are investigating...2 -
This week in positive news: "Video Editor" comes to Windows 10, so I can finally uninstall my hacked-together version of Movie Maker8
-
In the 90s most people had touched grass, but few touched a computer.
In the 2090s most people will have touched a computer, but not grass.
But at least we'll have fully sentient dildos armed with laser guns to mildly stimulate our mandatory attached cyber-clits, or alternatively annihilate thought criminals.
In other news my prime generator has exhaustively been checked against, all primes from 5 to 1 million. I used miller-rabin with k=40 to confirm the results.
The set the generator creates is the join of the quasi-lucas carmichael numbers, the carmichael numbers, and the primes. So after I generated a number I just had to treat those numbers as 'pollutants' and filter them out, which was dead simple.
Whats left after filtering, is strictly the primes.
I also tested it randomly on 50-55 bit primes, and it always returned true, but that range hasn't been fully tested so far because it takes 9-12 seconds per number at that point.
I was expecting maybe a few failures by my generator. So what I did was I wrote a function, genMillerTest(), and all it does is take some number n, returns the next prime after it (using my functions nextPrime() and isPrime()), and then tests it against miller-rabin. If miller returns false, then I add the result to a list. And then I check *those* results by hand (because miller can occasionally return false positives, though I'm not familiar enough with the math to know how often).
Well, imagine my surprise when I had zero false positives.
Which means either my code is generating the same exact set as miller (under some very large value of n), or the chance of miller (at k=40 tests) returning a false positive is vanishingly small.
My next steps should be to parallelize the checking process, and set up my other desktop to run those tests continuously.
Concurrently I should work on figuring out why my slowest primality tests (theres six of them, though I think I can eliminate two) are so slow and if I can better estimate or derive a pattern that allows faster results by better initialization of the variables used by these tests.
I already wrote some cases to output which tests most frequently succeeded (if any of them pass, then the number isn't prime), and therefore could cut short the primality test of a number. I rewrote the function to put those tests in order from most likely to least likely.
I'm also thinking that there may be some clues for faster computation in other bases, or perhaps in binary, or inspecting the patterns of values in the natural logs of non-primes versus primes. Or even looking into the *execution* time of numbers that successfully pass as prime versus ones that don't. Theres a bevy of possible approaches.
The entire process for the first 1_000_000 numbers, ran 1621.28 seconds, or just shy of a tenth of a second per test but I'm sure thats biased toward the head of the list.
If theres any other approach or ideas I may be overlooking, I wouldn't know where to begin.16 -
Feeling like shit, tired, stressed and then going into a performance review where aparently im far exceeding what i need to do. Makes me wonder why i need to feel like this, i dont really feel excited although there was positive news.. I think i need sleep1
-
Not a rant, positive news instead. Finally after 2.5 years of searching I found a new job! Especially after a interview that I thought went south very quickly. Ended up with an offer 30 minutes after the fact.1
-
I feel I need to write some side project summary somewhere.
So here it is about 3 months later:
- deleted 90% of code I created during last 3 months
- rewrote backed 5 times
- 200 lines POC still waiting to put in any meaningful architecture on frontend
- frontend part after aurelia, next, gatsby, react I think it would be vue powered by nuxtjs
- forced myself to buy food for whole week and don’t go out (except go running ) before I finish at least what I wrote on whiteboard
Now some positive news:
- there is not much left to be fucked up, removed or unnecessary added
- I think I got a plan
- this is probably first side project that makes me happy for such long time
- there is some probability it would help people and this is what I want to do in my life
Most important is that I know it would take at least half a year to do basic version of it and I don’t care.
Wish me luck so I can put some sneak peak after next 3 months. -
A bit longer rant, somehow triggered by the end of this rant:
https://devrant.com/rants/7145365/...
The discussion revolved around strpos returning false or a positive integer.
Instead of an Option or a Exception.
I said I'm a sucker for exception, but I'm also a sucker for typing.
Which is something most languages lack - except the lower level ones like C / C++.
I always loved languages which have unsigned and signed types.
There, I said it... :) I know that signed / unsigned is controversial, Google immediately leads to blog entries screaming bloody murder because unsigned can overflow – or underflow, if someone tries to use a -1on an unsigned integer.
Note that my love is only meant for numeric types, unsigned / signed char is ... a whole can of insanity on its own.
https://phoronix.com/news/...
If you wanna know more.
Back to the strpos problem, now with my secret love exposed:
strpos works on a single string, where a string is a sequence of chars starting with 0.
0 is a positive integer.
In case the needle (char that should be looked up in the string) cannot be found in the haystack (the string), PHP returns "false".
This leads to the necessity of explicitly checking the type as "0" (beginning of string, a string position)... So strpos !== false.
PHP interprets 0 as false, any other integer value is true.
In the discussion, the suggestion came up to return -1 if a value could not be found – which some languages do, for example Scala.
Now I said I have a love for unsigned & signed integers vs. just signed integers...
Can you guess why the -1 bothers me very much?
Because it's a value that's illogical.
A search in a sequence that is indexed by 0 can only have 0 or more elements, not less than zero elements.
-1 refers to a position in the sequence that *cannot* exist.
Which is - of course - the reason -1 was chosen as a return value for false, but it still annoys me.
An unsigned integer with an exception would be my love as a return value, mostly because an unsigned integer represents the return value *best*. After all, the sequence can only return a value of 0 ... X.
*sigh*
Yes, I know I'm weird.
I'm also missing unsigned in Postgres, which was more or less not implemented because it's not in the SQL standard...
*sob*29 -
So I have question about my resume.
During my college time, I have done two projects related to politics:
One is to analyze the bias of media. What I did is scrape news covers for Trump and Hillary during election year and get sentiment analysis. The result is not surprising that among NY Times, NBC, Fox, Eashington Post, and CNN, Fox news is clearly favoring Trump, since Fox news is a republican news site.
The other project I did was to analyze the speech complexity and sentiment of the election. One of the observation we made was that Hillary and Trump are almost at the same level regarding speech complexity. However, Trump has a more positive sentiment in the speech, which is true consider how much he loves to say make America great again.
Now the question is, when I gave my advisor my resume, she said that I'd better not put those two projects on my resume since they are related to politics.
But, I am applying for a data science master degree. Seriously, I was just collecting the data and the data speaks for himself, why should I take those projects off my resume? I'm very proud of those projects I did as a matter of fact.
So here is the question. Shall I take off those two projects on my resume because they were political or I should leave it thereawarreally need some professional views. Please.1