Aboutdev, physicist, rantee
Joined devRant on 6/12/2016
Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
I don't write monads,
nor intricate templates,
my code shall be stupid
and simple - free of any
arbitrariness and superfluity.
Clear and evident.2
Audience question to Uncle Bob: Which parts of the code do you unit test? What about code coverage?
Uncle Bob: Well (chuckling).. You test the parts of the code that you want to work.
I would have wanted to bring up SICP again, with the great big warning about the evil assignment operator and state and all the troubles that ensue (just think: concurrency).
But in a way, nothing has really come up from this or my attempts to dig deeper into "everything is a file/object" (Unix, smalltalk), neither from formal languages or the Curry-Howard correspondence. - Maybe there's just nothing, no firm bottom ground to discover. Like the physicists going for their world formula, but instead of a grand, beautiful symmetry that explains everything, we face a shattered world of (incompatible) theories, that is ever so more complex and chaotic through our theories applied to it. There may not be a Platonic ideal world of ideas, but rather partial constructs explaining some particular perceptions.
Similarly the one perfect programming language to rule them all, the perfect abstraction, pattern is probably just another prepubertal fantasy to be sunk.
So maybe instead of seeking the perfect epiphany, we should go for something quite different: the nagging, brooding uneasiness that something is wrong there, that there's something to be fixed... that even negative feeling would propel us to search further, not to stay in whatever is touted as the real thing.
Such irritations I found with Pieter Hintjens' writings. For example when he actively engaged in conspiracy theories. And I'm still not sure, if he just went off the cliff or he's even right alluding that these theories are an act of sanity, a self-defence against the hidden evil mights. I just don't know. Anything.
How rotten and half bitten is this most valuable Apple? See that they get quite some bashing for their latest Catalina release. And they deserve every portion of it, I think.
Honestly, when I saw our testers going through the different betas, which hardly installed and on which our software kept behaving differently, nevertheless they pushed their Golden Master and released. Didn't seem a good idea.
Currently I had to update to Catalina to check some small broken feature of ours and now the active window keeps on losing focus every few minutes. Have to grab the mouse and click there again to continue working. Really fucking annoying. Hope I can track it down some time.. or trash my iMac.3
Is this a technological metaphor?
For some Hacker challenge I was reading up on different keyboard layouts, Dvorak and stuff. And the technological lock in is baffling me: The rationale for qwerty was to reduce jamming of the typewriter letter arms. Today that doesn't make sense anymore, yet we stick to it. Wondering how much of today's tech is dragged down by things like that.
This stuff often also makes me weary of the first decisions, like choosing a protocol or data base - its kind and layout, because we might be stuck with it for reasons of backwards compatibility.... Like when Microsoft opted for the backslash as a directory separator..33
Some people are really getting high on this Agile shit. Probably because they learned some new bullshit bingo phrases - and it suits them: lots of vapory talk and expensive meetings and others will have to do the work anyway, while they can circlejerk on how to have shorter iterations to improve the time to market, increase the business value, inspect and adapt to faster deliver a minimal viable product - yeah, do the agile transformation, update to the digital age, you noobs. Throwing around some catchy phrases will let you compete with Google? Maybe need some blockchain or machine learning?
While you are clustering your post its, the coders who keep the ship afloat, sit in their legacy code base that's so bitrot they are mainly doing bugfix releases without a single feature for three fucking years. Consider this.6
One nightmarish project that was doomed from the beginning, had me as the sole developer. I could hardly sleep when we began testing on a separate test system, but with (nearly) all the config stored in shared memory and copied from the production system, I dreaded, half awake, that the production server data base connection was still configured in the test system and that it was shooting all it's test data repeatedly to prod.
Finally drove to company in middle of the night at 4 o'clock. Checked everything was OK, tried to sleep 3 hours before the start of the work day.
This system also had the most hideous memory corruption in some shared memory that was used across several processes and should have been thoroughly protected by a mutex, but somehow, sometimes this crucial map, that was used to speed up the access to all the customer data just contained garbage.
Still haunts me to that day. (Like xkcd's unresolved tension of a non-matching parenthesis - an unresolved bug.
Me: Could you give me the path to your Desktop folder, please?
Linux Distros: ... *shrug*, nope?!10
Just as an extension of last rant to explain how much fun it is to keep up with Apple's security through obscurity bullshit.
AFAIK this full disk access (FDA) feature was touted to protect a user's data on macOS. Programs that want to access those files need to request the user's permissions to do so. Now to the fun part: Apple is not providing any API. A staff member suggested, that you should only try to access the files your app needs and if you can't as for the user's allowance. One should not use some fixed files and try to access them, because their locations might change, as well as their (UNIX file) access rights (ACL), or if they fall under FDA. Not to speak about the other security features that might hinder you accessing files (you might be sandboxed, or the files might be subject to SIP/rootless).
Honestly, you should be starting to take drugs, if you want to stay sane. I mean UNIX ACL are weird enough: e.g. you can make a directory only readable for root such that a user cannot list the files inside, but you can place files inside that the user can read (if she knows about their existence). On macOS you'll never know. You may have all the rights to access a file,.. but Apple will only give you the finger.
As they always do to us developers.2
Fucking Apples hold my bananas! Collegue and me see our naïve thought refuted that a commercial vendor, most valuable company would create an OS that is not as split and fucked up as Linux distros.
It is hard even where to begin, so deep is the shitfest they are putting developers through with Mojave and Catalina.
Our testers weren't hardly able to install Catalina beta 6-7. Behavior of kernel extension and full disk access varying on a daily basis. Fixing these bugs is like nailing a pudding to the wall.
Makes me wanna quit software. Whom should you trust if even your OS is flaky as hell?9
webbrowser should know 'ls' command. - would be great for the web to support it.
Or am I the only one, who sleepy, coffeine-deprivated, swapped out of multitasking, not knowing where he is, goes for default command to orientate oneself: *ls* - even in a browser addressbar?8
Fuck external stake holders, like politicians, those know-nothings, that pump their ego by finding multiple "issues" with our software like how we display the privacy data agreement and impose their stupid fucking nonsense rules on our software. Even if it is not part in any official law or GDPR
So there is the request that one needs to scroll down the whole data privacy crap nobody reads until you can press "Continue" and we *have* to implement that shit. Although it is completely out of line with Apple's usual installer handling. Nobody will understand it. It cripples the workflow.
But some Mr. Important demanded it, as if he is protecting users with this and makes a great contribution to the data privacy in our country. Yeah! And guy is so high up, unreachable for us through all the layers of other people, leaving us no time and means to dissuade this shitty request. If all your 'ideas' are so great you should not be allowed to do jack shit.1
One of biggest epiphanies came through this fundamental critique in SICP of the assignment operator. Through years of imperative programming it seems so innocent, doesn't it? But that you lose referential transparency, run into the alias problem and fundamental difficulty to determine object equality (or of their instances) - that was kind of eye opening considering all the pain I had already experienced with state in concurrency.
(It led me so far to think it's an ontological issue, that even in the discrete computing universe we have not come so much further than Zenon's paradoxa on change.)7
The "AH"-moment when as a boy discovered that with this instructions in QBasic I could literally let the thing do *anything*.
The "HA"-moment only little afterwards that I'll probably never have a clue what a worthwhile thing to make it do would be.
Hackerman strikes back. Always thought the new knowledge about stego tools, reversing, enumeration, privesc were just my private amusement. But could now use it, hopefully resolving a severe crash by dropping our binary into radare2 (cutter) and ghidra, identifying some dangerous code.
Also it gives you new angles to look at things. E.g. the vectors your code might expose...4
The worst of Agile and Sc(r)um: All those people knowing the right way(™) to do it. Endless discussion about useless tooling: the proper use of the custom workflow in Jira, on when and how to create sub tickets. The hour-less meta-discussions on what should be discussed where and when (what's subject of the backlog refinement, retro, etc), the roles: the PO's, what he should do, cannot, the PM's. Who is allowed to pull a ticket to the sprint or not. How many reviewers need to acknowledge a pull request. To and fro. Pointless, but fought with heart and blood, full of sound and fury, signifying nothing.
And everywhere I hear: "In my previous company, we did Scrum like.. and it worked perfectly!"
Some of you might remember my rants on Mr. Gitmaster, with whom I thought I'd made my peace. Guess what? He's now a team member and turning into Mr. Agile - a more severe reincarnation! As our company starts flogging that dead horse of Agility, he seems to feel strong tailwind. Our team lead would constantly cut his monologues, but he's now on holiday, so we have no escape from the never ending: "In my previous company..."
If it was so great, why didn't you stay?
We are not allowed to pull a ticket to the sprint unless every team member is notified? I don't fucking care. If our software fails on customer's machines and I can fix it, I will do if there is a ticket, if it's in the sprint or not. Screw Scrum, if it is getting in the way of it. You can waste your hours discussing horseshit, I want to sit at my desk, deep in the test-compile loop and ship some fucking code.3
Because he gave us Psychobitch (https://youtube.com/watch/...)
His British humor,... just watch some talks..1
Agile my ass.
What has become of: "Individuals and interactions over processes and tools"?
A fuckton of rules and processes to do it the 'right' way: tickets, estimations, hours of sprint planning. Yeah, we're so professional we no longer have time to write code.
Note: manifest was mainly full of fluffy business buzzword bullshit (effective sustainable excellence), but one thing resonated:
>Simplicity--the art of maximizing the amount of work not done--is essential.
(I cherish every line of code deleted or unwritten, so it needn't be maintained)5
git commit -m "The test core dumps, I go home" && git push
(OpenSSL is like running a marathon: It's just some month away and you already forgot how much fucking pain it was. Nah, can't have been that bad. Shit, it is.)
Crypto. I've seen some horrible RC4 thrown around and heard of 3DES also being used, but luckily didn't lay my eyes upon it.
Now to my current crypto adventure.
Rule no.1: Never roll your own crypto.
So let's encrypt a file for upload. OK, there doesn't seem to be a clear standard, but ya'know combine asymmetric cipher to crypt the key with a symmetric. Should be easy. Take RSA and whatnot from some libraries. But let's obfuscate it a bit so nobody can reuse it. - Until today I thought the crypto was alright, but then there was something off. On two layers there were added hashes, timestamps or length fields, which enlarges the data to encrypt. Now it doesn't add up any more: Through padding and hash verification RSA from OpenSSL throws an error, because the data is too long (about 240 bytes possible, but 264 pumped in). Probably the lib used just didn't notify, silently truncating stuff or resorting to other means. Still investigation needed. - but apart from that: why the fuck add own hash verification, with weak non-cryptographic hashes(!) if the chosen RSA variant already has that with SHA-256. Why this sick generation of key material with some md5 artistic stunts - is there no cryptographically safe random source on Windows? Why directly pump some structs (with no padding and magic numbers) into the file? Just so it's a bit more fucked up?
Thanks, that worked.3
From a little bit heated discussion I want to extract this: One big pain in the ass is the human to computer interface. Maybe it's the natural vs. formal language divide, but there's a mismatch deeper than between object and relational models that no ORM can failingly fix.
The whole point of the discussion was on such a point where some wanted an interface more human friendly and I stubbornly insisted on the way it is simple for the computer system. Like not too much human messiness should invade machine. One argument sounded as if human words were like unicode code points which meaning doesn't depend on its representation.
That's raising red flags to me: Nonono, natural language is too messy, keep it out. This poor machine could have been so clean and well designed and we already stacked up so much entropy we still dare to call OS,..
Dunno, what's your stance? Still hoping that your shell one day will be able to process our poor standard English? Or do you think, like me, all those failed attempts show there's a gap you should not even touch?5
I should run a daily cron job for my Mac rants. Today it was just this: I connected to some other iMac over network discovery, but from within in the GUI it is impossible for me to get the IP or any information of that machine. All information it displays you see below. Thanks very helpful. (Only lastly I found the information by pinging administrators-iMac.local)3
macOS fuckup continued. Today I used a camelcase name for some new file and a directory. Later I didn't like it and wanted to change to lowercase. Pushed it to bitbucket: now I had both versions! Hold my goji berries, what's going on? Maybe some git config screw up? After a bit of fiddling I remembered an old Linus' rant on Apple's file system when they wanted to adopt case insensitivity. So wait, did they actually do that shit? I thought I was on a unixoid, bastardized BSDish system, that apart from all the oddities that Apple bestowed on it, that there was still some sanity left... But, no there isn't. AFP really defaults to case insensitivity.
I have no words.
So switched to my Debian, where I resolved the duplication in two secs. Now Linux feels even much more comfy and home.33
What a delight to have to work on macOS. Not.
Took me two days to notarize our app bundle. The ultimate issue was a dead symlink inside the bundle which would make the codesign verify (with strict option!) fail, while verification of signing operation itself passed.
Notarization would just give generic error: not properly signes.
So to give you a feel for what evil, clusterfuck code it was in: this projects largest part was coded by a maniac, witty physicist confined in the factory for a month, intended as a 'provisional' solution of course it ran for years. The style was like C with a bit of classes.. and a big chunk of shared memory as a global mud of storage, communication and catastrophe. Optimistic or no locking of the memory between process barriers, arrays with self implemented boundary checks that would give you the zeroth element on failure and write an error log of which there were often dozens in the log. But if that sounds terrifying already, it is only baseline uneasyness which was largely surpassed by the shear mass of code, special units, undocumented madness. And I had like three month to write a simulator of the physical factory and sensors to feed that behemoth with the 'right' inputs. Still I don't know how I stood it through, but I resigned little time afterwards.
Well, lastly to the bug: there was some central map in that shared memory that hold like view of the central customer data. And somehow - maybe not that surprisingly giving the surrounding codebase - it sometimes got corrupted. Once in a month or two times a day. Tried to put in logging, more checks - but never really could pinpoint the problem... Till today I still get the haunting feeling of a luring memory corruption beneath my feet, if I get closer to the metal core of pure C.1