Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »
 
  • Post
  • Reply
Wheany
Mar 17, 2006

Spinyahahahahahahahahahahahaha!

Doctor Rope
Designer: ...that was how I thought it should work
me: Well, I don't read thoughts, I read specs.
Team lead: We cannot make a spec out of every little thing, that's too inefficient. Generally just make it work like stuff has worked earlier. You're allowed to use common sense. You'll learn soon enough what it is that the designer usually wants.

:suicide:

e: clarity

Wheany fucked around with this message at 15:50 on Nov 17, 2011

* # ? Nov 17, 2011 09:19
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 15, 2024 03:30
  • Quote
ahmini
May 5, 2009

Thermopyle posted:

The worst part about being self-taught/un-educated in programming is that I've noticed this bug several times, but thought I just didn't understand what was really going on.

The worst part of questions like this is that when I first saw it, I looked at the line involved and thought, "That will go wrong with big numbers." However, there is always that temptation to think, "That's too obvious, there must be something *more complicated* going on so I can prove how obviously smart I am."

Look who's stupid now? I'm hoping this problem applies to more people than myself for a crumb of comfort.

* # ? Nov 17, 2011 12:16
  • Quote
NotShadowStar
Sep 20, 2000

Thermopyle posted:

The worst part about being self-taught/un-educated in programming is that I've noticed this bug several times, but thought I just didn't understand what was really going on.

Nah. Thing is if you were taking a class and you were astute enough to realize that dividing the ints could get you an overflow with huge numbers, you'd get a :smug: response like "This has been working perfectly for 40 years and you are wrong you undergraduate prove it wrong when you get YOUR PhD :dealwithit:"

* # ? Nov 17, 2011 15:19
  • Quote
tef
May 30, 2004

-> some l-system crap ->
I've been exposed to smug academics more in industry than in academia. The ones in academia seem to get the whole learning thing a little better, meanwhile the ones in industry seem to go around with a god complex.

I will never work under phds again (who have never released a product).

At a previous company, the exec team all had phds. Most of them had gone from one startup to the next before anything happened. It seems that working 4+ years on your own desperately trying to demonstrate novelty gives you brain damage.

Working in a team? No i'll dump a pile of undocumented code on you! It has tests! They might not be deterministic? Oh I've added 8+ abstract classes to separate all the features and compose them!

I wanted you do this thing that I don't have time to explain! No, not like that! Like this! Don't use generics that's too type safe. Oh make those things stateful - that will make them more robust and useful than stateless.

Computer science education is overrated when it comes to actually delivering a product or service.

tef fucked around with this message at 15:38 on Nov 17, 2011

* # ? Nov 17, 2011 15:35
  • Quote
tef
May 30, 2004

-> some l-system crap ->

NotShadowStar posted:

Nah. Thing is if you were taking a class and you were astute enough to realize that dividing the ints could get you an overflow with huge numbers, you'd get a :smug: response like "This has been working perfectly for 40 years and you are wrong you undergraduate prove it wrong when you get YOUR PhD :dealwithit:"

fwiw: the overflow is in the addition, not the division. binary search is well known to be hard to implement right. I doubt you'd get the smuggo phd response.

* # ? Nov 17, 2011 15:37
  • Quote
trex eaterofcadrs
Jun 17, 2005
My lack of understanding is only exceeded by my lack of concern.
Non explicit silent overflow is the horror here.

* # ? Nov 17, 2011 15:48
  • Quote
NotShadowStar
Sep 20, 2000

tef posted:

I've been exposed to smug academics more in industry than in academia. The ones in academia seem to get the whole learning thing a little better, meanwhile the ones in industry seem to go around with a god complex.

I will never work under phds again (who have never released a product).

At a previous company, the exec team all had phds. Most of them had gone from one startup to the next before anything happened. It seems that working 4+ years on your own desperately trying to demonstrate novelty gives you brain damage.

Working in a team? No i'll dump a pile of undocumented code on you! It has tests! They might not be deterministic? Oh I've added 8+ abstract classes to separate all the features and compose them!

I wanted you do this thing that I don't have time to explain! No, not like that! Like this! Don't use generics that's too type safe. Oh make those things stateful - that will make them more robust and useful than stateless.

Computer science education is overrated when it comes to actually delivering a product or service.

Might be different with CS PhDs. The ones I worked with were just braindead clueless. I took biology classes and worked with biology and chemistry PhDs and they were so full of :smug: you could scrape it off the lab walls and quantify the amount of :smug:

* # ? Nov 17, 2011 16:00
  • Quote
taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:

 This is the kind of detail I would expect my professor to tell me about during lecture, not hate on because they got called out. For the most part they were all very keen to be corrected if needed, including doing research to verify.

This is a "Before I show you this, I want you to know that there is at least one error. See if you can find it." type thing, not some sacred cow.

* # ? Nov 17, 2011 16:16
  • Quote
PDP-1
Oct 12, 2004

It's a beautiful day in the neighborhood.

NotShadowStar posted:

Might be different with CS PhDs. The ones I worked with were just braindead clueless. I took biology classes and worked with biology and chemistry PhDs and they were so full of :smug: you could scrape it off the lab walls and quantify the amount of :smug:

I've worked with about 100 PhD types over my career and am an ABD myself. Based on that sample I think there's about three basic groups:

1) People who should actually have a PhD Smart, tech oriented, and great at what they do. These folks are rare but amazing to work with when you find one.

2) Egomaniacs They got a PhD because it's the 'best' degree and are smug as gently caress about it. They also are likely to insist on everyone else addressing them as doctor. They aren't terrible at what they do but almost inevitably drift out of direct tech work and into management.

3) Clueless Losers These people shouldn't have a PhD at all, they just got one because it was a way to stay in the comfortable world of academia instead of going out into the scary real world. Eventually the college shits them out, they get a job, and then immediately begin squirting the intellectual equivalent of squid ink all over every problem they're given to keep others from seeing just how directionless and incompetent they are.

PDP-1 fucked around with this message at 14:45 on Nov 18, 2011

* # ? Nov 17, 2011 16:45
  • Quote
evensevenone
May 12, 2001
Glass is a solid.

evensevenone posted:

Nothing. The C way is probably the best.


anyway, using strings as enums is dumb.

this is why:
code:
if(strcmp(SOLVER,'ON') || strcmp(SOLVER,'on') || strcmp(SOLVER,'On') || strcmp(SOLVER,'oN'))

* # ? Nov 17, 2011 17:50
  • Quote
taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:

 Well, stricmp fixes that particular bit of horror.

* # ? Nov 17, 2011 19:34
  • Quote
Dr Monkeysee
Oct 11, 2002

just a fox like a hundred thousand others
Nap Ghost

tef posted:

can anyone spot the bug in the binary search?


answer

This always struct me as a weird angle to take on this issue. When it was first pointed out back then it was sort of taken as a OH MY GOD EVERYTHING'S BEEN WRONG FOR DECADES. But in my experience well-worn algorithms like this are most often presented in an academic context which almost never includes error handling of any kind, let alone an architecture-specific overflow like this. Most of the time it's not even a specific language, it's just pseudocode.

It's like pointing out that Dijkstra's algorithm doesn't take into account dangling pointers or say how the graph is actually modeled. Well, yeah it doesn't because Dijkstra's algorithm doesn't assume it's running on any particular architecture or written in any particular language. Why is Binary Search any different?

I would presume that most real-world implementations of binary search buried in whatever framework libraries everyone was using would take these edge cases into account.

Dr Monkeysee fucked around with this message at 19:55 on Nov 17, 2011

* # ? Nov 17, 2011 19:48
  • Quote
Jethro
Jun 1, 2000

I was raised on the dairy, Bitch!
Except, unless I'm misunderstanding what he meant by "the version of binary search that I wrote for the JDK," the binary search in the Java standard library contained this bug. Furthermore, unless Joshua Bloch is uncommonly stupid for a developer of standard libraries, it is likely that other standard libraries with a binary search had this bug.

* # ? Nov 17, 2011 20:03
  • Quote
Dr Monkeysee
Oct 11, 2002

just a fox like a hundred thousand others
Nap Ghost
Sure that could be the case, but it's weird that this was presented as some fundamental flaw in the binary search algorithm, instead of just an inordinately widespread lazy implementation of it.

edit: and I don't mean that Joshua Bloch necessarily presented it like that but it was taken that way in the community as a whole. But this isn't like discovering the proof of Fermat's theorem has a flaw in it or unraveling Russel's set theory, it's just getting caught in the mismatch between the mathematical description of an algorithm and the real-world limitations of implementing it.

Dr Monkeysee fucked around with this message at 20:17 on Nov 17, 2011

* # ? Nov 17, 2011 20:14
  • Quote
HFX
Nov 29, 2004

taqueso posted:

Well, stricmp fixes that particular bit of horror.

Except there is no stricmp that allows a clamp on length. At least not a portable one.

* # ? Nov 17, 2011 20:39
  • Quote
pseudorandom name
May 6, 2007

HFX posted:

Except there is no stricmp that allows a clamp on length. At least not a portable one.

strncasecmp() is portable to all POSIX 2001 compatible operating systems.

* # ? Nov 17, 2011 20:42
  • Quote
taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:

HFX posted:

Except there is no stricmp that allows a clamp on length.

If you are comparing against a string literal, why do you need a length limit?

(Hey, I just found out that stricmp is not in the std library.)

* # ? Nov 17, 2011 20:44
  • Quote
wwb
Aug 17, 2004

PDP-1 posted:

I've worked with about 100 PhD types over my career and am an ABD myself. Based on that sample I think there's about three basic groups . . .

Not anywhere near academia here, but your three basic groups are not solely confined to PHD-bearers. I'd argue it covers the technical world at large.

* # ? Nov 17, 2011 22:55
  • Quote
Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

wwb posted:

Not anywhere near academia here, but your three basic groups are not solely confined to PHD-bearers. I'd argue it covers the technical world at large.

The #1 thing in hiring that an organization should do is to hire for culture (including a culture of continuous improvement and education) and let the skills take care of themselves: http://www.project83.com/blog/how-southwest-airlines-hires/

* # ? Nov 18, 2011 00:10
  • Quote
tef
May 30, 2004

-> some l-system crap ->

Monkeyseesaw posted:

Sure that could be the case, but it's weird that this was presented as some fundamental flaw in the binary search algorithm, instead of just an inordinately widespread lazy implementation of it.

or it's actually a common bug that lots of people overlook. most notably - john bentley - who went to a lot of effort to check his c code.

quote:

But in my experience well-worn algorithms like this are most often presented in an academic context which almost never includes error handling of any kind, let alone an architecture-specific overflow like this. Most of the time it's not even a specific language, it's just pseudocode.

programming pearls - it's quite a popular and well known book and he wrote it in C. not pseudocode. not an academic paper.


from my experience most programmers do not handle any form of integer overflow. (and sometimes they do things like if (i > INT_MAX)

* # ? Nov 18, 2011 05:54
  • Quote
Vanadium
Jan 8, 2005

 Some of them at least have the presence of mind to convert their ints to float if they are bigger than INT_MAX. :colbert:

* # ? Nov 18, 2011 07:22
  • Quote
mjau
Aug 8, 2008
 float can't store int values that need more than 24 bits accurately. INT_MAX needs 31.

* # ? Nov 18, 2011 07:38
  • Quote
That Turkey Story
Mar 30, 2003

tef posted:

from my experience most programmers do not handle any form of integer overflow. (and sometimes they do things like if (i > INT_MAX)

I've seen stuff like that a lot. This and misuse of floating point types really bothers me for some reason. It's just so fundamental. So many people just foolishly label these issues as "purely theoretical" rather than "subtle, scary bugs".

* # ? Nov 18, 2011 07:58
  • Quote
Salynne
Oct 25, 2007
code:
private int getItemYOnScreen(int n) {
    int height = 0;
    for(int i = 0; i<n && i<items.size(); i++) {
        height += 24;
    }
    return height;
}
That made me chuckle. I pointed it out to him and he went :downs: however and fixed it.

* # ? Nov 18, 2011 11:41
  • Quote
qntm
Jun 17, 2009

That Turkey Story posted:

I've seen stuff like that a lot. This and misuse of floating point types really bothers me for some reason. It's just so fundamental. So many people just foolishly label these issues as "purely theoretical" rather than "subtle, scary bugs".

code:
char i;
for(i = 0; i < 256; i++) {
    // a loop that will never terminate
}

* # ? Nov 18, 2011 11:55
  • Quote
Beef
Jul 26, 2004
 The culture at the specific lab matters a lot. CS researchers should always implement whatever they're peddling and obey the 'eat your own dogfood' mantra. But still, you just don't get the time or incentive to polish up and really finish a product. Publish-or-die.

I'm glad I could play around for a few years, but now it's the drudgery of writing the damned PhD.

* # ? Nov 18, 2011 13:34
  • Quote
Malloc Voidstar
May 7, 2007

Fuck the cowboys. Unf. Fuck em hard.

qntm posted:

code:
char i;
for(i = 0; i < 256; i++) {
    // a loop that will never terminate
}
this provides yet another example of Java avoiding a possible bug :smuggo:

* # ? Nov 18, 2011 13:51
  • Quote
Zombywuf
Mar 29, 2008

taqueso posted:

Well, stricmp fixes that particular bit of horror.

The real horror is not using wcscasecmp and wcsncasecmp.

At absolute worst you should be using strcoll and not strcmp.

Unicode folks, learn it, love it.

* # ? Nov 18, 2011 14:15
  • Quote
taqueso
Mar 8, 2004


:911:
:wookie: :thermidor: :wookie:
:dehumanize:

:pirate::hf::tinfoil:

Zombywuf posted:

Unicode folks, learn it, love it.

Do you happen to have a link to a survey of C unicode functions?

* # ? Nov 18, 2011 15:20
  • Quote
tef
May 30, 2004

-> some l-system crap ->
http://site.icu-project.org/ might be of use here :confused:

* # ? Nov 18, 2011 16:42
  • Quote
evensevenone
May 12, 2001
Glass is a solid.

Zombywuf posted:

The real horror is not using wcscasecmp and wcsncasecmp.

At absolute worst you should be using strcoll and not strcmp.

Unicode folks, learn it, love it.

Yes, clearly when you are passing boolean concepts like "off" and "on" to functions as strings with the words "off" and "on", you should be using unicode strings.

* # ? Nov 18, 2011 17:06
  • Quote
Zombywuf
Mar 29, 2008

evensevenone posted:

Yes, clearly when you are passing boolean concepts like "off" and "on" to functions as strings with the words "off" and "on", you should be using unicode strings.

There is no such thing as a non unicode string. Only arrays of bytes which may or may not correspond to some character encoding or other.

taqueso posted:

Do you happen to have a link to a survey of C unicode functions?

man wc<tab><tab>

* # ? Nov 18, 2011 17:13
  • Quote
TasteMyHouse
Dec 21, 2006
 speaking of man...
code:
$ man ls
No manual entry for ls
$ man gcc
No manual entry for gcc
$ man ssh
No manual entry for ssh
I dunno if this is standard in RHEL 4 but at my work there are no man entries for anything.

* # ? Nov 18, 2011 17:31
  • Quote
Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

TasteMyHouse posted:

speaking of man...
code:
$ man ls
No manual entry for ls
$ man gcc
No manual entry for gcc
$ man ssh
No manual entry for ssh
I dunno if this is standard in RHEL 4 but at my work there are no man entries for anything.

This is a DISA recommendation, along with no compilers or Javascript-capable web browsers.

* # ? Nov 18, 2011 17:40
  • Quote
NotShadowStar
Sep 20, 2000

TasteMyHouse posted:

speaking of man...
code:
$ man ls
No manual entry for ls
$ man gcc
No manual entry for gcc
$ man ssh
No manual entry for ssh
I dunno if this is standard in RHEL 4 but at my work there are no man entries for anything.

These might use 'info', the hosed up documentation system that only GNU poo poo uses and it's based off of emacs so if you don't know how to use emacs then gently caress you.

* # ? Nov 18, 2011 17:46
  • Quote
Johnny Cache Hit
Oct 17, 2011

BonzoESC posted:

This is a DISA recommendation, along with no compilers or Javascript-capable web browsers.

The best thing about government security standards is that I'll have to spend the rest of the day reading them to see if you're joking or if this braindamaged idea is true. Poe's law owns :v:

* # ? Nov 18, 2011 17:56
  • Quote
Internet Janitor
May 17, 2008

"That isn't the appropriate trash receptacle."

NotShadowStar posted:

if you don't know how to use emacs then gently caress you.

Then they should just read the documentation for emacs... in emacs. :pseudo:

* # ? Nov 18, 2011 18:02
  • Quote
Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

Kim Jong III posted:

The best thing about government security standards is that I'll have to spend the rest of the day reading them to see if you're joking or if this braindamaged idea is true. Poe's law owns :v:

They've changed since I remember:

quote:

Group ID (Vulid): V-792
Group Title: Manual Page File Permissions
Rule ID: SV-792r7_rule
Severity: CAT III
Rule Version (STIG-ID): GEN001280
Rule Title: Manual page files must have mode 0644 or less permissive.

Vulnerability Discussion: If manual pages are compromised, misleading information could be inserted, causing actions that may compromise the system.

Responsibility: System Administrator
IAControls: ECCD-1, ECCD-2

Check Content:
Check the mode of the manual page files.

Procedure:
# ls -lL /usr/share/man /usr/share/info /usr/share/infopage

If any of the manual page files have a mode more permissive than 0644, this is a finding.

Fix Text: Change the mode of manual page files to 0644 or less permissive.

Procedure (example):
# chmod 0644 /path/to/manpage

I couldn't even find anything in the RHEL STIG about compilers :/

Edit: link to STIGs: http://iase.disa.mil/stigs/index.html

* # ? Nov 18, 2011 18:05
  • Quote
Catalyst-proof
May 11, 2011

better waste some time with you

Internet Janitor posted:

Then they should just read the documentation for emacs... in emacs. :pseudo:

Not sure why this is :pseudo:, Emacs is one of the most rigorously documented open source applications ever written. You can instantly discover the intent of any key command, variable, function, or any other symbol in the runtime with a single key chord. Most installations will also include the entire Emacs manual, a primer and complete reference to Emacs Lisp, and access to all other Info pages in the system, with another key chord.

* # ? Nov 18, 2011 18:15
  • Quote
Adbot
ADBOT LOVES YOU

# ? May 15, 2024 03:30
  • Quote
Johnny Cache Hit
Oct 17, 2011

BonzoESC posted:

They've changed since I remember:

:words:

I almost laughed. Then I realized that some of the sysadmins I've encountered really would be dumb enough to fall for a hacked manpage and leave suid-root shells or make /etc/shadow world writable, so I guess maybe this is actually an OK thing :shobon:

BonzoESC posted:

I couldn't even find anything in the RHEL STIG about compilers :/

I mean, keeping gcc off your production server is always a good idea -- it'll stop the script-kiddies and most attackers, and not having X on your servers is of course right. But no manpages would be silly.

* # ? Nov 18, 2011 18:27
  • Quote
  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!
«1503 »