|
Blaming MS in any way is pretty dumb as it's a bug in the Github plugin written by Github.
|
# ? Sep 2, 2015 03:50 |
|
|
# ? May 26, 2024 20:05 |
|
He assigned blame in order of revenue and in reverse order of culpability: Microsoft (did nothing wrong), then Amazon (didn't jump to help him fix his fuckup), then Github (released a buggy plugin)
|
# ? Sep 2, 2015 03:57 |
|
It was made worse by the fact that the private information he accidentally posted publicly was AWS keys, but that's still a pretty lovely bug even if the private info was something that would generally be considered OK to put in a private github repo.
|
# ? Sep 2, 2015 04:04 |
|
And even so, what kind of AWS keys do you generate that gives you that kind of platform access? Like, the only kind of thing his application was doing that might need keys that have permission to manage EC2 instances would be some kind of watchtower app that monitors running servers. Jesus loving Christ, IAM exists for a reason. Goddamn idiots using AWS without reading the documentation.
|
# ? Sep 2, 2015 04:17 |
|
He said he was doing it for testing only, a 10-minute hack. If I'm doing something quick and dirty, I'm gonna just check my keys into GitHub, and make sure it's private.
|
# ? Sep 2, 2015 04:22 |
|
Blinkz0rz posted:And even so, what kind of AWS keys do you generate that gives you that kind of platform access? Like, the only kind of thing his application was doing that might need keys that have permission to manage EC2 instances would be some kind of watchtower app that monitors running servers. Root admin access keys are easier to use though, you don't even have to configure them more than once
|
# ? Sep 2, 2015 04:24 |
|
Durr but I deactivated my keys, how is it possible that someone is spawning other instances. Could it be because with those root keys someone created another IAM user that spawned full permission keys?Suspicious Dish posted:He said he was doing it for testing only, a 10-minute hack. If I'm doing something quick and dirty, I'm gonna just check my keys into GitHub, and make sure it's private. NO. DON'T.
|
# ? Sep 2, 2015 04:27 |
|
Why not just use your keys ... without checking them in to version control? It's not like checking them in actually buys you anything for your 10-minute test app that you're running in your local machine anyway.
|
# ? Sep 2, 2015 04:36 |
|
Just don't use the cloud.
|
# ? Sep 2, 2015 06:40 |
|
sarehu posted:Just don't use the cloud. The use of "~~~€the cloud£™~¿~~¿¿¶ To describe the processes of handing your poo poo to some other guy on the Internet until you want it is a coding horror. It's all just someone else's Datacenter.
|
# ? Sep 2, 2015 06:59 |
|
Jabor posted:Why not just use your keys ... without checking them in to version control? It's not like checking them in actually buys you anything for your 10-minute test app that you're running in your local machine anyway. This. I still don't understand what he hoped to achieve with checking the keys in.
|
# ? Sep 2, 2015 07:44 |
|
Today, for a first time, I've used a XML validator that doesn't parse CDATA. Am I correct to assume that if it doesn't parse CDATA then it's a regex parser? vvv Yeah, but on the other hand - global company, millions of customers, etc. canis minor fucked around with this message at 13:43 on Sep 2, 2015 |
# ? Sep 2, 2015 12:31 |
canis minor posted:Today, for a first time, I've used a XML validator that doesn't parse CDATA. Am I correct to assume that if it doesn't parse CDATA then it's a regex parser? Sounds likely. Or at least written by someone who never bothered to read any specification and just guessed at what XML looks like.
|
|
# ? Sep 2, 2015 12:46 |
|
Suspicious Dish posted:He said he was doing it for testing only, a 10-minute hack. If I'm doing something quick and dirty, I'm gonna just check my keys into GitHub, and make sure it's private. Edit: Ugh.
|
# ? Sep 2, 2015 14:34 |
|
nielsm posted:Sounds likely. Or at least written by someone who never bothered to read any specification and just guessed at what XML looks like. Pictured: What XML looks like*: code:
Space Kablooey fucked around with this message at 18:09 on Sep 2, 2015 |
# ? Sep 2, 2015 18:07 |
|
HardDisk posted:Pictured: What XML looks like*: Hey, someone at code:
Simulated fucked around with this message at 18:55 on Sep 2, 2015 |
# ? Sep 2, 2015 18:53 |
|
Ender.uNF posted:Hey, someone at We have something dumb like that. We have a certain type of web content that is published from a document management system. This content can have many sections, and those sections have specific types that control their formatting. So of course, they used this XML structure: code:
|
# ? Sep 2, 2015 19:46 |
|
Ochowie posted:This. I still don't understand what he hoped to achieve with checking the keys in. Setting up environment variables or reading .gitignored config files is too hard.
|
# ? Sep 3, 2015 01:48 |
|
Ender.uNF posted:Hey, someone at I'm guessing you're suggesting that key should be an attribute of the type tag, or XML is the wrong tool for serialization. I'm not sure which. Assuming the former, is there some way in a DTD or w/e to say an attribute is mandatory or forbidden based on the parent element? Since <dict> requires keys and <array> forbids them.
|
# ? Sep 3, 2015 15:36 |
|
I was returning JSON from all of my controller methods; the front end developer apparently doesn't understand JSON and insists that I return strings so that he can do poo poo like "string.indexOf("Is Completed = true;") > -1". He also won't change that "Is Completed" to something like "isCompleted" and so I've got to do ridiculous variable name splitting with my toString builder. I hate him.
|
# ? Sep 3, 2015 15:51 |
|
zergstain posted:I'm guessing you're suggesting that key should be an attribute of the type tag, or XML is the wrong tool for serialization. I'm not sure which.
|
# ? Sep 3, 2015 15:51 |
loinburger posted:I was returning JSON from all of my controller methods; the front end developer apparently doesn't understand JSON and insists that I return strings so that he can do poo poo like "string.indexOf("Is Completed = true;") > -1". He also won't change that "Is Completed" to something like "isCompleted" and so I've got to do ridiculous variable name splitting with my toString builder. I hate him.
|
|
# ? Sep 3, 2015 16:11 |
|
Yeah you need to stop and correct that because that can only be the tip of an iceberg of horror.
|
# ? Sep 3, 2015 16:16 |
|
The problem is that my boss has a mild to moderate dislike for me because he used to be the back end developer, but they hired me to replace him because he was awful and I then rewrote all of his awful code (e.g. he was using Mongo for a transient queue - what the gently caress?) - so there's no point in asking him to arbitrate. My boss's boss thinks I'm awesome but he's also busy as hell, so I don't want to escalate anything to him unless it gets extremely ridiculous - in this case I wasted an hour or two on a variable name splitter, so meh.
|
# ? Sep 3, 2015 16:41 |
|
loinburger posted:I was returning JSON from all of my controller methods; the front end developer apparently doesn't understand JSON and insists that I return strings so that he can do poo poo like "string.indexOf("Is Completed = true;") > -1". He also won't change that "Is Completed" to something like "isCompleted" and so I've got to do ridiculous variable name splitting with my toString builder. I hate him. I'd return: Is Complеtеd = true; to brighten his day. Or I'd set him on fire, I don't know which one. quote:"Is Complеtеd = true;".indexOf("Is Completed = true;"); e's are cyrillic
|
# ? Sep 3, 2015 16:43 |
|
loinburger posted:The problem is that my boss has a mild to moderate dislike for me because he used to be the back end developer, but they hired me to replace him because he was awful and I then rewrote all of his awful code (e.g. he was using Mongo for a transient queue - what the gently caress?) - so there's no point in asking him to arbitrate. My boss's boss thinks I'm awesome but he's also busy as hell, so I don't want to escalate anything to him unless it gets extremely ridiculous - in this case I wasted an hour or two on a variable name splitter, so meh. I think that this counts as ridiculous. If this guy is demanding this as a change, imagine what the rest of his code looks like, and imagine the unmitigated maintenance nightmare it will become. I mean, it's called JAVASCRIPT object notation, he doesn't even need to do anything to parse it!
|
# ? Sep 3, 2015 18:06 |
|
loinburger posted:The problem is that my boss has a mild to moderate dislike for me because he used to be the back end developer, but they hired me to replace him because he was awful and I then rewrote all of his awful code (e.g. he was using Mongo for a transient queue - what the gently caress?) - so there's no point in asking him to arbitrate. My boss's boss thinks I'm awesome but he's also busy as hell, so I don't want to escalate anything to him unless it gets extremely ridiculous - in this case I wasted an hour or two on a variable name splitter, so meh. Well, I guess it depends on what your threshold is for finding things "extremely ridiculous", but insisting on doing some crazy string matching/parsing instead of using JSON or XML or something sane that anyone might have heard of, has got to come close. You have to think about whether the code you're writing is an asset to the company and whether you're helping the next person who'll do each of your jobs to do his or her job effectively, IMO.
|
# ? Sep 3, 2015 18:10 |
|
I feel like this is another one of those times where someone is going to have to ask -- why exactly are you working there of all places?
|
# ? Sep 3, 2015 21:12 |
|
I had two coworkers who used to write that kind of stupid concatenation / indexOf tricks when they needed to store some information as a loose string. However, that was because they had literally never heard the word "serialisation". Once I showed it to them, their reaction was "oh wow, I can do this stuff with a one-liner from the standard library and it works on any object? awesome!" and they were all too happy to delete their terrible functions. What I'm saying is, your frontend developer is a terrible person before being a terrible frontend developer.
|
# ? Sep 3, 2015 21:30 |
|
piratepilates posted:I feel like this is another one of those times where someone is going to have to ask -- why exactly are you working there of all places? The idiot front-end developer is actually the most tolerable nemesis that I've had in a long time. Previously I had a senior programmer who wanted users to be able to upload youtube videos directly from our website (instead of uploading them to youtube and then pasting the link to our website), so he insisted that the correct way to do this was to allow users to upload whatever they wanted (including copyrighted porn) directly to the company's official youtube account even though Youtube Direct offered a much faster and safer alternative. Prior to that I had two senior developers who hated each other, and so we had crap like Spring dependency injection coupled with Guice dependency injection because one developer liked Spring and the other developer liked Guice and their boss wasn't competent enough to arbitrate. Prior to that I had a co-worker who didn't know how to reboot her computer and a co-worker who didn't understand the difference between && and ||. And so on. So now I'm a very broken person who views poo poo like "turn this JSON into an awful string" as "whatever, at least this rear end in a top hat isn't asking me the difference between && and ||"
|
# ? Sep 3, 2015 22:02 |
|
loinburger posted:The idiot front-end developer is actually the most tolerable nemesis that I've had in a long time. Previously I had a senior programmer who wanted users to be able to upload youtube videos directly from our website (instead of uploading them to youtube and then pasting the link to our website), so he insisted that the correct way to do this was to allow users to upload whatever they wanted (including copyrighted porn) directly to the company's official youtube account even though Youtube Direct offered a much faster and safer alternative. Prior to that I had two senior developers who hated each other, and so we had crap like Spring dependency injection coupled with Guice dependency injection because one developer liked Spring and the other developer liked Guice and their boss wasn't competent enough to arbitrate. Prior to that I had a co-worker who didn't know how to reboot her computer and a co-worker who didn't understand the difference between && and ||. And so on. So now I'm a very broken person who views poo poo like "turn this JSON into an awful string" as "whatever, at least this rear end in a top hat isn't asking me the difference between && and ||" How do you not know the difference between && and ||? Maybe it's just because I teach logic on occasion but seriously, .
|
# ? Sep 3, 2015 22:47 |
|
Ghost of Reagan Past posted:I am now much more confident in my abilities. && is an rvalue reference, and || is string concatenation
|
# ? Sep 3, 2015 23:27 |
|
What was especially annoying is that he'd ask me whether he should use && or ||, and then he'd doubt my advice, e.g. "You should use && here" "Are you sure it shouldn't be ||?" "gently caress you". He was eventually fired for being an awful programmer. The one who didn't know how to reboot her computer was fired for falsifying her timecard ("I didn't know I wasn't allowed to do that!")
|
# ? Sep 3, 2015 23:34 |
|
I once discovered a bug in our software while on a support call, in a function which written to de-duplicate slashes within a string. It was, more or less, this:code:
rarbatrol fucked around with this message at 02:03 on Sep 4, 2015 |
# ? Sep 4, 2015 01:34 |
|
The real horror here is the VB string escaping.
|
# ? Sep 4, 2015 01:39 |
|
sarehu posted:The real horror here is the VB string escaping. There's no string escaping in that snippet.
|
# ? Sep 4, 2015 01:49 |
|
How does the culture matter for backslashes?
|
# ? Sep 4, 2015 01:58 |
|
Sedro posted:How does the culture matter for backslashes? In this instance, there was a string which had a slash, and then a myanmar unicode character, and then another slash. The replace simply didn't see the same pair of slashes that the indexOf did. (also I got the culture-sensitivity backwards in my original post, and corrected it)
|
# ? Sep 4, 2015 02:04 |
|
rarbatrol posted:There's no string escaping in that snippet. Hence the horror...
|
# ? Sep 4, 2015 02:11 |
|
|
# ? May 26, 2024 20:05 |
|
loinburger posted:I was returning JSON from all of my controller methods; the front end developer apparently doesn't understand JSON and insists that I return strings so that he can do poo poo like "string.indexOf("Is Completed = true;") > -1". He also won't change that "Is Completed" to something like "isCompleted" and so I've got to do ridiculous variable name splitting with my toString builder. I hate him. I don't suppose there's any way you can just commit it as actual JSON and tell him to deal with it, is there? Because whoever inherits that code is going to be cursing your name.
|
# ? Sep 4, 2015 02:42 |