|
CrYOSPOSt:CPColin posted:We were just informed by another company using the same vendor as we are that the web interface to the vendor's application has a slight vulnerability where adding "&e=1" to the URL exposes a bunch of debug information, including the public and private key. They had complained about it previously and the vendor had assured them it was fixed. Fortunately, we don't use the web interface, because holy poo poo. This is the same vendor that had the case-insensitive passwords because they were probably storing them in plaintext. Edit: Oops, my previous post about this vendor was in the "Working in Development" thread, not this one. CPColin fucked around with this message at 23:07 on Aug 2, 2018 |
# ? Aug 2, 2018 20:37 |
|
|
# ? May 21, 2024 09:58 |
|
itskage posted:
there you go
|
# ? Aug 2, 2018 22:41 |
|
Speaking of testing, I notice there's different opinions about mocking versus faking implementations. From my limited experience, I notice that fake implementations tend to fail appropriately, whenever implementation details and APIs change, whereas mock implementations tend to fail inappropriately, whenever a different color of light is reflected in the wind. What's the opinion here? The answer is likely language-specific, as C++ and Java have some excellent mocking libraries especially for unit testing. In Go, on the other hand, fake implementations are recommended and usually much easier to write than the corresponding mock implementation, especially for unit tests. Integration tests are another beast because I can't get anyone to agree on what is truly a hermetic environment to be shared across multiple language runtimes. Your virtualenv that sets up a DB adapter that refers to a real production service with a testing table set up is not hermetic in my integration test. I would have preferred we just use a in-memory DB implementation since the DB is not the part of the system under test anyways.
|
# ? Aug 3, 2018 00:22 |
|
We don't use an ORM for our DAO layer so having a real DB to connect to and run queries to catch syntax errors and the like is essential
|
# ? Aug 3, 2018 00:43 |
|
Janitor Prime posted:We don't use an ORM for our DAO layer so having a real DB to connect to and run queries to catch syntax errors and the like is essential Problems like that are usually caught with integration tests.
|
# ? Aug 3, 2018 14:26 |
|
Coffee Mugshot posted:Speaking of testing, I notice there's different opinions about mocking versus faking implementations. From my limited experience, I notice that fake implementations tend to fail appropriately, whenever implementation details and APIs change, whereas mock implementations tend to fail inappropriately, whenever a different color of light is reflected in the wind. What's the opinion here? The answer is likely language-specific, as C++ and Java have some excellent mocking libraries especially for unit testing. In Go, on the other hand, fake implementations are recommended and usually much easier to write than the corresponding mock implementation, especially for unit tests. Fakes/stubs are generally going to be more resilient than mocks in general because fakes/stubs are just returning expected data when you make an api call. Mocks have logic and allow for verification of stuff like "this method was called x number of times, etc." Mocks are going to be more brittle than fakes if used appropriately because they're used to verify integration logic without actually integrating - like, if you have a database adapter, and the methods are startSession(), setQuery(), executeQuery(), retrieveResults(), endSession(), the fake would be good you only care about the api results for the purpose of your test. If you want to verify a certain execution flow - e.g. that the consumer calls startSession(), setQuery(), executeQuery(), retrieveResults(), endSession() in that order when called from your class, you would use a mock rather than a fake.
|
# ? Aug 3, 2018 17:08 |
|
During a pull request review today, discussing the difficulty of fixing a bug that will break other things that were only working because of the bug, a co-worker used the phrase "load bearing bug".
|
# ? Aug 3, 2018 19:52 |
|
Thermopyle posted:Now I've got a nagging feeling that I've missed something. Is your test order random or fixed? Accidental state leakage of some kind? Coffee Mugshot posted:Integration tests are another beast because I can't get anyone to agree on what is truly a hermetic environment to be shared across multiple language runtimes. Your virtualenv that sets up a DB adapter that refers to a real production service with a testing table set up is not hermetic in my integration test. I would have preferred we just use a in-memory DB implementation since the DB is not the part of the system under test anyways. Database containers could be a good fit here. Build a docker image that restores a fixture db backup (can be a "real" backup of your testing table(s)), boot the container, run the tests, delete the container, done.
|
# ? Aug 4, 2018 00:37 |
|
itskage posted:During a pull request review today, discussing the difficulty of fixing a bug that will break other things that were only working because of the bug, a co-worker used the phrase "load bearing bug". I love this
|
# ? Aug 4, 2018 02:28 |
|
Factor Mystic posted:Database containers could be a good fit here. Build a docker image that restores a fixture db backup (can be a "real" backup of your testing table(s)), boot the container, run the tests, delete the container, done. This is what we do for our newer projects and it works well. Just remember to have the CI assign a unique name to the testing database container (use the commit SHA or a tag), lest you get conflicts when two builds run at the same time.
|
# ? Aug 5, 2018 15:06 |
|
|
# ? Aug 5, 2018 15:20 |
|
when you need all the unit tests to pass
|
# ? Aug 5, 2018 15:53 |
|
I am currently in charge of bringing a legacy testing application back to life. It’s truly a horror: - Python 2 - Several thousand PEP8 errors - QT4 - 25 libraries - MONGODB It took me a week just to get the unit tests to pass and fix the PEP8 poo poo. Next up is to container it, and get it in as part of our testing proceeds. After that I will murder mongodb and it’s gigantic bloated pile of poo poo carcass with gusto. Then Python3 Then QT5 It’s gonna be a long sprint.
|
# ? Aug 7, 2018 01:45 |
|
I'm looking for a new job and was considering a project with PHP 5.3 code, without any unit tests, without CI (with tests 3-5 years down the pipeline), with parts artisanally written without OO and thought to myself if I really want to pursue down that rabbit hole again if I'm not a lead. No, I don't.
|
# ? Aug 7, 2018 17:54 |
|
Saw this on Twitter: https://twitter.com/GossiTheDog/status/1026603800365330432?s=19
|
# ? Aug 7, 2018 18:48 |
|
UraniumAnchor posted:Saw this on Twitter: Jesus Christ. And apparently it's not even a distributed blockchain, it's centralized. What a good awful mess.
|
# ? Aug 7, 2018 19:29 |
|
Blockchain: the solution in perpetual search of a problem.
|
# ? Aug 7, 2018 19:40 |
https://twitter.com/GossiTheDog/status/1026731097688887297
|
|
# ? Aug 7, 2018 19:42 |
|
Voting is possibly the worst use case for blockchains.
|
# ? Aug 7, 2018 19:47 |
|
Linking SSLLabs as proof of security is just hilarious. Incidentally, the SSL cert on the link under your av is broken.
|
# ? Aug 7, 2018 19:49 |
Ranzear posted:Incidentally, the SSL cert on the link under your av is broken. Yeah, SA changed the default from http to https, so now I have to pay to change a link that worked just fine when I bought it .
|
|
# ? Aug 7, 2018 19:55 |
|
This one was an entertaining read: https://medium.com/@vesirin/how-i-gained-commit-access-to-homebrew-in-30-minutes-2ae314df03ab
|
# ? Aug 7, 2018 20:28 |
there's more voatz stuff https://twitter.com/GossiTheDog/status/1026907185811529728 Also whoever runs their twitter account is very not mad
|
|
# ? Aug 7, 2018 20:35 |
|
SimonChris posted:Yeah, SA changed the default from http to https, so now I have to pay to change a link that worked just fine when I bought it . A kindly mod might change it for you for free if you ask nicely.
|
# ? Aug 8, 2018 01:20 |
|
jerry seinfel posted:there's more voatz stuff I've been watching this story as its progressed. Its truly been fantastic to watch unfold and then watch the Votez account attempt to frantically dig their way out of this hole.
|
# ? Aug 8, 2018 10:15 |
|
xkcd today:
|
# ? Aug 9, 2018 01:06 |
|
As usual, xkcd is right.
|
# ? Aug 9, 2018 01:41 |
|
|
# ? Aug 9, 2018 03:40 |
|
planes aren’t that safe when some russian dude is shooting a missle at it
|
# ? Aug 9, 2018 05:39 |
|
Not sure if this has been posted but this seems to be a nice place to work. I think I got spam from a recruiter working for them last year.quote:After Sadeghi, Li, and other employees left the elevator, Sadeghi attempted to leave the building through the lobby. However, Li and three other Pinscreen employees, under Li’s commands, surrounded Sadeghi and physically attacked him. They grabbed Sadeghi and his backpack, which he was wearing, violently restrained him, forcibly opened his backpack and took possession of Sadeghi’s work laptop. Also the CEO proudly posts stuff like this: Also some fairly extensive fraud for a couple of years. The company are still scheduled to present during the real time live demos at siggraph next week so it'll be interesting to see how that goes. Startups sometimes sound a whole lot like the employment version of Russian roulette.
|
# ? Aug 10, 2018 08:41 |
|
Xerophyte posted:Not sure if this has been posted but this seems to be a nice place to work. I think I got spam from a recruiter working for them last year. Holy poo poo that was something to read
|
# ? Aug 10, 2018 10:40 |
|
Loezi posted:Holy poo poo that was something to read that lawsuit is like aliens vs. predator - whoever wins we lose.
|
# ? Aug 10, 2018 13:09 |
|
Bruegels Fuckbooks posted:that lawsuit is like aliens vs. predator - whoever wins we lose. (to clarify, yes, dr. li comes off as a huge major league tech bro douchebag, and should definitely lose, possibly go to jail and be ripped of his academic credentials. however - dr. sadeghi didn't immediately resign when he saw this poo poo, he was trying to work with the company and go over dr. li's board of directors, it feels like he is being spiteful just because they broke his stupid little statue, rather than doing this out of an ethical motivation. it does not look good to bring this up after participating in the faked demo, then getting fired!)
|
# ? Aug 10, 2018 13:21 |
|
Bruegels Fuckbooks posted:(to clarify, yes, dr. li comes off as a huge major league tech bro douchebag, and should definitely lose, possibly go to jail and be ripped of his academic credentials. however - dr. sadeghi didn't immediately resign when he saw this poo poo, he was trying to work with the company and go over dr. li's board of directors, it feels like he is being spiteful just because they broke his stupid little statue, rather than doing this out of an ethical motivation. it does not look good to bring this up after participating in the faked demo, then getting fired!) If I'm reading and understanding it right, he was on vacation during the faked demo.
|
# ? Aug 10, 2018 15:10 |
|
Munkeymon posted:If I'm reading and understanding it right, he was on vacation during the faked demo. it's true, but a) he knew what was going on before: quote:On May 23, 2017, Sadeghi confronted Li regarding the data fabrication and academic misconduct committed in Pinscreen’s SIGGRAPH Asia 2017 Technical Papers submission. Li stated that he wanted “Pinscreen to be the first” in research and the industry. Li claimed that by the time of the conference, in November of 2017, Pinscreen would have had a public product launch and would have achieved Li’s embellished claims in the submission. Sadeghi asked Li, “what if for unforeseeable reasons we don’t have everything by then?” Li promised Sadeghi that Pinscreen’s data fabrication would be limited to nonpublic representations and never shown in public and stated: Arguably (possibly unjustly) he wasn't even fired for being a whistle-blower because he didn't bring this poo poo up outside the company until after he got fired. Bruegels Fuckbooks fucked around with this message at 15:27 on Aug 10, 2018 |
# ? Aug 10, 2018 15:25 |
|
Xerophyte posted:Not sure if this has been posted but this seems to be a nice place to work. I think I got spam from a recruiter working for them last year. startups loving suck dont work for one
|
# ? Aug 10, 2018 19:49 |
|
I love grading student assignments...code:
|
# ? Aug 10, 2018 21:42 |
|
Munkeymon posted:If I'm reading and understanding it right, he was on vacation during the faked demo. I saw their presentation at last year's siggraph and Sadeghi was there running parts of the real-time demo that supposedly used his hair tech (it's this one). He had to know that the photo-to-avatar part was fake if that's the case. Assuming he's telling the truth he at least went along with the scheme, including presenting it to a few thousand people, until they fired him. It isn't a great look. Still, I can buy that his main motivation is not wanting to lose his job. Li seems like an irredeemable scumbag if at least half the screenshots are non-doctored, in comparison.
|
# ? Aug 10, 2018 22:52 |
|
Xerophyte posted:Still, I can buy that his main motivation is not wanting to lose his job. Li seems like an irredeemable scumbag if at least half the screenshots are non-doctored, in comparison. yeah but dr. sadheghi could probably just walk into any software company on earth and be like "make me a director of engineering and pay me an ungodly salary" and they'd do it without an interview, he didn't need to deal with this crap. dude must really like to make computers draw hair.
|
# ? Aug 11, 2018 01:01 |
|
|
# ? May 21, 2024 09:58 |
|
The only computer hair I trust are stylized cartoon variants, like 90s adventure games. Carefully detailed, physically responsive computer hair is egregious sin or corporate deceit.
|
# ? Aug 11, 2018 01:12 |