|
Suspicious Dish posted:Why did it bite you in your rear end? Plorkyeran posted:Turning incorrect and misleading code that works by coincidence into code that doesn't work at all while trying to fix warnings is pretty common. It's nearly always worth it in the long run, but fixing hundreds of warnings is very likely to cause some short-term pain. That was one thing, for sure. But now that we've stabilized, we get a lot more build breaks. There are some post-compile validation tools that throw warnings, and our build system is a serious horror so it requires that you build certain, sometimes not-obvious places to actually get them to run. Combine with a 2h full-build time and you have a lot of people checking code in without actually running all the validation locally. A sane build system would be smart enough to automagically back changes out if they caused build breaks. We expect to be fixing it Real Soon Now.
|
# ? Apr 4, 2014 21:20 |
|
|
# ? Jun 6, 2024 00:55 |
|
Dessert Rose posted:A sane build system would be smart enough to automagically back changes out if they caused build breaks. We expect to be fixing it Real Soon Now. Easier than that can be making a way to tell the build server to build a given branch, since then you also know that it's being validated in the canonical configuration. Some CI systems have support for this sort of thing built in; we lived and died by buildbot try when I was at Mozilla, because it took multiple hours to run the full test suite, and there were ~10 platforms to run them on. If you have a ton of people pushing to the same repo all day, you can get into rebase wars, but it's relatively rare that a safe-looking rebase to a known-good changeset actually causes problems. Edit: this is actually useful even if you can automatically back out, because auto-backouts can cause everyone who updated in that window to have to rebase, and you end up with revs in the tree that are broken so it gets hard to bisect. A staging ground from which changesets are transplanted when they pass can be really nice too, since it gives the same push-and-go-home workflow without the repository pollution. That's usually harder to set up, though. Subjunctive fucked around with this message at 22:18 on Apr 4, 2014 |
# ? Apr 4, 2014 22:14 |
|
http://www.bbc.com/news/technology-26879185quote:A five-year-old boy who worked out a security vulnerability on Microsoft's Xbox Live service has been officially thanked by the company. Kristoffer Von Hassel, from San Diego, figured out how to log in to his dad's account without the right password. Kristoffer discovered that if he simply pressed the space bar to fill up the password field, the system would let him in to his dad's account.
|
# ? Apr 4, 2014 22:22 |
|
Subjunctive posted:Easier than that can be making a way to tell the build server to build a given branch, since then you also know that it's being validated in the canonical configuration. Some CI systems have support for this sort of thing built in; we lived and died by buildbot try when I was at Mozilla, because it took multiple hours to run the full test suite, and there were ~10 platforms to run them on. I like how you think we use git or anything close to as good. It's been "coming" for months.
|
# ? Apr 5, 2014 00:34 |
|
Why would anybody name their kid Kristoffer Wilhelm von Hassel. Kid must have his head in a toilet almost constantly.
|
# ? Apr 5, 2014 00:41 |
|
Suspicious Dish posted:Why would anybody name their kid Kristoffer Wilhelm von Hassel. Kid must have his head in a toilet almost constantly. What's wrong with calling your kid "Chris"?
|
# ? Apr 5, 2014 02:35 |
|
quote:The company also gave him four free games, $50 (£30), and a year-long subscription to Xbox Live.
|
# ? Apr 5, 2014 11:15 |
|
Subjunctive posted:Easier than that can be making a way to tell the build server to build a given branch, since then you also know that it's being validated in the canonical configuration. Some CI systems have support for this sort of thing built in; we lived and died by buildbot try when I was at Mozilla, because it took multiple hours to run the full test suite, and there were ~10 platforms to run them on. We have a similar system and it's amazing. Tests can take upwards of an hour to run locally, but we shard the tests out to a farm when a Pull Request is opened and they can complete in about 10 minutes. Jenkins manages all of it pretty well, though it can freak out when a spot instance is killed on EC2.
|
# ? Apr 5, 2014 15:49 |
|
Dicky B posted:Taken too soon The reward is some bullshit too. That's a high-four-maybe-five-figure vulnerability given any reasonable bounty program. necrotic posted:We have a similar system and it's amazing. Tests can take upwards of an hour to run locally, but we shard the tests out to a farm when a Pull Request is opened and they can complete in about 10 minutes. Jenkins manages all of it pretty well, though it can freak out when a spot instance is killed on EC2. Yeah, and it avoids the chair-throwing fury of "someone bumped into the build server and now everyone's diffs are getting backed out". My brief use of auto-revert was tragic. (One-button revert from the build results page is all kinds of righteous, though.)
|
# ? Apr 6, 2014 00:16 |
|
Subjunctive posted:The reward is some bullshit too. That's a high-four-maybe-five-figure vulnerability given any reasonable bounty program. Auto revert is kinda f-ed up for jenkins I think. I really like what we have here: Separate process that watches for new branches in the form of 'push/master/SOMETHING' or 'push/develop/SOMETHING' etc... When one is found in a serial fashion it will merge the latest master/develop in (something the developers are supposed to do anyway but meh) kick off all tests if the pass that ref becomes the new master/develop Since it's serial there may be other pushes in the queue now that get processed with this now new master or develop Pushing directly to master will give an error in the pre push hook on the server, which can be bypassed but is a manual process. (The pre-push checks that the HEAD SHA has passed tests so you could manually kick off a test run and then push but no reason to do so.)
|
# ? Apr 6, 2014 14:48 |
|
Plorkyeran posted:not sure if troll Heh. Many SQL databases have a table of numbers, to make up for the lack of a row numbering window function. A table in production with one column, say n, going from 1 ... 10,000 and they hope no query will need to number results more than 10,000.
|
# ? Apr 6, 2014 18:56 |
|
Scaevolus posted:Having recursive heterogeneous lists is nontrivial. The answer there is a little disingenuous - it is totaly possible to have a generic n-tuple-to-n-tuple comparison operator, as long as the types match. Just make (x, y, z) sugar for ((x, y), z). Real Haskell: code:
e: bbcode syntax is hard apparently
|
# ? Apr 6, 2014 21:17 |
|
Internet Janitor posted:At one of my old jobs I had turned in my two week notice and my boss said I should stay around for the whole time in case anybody had questions about the stuff I was maintaining. I wasn't getting assigned any new tasks, so to stave off boredom I started poking around in test fixtures and found that we had about 600 end-to-end tests that were failing. The product was basically an API for reading and writing Word and Excel files, and those tests were all based around manipulating a stable of several thousand random documents found on the internet, opening them, reading data, saving them back out and verifying integrity. Over the course of my remaining days I tracked down about a dozen bugs that accounted for all those failing tests. It was incredibly gratifying to walk away from that codebase with every test fixture lit up green. Practice random acts of kindness to your codebases when you have the chance. It can take a long time to deal with thousands of warnings or failing tests but you can make it through to the other side. Was this clean content or purifile, by chance?
|
# ? Apr 7, 2014 00:58 |
|
So, the latest OpenSSL bug/vulnerability is causing some serious angst at my workplace and I imagine at various others. Luckily only one person so far has suggested writing our own inhouse alternative to OpenSSL as a response and everyone already knows not to listen to them. Details: http://heartbleed.com/
|
# ? Apr 8, 2014 08:11 |
|
door.jar posted:So, the latest OpenSSL bug/vulnerability is causing some serious angst at my workplace and I imagine at various others. Luckily only one person so far has suggested writing our own inhouse alternative to OpenSSL as a response and everyone already knows not to listen to them. trusting user supplied lengths.
|
# ? Apr 8, 2014 09:11 |
|
Here's the diff: https://bugzilla.redhat.com/attachment.cgi?id=883475
|
# ? Apr 8, 2014 10:16 |
|
code:
|
# ? Apr 8, 2014 15:03 |
|
C++ code:
|
# ? Apr 8, 2014 15:36 |
|
"See, I told you Linux is not as performant as Windows!"
|
# ? Apr 8, 2014 15:39 |
|
Dicky B posted:
I could have sworn that Linux's implementation of sleep takes an int that is the number of seconds, not milliseconds like Windows. Am I right that that is the horror here? Literally Elvis fucked around with this message at 17:52 on Apr 8, 2014 |
# ? Apr 8, 2014 17:50 |
|
You caught it. Good on you.
|
# ? Apr 8, 2014 17:59 |
|
Objective-C code:
|
# ? Apr 8, 2014 21:26 |
|
The other horror is not using the CFSTR macro.
|
# ? Apr 8, 2014 21:39 |
|
Dicky B posted:
Um, isn't C++ case sensitive? (been too long since I've seen C++)
|
# ? Apr 8, 2014 22:07 |
|
eithedog posted:Um, isn't C++ case sensitive? (been too long since I've seen C++) That'd be the reason for the ifdef. See if you can find the actual problem with the code!
|
# ? Apr 8, 2014 22:08 |
|
Dessert Rose posted:That'd be the reason for the ifdef. See if you can find the actual problem with the code! Ah yes - a little googling and then actually reading a couple of answers above clears the matter.
|
# ? Apr 8, 2014 22:28 |
|
pokeyman posted:The other horror is not using the CFSTR macro. How is that different from using @"string"? Except for the macro working when compiling straight C.
|
# ? Apr 8, 2014 23:02 |
|
zergstain posted:How is that different from using @"string"? Practically, it isn't. Aesthetically, it obviates the cast, and doesn't pointlessly mix Foundation and CoreFoundation, two things that I think look ugly.
|
# ? Apr 8, 2014 23:13 |
|
Just managed to fix a wonderful bug in a C++ program I'm working on. It took me the longest time to work out what the hell was happening, but basically I was writing one past the end of an array and clobbering an integer variable used by my program. Then that variable obviously was completely the wrong value and the program ended up exhibiting really bizarre behaviour.
|
# ? Apr 9, 2014 03:48 |
|
Hammerite posted:Just managed to fix a wonderful bug in a C++ program I'm working on. It took me the longest time to work out what the hell was happening, but basically I was writing one past the end of an array and clobbering an integer variable used by my program. Then that variable obviously was completely the wrong value and the program ended up exhibiting really bizarre behaviour. But hey, at least manual memory management is fast! And we get the bonus of stuff like Heartbleed nullifying all SSL for the past few years. And sasser, code red, blaster, or any of the other million worms exploiting buffer overflows.
|
# ? Apr 9, 2014 04:01 |
|
The two most common problems in programming are naming things, cache invalidation, and off-by-one errors.
|
# ? Apr 9, 2014 04:03 |
|
Also you're the horror for not using std::vector which would have caught that in a checked build.
|
# ? Apr 9, 2014 04:04 |
|
Dessert Rose posted:Also you're the horror for not using std::vector which would have caught that in a checked build. Is there an easy way to get clang to build with checks on linux, I have to work with a guy who's a little casual about these things.
|
# ? Apr 9, 2014 06:23 |
Dessert Rose posted:The two most common problems in programming are naming things, cache invalidation, and off-by-one errors. o most common problems in programming are naming things, cache invalidation, and off-by-one errors.\0buffe
|
|
# ? Apr 9, 2014 09:46 |
Content: The guy next to me is checking out pictures of kitchens and couches and bathrooms instead of fixing the bugs he's made. So I've had to come back from starting the next project and take a look at a bug. In one of the pages I found, at the very end of the file, two separate DB calls that then get var_dumped. The var_dump has been commented out because obviously you can't show development stuff on a production site! But they've left the database calls. This isn't the first time I've seen this. They just... the... they don't understand that if you put code in, it does something. They still think that if it doesn't show up on the page, or if what shows up on the page seems reasonable, then there's no problem whatsoever and job well done, let's call it a day and go home. e: I understand better than most people that you can't be born knowing everything, and you can't be expected to be a whiz at every technology or language or whatever. But I feel like I'm dealing with children. You know when kids are toddlers and they don't understand what life or death is or that they're not the center of the universe and that the world doesn't disappear when you close the curtains? So you're constantly running around after them making sure they're not holding a kitten underwater because 'she's dirty!' or setting fire to the budgie because it looks cold. They just don't understand basic core concepts - but these people are 30 year old adults who have chosen a field that presupposes a sort of basic conceptual understanding of computers and how they work! Sulla Faex fucked around with this message at 10:16 on Apr 9, 2014 |
|
# ? Apr 9, 2014 10:07 |
|
Dessert Rose posted:Also you're the horror for not using std::vector which would have caught that in a checked build. It's a fixed size, I thought things like vector was for collections that might need to be dynamically allocated.
|
# ? Apr 9, 2014 11:19 |
|
Sulla-Marius 88 posted:Content: The guy next to me is checking out pictures of kitchens and couches and bathrooms instead of fixing the bugs he's made. So I've had to come back from starting the next project and take a look at a bug. In one of the pages I found, at the very end of the file, two separate DB calls that then get var_dumped. The var_dump has been commented out because obviously you can't show development stuff on a production site! But they've left the database calls. This isn't the first time I've seen this. They just... the... they don't understand that if you put code in, it does something. They still think that if it doesn't show up on the page, or if what shows up on the page seems reasonable, then there's no problem whatsoever and job well done, let's call it a day and go home. Soon you will learn that about 50% of "developers" are exactly like them, and then you shall know what it means to have existential torment. Then you shall double your rates, because you know you are worth it.
|
# ? Apr 9, 2014 13:54 |
|
quote:> No. OpenSSL has exploit mitigation countermeasures to make sure it's http://article.gmane.org/gmane.os.openbsd.misc/211963
|
# ? Apr 9, 2014 14:58 |
|
Sulla-Marius 88 posted:Content: The guy next to me is checking out pictures of kitchens and couches and bathrooms instead of fixing the bugs he's made. So I've had to come back from starting the next project and take a look at a bug. In one of the pages I found, at the very end of the file, two separate DB calls that then get var_dumped. The var_dump has been commented out because obviously you can't show development stuff on a production site! But they've left the database calls. This isn't the first time I've seen this. They just... the... they don't understand that if you put code in, it does something. They still think that if it doesn't show up on the page, or if what shows up on the page seems reasonable, then there's no problem whatsoever and job well done, let's call it a day and go home. Funny you say that. In here people tend to comment stuff out, but unfortunately commenting might happen on multiple levels. First, there's PHP level (/* */), then there's template level ({* *}), then, there's HTML level (<!-- -->). Guess what do I deal with? Additionally - people comment stuff out when functionality changes (bear in mind that we're running on SVN, so it's possible to look back what it changed from, etc). Yup - keeping the old code that was used to pull out all the users, when now this screen displays all the companies is a great idea. Oh, and the JS code that was here before, let's comment it out as well! Oh, and let's do it a couple of times - because you know, if we'll want to get back to the old code it's easy to spot which code should be commented and which one shouldn't. Edit: actually, the comparisons you're making are remarkably apt. Right now I'm implementing templates (changing static HTML into something that works) and every tab interface only has designed parts that are visible. As: for three tabs that are to display different types of content, in entirely different manner, only the tab that's visible contains the markup. Seriously, what is the thought process here as if not "only things that are visible matter". canis minor fucked around with this message at 16:29 on Apr 9, 2014 |
# ? Apr 9, 2014 15:51 |
|
|
# ? Jun 6, 2024 00:55 |
|
Hammerite posted:It's a fixed size, I thought things like vector was for collections that might need to be dynamically allocated. Vectors are for that, but you can use them for static collections, too. Vectors use a tiny bit more memory, but this tradeoff is worth all of the extra flexibility in nearly all cases.
|
# ? Apr 9, 2014 19:12 |