WTF Bites
-
The logger I'm required to use here only supports warning, info, and debug, but not the error level. Who makes up this stuff.
Oh well,
abort()it is then.This is now illegal in Texas.
-
The logger I'm required to use here only supports warning, info, and debug, but not the error level. Who makes up this stuff.
Someone whose code never produces errors, obviously.
au contraire.
-
The logger I'm required to use here only supports warning, info, and debug, but not the error level. Who makes up this stuff.
if you don't log errors, you don't know about them and so you don't have to fix them.
-
The logger I'm required to use here only supports warning, info, and debug, but not the error level. Who makes up this stuff.
if you don't log errors, you don't know about them and so you don't have to fix them.Ah, to be young and naive.
-
@PleegWat No, old and cynical. The young and naîve want to fix all errors and polish their software to perfection. Then they find everybody else produces crap and doesn't give a fuck, so they stop giving fuck too and silence all errors until someone starts to complain.
See, we were recently setting up monitoring for the software that we are deploying. The architect came up with some conditions we should set up alert for, and one of the them was when an error-severity message is logged. So I set it up … and it promptly went off and kept going off almost every detection cycle. While the software worked just fine.
The main source was that RabbitMQ—which is just a standard third party component in the system, nothing that we'd touch ourselves—logs an error every time a connection attempt fails and, well, any port opened to the internet gets its fair share of port scans and other bogus connection attempts.
So I restricted it to our own components only, but there was still a bunch of false positives in there. I ended up dropping that alert and just putting a last 10 errors query on the dashboard. Because even if something failed, it is not an error until you know it was supposed to succeed, and the server usually doesn't know that.
So there are some cases where software should long an error—e.g. failing to connect to the database is an error, because nothing will work in such case—but most things shouldn't be errors, just info or warning something didn't succeed, but you'll have to decide whether it's interesting after the customer calls you that something ain't no workey.
-
@PleegWat No, old and cynical. The young and naîve want to fix all errors and polish their software to perfection. Then they find everybody else produces crap and doesn't give a fuck, so they stop giving fuck too and silence all errors until someone starts to complain.
See, we were recently setting up monitoring for the software that we are deploying. The architect came up with some conditions we should set up alert for, and one of the them was when an error-severity message is logged. So I set it up … and it promptly went off and kept going off almost every detection cycle. While the software worked just fine.
The main source was that RabbitMQ—which is just a standard third party component in the system, nothing that we'd touch ourselves—logs an error every time a connection attempt fails and, well, any port opened to the internet gets its fair share of port scans and other bogus connection attempts.
So I restricted it to our own components only, but there was still a bunch of false positives in there. I ended up dropping that alert and just putting a last 10 errors query on the dashboard. Because even if something failed, it is not an error until you know it was supposed to succeed, and the server usually doesn't know that.
So there are some cases where software should long an error—e.g. failing to connect to the database is an error, because nothing will work in such case—but most things shouldn't be errors, just info or warning something didn't succeed, but you'll have to decide whether it's interesting after the customer calls you that something ain't no workey.
Yeah, this is a really tricky question that confuses most developers.
At the basic level, we have validation of input data (user-entered maybe) which of course displays an error... so some people logs it as an error.
Which is obviously wrong, and easy to explain....but then we have something like constraint error (FOREIGN KEY, UNIQUE etc, etc) which is quite often the same as above - an error in the input data record, just validated at the different level. But in this case, so many people just insist that "it's a database error, must be logged as an error". With full stacktrace, of course, which makes the log very "fun" to read (in Java, at least).
-
I don't think people code this way out of "purism",
theywe simply do it out of lazyness.What people think is "If the INSERT fails, a database error just occurred and we log it as an error with full stacktrace (and if you're good, the failing query and its parameters." The code doesn't know that this error was an input error because it doesn't bother to check (and it would be a paint to implement in some cases, especially if you have to handle multiple DBMSs). So the result is, "Any error not caught in the front-end returns HTTP code 500 even when it should be 4xx".
It's up to the maintainer (me again) to check the log and tell the customer to stop wasting my time and get their shit together.
-
I don't think people code this way out of "purism",
theywe simply do it out of lazyness.Oh, absolutely, that is the most common case.
What people think is "If the INSERT fails, a database error just occurred and we log it as an error with full stacktrace (and if you're good, the failing query and its parameters." The code doesn't know that this error was an input error because it doesn't bother to check (and it would be a paint to implement in some cases, especially if you have to handle multiple DBMSs).
This is (surprisingly) quite well standardized by SQLSTATE/SQLCODE codes and handling those is not that hard. But yes, it's extra work.
So the result is, "Any error not caught in the front-end returns HTTP code 500 even when it should be 4xx".
Raise your hand if you had to write regexp parser to detect common validation cases from a (REST) API, accepting both Oracle and Postgresql exception messages.
It's up to the maintainer (me again) to check the log and tell the customer to stop wasting my time and get their shit together.
It helps if the developer is the maintainer.
I mean, it helps to improve the software.
Having separate roles help to create the right enterprise/corporate atmosphere.
-
@Kamil-Podlesak There are expected errors—that's the user errors, mostly—and unexpected errors—when the code wanders in some branch the programmer thought shouldn't be reachable even with invalid data, or some invariant is violated that the programmer thought was already enforced earlier. The former should not be logged as errors and if an exception is thrown for them, it should always be caught and returned to the user. The later is when logging an error and throwing an uncaught exception to restart the server is appropriate. It is
of work to distinguish the two cases properly.
-
-
@dcon No, interns are young and naîve, while this is clearly someone old, grumpy and cynical, who doesn't want to keep being bothered by the operator monkey about all the error messages in logs that are actually business as usual.
-
They’re making… this…
I posit it’ll be a shitshow because movies don’t understand satire any more.
-
@dcon No, interns are young and naîve, while this is clearly someone old, grumpy and cynical, who doesn't want to keep being bothered by the operator monkey about all the error messages in logs that are actually business as usual.
I'm pretty sure I know who wrote it and he's an architect. May or may not be an Architect. And if it was someone in his team, then he certainly OKed it.
-
It is
of work to distinguish the two cases properly.Validation, that's what you need. In particular, you need validation between properties of requests as well as of individual types.
-
-
There are expected errors—that's the user
In the beginning the user was created. This has made a lot of people very angry and been widely regarded as a bad move.
-
The logger I'm required to use here only supports warning, info, and debug, but not the error level. Who makes up this stuff.
Oh well,
abort()it is then.This is now illegal in Texas.
kill(0, 9)will do.
-
The logger I'm required to use here only supports warning, info, and debug, but not the error level. Who makes up this stuff.
Oh well,
abort()it is then.This is now illegal in Texas.
kill(0, 9)will do.Always check your privilege before shooting your whole family in the head though
-
@dcon No, interns are young and naîve, while this is clearly someone old, grumpy and cynical, who doesn't want to keep being bothered by the operator monkey about all the error messages in logs that are actually business as usual.
I'm pretty sure I know who wrote it and he's an architect. May or may not be an Architect.
George Costanza?
-
@HardwareGeek said in WTF Bites:
There are expected errors—that's the user
In the beginning the user was created. This has made a lot of people very angry and been widely regarded as a bad move.
This must have been the event that sparked Linux. Keep the devs, get rid of the users.
-
any port opened to the internet gets its fair share of port scans and other bogus connection attempts.
I love that my system tells me I'm getting port scanned. It's a really useful notification!
Oh no, unknown welcome header starting with the string "HTTP 1.1" ? Critical notice!
-
-
I need a project-internal PKI. So I downloaded this cfssl tool and started it up in a container. Now I also want to be able to revoke certificates (they are client certificates for in-field installations, so we should be able to revoke certificates of discontinued ones). That requires storing a list of the issued certificates somewhere. Sounds about right, right?
Well, supported backing stores are postgresql, mysql and sqlite3. That doesn't allow me to reuse the main database, which is mssql, and since a new certificate will only be issued once in a while, sqlite3 should be good enough. So that's what I set up, I looked at the log, which now says that
[INFO] endpoint '/api/v1/cfssl/crl' is enabledso I try to query the endpoint and I get a
{"success":false,"result":null,"errors":[{"code":11000,"message":"Binary was compiled with 'CGO_ENABLED=0', go-sqlite3 requires cgo to work. This is a stub"}],"messages":[]}
doesn't it just fail during start if the driver is not available‽- is the pre-built binary compiled in such castrated way‽
- don't they at least say the pre-built binaries are so restricted‽
- By the way, their documentation is CHARLIE ROMEO ALPHA PAPA.
PS: Is there some other lightweight service that could be used for the purpose? Everybody and the dog need project PKI these days.
-
A couple of weeks back in this topic we talked about supermarkets selling loyalty card data.
Sainsbury's and Tesco's - two of the bigger ones here - made £300m off selling that data.
Sainsbury’s boss defends decision to sell customers’ Nectar card data
Supermarket says it protects personal data ‘incredibly carefully’ and move makes ads ‘more relevant’
And yes, tailored advertising absolutely an intended outcome.
-
is the pre-built binary compiled in such castrated way‽That's why the ex-tomcat is giving you the middle digit.
-
And yes, tailored advertising absolutely an intended outcome.
So far I've been completely unimpressed by the results of said tailoring, if it is even working at all...
-
Apple will no longer give police users' push notification data without a warrant | TechCrunch
Apple says it will now require a judge-approved order before handing over its users' push notification records to government agencies.
We don't sell your data … but if someone can send a selfie with their cop's badge they can have your data for free!
-
I need to stop browsing shit on Bandcamp. Almost thought I'd broken my BT audio.
-
broken my BT audio
That's the default state. From my experience also the only state.
-
broken
I need to stop listening to this track, decompilation is making me taste the smelliest colours...
-
Status: Impressively annoyed that apparently college/university selection is a static list and there can be literally no other possible options.
How the fuck do you expect me to continue if you won't let me fill in shit?
Assholes.
-
If your university isn't in the list, then we consider it to be not a real university. Sucks to be you!
-
@Zerosquare said in WTF Bites:
If your university isn't in the list, then we consider it to be not a real university. Sucks to be you!
I mean, there's something to that, to be sure...
-
@Zerosquare said in WTF Bites:
If your university isn't in the list, then we consider it to be not a real university. Sucks to be you!
Welcome to USA.
-
@LaoC i see your post and raise you mine https://lovecrypt.bandcamp.com/album/ang3l
-
@Tsaukpaetra ya, recently, while termux was running my ssh client, it literally told me someone else was trying to access the shell in plain speech. i was like,,, hey, nice lol. like what do you even say at that point, other than nice? congration-you-done-it? :p
-
Apple will no longer give police users' push notification data without a warrant | TechCrunch
Apple says it will now require a judge-approved order before handing over its users' push notification records to government agencies.
We don't sell your data … but if someone can send a selfie with their cop's badge they can have your data for free!
"will no longer" ahahahahaha /me slaps knee
-
They’re making… this…
I posit it’ll be a shitshow because movies don’t understand satire any more.
-
@hungrier Even Stallone doesn't look too enthused by the idea.
-
@Watson I'm sure he'll be crying the fat check the studio will have written him for just showing up wet with regretful tears.
-
@Bulb the only thing i had even seen which could have explained this was a table error where the data feedback from an output request that doubled the request and cancelled it out. however, this was for a data list/database of names, idk if this would have like, been applicable to, say, a dns query or dns route throughput
if there was like, an ansible or dns table involved, maybe that did it?
Working with SQL NULL values
This article will show functions and operators for handling SQL NULL values.
SQL NULL Values - IS NULL and IS NOT NULL
W3Schools offers free online tutorials, references and exercises in all the major languages of the web. Covering popular subjects like HTML, CSS, JavaScript, Python, SQL, Java, and many, many more.
-
@_deathcollege No, it didn't get as far as even trying to run SQL.
See, sqlite is written in C. However the rest of the tool is written in Go, and Go doesn't like C, so you have to enable “cgo” to get it link to it. Which is, by default, disabled when cross-compiling—or rather whenever you specify the target, even if it actually is the same as the host. That makes sense, to cross-compile with C code, you also need a C cross-compiler.
When “cgo” is disabled, the sqlx (database api package) gets compiled without sqlite support. Automatically. I'd expect you to select which drivers you want, and it would fail if you selected one that requires C, but C linking is not set up, but no, it is implicit.
And then the application will check that it has the configuration, but does not actually validate the configuration, so you only get an error when it actually tries to do something with the database, because only then it actually tries to open the connection and finds it doesn't work.
Also, the tables are initially empty, so there are no nulls it could incorrectly handle.
-
@Bulb Overall it sounds like a system designed to press your hand into a gun-shaped object conveniently aimed in such a manner as to cause injury to one's primary locomotion implements.
-
And then the application will check that it has the configuration, but does not actually validate the configuration, so you only get an error when it actually tries to do something with the database, because only then it actually tries to open the connection and finds it doesn't work.
In that case, why not write the stupid thing in a scripting language? You'll still have soft errors, but at least they're likely to interoperate with C libraries without too much ceremony. As it is, it sounds like you have the downsides without the upsides, and what's the point of that?
-
-
@Tsaukpaetra said in WTF Bites:
@Bulb Overall it sounds like a system designed to press your hand into a gun-shaped object conveniently aimed in such a manner as to cause injury to one's primary locomotion implements.
Yes. Well, it's someone's internal tool that they made public because they don't care to keep it private, so don't look at the gifted horse's teeth I guess.
In that case, why not write the stupid thing in a scripting language? You'll still have soft errors, but at least they're likely to interoperate with C libraries without too much ceremony. As it is, it sounds like you have the downsides without the upsides, and what's the point of that?Because CloudFlare. I think they did want to make it fast, because they use it to generate internal certificates for authenticating components to each other and they have quite a few of those.
I don't have nearly as many components, but this tool comes with a simple http api and I really wanted that.
-
@Bulb i mean, i guess in lieu of a cloud-hosted service of average repute, you could always try hosting your own vps & self-signing your stuff. not sure what your context is, but it is an option. lowendtalk has some good prices & intros to companies who discount right off the bat on kvm's, too. lowendtalk.com
-
A few years ago I bought an external box that can hold up to 5 hard drives. The premise is a good one -- up to 80TB of storage, as RAID or just individual disks, connected with a single USB cable.
I've owned a couple of these over the years, from different manufacturers, and they all suffer from the same retarded fuckery. For some reason, all these companies are obsessed with "power saving".
Despite the fact that modern hard drives don't use a lot of power, especially in a home system, they all have this wonderful "power-saving feature" where they turn themself off after a few minutes of inactivity.
My internal drives are set to "turn off after 30 minutes of inactivity", but they come back up quickly when I need them and the delay is barely noticeable. But on the odd occasion where I need to access something on the external unit it takes an absurdly long time before anything is accessible. WTF is it doing? Why does it take so long?
As an extra added fuck-you, none of these units offer a way to disable or change the amount of time till shut down.
-
@_deathcollege said in WTF Bites:
@Bulb i mean, i guess in lieu of a cloud-hosted service of average repute, you could always try hosting your own vps & self-signing your stuff. not sure what your context is, but it is an option.
The context is we are self-signing our—internal—stuff. But we don't want to write an API for that, so we took a utility that someone wrote, and that utility is … well, a bit rough around the edges and poorly documented.
-
@Bulb https://maherz.medium.com/how-to-generate-self-signed-certificates-and-configure-net-core-api-bf4b676c9979
heard decent things about rest; this looks like a gitclone thing for certificates, tbh. and then there was also this thing i stumbled upon: http://forum.world.st/How-to-use-HTTPS-SSL-with-Zinc-td4952461.html
in lieu of whatever cloudflare is already doing
Kill Yourself To Be Flawless, by I Am God.
