The Joys Of Programming

Interesting post on a bad rewrite of a DHCP client and the security vulnerabilities introduced.

https://blog.erratasec.com/2018/10/s...

This is why we can't have nice things.

Would anyone be interested in an info sec discussion thread? I get most of my news from the Risky Business podcast show notes.

I would. I know jack and would love to learn. I keep meaning to try Cryptomancer RPG (and SIGMATA: ThIs Signal Kills Fascists) which implements infosec concepts in a magic RPG system.

muraii wrote:

I would. I know jack and would love to learn. I keep meaning to try Cryptomancer RPG (and SIGMATA: ThIs Signal Kills Fascists) which implements infosec concepts in a magic RPG system.

Those are very, very cool looking. I can start a thread on the topic, but it may veer into D&D territory if we start talking about offensive cyber and the lack of international norms.

Speaking of which, go watch Zero Days on Hulu.

I truly loathe systemd. They took an easy thing (start programs at boot), and made it hard to administer, impossible to fully understand, and easy to exploit. It's a goddamn trashfire.

Screeps is an MMO RTS programming web game. You write code in one area that is run continuously even while you are offline to automate your units, and in another area you can write one-off commands like spawning new units and buildings. The default interface is Javascript, but the player community has written some third-party tools to support Typescript, Python, Rust, and Kotlin. You can run private servers, or join public shards. Pretty wild.

I played with it a while back. I didn't like that you had to pay to win (kind of). They gave you a certain amount of CPU time per tick for free, but then you had to pay a monthly fee to get more which limited what you could do. if the constraint was equal it would be ok since the best code would do the best.

I wouldn't mind if we setup a private server for gwjers to join if anyone is interested.

IMAGE(https://i.redd.it/wkz1n6t7o8721.png)

So this is a really weird story about a cyberpunk programming MMO with a crazy sandbox system.

https://www.rockpapershotgun.com/201...

I know someone who got in on the ground floor of HackMud, and the cyberpunk wild west stories were pretty nuts. Interesting way to learn javascript, and I imagine you come out of it fairly security-minded.

I'm a little late to the party here and not really much of a programmer; I enjoy it, but have no natural talent. I typically have to brute-force my way through 99 failures to find that one success. My programming adventures started with teaching myself HTML4 back in the late 90s, using UNIX/LINUX for work, was eventually introduced to some Bash scripting in the mid-2000s, decided to pursue my post-Air Force career Bachelor's degree in Computer Science, and then ended up working as a Test and then Systems Engineer late 2011 due to my experience with a specific military aircraft... My wife bought me the Raspberry Pi I had on my Amazon wishlist for Xmas, but other than goofing around to see how the new Pi-Steamlink works, I don't really have a plan or idea of what to do with it.

I might not be very good and I'm not one of those guys that goes home and tinkers and programs, but I do enjoy it on the rare occasions where work leads me to tackle various low-risk projects which usually include small Bash or Python scripts. I guess did build a HTML5/CSS3/Javascript prototype web-app (basically a Google/Wiki/Youtube hybrid for system user manuals, submission and tracking maintenance reports, and some other stuff... hard to describe without an actual demo setup) several years ago that landed my company several long-term, recurring contracts totaling a couple of million dollars (I got a $50 Best Buy gift certificate for my efforts and the work got shuffled off to a Product Development team that turned it into a god-awful, half-realized mess). Even so, I don't have much creative, artistic talent and it didn't have much to offer in the visually pleasing department.

Anywho, a couple of years ago, I had a class that wanted to give us a quick introduction to a variety of languages, with a variety of uses outside our normal C++/Java course work. Our textbook was a goodie called "Seven Languages in Seven Weeks" by Bruce Tate. Basically the book was a brief intro, with small-scale programming problems, in Ruby, Io, Prolog, Scala, Erland, Clojure, and Haskell. Our course skipped Io, Scala, Erland, and Clojure and I haven't gone back to take a look at those, but with previous Python experience, Ruby didn't offer too much in 2 weeks to really blow my mind and Haskell seemed like an even simpler cousin of the two.

The one that I really enjoyed - Prolog - was a totally different form of thinking and programming which is sometimes using in Artificial Intelligence. Instead of thinking about a problem and devising a solution, you program a set of rules and then tell the program your problem and it "solves" the problem based upon those rules. When programming, my mind tends to lend me better to procedural programming than many of the abstract concepts of Object Oriented. Prolog was an interesting change of gears.

Anyway, if you don't have or haven't ever heard of the book, it's actually rather fun and I highly recommend it. I might even have a .pdf if anyone is interested.

Prolog is indeed quite fun.
I really suggest diving deeper into some other haskell projects as it is pretty different in patterns, use and community from python and ruby.

That sounds like true procedural program. By which I mean not just linear or sequential programming but autogenerated code.
That sounds really fascinating

I've been doing a bunch of stuff with constraint solving lately--similar logic programming stuff to Prolog, only using Answer Set Programming or MiniZinc instead. It is rather magical.

I've long wanted a Prolog or something similar as an embedded language to solve problems within a more common language. Sending SQL out to a relational engine is the closest analog to the idea. I have no idea why it's not a thing.

gravity wrote:

I've long wanted a Prolog or something similar as an embedded language to solve problems within a more common language. Sending SQL out to a relational engine is the closest analog to the idea. I have no idea why it's not a thing.

We've actually got a research project in our lab to do this for C#, but the main researcher was hired away so it is currently on hold.

How's it worked out so far? I've been tempted to try and shoehorn some sort of bridge between SWI-Prolog and R for fun, but it's a lot more work than I have time for.

GIT workflow question.

We're a small company - 5 devs. A dev will push up their branch then create a PR to get the code pulled into the main Development branch where we do our releases to Dev from.

We use the PR as our code review opportunity. Another dev will then review the PR. That dev eventually approves the PR to merge into our Development branch after comments are resolved, etc.

At that point, the PR needs to be "Completed".

With the 2 choices of "The developer who made the code change" (manually or via auto-complete) and "The developer who approved the PR", which one should Complete the PR in your opinion? Those are the only options in this scenario.

Everyone's workflow will be different and I'm not looking for changes to our workflow here, just the answer of which of those 2 people would be the best one to do the Completing.

-BEP

I have a slight preference towards "The developer who made the code change" should approve the PR merging onto Development. We've been using a similar flow at my work (with Gerrit) and the number of times I've pushed a change for review, it gets reviewed and I have a second thoughts before actually merging it. My brain doesn't switch off on a task after I push for review, especially if I sleep before it gets merged.

At my workplace the answer to your question is "whoever has the PR open in front of them".

My stuff is embedded so that is my perspective, but I always have a lead or qa role complete/close PRs.

I think for a small team where a dev owns the feature into prod, it makes sense for the dev that opens the PR/did the work to do the merge and trigger the deployment.

We're a really small company too, with only four of us doing dev work. We had this exact same question last year, and ended up going with "the developer who made the code change".

It looks like we do things slightly different from you guys anyway, but that's my two cents anyway. We're somewhat lucky to have all four of us devs in the same room, so it's really easy to communicate about what we're working on and when to do things like merging.

Short answer: we have the dev close it out.
Longer answer:

  • PR goes into Github
    • Get at least 3 thumbs-up code reviews
    • Pass all tests in CI
    • Fill out a checklist explaining why the change was made
      • Link to the JIRA issue
      • Verify it passed manual/automated testing and end-to-end tests and in which environment
      • Explain your test plan for when it goes into production and what might cause a rollback
    • Engineering manager delegate considers your checklist, asks any questions they may have about risks/mitigations
    • Risk management team (or internal if simple-enough change) goes over same list/questions considering integration with other apps/verticals, gives final approval or requests changes.
  • Developer and a shadow pair up early in the morning or after our busy hours to deploy
  • Deploy wizard application verifies changes to be added and people involved, deploys test branch to production
  • Verify change works as expected in production
  • On successful test, deploy wizard merges PR to master, then redeploys new master branch to production

So for your case, I'd suggest definitely having someone review it, but probably have the dev who wrote it close the PR and merge.

Your replies are the exact opposite of what I expected. We're currently on the "Dev who coded and made the PR closes it." which is the consensus here.

I assumed the rest of the world, for small shops that don't have dedicated people to do the tasks, would have the (final) reviewer do the close.

I'll recommend we stay the course. Thanks for the input.

-BEP

IMAGE(https://i.imgur.com/kEgEgt9.jpg)

I wish everything offered a dark theme.

LeapingGnome wrote:

I wish everything offered a dark theme.

I respect the option, but my eyes don't understand why.

Maybe they haven't found the brightness controls for their screen?

I've been working in the capacity of a tech lead for about a year now, but in the past 7 months it's ramped up into a situation where I mostly work on architecture and deeper technical problems. I do sales, scoping for new projects, a little PM-like stuff and many other things. There are lots of days where I'm in meetings all day.

That said, even 7 months in whenever I delegate to someone I feel like I'm being lazy.

Does delegating ever stop feeling like this? Like you're a lazy slacker who's just passing the buck?

I feel like a slacker when i don't delegate too.

I have a hard time with delegating too but am trying to get better. I feel weird asking people to do things I could do myself.