Coding Horrors: You can gather all your technical debt into one easy framework!

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1501 »

Plorkyeran: Mar 22, 2007; To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed

I don't really see anything wrong with expected test failures. Shipping with known issues is not exactly an uncommon thing to do, and it's important to be able to distinguish between known issues and new issues.

# ? Mar 2, 2012 18:04

Adbot: ADBOT LOVES YOU

# ? Apr 26, 2024 15:26

Malloc Voidstar: May 7, 2007; Fuck the cowboys. Unf. Fuck em hard.

this is the best test: http://gcov.php.net/viewer.php?version=PHP_5_4&func=tests&file=ext%2Fopenssl%2Ftests%2F001.phpt

code:

 <?php
 echo "Creating private key\n";

 /* stack up some entropy; performance is not critical,
  * and being slow will most likely even help the test.
  */
[...]

quote:

Expected

Creating private key
Export key to file
Load key from file - array syntax
Load key using direct syntax
Load key manually and use string syntax
OK!

Output

Creating private key

** ERROR: process timed out **

# ? Mar 2, 2012 19:08

prefect: Sep 11, 2001; No one, Woodhouse.
No one.; Dead Man’s Band

Aleksei Vasiliev posted:

this is the best test: http://gcov.php.net/viewer.php?version=PHP_5_4&func=tests&file=ext%2Fopenssl%2Ftests%2F001.phpt
code:
 <?php
 echo "Creating private key\n";

 /* stack up some entropy; performance is not critical,
  * and being slow will most likely even help the test.
  */
[...]

I am not a system-level developer, but what does "stacking up entropy" mean?

# ? Mar 2, 2012 19:11

ToxicFrog: Apr 26, 2008

prefect posted:

I am not a system-level developer, but what does "stacking up entropy" mean?

Collecting random noise from which to generate cryptographically strong random numbers.

# ? Mar 2, 2012 19:17

ymgve: Jan 2, 2004; Offensive Clock

And noise can be from various sources, like external RNG hardware, or simpler things like core voltage or mouse/keyboard movement and timing.

# ? Mar 2, 2012 19:19

prefect: Sep 11, 2001; No one, Woodhouse.
No one.; Dead Man’s Band

ymgve posted:

And noise can be from various sources, like external RNG hardware, or simpler things like core voltage or mouse/keyboard movement and timing.

I guess I assumed that it would just be "call some random-number generator". (This may be why I don't work in that area.)

# ? Mar 2, 2012 19:20

haveblue: Aug 15, 2005; Toilet Rascal

prefect posted:

I guess I assumed that it would just be "call some random-number generator". (This may be why I don't work in that area.)

Computers cannot be completely random by their nature; a random-number generator merely produces predictable numbers according to a formula that ensures a uniform distribution over time. It has to base its randomness on something other than pure CPU activity. "Stacking entropy" is just a fancier, more in-depth version of calling srandom(get_current_time()).

haveblue fucked around with this message at 19:24 on Mar 2, 2012

# ? Mar 2, 2012 19:22

GROVER CURES HOUSE: Aug 26, 2007; Go on...

PHP uber alles

# ? Mar 3, 2012 00:04

pokeyman: Nov 26, 2006; That elephant ate my entire platoon.

Aleksei Vasiliev posted:

this is the best test: http://gcov.php.net/viewer.php?version=PHP_5_4&func=tests&file=ext%2Fopenssl%2Ftests%2F001.phpt

quote:
Expected

Creating private key
Export key to file
Load key from file - array syntax
Load key using direct syntax
Load key manually and use string syntax
OK!

Output

Creating private key

** ERROR: process timed out **

Well it's no wonder it times out. The first lines are

code:

for ($z = "", $i = 0; $i < 1024; $i++) {
    $z .= $i * $i;
    if (function_exists("usleep"))
        usleep($i);
}

which sleeps for, on its tenth iteration alone, about 4,700 years.

# ? Mar 3, 2012 02:25

Opinion Haver: Apr 9, 2007

No, it usleeps for $i seconds. Assuming that the argument is 'sleep time in microseconds' that's about half a second total of sleeping.

# ? Mar 3, 2012 02:30

Tots: Sep 3, 2007

pokeyman posted:

Well it's no wonder it times out. The first lines are
code:
for ($z = "", $i = 0; $i < 1024; $i++) {
    $z .= $i * $i;
    if (function_exists("usleep"))
        usleep($i);
}
which sleeps for, on its tenth iteration alone, about 4,700 years.

i!=z

E: What the guy above me said

# ? Mar 3, 2012 02:32

pokeyman: Nov 26, 2006; That elephant ate my entire platoon.

Oh poo poo, my bad.

# ? Mar 3, 2012 06:06

Look Around You: Jan 19, 2009

Plorkyeran posted:

I don't really see anything wrong with expected test failures. Shipping with known issues is not exactly an uncommon thing to do, and it's important to be able to distinguish between known issues and new issues.

Well they're shipping it with 82 failures and only 44 of them are expected. Also 1119 compiler warnings :lol:

e: Most of the compiler warnings are just not using typedefs and other casting warnings though, so they're not as horrible.

Look Around You fucked around with this message at 06:37 on Mar 3, 2012

# ? Mar 3, 2012 06:35

Carthag Tuek: Oct 15, 2005; Tider skal komme,
tider skal henrulle,
sl�gt skal f�lge sl�gters gang

Here I was thinking that an expected failure was something like assert(functionThatShouldReturnTrueFor(args) (don't ask me why you wouldn't do it the other way around though).

# ? Mar 3, 2012 07:49

Look Around You: Jan 19, 2009

http://gcov.php.net/viewer.php?version=PHP_5_4&func=expected_tests&file=Zend%2Ftests%2Fmethod_static_var.phpt

quote:

php:

<?
2: class Foo {
3:  public function __construct() {
4:   eval("class Bar extends Foo {}");
5:  }
6:  public static function test() {
7:   static $i = 0;
8:   var_dump(++$i);
9:  }
10: }
11: 
12: foo::test();
13: new Foo;
14: foo::test();
15: 
16: /** 
17:  * function_add_ref() makes a clone of static variables 
       *for inherited functions, so $i in Bar::test gets initial value 1
18:  */ 
19: Bar::test();
20: Bar::test();

Expected

int(1)
int(2)
int(1)
int(2)

Output

int(1)
int(2)
int(2)
int(3)
?>

This is so loving dumb holy gently caress. Also is PHP supposed to be case sensitive?

e: this is one of their "expected test failures"

e2: A few of their expected test failures actually segfault. :lol:

Look Around You fucked around with this message at 08:05 on Mar 3, 2012

# ? Mar 3, 2012 08:01

Drape Culture: Feb 9, 2010; But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother.

The End.

pokeyman posted:

Well it's no wonder it times out. The first lines are
code:
for ($z = "", $i = 0; $i < 1024; $i++) {
    $z .= $i * $i;
    if (function_exists("usleep"))
        usleep($i);
}

Slightly off topic, but is that the comma operator in the loop initialization? I've been looking for an example of it in a situation that wasn't horribly contrived.

Drape Culture fucked around with this message at 17:29 on Mar 3, 2012

# ? Mar 3, 2012 17:25

Hammerite: Mar 9, 2007; And you don't remember what I said here, either, but it was pompous and stupid.; Jade Ear Joe

ManlyWeevil posted:

Slightly off topic, but is that the comma operator in the loop initialization? I've been looking for an example of it in a situation that wasn't horribly contrived.

Yes. IIRC using it like that is a common idiom in other C-like languages, not just PHP.

# ? Mar 3, 2012 17:38

tef: May 30, 2004; -> some l-system crap ->

Look Around You posted:

e2: A few of their expected test failures actually segfault.

code:

tef@void:~$ cat > foo.php
<?
class A {
  var $a;
  public function __toString() {
    return $this>a;
  }
}
echo new A();
?>
tef@void:~$ php foo.php 
Segmentation fault

# ? Mar 3, 2012 18:37

wwb: Aug 17, 2004

2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are:

quote:

1) In C#, how do you figure out if a collection such as a IList<T> or array is empty?
2) Given a collection of Person objects with a FirstName, LastName and CompanyName property please write a method that:
a) Writes the first and last names of each person to the console
b) Take (a) and modify it so it capitalizes the name when the comapny name is a specified value

I'm getting a bit worried.

# ? Mar 3, 2012 18:55

revmoo: May 25, 2006; #basta

wwb posted:

2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are:

I'm getting a bit worried.

Holy crap that's bad.

# ? Mar 3, 2012 19:18

geonetix: Mar 6, 2011

wwb posted:

2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are:

I'm getting a bit worried.

What are the credentials of those people, did they have any programming (in C#) on their CV at all? This scares me.

# ? Mar 3, 2012 19:39

ymgve: Jan 2, 2004; Offensive Clock

gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it?

# ? Mar 3, 2012 19:43

Look Around You: Jan 19, 2009

ymgve posted:

gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it?

I don't know the company or the specific job posting, but I'm guessing if someone said "There's a count() or a size() method on the list, I can't remember the exact name, but I'd use that" then it'd be ok. But I dunno.

# ? Mar 3, 2012 20:15

ToxicFrog: Apr 26, 2008

ymgve posted:

gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it?

Yes (or at least everywhere in ICollection). Similarly, all Scala and Java collections support an isEmpty method.

I'm not sure I could answer those specific questions on account of not knowing C#, but I could certainly answer them in any programming language I do know. :psyduck:

# ? Mar 3, 2012 20:40

New Yorp New Yorp: Jul 18, 2003; Only in Kenya.; Pillbug

wwb posted:

2 interviews this week for a mid-level position. Neither candidate could effectively answer the first bits of the "can you actually code" phone screen questions. These questions are:

I'm getting a bit worried.

For 2b, would you accept the use of

code:

CultureInfo.CurrentCulture.TextInfo.ToTitleCase()

? That's how I'd do it, although I had to look up where "ToTitleCase" lived.

I prefer to save the "can you actually code" questions until they come in for the in-person, and then have them do it with an IDE. Coding over the phone sucks. Your first question, although you'd expect that anyone with a reasonable level of proficiency would be able to answer, it doesn't show anything other than that they've read some code before. Your second question is better because it makes them solve a simple problem.

FizzBuzz really is one of the best benchmarks I've seen, though. It covers looping and conditionals and doesn't require any trivia to implement correctly, although a surprising number of people get hung up on the modulus operator.

#1 becomes trickier if you ask "What's the best way to determine if an IEnumerable<T> contains any elements?", because IEnumerable doesn't contain a Count property, it has a LINQ Count() extension method. The best way for an IEnumerable would be to use Any(), since Count() requires iterating over the entire collection, and Any() will immediately return true on the first element it hits.

[edit]
Hey, this isn't the interview thread! :downs:

New Yorp New Yorp fucked around with this message at 21:44 on Mar 3, 2012

# ? Mar 3, 2012 21:32

Atimo: Feb 21, 2007; Lurking since '03; Fun Shoe

ymgve posted:

gently caress, I would've failed that. I always forget what the method for getting the size of an object is, especially in Java. C# is Count() everywhere, though, isn't it?

You'd want to use .Any(), Count() will enumerate the collection.

# ? Mar 4, 2012 02:05

New Yorp New Yorp: Jul 18, 2003; Only in Kenya.; Pillbug

Atimo posted:

You'd want to use .Any(), Count() will enumerate the collection.

iList has a Count property.

# ? Mar 4, 2012 02:12

Plorkyeran: Mar 22, 2007; To Escape The Shackles Of The Old Forums, We Must Reject The Tribal Negativity He Endorsed

Ithaqua posted:

iList has a Count property.

But arrays have a Length property, which annoys me all the time.

# ? Mar 4, 2012 02:56

Rad ROM Max: Mar 10, 2011; by XyloJW

Look Around You posted:

http://gcov.php.net/viewer.php?version=PHP_5_4&func=expected_tests&file=Zend%2Ftests%2Fmethod_static_var.phpt

This is so loving dumb holy gently caress. Also is PHP supposed to be case sensitive?

e: this is one of their "expected test failures"

e2: A few of their expected test failures actually segfault.

That's what happens when you write your code while doped up on acid.

# ? Mar 4, 2012 05:54

wwb: Aug 17, 2004

Both resumes had several years of professional experience.

quote:

I don't know the company or the specific job posting, but I'm guessing if someone said "There's a count() or a size() method on the list, I can't remember the exact name, but I'd use that" then it'd be ok. But I dunno.

Exactly. What I'm looking for is someone who can say without thinking "Yeah, I'd check to see if the list has zero items in it." Bonus points for differentiating between techniques or checking for null first.

The split in this thread on this question is interesting, and I've seen a bit of the same in the interviews -- some folks get stuck on "crap, what is the syntax" and don't get to the logical part of what you are looking for. I'm kind of struggling with this myself having never been horribly trained and brought up in normal programming but rather in solving problems with computers sometimes using code so I think that way. Which is a really long winded way of saying I'm open for suggestion as to a better way to ask the question.

@Ithaqua: The capitalization in 2b is a bit of a red herring, really looking to see that someone can handle concepts of "loop through collection and do something conditional with it". Picked captialization because it was easy, I figured everyone knew .ToUpper(). Was originally designed to be a MVC3 / Razor question but nobody has been comfortable enough over there.

quote:

I prefer to save the "can you actually code" questions until they come in for the in-person, and then have them do it with an IDE. Coding over the phone sucks. Your first question, although you'd expect that anyone with a reasonable level of proficiency would be able to answer, it doesn't show anything other than that they've read some code before. Your second question is better because it makes them solve a simple problem.

Yeah, we got a whole (small) project for them to do with an IDE, but I don't want to waste their or my time setting things up if they can't handle very, very basic things anyone who has coded anything in any semblance of a modern language should be able to handle.

# ? Mar 4, 2012 16:58

PDP-1: Oct 12, 2004; It's a beautiful day in the neighborhood.

I have to write some code to control a water chiller over an RS-232 line. This ought to be an easy job but it's turning out to be difficult because the manufacturer came up with the most jacked up serial transmission protocol I've seen in a long time. Fun features include:

1) Data arrives in a variable length format with no termination character. Just throw each incoming byte into a buffer and then look to see if the buffer contains a valid command I guess. I have no idea how to handle a case where some data gets munged during transmission causing the data buffer to never match a known command pattern. Detect timeout/buffer overflow? Testing every byte that arrives is clearly much simpler than just waiting until a termination character shows up.

2) Some measured values like water temperature or pressure are reported with variable precision. Low-precision values are transmitted with two bytes while high-precision values are transmitted with four bytes. The precision can change unpredictably during operation so you have to query what mode the system is in before requesting data. This is clearly simpler than just always transmitting four bytes for both formats. What happens if the precision mode changes between the query and data request commands?

3) Some of their command naming conventions are absolutely bizarre. There is a command named SetArray that sends one byte. SetArray(0) turns the machine off, SetArray(1) turns it on, SetArray(2) causes the machine to return an error string that incidentally also tells you if the device is on or off so you can query its state.

4) There are only three error codes - 'bad data', 'bad value', and 'the system is on or off'. What is the difference between having bad data or having a bad value? No loving idea, the manual doesn't waste time on such trivial concerns. Reporting the on/off state as an error is cute.

5) Not really a coding thing, but once you've started talking to the device via the RS-232 port it locks out the front panel buttons except for the 'power off' button. That isn't totally crazy, lots of devices have local/remote control modes. What is crazy is that you can't turn the device on from the front panel once it's in remote mode. You can only turn it on via RS-232, with the SetArray(1) command. This 'feature' isn't covered in the manual so I spent a good hour thinking our new chiller was broken when all of the front panel buttons went dead.

# ? Mar 4, 2012 18:23

Internet Janitor: May 17, 2008; "That isn't the appropriate trash receptacle."

Maybe "bad value" means you sent something invalid as a command and "bad data" means you sent something invalid as an argument to a command? That sounds really awful, dude.

# ? Mar 4, 2012 18:35

TOO SCSI FOR MY CAT: Oct 12, 2008; this is what happens when you take UI design away from engineers and give it to a bunch of hipster art student "designers"

https://github.com/rails/rails/issues/5228

Russian programmer discovers massive security vulnerability in Rails. He reports it to the issue tracker, then the issue gets closed by Rails devs.

He uses it to re-open the issue, as a proof-of-concept.

Rails devs close it again.

He files Issue #5239: I'm Bender from Future. from the year 3012, and re-opens the original issue.

Rails devs close it again.

He submits a new file, "hacked", to the main Rails repository and re-opens the original issue.

# ? Mar 4, 2012 19:58

Haystack: Jan 23, 2005

So looking into it, that attack happened/was possible because Rails developers (including Github!) have a habit of stuffing data directly from HTTP params into Rails's ORM without validation. That's insane.

# ? Mar 4, 2012 20:50

kitten smoothie: Dec 29, 2001

Haystack posted:

So looking into it, that attack happened/was possible because Rails developers (including Github!) have a habit of stuffing data directly from HTTP params into Rails's ORM without validation. That's insane.

Imagine code like this (which is probably all over various Rails apps)

code:

@user = User.find(params[:id])
@user.update_attributes(params[:user]))

Then you just need to handcraft your request to add something like "is_admin=1" and bam, you've just made yourself an admin.

You are supposed to define "attr_accessible" in your models to whitelist what attributes are allowed to be updated in this mass-assignment manner.

It seems like perhaps attr_accessible should default to an empty list so that nothing could accidentally be stomped on in this way?

# ? Mar 4, 2012 22:57

Malloc Voidstar: May 7, 2007; Fuck the cowboys. Unf. Fuck em hard.

Here's the Github announcement: https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation

# ? Mar 5, 2012 00:26

tef: May 30, 2004; -> some l-system crap ->

kitten smoothie posted:

It seems like perhaps attr_accessible should default to an empty list so that nothing could accidentally be stomped on in this way?

It feels like you are solving the wrong problem though �Let's just turn register_globals off by default�.

# ? Mar 5, 2012 00:30

Jabor: Jul 16, 2010; #1 Loser at SpaceChem

I like how the Rails guys are all "but insecure-by-default is a feature!"

# ? Mar 5, 2012 00:48

Look Around You: Jan 19, 2009

Aleksei Vasiliev posted:

Here's the Github announcement: https://github.com/blog/1068-public-key-security-vulnerability-and-mitigation

Github has reinstated his account. So that's good at least.

# ? Mar 5, 2012 04:06

Adbot: ADBOT LOVES YOU

# ? Apr 26, 2024 15:26

McGlockenshire: Dec 16, 2005; GOLLOCKS!

Here's how he did it.

I don't speak Rails, but from all the hubbub from those classy rockstars over on Hacker News, apparently any random Rails application may suffer from the same problem unless they expressly turn off the ORM magic that makes it possible.

# ? Mar 5, 2012 05:18

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Coding Horrors: You can gather all your technical debt into one easy framework!

«‹›1501 »