New around here? Register your SA Forums Account here!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
MononcQc
May 29, 2007

Write Ahead Ahead Log Log

Adbot
ADBOT LOVES YOU

Aramoro
Jun 1, 2012




Feisty-Cadaver posted:

what in the fuckin world

It was all part of a trading system written on Eclipse RCP. Being a trading system it was extremely time sensitive and it would regularly poo poo the bed and cost that tens of millions of dollar in incomplete or late trades.

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER


Aramoro posted:

It was all part of a trading system written on Eclipse RCP. Being a trading system it was extremely time sensitive and it would regularly poo poo the bed and cost that tens of millions of dollar in incomplete or late trades.

as well it should

the people who lost out on tens of millions should be rewarded with a trip to the guillotine

Feisty-Cadaver
Jun 1, 2000
The worms crawl in,
The worms crawl out.

Aramoro posted:

It was all part of a trading system written on Eclipse RCP

I have made some poor decisions in my life, but good golly that's something else

edit: and I like eclipse for the most part

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat
I love every time you download some dev environment for some piece of hardware and it's a modified version of eclipse that was forked 10 years ago.

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat
My second favorite thing is when you download a dev environment and it's a custom written thing that stores all source code files as a single XML file making source control impossible.

Private Speech
Mar 30, 2011

I HAVE EVEN MORE WORTHLESS BEANIE BABIES IN MY COLLECTION THAN I HAVE WORTHLESS POSTS IN THE BEANIE BABY THREAD YET I STILL HAVE THE TEMERITY TO CRITICIZE OTHERS' COLLECTIONS

IF YOU SEE ME TALKING ABOUT BEANIE BABIES, PLEASE TELL ME TO

EAT. SHIT.


CRIP EATIN BREAD posted:

My second favorite thing is when you download a dev environment and it's a custom written thing that stores all source code files as a single XML file making source control impossible.

the company I worked for had both, one IDE which was based on heavily-modified equinox (eclipse) backend and another written in C# which used megabyte-sized XML blobs to store the code.

I was not involved with either decision

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat

Private Speech posted:

the company I worked for had both, one IDE which was based on heavily-modified equinox (eclipse) backend and another written in C# which used megabyte-sized XML blobs to store the code.

I was not involved with either decision

did that company supply units for in-vehicle satellite+cellular comms?

Private Speech
Mar 30, 2011

I HAVE EVEN MORE WORTHLESS BEANIE BABIES IN MY COLLECTION THAN I HAVE WORTHLESS POSTS IN THE BEANIE BABY THREAD YET I STILL HAVE THE TEMERITY TO CRITICIZE OTHERS' COLLECTIONS

IF YOU SEE ME TALKING ABOUT BEANIE BABIES, PLEASE TELL ME TO

EAT. SHIT.


CRIP EATIN BREAD posted:

did that company supply units for in-vehicle satellite+cellular comms?

humm, aus army? otherwise no

it's not the primary use, that's the only place that used it like that that I can think of

e: i'm sure there's plenty other similar devices though

Private Speech fucked around with this message at 12:30 on Apr 23, 2019

NihilCredo
Jun 6, 2011

iram omni possibili modo preme:
plus una illa te diffamabit, quam multæ virtutes commendabunt

Aramoro posted:

I mean what else could 'uses the permissions of the user who generated the link' mean?

I assumed it meant it used his permissions _to access the linked resource_. Not to do anything else. That is, if John's access to the resource is revoked by the owner, all the shareable links he generated stop working.

As opposed to a more naive implementation where the resource _itself_ is marked as "accessible to anybody who knows this url", and it keeps working even after John is fired.

CRIP EATIN BREAD
Jun 24, 2002

Hey stop worrying bout my acting bitch, and worry about your WACK ass music. In the mean time... Eat a hot bowl of Dicks! Ice T



Soiled Meat

Private Speech posted:

humm, aus army? otherwise no

it's not the primary use, that's the only place that used it like that that I can think of

e: i'm sure there's plenty other similar devices though

well the description of a c# ide with xml sources AND an eclipse based one hit it on the nose for a product from a vendor

Private Speech
Mar 30, 2011

I HAVE EVEN MORE WORTHLESS BEANIE BABIES IN MY COLLECTION THAN I HAVE WORTHLESS POSTS IN THE BEANIE BABY THREAD YET I STILL HAVE THE TEMERITY TO CRITICIZE OTHERS' COLLECTIONS

IF YOU SEE ME TALKING ABOUT BEANIE BABIES, PLEASE TELL ME TO

EAT. SHIT.


CRIP EATIN BREAD posted:

well the description of a c# ide with xml sources AND an eclipse based one hit it on the nose for a product from a vendor

you can hate me for it when it breaks anyway, but it's something of a lovely industry semi-standard so I don't think it's us

e: the army thing is on the website it's not a secret, just to be clear

Private Speech fucked around with this message at 12:45 on Apr 23, 2019

Aramoro
Jun 1, 2012




Feisty-Cadaver posted:

I have made some poor decisions in my life, but good golly that's something else

edit: and I like eclipse for the most part

I should say I did not write either of these systems, just worked on them.

It was kinda the fascinating result of a whole bunch on contractors, pretty much everyone there was a contractor, and hard delineation between the teams. The Database cluster was garbage but the core application team could not talk to them at all, so the txt file buffering system was invented because otherwise they could not guarantee writes to the database.

MrMoo
Sep 14, 2000

Progressive JPEG posted:

haven't hit that specific issue with asio but I did find that teardown is the single hardest part to get right



AWS load balancers hitting the app on mass every second for health checks, each one causing a small leak per connection.

I was expecting the razor tooth pattern early as AWS was not following HTTP/1.1 keep alive at all but surprised it is happening now at max usage. TCMalloc may be making things funky :chome:

Captain Foo
May 11, 2004

we vibin'
we slidin'
we breathin'
we dyin'

CPColin posted:


Never mind that links in this loving application include an authentication token, so sharing links like this "works perfectly" in that anybody can click the link and the application uses the permissions of the user who generated the link. Good news: my current project is to prepare this application to be used by a bunch more people.

we had this issue using some unnamed vendor's printer software

Corla Plankun
May 8, 2007

improve the lives of everyone

NihilCredo posted:

I assumed it meant it used his permissions _to access the linked resource_. Not to do anything else. That is, if John's access to the resource is revoked by the owner, all the shareable links he generated stop working.

As opposed to a more naive implementation where the resource _itself_ is marked as "accessible to anybody who knows this url", and it keeps working even after John is fired.

if there's less than 50 keys total it implies to me that it's just a plaintext login for a given user but maybe its not that bad

Shaggar
Apr 26, 2006

gonadic io posted:

I've been thinking about this for my dumbass website. The entry point after twitter oauth redirect is butt.com/twitter-redirect?apikey=123&API-secret=456

I guess I need to then immediately issue a cookie that links to those creds and redirect them to a URL that doesn't contain secrets? I cent control twitters oauth proceed obviously

i don't think your apikey or secret are supposed to be in the url like that? It should be like butt.com/twitter-redirect or w/e and that endpoint takes the auth response from twitter and handles it. but yes once you get that response and determine it to be a successful authentication you issue a cookie and store the auth token in the session details for the user. then you can use the token in future calls to twitter. However, if you only need to make a single call to twitter to grab user details you can do that during the response handling and then throw away the token.

Feisty-Cadaver
Jun 1, 2000
The worms crawl in,
The worms crawl out.

Aramoro posted:

I should say I did not write either of these systems, just worked on them.

It was kinda the fascinating result of a whole bunch on contractors, pretty much everyone there was a contractor, and hard delineation between the teams. The Database cluster was garbage but the core application team could not talk to them at all, so the txt file buffering system was invented because otherwise they could not guarantee writes to the database.

oh for sure, not meaning to place any blame in your direction. I've worked on some impressively horrific systems, just like everyone else

CPColin
Sep 9, 2003

Big ol' smile.

NihilCredo posted:

probably demonstrating my tp status here, but isn't this basically what google docs and similar web apps do when you choose 'create shareable link' to a document? generate an auth token tied to the user who created the link, embed it in the link, when someone clicks the link the token is checked for non-revocation? seems pretty safe to me

wait - unless CPColin meant a *global* auth token, meaning that anybody who clicks the link created by John is effectively logged in as John and can touch all his stuff. that's not what he meant though, right? right?

Sadly, that's exactly what I meant. Fortunately, I don't think anybody in our current crop of users is savvy enough to recognize the token for what it is or try to use it for anything malicious. I'd definitely rather fix the issue now than after we open the application to a much larger set of users.

I'm planning to change it so the tokens are single-use and don't just hang around for an hour, but I just know some user out there is relying on the current ability to share links, so I'm gonna have to rework some things so sharing links becomes less attractive (like switch the GET to a POST).

Ideally, the token exchange would happen entirely behind the scenes and we'd just pipe the vendor application response straight to the user. I'm trying to get the stakeholders to conclude this is the best idea, despite the extra development time.

Powerful Two-Hander
Mar 9, 2004

Mods please change my name to "Tooter Skeleton" TIA.


well that was an afternoon wasted trying to establish what the cname for our domain controllers is as the answer is nobody knows including the team that supports them, however it was irrelevant because instead of manually performing a bind to a controller to do a global catalog lookup I could have just pulled the dns forest info from the current context and used that to get the gc

ofc every other result for "ad search across multiple domains" returns useless info because literally everybody seems to have gone down the same route as me of "write process to handle one domain, discover it doesn't work for anyone in other regions during testing, fiddle with connection strings then give up and post about it online"

also pretty sure our AD environment is a clusterfuck of two or three different variations that may or may not have any commonality between them depending on what you query

Shaggar
Apr 26, 2006
domainname.tld should point to the list of domain controllers. if you want global catalogs you can lookup SRV records for _gc._tcp.domainname.tld.

Or better yet just use System.DirectoryServices.ActiveDirectory which has ez tools for handling all of this for you.

Powerful Two-Hander
Mar 9, 2004

Mods please change my name to "Tooter Skeleton" TIA.


Shaggar posted:

domainname.tld should point to the list of domain controllers. if you want global catalogs you can lookup SRV records for _gc._tcp.domainname.tld.

Or better yet just use System.DirectoryServices.ActiveDirectory which has ez tools for handling all of this for you.

yeah that's what i ended up with after spending hours banging my head on the wall trying to work out why I could query the gc manually from a local tool but not from app code (something involving binding one domain lower than the root I thinkl

also all our internal infra docs are useless, the best one I found said "our ad topography is a mix of several the future aspiration state is..." that was dated like 2015 and never done lol

Zaxxon
Feb 14, 2004

Wir Tanzen Mekanik

gonadic io posted:

I've been thinking about this for my dumbass website. The entry point after twitter oauth redirect is butt.com/twitter-redirect?apikey=123&API-secret=456

I guess I need to then immediately issue a cookie that links to those creds and redirect them to a URL that doesn't contain secrets? I cent control twitters oauth proceed obviously

that url looks real bad It should be something like butt.com/twitter-redirect?code=xzy

then you do a post request from your server to twitter to verify the code, which gives you an access token to get stuff from twitter.

HoboMan
Nov 4, 2010

aaaaaaaand im hired

gonadic io
Feb 16, 2011

>>=

Zaxxon posted:

that url looks real bad It should be something like butt.com/twitter-redirect?code=xzy

then you do a post request from your server to twitter to verify the code, which gives you an access token to get stuff from twitter.

https://developer.twitter.com/en/docs/basics/authentication/overview/3-legged-oauth posted:

Step 2: GET oauth/authorize

Example URL to redirect user to:
https://api.twitter.com/oauth/authorize?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0

Upon a successful authentication, your callback_url would receive a request containing the oauth_token and oauth_verifier parameters. Your application should verify that the token matches the request token received in step 1.

Request from client’s redirect:
https://yourWhitelistedCallbackUrl.com?oauth_token=NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0&oauth_verifier=uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY

e: i was dumb and it's not secrets. i should make sure that my site validates the verifier token before issuing any cookies, and then if somebody else takes that url and visits it, twitter won't verify the code twice (or maybe it's time limited?) and there's no issue

gonadic io fucked around with this message at 20:02 on Apr 23, 2019

Sapozhnik
Jan 2, 2005

Nap Ghost

HoboMan posted:

aaaaaaaand im hired

:toot:

redleader
Aug 18, 2005

Engage according to operational parameters

HoboMan posted:

aaaaaaaand im hired

initially read this as "tired", but :toot:

DaTroof
Nov 16, 2000

CC LIMERICK CONTEST GRAND CHAMPION
There once was a poster named Troof
Who was getting quite long in the toof

HoboMan posted:

aaaaaaaand im hired


animist
Aug 28, 2018
i'm a TA for a programming class and the professor's code is worse than most of the students :ohdear:

he doesn't seem to know what a naming convention is

on the other hand, he has a research position for me next year, so im not gonna say anything about it

VikingofRock
Aug 24, 2008




HoboMan posted:

aaaaaaaand im hired

Congrats!

gonadic io
Feb 16, 2011

>>=

animist posted:

i'm a TA for a programming class and the professor's code is worse than most of the students :ohdear:

he doesn't seem to know what a naming convention is

on the other hand, he has a research position for me next year, so im not gonna say anything about it

Welcome to academia

Soricidus
Oct 20, 2010
freedom-hating statist shill

animist posted:

i'm a TA for a programming class and the professor's code is worse than most of the students :ohdear:

he doesn't seem to know what a naming convention is

the correct naming convention for academic code is single letters. greek letter names permitted where used in the accompanying paper

gonadic io
Feb 16, 2011

>>=

Soricidus posted:

the correct naming convention for academic code is single letters. greek letter names permitted where used in the accompanying paper

I prefer 2 letter abbreviations of Greek letter names myself. Ep, de, al, be, ga

Jabor
Jul 16, 2010

#1 Loser at SpaceChem
unicode source is truly a great boon

champagne posting
Apr 5, 2006

YOU ARE A BRAIN
IN A BUNKER


Soricidus posted:

the correct naming convention for academic code is single letters. greek letter names permitted where used in the accompanying paper

should i put all the variables and constants at the top of my code text?

TheFluff
Dec 13, 2006

FRIENDS, LISTEN TO ME
I AM A SEAGULL
OF WEALTH AND TASTE

Jabor posted:

unicode source is truly a great boon

quote:

struct DormandالمكاوىPrince1986RKN434FM :
EmbeddedExplicitRungeKuttaNyström {

gotta spell proper names correctly

e: can't put the code in a [code] block because SA does html entity escaping, lol

e2:

чебышёв_series.hpp posted:

// A Чебышёв series with values in the vector space |Vector|. The argument is
// an |Instant|.
template<typename Vector>
class ЧебышёвSeries final {

TheFluff fucked around with this message at 08:36 on Apr 24, 2019

Progressive JPEG
Feb 19, 2003

Jabor posted:

unicode source is truly a great boon

that snack overflow post where someone implemented a preprocessor for templates in go with utf brackets

AggressivelyStupid
Jan 9, 2012

second to terrible single letter or Greek variable names is myThing

Luigi Thirty
Apr 30, 2006

Emergency confection port.

cheburashka series

Adbot
ADBOT LOVES YOU

Soricidus
Oct 20, 2010
freedom-hating statist shill

Boiled Water posted:

should i put all the variables and constants at the top of my code text?

yes. this makes it easier to reuse them all for several different things, names don’t grow on trees

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply