Over at OpenSource.com, Rich Bowen has a fine article about software documentation.
Have you noticed that the more frequently a particular open source community tells you to RTFM, the worse the FM is likely to be? I’ve been contemplating this for years, and have concluded that this is because patience and empathy are the basis of good documentation, much as they are the basis for being a decent person.
Empathy is the ability to understand needs of others so it’s a particularly good trait for someone who’s writing software instructions. This week Your JoeDog was installing a vendor’s code and he ran into a snag with one of the modules. It couldn’t connect to the database and its port listeners were walking on those of another module.
Your JoeDog took the time to detail theses issues so the vendor would have an easy time with his diagnosis. If you construct your prose with the recipient in mind, then you can convey a more meaningful message. That thoughtfulness did make it easy for the vendor to diagnose the problem. Your JoeDog sent him over 1000 words and he replied with a single sentence. That sentence solved his problem while it boiled his blood. And what did the vendor say that caused such a reaction?
“You don’t need to install that.”
“WTMF?” Your JoeDog thought. He omitted MFs from his reply and simply asked the vendor this: “Then why does your documentation tell me to install that?”
“That’s just generic documentation we send to all customers,” he said.
A more empathetic man would have pruned and tailored his documentation to meet the needs of the target audience. Does Your JoeDog consider this man empathetic? No. He thinks he’s kind of a dick.
When Your JoeDog was in Palo Alto, he was thumbing through a real estate guide in the lobby of a hosting provider. A two-bedroom, 900 sq. foot post-war house caught his eye, not because it was nice but because it was listed for over a million dollars. That same house in the heartland would probably sell for one-tenth as much.
Now Tech Crunch tells us about the Facebook effect on real estate prices. Two years ago, the hoodied company announced it was moving from Palo Alto to Menlo Park. The effect on local real estate was astounding. Prices in Menlo Park increased 41.9%. In East Palo Alto — which is near the new fascility — the effect was even more profound. Prices in that neighborhood are up 75.6%.
There’s only one reason why real estate is so expensive in the Silicon Valley: it’s close to work. People are willing to pay a premium for a shorter commute. But why is this so important?
Tech guys have been selling the notion of telecommuting for at least twenty years yet they obviously demand that their own employees show up to the office. High housing prices in the Silicon Valley are testiment to the bullshit they peddle to the rest of us….
Here’s a nice find by Ars Technica.
TV5Monde is a French teevee station whose signals were recently hijacked by Islamic militants. ISIS!! David Delos is a reporter for that station. He was interviewed about the incident by an investigative news program. During the interview, Delos was filmed in front of a staffer’s desk. The staffer’s cube was covered with sticky notes which could be read by the television audience. And what was on those sticky notes you might ask? Um, usernames and passwords.
French authorities are still trying to determine how the station was hacked….
Is Big Software cracking down on programmers who insert Easter Eggs into their code?
“Are they going away? Indeed they are,” says Dr Diomidis Spinellis, a Greek computer science academic and author of The Elements of Computing Style.
“As programming becomes more corporate, more official, one cannot appear to have code that is not officially sanctioned,” he says.
Easter eggs have not undergone the same levels of scrutiny of the rest of the code, he says, and there may be vulnerabilities attached to them.
“They still happen, but they’re less likely to be little bits of code, more likely to be hidden in documentation or code comments,” adds Brendan Quinn, a software architect in London.
“Actual executable stuff hidden in code is something that people are trying to eliminate. With varied success around the industry.”
The argument goes if a manufacturer can’t stop developers from sneaking in benign undocumented features in, how can you be sure they’ve not inserted a backdoor, too.
Your JoeDog doesn’t hide Easter Eggs inside his code. It’s open source. To find them, all you’d have to do is read….
[Business Insider: Twenty-two Easter Eggs]
[BBC News: The End of the Easter Egg?]
Your JoeDog followed the events in France pretty closely. After reading two days of reports from the US and Europe, he had no fscking clue what was going on. The killers were captured and one was dead! Um, the killers are in the woods with helicopters overhead! Um, no, they’re inside a Jewish deli back in Paris. In a rush to publish, the only thing they did was add to our confusion.
And so it goes with the CENTCOM hack. Your JoeDog heard ISIS was inside Pentagon computers!!1!1!!! After sifting through news reports, it appears that ISIS simply defaced their Twitter and YouTube accounts. Wait a second — CENTCOM has a twitter account? What do they post besides “blew up some shit today!”
Is this a Big Deal? It depends on your perspective. From a security standpoint, it’s not. Imagine if you shared your GMail password with a friend and he started sending dick pics to everyone in your address book. That’s pretty much what happened. ISIS gained access to the accounts and pranked the military.
From a public relations perspective, it’s embarrassing. Unless they’re absolute morans, no sensitive data was compromised. You wouldn’t link your bank account to your twitter feed, there’s no reason to believe CENTCOM would do the same with its operational servers. But at the same time, it paints US military as a careless organization. It didn’t use two-factor authentication, its credentials were easy to crack and/or it fell for a phishing expedition.
It does make you wonder what else they’re “protecting” with ‘password123′ or to what extent the people inside Central Command are click-happy. Those are speculative musings which may have no basis in fact. Still, you can imagine a military ass-chewing that began with the Commander-in-Chief and worked its way down to the lowliest private. Your JoeDog is glad he doesn’t work in CENTCOM today.
Your JoeDog was debugging C code. Not just any C code, but C code that was last updated in 2001 by a man who’s now retired. Or maybe he’s dead — the point is he can’t be consulted.
Well, sir, this code was inserting 4 billion and change into a field that expected 1 or 0. The insert was based on a result from a previous query. Your JoeDog debugged that variable and determined it was -1966631820. Hoping that number would shed light on his problem, he plugged it into the Internets.
As of 13:22:05 EST, no human has ever typed that into the Internets. Sensing an opportunity to monopolize a keyword, Your JoeDog typey-typed and added this: -1966631820
UPDATE: Couple things. 1.) A JoeDogger says that Google excludes from its results parameters that are prefaced with a minus sign. 2.) Your JoeDog removed the minus and tried again. A minute after publication, he had captured the number one spot on Google for the keyword ‘1966631820’
A physicist, engineer and a programmer were driving down a mountain pass when the brakes failed. The car started to accelerate and they were soon screaming into the valley. Hanging on for dear life, they smacked the guard rails several times. Fortunately, they came across and escape lane and they were able to navigate up the hill to a stop.
The physicist said, “We need to model temperatures resulting from friction to determine why the brakes failed.”
The engineer said, “I have a case of temperature sensors in the trunk.”
The programmer said, “Let’s not get ahead of ourselves. We need to get the car back up the mountain and see if the failure is reproducible.”
This morning Your JoeDog received a form. Exciting! … wait a second. That’s not exciting. That’s more work!
He had to fill it out and deliver it within Large Corporate Bureaucracy. There were two different delivery options:
- Interoffice messenger
- Fax machine (they still exist for some reason)
The fax option contained these special instructions:
If sending via fax, do not send original. Retain a copy of the completed form for your records.
“Holy shit!” Your JoeDog exclaimed.
“Why do you swear so much?” an emailer emailed this blog. “Young readers don’t need to be exposed to that.” Listen, if your kid is reading this site, then maybe it’s time to buy him a football. By the time he’s old enough to care about these topics, he’s already heard a lot of vulgar language….
“Holy shit!” Your JoeDog exclaimed. “That’s a code salad!”
Our enterprise backup guy is just like your enterprise backup guy. He’s involved with every system, every project and every meeting yet all he does is put ones and zeros on tape. Generally he calls your attention to meaningless minutia but once a decade you learn of something important. Yesterday was once a decade. Backup informed Your JoeDog that the NetBackup client wasn’t installed on a new server.
“That seems unlikely,” Your JoeDog said. “Puppet puts it on every server.” Puppet is our configuration management server. It installs software and writes configurations to every server in the enterprise.
“That’s what I thought,” Backup said. “But it’s not there.”
To prove that Puppet puts it on every server, Your JoeDog showed him the code. We’ll examine that code after the jump
Continue reading Please Don’t Use Comments To Alter Functionality
Here’s a question which tends to make Your JoeDog cringe: “So, what do you do?”
It’s often asked when he has a drink in his hand. And when he has a drink in hand, he doesn’t want to talk about work. Sometimes the inquiring person hears the answer, parses “computers” and wants to know why their laptop is slow. Honestly, Your JoeDog has no idea. Occasionally, he meets another nerd who wants to talk shop.
Recently he met a web nerd, the kind of web nerd who suffers from illusory superiority because he lacks the skill to recognize his ineptitude. These guys often contain a conspiratorial streak. This guy was no exception. The conversation soon shifted to hacking and web security.
Web Nerd puked a word salad of vulnerabilities but his beloved PHP was exonerated. “You can’t inject SQL because the mysql libs don’t allow multiple statements,” he said.
Couple points. 1.) the PHP mysql_ functions are deprecated. Astute JoeDog readers use PDO or MySQLi. 2.) You can still do injection as long as you keep it in a single statement.
Let’s try that after the jump!
Continue reading Check Your Inputs: SQL Injection Edition