There's no question I wrote the couple of things I've done for work to automate things, but I swear every time I have to revisit the code after a long while it's all new again, often wondering what the hell was I thinking. I like to tell myself that since I'm improving the code each time I review it, each new change must be better overall code. Ha. But it works...
I stated programming games on a school computer in the early to mid 80’s. When the tape drive broke, I still used to have the code in my head, just type it all in for others to play. Now I find code I wrote last month and can’t remember doing it. At least it tends to be, “which genius wrote this” these day. Tend to leave comments everywhere for myself now, including my own name and other messages to myself like,“don’t touch this it works, your bug will be in…”
Yeah, I’m about the same age and started noticing my ability to keep everything in memory falling at around the mid 20s. I mean, I’m still probably way better at keeping all manner of obscure details in memory compared to the average person (we exercise that so much in this profession it’s only normal), but it’s below the peak point, not enormously so but it’s kind like having once been a top “athlete”, years later you know you can’t reach that peak performance anymore.
Also once you go through the full life-cycle of enough of your projects (that got shipped and a year or two later you have to pick it up and change it), you kinda figure out that even at peak “performance” you wouldn’t be remembering much from a project from years ago and start adding comments to help you pick it back up and alert you to possible pitfalls you noticed and avoided but forgot all about in the meanwhile.
Fortunally I figured it out long ago that I’ve created a couple of principles around commenting that have repeatedly saved my ass years later: things like documention parameter assumptions in functions, actually writting down the “why we do this” or commenting before the code of especially complex algorithms (I actually design the algorithm to the comment first and only after than code it).
Oh ruck. At twenty I could remember the direct way through the Zac Mc.Kracken Mazes. And all the chords of our Bands songs. And all the Beatles lyrics. But heck... no code.... now I at least remember the bash scripts.....
I started a practice with my team on our wiki. We have a section named the Oamonomicon, since out system is named OAM. Any sort of weird one off request or problem gets documented there. What were the symptoms? What steps did we use to find the problem? Then if we start seeing a pattern of issues, we have a better idea of how to resolve them.
Me too. But the other day, a junior developer and I were looking at some fairly old code, and I recognized the writing style in the comment as mine. We ran p4 annotate and, sure enough, I was the baddie.
Specialists, ah I wish I could experience that. Maybe then I would be able to see my long lost love c++ again. Instead, I must give my love freely. Javascript, Java, Kubernetes, Go, many names flit through when profit is the goal. Someday maybe, hopefully, ChatGPT will end my tired soul.
I’ve heard of all sorts of issues with my fiber ISP (Verizon Fios) rolling out IPv6. It’s been years that they’ve been slowly rolling it out for testing in a few places. There’s virtually no useful documentation on their website about it. And it’s still not available where I am.
4k was fine until I tried watching 8k 60fps HDR on YouTube, disabling IPv6 fixed it. It was weird because speedtest and torrents were completely fine using full bandwidth, just YouTube needed me to disable ipv6
Yeah it’s a huge source of problems. If you are outside the US your IPv6 prefix is never gonna be correct in every GeoIP database, even if you send a request to have it corrected, so you sometimes get geoblocked and other sites just block you because it sometimes gets classified as VPN.
I did it by acquiring my own AS number and prefix, allowing me to set the geofeed, and announcing it via public BGP from a box in a data center. Took a few days for most things to pick it up the geolocation.
It also means you no longer need the kludge that is NAT. Full E2E connectivity is really nice – though I’ve found some network admins dislike this idea because they’re so used to thinking about it differently or (mistakenly) think it adds to their security.
NAT still has its place in obfuscating the internal network. Also, it’s easier to think about firewall/routing when you segregate a network behind a router on its own subnet, IMO.
There’s no reason your clients can’t have public, world routeable IPs as well as security.
There are a lot of valid reasons, other than security, for why you wouldn’t want that though. You don’t necessarily want to allow any client’s activity to be traceable on an individual level, nor do you want to allow people to do things like count the number of clients at a particular location. Information like that is just unnecessary to expose, even if hiding it doesn’t make anything more secure per se.
Well good news. Because ipv6 has a thing called privacy extensions which has been switched on by default on every device I've used.
That generates random ipv6 addresses (which are regularly rotated) that are used for outgoing connections. Your router should block incoming connections to those ips but the os will too. The proper permanent ip address isn't used for outgoing connections and the address space allocated to each user makes a brute force scan more prohibitive than scanning the whole Ipv4 Internet.
So I'm going to say that using routable ipv6 addresses with privacy extensions is more secure than a single Ipv4 Nat address with dnat.
Yes, of course. But saying trite things like that doesn’t get around the idea that giving out a map of the internal network by default isn’t the best policy.
With CGNAT, governments still spy on individual addresses when they want. Since those individual addresses now cover a whole bunch of people, they effectively spy on large groups, most of whom have nothing to do with whatever they’re investigating. At least with IPv6, it’d be targetted.
NAT obscurity comes at a cost. Its gain is so little that even a small cost eliminates its benefit.
Governments are not anyone’s issue other than other governments. If your threat model is state actors, you’re SOL either way.
Making it harder for everyone else is the goal, and to do that you need a swiss cheese model. Hopefully all the holes don’t line up between the layers to make it that much harder to get through. You aren’t plugging all the holes, but every layer you put on makes it a little bit harder.
And NAT is not just simple to set up, it’s the intuitive base for the last 30 years of firewalls. I don’t see where you get a cost from it. As I said, separating network spaces with it comes naturally at this point. Maybe that’ll change, but I remember using routable IPV4 when it was it the norm, and moving to NAT made that all feel way more natural.
Governments are not anyone’s issue other than other governments. If your threat model is state actors, you’re SOL either way.
That’s a silly way to look at it. Governments can be spying on a block of people at once, or just the one person they actually care about. One is clearly preferable.
Again, the obscurity benefit of NAT is so small that literally any cost outweighs it.
I don’t see where you get a cost from it.
Firewall rules are more complicated
Firewall code is more complicated
Firewall hardware has to be beefier to handle it
NAT introduces more latency
CGNAT introduces even more latency
It introduces extra surface area for bugs in the firewall code. Some security related, some not. (I have one NAT firewall that doesn’t want to setup the hairpin correctly for some reason, meaning we have to do a bunch of workarounds using DNS).
Lots of applications have to jump through hoops to make it through NAT, such as VoIP services
Those hoops sometimes make things more susceptible to snooping; Vonage VoIP, for example, has to use a central server cluster to keep connections open to end users, which is the perfect point to install snooping (and this has happened)
. . . and that centralization makes the whole system more expensive and less reliable
A bunch of apps just never get built or deployed en masse because they would require direct addressing to work; stuff like a P2P instant messenger
Running hosted games with two people behind NAT and two people on the external network gets really complicated
. . . something the industry has “fixed” by having “live service” games. In other words, centralized servers.
TLS has a field for “Server Name Indication” (SNI) that sends the server name in plaintext. Without going far into the details, this makes it easier for the ISP to know what server you’re asking for, and it exists for reasons directly related to IPv4 sticking around because of NAT. Widespread TLS use would never have been feasible without this compromise as long as we’re stuck with IPv4.
We forced decisions into a more centralized, less private Internet for reasons that can be traced directly to NAT.
If you want to hide your hosts, just block non-established, non-related incoming connections at your firewall. NAT does not help anything besides extending IPv4’s life.
Long story short is that NAT is eggshell security and you should be relying on actual firewall rules (I wouldn’t recommend F5) instead of the implicit but not very good protections of NAT.
Honestly, these days I have no idea. When I said “wouldn’t recommend” that wasn’t an assertion to avoid; just a lack of opinion. Most of my recent experience is with Cloud vendors wherein the problem domain is quite different.
I’ve had experience with most of the big vendors and they’ve all had quirks etc. that you just have to deal with. Fundamentally it’ll come down to a combination of price, support requirements, and internal competence with the kit. (Don’t undermine the last item; it’s far better if you can fix problems yourself.)
Personally I’d actually argue that most corporates could get by with a GNU/Linux VM (or two) for most of their routing and firewalling and it would absolutely be good enough; functionally you can do the same and more. That’s not to say dedicated machines for the task aren’t valuable but I’d say it’s the exception rather than rule that you need ASICs and the like.
It wasn’t designed for a security purpose in the first place. So turn the question around: why does NAT make a network more secure at all?
The answer is that it doesn’t. Firewalls work fine without NAT. Better, in fact, because NAT itself is a complication firewalls have to deal with, and complications are the enemy of security. The benefits of obfuscating hosts behind the firewall is speculative and doesn’t outweigh other benefits of end to end addressing.
The main benefit of a NAT is that by default it prevents all external access to the hosts inside the network. Any port you have open is not accessible unless explicitly forwarded.
This has a lot of security benefits. Regardless, everything you said is sounds true to me.
You can get exactly the same benefit by blocking non-established/non-related connections on your firewall. NAT does nothing to help security.
Edit: BTW–every time I see this response of “NAT can prevent external access”, I severely question the poster’s networking knowledge. Like to the level where I wonder how you manage to config a home router correctly. Or maybe it’s the way home routers present the interface that leads people to believe the two functions are intertwined when they aren’t.
If your home router blocked incoming connections on IPv4 by default now, then it’s likely to continue doing so for IPv6. At least, I would hope so. The manufacturer did a bad job if otherwise.
I still have to initiate the outgoing UDP. Are you talking about the specific case where any software running on my host can initiate it without me requesting?
I think you’ll find some ISPs will be reluctant to let go of CGNAT - they’re doing quite nicely by charging extra for ‘commercial’ services where it’s not in the way.
Fortunately, many of us know about cloudflare tunnelling and other services, so NAT really isn’t a problem to self hosters and even SMEs any more.
ipv6 in companies… ipv6 is not hard, but for internal networking no company (really) “needs” more than rfc1918 address space. thus any decision in that direction is always “less” needed than any bonus for (da)magement personnel is crucial for the whole companies survival…
for companies services to be reachable from outside/ipv6 mostly “only” the loadbalancers/revproxies etc need to be ipv6 ready but … this i.e. also produces logs that possibly break decades old regexes that no one understands any more (as the good engineers left due to too many boni payed to damagement personnel) while other access/deny rules that could break or worse let through where they should block (remember that 192.168. could the local part of ipv6 IF sone genious used a matching mech that treats the dot “.” as a wildcard as overpayed damagement personnel made them rush too fast), could be hidden “somewhere”. altogether technical debt is a huge blocker for everything, especially company growth, and if no customer “demands” ipv6, then it stays on the damagement personnels list as “fulfilling the whishes of engineers to keep them happy” instead of on the always deleted “cleaning up technical debt caused by damagement personnel” list.
setting up firewalls for ipv6 is quite easy and if you go the finegrained “whitelisted or drop/block” approach from the beginning it might take a bit for ipv6 specials to be known to you, but the much bigger thing is IMHO the then current state of firewall rules. and who knows every existing rule? what rules should be removed already and must not be ported to ipv6? usually firewalls and their rules are a big mess due to … again too many boni payed to damagement personnel, hindering the company from the needed steps forward…
ipv6 adoption is slow for reasons that are driving huge cars that in turn speed up other problems ;-|
i once had to look at a firefall appliance cluster, (discovered, it could not do any failover in its current state but somehow the decider was ok with that) but when looking at its logs, i discovered an rsh and rcp access from an ip address that belonged to a military organisation from a different continent. i had to make it a security incident. later the vendor said that this was only the cluster internal routing (over the dedicated crosslink), used for synchronisation (the thing that did not work) and was only used by a separate routing table only for clustersync and that could never be used for real traffic. but why not simply use an ip that you “own” by yourself and PTR it with a hint about what this ip is used for? instead of customers scratching their head why military still uses rcp and rsh. i guess because no company reads firewall logs anyway XD
someone elses ip? yes! becuase they’ll never find out !!1!
i really appreciate that ipv6 has things like a dedicated documentation address range and that fc00:/7 is nicely short.
On Error Resume Next never before have more terrible words been spoken.
Every time I’m reading a PowerShell script at work and see -ErrorAction SilentlyContinue I want to scream into a pillow and forcefully revert their commit.
I’ve actually done it a few times, but I want to do it every time.
but you can follow any exception down to the exact line of code (or JNI call, I guess) where the problem occurs.
But, it’s not really where the problem occurred. How often do you get a stack trace and the bug fix is at the line referenced by the stack trace? Almost never. It’s more that it takes you down to the exact line of code where the effects of the problem are bad enough to affect the running of the program. But, the actual problem happened earlier, sometimes much earlier.
For example, NullPointerException isn’t actually the problem, it’s a symptom of the problem. Something didn’t get initialized properly, and nobody noticed for a while, until we tried to use it, and got a null pointer. Sometimes it’s easy to go from the effect (null pointer) to the cause (uninitialized thing). But, other times that “thing” was passed in, so you have to work backwards to try to figure out where that thing comes from, and why it’s in that broken state.
Sure, it’s better than nothing, but it’s still frustrating.
I think it’s pretty useful, be interested to hear your hangups with it though because it’s definitely not perfect.
If something goes wrong and I have a stack trace, that plus the type of exception will almost always be enough for me to figure out what’s wrong at least as a starting point. I’ve worked mostly with JVM languages in my career though so maybe I just don’t know how bad it actually is.
That happened to me. I noticed a vague Monday morning meeting when I logged on. Checked with my team to see if they knew what it was about and no one knew. Supervisor was MIA on slack. Just before it starts we got a group text from him that essentially said, “what the fuck. I’m so sorry guys. I’m not allowed to speak or I’m immediately fired”
I checked the invite list and, sure enough… VP of department, VP of HR, my supervisor, and my small team. I instantly knew we were all fired.
Joined the meeting a few minutes early and it was just my teammates all wondering out loud what’s going on. They’re all pretty young. Couldn’t help but blurt out, “nice knowing yall…”
Supervisor texts me with “please don’t, we’ll grab a drink right after this”
The cool executives log and blah blah blah your team is getting shuttered thanks bye.
Oh and my supervisor quit a month later, right after he got the end of year bonus. I don’t blame him. Good dude. He helped a lot of the team secure other jobs in the industry within 3 months
“Insufficient detail. Please ask a specific question.”
This is a very real problem from the answering side. So many people would rather have you guess what they’re trying to ask and then get mad at you when you guess wrong.
I know whenever I try to help someone with a Linux issue it’s always an uphill battle to get them to stop guessing what they think the problem might be and show me the logs.
People really don’t want to give you the information you need to help them.
I make sure to give my guess and also append as many logs and exact information as possible, right down to every step I took that produced the problem.
So far my success rate with the forums is 0%. But hey, people at least tried to be helpful!
I hope this is a joke because the Arabic translation is so wrong. It’s also confusing because Arabic is written from right to left so it’ll just create a mess. The translators are using “letter case” and translated it literally to Arabic. The word used doesn’t mean “letter” as in a letter in the alphabet but “letter” as in what you send in the post office. These are totally different words in Arabic.
It’s somewhat difficult to translate, because Arabic doesn’t have the concept of case in letters. Usually you can use “حروف صغيرة” or ”حروف كبيرة” which literally translates as “small letters” and “big letters”. For the general “letter case” you can use “حالة الأحرف”. So it’ll be something like : تجاهل حالة الأحرف
Dumb question but your comment got this into my head: in your response, since it’s mostly English and LTR, are the Arabic words in your response read right to left?
Yes it’s always read right to left, which can be confusing when you combine English and Arabic. When you reach the Arabic word or sentence you jump to its beginning which is the first Arabic letter to the right, read it from there to the left, and then continue to the next English word when you’re done.
Also this is why unicode has codepoints signifying where to switch between right to left and left to right writing, so that letters can be correctly written “forwards” in the underlying file format (first letter written first) for both writing systems and also rendered correctly for both writing systems on display
Spanish is also wrong, this one means “ignore-letter-size”. I’m not sure if there is an official correct way to say in a short manner, I would say “ignorar-capitalizacion” but I think it’s just a barbarism.
I have a sneaking suspicion that most memes are from CS students, it all makes sense. People with jobs don’t have time to make memes, get angsty about languages, or syntax issues.
Sure but I’m not sure that most HR management software companies are going to be keen on handing over source for you to review.
5/7 Software package is pure garbage.Tim forgot to remove his TODO comment from line 1052 of main and there are three instances of inconsistent indentation in the API module. Therefore, our automation pipeline has marked our own employees as “needs improvement”.
It’s annoying to be the weird one that rewrites all the code on the files I touch because I bothered to press format. Then someone forgets to pull before changing the code and suddenly the merge is not fast forward and the conflict resolution is a mess. It’s not that big of a deal, for me a t least, but when i format the code it’s 3 other dumbasses that get conflicts, and sometimes I just can’t bother enough to fix their issues because I took care of formatting it once.
Nowadays I use an opinionated linter, format my stuff and call it a day.
I loathe linter errors. If you know that I did it wrong and how, just fix it and stop wasting everyone’s time. That’s why I’m in favor of opinionated formatters in the per-commit automation. No point in wasting everyone’s time and making silly merge conflicts possible.
last week I had misconfigured my auto-format and it was leaving commas and whitespaces. The amount of “WHAT HAVE YOU DONE???” comments I got were of the chart.
There was a linter in place, I literally could not merge unless the issues were fixed, yet people felt compelled to point them out.
shit I am a CS student and I barely have the time for memeing about the languages I’m using between all my other classes, and the other stuff I study in my downtime. I’m just stoked to get a slapdash of code together and actually have it do what I want it to the first time around.
Unfortunately this idea tracks with a lot of online content. People who have time and energy to be extremely opinionated about things generally either don’t have a lot else going on, or have direct personal experience that led to their strong views. As people get older and life gets busier people seem far more likely to just do whatever they need to get by and shut up about it.
Seriously, go look up some of the user demographics polls and analysis that was done against various subs on the old site. Most users are/were college age or younger even. Puts a lot of the “sillier” subs like relationshipadvice into context.
In my opinion this is a problem with the internet in general, younger people tend to crave attention and often receive the most online because of the anonymous platform it gives them.
As I approach 35 I find myself half writing comments and deleting them because I don’t fucking care. This time I will press send
Yeah, if something in my life frustrates me, be it coding or otherwise, I search for solutions online and complain to friends “offline”, If I ever thought of making content, it would be on solutions I found of things that frustrated me,. and I’m not even that old.
After 10 years of doing it for work, I still get frustrated about language issues.
But semicolons? It’s 2023, why does your language have semicolons at all? If you’re one of those poor sods stuck with Java, still it’s not an issue, all IDEs will warn you, and basically complete half the code for you.
They pay me more money than all of the other Devs because I’m the only guy willing to take on our existing stacks usage of shudders JavaScript. Most Devs I meet straight up refuse to learn it, let alone code in it.
It’s 2023, why does your language have semicolons at all?
Explicitly constructing your intentions are features of a language.
I LOVE types. I LOVE semi colons. I LOVE compiler errors.
Why? Because the ALTERNATIVE is finding (if you’re lucky) unexpected behaviour at run-time.
I promise, I promise SO HARD, that memes about semi colons or “my code doesn’t compile” are GREAT problems to have.if that’s what’s making you sad, your life is good and you’re getting paid 10x too much.
Types give structure to your program, prevent bugs and make team work easier. Semicolons are an artifact of the times it was thought multiple statements could go on a same line. Although I do admit, they make language design easier.
Semicolons are optional in JavaScript unless you are combining multiple statements on a single line, which is generally not something you should be doing anyway.
I avoid them whenever possible. It encourages people to write poorly formatted code. But then I’m a python dev so I tend to be opinionated when it comes to whitespace.
programmerhumor
Top
This magazine is from a federated server and may be incomplete. Browse more on the original instance.