Subscribe: The Daily WTF
http://syndication.thedailywtf.com/TheDailyWtf
Added By: Feedage Forager Feedage Grade B rated
Language: English
Tags:
>length  burt  cpu usage  dashboard  data science  data  end  joe  keurig  locs  make  server  service  smart home  stmp  xander 
Rate this Feed
Rate this feedRate this feedRate this feedRate this feedRate this feed
Rate this feed 1 starRate this feed 2 starRate this feed 3 starRate this feed 4 starRate this feed 5 star

Comments (0)

Feed Details and Statistics Feed Statistics
Preview: The Daily WTF

The Daily WTF



Curious Perversions in Information Technology



Last Build Date: Wed, 28 Jun 2017 23:04:41 GMT

 



News Roundup: The Internet of Nope

Wed, 28 Jun 2017 10:30:00 GMT

Folks, we’ve got to talk about some of the headlines about the Internet of “Things”. If you’ve been paying even no attention to that space, you know that pretty much everything getting released is some combination of several WTFs, whether in conception, implementation, and let’s not forget security. I get it. It’s a gold-rush business. We’ve got computers that are so small, so cheap, and so power-efficient, that we can slap the equivalent of a 1980s super-computer in a toilet seat. There's the potential to create products that make our lives better, that make the world better, and could carry us into a glowing future. It just sometimes feels like that's not what anybody's actually trying to make, though. Without even checking, I’m sure you can buy a WiFi enabled fidget spinner that posts the data to a smartphone app where you can send “fidges” to your friends, bragging about your RPMs. We need this news-roundup, because when Alexa locks you out of your house because you didn’t pay for Amazon Prime this month, we can at least say “I told you so”. You think I’m joking, but Burger King wants in on that action, with its commercial that tries to trick your Google Assistant into searching for burgers. That’s also not the first time that a commercial has trigged voice commands, and I can guarantee that it isn’t going to be the last. Now, maybe this is sour grapes. I bought a Nest thermostat before it was cool, and now three hardware generations on, I’m not getting software updates, and there are rumors about the backend being turned off someday. Maybe Nest needs a model more like “Hive Hub”. Hive is a startup with £500M invested, making it one of the only “smart home” companies with an actual business model. Of course, that business model is that you’ll pay $39.99 per month to turn your lights on and off. At least you know that some of that money goes to keeping your smart-home secure. I’m kidding, of course- nobody spends any effort on making these devices secure. There are many, many high profile examples of IoT hacks. You hook your toaster up to the WiFi and suddenly it’s part of a botnet swarm mining BitCoins. One recent, high-profile example is the ZigBee Protocol, which powers many smart-home systems. It’s a complete security disaster, and opens up a new line of assault- instead of tricking a target to plug a thumb drive into their network, you can now put your payload in a light bulb. Smart-homes aside, IoT in general is breeding ground for botnets. Sure, your uncle Jack will blindly click through every popup and put his computer password in anything that looks like a password box, but at least you can have some confidence that his Windows/Mac/Linux desktop has some rudimentary protections bundled with the OS. IoT vendors apparently don’t care. Let’s take a break, and take a peek at a fun story about resetting a computerized lock. Sure, they could have just replaced the lock, but look at all the creative hackery they had to do to get around it. With that out of the way, let’s talk about tea. Ever since the Keurig coffee maker went big, everyone’s been trying to be “the Keurig for waffles” or “the Keurig for bacon” or “the Keurig for juice”- the latter giving us the disaster that is the Juicero. Mash this up with the Internet of Things, and you get this WiFi enabled tea-maker, which can download recipes for brewing tea off the Internet. And don’t worry, it’ll always use the correct recipe because each pod is loaded with an RFID that not only identifies which recipe to use, but ensures that you’re not using any unathorized tea. In addition to the “Keurig, but for $X,” there’s also the ever popular “the FitBit, but for $X.” Here’s the FitBit for desks. It allows your desk to nag you about getting up, moving around, and it’ll upload your activity t[...]



Not so DDoS

Tue, 27 Jun 2017 10:30:00 GMT

Joe K was a developer at a company that provided a SaaS Natural Language Processing system. As Chief Engineer of the Data Science Team (a term that make him feel like some sort of mad professor), his duties included coding the Data Science Service. It provided the back-end for handling the complex, heavy-lifting type of processing that had to happen in real-time. Since it was very CPU-intensive, Joe spent a lot of time trying to battle latency. But that was the least of his problems. The rest of the codebase was a cobbled-together mess that had been coded by the NLP researchers- scientists with no background in programming or computer science. Their mantra was “If it gets us the results we need, who cares how it looks behind the scenes?” This meant Joe’s well-designed data service somehow had to interface with applications made from a pile of ugly hacks. It was difficult at times, but he managed to get the job done while also keeping CPU usage to a minimum. One day Joe was working away when Burt, the company CEO, burst in to their humble basement computer lab in an obvious tizzy. Burt rarely visited the “egghead dungeon”, as he called it, so something had to be amiss. “JOE!” he cried out. “The production data science service is completely down! Every customer we have gave me an angry call within the last ten minutes!” Considering this was an early-stage startup with only five customers, Burt’s assertion was probably true, if misleading. “Wow, ok Burt. Let me get right on that!” Joe offered, feeling flustered. He took a look at the error logging service and there was nothing to be found. He then attempted to SSH to each of the production servers, with success. He decided to check performance on the servers and an entire string of red flags shot straight up the proverbial flag pole. Every production server was at 100% CPU usage. “I have an effect for you, Burt, but not a cause. I’ll have to dig deeper but it almost seems like… a Denial of Service attack?” Joe offered, not believing that would actually be the case. With only five whitelisted customers able to connect, all of them using the NLP system to its fullest shouldn’t come even close to causing this. While looking further at the server logs, Joe got an instant message from Xander, the software engineer who worked on the dashboards, “Hey Joe, I noticed prod was down… could it be related to something I’m doing?” “Ummm… maybe? What is it you are doing exactly?” Joe replied, with a new sense of concern. Xander’s dashboard shouldn’t have any interaction with the DSS, so it seemed like an odd question. Requests to the NLP site would initially come to a front-end server, and if there was some advanced analysis that needed to happen, that server would RPC to the DSS. After the response was computed, the front-end server would log the request and response to the Xander’s dashboard system so it could monitor usage stats. “Well, the dashboard is out of sync,” Xander explained. There had been a bug causing events to not make it to the dashboard system for the past month. They would need to be added to make the dashboard accurate. This could have been a simple change to the dashboard’s database, but instead Xander decided to replay all of the actual HTTP requests to the front end. Many of those requests triggered processing on the DSS- processing which had already been done. And since it was taking a long time, Xander had batched up the resent requests and was running them from three different machines, thus providing a remarkably good simulation of a DDoS. “STOP YOUR PROCESS IMMEDIATELY AND DO THIS THE RIGHT WAY!” Joe shot back, all caps intended. “Ok, ok, sorry. I’ll get this cleaned up,” Xander assured Joe. Within 15 minutes, the server CPU usage returned to normal levels and everything was great again. Joe was able to get Burt off [...]



CodeSOD: Plurals Dones Rights

Mon, 26 Jun 2017 10:30:00 GMT

Today, submitter Adam shows us how thoughtless language assumptions made by programmers are also hilarious language assumptions: "So we're querying a database for data matching *title* but then need to try again with plural/singular if we didn't get anything. Removing the trailing S is bad, but what really caught my eye was how we make a word plural. Never mind any English rules or if the word is actually Greek, Chinese, or Klingon." if ((locs == NULL || locs->Length() == 0) && (title->EndsWith(@"s") || title->EndsWith(@"S"))) { title->RemoveCharAt(title->Length()-1); locs = data->GetLocationsForWord(title); } else if ((locs == NULL || locs->Length() == 0) && title->Length() > 0) { WCHAR c = title->CharAt(title->Length()-1); if (c >= 'A' && c Append(@"S"); } else { title->Append(@"s"); } locs = data->GetLocationsForWord(title); } Untils nexts times: ευχαριστώs &s 再见s, Hochs! and luck, would hopefully synchronize the two databases. Buried in the 2,000 line method, at about line 1,751, was a block that actually executed the statements: If bolUseSQL Then For Each sTmp As String In sProductsTableSQL sTmp = sTmp.Trim() If sTmp <> "" Then SQLUpdatesSQL(lngIDSQL, sTmp, dbQR5) End If Next sTmp End If Once he was done screaming at the insanity of the entire process, Stuart looked at the way product categories worked. Store 924 didn’t carry anything in the ALCOHOL category, due to state Blue Laws, but had added a PRODUCE category. None of the other stores had a PRODUCE category (if they carried any produce, they just put it in PREPARED_FOODS). Fixing the glitch that caused the application to crash when it had too many categories would take weeks, at least- and Miranda already told him a fix was coming. All he had to do was keep it from crashing until then. Into the StoreSQLUpdates table, he added a DELETE statement that would delete every category that contained zero items. That would fix the immediate problem, but when the ProductDataPump.exe ran, it would just copy the broken categories back around. So Stuart patched the program with the worst fix he ever came up with. If bolUseSQL Then For Each sTmp As String In sProductsTableSQL sTmp = sTmp.Trim() If sTmp <> "" Then If nStoreNumber = 924 And sTmp.Contains("ALCOHOL") Then Continue For ElseIf nStoreNumber <> 924 And sTmp.Contains("PRODUCE") Then Continue For Else SQLUpdatesSQL(lngIDSQL, sTmp, dbQR5) End If End If Next sTmp End If [Advertisement] Application Release Automation – build complex release pipelines all managed from one central dashboard, accessibility for the whole team. Download and learn more today! [...]