Today I have mostly been using ${insert development technology here}
- Thread starter fractionMan
- Start date
existentialist
Tired and unemotional
Welcome
FridgeMagnet
Administrator
There are compilers for Windows and Android that let you use the appropriate APIs. I don't know how good they are because, well, I use OS X, and if I do mobile development it's for iOS. But obviously there's a lot of interest in a language where you can at least share your basic logic between apps for different platforms, even if you still have to write some custom code for each one as well. (Note that you have to do this if you want an app that works on OS X and iOS too—the UI classes are quite different.)
I'ma use emojis for all my variables too.
Ranbay
The same rules apply
Welcome
Yeah, took some sorting but now have dedicated plex server somewhere in the internets
existentialist
Tired and unemotional
That's a far cry from the 486 in the study and four floppies that was my first experience of LinuxYeah, took some sorting but now have dedicated plex server somewhere in the internets
iamwithnail
Well-Known Member
Switching up to vagrant from virtualenv. Bloody environment variables, how do they work? 
existentialist
Tired and unemotional
I keep skipping past all the environment-setting stuff when I'm doing Django - I think I am scarred by a horrible experience with rbenv in Ruby on Rails, which inveigled itself into my logon scripts, broke everything, and was a nightmare to remove again.Switching up to vagrant from virtualenv. Bloody environment variables, how do they work?
But I suspect I'm storing trouble up for myself...
iamwithnail
Well-Known Member
It actually makes sense now, mostly. It was confused by the fact I'd left the .env file in track changes, thus completely defeating the point of using environment variables, which is to keep all your sensitive keys away from prying eyes. 
Have you used Django-cookie-cutter? It's one of these things that I wish I'd discovered 18 months ago, instead of messing about writing my own versions of social auth and login.
Have you used Django-cookie-cutter? It's one of these things that I wish I'd discovered 18 months ago, instead of messing about writing my own versions of social auth and login.
existentialist
Tired and unemotional
I haven't found that before - I shall have a careful look. Thanks!It actually makes sense now, mostly. It was confused by the fact I'd left the .env file in track changes, thus completely defeating the point of using environment variables, which is to keep all your sensitive keys away from prying eyes.
Have you used Django-cookie-cutter? It's one of these things that I wish I'd discovered 18 months ago, instead of messing about writing my own versions of social auth and login.
Meanwhile, I'm finding myself amazed at either a) my dopiness in not being able to figure out how to do master/detail forms with crispy, or b) the dopiness of a development community which doesn't seem to to have thought about how often something like that has to be done, and created a suitable package to do it. Currently flailing around with django-bootstrap-dynamic-formsets in the hope that'll take me where I'm trying to go...
stdP
One Swiss dinosaur in Polly Gosling's anorak hood
Today I was tasked with adding some new functions into a crufty old DOS batch script (someone heard I do bash scripts and assumed they meant the same thing).
HOLY FECKING TARDWARKS now I know what a lobotomy must feel like. Variables inside loops get expanded before you even enter the loop... if you want variables inside loops to be expanded when they're actually executed you need to enable something called "delayed expansion", something I'd never heard of before today. You can't have multiple conditionals on an IF loop... you have to have multiple nested IFs instead. Reading a REG_SZ into a var inexplicably adds an extra " " to the end of the string. Just one long string of shudders after another.
< starts installing cygwin everywhere >
HOLY FECKING TARDWARKS now I know what a lobotomy must feel like. Variables inside loops get expanded before you even enter the loop... if you want variables inside loops to be expanded when they're actually executed you need to enable something called "delayed expansion", something I'd never heard of before today. You can't have multiple conditionals on an IF loop... you have to have multiple nested IFs instead. Reading a REG_SZ into a var inexplicably adds an extra " " to the end of the string. Just one long string of shudders after another.
< starts installing cygwin everywhere >
iamwithnail
Well-Known Member
Whacha trying to do? I'm currently wrestling with overriding the form __init__ to use a custom queryset, and IT IS A BALLACHE.
Fez909
toilet expert
If you're on the Windows Insider Program you can get Bash running 'natively' inside Windows from today.
existentialist
Tired and unemotional
Well, the particular case I'm trying to crack at the moment is that I have a Syllabus model which can contain multiple SyllabusModule entries - master/detail. The application's using Bootstrap, and I'm using class-based forms and views. The idea is that the edit template for the Syllabus model will allow addition, deletion and editing of the SyllabusModule rows associated with the Syllabus instance. Which all seems terribly common-sense to me, but appears to be very much more complicated to actually do in practice!
I think I ran afoul of that custom queryset thing myself, but am struggling to recall whether I resolved it or chickened out
It's probably still waiting to bite me!Thanks for the shout out. I'd love to see what you're doing. For those interested UserSpice 2/3 are procedural and UserSpice 4 is fully OOP/PDO. We also have options to use old procedural code in the newer versions. Code is being significantly cleaned up for 4.1. It's been a fun project that has a lot of uses. I think the classes are pretty well documented to help you build whatever you want off of the system...or you can let it be and build your own site/platform and just let UserSpice handle the logins and page access.
Fez909
toilet expert
Android.
I've been overseeing/testing an app we outsourced (because we don't have the skillset in house) and it's been a fucking nightmare. They are proper cowboys and difficult to communicate with. It's been the bane of my life since February, and today, I think we've finally nailed the last bug that was stopping beta testing going ahead.
The bug only manifested itself on a subset of Android tablets and only in landscape. The devs claim they can't reproduce it. I've given them a list of our test devices and they don't have any of them. So I replicated it on the emulator and they said it still didn't show. I sent them my AVD and still they claim not to see it.
I don't do Android development but I was getting nowhere with them, so without any other option I dug into the code. I was able to figure out where the bug was and could 'fix' it on the broken devices, but that transferred the issue to the previously working ones. They were using a magic number to estimate the ratio of screen visible when virtual keyboard is shown. I changed the magic number and that's when I saw different results. Armed with the new info as to where the bug [probably] is, I went back to the devs. I don't like the idea of having magic numbers, especially for estimating things, and if we're seeing that on our small number of test devices, I can guarantee our customers will see it.
devs: "We don't call that method anymore. It's old code."
me:
me: "you clearly do because the app behaviour is modified when I change the ratio"
devs: "no, we don't. search for method calls."
So I did. It was right there. Same file.
me: "so you're saying if I removed that call/method, it should work?"
devs: "yes"
Removed it. Boom! It also fixed another issue we'd been seeing that they also apparently couldn't replicate.
devs: "you mustn't have been running the latest code. we removed this a long time ago"
me:
I was fucking livid at this point. I went straight to git, obviously, and showed them the revision where they re-introduced the method call. They had removed it, like they said, but they'd re-added it about two weeks ago - right about the time we started having the latest batch of problems.
I'm feeling so conflicted right now. Fuming that they managed to fuck up something like this yet again, fuming that they couldn't find the issue (why are we paying 'experts' when we have to do the dirty work ourselves?), yet relieved that this app is finally going to go to beta and I can get on with my proper job again
Fuck mobile apps, fuck outsourcing
I've been overseeing/testing an app we outsourced (because we don't have the skillset in house) and it's been a fucking nightmare. They are proper cowboys and difficult to communicate with. It's been the bane of my life since February, and today, I think we've finally nailed the last bug that was stopping beta testing going ahead.
The bug only manifested itself on a subset of Android tablets and only in landscape. The devs claim they can't reproduce it. I've given them a list of our test devices and they don't have any of them. So I replicated it on the emulator and they said it still didn't show. I sent them my AVD and still they claim not to see it.
I don't do Android development but I was getting nowhere with them, so without any other option I dug into the code. I was able to figure out where the bug was and could 'fix' it on the broken devices, but that transferred the issue to the previously working ones. They were using a magic number to estimate the ratio of screen visible when virtual keyboard is shown. I changed the magic number and that's when I saw different results. Armed with the new info as to where the bug [probably] is, I went back to the devs. I don't like the idea of having magic numbers, especially for estimating things, and if we're seeing that on our small number of test devices, I can guarantee our customers will see it.
devs: "We don't call that method anymore. It's old code."
me:
me: "you clearly do because the app behaviour is modified when I change the ratio"
devs: "no, we don't. search for method calls."
So I did. It was right there. Same file.
me: "so you're saying if I removed that call/method, it should work?"
devs: "yes"
Removed it. Boom! It also fixed another issue we'd been seeing that they also apparently couldn't replicate.
devs: "you mustn't have been running the latest code. we removed this a long time ago"
me:
I was fucking livid at this point. I went straight to git, obviously, and showed them the revision where they re-introduced the method call. They had removed it, like they said, but they'd re-added it about two weeks ago - right about the time we started having the latest batch of problems.
I'm feeling so conflicted right now. Fuming that they managed to fuck up something like this yet again, fuming that they couldn't find the issue (why are we paying 'experts' when we have to do the dirty work ourselves?), yet relieved that this app is finally going to go to beta and I can get on with my proper job again
Fuck mobile apps, fuck outsourcing
existentialist
Tired and unemotional
Is that compiled, or interpreted? And what about cross-platform compatibility?
Corax
Luke 5:16
I boondoggled it with Flabbergaster X, so that shouldn't be a problem.
realitybites
Active Member
Tired of a lifetime of 'googling it' so today I made up my mind to search the internet instead.
iamwithnail
Well-Known Member
Trying to get to grips with making the security on my servers better. Fuckers got in even though I use SSH keys / IPtables/ fail2ban. Thought I'd rescued it (happened late on Friday night, was running a botnet script), happened again this morning so I've had to nuke it from orbit. Managed to rebuild it in about 45 minutes though, praise be to Ansible. The remaining 2 hours were spent trying to work out what to install and how to configure it. Running tripwire (intrusion detection), RootKitHunter (self explanatory, checks the filesystem against a Last Known Good config starting now), MalDetect (generic Malware detector for trojans). Gah.
iamwithnail
Well-Known Member
I have a working theory that there was an exploit through the Redis server while I was running Debug settings on the django project - the authorized_keys files had some REDIS006 and then unicode characters at the top, but that's about it; there was some strangeness before where my authorized keys file got overwritten with some cache/session information, so possibly that was repointed to inject the key?
Beyond that I can only assume the key was compromised somehow (so spent a while killing and resetting all my SSH keys) - the second time I'm fairly sure that whatever software was there just overwrote the key again.
Beyond that I can only assume the key was compromised somehow (so spent a while killing and resetting all my SSH keys) - the second time I'm fairly sure that whatever software was there just overwrote the key again.
fractionMan
Custom Title
I'm putting some message driven architecture in place using activeMQ and JMS via Spring. It's a piece of piss
iamwithnail
Well-Known Member
elbows
On closer inspection, they exploited the fact that I'm a tit. This exploit's been in the wild for 9 months, and I inadvertantly installed the old version of Redis, which isn't patched, because I copied a command from a previous server build from last summer - was two whole versions behind, which might do it. So I've patched that and firewalled 6379 to see if that sorts it. Derp.
On closer inspection, they exploited the fact that I'm a tit. This exploit's been in the wild for 9 months, and I inadvertantly installed the old version of Redis, which isn't patched, because I copied a command from a previous server build from last summer - was two whole versions behind, which might do it. So I've patched that and firewalled 6379 to see if that sorts it. Derp.
iamwithnail
Well-Known Member
Yes. Sadly they just got back in when i did that, hence more extreme measures.
Corax
Luke 5:16
Hmmmm. You might need to run Norton then. Or maybe MacAfee.
elbows
Well-Known Member
Doh, how annoying. The last time I had to deal with a hacked linux server was over a decade ago so my memory of it is rather hazy but I remember a lot of trawling through logs and no real certainty at the end.
iamwithnail
Well-Known Member
Its been up for about 36 hours now with no intrusion so it's fixed for the time being. Bless digitialocean and their snapshots/rollback system.
Similar threads
