[HN Gopher] I shipped a word processor that formatted the hard d... ___________________________________________________________________ I shipped a word processor that formatted the hard drive every 1024 saves Author : todsacerdoti Score : 278 points Date : 2020-05-02 18:17 UTC (4 hours ago) (HTM) web link (twitter.com) (TXT) w3m dump (twitter.com) | dredmorbius wrote: | https://threadreaderapp.com/thread/1256342997643526151.html | freedomben wrote: | The parent comment link takes you to the full story in a blog | post of the OP. | chx wrote: | We were a young startup we went to a conference... when the site | went down and we found someone DoSing us. But... there was little | network traffic however the database was loaded beyond any | reason. Turns out, the image importer from mail had a bug in | error handling and a broken email came in so it just kept | retrying creating an image entity in the database. Ten thousand | broken images before we stopped the party, in 2005, that was | enough to crash our little server. We DoS'd ourselves. | jancsika wrote: | I'm going to assume that once users were told the formatting was | due to a really clever C compiler optimization they were probably | fine with it. | FpUser wrote: | The software was written in Forth language and at a time when | there was no memory protection. | dhosek wrote: | Youngsters have no concept of 80s computing where so much was | accessible to simple programs. | RaceWon wrote: | > Youngsters have no concept of 80s | | In '87 my first 256 computer had 640k of memory with a hd | that was less than 1mb IIRC. It cost nearly 5 thousand | dollars including the $700 dot matrix printer. | | Let the good times roll! | smitty1e wrote: | No, as you read the thread, he had a user FedEx him a tape that | reproduced his bug and got it fixed. | [deleted] | StreamBright wrote: | I still like the one when ubuntu devs decided that netcat's | behavior to keep the connection open and wait for the answer when | connecting to a port is outrageous and closed the connection | after sending the request. We used netcat to debug network | connectivity. The day I learned that I cannot trust any piece of | software that is part of ubuntu. Later the also pretty good | purify complains bug followed. Those guys might have been the | Debian folks. | thomasahle wrote: | An early version of PyChess had an uninstall script thst would | remove the user's entire homedirectory. | RockIslandLine wrote: | Pool of Radiance would wipe your hard drive on uninstall. | minikites wrote: | Bungie did that with Myth 2: https://youtu.be/-p3a8eGORKY?t=513 | pault wrote: | Myth was one of my favorite games as a teenager. The dark | fantasy atmosphere really captured my imagination, and I | still have a little giggle when I think about exploding | dwarves. :D | dylan604 wrote: | It was their laugh when things blew up, and their sarcasm | that I enjoyed. "Yeah Yeah, over there" "Now what?" | gpderetta wrote: | Valve did it recently with Steam on linux! | jtlienwis wrote: | There was once was an operating systems that allowed you to | format your entire hard drive when you only intended to | format a floppy disk, if you typed format c: instead of | format a:. This was called Microsoft Dos 2.x. | Symbiote wrote: | mkfs.vfat /dev/sda1 | | That's not that much different from a plausible error on | Linux, with a USB drive and a hard drive. | | (At least, the man page for my mkfs.vfat doesn't include | any options suggesting it protects against formatting | already-formatted or mounted filesystems.) | Dylan16807 wrote: | Yikes, it sure doesn't. For comparison, mkfs.ext2 asks | before proceeding if there's already a filesystem, and | outright exits if it's mounted. | ztjio wrote: | So it did exactly what you requested it to do, no | surprises at all. Got it. | rmtech wrote: | Yeah but there should be a SERIOUS warning preventing | that | re wrote: | The iTunes 2 installer would delete hard drives in some cases, | if the installation destination contained a space character and | the portion before the space matched another drive (e.g. | "Seagate" and "Seagate 2"). | https://www.wired.com/2001/11/glitch-in-itunes-deletes-drive... | klyrs wrote: | > Don't use numeric literals for anything but 0, 1, and -1. | | Excuse me?! So if I'm writing a prng, should I write the | numerical constants like int modulus = 1 + | (1+1+1)*(0 + (1+1+1)*(-1+... )...); | ztjio wrote: | I'm going to assume you're not deliberately trying to | misunderstand him for the sake of a hot take, because, that | would be pretty lame. So instead I'll explain for you and | anyone else who doesn't understand him what he meant. | | What he is suggesting is that you generally not include | literals in your code, and instead, use a constant/variable | that can be traced back to a single place in order to make | changes more visible and easier to deal with. That he makes | exceptions for 1, 0, and -1 is explained by conventions in | various languages where those values in context end up as | generic and meaningful as any other language keyword and thus | would not benefit from being referenced from a constant. That | doesn't mean you wouldn't ever end up with constants that are | 0, 1 or -1 though, just that you wouldn't assume every random | place you might use those values (such as sorting algorithms) | justifies a constant placeholder. | | For further review on the topic, may as well start here: | https://en.wikipedia.org/wiki/Magic_number_%28programming%29 | pmiller2 wrote: | The spirit of the advice is mostly correct. However, there | _are_ reasons to use numeric literals in code. One is the | PRNG example given downthread. Another is one I recently | wrote. | | I have some code where I needed to calculate what the 1st | percentile of a list of numbers was. Since it doesn't make a | lot of statistical sense to calculate a 1st percentile of | fewer than 100 numbers, I inserted a condition like | if len(numbers) < 100: # skip the calculation | | and included a comment stating that 100 is explicitly not a | magic number here. By that, I meant that you'll never want to | change this 100, so, why bother obfuscating it behind a name? | | It's perfectly readable, if you understand why the | calculation is skipped in the first place. If you don't | understand why the calculation is skipped, giving it a name | like TOO_FEW_NUMBERS_TO_CALCULATE_1ST_PERCENTILE isn't really | going to give you much insight into why the calculation is | skipped, anyway. | klyrs wrote: | > I'm going to assume you're not deliberately trying to | misunderstand him for the sake of a hot take, because, that | would be pretty lame. | | I'll admit, my example was overwrought with comedic intent, | but I stand firm on this issue. Use a magic number twice? | Yeah, go ahead and put that numeric literal somewhere | convenient (but you _still have a numeric literal_ ) to the | consumers of it and easy to find by your readers (not a top- | level magic_numbers.h) | | I'm a mathematician. The fear of numbers in code is an | affront to the domain that I work in. YMMV. I put a lot of | work into documenting my code, but for the love of pete, 2 is | not a magic number: my example was no more overwrought than | OP's rule. | crazygringo wrote: | I'm not sure where the misunderstanding is coming from. | | Yes, of course if you have a formula that involves dividing | by 2 or something you just include the number directly. | | But anything that's a magic number, even if only used | _once_ , is better to have a named constant defined. The | name of the constant becomes the documentation itself. | | The other reason is that if someone needs to come in and | maintain the code and change a magic number for whatever | reason... if it's a defined constant, they know it should | only need to be changed in that one place, assuming all | magic numbers are defined in a sufficiently wide scope. If | it's just a number, they have to search the whole codebose | for all instances of that number, and investigate each and | every one to see if it needs to be replaced as well or not. | benibela wrote: | >Yes, of course if you have a formula that involves | dividing by 2 or something you just include the number | directly. | | Or replace it with >> 1 | mattkrause wrote: | It depends on why you're using the 2. | | In some cases, I'd say that 1 can be a magic number. For | example, it would better to write | fprintf(STDOUT, output_string) | | than fprintf(1, output_string) | | However, 0 and +-1 have a special role in picking out the | first/next/previous elements of a sequence (and related | things), which is so common that it'd be silly to insist on | defining POSSIBLE_NEXT_INDEX and POSSIBLE_PREDECESSOR. That | said, people do seem to love Python's itertools, | so....maybe that's where we're headed. I had somebody | _aggressively_ complain about the readability of the all- | pairs for-loop, which I thought was basically standard. | for(auto i=0; i<N-1; i++) for(auto j=i+1; j<N; | j++) process(X[i], X[j]) | | The flip side is that I don't think you _always_ need to do | this. For example, this is silly: double | triangle::area() const { const double | NORMALIZATION = 1/2.0; return this->base * | this->height * NORMALIZATION; } | | The point is just to make it clear why that particular | number is being used and where it came from. | rmtech wrote: | The all pairs loop is unnecessarily low level, and it | would be hard to spot a mistake there. It would be great | if there was a way to say for i < j <= | N | | as this is super clear. | mattkrause wrote: | I guess so. I don't think it's _atrocious_ : it looks | like iterating over the upper/lower triangular part of a | matrix to me, which is fairly common (in some domains, I | guess). Plus, I like that the double for-loop indicates | slowness. | | However, Python has itertools.combinations(X,2) and Julia | has IterTools.subsets(X,2) if that's what you want. | monadic2 wrote: | I'm assuming the alternative would be to refer to an easy to | deduct constant reference. | klyrs wrote: | You might have replied before my edit, but one rarely | "deduces" magic constants that result in good rngs, hashes, | crypto, etc. | __s wrote: | Their point is you should have | | const int MAGIC_THING = 0xdeadbeef | | & then say MAGIC_THING throughout the code, rather than | using 0xdeadbeef in all your expressions | klyrs wrote: | Sure. But OP said not to use numeric literals, which | 0xdeadbeef certainly is. | wpietri wrote: | In case you somehow haven't figured it out by now, he | meant in the body of one's code. He's fine with named | constants. | | Protip: If a smart person says something that seems | obviously dumb to you, it's worth trying to find an | interpretation that isn't dumb. Doubly so when, as here, | it's from a piece that others are clearly finding smart | and useful. | jameshart wrote: | Obviously not. So since you found a counter example we should | discount the original advice and feel free to use numeric | constants all over our code without any explanation. | happytoexplain wrote: | This isn't a helpful response. I have the same question as | the parent. | ztjio wrote: | https://en.wikipedia.org/wiki/Magic_number_%28programming%2 | 9 | wool_gather wrote: | According to the thread, there was a size of something, and | that size was used in two places. The size was specified as | a literal number in both those places. The bug was caused | by changing the literal in one place but not the other. One | way that could have been avoided is to use a named constant | for the size, so that when the literal number was changed, | both uses of the name would see the new value. | regularfry wrote: | The reverse is also dangerous: when you have the same | numeric value doing different jobs in different parts of | the code. If they're literals, you've got no clue whether | they should both be changed or not. | klyrs wrote: | Does my balanced ternary expansion obviate the need for | documentation? No. Drop a reference to the paper/website | describing the algorithm you're doing. If it's, say, trig | that you're doing, use clear variable names and explain how | you derived the formula. | SlowRobotAhead wrote: | Or you could go the Amazon AWS for C route and give make a | define with the name of MilicsecondsPerSecond, and a | separate define that makes that at 1000. | | If you want to go full spectrum the other way. | mattkrause wrote: | Maybe something more like: /* From Park and | Miller (1988, pg 1195), using their notation */ const | int A = 16807; const int M = 2147483647; const | int q = 127773; const int r = 2836; ... | | instead of "inlining" them into the code like test = 16807 * | (seed % 127773) - 2836 * (seed/127773) | | The "ban" on literals obviously exempts their definition. No | one, outside a number theory textbook, is defining A as | successor(successor(...(successor(1))) | morsch wrote: | > Park and Miller (1988, pg 1195) | | That's pretty cool. Did you at least have to look it up? | mattkrause wrote: | I'm flattered you think there's even a tiny possibility I'd | remember the constants or page :-) In reality, I vaguely | remembered the authors and part of the title, then guess- | and-googled the rest. It's a nice paper: | https://dl.acm.org/doi/10.1145/63039.63042 though obviously | no longer the state of the art. | | I recommend the citation-in-the comments idea though. We do | it for lab stuff and it's very helpful for everything from | debugging to writing up results. | pmiller2 wrote: | This is an amusing story, but I disagree with not using numeric | literals. Most of the time, sure, you don't want to use numeric | literals, but, sometimes, you do. I posted my example in another | comment here. | | As for the other conclusion, I have a story of my own. I once | shut down all of my company's asynchronous task processing for | about 20 minutes, completely by mistake. Our web servers kept | serving, and nobody external would have noticed a difference, | but, for 20 minutes, our scrapers stopped scraping, our NLP | classifiers stopped classifying, and a bunch of stuff that made | us money wasn't happening. Had I not noticed it and fixed it | ASAP, we probably would have lost money. Instead, I immediately | announced what I had done, got help, and we fixed it. | | The real moral of the story is that an honest mistake is nothing | to be ashamed of. I make mistakes all the time. Some of them make | it into production. Big deal. Everybody does. | mod wrote: | I :s (save) so compulsively, I think I would reformat my drive | about every day. | crimsonalucard wrote: | How does an incompetent engineer tell the difference between | incompetence and imposter syndrome? | | I don't think it's realistic to say that all incompetent | engineers think they're competent. | benibela wrote: | Recently I got a phone call during breakfast that texstudio had | scrambled the file when saving, by rearranging blocks of it | randomly. The user had triple backups, on the hdd, usb stick and | another one (dropbox?). All files were useless after he saved | them at the same time :/ | | Might be some memory corruption caused by a wrong pointer in any | other part besides the saving? | renewiltord wrote: | These are great. Steam Linux's universal rm is too. | | https://github.com/valvesoftware/steam-for-linux/issues/3671 | | Featuring probably the most unflappable human in the history of | time as a bug reporter. One day I hope to have the fortitude this | man does. | PureParadigm wrote: | You can have his fortitude in the face of all your files being | deleted if you have a robust, automated backup policy. | | One of my professors used to say that he should be able to | destroy your laptop, buy you an equivalent new one, and you | should be up and running again within a few hours. Hard drives | fail all the time and computers get lost/damaged/stolen. Losing | your home directory on a computer should be expected, and | definitely not the end of the world. | kungato wrote: | Today with github+google drive+steam or whatever flavors all | you should be limited by is download speed. I wipe my hdd | every 6 months or so just to get a fresh feeling of no random | junk. The biggest chore is downloading all the dev | environments for all the programming languages one uses at | the same time | ip26 wrote: | I prefer the raid5 approach, I leave my junk strewn all over | a sufficiently large number of computers- odds are I'll still | have a recent copy somewhere if my laptop explodes. | canada_dry wrote: | > I prefer the raid5 approach | | I've been using _actual_ raid5 (via adaptec raid card) for | years and very recently had one of my trusty 5TB HGST | drives fail (after 3+ yrs of uptime). | | Fortunately the rebuild worked, but there are so many | horror stories of raid5 rebuilds NOT working it has me | contemplating going back to simple mirroring. | cure wrote: | Whoa. You were lucky. Very lucky. | | If you are going to use hardware raid, please do make | sure you have a spare raid controller, same firmware, | same model. If not, you will be SOL when your controller | dies. | | RAID5 these days (with our very large disks) is basically | asking for trouble - the odds of a second disk failing | during the reconstruction are very high. But I guess you | already know that! | hondo77 wrote: | I've had raid5 rebuilds work. Until the last one. One of | the remaining drives failed during the rebuild. | jankiehodgpodge wrote: | You probably want to bump that toRAID 6 at least. Rebuild | times on arrays that big can be long, especially if it | takes a while to get a replacement drive. Plus most RAID | controllers can protect against bit rot when in RAID 6 | because it determine if bits get flipped. On RAID 5, you | don't have that option. | c22 wrote: | I used to run with simple mirrored drives. One time the | master drive experienced some corruption and wouldn't | boot. In attempting to fix the issue I mixed up the | identifiers of each drive and ended up hosing the mirror | as well. | | Now I use a more sophisticated RAID10 setup and really | appreciate the way failed and replaced drives | automatically rebuild themselves without my dumb | interaction. | PureParadigm wrote: | RAID is not a replacement for backups. In the case with | Steam the top level comment mentioned, all files writable | by the user were deleted (including mounted drives in | /media). RAID might protect you against hardware failure, | but you also have to consider software | (bugs/hackers/ransomware). | canada_dry wrote: | > RAID is not a replacement for backups. | | As an IT Exec (retired)... this was a lesson learned long | ago. For my own/home systems I use rclone [i] (in conj w | raid5) for the most critical files. | | [i] https://github.com/rclone/rclone | PureParadigm wrote: | You might be interested in Syncthing [1] with the option to | keep previous file versions enabled. I use it as one layer | in my backup policy by having it on my computers+phone. If | I take a picture on my phone, it is synced within minutes | to my desktop at home. If I make a document on my laptop, I | have a copy on my phone in case something happens to the | laptop. | | [1] https://syncthing.net/ | heavenlyblue wrote: | > One of my professors used to say that he should be able to | destroy your laptop, buy you an equivalent new one, and you | should be up and running again within a few hours. | | What do you use for that? | lucb1e wrote: | The author of that issue said they had backups, on an | external drive.. that Steam also wiped. | | You can say 'robust' but there are limits of what I think one | can reasonably expect from a user. That they had backups at | all is not necessarily the norm. | PureParadigm wrote: | Right, that's why I said robust. But I'd push back against | the idea that a normal user shouldn't be expected to have | backups that are safe in such an event. | | If you want to guard against rogue software (or clumsy | fingers in the terminal), you'll probably need to have | remote backups. It sounds like copies on the cloud saved | this user, and it's not unrealistic to suggest users backup | to the cloud (I think many already do with | OneDrive/iCloud/Dropbox). If you're a Linux user who likes | to tinker, you can set up a Raspberry Pi with a hard drive | attached and use restic over SFTP (or any of the other | numerous choices). | lucb1e wrote: | > I'd push back against the idea that a normal user | shouldn't be expected to have backups that are safe in | such an event. | | That is fair. I was commenting from the perspective of | what is rather than what should be. Alongside making | software as safe as possible, we should also be | encouraging and expecting people to do this. | benibela wrote: | I used to set the append-only extended file attribute on | important files | | No one can delete the files afterwards, not even root, | without removing the attribute first | | It worked well with Mercurial, which is also append only. | So I could commit as usually to my Mercurial repository, | but it could not be deleted. | | Ironically, I stopped doing that, because it messed my | backups up. When running the backups as root, some tools | would add the flag to the backuped files, but then later | backups as non-root could not replace the file with new | versions. | raverbashing wrote: | This one is good as well (on the original thread): | https://twitter.com/kevin/status/1256431142086955009 | | Pro-tip: turn-on the alerts _after_ deploying the site. | freedomben wrote: | My favorite all time bug was the infamous "Bumblebee" commit of | 2011[1]. IIRC this was the first github commit to go viral. Make | sure you have 30 minutes to read the thread. It is gold. | | I have written variants of "GIANT BUG... causing /usr to be | deleted... so sorry...." into commit messages over the years. | Such a classic part of history. | | [1] Commit thread: https://github.com/MrMEEE/bumblebee-Old-and- | abbandoned/commi... | | [2] Issue thread (not as good): | https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/issue... | | EDIT: Github is timing out trying to load it. May want to use | archive.org: | https://web.archive.org/web/20130613012555/https://github.co... | tehlike wrote: | If there is anything docker is helping a lot with, this is | probably one. Except when you volume mount, but then damage is | probably limited! | contravariant wrote: | That's the most hilarious diff I've ever seen. | | At least it's hilarious now, for some people it must've been | horrifying. | onemoresoop wrote: | This is why in general I am not the first to get an update, | unless I've been waiting for a fix for a while. I also think | how shitty the person must have felt for the screw-up. We all | screwed up at some point too, I remember removing a database | by accident (it was a Dev, luckily not Prod and i was a | junior 20 years ago. ), but having that stick like it does | nowadays is not pleasant thought. I learned my lesson, and as | a rule of thumb I always comb the code a couple of times | before I commit. | AceJohnny2 wrote: | Also why web-powered rolling/staggered updates are a thing | mrlonglong wrote: | Lost in space ... | xoa wrote: | Hah, that is a good one (and earns sympathetic winces). Though | my continuing "favorite" (more amusing in hindsight) similar | one was when _Apple_ did that, back in like 2001 with, iTunes | 1? iTunes 2? Or maybe it was one of the Mac OS X 10.1 updates, | because it was end up of 2001 and I think we 'd already had | 10.1 by that point, I moved to 10.0 from PB right away and 10.1 | was still out real fast. Edit: actually yeah it was iTunes 2.0 | end of October/November, I did have that saved somewhere. | | At any rate, lots of people at Apple back then brand new to | Unix, NeXT was still integrating, everything was still coming | together. And they made one of the absolute most classic Unix | newbie whoops moments: they wanted to clean up old versions of | iTunes, so the used rm -rf... without quoting the path. It had | this IIRC: rm -rf $2Applications/iTunes.app 2 | | with $2 as the path. But of course classic Mac users were used | to having spaces in drive names and folders and so on. If you | only had the startup drive no problem. But if you'd partitioned | or had an external drive and it had a space in the name, ie | "Disk 1", then that'd become rm -rf Disk | 1/Applications/iTunes.app 2 and you were off to the races. | There were some fun discussion threads about it, although | unfortunately the only Apple Discussions bookmarks I have saved | from back then all seem to be dead. Not sure if they're still | archived somewhere and the links just no longer redirect or it | was cleared out sometime. | | They got that pulled real quick too, but I always secretly | wondered if the genesis of Time Machine was somewhere around | there... backups were pretty rough at that stage of the game. | Well, everything about Mac OS X was pretty rough, though | exciting too. | | _Edit 2_ : Did find an old /. discussion about it that still | works. Bit of a blast from the past reading through some of | those, both in what has changed and what hasn't: | | https://apple.slashdot.org/story/01/11/04/0412209/itunes-20-... | mhh__ wrote: | Fallout 76 (amongst literally hundreds of recorded bugs) shipped | with a bug that was able to brick PCs and consoles alike. | rowanG077 wrote: | Brick PCs?? How? | Konohamaru wrote: | This is a "usenet shock site" level screamer. | HenryBemis wrote: | Oh I laughed so hard!! Computing has come a loooooong way since | the early 80s. Oh what a gift is for humanity, what a great tool | (not the specific word processor but hey, we've all made | mistakes). | splintercell wrote: | We once shipped a product (2011) which would delete user's | account (and all his data) from the website when all they | wanted to do is to 'unfollow' someone. It was hilarious issue | of MySQL database issue, instead of deleting the record of the | 'follow' it basically removed user's record and thus removing | all their files and entries. | quezzle wrote: | Or put more positively: | | "I shipped a hard disk formatting utility that doubled as a word | processor." | userbinator wrote: | Microsoft has had its share of giant fuckups too, although from | memory they seem to be more recent: | https://news.ycombinator.com/item?id=18189139 | | I've been writing code for about as long as him, but because I | started with Asm, which makes one become _really_ careful with | buffer sizes, doing something like making one thing larger would | not be done without carefully looking "down the line" to see if | any further changes were required; and they almost certainly | were. That's not to say I haven't corrupted files before, but | fortunately nothing quite as catastrophic as wiping the disk. ___________________________________________________________________ (page generated 2020-05-02 23:00 UTC)