[HN Gopher] I shipped a word processor that formatted the hard d...
___________________________________________________________________
I shipped a word processor that formatted the hard drive every 1024
saves
Author : todsacerdoti
Score : 278 points
Date : 2020-05-02 18:17 UTC (4 hours ago)
(HTM) web link (twitter.com)
(TXT) w3m dump (twitter.com)
| dredmorbius wrote:
| https://threadreaderapp.com/thread/1256342997643526151.html
| freedomben wrote:
| The parent comment link takes you to the full story in a blog
| post of the OP.
| chx wrote:
| We were a young startup we went to a conference... when the site
| went down and we found someone DoSing us. But... there was little
| network traffic however the database was loaded beyond any
| reason. Turns out, the image importer from mail had a bug in
| error handling and a broken email came in so it just kept
| retrying creating an image entity in the database. Ten thousand
| broken images before we stopped the party, in 2005, that was
| enough to crash our little server. We DoS'd ourselves.
| jancsika wrote:
| I'm going to assume that once users were told the formatting was
| due to a really clever C compiler optimization they were probably
| fine with it.
| FpUser wrote:
| The software was written in Forth language and at a time when
| there was no memory protection.
| dhosek wrote:
| Youngsters have no concept of 80s computing where so much was
| accessible to simple programs.
| RaceWon wrote:
| > Youngsters have no concept of 80s
|
| In '87 my first 256 computer had 640k of memory with a hd
| that was less than 1mb IIRC. It cost nearly 5 thousand
| dollars including the $700 dot matrix printer.
|
| Let the good times roll!
| smitty1e wrote:
| No, as you read the thread, he had a user FedEx him a tape that
| reproduced his bug and got it fixed.
| [deleted]
| StreamBright wrote:
| I still like the one when ubuntu devs decided that netcat's
| behavior to keep the connection open and wait for the answer when
| connecting to a port is outrageous and closed the connection
| after sending the request. We used netcat to debug network
| connectivity. The day I learned that I cannot trust any piece of
| software that is part of ubuntu. Later the also pretty good
| purify complains bug followed. Those guys might have been the
| Debian folks.
| thomasahle wrote:
| An early version of PyChess had an uninstall script thst would
| remove the user's entire homedirectory.
| RockIslandLine wrote:
| Pool of Radiance would wipe your hard drive on uninstall.
| minikites wrote:
| Bungie did that with Myth 2: https://youtu.be/-p3a8eGORKY?t=513
| pault wrote:
| Myth was one of my favorite games as a teenager. The dark
| fantasy atmosphere really captured my imagination, and I
| still have a little giggle when I think about exploding
| dwarves. :D
| dylan604 wrote:
| It was their laugh when things blew up, and their sarcasm
| that I enjoyed. "Yeah Yeah, over there" "Now what?"
| gpderetta wrote:
| Valve did it recently with Steam on linux!
| jtlienwis wrote:
| There was once was an operating systems that allowed you to
| format your entire hard drive when you only intended to
| format a floppy disk, if you typed format c: instead of
| format a:. This was called Microsoft Dos 2.x.
| Symbiote wrote:
| mkfs.vfat /dev/sda1
|
| That's not that much different from a plausible error on
| Linux, with a USB drive and a hard drive.
|
| (At least, the man page for my mkfs.vfat doesn't include
| any options suggesting it protects against formatting
| already-formatted or mounted filesystems.)
| Dylan16807 wrote:
| Yikes, it sure doesn't. For comparison, mkfs.ext2 asks
| before proceeding if there's already a filesystem, and
| outright exits if it's mounted.
| ztjio wrote:
| So it did exactly what you requested it to do, no
| surprises at all. Got it.
| rmtech wrote:
| Yeah but there should be a SERIOUS warning preventing
| that
| re wrote:
| The iTunes 2 installer would delete hard drives in some cases,
| if the installation destination contained a space character and
| the portion before the space matched another drive (e.g.
| "Seagate" and "Seagate 2").
| https://www.wired.com/2001/11/glitch-in-itunes-deletes-drive...
| klyrs wrote:
| > Don't use numeric literals for anything but 0, 1, and -1.
|
| Excuse me?! So if I'm writing a prng, should I write the
| numerical constants like int modulus = 1 +
| (1+1+1)*(0 + (1+1+1)*(-1+... )...);
| ztjio wrote:
| I'm going to assume you're not deliberately trying to
| misunderstand him for the sake of a hot take, because, that
| would be pretty lame. So instead I'll explain for you and
| anyone else who doesn't understand him what he meant.
|
| What he is suggesting is that you generally not include
| literals in your code, and instead, use a constant/variable
| that can be traced back to a single place in order to make
| changes more visible and easier to deal with. That he makes
| exceptions for 1, 0, and -1 is explained by conventions in
| various languages where those values in context end up as
| generic and meaningful as any other language keyword and thus
| would not benefit from being referenced from a constant. That
| doesn't mean you wouldn't ever end up with constants that are
| 0, 1 or -1 though, just that you wouldn't assume every random
| place you might use those values (such as sorting algorithms)
| justifies a constant placeholder.
|
| For further review on the topic, may as well start here:
| https://en.wikipedia.org/wiki/Magic_number_%28programming%29
| pmiller2 wrote:
| The spirit of the advice is mostly correct. However, there
| _are_ reasons to use numeric literals in code. One is the
| PRNG example given downthread. Another is one I recently
| wrote.
|
| I have some code where I needed to calculate what the 1st
| percentile of a list of numbers was. Since it doesn't make a
| lot of statistical sense to calculate a 1st percentile of
| fewer than 100 numbers, I inserted a condition like
| if len(numbers) < 100: # skip the calculation
|
| and included a comment stating that 100 is explicitly not a
| magic number here. By that, I meant that you'll never want to
| change this 100, so, why bother obfuscating it behind a name?
|
| It's perfectly readable, if you understand why the
| calculation is skipped in the first place. If you don't
| understand why the calculation is skipped, giving it a name
| like TOO_FEW_NUMBERS_TO_CALCULATE_1ST_PERCENTILE isn't really
| going to give you much insight into why the calculation is
| skipped, anyway.
| klyrs wrote:
| > I'm going to assume you're not deliberately trying to
| misunderstand him for the sake of a hot take, because, that
| would be pretty lame.
|
| I'll admit, my example was overwrought with comedic intent,
| but I stand firm on this issue. Use a magic number twice?
| Yeah, go ahead and put that numeric literal somewhere
| convenient (but you _still have a numeric literal_ ) to the
| consumers of it and easy to find by your readers (not a top-
| level magic_numbers.h)
|
| I'm a mathematician. The fear of numbers in code is an
| affront to the domain that I work in. YMMV. I put a lot of
| work into documenting my code, but for the love of pete, 2 is
| not a magic number: my example was no more overwrought than
| OP's rule.
| crazygringo wrote:
| I'm not sure where the misunderstanding is coming from.
|
| Yes, of course if you have a formula that involves dividing
| by 2 or something you just include the number directly.
|
| But anything that's a magic number, even if only used
| _once_ , is better to have a named constant defined. The
| name of the constant becomes the documentation itself.
|
| The other reason is that if someone needs to come in and
| maintain the code and change a magic number for whatever
| reason... if it's a defined constant, they know it should
| only need to be changed in that one place, assuming all
| magic numbers are defined in a sufficiently wide scope. If
| it's just a number, they have to search the whole codebose
| for all instances of that number, and investigate each and
| every one to see if it needs to be replaced as well or not.
| benibela wrote:
| >Yes, of course if you have a formula that involves
| dividing by 2 or something you just include the number
| directly.
|
| Or replace it with >> 1
| mattkrause wrote:
| It depends on why you're using the 2.
|
| In some cases, I'd say that 1 can be a magic number. For
| example, it would better to write
| fprintf(STDOUT, output_string)
|
| than fprintf(1, output_string)
|
| However, 0 and +-1 have a special role in picking out the
| first/next/previous elements of a sequence (and related
| things), which is so common that it'd be silly to insist on
| defining POSSIBLE_NEXT_INDEX and POSSIBLE_PREDECESSOR. That
| said, people do seem to love Python's itertools,
| so....maybe that's where we're headed. I had somebody
| _aggressively_ complain about the readability of the all-
| pairs for-loop, which I thought was basically standard.
| for(auto i=0; i<N-1; i++) for(auto j=i+1; j<N;
| j++) process(X[i], X[j])
|
| The flip side is that I don't think you _always_ need to do
| this. For example, this is silly: double
| triangle::area() const { const double
| NORMALIZATION = 1/2.0; return this->base *
| this->height * NORMALIZATION; }
|
| The point is just to make it clear why that particular
| number is being used and where it came from.
| rmtech wrote:
| The all pairs loop is unnecessarily low level, and it
| would be hard to spot a mistake there. It would be great
| if there was a way to say for i < j <=
| N
|
| as this is super clear.
| mattkrause wrote:
| I guess so. I don't think it's _atrocious_ : it looks
| like iterating over the upper/lower triangular part of a
| matrix to me, which is fairly common (in some domains, I
| guess). Plus, I like that the double for-loop indicates
| slowness.
|
| However, Python has itertools.combinations(X,2) and Julia
| has IterTools.subsets(X,2) if that's what you want.
| monadic2 wrote:
| I'm assuming the alternative would be to refer to an easy to
| deduct constant reference.
| klyrs wrote:
| You might have replied before my edit, but one rarely
| "deduces" magic constants that result in good rngs, hashes,
| crypto, etc.
| __s wrote:
| Their point is you should have
|
| const int MAGIC_THING = 0xdeadbeef
|
| & then say MAGIC_THING throughout the code, rather than
| using 0xdeadbeef in all your expressions
| klyrs wrote:
| Sure. But OP said not to use numeric literals, which
| 0xdeadbeef certainly is.
| wpietri wrote:
| In case you somehow haven't figured it out by now, he
| meant in the body of one's code. He's fine with named
| constants.
|
| Protip: If a smart person says something that seems
| obviously dumb to you, it's worth trying to find an
| interpretation that isn't dumb. Doubly so when, as here,
| it's from a piece that others are clearly finding smart
| and useful.
| jameshart wrote:
| Obviously not. So since you found a counter example we should
| discount the original advice and feel free to use numeric
| constants all over our code without any explanation.
| happytoexplain wrote:
| This isn't a helpful response. I have the same question as
| the parent.
| ztjio wrote:
| https://en.wikipedia.org/wiki/Magic_number_%28programming%2
| 9
| wool_gather wrote:
| According to the thread, there was a size of something, and
| that size was used in two places. The size was specified as
| a literal number in both those places. The bug was caused
| by changing the literal in one place but not the other. One
| way that could have been avoided is to use a named constant
| for the size, so that when the literal number was changed,
| both uses of the name would see the new value.
| regularfry wrote:
| The reverse is also dangerous: when you have the same
| numeric value doing different jobs in different parts of
| the code. If they're literals, you've got no clue whether
| they should both be changed or not.
| klyrs wrote:
| Does my balanced ternary expansion obviate the need for
| documentation? No. Drop a reference to the paper/website
| describing the algorithm you're doing. If it's, say, trig
| that you're doing, use clear variable names and explain how
| you derived the formula.
| SlowRobotAhead wrote:
| Or you could go the Amazon AWS for C route and give make a
| define with the name of MilicsecondsPerSecond, and a
| separate define that makes that at 1000.
|
| If you want to go full spectrum the other way.
| mattkrause wrote:
| Maybe something more like: /* From Park and
| Miller (1988, pg 1195), using their notation */ const
| int A = 16807; const int M = 2147483647; const
| int q = 127773; const int r = 2836; ...
|
| instead of "inlining" them into the code like test = 16807 *
| (seed % 127773) - 2836 * (seed/127773)
|
| The "ban" on literals obviously exempts their definition. No
| one, outside a number theory textbook, is defining A as
| successor(successor(...(successor(1)))
| morsch wrote:
| > Park and Miller (1988, pg 1195)
|
| That's pretty cool. Did you at least have to look it up?
| mattkrause wrote:
| I'm flattered you think there's even a tiny possibility I'd
| remember the constants or page :-) In reality, I vaguely
| remembered the authors and part of the title, then guess-
| and-googled the rest. It's a nice paper:
| https://dl.acm.org/doi/10.1145/63039.63042 though obviously
| no longer the state of the art.
|
| I recommend the citation-in-the comments idea though. We do
| it for lab stuff and it's very helpful for everything from
| debugging to writing up results.
| pmiller2 wrote:
| This is an amusing story, but I disagree with not using numeric
| literals. Most of the time, sure, you don't want to use numeric
| literals, but, sometimes, you do. I posted my example in another
| comment here.
|
| As for the other conclusion, I have a story of my own. I once
| shut down all of my company's asynchronous task processing for
| about 20 minutes, completely by mistake. Our web servers kept
| serving, and nobody external would have noticed a difference,
| but, for 20 minutes, our scrapers stopped scraping, our NLP
| classifiers stopped classifying, and a bunch of stuff that made
| us money wasn't happening. Had I not noticed it and fixed it
| ASAP, we probably would have lost money. Instead, I immediately
| announced what I had done, got help, and we fixed it.
|
| The real moral of the story is that an honest mistake is nothing
| to be ashamed of. I make mistakes all the time. Some of them make
| it into production. Big deal. Everybody does.
| mod wrote:
| I :s (save) so compulsively, I think I would reformat my drive
| about every day.
| crimsonalucard wrote:
| How does an incompetent engineer tell the difference between
| incompetence and imposter syndrome?
|
| I don't think it's realistic to say that all incompetent
| engineers think they're competent.
| benibela wrote:
| Recently I got a phone call during breakfast that texstudio had
| scrambled the file when saving, by rearranging blocks of it
| randomly. The user had triple backups, on the hdd, usb stick and
| another one (dropbox?). All files were useless after he saved
| them at the same time :/
|
| Might be some memory corruption caused by a wrong pointer in any
| other part besides the saving?
| renewiltord wrote:
| These are great. Steam Linux's universal rm is too.
|
| https://github.com/valvesoftware/steam-for-linux/issues/3671
|
| Featuring probably the most unflappable human in the history of
| time as a bug reporter. One day I hope to have the fortitude this
| man does.
| PureParadigm wrote:
| You can have his fortitude in the face of all your files being
| deleted if you have a robust, automated backup policy.
|
| One of my professors used to say that he should be able to
| destroy your laptop, buy you an equivalent new one, and you
| should be up and running again within a few hours. Hard drives
| fail all the time and computers get lost/damaged/stolen. Losing
| your home directory on a computer should be expected, and
| definitely not the end of the world.
| kungato wrote:
| Today with github+google drive+steam or whatever flavors all
| you should be limited by is download speed. I wipe my hdd
| every 6 months or so just to get a fresh feeling of no random
| junk. The biggest chore is downloading all the dev
| environments for all the programming languages one uses at
| the same time
| ip26 wrote:
| I prefer the raid5 approach, I leave my junk strewn all over
| a sufficiently large number of computers- odds are I'll still
| have a recent copy somewhere if my laptop explodes.
| canada_dry wrote:
| > I prefer the raid5 approach
|
| I've been using _actual_ raid5 (via adaptec raid card) for
| years and very recently had one of my trusty 5TB HGST
| drives fail (after 3+ yrs of uptime).
|
| Fortunately the rebuild worked, but there are so many
| horror stories of raid5 rebuilds NOT working it has me
| contemplating going back to simple mirroring.
| cure wrote:
| Whoa. You were lucky. Very lucky.
|
| If you are going to use hardware raid, please do make
| sure you have a spare raid controller, same firmware,
| same model. If not, you will be SOL when your controller
| dies.
|
| RAID5 these days (with our very large disks) is basically
| asking for trouble - the odds of a second disk failing
| during the reconstruction are very high. But I guess you
| already know that!
| hondo77 wrote:
| I've had raid5 rebuilds work. Until the last one. One of
| the remaining drives failed during the rebuild.
| jankiehodgpodge wrote:
| You probably want to bump that toRAID 6 at least. Rebuild
| times on arrays that big can be long, especially if it
| takes a while to get a replacement drive. Plus most RAID
| controllers can protect against bit rot when in RAID 6
| because it determine if bits get flipped. On RAID 5, you
| don't have that option.
| c22 wrote:
| I used to run with simple mirrored drives. One time the
| master drive experienced some corruption and wouldn't
| boot. In attempting to fix the issue I mixed up the
| identifiers of each drive and ended up hosing the mirror
| as well.
|
| Now I use a more sophisticated RAID10 setup and really
| appreciate the way failed and replaced drives
| automatically rebuild themselves without my dumb
| interaction.
| PureParadigm wrote:
| RAID is not a replacement for backups. In the case with
| Steam the top level comment mentioned, all files writable
| by the user were deleted (including mounted drives in
| /media). RAID might protect you against hardware failure,
| but you also have to consider software
| (bugs/hackers/ransomware).
| canada_dry wrote:
| > RAID is not a replacement for backups.
|
| As an IT Exec (retired)... this was a lesson learned long
| ago. For my own/home systems I use rclone [i] (in conj w
| raid5) for the most critical files.
|
| [i] https://github.com/rclone/rclone
| PureParadigm wrote:
| You might be interested in Syncthing [1] with the option to
| keep previous file versions enabled. I use it as one layer
| in my backup policy by having it on my computers+phone. If
| I take a picture on my phone, it is synced within minutes
| to my desktop at home. If I make a document on my laptop, I
| have a copy on my phone in case something happens to the
| laptop.
|
| [1] https://syncthing.net/
| heavenlyblue wrote:
| > One of my professors used to say that he should be able to
| destroy your laptop, buy you an equivalent new one, and you
| should be up and running again within a few hours.
|
| What do you use for that?
| lucb1e wrote:
| The author of that issue said they had backups, on an
| external drive.. that Steam also wiped.
|
| You can say 'robust' but there are limits of what I think one
| can reasonably expect from a user. That they had backups at
| all is not necessarily the norm.
| PureParadigm wrote:
| Right, that's why I said robust. But I'd push back against
| the idea that a normal user shouldn't be expected to have
| backups that are safe in such an event.
|
| If you want to guard against rogue software (or clumsy
| fingers in the terminal), you'll probably need to have
| remote backups. It sounds like copies on the cloud saved
| this user, and it's not unrealistic to suggest users backup
| to the cloud (I think many already do with
| OneDrive/iCloud/Dropbox). If you're a Linux user who likes
| to tinker, you can set up a Raspberry Pi with a hard drive
| attached and use restic over SFTP (or any of the other
| numerous choices).
| lucb1e wrote:
| > I'd push back against the idea that a normal user
| shouldn't be expected to have backups that are safe in
| such an event.
|
| That is fair. I was commenting from the perspective of
| what is rather than what should be. Alongside making
| software as safe as possible, we should also be
| encouraging and expecting people to do this.
| benibela wrote:
| I used to set the append-only extended file attribute on
| important files
|
| No one can delete the files afterwards, not even root,
| without removing the attribute first
|
| It worked well with Mercurial, which is also append only.
| So I could commit as usually to my Mercurial repository,
| but it could not be deleted.
|
| Ironically, I stopped doing that, because it messed my
| backups up. When running the backups as root, some tools
| would add the flag to the backuped files, but then later
| backups as non-root could not replace the file with new
| versions.
| raverbashing wrote:
| This one is good as well (on the original thread):
| https://twitter.com/kevin/status/1256431142086955009
|
| Pro-tip: turn-on the alerts _after_ deploying the site.
| freedomben wrote:
| My favorite all time bug was the infamous "Bumblebee" commit of
| 2011[1]. IIRC this was the first github commit to go viral. Make
| sure you have 30 minutes to read the thread. It is gold.
|
| I have written variants of "GIANT BUG... causing /usr to be
| deleted... so sorry...." into commit messages over the years.
| Such a classic part of history.
|
| [1] Commit thread: https://github.com/MrMEEE/bumblebee-Old-and-
| abbandoned/commi...
|
| [2] Issue thread (not as good):
| https://github.com/MrMEEE/bumblebee-Old-and-abbandoned/issue...
|
| EDIT: Github is timing out trying to load it. May want to use
| archive.org:
| https://web.archive.org/web/20130613012555/https://github.co...
| tehlike wrote:
| If there is anything docker is helping a lot with, this is
| probably one. Except when you volume mount, but then damage is
| probably limited!
| contravariant wrote:
| That's the most hilarious diff I've ever seen.
|
| At least it's hilarious now, for some people it must've been
| horrifying.
| onemoresoop wrote:
| This is why in general I am not the first to get an update,
| unless I've been waiting for a fix for a while. I also think
| how shitty the person must have felt for the screw-up. We all
| screwed up at some point too, I remember removing a database
| by accident (it was a Dev, luckily not Prod and i was a
| junior 20 years ago. ), but having that stick like it does
| nowadays is not pleasant thought. I learned my lesson, and as
| a rule of thumb I always comb the code a couple of times
| before I commit.
| AceJohnny2 wrote:
| Also why web-powered rolling/staggered updates are a thing
| mrlonglong wrote:
| Lost in space ...
| xoa wrote:
| Hah, that is a good one (and earns sympathetic winces). Though
| my continuing "favorite" (more amusing in hindsight) similar
| one was when _Apple_ did that, back in like 2001 with, iTunes
| 1? iTunes 2? Or maybe it was one of the Mac OS X 10.1 updates,
| because it was end up of 2001 and I think we 'd already had
| 10.1 by that point, I moved to 10.0 from PB right away and 10.1
| was still out real fast. Edit: actually yeah it was iTunes 2.0
| end of October/November, I did have that saved somewhere.
|
| At any rate, lots of people at Apple back then brand new to
| Unix, NeXT was still integrating, everything was still coming
| together. And they made one of the absolute most classic Unix
| newbie whoops moments: they wanted to clean up old versions of
| iTunes, so the used rm -rf... without quoting the path. It had
| this IIRC: rm -rf $2Applications/iTunes.app 2
|
| with $2 as the path. But of course classic Mac users were used
| to having spaces in drive names and folders and so on. If you
| only had the startup drive no problem. But if you'd partitioned
| or had an external drive and it had a space in the name, ie
| "Disk 1", then that'd become rm -rf Disk
| 1/Applications/iTunes.app 2 and you were off to the races.
| There were some fun discussion threads about it, although
| unfortunately the only Apple Discussions bookmarks I have saved
| from back then all seem to be dead. Not sure if they're still
| archived somewhere and the links just no longer redirect or it
| was cleared out sometime.
|
| They got that pulled real quick too, but I always secretly
| wondered if the genesis of Time Machine was somewhere around
| there... backups were pretty rough at that stage of the game.
| Well, everything about Mac OS X was pretty rough, though
| exciting too.
|
| _Edit 2_ : Did find an old /. discussion about it that still
| works. Bit of a blast from the past reading through some of
| those, both in what has changed and what hasn't:
|
| https://apple.slashdot.org/story/01/11/04/0412209/itunes-20-...
| mhh__ wrote:
| Fallout 76 (amongst literally hundreds of recorded bugs) shipped
| with a bug that was able to brick PCs and consoles alike.
| rowanG077 wrote:
| Brick PCs?? How?
| Konohamaru wrote:
| This is a "usenet shock site" level screamer.
| HenryBemis wrote:
| Oh I laughed so hard!! Computing has come a loooooong way since
| the early 80s. Oh what a gift is for humanity, what a great tool
| (not the specific word processor but hey, we've all made
| mistakes).
| splintercell wrote:
| We once shipped a product (2011) which would delete user's
| account (and all his data) from the website when all they
| wanted to do is to 'unfollow' someone. It was hilarious issue
| of MySQL database issue, instead of deleting the record of the
| 'follow' it basically removed user's record and thus removing
| all their files and entries.
| quezzle wrote:
| Or put more positively:
|
| "I shipped a hard disk formatting utility that doubled as a word
| processor."
| userbinator wrote:
| Microsoft has had its share of giant fuckups too, although from
| memory they seem to be more recent:
| https://news.ycombinator.com/item?id=18189139
|
| I've been writing code for about as long as him, but because I
| started with Asm, which makes one become _really_ careful with
| buffer sizes, doing something like making one thing larger would
| not be done without carefully looking "down the line" to see if
| any further changes were required; and they almost certainly
| were. That's not to say I haven't corrupted files before, but
| fortunately nothing quite as catastrophic as wiping the disk.
___________________________________________________________________
(page generated 2020-05-02 23:00 UTC)