1. 7

    Instead of writing commit messages like:

    Fix mobile width issue

    We want to write commit messages like:

    Fix mobile width issue

    It seems that the various ‘edit’ links under the headers were right aligned and with some margin or negative margin (from the ‘row’ class) that was causing it to push out beyond the edge of the page on mobile leading to a weird space down the right.

    This seems to address it and uses flexbox instead of float right, I suspect the first pass of this site didn’t use flexbox for fear of compatibility issues but we can certainly use it now.

    Is it perfect? No, but it provides much more context, explanation and reasoning.

    It’s easy to criticise, but the author isn’t exactly practicing what they preach here:

    Further content

    Yeah, yeah. Should be a better commit message. Just read the changes.

    Editing pass

    Add further content to piece

    Further editing and examples

    Further edits

    Further edits

    Further editing and examples

    Further additions, edits & formatting

    It’s true that most of these changes don’t warrant an extended explanation of why the change was made, so instead of advocating for extended explanation in every commit message, perhaps it would be better to focus on at least trying to make the commit message identifiable, so that someone looking through the commit history can find the relevant commits easily.

    1. 6

      I think your comment is a bit pedantic, It’s clear the author just understood who the audience of the commit log of this repository is, it’s him. He doesn’t need to over explain changes when it’s copy editing a document that virtual no one is going to sincerely need to dive into the history of. Using that to try to dismiss the message is disingenuous.

      Commit messages are so often overlooked, but are consistently one of the most useful things when looking at a bug or trying to track down an issue. The intent and context of a change is so valuable when you are debugging why something broke. I’m all for this article and the numerous other articles which promote that we all should take them more seriously and put far more genuine effort into writing them. It’s a required skill IMHO.

      1. 4

        I believe that takes discipline but also experience. I still have hard time making truly atomic commits, but these days I usually write big and explanatory commit messages… so much so that I link the commit at the repo’s README many times. But this is because too many times in the past I wasn’t able to remember what is did there.. or why. Some times I had no idea that commit was mine and I don’t suffer from memory loss… so I am basically talking to my future self ELI5 style. Not always, occasionally there is the “Fix typos” commit ofc. But when I do bigger changes I try to add as much context as possible.

        1. 3

          I think your first paragraph is spot-on. Moreover, code and prose are different things and it shouldn’t be surprising that the best practices for a repo full of code are different from those for a repo full of text.

      1. 8

        The Go code looks to be overly complicated.

        One small improvement would be to use Go 1.16’s embed directive:

        //go:embed static/*
        var staticFiles embed.FS
        var staticHandler = func() http.Handler {
        	fSys, err := fs.Sub(staticFiles, "static")
        	if err != nil {
        		panic(err)
        	}
        	return http.FileServer(http.FS(fSys))
        }()
        

        In this example staticHandler is a http.Handler that serves everything inside the ./static directory, relative to the source file. The contents of the folder are embedded into the binary at compile time. This handler is understood by the standard library.

        1. 2

          The contents of the folder are embedded into the binary at compile time.

          That violates the constraints the author states for the program though? You are supposed to be able to serve an arbitrary path specified at program startup.

          1. 3

            I based my comment off the first line (in bold) of “The idea” section:

            why aren’t there any programs that I can download that serve literally just one file

            They also later state that a benefit of using Go is that it “Produce[s] static binaries”. I interpreted this to mean a single, dependency-free, binary is desirable for easy deployment.

        1. 2

          Trying to make progress on KASAN support for SerenityOS.

          Also hopefully going on a hike somewhere in the PWN!

          1. 3

            I’ll try to get a public instance up soon Public instance is nntp.scrollwheel.ca, just wanted to show off my weekend hacking project. As of now, it doesn’t have i.e background jobs, so it is a little rickety. I’m still not fully used to Elixir yet either, so the code is probably ugly.

            If you’re curious about what it looks like

            1. 1

              I was able to connect with neomutt :) pretty cool!

              1. 1

                About Elixir - you probably should run mix format on your codebase to clean it up a little to conform to community styleguide.

                1. 1

                  Will you be able to leave this up? I love the idea but would prefer to use it as a hosted service.

                  1. 1

                    Sure, I’ll keep it up.

                1. 5

                  Can you add something to the website on how to send patches to update the website it self? I would like to add MSVC resources for example :)

                  1. 1

                    Yes @fcambus, if there is a way for others to send you patches or update the content like in a wiki – it would be great. Your list is useful as it kind of creates a quick overview of the tooling available.

                    I would add JDK/Gradle toolchain. But would indicate that for, say NetBSD 9.x this toolchain does not work, unfortunately.

                  1. 1

                    I’ve been trying to maintain a lab notebook: http://lab.bjg.io/

                    1. 5

                      Could be a huge marketing move for Microsoft to look cool, and wouldn’t hurt much their profits as it’s all about Azure now.

                        1. 3

                          Updated: Apr 11, 2019

                          1. 3

                            2020 doesn’t help the case. MS carried on selling Xbox, Windows, and Dynamics, and renting LinkedIn to recruiters. Intelligent cloud went up but Microsoft is far from “all about Azure now”.

                      1. 1

                        olvid.io / made by actual cryptographers / fully encrypted metadata (really) / verified E2E at the initialization of the conversation / no contact list sent / soon opensourced / made in EU.

                        NB: i’m not working there.

                        1. 2

                          Looks like it’s a company with a for profit offering, why put your future in their hands? https://www.olvid.io/enterprise/en/#pricing

                          1. 2

                            it sounds a bit dramatic, “my future” :)

                            Why would I put “my future” in the hands of Signal? Telegram? Berty? Session? or foobarBozoSecureMessenger :)

                            Sadly, our entire landscape is “for profit”, our phones are “for profit”, our computers are “for profit” and this is where the messenger runs.

                            I want alternatives, I’m happy to see them in EU (where I live) outside US or outside China, Russia where we have slightly stronger privacy protecting laws.

                            I don’t want to send my contact list for accessing a service and I don’t need to see who’s using the app. I want to see competitors that actual have provable verified end to end cryptography at communication channel establishement, not just if/when you verify your peer by checking fingerprints or scan the QR codes, it helps improving the “landscape”.

                            Luckily, I’ve met with one of the cryptographer behind olvid back when he was a PhD student in Vaudenay’s lab and trust his (and peer’s) skills more than SV personality cults & stories and I guess not everybody has revenge (just a guess) driven billionaire’s friend to fund a competing “product” :)

                            I don’t mind to pay/bet for a product that works and reward people that did a great job, taking risks and trying to innovate and propose something different. I am also fine with open, federated, community based and open services like IRC.

                            Maybe some interoperability would be nice, but haha utopia.. :)

                            Yeah I might be wrong, it’s just my nobody’s choice, btw here are olvid crypto specs:

                            Cheers :)

                        1. 6

                          Let me save you five minutes of reading a buzzfeed list in the form of an ACM queue article:

                          1. Set your alarm and wake up at the same time each day.
                          2. Shower and dress as if you’re going to the office as you normally would.
                          3. Set a finishing time for each day and stick to it.
                          4. Take frequent breaks of at least 15 minutes per two-hour block throughout the day.
                          5. Silence all your messaging apps.
                          6. Do not use social media during your breaks.
                          7. Arrange social time with actual humans outside of work.
                          8. Exercise.
                          9. Use your old commute time to learn something new.
                          10. If you schedule meetings, make them count.
                          1. 2

                            I found the article fun enough to read. But this this was the first thing I’ve ever read by Kode Vicious.

                            1. 2

                              I did none of these things structurally while working remotely for over 5 years and it was fine. Do not follow authority blindly. Figure out what works best for you.

                            1. 2

                              So far I’ve had my biggest success using actix, though I was used to futures pre async/await. I’d say the ecosystem really lacks some of the stuff you’d just get out of the box from rails/django etc. (Though async mysql can be a real pain in python also..)

                              I’ve had to implement basically everything based on different libs of my web-service-controller. So auth, 2FA, login verification, DB etc. I may have gone a little bit overboard by using sled as DB, making me implement my own indices on top of a KV-Store.

                              1. 1

                                I’ve had to implement basically everything based on different libs of my web-service-controller. So auth, 2FA, login verification, DB etc.

                                Is there anything you built that could be bundled up into it’s own crate and re-used as an actix add-on crate? Sounds like you have built some of pieces that would fill a substantial gap in the ecosystem today?

                                1. 1

                                  Oh, I don’t think I expressed that very well. I’ve used for all of this different crates that already do some of the core functionality (TOTP for 2FA, bcrypt implementation, etc) but the thing was to find good crates, wire this all up into one thing and add some kind of user permission system on top and having this verification for every relevant API path. The latter done by three big macros. (Yeah I’ll have to experiment with some kind of middleware but this will also include the next actix upgrade..)

                                  I ended up creating a REST like json API and just the typical react frontend that calls this. Though I feel a little bad for my choice of bitflags for different permissions, this is bad to use in javascript.

                              1. 2

                                How did they get the source code, when it is proprietary software?

                                Also wouldn‘t this kind of attack easily be mitigated by using open source software? Someone would‘ve found out that the signature of the distributed binary doesn‘t correspond to the self compiled one.

                                1. 4

                                  How did they get the source code, when it is proprietary software?

                                  The screenshots look like decompiled dotnet binaries to me, given dotnet binaries are just IL with a substantial level of metadata in the resulting binary, decompiled csharp looks a lot like the original source.

                                  See: https://docs.microsoft.com/en-us/dotnet/framework/tools/ildasm-exe-il-disassembler or https://www.jetbrains.com/decompiler/

                                  1. 4

                                    Also wouldn‘t this kind of attack easily be mitigated by using open source software? Someone would‘ve found out that the signature of the distributed binary doesn‘t correspond to the self compiled one.

                                    Who? Have you or anyone you personally know ever done this for a single software package on your system?

                                    1. 1

                                      Someone would‘ve found out that the signature of the distributed binary doesn‘t correspond to the self compiled one.

                                      This would require “reproducible builds” which are currently difficult to do in most build environments and consequently uncommon.

                                      1. 1

                                        Do you have any information to back up this claim? I’d think that reproducible builds are quite common, especially in security applications.

                                        1. 2

                                          Personal experience? Reproducible builds do exist, and some projects (like Debian) even put a lot of effort into making them work. I would be…let’s say somewhat surprised if Solarwinds has reproducible builds.

                                    1. 10

                                      The new Windows terminal is a step up from the old one but I find it silly that I have to edit json to make configuration change to a GUI application.

                                      1. 2

                                        That was kind of a trendy thing there for a minute. Atom originally had no settings GUI, for example. And VS Code exposes all its settings as JSON even though most or all have a GUI as well these days. I never particularly liked it, especially since JSON is painful to edit by hand.

                                        1. 2

                                          I think it started with Sublime Text. (And I think it’s terrible!)

                                        2. 1

                                          There appears to be active work on a UI for Settings. See: https://github.com/microsoft/terminal/pull/8403#issuecomment-747545651

                                        1. 2

                                          My favorite thing I learned about git stash recently is that you can just go edit the stash ref list file if you want to give your stashes better names. Just open up .git\logs\ref\stash in your favorite editor and rename the stashes as you see fit.

                                          It looks something like:

                                          0000000000000000000000000000000000000000 b77a4fd5c052a9ec212780eca4952540ad882bcb Author <author@example.com> 1563653910 -0700     My Special Stash Message just for lobste.rs
                                          b77a4fd5c052a9ec212780eca4952540ad882bcb 36ab6d95465bcce60636aa398cdf95350f5fc688 Author <author@example.com> 1564602521 -0700     Example of another stash message that I edited just for lobste.rs
                                          

                                          Also, if your list of stashes ever grows to a large amount, you can use tig to browse the stash list with tig stash. In that view by default maps the ! key to drop the stash. This lets you easily browse through the list of stashes, seeing what’s in them, and dropping all the stuff you don’t care about.

                                          1. 4

                                            This is a list of various Rust applications that I either use or keep close watch on.

                                            I’ve used most, if not all, programs in the list.

                                            Can anyone think of anything to be added that I may have missed?

                                            1. 9

                                              I’m partial to https://github.com/antifuchs/chars (being the author) - I use it every few weeks.

                                              1. 2

                                                Very nice, I can see myself using this as well. I’ll add it right now along with spieglt’s software that was shared above.

                                              2. 8

                                                https://meli.delivery/ terminal email client

                                                1. 2

                                                  Jeez, I actually know of that and follow it’s development. How could I forget to put this on the list!?

                                                  Thanks for reminding me, adding it now.

                                                2. 4

                                                  I saw you had a Gameboy emulator on there, I wrote an NES one if you’re curious: https://github.com/spieglt/nestur. And a password-based file encryption utility: https://github.com/spieglt/cloaker.

                                                  1. 3

                                                    That NES emulator looks great, I’ll be sure to add that! As for cloaker; I’ll still add it, but I’m going to add a disclaimer about it using Qt.

                                                    This is nothing against you, I just personally have an irrational hatred for Qt.

                                                    1. 2

                                                      Thanks! And totally get it re: Qt. I hate that wrapping Rust as a static lib in a C++ program was the easiest way I found to have a cross-platform, lightweight, standalone binary.

                                                    1. 1

                                                      Sorry for the late reply, I was working. Added them!

                                                      Though I did add a warning about topgrade, as it runs specific system commands that may or may not be installed on your system. I don’t use it, so I’m not sure if they added error handling for that. But I felt the need to put the warning in regardless.

                                                    2. 3

                                                      I think people could use this in different ways, but I didn’t see a list of Rust users on the Rust website after a very quick inspection. Your list might be a helpful contribution to the website as some people like to learn by digging into a real project.

                                                      1. 2

                                                        There’s a very hidden one that was moved over from the last website, but such lists were removed from the current rendition of the page. The reason here is simply: such lists need to up-to-date and maintained (including going through and removing items). The old website had this a ton (such as the famous FAQ and the meetup list). This is a surprisingly high drag on maintainers.

                                                        People liked it on an emotional level, but for new users, it was very bad, as meetups went in and out of existence and the FAQ famously stated that Rust is not yet adopted in Firefox when we moved over to the next one. Those are just 2 examples. Our strategy now is that if you feel the urge to add an FAQ, it should probably land in one of the books or some actually maintained documentation.

                                                    1. 31

                                                      I’ll microoptimize my personal site once all proof-of-work blockchains are abolished.

                                                      1. 26

                                                        I get your point, but also… Be the change you want to see.

                                                        1. 11

                                                          I think by running this calculator on my site I generated more CO2 than the supposed 1-2 visitors per month do while visiting my page.

                                                          Also this example calculations. While neat, completely useless. When I move the visitors to 19500 per month it jumps to “2 trees” everything below that is “1 tree”. Well, yes, sure, that’s only a factor of 1000…

                                                          1. 2

                                                            Presumably the article author has more traffic than that.

                                                            1. 1

                                                              I certainly hope so, but this more related to what gerikson said, also note the last line of the post:

                                                              What’s the carbon footprint of your website? What steps will you take to reduce it?

                                                          2. 6

                                                            I’m very sceptical of the calculator but it says my personal site would use 8kWh with 10k visitors per year. 1 watt per hour.

                                                            That’s nothing!! Focus on things in your life which matter, e.g. if you don’t run your air conditioner as much, you’d easily save 8kWh in just a couple of days.

                                                            Or don’t eat a steak and you’re able to run my website for like 4 years.

                                                          3. 8

                                                            @yarmo & @cos

                                                            Both your point postulate that micro-optimizing your personnal website is significant to “save the planet”.

                                                            Not going into politics here, but from a computer-science point of view everything is about trade-off.

                                                            Is the effort spent optimizing your personnal website has a valuable impact on the problem your trying to solve ?

                                                            One could argue that personnal websites are definitely not a significant part of the energy used nowadays, and far lower than blockchains related stuff.

                                                            That’s how I understand @gerikson point of view.

                                                            But then again, it does not forbid you to optimize your website if you feel like it.

                                                            1. 4

                                                              Is the effort spent optimizing your personnal website has a valuable impact on the problem your trying to solve ?

                                                              One could argue that personnal websites are definitely not a significant part of the energy used nowadays, and far lower than blockchains related stuff.

                                                              To take a counter point, you frame your point as coming from a computer-science point of view, but you didn’t acknowledge that a lot of innovation in CS happens via grass routes movements where individuals work on a problem, and then industry adopts those solutions. If people start optimizing their personal sites, maybe they will take what they’ve learned on their own time and start doing it more at their job as well, maybe those people present their work at reducing COGS by reducing energy usage for some Top 500 websites. That could have real impact on the industry via knock-on effects. In my point of view this is how we as individuals can effect change in the industry, by working on problems and helping to disseminate them to the masses.

                                                              1. 3

                                                                a lot of innovation in CS happens via grass routes movements where individuals work on a problem, and then industry adopts those solutions.

                                                                Industries adopt a solution not just because its trendy or because the common people use it, but more propably because this a profitable solution.

                                                                I understand your point, but that is a lot of “maybe”.

                                                                1. 3

                                                                  Industries adopt a solution not just because its trendy or because the common people use it, but more propably because this a profitable solution.

                                                                  The point is that you can increase profits by reducing the energy consumption of the software you are running in your own, or co-located data centers. Many companies throw money at the problem instead, people who have experience tuning for lower energy usage are, and will continue to be valuable assets to their teams. Practicing on your own projects is a useful and worthwhile exercise.

                                                                  I understand your point, but that is a lot of “maybe”.

                                                                  ¯\_(ツ)_/¯

                                                              2. 2

                                                                Both your point postulate that micro-optimizing your personnal website is significant to “save the planet”.

                                                                Actually, what I said is quite literally the opposite. Micro-optimizing my website will not save the planet. But if I’m not willing to go the extra mile, how can I expect a larger website with significant climate impact to do that without being a hypocrite?

                                                                1. 1

                                                                  Hi @yarnmo,

                                                                  @puffnfresh answer what I would say too.

                                                                  And like I said previously, that should not stop you from doing it !

                                                                2. 1

                                                                  Both your point postulate that micro-optimizing your personnal website is significant to “save the planet”.

                                                                  Nope. My point is that the existence of worse offenders does not let you off the hook for your offenses. If you voluntarily maintain an excessively inefficient system which can be easily optimized, that’s on you. Just because there exist others who maintain massively more inefficient systems, that does not excuse the inefficiency of yours.

                                                                  Is the effort spent optimizing your personnal website has a valuable impact on the problem your trying to solve ?

                                                                  The effort is minimal. In the case of a personal website, what is one trying to solve? Sharing their identity and ideas with the world? Why should that ever require layer upon layer of excessively wasteful JavaScript-heavy frameworks?

                                                                  One could argue that personnal websites are definitely not a significant part of the energy used nowadays, and far lower than blockchains related stuff.

                                                                  Yes, this is necessarily true. However, it is irrelevant to the point I was making. If you care about waste, then reduce waste. Don’t wait to reduce waste until those more wasteful reduce theirs.

                                                                3. 10

                                                                  Yeah! And I’ll ride my bike to work once all trucks are abolished! And I’ll stop littering once all illegal dumpers are prosecuted! And I’ll recycle my plastics once all oil refineries are shut down! And I’ll go vegan once all poachers are lynched!

                                                                1. 3

                                                                  Code and commits last. Source code management systems expire.

                                                                  Perhaps some of this is a place for a very good set of paragraphs in the commit message.

                                                                  1. 3

                                                                    I have never been able to do a good job with commit messages. I appreciate groups that force commits to follow an exact pattern and use them to describe the pull request.

                                                                    I’d like to improve on this. Still, with squashed commits you lose information.

                                                                    1. 6

                                                                      Still, with squashed commits you lose information.

                                                                      It’s the person who is squashing the commits responsibility to re-construct the commit messages into an uber cohesive message with all the same detail. It’s a very good reason to ask the pull request author to squash their own commits before merging, and the reviewer can then validate the resulting commit message before merging.

                                                                      1. 2

                                                                        Uh, but why squash the commits, instead of keeping them separate, and thus ideally understandable in small pieces? Personally, before opening a PR, I typically do a lot rebasing and massaging to make the history as easy to review and understand as possible; I’m not sure what value would be then in squashing it into a single uber commit?

                                                                  1. 25

                                                                    So many:

                                                                    1. If there’s a piece of code that’s not doing what you expect, add a loop around it whose condition is a variable that can be modified by the debugger. The resulting binary can be effectively unchanged such that the loop executes once, but if a debugger is present and you see the strange behavior, you can go back and step through it. 1a. This can also be done by modifying the instruction pointer, but that requires restoring register state. I do this too but it’s more tricky.
                                                                    2. The unused portion of the stack often contains clues about what happened recently.
                                                                    3. Break on access (ba in WinDbg) uses CPU registers to break on a memory address when it’s used. This is wonderful for tracking how state moves across a system, or tracking when locks are acquired and released, etc.
                                                                    4. Using breakpoints with conditions allows things like breaking on a common thing, like opening a file, printing out the state of the operation, and resuming execution, allowing interesting conditions to be logged.
                                                                    5. While very common, it’s also useful to get a debug memory allocator that can do things like mark pages as invalid on free (to generate access violations on use after free), or add a guard page after a memory allocation (to cause access violations on memory overruns.) A good one of these can also keep around allocation information after free for debugging, such as the stack that freed memory, and track the number of allocations to detect leaks.
                                                                    6. Altering thread priorities in the debugger is one way to promote the code you’re trying to look at and/or demote code that’s interfering with you.
                                                                    7. If you have a race condition, thoughtfully adding sleep in the right place can provoke it allowing it to be debugged and understood.
                                                                    8. If code aborts in ways you don’t expect, add a breakpoint to the exception filter (which decides which handlers to execute.) This executes when the full stack that caused the exception to be raised is present.
                                                                    9. Further to the previous comments about patching code, if you’re stepping through code and a branch goes somewhere you don’t want, change the instruction pointer. If you want that branch to happen again, change the condition jump to an unconditional jump.
                                                                    10. In WinDbg, dps on import tables or import table entries to show where indirect calls will go. This is useful when something else is trying to hijack your code.
                                                                    11. Keep an in memory circular log of interesting cases in your code. This log often doesn’t need to be big, and doesn’t need to allocate on insert, but if something bad happens in your code you can dump the interesting cases that were hit recently.
                                                                    1. 5

                                                                      If there’s a piece of code that’s not doing what you expect, add a loop around it whose condition is a variable that can be modified by the debugger. The resulting binary can be effectively unchanged such that the loop executes once, but if a debugger is present and you see the strange behavior, you can go back and step through it

                                                                      You don’t need this if you have a reverse debugging tool. Gdb has basic support, but I usually use rr.

                                                                      1. 5

                                                                        Reverse debugging isn’t supported universally (unfortunately) because of it’s implementation details, for example rr can’t run on a variety of apps (including the one I work on every day) because it depends on emulating syscalls, and there are a bunch which are impossible / hard to implement. See: https://github.com/mozilla/rr/issues/1053 There are also contexts where reverse debugging doesn’t work such as in kernel mode on many systems, or in other “special” environments.

                                                                        1. 1

                                                                          Reverse debugging is incredibly useful. Unfortunately, even when using gdb, there are situations when you can not reverse debug due to lack of support from the target. This would be the case for e.g. all embedded development.

                                                                        2. 2

                                                                          Break on access (ba in WinDbg) uses CPU registers to break on a memory address when it’s used

                                                                          GDB / LLDB call this watchpoints. These are most useful in WinDbg if you’ve got a deterministic test failure, because you can turn on tracing, go to the crash, set the watchpoint, and then run the program in reverse.

                                                                          If code aborts in ways you don’t expect, add a breakpoint to the exception filter

                                                                          On *NIX, the equivalent is adding a signal handler.

                                                                          Keep an in memory circular log of interesting cases in your code

                                                                          I can’t overstate how useful this is. In Verona, we have a flight recorder like this (which records format strings and associated values so you can do printf-like things in the replay but don’t need to do expensive printf-like things in normal operation). This is made even more useful by systematic testing, where the runtime provides deterministic scheduling of threads, driven from a pseudo-random number generator with a provided seed. This is incredibly useful, because if we get a failure in CI then we can always reproduce it locally. I miss that facility a lot when I use any other environment.

                                                                        1. 21

                                                                          Most people learn to use debuggers as a observation tool, and don’t normally take it to the next level of using it to alter the system to force or fix a problem. One example of this, is patching instructions in the debugger while you are debugging. For instance to patch an instruction to a NOP in WinDbg (the windows systems level debugger), you can use the eb command. See reference.

                                                                          0:070> eb 000000006a4dd058 90
                                                                          

                                                                          Searching the memory address space for specific patterns is also an underused technique in my experience. Useful for finding hints when investigating a memory corruption. In WinDbg the following command sequence will search the address space for any memory locations pointing to 0x2e78042940 using the s command, and then dump some information about each matching address using the !address command:

                                                                          0:070> .foreach (theAddress  {s -[1]q 0x00000000 L?0xFFFFFFFFFFFF 2e78042940}) { .echo ${theAddress}; !address ${theAddress} }
                                                                          

                                                                          On a similar note, WinDbg’s dps command can be used to symbolize vtables or function pointers in a memory region, another tool in the toolbox for debugging memory corruptions. See reference.

                                                                          1. 1

                                                                            Does anyone have streams you recommend watching?

                                                                            1. 5

                                                                              Also it’s not twitch, but you gotta tune into Andreas Kling hacking on SerenityOS :) https://www.youtube.com/channel/UC3ts8coMP645hZw9JSD3pqQ

                                                                                1. 2

                                                                                  Some that I have enjoyed:

                                                                                  And finally one because the question was not specifically code related: https://www.twitch.tv/broxh_

                                                                                  I have found twitch a really interesting platform for creator - viewer engagement. Seeing my username on a subscribe popup and getting a “thanks for the follow” for the first time was a little surreal.

                                                                                1. 19

                                                                                  Worth reading to the end just for the totally evil code snippet.

                                                                                  It was kind of foreshadowed to be evil when the author named it “skynet.c” I guess.

                                                                                  1. 4

                                                                                    Reminds me of the Java-code we used to see around 2000.

                                                                                    With a RuntimeException try-catch at the top and then just print it and continue like nothing happened.

                                                                                    How much bad bugs, data corruption and weirdness did that practice cause?

                                                                                    1. 1

                                                                                      How is that any different from kubernetes and “just restart it”? Its mostly the same practice ultimately, though with a bit more cleanup between failures.

                                                                                      1. 2

                                                                                        I guess it depends on whether you keep any app state in memory. If you’re just funnelling data to a database maybe not much difference.

                                                                                    2. 2

                                                                                      Now I start to wonder, how the correct code should look like (as opposed of jumping 10 bytes ahead).

                                                                                      Read DWARF to figure out next instruction?

                                                                                      Embed a decompiler to decode the faulty opcode length?

                                                                                      1. 4

                                                                                        Increment the instruction pointer until you end up at a valid instruction (i.e., you don’t get SIGILL), of course ;)

                                                                                        1. 7

                                                                                          I have code that does this by catching SIGILL too and bumping the instruction pointer along in response to that. https://github.com/RichardBarrell/snippets/blob/master/no_crash_kthxbai.c

                                                                                          1. 2

                                                                                            Brilliant. I’m simultaneously horrified and amused.

                                                                                          2. 1

                                                                                            SIGILL

                                                                                            That’d be a pretty great nerdcore MC name.

                                                                                          3. 1

                                                                                            If you want to skip the offending instruction, à la Visual Basics “on error resume next”, you determine instruction length by looking at the code and then increment by that.

                                                                                            Figuring out the length requires understanding all the valid instruction formats for your CPU architecture. For some it’s almost trivial, say AVR has 16 bit instructions with very few exceptions for stuff like absolute call. For others, like x86, you need to have a fair bit of logic.

                                                                                            I am aware that the “just increment by 1” below are intended as a joke. However I still think it’s instructive to say that incrementing blindly might lead you to start decoding at some point in the middle of an instruction. This might still be a valid instruction, especially for dense instruction set encodings. In fact, jumping into the middle of operands was sometimes used on early microcomputers to achieve compact code.

                                                                                          4. 2

                                                                                            Here’s a more correct approach: https://git.saucisseroyale.cc/emersion/c-safe

                                                                                            1. 1

                                                                                              Just don’t compile it with -pg :)