Fork and Log

« Return to Article
  • MP79 2013-02-13 08:06
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
  • William Imm 2013-02-13 08:07
    Excpection occurred writing FRIST entry.

    CAPTCHA: causa (and effecta?)
  • What? 2013-02-13 08:16
    It's also not platform independent...
  • jspenguin 2013-02-13 08:27
    And what happens when the application tries to log "; rm -rf / # ?
  • Bobby Tables 2013-02-13 08:28
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...
  • fjf 2013-02-13 08:30
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)
  • fjf 2013-02-13 08:37
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...
    "Hey, Adam, you broke my code! I always do
    error(foobar, "waiting for data; sleep 1");
    After your last change, this doesn't wait for the data anymore."

    http://xkcd.com/1172/

    Akismet is great. Akismet is great. Akismet is great. Akismet is great. Akismet is great. Akismet is great.
  • Koblin 2013-02-13 08:45
    "Hey, Adam, you broke my code! I always do

    error(foobar, "waiting for data; sleep 1");

    After your last change, this doesn't wait for the data anymore."

    That wouldn't actually work, as Runtime#exec isn't a fully-fledged shell. The reparsed log message will be passed as arguments including ";" to /usr/bin/logger rather than being used to spawn additional processes.
  • Steve The Cynic 2013-02-13 08:53
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)

    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.
  • QJo 2013-02-13 08:57
    I have cause on occasion nowadays to read java (rarely needing to write it any more) and have at time bewailed the fact that log4j isn't routinely used. The answer I get is that the logging package and the techniques therein were written well before log4j was invented, and there is no need to break a perfectly well-written and documented existing package, despite its having been written in-house.

    This may have been the reason behind the initial coding of this particular instance, but the follow-up thought (that this is perfectly well-written) is admittedly less accurate.
  • QJo 2013-02-13 08:58
    Steve The Cynic:
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)

    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.


    That's not a finger. That's a dick.
  • nix 2013-02-13 09:07
    Steve The Cynic:
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)

    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.


    In other words, use the Chainsaw logging tool to truncate the programmer.
  • BogusArgumentException 2013-02-13 09:07
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...

    Since when does Runtime.exec() calls a shell interpreter?
  • Blagh 2013-02-13 09:17
    I had a similar thing once, where I could write the error to the log about the error writing to the log - there were unicode characters in the original error message that couldn't be translated to the ASCII-encoded output.
  • Blagh 2013-02-13 09:19
    I would like to see you try logging with only a hammer and nail...
  • F 2013-02-13 09:23
    Steve The Cynic:
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)

    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.


    No, no - that's the zeroth finger.
  • Aris 2013-02-13 09:48
    The first thing I see in this code is the remote code execution bug. Performance problems are secundary to this
  • fjf 2013-02-13 09:48
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
  • foo 2013-02-13 09:53
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
    Actually, a nail is preferable. With a fork you get triple lines.
  • Paul Neumann 2013-02-13 10:18
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!
  • OldCoder 2013-02-13 10:20
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...

    Heh. Interesting. Way to get sidetracked...

    Well, it is a slow afternoon here...
  • Anon 2013-02-13 10:20
    Wowza. That's a lot of hassle to avoid using the built-in logger.

    static final Logger logger = Logger.getLogger(ActiveModel.class.getName());
    
    try
    {
    logger.addHandler(new FileHandler("myLogFile.log", true));
    }
    catch (SecurityException | IOException e)
    {
    System.out.println("No logging for you.");
    }
  • Yazeran 2013-02-13 10:22
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...


    Yep, with the added bonus as being fireproof (actually a fire may in some instances improve durability, refer Knossos)

    Yours Yazeran

    Plan: To go to Mars one day with a hammer.
  • Anymouse 2013-02-13 10:32
    A Perl programmer wrote this. They cannot help themselves. They will do it every time.
  • Tractor 2013-02-13 11:17
    Koblin:
    "Hey, Adam, you broke my code! I always do

    error(foobar, "waiting for data; sleep 1");

    After your last change, this doesn't wait for the data anymore."

    That wouldn't actually work, as Runtime#exec isn't a fully-fledged shell. The reparsed log message will be passed as arguments including ";" to /usr/bin/logger rather than being used to spawn additional processes.


    Right, so the real WTF is incorrect comments getting featured. Although I must admit it is more fun that way. He should have executed "/bin/sh -c logger blahblahblah". That immediately saves you from having to type the exact path to logger, so it's better right?
  • LoremIpsumDolorSitAmet 2013-02-13 11:23
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.
  • urza9814 2013-02-13 11:47
    LoremIpsumDolorSitAmet:
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.


    Santosh, having been driven insane by the immense pressure, had recently taken the president's daughter hostage. Seeing his laptop nearby, still logged into the SVN server, she knew this was her only chance for rescue. She waited until he was distracted, and then began typing her message. Knowing Santosh would quickly discover this attempt, she had to encode it in a code segment that appeared to match his usual poor quality. So she typed away some seemingly useless code into the logger routine and committed the changes. Unfortunately, the first person to stumble across that particular code segment was Adam C., who failed to perceive its importance.

    Since the message was deleted, she was never rescued and was killed by Santosh, who then committed suicide.

    Good job Adam. Way to go. All your fault.
  • Steve The Cynic 2013-02-13 11:48
    LoremIpsumDolorSitAmet:
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.

    From what I recall of Santosh's code, grilling him would be appropriate. I recommend emulating the folks who used to grill burgers at the student union when I was at uni - they could persuade half a dozen ordinary quarter-pound burgers to produce a sheet of flame about four feet tall.
  • chubertdev 2013-02-13 12:32
    I'll never understand why most error logging that you see is exceptionally horrible.
  • Anonymous 2013-02-13 12:38
    Steve The Cynic:
    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.
    That gives a whole new meaning to "giving the finger".
  • wombat willy 2013-02-13 13:37
    What a forking joke
  • fennec 2013-02-13 13:42
    Paul Neumann:
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!


    Runcible spoon or GTFO.
  • AN AMAZING CODER 2013-02-13 14:11
    QJo:
    I have cause on occasion nowadays to read java (rarely needing to write it any more) and have at time bewailed the fact that log4j isn't routinely used. The answer I get is that the logging package and the techniques therein were written well before log4j was invented, and there is no need to break a perfectly well-written and documented existing package, despite its having been written in-house.

    This may have been the reason behind the initial coding of this particular instance, but the follow-up thought (that this is perfectly well-written) is admittedly less accurate.


    I was going to troll you about using log4j, considering it's pretty old and being replaced by Logback (and even SLF4J). But, if those are the type of people you deal with, you don't deserve that type of trolling :-(
  • Paul Neumann 2013-02-13 14:15
    fennec:
    Paul Neumann:
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!


    Runcible spoon or GTFO.

    Still a quad line.
  • Paul Neumann 2013-02-13 14:21
    Anonymous:
    Steve The Cynic:
    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.
    That gives a whole new meaning to "giving the finger".
    No, it doesn't. The symbolism remains intact.
  • Nagesh 2013-02-13 14:46
    Can a logger call itself to log exceptions?
  • laoreet 2013-02-13 14:50
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.


    You never look at error logging on systems that work, because, well...they work.
  • VinDuv 2013-02-13 14:56
    In the same vein, I’ve seen this way to determine if a process is still running :

    proc = subprocess.Popen("ps -fed | grep " + str(process.pid), shell=True, stdout=subprocess.PIPE)
    
    output = proc.stdout.read()
    proc.wait()
    is_alive = (process_name in output)


    Not only this code create three processes each time it runs, but the probability of false positives is relatively high…
    The kicker? Since the process in question was started by the Python’s subprocess module, the previous code can be rewritten to:

    is_alive = (process.poll() is None)
  • Joe 2013-02-13 15:03
    foo:
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
    Actually, a nail is preferable. With a fork you get triple lines.

    The fork will put more holes into the trunk than a nail, making your logging three or four times faster.
  • J-71 2013-02-13 15:36
    Maybe this is a naive question, but why did the try block fail, anyway?
  • BillR 2013-02-13 16:01
    Anymouse:
    A Perl programmer wrote this. They cannot help themselves. They will do it every time.


    Naw, Sys::Syslog is part of the perl core, and easy enough to use.

    Bad code (or, rather, code that doesn't use built-in language features) is easy to write in any language, you know.
  • Key Logger 2013-02-13 16:33
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.
    No one designs for errors, so no one tests for errors, because no one wants errors, therefore they play this little mental mind trick and fool themselves into believing there will not be errors.

    I mean, did you ever sit down in a project kickoff meeting and hear "first of all, we want any problems that come up to be recorded in a way that will support statistical analysis to help us find and learn from our mistakes"?

    No. We don't make mistakes, so why would we want to know about them?

    That's also how most security vulnerabilities arise.
  • Norman Diamond 2013-02-13 20:09
    Nagesh:
    Can a logger call itself to log exceptions?
    Of course. We saw it right here, and we've seen other examples in the past.
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.
    Well in cases like this, it's exceptionally exceptionally horrible, and when that fails it's exceptionally exceptionally exceptionally horrible.

    Also don't forget all those programs that use exceptions to process ordinary, expected events. Logs of those events are even more exceptionally horrible. Success can be worse than failure.
  • Coyne 2013-02-13 21:57
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...


    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
  • Marco 2013-02-13 22:22
    urza9814:
    LoremIpsumDolorSitAmet:
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.


    Santosh, having been driven insane by the immense pressure, had recently taken the president's daughter hostage. Seeing his laptop nearby, still logged into the SVN server, she knew this was her only chance for rescue. She waited until he was distracted, and then began typing her message. Knowing Santosh would quickly discover this attempt, she had to encode it in a code segment that appeared to match his usual poor quality. So she typed away some seemingly useless code into the logger routine and committed the changes. Unfortunately, the first person to stumble across that particular code segment was Adam C., who failed to perceive its importance.

    Since the message was deleted, she was never rescued and was killed by Santosh, who then committed suicide.

    Good job Adam. Way to go. All your fault.
    Magyver would have just held down the space bar until the laptop overheated and the room caught fire....
  • fasas 2013-02-13 22:47
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...


    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.


    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.
  • berd 2013-02-14 00:49
    fasas:
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...


    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.


    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.


    What the actual fuck are you talking about?
    Do you understand the irony in calling someone an unoriginal hipster then proceeding to demonstrate your apparent knowledge of the same fads you (conveniently) now hate in your tirade of abuse?
    You are a fop.
  • Severity One 2013-02-14 02:22
    Ah, there's the bottleneck:
    public void error(String logID, String errStr) {
    
    StringBuffer errLogCmd = new StringBuffer("/usr/bin/logger -p ");
    try {
    Runtime rt = Runtime.getRuntime();
    errLogCmd.append(errlogFacility);
    errLogCmd.append(" -t ");
    errLogCmd.append(logID);
    errLogCmd.append(" ");
    errLogCmd.append(errStr);
    rt.exec(errLogCmd.toString());
    } catch (Exception ele) {
    System.out.println("Exception encountered writing error log." + ele.getMessage());
    }
    }
    He should have used StringBuilder instead. No need for a thread-safe object that is instantiated within a method. Geez, don't people read the JavaDocs?
  • foo 2013-02-14 02:25
    Paul Neumann:
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!
    Thank you, Sheldon.
  • fjf 2013-02-14 02:25
    Yazeran:
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...


    Yep, with the added bonus as being fireproof (actually a fire may in some instances improve durability, refer Knossos)
    Would've helped with yesterday's WTF.
  • Severity One 2013-02-14 02:28
    Norman Diamond:
    Also don't forget all those programs that use exceptions to process ordinary, expected events. Logs of those events are even more exceptionally horrible. Success can be worse than failure.
    We're still dealing with an internally developed API (and I'm using the word loosely here) that throws java.lang.Exception. For everything. If something goes wrong, if there's a database exception, or if an object is not found, you get a java.lang.Exception.
    As a side note, the database it accesses has no integrity constraints.
  • fjf 2013-02-14 02:29
    Tractor:
    Koblin:
    "Hey, Adam, you broke my code! I always do

    error(foobar, "waiting for data; sleep 1");

    After your last change, this doesn't wait for the data anymore."

    That wouldn't actually work, as Runtime#exec isn't a fully-fledged shell. The reparsed log message will be passed as arguments including ";" to /usr/bin/logger rather than being used to spawn additional processes.


    Right, so the real WTF is incorrect comments getting featured. Although I must admit it is more fun that way. He should have executed "/bin/sh -c logger blahblahblah". That immediately saves you from having to type the exact path to logger, so it's better right?
    OK, so perhaps there's no arbitrary code execution, but you probably could add some options to logger, e.g. to override the log priority or tag or (perhaps depending on the version of logger) send data to an arbitrary socket (-u), and at least screw up the actual log message (by cutting out what looks like options), intentionally (to obscure some other attack) or unintentionally (to make the log even less useful when needed).
  • MightyM 2013-02-14 02:46
    fasas:
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...


    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.


    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.


    I didn't even read the text and knew it was some fag copying the same overused rant. It's not clever. It's not funny. Just the word "colors" was all I needed to know that you were copying the rant without even adapting it to the post you're replying to.

    It was funny to read when it came out. It's NOT funny when someone copy-pastes it every f***ing time they see a XKCD link.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.


    Got anything to do with sanitizing inputs to a SQL database, etc.? Rant about Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Rant about the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Rant about the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.
  • Bobby Tables 2013-02-14 03:13
    fasas:
    Coyne:
    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
    I didn't even click on the link and knew it was some fag linking xkcd.
    Wow, so you are able to see "xkcd.com" and recognize it's linking xkcd without clicking on it. You're a genius.
    Just the word "colors" with a link under it
    ... except you slightly misspelled "xkcd" ...
    and the short, useless, one sentence post
    ... and slightly miscounted the sentences ...
    was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".
    ... and slightly confused "knowledge" with "ignorance" and "colors" with "workarounds" ...
    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables.
    ... and abused my good name. There's not even an SQL database here, just a stupid logger.
  • Swedish tard 2013-02-14 03:44
    Severity One:
    Ah, there's the bottleneck:
    public void error(String logID, String errStr) {
    
    StringBuffer errLogCmd = new StringBuffer("/usr/bin/logger -p ");
    try {
    Runtime rt = Runtime.getRuntime();
    errLogCmd.append(errlogFacility);
    errLogCmd.append(" -t ");
    errLogCmd.append(logID);
    errLogCmd.append(" ");
    errLogCmd.append(errStr);
    rt.exec(errLogCmd.toString());
    } catch (Exception ele) {
    System.out.println("Exception encountered writing error log." + ele.getMessage());
    }
    }
    He should have used StringBuilder instead. No need for a thread-safe object that is instantiated within a method. Geez, don't people read the JavaDocs?



    Indeed, why even use StringBuilder when + will do the jurb just awesomely?
  • Simon 2013-02-14 05:46
    Wait... the Runtime.exec() call *wasn't* the cause of the performance problems? Then given how horrendously expensive forking a JVM tends to be, the *real* cause must be absolutely epic!
  • Severity One 2013-02-14 06:01
    Swedish tard:
    Severity One:
    He should have used StringBuilder instead. No need for a thread-safe object that is instantiated within a method. Geez, don't people read the JavaDocs?
    Indeed, why even use StringBuilder when + will do the jurb just awesomely?
    Because the + operator for strings uses StringBuffer underneath. Geez, don't people decompile byte code?
  • no laughing matter 2013-02-14 07:27
    Severity One:

    Because the + operator for strings uses StringBuffer underneath. Geez, don't people decompile byte code?
    Actually it's not specified.

    Java Language Specification:

    An implementation may choose to perform conversion and concatenation in one step to avoid creating and then discarding an intermediate String object. To increase the performance of repeated string concatenation, a Java compiler may use the StringBuffer class or a similar technique to reduce the number of intermediate String objects that are created by evaluation of an expression.

    For primitive types, an implementation may also optimize away the creation of a wrapper object by converting directly from a primitive type to a string.


    Geez, does nobody here know the specs?
  • chubertdev 2013-02-14 12:24
    Simon:
    Wait... the Runtime.exec() call *wasn't* the cause of the performance problems? Then given how horrendously expensive forking a JVM tends to be, the *real* cause must be absolutely epic!


    The root cause was Java itself. :D
  • Matt Westwood 2013-02-14 12:25
    AN AMAZING CODER:
    QJo:
    I have cause on occasion nowadays to read java (rarely needing to write it any more) and have at time bewailed the fact that log4j isn't routinely used. The answer I get is that the logging package and the techniques therein were written well before log4j was invented, and there is no need to break a perfectly well-written and documented existing package, despite its having been written in-house.

    This may have been the reason behind the initial coding of this particular instance, but the follow-up thought (that this is perfectly well-written) is admittedly less accurate.


    I was going to troll you about using log4j, considering it's pretty old and being replaced by Logback (and even SLF4J). But, if those are the type of people you deal with, you don't deserve that type of trolling :-(


    So here's the thing. You got a perfectly adequate application. It's got a whole slew of functionality, having evolved over the last 10 years or so. Then someone at e.g. Apache releases a package whose functionality overlaps some of the code in your app which works fine and hasn't caused trouble

    Why the fucking fuckety fuck would you replace what's perfectly good code with the new package? Unless it had distinct advantages, an easy migration path and a seamless user experience, you'd have to be a fucking lunatic to do so. And then some cunt comes along and says "You shouldn't be using log4j, you got to use this shittybugger cuntfuck code that's even newer and more fashionable.

    Move away from the fucking terminal NOW.
  • Matt Westwood 2013-02-14 12:27
    berd:
    fasas:
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...


    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.


    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.


    What the actual fuck are you talking about?
    Do you understand the irony in calling someone an unoriginal hipster then proceeding to demonstrate your apparent knowledge of the same fads you (conveniently) now hate in your tirade of abuse?
    You are a fop.


    Please show a little sensitivity. I had a son who was a fop, and let me assure you, it was no laughing matter.
  • Matt Westwood 2013-02-14 12:30
    Key Logger:
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.
    No one designs for errors, so no one tests for errors, because no one wants errors, therefore they play this little mental mind trick and fool themselves into believing there will not be errors.

    I mean, did you ever sit down in a project kickoff meeting and hear "first of all, we want any problems that come up to be recorded in a way that will support statistical analysis to help us find and learn from our mistakes"?

    No. We don't make mistakes, so why would we want to know about them?

    That's also how most security vulnerabilities arise.


    Um yeah, actually we discussed this very topic in a project kick-off meeting this morning. We were specific about the techniques to be used for error reporting and recovery. Any kick-off meeting which does not address these matters is not a proper kick-off meeting, it's a girly chit-chat about periods.
  • no laughing matter 2013-02-14 12:59
    Matt Westwood:

    Please show a little sensitivity. I had a son who was a fop, and let me assure you, it was no laughing matter.

    Daddy, is that you?
  • jay 2013-02-14 14:02
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?


    Many Linux distros today are smart enough to catch "rm -rf /" and give an error message rather than actually executing it.

    Try this on your system. See if you have one that catches it.
  • jay 2013-02-14 14:15
    fasas:
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...


    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.
    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.


    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.


    What in the world are you talking about? There's nothing in the xkcd that he linked to about "colors". The link does not include the word "colors". Is there some meta-joke that I'm missing here? Perhaps I was on vacation and there were a string of jokes about colors in between the Paula beans and the Irish girls?

    In any case, saying, "Hey, remember that funny story about ..." isn't necessarily obnoxious. Ranting and swearing about someone else's innocent attempt to amuse his fellows is.

    Or maybe this is a troll and I just don't get it.
  • jay 2013-02-14 14:22
    no laughing matter:
    Severity One:

    Because the + operator for strings uses StringBuffer underneath. Geez, don't people decompile byte code?
    Actually it's not specified.

    Java Language Specification:

    An implementation may choose to perform conversion and concatenation in one step to avoid creating and then discarding an intermediate String object. To increase the performance of repeated string concatenation, a Java compiler may use the StringBuffer class or a similar technique to reduce the number of intermediate String objects that are created by evaluation of an expression.

    For primitive types, an implementation may also optimize away the creation of a wrapper object by converting directly from a primitive type to a string.


    Geez, does nobody here know the specs?


    "the compiler does it" != "the spec requires it"

    Just because the spec doen't require something doesn't mean that it isn't done. This is especially true when the spec that you quote specifically offers it as a possibility.

    "Yesterday I had lunch at Burger World."

    "That's a lie! There is no law requiring you to eat lunch at Burger World!"
  • no laughing matter 2013-02-14 15:05
    jay:
    no laughing matter:
    Severity One:

    Because the + operator for strings uses StringBuffer underneath. Geez, don't people decompile byte code?
    Actually it's not specified.

    Java Language Specification:

    An implementation may choose to perform conversion and concatenation in one step to avoid creating and then discarding an intermediate String object. To increase the performance of repeated string concatenation, a Java compiler may use the StringBuffer class or a similar technique to reduce the number of intermediate String objects that are created by evaluation of an expression.

    For primitive types, an implementation may also optimize away the creation of a wrapper object by converting directly from a primitive type to a string.


    Geez, does nobody here know the specs?


    "the compiler does it" != "the spec requires it"

    Just because the spec doen't require something doesn't mean that it isn't done. This is especially true when the spec that you quote specifically offers it as a possibility.
    What version of the compiler are you talking about?

    "Severity One" claimed that his compiler uses StringBuffer but he did not specify which JDK and which version.

    The Spec allows "similar technique(s)" and on versions of the JDK which support StringBuilder (@since 1.5) it would be inefficient to use the older StringBuffer.

    Addendum (2013-02-14 15:15):
    EDIT:

    Ok tested it with Oracle JDK 1.7.0 and of course it spit out StringBuilder!

    Maybe time for "Severity One" to upgrade to a recent JDK!
  • Bill C. 2013-02-14 19:38
    chubertdev:
    Simon:
    Wait... the Runtime.exec() call *wasn't* the cause of the performance problems? Then given how horrendously expensive forking a JVM tends to be, the *real* cause must be absolutely epic!
    The root cause was Java itself. :D
    An epic root's cause is the same for exec() as for intern(). If Java is giving performance problems we should slow down and switch to Viagra, especially given how horrendously expensive forking can turn out to be.
  • Hellyeah 2013-02-15 05:37
    Precisely. It doesn't. It calls, as the title of the OP suggests, fork and exec, not system. Them PHP kiddies.
  • qbolec 2013-02-15 10:29
    TRWTF is using global variable named errlogFacility
  • Seahen 2013-02-15 19:57
    And this is Java, so he has no excuse for concatenating unescaped strings as command-line arguments. (Unlike the PHP counterpart, java.lang.Runtime.exec has several overrides with execv-like injection protection.)
  • JJ 2013-02-18 15:12
    fasas:
    I didn't even click on the link [...]
    I gotta give you credit, you got three bites and a knock-off reply.

    To everyone who fell for it: this is a meme.