• MP79 (unregistered)

    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?

  • William Imm (unregistered)

    Excpection occurred writing FRIST entry.

    CAPTCHA: causa (and effecta?)

  • What? (unregistered)

    It's also not platform independent...

  • (cs)

    And what happens when the application tries to log "; rm -rf / # ?

  • Bobby Tables (unregistered) in reply to jspenguin
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...
  • fjf (unregistered) in reply to MP79
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)
  • fjf (unregistered) in reply to Bobby Tables
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...
    "Hey, Adam, you broke my code! I always do
    error(foobar, "waiting for data; sleep 1");
    After your last change, this doesn't wait for the data anymore."

    http://xkcd.com/1172/

    Akismet is great. Akismet is great. Akismet is great. Akismet is great. Akismet is great. Akismet is great.

  • Koblin (unregistered) in reply to fjf
    "Hey, Adam, you broke my code! I always do

    error(foobar, "waiting for data; sleep 1");

    After your last change, this doesn't wait for the data anymore."

    That wouldn't actually work, as Runtime#exec isn't a fully-fledged shell. The reparsed log message will be passed as arguments including ";" to /usr/bin/logger rather than being used to spawn additional processes.
  • (cs) in reply to fjf
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)
    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.

  • QJo (unregistered)

    I have cause on occasion nowadays to read java (rarely needing to write it any more) and have at time bewailed the fact that log4j isn't routinely used. The answer I get is that the logging package and the techniques therein were written well before log4j was invented, and there is no need to break a perfectly well-written and documented existing package, despite its having been written in-house.

    This may have been the reason behind the initial coding of this particular instance, but the follow-up thought (that this is perfectly well-written) is admittedly less accurate.

  • QJo (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)
    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.

    That's not a finger. That's a dick.

  • nix (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)
    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.

    In other words, use the Chainsaw logging tool to truncate the programmer.

  • BogusArgumentException (unregistered) in reply to Bobby Tables
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...
    Since when does Runtime.exec() calls a shell interpreter?
  • Blagh (unregistered)

    I had a similar thing once, where I could write the error to the log about the error writing to the log - there were unicode characters in the original error message that couldn't be translated to the ASCII-encoded output.

  • Blagh (unregistered) in reply to fjf

    I would like to see you try logging with only a hammer and nail...

  • F (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    fjf:
    MP79:
    I've seen this done to integrate CLi only applications with a front end, but never for logging. Of all the ways to do it, what the hell could the developer have been thinking?
    "I know one way to log things." (hammer, nail, etc.)
    No, no, no. The correct tool for logging is a chainsaw.

    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.

    No, no - that's the zeroth finger.

  • Aris (unregistered)

    The first thing I see in this code is the remote code execution bug. Performance problems are secundary to this

  • fjf (unregistered) in reply to Blagh
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
  • foo (unregistered) in reply to fjf
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
    Actually, a nail is preferable. With a fork you get triple lines.
  • Paul Neumann (unregistered) in reply to foo
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!
  • OldCoder (unregistered) in reply to fjf
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
    Heh. Interesting. Way to get sidetracked...

    Well, it is a slow afternoon here...

  • Anon (unregistered)

    Wowza. That's a lot of hassle to avoid using the built-in logger.

    static final Logger logger = Logger.getLogger(ActiveModel.class.getName());
    try
    {
        logger.addHandler(new FileHandler("myLogFile.log", true));
    }
    catch (SecurityException | IOException e)
    {
        System.out.println("No logging for you.");
    }
  • Yazeran (unregistered) in reply to fjf
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...

    Yep, with the added bonus as being fireproof (actually a fire may in some instances improve durability, refer Knossos)

    Yours Yazeran

    Plan: To go to Mars one day with a hammer.

  • Anymouse (unregistered)

    A Perl programmer wrote this. They cannot help themselves. They will do it every time.

  • Tractor (unregistered) in reply to Koblin
    Koblin:
    "Hey, Adam, you broke my code! I always do

    error(foobar, "waiting for data; sleep 1");

    After your last change, this doesn't wait for the data anymore."

    That wouldn't actually work, as Runtime#exec isn't a fully-fledged shell. The reparsed log message will be passed as arguments including ";" to /usr/bin/logger rather than being used to spawn additional processes.

    Right, so the real WTF is incorrect comments getting featured. Although I must admit it is more fun that way. He should have executed "/bin/sh -c logger blahblahblah". That immediately saves you from having to type the exact path to logger, so it's better right?

  • (cs)

    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.

  • urza9814 (unregistered) in reply to LoremIpsumDolorSitAmet
    LoremIpsumDolorSitAmet:
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.

    Santosh, having been driven insane by the immense pressure, had recently taken the president's daughter hostage. Seeing his laptop nearby, still logged into the SVN server, she knew this was her only chance for rescue. She waited until he was distracted, and then began typing her message. Knowing Santosh would quickly discover this attempt, she had to encode it in a code segment that appeared to match his usual poor quality. So she typed away some seemingly useless code into the logger routine and committed the changes. Unfortunately, the first person to stumble across that particular code segment was Adam C., who failed to perceive its importance.

    Since the message was deleted, she was never rescued and was killed by Santosh, who then committed suicide.

    Good job Adam. Way to go. All your fault.

  • (cs) in reply to LoremIpsumDolorSitAmet
    LoremIpsumDolorSitAmet:
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.
    From what I recall of Santosh's code, grilling him would be appropriate. I recommend emulating the folks who used to grill burgers at the student union when I was at uni - they could persuade half a dozen ordinary quarter-pound burgers to produce a sheet of flame about four feet tall.
  • (cs)

    I'll never understand why most error logging that you see is exceptionally horrible.

  • Anonymous (unregistered) in reply to Steve The Cynic
    Steve The Cynic:
    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.
    That gives a whole new meaning to "giving the finger".
  • wombat willy (unregistered)

    What a forking joke

  • (cs) in reply to Paul Neumann
    Paul Neumann:
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!

    Runcible spoon or GTFO.

  • AN AMAZING CODER (unregistered) in reply to QJo
    QJo:
    I have cause on occasion nowadays to read java (rarely needing to write it any more) and have at time bewailed the fact that log4j isn't routinely used. The answer I get is that the logging package and the techniques therein were written well before log4j was invented, and there is no need to break a perfectly well-written and documented existing package, despite its having been written in-house.

    This may have been the reason behind the initial coding of this particular instance, but the follow-up thought (that this is perfectly well-written) is admittedly less accurate.

    I was going to troll you about using log4j, considering it's pretty old and being replaced by Logback (and even SLF4J). But, if those are the type of people you deal with, you don't deserve that type of trolling :-(

  • Paul Neumann (unregistered) in reply to fennec
    fennec:
    Paul Neumann:
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!

    Runcible spoon or GTFO.

    [image] Still a quad line.

  • Paul Neumann (unregistered) in reply to Anonymous
    Anonymous:
    Steve The Cynic:
    I recommending using the chainsaw to remove the offending programmer's eleventh finger. You know, the large one attached to the top of his torso, between his shoulders. It's commonly called a "head" for some reason.
    That gives a whole new meaning to "giving the finger".
    No, it doesn't. The symbolism remains intact.
  • (cs)

    Can a logger call itself to log exceptions?

  • laoreet (unregistered) in reply to chubertdev
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.

    You never look at error logging on systems that work, because, well...they work.

  • (cs)

    In the same vein, I’ve seen this way to determine if a process is still running :

    proc = subprocess.Popen("ps -fed | grep " + str(process.pid), shell=True, stdout=subprocess.PIPE)
    output = proc.stdout.read()
    proc.wait()
    is_alive = (process_name in output)

    Not only this code create three processes each time it runs, but the probability of false positives is relatively high… The kicker? Since the process in question was started by the Python’s subprocess module, the previous code can be rewritten to:

    is_alive = (process.poll() is None)
  • Joe (unregistered) in reply to foo
    foo:
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...
    Actually, a nail is preferable. With a fork you get triple lines.
    The fork will put more holes into the trunk than a nail, making your logging three or four times faster.
  • J-71 (unregistered)

    Maybe this is a naive question, but why did the try block fail, anyway?

  • BillR (unregistered) in reply to Anymouse
    Anymouse:
    A Perl programmer wrote this. They cannot help themselves. They will do it every time.

    Naw, Sys::Syslog is part of the perl core, and easy enough to use.

    Bad code (or, rather, code that doesn't use built-in language features) is easy to write in any language, you know.

  • Key Logger (unregistered) in reply to chubertdev
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.
    No one designs for errors, so no one tests for errors, because no one wants errors, therefore they play this little mental mind trick and fool themselves into believing there will not be errors.

    I mean, did you ever sit down in a project kickoff meeting and hear "first of all, we want any problems that come up to be recorded in a way that will support statistical analysis to help us find and learn from our mistakes"?

    No. We don't make mistakes, so why would we want to know about them?

    That's also how most security vulnerabilities arise.

  • Norman Diamond (unregistered) in reply to Nagesh
    Nagesh:
    Can a logger call itself to log exceptions?
    Of course. We saw it right here, and we've seen other examples in the past.
    chubertdev:
    I'll never understand why most error logging that you see is exceptionally horrible.
    Well in cases like this, it's exceptionally exceptionally horrible, and when that fails it's exceptionally exceptionally exceptionally horrible.

    Also don't forget all those programs that use exceptions to process ordinary, expected events. Logs of those events are even more exceptionally horrible. Success can be worse than failure.

  • (cs) in reply to Bobby Tables
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...

    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.

  • Marco (unregistered) in reply to urza9814
    urza9814:
    LoremIpsumDolorSitAmet:
    Not sure how we're going to fit the President's sick daughter into this story, but at least we do have an 'auditor' of sorts, and perhaps there will be a grilling session later for Santosh.

    Santosh, having been driven insane by the immense pressure, had recently taken the president's daughter hostage. Seeing his laptop nearby, still logged into the SVN server, she knew this was her only chance for rescue. She waited until he was distracted, and then began typing her message. Knowing Santosh would quickly discover this attempt, she had to encode it in a code segment that appeared to match his usual poor quality. So she typed away some seemingly useless code into the logger routine and committed the changes. Unfortunately, the first person to stumble across that particular code segment was Adam C., who failed to perceive its importance.

    Since the message was deleted, she was never rescued and was killed by Santosh, who then committed suicide.

    Good job Adam. Way to go. All your fault.

    Magyver would have just held down the space bar until the laptop overheated and the room caught fire....

  • fasas (unregistered) in reply to Coyne
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...

    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.

    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.

    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.

  • berd (unregistered) in reply to fasas
    fasas:
    Coyne:
    Bobby Tables:
    jspenguin:
    And what happens when the application tries to log "; rm -rf / # ?
    Exactly. So doing a System.out.println() would not have been equivalent to this code, see ...

    Exactly. So when he junked this code, he broke the application. (http://xkcd.com/1172/) But he can fix it quick by adding a flag to say whether it works the old way or the new way.

    I didn't even click on the link and knew it was some fag linking xkcd. It's not clever. It's not funny. Just the word "colors" with a link under it and the short, useless, one sentence post was all I needed to know that you were linking the cartoon where the men demonstrate their knowledge of other "colors".

    It was funny to read when it came out. It's even funny when clicking on the Random button on the site and seeing it. It's NOT funny when someone links to it from a one-sentence post and thinks they're so fucking clever to have discovered xkcd.

    You probably still use lmgtfy and think you're so damn clever.

    It means in real life, you're an unoriginal hipster doofus.

    Got anything to do with sanitizing inputs to a SQL database, etc.? Link to Bobby Tables. Got a nerd-project slow-ass turing machine? Like a minecraft logic circuit from redstone? Link to the one where it's some guy alone in the world making a computer out of rocks. Got a story about password security or encryption? Link to the one where they beat the password out of the guy with a wrench.

    Fuck off. You're not clever.

    What the actual fuck are you talking about? Do you understand the irony in calling someone an unoriginal hipster then proceeding to demonstrate your apparent knowledge of the same fads you (conveniently) now hate in your tirade of abuse? You are a fop.

  • (cs)

    Ah, there's the bottleneck:

    public void error(String logID, String errStr) {
      StringBuffer errLogCmd = new StringBuffer("/usr/bin/logger -p ");
      try {
        Runtime rt = Runtime.getRuntime();
        errLogCmd.append(errlogFacility);
        errLogCmd.append(" -t ");
        errLogCmd.append(logID);
        errLogCmd.append(" ");
        errLogCmd.append(errStr);
        rt.exec(errLogCmd.toString());
      } catch (Exception ele) {
        System.out.println("Exception encountered writing error log." + ele.getMessage());
      }
    }
    He should have used StringBuilder instead. No need for a thread-safe object that is instantiated within a method. Geez, don't people read the JavaDocs?
  • foo (unregistered) in reply to Paul Neumann
    Paul Neumann:
    foo:
    Actually, a nail is preferable. With a fork you get triple lines.
    Actually, a fork will give you quad lines. You're thinking of a thirk!
    Thank you, Sheldon.
  • fjf (unregistered) in reply to Yazeran
    Yazeran:
    fjf:
    Blagh:
    I would like to see you try logging with only a hammer and nail...
    So? The bandwidth may be smaller than with all that newfangled technology, but otherwise ...

    Yep, with the added bonus as being fireproof (actually a fire may in some instances improve durability, refer Knossos)

    Would've helped with yesterday's WTF.

Leave a comment on “Fork and Log”

Log In or post as a guest

Replying to comment #401213:

« Return to Article