|
Upon trying to log into one of my favorite sites this morning:
ErrorCode 9002
Message [Macromedia][SQLServer JDBC Driver][SQLServer]The transaction log for database 'irongate' is full due to 'LOG_BACKUP'.
SQLState HY000
|
|
|
|
|
At least they gave you a descriptive, detailed error message!
"Go forth into the source" - Neal Morse
|
|
|
|
|
I was thinking the same thing. One of the best error messages I have seen in a while, actually.
|
|
|
|
|
Reminds me of the Applebee’s Wi-Fi post I made here some time ago. Basically they had their site in debug mode on the production server. I actually got a similar issue a few weeks later, and discovered an admin debug console on that page. I sent them an anonymous email about the issue after that. I think someone got chewed out for that stupidity.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
|
http://www.commitstrip.com/en/2017/01/16/nice-try/
|
|
|
|
|
Which was build by a real good programmer before my time, which allows our various business groups to connect to an external 3rd party API. So far so good...
Each of the business groups has their own profile with that the external resource; they have a GUID for a license and an alias so that it is easy to see which group any GUID is associated with. Still good...
We have developed the applications that utilize this service for all but one of our business groups. The last thinks they are good enough to do their own thing. Fine. Their applications group has about 3x the staff as ours so let them do their own thing. OK....
Now they want full access to our DB or an API so that they can lookup their historical requests. Ummm... we'll do an API thank you. Blueprint it up to require the key and their CustomerID... No, authentication/authorization is not needed as this will be an internal API only. Oh we're starting to go downhill now....
From prototypes I had to do their requests manually, had this new API up in a couple of days.
Now the problems come into view.
1. On our side of the wall, what do you mean there is no auth required.
2. And from them, we don't know our key. Whomever on their side compiled an assembly so that they could just use their Alias for identification, and they don't have the source code.
Ugh...
So the politicians settled on this mind-number yesterday afternoon:
1. A new GUID will be created on our end for each business group.
2. A new endpoint is created where they give us their alias, and we will return this new GUID.
3. Prior endpoints will be rewritten-
3A. Instead of their license key being required, they will pass in their alias instead.
3B. The requests will require an Auth request header, containing the new GUID.
Yep... glad I have today off. Need to have it ready by Monday end-of-business.
Director of Transmogrification Services
Shinobi of Query Language
Master of Yoda Conditional
|
|
|
|
|
Sure, now they say no authorization is required because it is internal-only. That's often the convenient statement of the moment. However, reality often diverges from the agreements of the moment. I would get something in writing, signed by a CIO or executive of your choice, saying that no security is required. This is because when this gets hacked and your database is trashed you need to be able demonstrate you were ordered to allow open access.
This is the classic case of a cover-your-backside requirement because you have been asked to do something absurd.
"They have a consciousness, they have a life, they have a soul! Damn you! Let the rabbits wear glasses! Save our brothers! Can I get an amen?"
|
|
|
|
|
|
Just because you can... Means it's gonna happen!
|
|
|
|
|
i usually disable the buttons using javascript as soon as they're clicked and keep them that way until the page refreshes.
it helps
When I was growin' up, I was the smartest kid I knew. Maybe that was just because I didn't know that many kids. All I know is now I feel the opposite.
|
|
|
|
|
Haha I had the same thing happen.
Sorry to laugh but mine was a bugger to find as well, even though the environment wasn't as complicated as yours.
System had been running for about 7 years.
It is for Government so their testers gave it a pounding and ticked it off as OK.
Then one day an end user said something to me about an issue so I looked through the logs.
There it was. Obscure error too. It was really rare but it only ever happened to about 3 users out of about 250.
I thought about it and then thought maybe double click.
Then tried but it all worked OK. Tried all sorts of things within this stage of a process.
Turns out that my double click technique is sh*t.
I practised to get it down from milliseconds to nanoseconds.
Yep got the error.
When I looked at the code I had a couple of instructions inserted before I disabled the button.
Shifted the disable to when the click event happens and then all good.
I felt a little embarrassed about it, should have checked the code first, but gee wiz, these 3 users were Olympians of the double click, albeit in a single click application.
End users are often Faster, Higher, Stronger or Stupid.
"Rock journalism is people who can't write interviewing people who can't talk for people who can't read." Frank Zappa 1980
|
|
|
|
|
grralph1 wrote: End users are often Faster, Higher, Stronger or Stupid.
Not necessarily - it could just be an old mouse. One of the things uSwitches can do when they get old is "bounce" more, and if the time between successive bounces is larger than the hardware (or driver) "debounce" period, you get two clicks for a single press. (Normally there is a cap or similar to swallow the quick bounces, but as the contact surfaces get dirtier and more worn the bounces can be further apart.)
Switch Bounce and How to Deal with It[^]
Sent from my Amstrad PC 1640
Never throw anything away, Griff
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
AntiTwitter: @DalekDave is now a follower!
|
|
|
|
|
Good point.
I am aware of this as I come from an electronics background.
Plus switch bounce can be an intermittent problem as well, that can come and go, which makes it worse and harder to detect.
However this system was a shared station that is in each outlet.
So all users in each outlet used the same machine for the function that it was designed for.
So in this case it was the super speed of 3 users, at different outlets, if i remember correctly, that were the cause of the issue.
Well I should really rephrase that to;
No not switch bounce, the developer just stuffed up.
"Rock journalism is people who can't write interviewing people who can't talk for people who can't read." Frank Zappa 1980
|
|
|
|
|
grralph1 wrote: However this system was a shared station that is in each outlet.
So all users in each outlet used the same machine for the function that it was designed for.
grralph1 wrote: Faster, Higher, Stronger or Stupid.
I mean, some of them might be stronger than others.
Pro tip: Maybe some testers should get high too.
|
|
|
|
|
Agreed
And the keyboards/mice of today actually are slower because of USB, nevermind the wireless ones and even more latency.
IIRC, a PS2 connection could circumnavigate the planet and still be registered in the computer before a Logitech Unity signal is recognized.
Director of Transmogrification Services
Shinobi of Query Language
Master of Yoda Conditional
|
|
|
|
|
grralph1 wrote: System had been running for about 7 years.
This system is almost 4 y/o now. This problem didn't surface until the last year of so, but as stated, it was rare and only produced a minor annoyance for the customers.
grralph1 wrote: Turns out that my double click technique is sh*t.
I practised to get it down from milliseconds to nanoseconds.
Yep got the error.
My experience as well! It should be noted that this web app runs inside of a web browser control in a .NET app installed on their POS touchscreen devices. The users could actually be hitting the button with two fingers almost simultaneously.
grralph1 wrote: End users are often Faster, Higher, Stronger or Stupid. And then there is sabotage...around 2 weeks ago, a relatively new user of one of our legacy applications caused an overflow by putting huge numbers into an order screen. The database handled it OK, but the next stage UI did not. Shame on me for not expecting quantities over a billion!
"Go forth into the source" - Neal Morse
|
|
|
|
|
That last user was either an idiot or crazy.
What do you get when you cross a joke with a rhetorical question?
The metaphorical solid rear-end expulsions have impacted the metaphorical motorized bladed rotating air movement mechanism.
Do questions with multiple question marks annoy you???
|
|
|
|
|
Brisingr Aerowing wrote: That last user was either an idiot or crazy.
Either way, it was considered my bug and had to be patched, clearly a case of not protecting the user from themselves not to mention code that didn't properly validate variable/field type limits in all screens.
I was lazy and simply used a larger datatype. Ideally, I should've triggered Clippy to ask 'Are you really sure you want to order 123,456,789,123 cases of broccoli?'.
"Go forth into the source" - Neal Morse
|
|
|
|
|
Bear in mind that "numbers" like 35e7 are often validated as numeric, but of course represent very large numbers (even though they're relatively short in terms of number of characters, so putting a MaxLength on a text field won't stop it!). They can occur in numeric input when a user mis-types. When testing validation of numeric input, it's always worth testing this case.
Sorry for a late post on this thread, but it might be of interest/use to someone someday!
(And as for asking "are you really sure..." you can guarantee that at some point the user will click "yes" and then you're still left with the original bug anyway. )
|
|
|
|
|
Yes, I've been bitten by the numeric e but usually always with very small numbers meaning I must have forgotten a round somewhere.
Actually, the input fields (in my case) only allow numeric chars plus b/s, and period validated at the keypress event. It's a little extra effort, but it's a good first line of defense against invalid data...of course, the clever ones can still copy/paste so you still have to check again. To be honest, I've never even afaik tried a value with an e in it. I'll have to check it out when I have more time!
DerekTP123 wrote: you can guarantee that at some point the user will click "yes"
Yep, whether they mean to or not...so many users don't even bother to read, they just click 'Yes' to dialogue they see.
"Go forth into the source" - Neal Morse
|
|
|
|
|
kmoorevs wrote: I still wonder wtf people want to double-click in a web browser??? Blame Windows Explorer for that.
I know people (non techie and pretty "I don't understand computers, so don't even try to explain me anything") that basically double click all, no matter what or where it is.
M.D.V.
If something has a solution... Why do we have to worry about?. If it has no solution... For what reason do we have to worry about?
Help me to understand what I'm saying, and I'll explain it better to you
Rating helpful answers is nice, but saying thanks can be even nicer.
|
|
|
|
|
I've noticed from time to time that JS events can have significant, sometimes measurable, lag times. Since the JavaScript interpreter is single threaded, there is no such thing as pre-emptive multitasking. I vaguely recall encountering a similar issue several years ago, which I resolved by putting the double-postback preventer script in charge of submitting the form.
David A. Gray
Delivering Solutions for the Ages, One Problem at a Time
Interpreting the Fundamental Principle of Tabular Reporting
|
|
|
|
|
Let me prefix this with having no background in the world of security whatsoever, but I did have an idea that I believe could have some merit and I thought I’d see what others thought.
It occurred to me that an OS with a "private key" of my choosing, several algorithmic options to use in conjunction with that key and some specification (length/charset) of the desired output, could have a mode designed to "alter" my input based on those data points. No actual password would be stored, but my password of "password1" could be turned into 180 characters for me by the OS while in what I call "password mode". Unless someone is using my private key, my selected algorithm, and my character set criteria, then nobody could reproduce the same output as me by typing password1.
In my mind, this private key works similar to a cypher (yes I am that far out of my depth) and could be my dogs name or an entire paragraph from my favorite book. The algorithms would need to do all of this in such a way where each subsequent character is an entirely new (but repeatable) character footprint. So, even if you type 11111 for your password, each new instance of 1 has an entirely different burst of (20'ish) characters representing the next instance of the 1 key.
This probably wouldn't change how we would log into an OS, but I do believe everyone using garbled 120+ character passwords overnight would go a long ways towards securing ourselves on individual websites. I also believe it would be extremely helpful to keep my password and change my private key when I find out a wesbite I use has been compromised.
|
|
|
|
|
Wow. You essentially invented password hashes, salt and pepper. Again.
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
|
|
|
|