Getting Renovate to work in a yaml pipeline running in a corporate network with private artifact registries and proxies in place is just a lot of fun.

#developerdiaries #pleasekillme #swdev #devops

Working on fw for a microcontroller with 16k of RAM.

Today, in the same file I found two issues:

Function A: 7 byte malloc leaked 297 times, totaling 2079 bytes.

Function B: Putting a 2079 byte buffer on the stack (plus a second 512 byte buffer)

Both buffers had in common that they were not only trivially avoidable but actually ended up complicating things.

#swdev

„Auf dem Girokonto befindet sich derzeit kein Kraftwerk.“

„Erschaffen“ oder „Stornieren?“

😌

#lostintranslation #swdev #fail #solar #Photovoltaik #tsun

TIL: Running Golang functions in Secrets Mode 🥷
https://antonz.org/accepted/runtime-secret/

"The new runtime/secret package lets you run a function in secret mode. After the function finishes, it immediately erases (zeroes out) the registers and stack it used. Heap allocations made by the function are erased as soon as the garbage collector decides they are no longer reachable.

secret.Do(func() {
// Generate an ephemeral key and
// use it to negotiate the session.
})

This helps make sure sensitive information doesn't stay in memory longer than needed, lowering the risk of attackers getting to it.

The package is experimental and is mainly for developers of cryptographic libraries, not for application developers."

#swdev #appsec #cryptography #defendabledesign

Can anyone spot the difference between these strings?

`"serialNumber":"551cb36993ec4442d83da5f223ee8158dce730f3"`

'"serialNumber":"551CB36993EC4442D83DA5F223EE8158DCE730F3"'

Just spent three hours on this.

Anyone got a good screamin' void recommendation?

#swdev #software

"This wasn't caught in testing because the code was so simple it /obviously/ didn't need testing."

#SwDev

#swdev advice request:

I'm the lead dev on my team. One of my team members almost always asks for a meeting to talk about their PR code reviews. I'd prefer to keep them text-based and asynchronous as it makes more efficient use of my limited time.

How do y'all handle this?

#devops #git #code

Anyone in #swdev who wants to share war stories about strange or crazy bugs that broke things in fascinating ways?

I can go first: I was working on a driver for a USB device and was adding some debugging prints, and when I ran that kernel and it proved my device, it hard rebooted the kernel, so I unplugged the device, and when the kernel came back up my PCI ethernet controller was broken due to EEPROM checksum error.

It turned out to be because I forgot a parameter to printf(), but it still amazes me how that could corrupt the EEPROM of an unrelated device on a different bus.

Writing some openssl certificate validation code. Tests start failing after an innocuous unrelated change. Cue wailing/gnashing/etc.

The validity period of the certificate in my test system ended while I was working. There was no code change that broke it. 😭

#openssl #swdev #programming

I have reached the realisation that most of the internet is just shuttling data between openssl code, and most software engineering is making sure you don't interfere with openssl talking to itself via your nonsense.

#openssl #software #swdev