惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Spread Privacy
Spread Privacy
S
Securelist
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Project Zero
Project Zero
G
GRAHAM CLULEY
Stack Overflow Blog
Stack Overflow Blog
爱范儿
爱范儿
Scott Helme
Scott Helme
S
Security Affairs
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园_首页
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
The Exploit Database - CXSecurity.com
The Hacker News
The Hacker News
雷峰网
雷峰网
N
News and Events Feed by Topic
宝玉的分享
宝玉的分享
O
OpenAI News
小众软件
小众软件
C
Cybersecurity and Infrastructure Security Agency CISA
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
Visual Studio Blog
I
Intezer
Martin Fowler
Martin Fowler
S
Security @ Cisco Blogs
A
Arctic Wolf
Engineering at Meta
Engineering at Meta
U
Unit 42
L
Lohrmann on Cybersecurity
Google Online Security Blog
Google Online Security Blog
Last Week in AI
Last Week in AI
T
Threat Research - Cisco Blogs
WordPress大学
WordPress大学
M
MIT News - Artificial intelligence
Schneier on Security
Schneier on Security
V2EX - 技术
V2EX - 技术
IT之家
IT之家
The Register - Security
The Register - Security
T
Tailwind CSS Blog
GbyAI
GbyAI
量子位
人人都是产品经理
人人都是产品经理
Recorded Future
Recorded Future
W
WeLiveSecurity
AWS News Blog
AWS News Blog
B
Blog RSS Feed
腾讯CDC
Hacker News - Newest:
Hacker News - Newest: "LLM"
Microsoft Security Blog
Microsoft Security Blog

Stonecharioteer on Tech

I Traced My Traffic Through a Home Tailscale Exit Node What Was I Reading Last? In Three Not-So-Easy Pieces Dogfooding Is Hard Code blocks in your books, finally GoForGo v0.9.0 Merrilin - We built an app to read books I use a Macbook now Data Structures & Algorithms - Preparing for Interviews Using a local DNS namespace for local service discovery Direction KOllector - Publishing KOReader Highlights gbt: branches touched in the last 24 hours A Soiree into Symbols in Ruby Some Smalltalk about Ruby Loops Ruby Blocks Returning from Ruby Blocks, Procs and Lambdas My Linux Laptop Finally Works: How Claude Helped Me Fix Years of Annoyances TIL: Watchexec - Modern File Watching for Development Workflows A Less Busy Mind GoForGo - Learn Go through live examples Migrating My Old Blog to Hugo with Claude The Qtile Window Manager: A Python-Powered Tiling Experience Read the RFCs that Built the Internet Py-x-Protobuf - Or How I Learned to Stop Worrying and Love Protocol Buffers Python Reverse a List New Beginnings Leaving ChainSafe Systems Screen Lock for Cinnamon Desktop using Zenity and Terminal Commands Crews Not Teams A System for Getting Better at LeetCode So Far So Rust Retrying HTTP Requests with Rust A Primer on Control Charts Learning Rust Explicit is Better than Implicit: Rust for Pythonistas Using Custom Delimiters in Jinja Templates TIL: Creating Fixed Length Iterables in Python Documentation Without Assumption Vagrant Python - A Reflection in 2022 Learning Golang No, A Virtual Machine Is Not Enough: Why Developers Need Native Linux Empathy in Tech For Those Who Came in Late A Weekend With PostgreSQL TIL: Gooey and Python Fire for Quick GUIs and CLIs TIL: 2ality - Dr. Axel Rauschmayer's JavaScript Blog TIL: MassDNS - High-Performance Bulk DNS Lookups TIL: Matomo Analytics, Google Tech Writing, Memory Programming, and NES TV Signals TIL: MontyDB - MongoDB Implemented in Python Returning to the Craft of Programming TIL: CPUFetch, OneFetch, and Learn CSS TIL: DNS Performance Testing and Pi-hole with Unbound TIL: Eli Bendersky's Blog, Awesome By Example, NoCoDB, and Martin Kleppmann TIL: CRDTs, Extreme HTTP Performance, and BYTEPATH Game TIL: AutoInvent, ASGI, Python Packaging, RAPIDS GPU Computing, and FlaskCon TIL: MangaDesk - Terminal Client for MangaDex TIL: McFly - Smart Shell History Search TIL: Siege Load Testing and Awesome FastAPI Resources TIL: Ventoy Bootable USB and Justniffer Network Analysis TIL: CLI Code Review, Git Split Diffs, and Internal Combustion Engine TIL: Benford's Law, Web Security Headers, Event Sourcing, and Mozilla Security Guidelines How to Write Documentation - The README.md File The Importance of Documentation TIL: NNgroup UX Research, SponsorBlock, and Labella Python Library TIL: The Little Book of Rust Macros and Rust Performance Book TIL: Git-Bug Distributed Issue Tracker and Omni Kubernetes Monitoring TIL: Zellij - Modern Terminal Multiplexer TIL: How Discord Handles 2.5 Million Concurrent Voice Users TIL: Volumio - The Audiophile Music Player TIL: Areopagitica - Milton's Defense of Free Speech TIL: Fast Node Manager, Zoxide Smart CD, Technical Writing, PyO3, and Qubes OS TIL: Slurm Workload Manager for HPC Clusters TIL: Data Visualization Guide and Oso Authorization Academy TIL: CORS Deep Dive, Piku Tiny PaaS, Rust Strings, and Deno Standard Library TIL: Raspberry Pi OS Development, Vim Beginner Guide, Password Management, and QueryBook TIL: uBlock Origin Performance Optimization on Firefox TIL: Breaking PostgreSQL at Scale and LeetCode Problem Patterns TIL: Awesome Tmux Resources for Terminal Multiplexing TIL: Grit - A Multitree-Based Personal Task Manager TIL: Lens 4.2 Kubernetes IDE, Shell Scripting Guide, and Dark HTTP Server Do The Job You Hate So You Won't Hate The Job You Love TIL: Innernet VPN Solution and NoteCalc Calculator App TIL: Argo CD for GitOps and Lens Kubernetes IDE TIL: Modern Rust CLI Tools - System Monitoring, HTTP Requests, and DNS TIL: tz - A Time Zone Helper Tool TIL: Distributed Systems Education, Fallacies, and Self-Hosted Internet Archiving TIL: Real-Time Voice Cloning Technology TIL: ChartMuseum for Helm, AMD's Corporate Journey, and Kubernetes Pod Scaling TIL: Docker and Kubernetes Tools - Whaler, Descheduler, and Dive TIL: Post-Mortem Collection, Terminal Plotting, and Technical Twitter TIL: Dark Mode Toggle Web Component by Google Chrome Labs TIL: Python eval(), exec(), and compile() Functions TIL: Camelot PDF Tables, PostgreSQL Row Level Security, Zerodha Varsity, and Write Yourself a Git TIL: fuser Command for Process and File Investigation TIL: i Hate Regex - The Ultimate Regex Cheat Sheet TIL: Dolt - Git for Data and Database Version Control TIL: x86 Assembly Programming and SafeEyes Break Reminder TIL: Comprehensive Distributed Systems Reading List TIL: Cosmopolitan C Library, Distributed Systems Book, High Performance Browser Networking, and Rust Roguelike Tutorial
TIL: Gary Bernhardt's 'It's Fine' Talk, pstrings for Process Memory, and pytest Collection Techniques
2021-01-30 · via Stonecharioteer on Tech

Gary Bernhardt: “It’s Fine” - Software Development Culture

Gary Bernhardt: It’s Fine | DHTMLConf 2000 | JSFest Oakland 2014 - YouTube

Brilliant satirical talk about software development culture and technical debt:

The Premise:

  • Satirical Commentary: Humorous take on “this is fine” mentality in software
  • Technical Debt: How developers normalize increasingly broken systems
  • Cultural Critique: Examination of acceptance culture in tech industry
  • Historical Perspective: How we got to “everything is broken but fine”

Key Themes:

Normalization of Dysfunction:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
// "It's fine" examples
setTimeout(() => {
  // This will probably work most of the time
  document.getElementById('maybe-exists').click();
}, 100); // Magic number that "works"

// CSS that's definitely fine
.container { position: relative; }
.content { position: absolute; top: -1px; left: -1px; }
.fix { margin-top: 2px; } /* Fixes Safari bug from 2008 */

Accumulated Workarounds:

  • Layer Upon Layer: Fixes built on top of previous fixes
  • Historical Context: Solutions that made sense years ago
  • Knowledge Loss: Original reasons for workarounds forgotten
  • Fear of Change: “Don’t touch it, it works somehow”

Cultural Observations:

Developer Mindset:

  • Pragmatic Acceptance: “Ship it now, fix it later”
  • Stockholm Syndrome: Growing fond of broken systems
  • Learned Helplessness: Accepting that things are just broken
  • Tribal Knowledge: Undocumented fixes passed down through teams

System Evolution:

1
2
3
4
5
6
7
8
# The evolution of a "simple" deployment
./run.sh                     # 2010: It's fine!
./run.sh | tee deploy.log    # 2012: Need logs
./run.sh 2>&1 | tee deploy.log # 2013: Capture errors too
nohup ./run.sh 2>&1 | tee deploy.log & # 2014: Run in background
screen -S deploy ./run.sh 2>&1 | tee deploy.log # 2015: Reattachable
docker run --rm -v $(pwd):/app deploy-image # 2018: Containerized
kubectl apply -f deploy.yaml  # 2020: "Simple" Kubernetes

The Deeper Message:

  • Systemic Issues: Individual “it’s fine” decisions compound
  • Technical Debt: Accumulation leads to unmaintainable systems
  • Culture Change: Need for higher standards and better practices
  • Awareness: Recognizing when “fine” isn’t actually fine

pstrings - Process Memory String Analysis

GitHub - andikleen/pstrings: strings for a Linux process’ address space

Advanced tool for examining strings in running process memory:

What It Does:

  • Live Process Analysis: Extract strings from running processes
  • Memory Mapping: Analyze different memory regions (heap, stack, libs)
  • Dynamic Analysis: Monitor string changes over time
  • Security Research: Find sensitive data in memory

Key Features:

Memory Region Targeting:

1
2
3
4
5
6
7
8
9
# Analyze specific memory regions
pstrings -h <pid>    # Heap only
pstrings -s <pid>    # Stack only
pstrings -l <pid>    # Shared libraries only
pstrings -a <pid>    # All regions (default)

# Filter by string length
pstrings -n 10 <pid>   # Minimum 10 characters
pstrings -m 100 <pid>  # Maximum 100 characters

Output Formatting:

1
2
3
4
5
6
7
# Show memory addresses
pstrings -t x <pid>    # Hexadecimal addresses
pstrings -t d <pid>    # Decimal addresses
pstrings -t o <pid>    # Octal addresses

# Include region information
pstrings -r <pid>      # Show which memory region

Use Cases:

Security Analysis:

1
2
3
4
5
6
7
8
9
# Look for sensitive data in memory
pstrings $(pgrep myapp) | grep -i password
pstrings $(pgrep browser) | grep -E '[0-9]{4}-[0-9]{4}-[0-9]{4}-[0-9]{4}'

# Monitor for credential leaks
while true; do
  pstrings $(pgrep webapp) | grep -i "api.*key" >> credential_monitor.log
  sleep 60
done

Debugging:

1
2
3
4
5
6
7
8
# Find configuration strings
pstrings $(pgrep myservice) | grep -E '(config|setting|option)'

# Locate error messages
pstrings $(pgrep failing_app) | grep -i error

# Find file paths being used
pstrings $(pgrep myapp) | grep -E '^/'

Performance Analysis:

  • Memory Leaks: Find repeated strings indicating leaks
  • Cache Analysis: Examine cached data in memory
  • Resource Usage: Identify large string allocations

Advanced Usage:

Comparative Analysis:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Before operation
pstrings $(pgrep myapp) > before.txt

# Perform operation
curl http://localhost:8080/api/process-data

# After operation
pstrings $(pgrep myapp) > after.txt

# Find new strings
comm -13 before.txt after.txt

Security Monitoring:

1
2
3
4
5
6
7
8
#!/bin/bash
# Monitor for credential patterns
PATTERNS="password|secret|token|key|credential"
pstrings -a $(pgrep -f "web|server|app") | \
  grep -iE "$PATTERNS" | \
  while read line; do
    echo "$(date): POTENTIAL CREDENTIAL: $line" >> security.log
  done

pytest Collection and Filtering

Pytest Tip: pytest --collect-only -q will collect all test names, with parameters, and just print out the names in a way that you can use with pytest <name>

Powerful pytest feature for test discovery and selective execution:

Test Collection:

Basic Collection:

1
2
3
4
5
6
7
8
# List all tests without running them
pytest --collect-only

# Quiet mode - just test names
pytest --collect-only -q

# Very quiet - minimal output
pytest --collect-only -qq

Output Format:

1
2
3
4
5
6
7
$ pytest --collect-only -q
test_user.py::TestUserAuth::test_login
test_user.py::TestUserAuth::test_logout
test_user.py::TestUserProfile::test_update_profile
test_api.py::test_get_users
test_api.py::test_create_user[admin-user]
test_api.py::test_create_user[regular-user]

Selective Test Execution:

Run Specific Tests:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# Run single test
pytest test_user.py::TestUserAuth::test_login

# Run parameterized test instance
pytest "test_api.py::test_create_user[admin-user]"

# Run test class
pytest test_user.py::TestUserAuth

# Run tests matching pattern
pytest -k "login or logout"

Advanced Filtering:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
# Run tests with specific markers
pytest -m "slow"
pytest -m "not slow"
pytest -m "integration and not slow"

# Combine node ID with markers
pytest test_api.py -m "smoke"

# Run last failed tests
pytest --lf

# Run tests that failed, then continue with rest
pytest --ff

Practical Applications:

CI/CD Integration:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
# GitHub Actions example
- name: List all tests
  run: pytest --collect-only -q > test_list.txt

- name: Run smoke tests
  run: pytest -m smoke

- name: Run specific test suite
  run: |
    for test in $(pytest --collect-only -q | grep "test_critical"); do
      pytest "$test" --tb=short
    done

Development Workflow:

1
2
3
4
5
6
7
8
# Find tests related to feature
pytest --collect-only -q | grep -i "user.*auth"

# Run subset during development
pytest --collect-only -q | grep "test_api" | head -5 | xargs pytest

# Test specific functionality
pytest --collect-only -q | grep -E "(login|logout|auth)" | xargs pytest -v

Test Analysis:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
# conftest.py - Collect test metadata
def pytest_collection_modifyitems(config, items):
    for item in items:
        # Add markers based on test names
        if "slow" in item.name:
            item.add_marker(pytest.mark.slow)
        if "integration" in item.nodeid:
            item.add_marker(pytest.mark.integration)

        # Log test discovery
        print(f"Discovered: {item.nodeid}")

Benefits:

  • Faster Feedback: Run only relevant tests during development
  • CI Optimization: Parallel test execution based on collection
  • Debugging: Isolate and focus on specific failing tests
  • Documentation: Test names serve as executable documentation

These tools and techniques represent different aspects of software development - cultural awareness, system-level debugging, and efficient testing practices.