hosts" breaks the Substack editor

(scalewithlee.substack.com)

603 points scalewithlee | 1 comments | 25 Apr 25 13:48 UTC | HN request time: 0s | source

Show context

netsharc ◴[25 Apr 25 14:24 UTC] No.43793903[source]▶

Reminds me of an anecdote about an e-commerce platform: someone coded a leaky webshop, so their workaround was to watch if the string "OutOfMemoryException" shows up in the logs, and then restart the app.

Another developer in the team decided they wanted to log what customers searched for, so if someone typed in "OutOfMemoryException" in the search bar...

replies(2): >>43793976 #>>43795364 #

PhilipRoman ◴[25 Apr 25 16:18 UTC] No.43795364[source]▶

>>43793903 #

Careless analysis of free-form text logs is an underrated way to exploit systems. It's scary how much software blindly logs data without out of band escaping or sanitizing.

replies(1): >>43796073 #

ycombinatrix ◴[25 Apr 25 17:05 UTC] No.43796073[source]▶

>>43795364 #

Why would someone "sanitize" OutOfMemoryException out of their logs? That is a silly point to make.

replies(3): >>43796243 #>>43796381 #>>43802850 #

teraflop ◴[25 Apr 25 17:32 UTC] No.43796381[source]▶

>>43796073 #

The point is not to sanitize known strings like "OutOfMemoryException". The point is to sanitize or (preferably) escape any untrusted data that gets logged, so that it won't be confused for something else.

replies(1): >>43796721 #

swyx ◴[25 Apr 25 18:02 UTC] No.43796721[source]▶

>>43796381 #

i think GP's point is how would you even sanitize the string "OutOfMemoryException" which presumably comes from a trusted system

i guess demanding "Structured logs for everything or bust" is the answer? (i'm not a big o11y guy so pardon me if this is obvious)

replies(2): >>43797095 #>>43797161 #

noisem4ker ◴[25 Apr 25 18:42 UTC] No.43797161[source]▶

>>43796721 #

"o11y" stands for "observability".

Numeronyms are evil and we should stop using them.

replies(3): >>43798193 #>>43798369 #>>43801650 #

j1elo ◴[25 Apr 25 20:28 UTC] No.43798193[source]▶

>>43797161 #

Thanks. My mind started running the random string generator given those restrictions, like a puzzle game. But had no idea of what it meant until you wrote it. Who invented that stupid idea and thought it would be a good one?

replies(1): >>43798349 #

swyx ◴[25 Apr 25 20:46 UTC] No.43798349[source]▶

>>43798193 #

because its easily googlable.

counter point - people are going to use them, better to expose newbies early and often and then everyone is better off

shorthands will always be in demand. we used to say “horseless carriage”, then “automobile”, then “car”. would you rather use Light amplification by stimulated emission of radiation or just “laser”s? etc

in the new york times? sure, spell out observability. but on HN? come on. the term is 7 years old and is used all over the site. it’s earned it

replies(3): >>43800066 #>>43802105 #>>43802848 #

1. stalfosknight ◴[26 Apr 25 01:18 UTC] No.43800066{3}[source]▶

>>43798349 #

I've never seen it before.

↑