Tuesday, January 11, 2022

Teaching an old dog new tricks

 It has been said that most programmers in their '20s are in their prime and they know everything. It has been said that most programmers in their '30s are good at hanging on to their job with the skills they learned in the last 10 years. It has been said that most programmers north of their '40s are just knowledgeable on what has been done and are always viewed with suspicion because their skill set is believed to be 20 years out of date. It has been said that most programmers just north of their '50s have limited knowledge of today's languages and technologies since their skill set is 30 years out of date. It has been said that most programmers in their '60s should have already retired or must be hiding in the mainframe closet because nobody remembers what languages or technology knowledge they could have known.


Why would you decide either overtly or covertly to not continue learning? If you are a lawyer most states require Continuing Legal Education or CLE to maintain your standing in the bar association. Lawyer in many states, you must have additional hours in professional responsibility and ethics and other courses. Engineers, depending on their specialty, may be required to complete Professional Development Hours or PDH to maintain their state license. Some states require as well some hours for professional ethics as well as other courses. Software engineers are not considered real engineers and almost all states do not require a license. However, if you call yourself an engineer in some states you can get into a bit of legal trouble if they find out you are just experienced in software.


Could this be why most programmers do not consider themselves to be software engineers? Could this be why most programmers loath learning a new skill or even being certified on some vendor products? Could this be why year after year the skill set of programmers on balance never grows? Could this be why when a new release of the database, or a new release of your particular programming language specialty that the documentation sits unread?


Well some of us think this should not be the case. On average the databases, I work on are updated every 18 months. The manual that comes with it has to be read from cover to cover to see what changed or to see what I have forgotten. The latter is most often the case but I digress.


The database Universe started supporting JSON through a library call. There was little fanfare on the normal sites I look at. The documentation supplied by Rocket Software was very poor with no decent examples. About 5 years later there was a good example from one of their engineers a little late for me. Nonetheless, I was able to wade through the syntax and get an idea of what it could do to replace our hand-coded string builder. I converted our handed coded JSON string UniBasic code to create JSON objects using the new functionality. For the most part, it took about 2 days to get the production code changed to use this new library call. Ironically, to create JSON the new way was not much faster until the strings reach about a megabyte then the code was much faster. Below is a sample of the changes.


SET.PROPERTY.OLD:

     JSON = "" ; ADD.IT = @FALSE

     MAX.FM = DCOUNT(PARAM1,@FM) ; * Example: CustomerName:@FM:Address

     FOR X = 1 TO MAX.FMT

        IF ADD.IT THEN JSON := \,\

        JSON := \"\:PARAM1<X>:\":"\:PARAM2<X>:\"\  ; * PARAM2 is the data        

        ADD.IT = @TRUE

     NEXT X

     RETURN.ID = "{":JSON:"}"     

     RETURN



SET.PROPERTY:*

     JSON = ""

     RTN.STATUS = UDOSetOption(UDOOPTION_OUTPUTMODE, UDO_OUTPUT_COMPACT)

     RTN.STATUS = UDOCreate(UDO_OBJECT,udoObj) 

     MAX.ROWS = DCOUNT(PARAM1,@FM)            

     FOR X = 1 TO MAX.ROWS           

        RTN.STATUS = UDOSetProperty(udoObj,PARAM1<X>,PARAM2<X>)

     NEXT X

     RTN.STATUS = UDOWrite(udoObj, UDOFORMAT_JSON, JSON)

     RTN.STATUS = UDOFree(udoObj)     

     RETURN.ID = JSON

     RETURN

Our main entry tool web browsers get updated every 6 to 8 weeks. When they do update there are two things that always change for us such as JavaScript and CSS language support. It took 7 plus years for Firefox to fix a problem with the cursor moving to the URL after an AJAX call instead of the next column in the data table grid. Of course, this worked in Chrome but we had to put in a dead function call to not lose tab support to create a workaround for our Firefox users. Nevertheless, you have to read the developer notes to see what is new, what is changed, what is fixed, and what is no longer supported.


Somewhere around 2016 ES6 JavaScript language brought arrow functions also called fat arrows. They are used to help in writing concise functions. It took a bit of practice to understand what they can do for you. Nonetheless, there was some push back from clients and staff asking why would a programmer go into working code and change just because JavaScript had new features. Again, they are not wrong but the why is important here.


The word that describes "fat arrows" is that they are concise. Why is that not a good thing? Learning new things can introduce bugs that have been routed out. Maybe since some of this code was written in the early 2000's it could use an update and the next set of programmers that would not roll their eyes when they talk about this old code if it is constantly updated as standards change. Below is a sample of old and new code.


oDrivers = [{"id":"1","value":"Unitas"},{"id":"2","value":"Brisco"}]

// Old Code

for (var i=0;i<oDrivers.length;i++){

if (oDrivers[i].id==DriverNo){

driver_name = oDrivers[i].value;

}

}

// New Code

var driverItem = oDrivers.find(obj=>obj.id==DriverNo, true);

driver_name = driverItem.value;

If you are not willing to learn then maybe it is time to retire from programming. Or you could look into another profession that requires less continuous education suggestions. Or if you are so inclined you could get promoted to management. See the Dilbert Principle for more informed comments on management style and substance.

Bad Actors Story

Bad actors are not the ones on television or movies, although I can quite name a few since I am a "B" movie junkie. But I digress a little bit. Bad actors as explained in this article are the ones trying to breach your webserver not matter what kind of firewall you have. Once in your system, they want to steal your data and or encrypt your files. Then, because they are bad actors, they want to charge you also called ransomware to get your data back and or system unencrypted. Or if they are really bad actors they may release your data on the internet or send it to your competitors. Some of these bad actors do what they say and return your system back the way it was. Some of these bad actors do not encrypt your system after you paid and demand more payments before they might decrypt your system. Some of these bad actors take your money sell your information on the web for more profit. Unfortunately, you cannot tell what type of bad actor will take over your system and whether you will have a positive outcome from them no matter what action you take. Since I am the cloud site network administrator of ill repute. I see a lot of these attacks and a daily basis. WordPress, PHP, and many others are easy vectors into your webserver. Just recently I had to update our webserver 4 times because of the log4j vulnerability. It seems log4j version 2.14, our original version needed to be replaced by version 2.15. Then log4j version 2.15 need to be replaced by version 2.16. Then log4j version 2.16 needed to be replaced by version 2.17. And finally, version 2.17 needed to be replaced by version 2.17.1. I did not see the article that described the log4j vulnerability until Dec 11, 2021, two days after the problem was announced. By then I had recorded 11 failed attempts by bad actors on our web server. I am constantly restricting IP addresses based on what I see them doing or trying to do. Whether these bad actors are from China, Russia, India, Singapore, North Korea, or even the United States, my external-facing website must be protected from these bad actors. So one holiday night not long ago, it was dark and gloomy from my workstation window. For some reason, the office light was not to be shinning on my back today, but I was fully illuminated from the glow of my two 27 inch monitors when I spotted these log entries from our external facing website. I edited them to fit this snippet box: [02/Jan/2022:17:28:10] "HEAD /?xHAPPY-NEW-YEAR-FROM-DC8044.COM HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............................. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x..............A............... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............dXb.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x..........dXiXXdXXb........... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x........dXXOXXXXdXXib......... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............dXb.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x..........dXOXXXXXOb.......... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x......dXXXXiXXXdXXXXXXb....... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............III.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............III.............. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............................. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x...Follow.us....t.me/DC8044... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x...WEB...........dc8044.com... HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x.............................. HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x HTTP/1.1" 302 [02/Jan/2022:17:28:10] "HEAD /?x HTTP/1.1" 302 -- I don't to whether to commend this person and or company who wasted a lot of time sending me a "Christmas" tree 7 days after Christmas. Or maybe I should commend myself for actually looking at the logs and deciphering what was sent? I am very conflicted on this, but these are definitely bad actors because their website has the words: "Hack All The Things". Or should I be surprised that dc8044 is a hex color composed of red, green, and blue? This should be a warning to all of the companies and personnel to be very careful about who has access to your website. This stunt by this company may look innocuous but its players are "Bad Actors".