The latest articles on DEV Community by feileacan (@feileacan). https://dev.to/feileacan https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F580710%2F6e233065-4944-4396-9e8d-6802a7a2edd6.png https://dev.to/feileacan en feileacan Mon, 08 Mar 2021 10:42:52 +0000 https://dev.to/feileacan/what-i-found-hard-about-rust-and-how-i-got-the-hang-of-it-5mb https://dev.to/feileacan/what-i-found-hard-about-rust-and-how-i-got-the-hang-of-it-5mb <p>Rust is an interesting language. <a href="https://insights.stackoverflow.com/survey/2020#technology-most-loved-dreaded-and-wanted-languages">Much-loved</a>, a systems programming language (no garbage collection, etc) but feels like a higher level language with iterators, fancy type systems, nice tooling, and you can write code that works<br> without needing to carefully juggle memory.</p> <p>I've done plenty of systems programming (C, C++) and higher level (Python, C#, etc), so figured Rust should be easy enough to pick up, but I'd hit the same struggles everyone else does, where the borrow checker yells at me, and when do I use a <code>String</code> vs <code>&amp;String</code> vs <code>str</code> vs <code>&amp;str</code>?</p> <p>Eventually I figured out why I was struggling so much though, and now I'll share with you, gentle reader, my revelation.</p> <p><strong>I was forgetting to think about memory and lifetimes</strong></p> <p>When coding in C or C++ I'd be constantly aware of every allocation and trying (and sometimes failing) to carefully track the lifetimes of every object I use because if I don't, bad things happen.</p> <p>In a language like Python I don't because that's all hidden from me. I just code and it's the interpreter's problem.</p> <p>When writing Rust it felt so easy, so I relaxed and stopped the careful tracking that I would in other systems programming languages. Of course, you can't since it matters in Rust. It has better ergonomics and safety but it's still a systems programming language, that means it assumes you know and care about whether things are heap or stack allocated, or about when exactly something is deallocated.</p> <p>This then means the solution is sad but easy. I need to go back to thinking about where I want things allocated, how they're getting passed to functions, how long they live for. But at least when I get it wrong I find out from the compiler instead of <a href="https://googleprojectzero.blogspot.com/">Project Zero</a>.</p> rust feileacan Fri, 19 Feb 2021 00:17:03 +0000 https://dev.to/feileacan/what-can-we-learn-from-citi-s-900-million-mistake-3p0j https://dev.to/feileacan/what-can-we-learn-from-citi-s-900-million-mistake-3p0j <p>Back in 2020 Citigroup accidentally sent almost USD$900 million to Revlon's creditors. About half the money was returned, but 10 creditors held on to the money and a judge has just ruled that <a href="https://www.nytimes.com/2021/02/17/business/dealbook/citigroup-900-million.html">they can keep the money</a>.</p> <p>In short, Revlon sent Citi a few million for them to transfer to creditors as an interest payment. A Citigroup employee didn't fill out a form in a program correctly, so Citi paid off Revlon's loan in full using their own money. Oops.</p> <p>Here's the form, can you see the problem?<br> <a href="https://res.cloudinary.com/practicaldev/image/fetch/s--l-qN2Dvm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7w0bzzvxt80suf5afut2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--l-qN2Dvm--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://dev-to-uploads.s3.amazonaws.com/uploads/articles/7w0bzzvxt80suf5afut2.png" alt="image"></a> (sourced from the <a href="https://www.courtlistener.com/recap/gov.uscourts.nysd.542310/gov.uscourts.nysd.542310.243.0_2.pdf">court record</a>)</p> <p>Thought not. In order to <strong>not</strong> send lots of money you need to check all of the PRINCIPAL, FUND and FRONT boxes.</p> <h2> What can we learn from this? </h2> <p>The real question is what can the rest of us learn from this mistake? Not that people make mistakes or should be fired (three different people looked at and approved the transfer), but the importance of good UI. To me, there are three main takeaways.</p> <h3> Safe defaults </h3> <p>Usually we should make the common case the default, that's just good UX. But when one of the options is dangerous and the other safe, make the default the safe one.</p> <p>Think about your ops tools, how many have <code>--dry-run</code> flags instead of <code>--for-realsies</code>? A repeated trend I've seen in outages is someone ran a command, didn't realise they were targeting production and oops.</p> <h3> UI states should match business logic states </h3> <p>Is every combination of checkboxes actually valid? If you have redundant information in the UI you should either consolidate it, or error on mismatch. Either you know what the user wants, in which case you didn't need to ask for it in the first place, or you don't, in which case don't guess. As with all rules you may want to bend this one for convenience but the dangerous an operation the more pedantic you should be.</p> <h3> Adding more reviewers only goes so far. </h3> <p>A common pattern after outages is to add more reviewers for changes: "someone ran the foobar tool and took out a datacentre, now all users of the foobar tool need a second person to check the command and approve before running it". In a pinch it can help, but it's a short-term mitigation. It slows you down, takes more person-time, randomises people, and still doesn't give you as much safety as improving the tool itself.</p> <h2> Obligatory Disclaimers </h2> <ul> <li>The above is a very brief summary of what happened, it's more complicated than I made it out to be. Please read the linked article and court record for more details</li> <li>All opinions are my own and do not represent my employer</li> </ul>