Wednesday, April 13, 2016
Unspeakably stupid
Good and useful journalism by Fusion webzine.
The reporter found that a farm near El Dorado was receiving all sorts of odd attention from various law enforcement agencies and criminals. He looked into it, and found that an idiot company absurdly called MaxMind is responsible. MaxMind is one of the IP-mapping services. When it can't locate a specific IP, it gives you ... no, not an error message. It gives you a SPECIFIC LOCATION WHICH IS WRONG. For all USA STRONG locations, if the IP can't be pinned down, MaxMind quietly returns a location which is "close enough" to the center of USA STRONG.
Using the actual center would still be totally wrong, but at least the actual center wouldn't bother civilians. The actual center was turned into an official monument (complete with a cute little chapel!) a long time ago because people were always trying to access it for official or touristy reasons. No, that's not stupid enough for MaxMind. MaxMind rounds off the lat and long to [39.0,-98.0] which is 150 miles south of the center, and happens to be a farm near El Dorado.
The Butler county sheriff had already realized something weird was going on, because the actual residents of the farm aren't criminals. (Bravo to the sheriff for understanding the difference!) But he didn't know exactly WHAT was going on until the Fusion writer told him. Non-located IPs are especially common among criminals, so a whole bunch of cops and criminals were being told that their target was on this farm.
Jesus. This is not Programming 101, it's more like Programming 000. Programming NaN. Programming null. If your result is going to be used for ANY ACTUAL PURPOSE other than your own jacking off, you take EXTREME EXTREME EXTREME PAINS to guarantee that EVERY CONCEIVABLE ERROR SITUATION gives an INSTANTLY READABLE AND INSTANTLY MEANINGFUL error response. You NEVER give a response that could be taken, by machines or by humans, for a relevant and meaningful answer.
I'm a low-level semi-pro hillbilly hippie programmer, waaaaaaaaaaay below the paygrade of these assholes, and I know how to do this. Just one example from an earlier courseware version. At the point where the teacher is reading the student's grades into a printable list, the data becomes 'official'. It can affect a student's graduation in a small way. So I don't simply fill in 100 or 0 or 50 for a missing answer or a response that seems to have been changed by external factors. I print out a clear error indication:
if (Sum != GradeLine.s.CkSum)
{
sprintf(gEntry,"Lesson %.2ld-%.2ld, !!!!! ALTERED ENTRY !!!!!",LsnHi,LsnLo);
}
Labels: STRONG!
¶ 5:04 PM
