SlideShare ist ein Scribd-Unternehmen logo

Code Forensics

‱
‱
Diego Pacheco
Diego Pacheco

Code Forensics

Technologie
1 von 29
Downloaden Sie, um offline zu lesen
Code Forensics Diego Pacheco
@diego_pacheco ❏ Cat's Father ❏ Head of Software Architecture ❏ Agile Coach ❏ SOA/Microservices Expert ❏ DevOps Practitioner ❏ Speaker ❏ Author diegopacheco http://diego-pacheco.blogspot.com.br/ About me... https://diegopacheco.github.io/tinyurl.com/diegopacheco
Things we will talk about... Things you should avoid. DON'TS01 Science 101 How to run a investigation02 Observability, Debug Tricks, Linux Tools... Tools & Tricks03 Post Mortems, RCAs and Retrospectives Closing the Case04
Don'ts
Don't: FREAK OUT ❏ Avoid extra pressure on yourself ❏ Avoid worry about time. ❏ Avoid making comparisons like this should be done in 1h or so. ❏ As time pass is easy to Freak Out ❏ Making progress is your friend, don't nail it down only about solving the mystery. ❏ Your eyes can trick you, use tools. ❏ Make sure you do things properly. ❏ Comparing Strings ❏ Read Errors Carefully. ❏ Don't forget to Breath
Don't: Do two many things at time. ❏ Don't change 2 things at the time. ❏ Code ❏ Vars / Config ❏ Trys ❏ One Hypotesy at the time ❏ Otherwise how do you know what did what? ❏ You need to be: ❏ Methodical ❏ Boring ❏ Slow
How to Run a investigation Science 101 Have Theories Write Down Facts Have a Partner (Pair Programing) Minimize Investigation Efforts
Science 101
Science 101: Do we have a smoking gun?
Minimize Investigation Efforts 4% of code == 72% of defects (Code as Crime Scene)
Have Theories ❏ It's a like a guessing game, how the murder happen? ❏ Think on most likely thing it could be. ❏ There are classical Offenders like: ❏ NPE Lack of validation/test ❏ Code Change ❏ Config Change ❏ Credentials Change ❏ Typo somewhere ❏ Lack of Security groups ❏ Not enough Resources (memory, space) ❏ OOM Killer
Write down Facts ❏ Write down (paper, txt file, evernote, google docs) ❏ Write Important fact like: ❏ Class Names, Methods, Variables ❏ Make sure you don't get lots. ❏ It's easy to forget important pieces of information when you are worried and want to fix the issue fast.
Have a Partner (Pair Programing)
Have a Partner (Pair Programing)
Have a Partner (Pair Programing)
Tools & Tricks ❏ Observability ❏ Debug tricky's ❏ Linux Tools ❏ Write your own tools
Observability
—Filipe Fortes "Debugging is like being the detective in a crime movie where you are also the murderer." -
Debug tricks ❏ Know your IDE. ❏ Remote Debugging. ❏ Debug tricks like: ❏ Conditionals ❏ Log Expressions ❏ Runtime eval ❏ Exception Breakpoints ❏ Field Break points
Linux Tools
Write your own tools ❏ Help to nail down problems faster. ❏ Simple Utilitary. ❏ Program or scripts (Groovy, Python , Rust, Go). ❏ Quick diagnostics.
Could you compare with something else? ❏ It's very likely the issue is a code change, so maybe was working before. Some digging is needed. ❏ Not always possible (i.g new feature) ❏ Use diff tools. ❏ Compare previous versions that worked. ❏ Run previous tests that worked. ❏ Debug and write down differences.
Closing the Case Fix, Share & Improve ❏ Adding More Tests ❏ Post Mortems ❏ RCAs ❏ Retrospectives
Adding more Tests ❏ Boys Scout rules. ❏ Closing the Case means you found the issue. ❏ So we need to create test to simulate the issue. ❏ Having the test will proof we don't suffer again.
Closing the Case: Post Mortems
Closing the Case: RCA ❏ Similar to Post Mortems. ❏ Lean tool. Can be used with: 5 whys, fishbone and other system thinking tools. ❏ Excel file: ❏ Issue ❏ classification ❏ Why it happen ❏ How we make sure it does not happen again
Closing the Case: Retrospectives
Good Investigation Books
Code Forensics Diego Pacheco

Empfohlen

AWS IAM
AWS IAMAWS IAM
AWS IAM
Diego Pacheco
 
Reflections on SCM
Reflections on SCMReflections on SCM
Reflections on SCM
Diego Pacheco
 
Architecture 101: Vision, Properties and Skills
Architecture 101: Vision, Properties and SkillsArchitecture 101: Vision, Properties and Skills
Architecture 101: Vision, Properties and Skills
Diego Pacheco
 
Dealing with dependencies
Dealing with dependenciesDealing with dependencies
Dealing with dependencies
Diego Pacheco
 
CDKs
CDKsCDKs
CDKs
Diego Pacheco
 
Holacracy
HolacracyHolacracy
Holacracy
Diego Pacheco
 
Architecture & Engineering : Doing the non-obvious!
Architecture & Engineering : Doing the non-obvious!Architecture & Engineering : Doing the non-obvious!
Architecture & Engineering : Doing the non-obvious!
Diego Pacheco
 
The Death of Microservices
The Death of MicroservicesThe Death of Microservices
The Death of Microservices
Diego Pacheco
 

Empfohlen

AWS IAM
AWS IAMAWS IAM
AWS IAM
Diego Pacheco
 
Reflections on SCM
Reflections on SCMReflections on SCM
Reflections on SCM
Diego Pacheco
 
Architecture 101: Vision, Properties and Skills
Architecture 101: Vision, Properties and SkillsArchitecture 101: Vision, Properties and Skills
Architecture 101: Vision, Properties and Skills
Diego Pacheco
 
Dealing with dependencies
Dealing with dependenciesDealing with dependencies
Dealing with dependencies
Diego Pacheco
 
CDKs
CDKsCDKs
CDKs
Diego Pacheco
 
Holacracy
HolacracyHolacracy
Holacracy
Diego Pacheco
 
Architecture & Engineering : Doing the non-obvious!
Architecture & Engineering : Doing the non-obvious!Architecture & Engineering : Doing the non-obvious!
Architecture & Engineering : Doing the non-obvious!
Diego Pacheco
 
The Death of Microservices
The Death of MicroservicesThe Death of Microservices
The Death of Microservices
Diego Pacheco
 
Design is not Subjective
Design is not SubjectiveDesign is not Subjective
Design is not Subjective
Diego Pacheco
 
Sec 101
Sec 101Sec 101
Sec 101
Diego Pacheco
 
Thoughts about Shape Up
Thoughts about Shape UpThoughts about Shape Up
Thoughts about Shape Up
Diego Pacheco
 
Design 101
Design 101Design 101
Design 101
Diego Pacheco
 
Lean 2020
Lean 2020Lean 2020
Lean 2020
Diego Pacheco
 
Dealing with dependencies in tests
Dealing with dependencies in testsDealing with dependencies in tests
Dealing with dependencies in tests
Diego Pacheco
 
NoSQL
NoSQLNoSQL
NoSQL
Diego Pacheco
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
Christian Heilmann
 
Lean/Agile/DevOps 2016 part 3
Lean/Agile/DevOps 2016 part 3Lean/Agile/DevOps 2016 part 3
Lean/Agile/DevOps 2016 part 3
Diego Pacheco
 
Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...
Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...
Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...
GreeceJS
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
Christian Heilmann
 
You learned JavaScript - now what?
You learned JavaScript - now what?You learned JavaScript - now what?
You learned JavaScript - now what?
Christian Heilmann
 
2017 Facebook DevC SRS - JavaScript for beginners
2017 Facebook DevC SRS - JavaScript for beginners2017 Facebook DevC SRS - JavaScript for beginners
2017 Facebook DevC SRS - JavaScript for beginners
Edy Segura
 
Web dev presentation
Web dev presentationWeb dev presentation
Web dev presentation
Domendra Sahu
 
Dynomite Eureka Registry With Prana
Dynomite Eureka Registry With PranaDynomite Eureka Registry With Prana
Dynomite Eureka Registry With Prana
Diego Pacheco
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
James Morris
 
How to become a domain expert in no time?
How to become a domain expert in no time?How to become a domain expert in no time?
How to become a domain expert in no time?
Yvan PHELIZOT
 
TDD in Python With Pytest
TDD in Python With PytestTDD in Python With Pytest
TDD in Python With Pytest
Eddy Reyes
 
Spaghetti gate
Spaghetti gateSpaghetti gate
Spaghetti gate
Jon Bachelor
 
Notes on Debugging
Notes on DebuggingNotes on Debugging
Notes on Debugging
Cotap Engineering
 
10 tips to save you time and frustration while programming
10 tips to save you time and frustration while programming10 tips to save you time and frustration while programming
10 tips to save you time and frustration while programming
Hugo Shi
 
Become a Better Developer with Debugging Techniques for Drupal (and more!)
Become a Better Developer with Debugging Techniques for Drupal (and more!)Become a Better Developer with Debugging Techniques for Drupal (and more!)
Become a Better Developer with Debugging Techniques for Drupal (and more!)
Acquia
 

Weitere Àhnliche Inhalte

Was ist angesagt?

Was ist angesagt? (17)

Design is not Subjective
Design is not SubjectiveDesign is not Subjective
Design is not Subjective
 
Sec 101
Sec 101Sec 101
Sec 101
 
Thoughts about Shape Up
Thoughts about Shape UpThoughts about Shape Up
Thoughts about Shape Up
 
Design 101
Design 101Design 101
Design 101
 
Lean 2020
Lean 2020Lean 2020
Lean 2020
 
Dealing with dependencies in tests
Dealing with dependencies in testsDealing with dependencies in tests
Dealing with dependencies in tests
 
NoSQL
NoSQLNoSQL
NoSQL
 
Seven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC OsloSeven ways to be a happier JavaScript developer - NDC Oslo
Seven ways to be a happier JavaScript developer - NDC Oslo
 
Lean/Agile/DevOps 2016 part 3
Lean/Agile/DevOps 2016 part 3Lean/Agile/DevOps 2016 part 3
Lean/Agile/DevOps 2016 part 3
 
Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...
Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...
Next.js and the pursuit of happiness (Dimitris Michalakos, Lead Developer at ...
 
Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"Sacrificing the golden calf of "coding"
Sacrificing the golden calf of "coding"
 
You learned JavaScript - now what?
You learned JavaScript - now what?You learned JavaScript - now what?
You learned JavaScript - now what?
 
2017 Facebook DevC SRS - JavaScript for beginners
2017 Facebook DevC SRS - JavaScript for beginners2017 Facebook DevC SRS - JavaScript for beginners
2017 Facebook DevC SRS - JavaScript for beginners
 
Web dev presentation
Web dev presentationWeb dev presentation
Web dev presentation
 
Dynomite Eureka Registry With Prana
Dynomite Eureka Registry With PranaDynomite Eureka Registry With Prana
Dynomite Eureka Registry With Prana
 
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
How and Why You Should Become a Kernel Hacker - FOSS.IN/2007
 
How to become a domain expert in no time?
How to become a domain expert in no time?How to become a domain expert in no time?
How to become a domain expert in no time?
 

Ähnlich wie Code Forensics

Become a Better Developer with Debugging Techniques for Drupal (and more!)
Become a Better Developer with Debugging Techniques for Drupal (and more!)Become a Better Developer with Debugging Techniques for Drupal (and more!)
Become a Better Developer with Debugging Techniques for Drupal (and more!)
Acquia
 
Software Development Essential Skills
Software Development Essential SkillsSoftware Development Essential Skills
Software Development Essential Skills
John Choi
 
Scottish Ruby Conference 2014
Scottish Ruby Conference 2014Scottish Ruby Conference 2014
Scottish Ruby Conference 2014
michaelag1971
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Joxean Koret
 

Ähnlich wie Code Forensics (20)

TDD in Python With Pytest
TDD in Python With PytestTDD in Python With Pytest
TDD in Python With Pytest
 
Spaghetti gate
Spaghetti gateSpaghetti gate
Spaghetti gate
 
Notes on Debugging
Notes on DebuggingNotes on Debugging
Notes on Debugging
 
10 tips to save you time and frustration while programming
10 tips to save you time and frustration while programming10 tips to save you time and frustration while programming
10 tips to save you time and frustration while programming
 
Become a Better Developer with Debugging Techniques for Drupal (and more!)
Become a Better Developer with Debugging Techniques for Drupal (and more!)Become a Better Developer with Debugging Techniques for Drupal (and more!)
Become a Better Developer with Debugging Techniques for Drupal (and more!)
 
Software Design Notes
Software Design NotesSoftware Design Notes
Software Design Notes
 
Pentester++
Pentester++Pentester++
Pentester++
 
PHP - Introduction to PHP Bugs - Debugging
PHP - Introduction to PHP Bugs - DebuggingPHP - Introduction to PHP Bugs - Debugging
PHP - Introduction to PHP Bugs - Debugging
 
Software Development Essential Skills
Software Development Essential SkillsSoftware Development Essential Skills
Software Development Essential Skills
 
Code Camp NYC 2017 - How to deal with everything... | Chris Ozog - Codesushi
Code Camp NYC 2017 - How to deal with everything... | Chris Ozog - Codesushi Code Camp NYC 2017 - How to deal with everything... | Chris Ozog - Codesushi
Code Camp NYC 2017 - How to deal with everything... | Chris Ozog - Codesushi
 
Services, tools & practices for a software house
Services, tools & practices for a software houseServices, tools & practices for a software house
Services, tools & practices for a software house
 
Scottish Ruby Conference 2014
Scottish Ruby Conference 2014Scottish Ruby Conference 2014
Scottish Ruby Conference 2014
 
"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali"Introduction to Bug Hunting", Yasser Ali
"Introduction to Bug Hunting", Yasser Ali
 
PreocupaçÔes Desenvolvedor Ágil
PreocupaçÔes Desenvolvedor ÁgilPreocupaçÔes Desenvolvedor Ágil
PreocupaçÔes Desenvolvedor Ágil
 
Bug Hunting Safari
Bug Hunting SafariBug Hunting Safari
Bug Hunting Safari
 
Writing clean scientific software Murphy cleancoding
Writing clean scientific software Murphy cleancodingWriting clean scientific software Murphy cleancoding
Writing clean scientific software Murphy cleancoding
 
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
Pigaios: A Tool for Diffing Source Codes against Binaries (Hacktivity 2018)
 
Learn to Code with MIT App Inventor ( PDFDrive ).pdf
Learn to Code with MIT App Inventor ( PDFDrive ).pdfLearn to Code with MIT App Inventor ( PDFDrive ).pdf
Learn to Code with MIT App Inventor ( PDFDrive ).pdf
 
Developing Better Software
Developing Better SoftwareDeveloping Better Software
Developing Better Software
 
The Fault In Our Code
The Fault In Our CodeThe Fault In Our Code
The Fault In Our Code
 

Mehr von Diego Pacheco

Mehr von Diego Pacheco (16)

Naming Things Book : Simple Book Review!
Naming Things Book : Simple Book Review!Naming Things Book : Simple Book Review!
Naming Things Book : Simple Book Review!
 
Continuous Discovery Habits Book Review.pdf
Continuous Discovery Habits Book Review.pdfContinuous Discovery Habits Book Review.pdf
Continuous Discovery Habits Book Review.pdf
 
Encryption Deep Dive
Encryption Deep DiveEncryption Deep Dive
Encryption Deep Dive
 
Management: Doing the non-obvious! III
Management: Doing the non-obvious! IIIManagement: Doing the non-obvious! III
Management: Doing the non-obvious! III
 
Management doing the non-obvious II
Management doing the non-obvious II Management doing the non-obvious II
Management doing the non-obvious II
 
Testing in production
Testing in productionTesting in production
Testing in production
 
Nine lies about work
Nine lies about workNine lies about work
Nine lies about work
 
Management: doing the nonobvious!
Management: doing the nonobvious!Management: doing the nonobvious!
Management: doing the nonobvious!
 
AI and the Future
AI and the FutureAI and the Future
AI and the Future
 
Kanban 2020
Kanban 2020Kanban 2020
Kanban 2020
 
Hardening
HardeningHardening
Hardening
 
Sidecars
SidecarsSidecars
Sidecars
 
SRE 101
SRE 101SRE 101
SRE 101
 
Making sense of streaming
Making sense of streamingMaking sense of streaming
Making sense of streaming
 
SOA.2020
SOA.2020SOA.2020
SOA.2020
 
Understand the system
Understand the systemUnderstand the system
Understand the system
 

KĂŒrzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎+971_581248768%)**%*]'#abortion pills for sale in dubai@
 

KĂŒrzlich hochgeladen (20)

🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

Code Forensics

  • 2. @diego_pacheco ❏ Cat's Father ❏ Head of Software Architecture ❏ Agile Coach ❏ SOA/Microservices Expert ❏ DevOps Practitioner ❏ Speaker ❏ Author diegopacheco http://diego-pacheco.blogspot.com.br/ About me... https://diegopacheco.github.io/tinyurl.com/diegopacheco
  • 3. Things we will talk about... Things you should avoid. DON'TS01 Science 101 How to run a investigation02 Observability, Debug Tricks, Linux Tools... Tools & Tricks03 Post Mortems, RCAs and Retrospectives Closing the Case04
  • 5. Don't: FREAK OUT ❏ Avoid extra pressure on yourself ❏ Avoid worry about time. ❏ Avoid making comparisons like this should be done in 1h or so. ❏ As time pass is easy to Freak Out ❏ Making progress is your friend, don't nail it down only about solving the mystery. ❏ Your eyes can trick you, use tools. ❏ Make sure you do things properly. ❏ Comparing Strings ❏ Read Errors Carefully. ❏ Don't forget to Breath
  • 6. Don't: Do two many things at time. ❏ Don't change 2 things at the time. ❏ Code ❏ Vars / Config ❏ Trys ❏ One Hypotesy at the time ❏ Otherwise how do you know what did what? ❏ You need to be: ❏ Methodical ❏ Boring ❏ Slow
  • 7. How to Run a investigation Science 101 Have Theories Write Down Facts Have a Partner (Pair Programing) Minimize Investigation Efforts
  • 9. Science 101: Do we have a smoking gun?
  • 10. Minimize Investigation Efforts 4% of code == 72% of defects (Code as Crime Scene)
  • 11. Have Theories ❏ It's a like a guessing game, how the murder happen? ❏ Think on most likely thing it could be. ❏ There are classical Offenders like: ❏ NPE Lack of validation/test ❏ Code Change ❏ Config Change ❏ Credentials Change ❏ Typo somewhere ❏ Lack of Security groups ❏ Not enough Resources (memory, space) ❏ OOM Killer
  • 12. Write down Facts ❏ Write down (paper, txt file, evernote, google docs) ❏ Write Important fact like: ❏ Class Names, Methods, Variables ❏ Make sure you don't get lots. ❏ It's easy to forget important pieces of information when you are worried and want to fix the issue fast.
  • 13. Have a Partner (Pair Programing)
  • 14. Have a Partner (Pair Programing)
  • 15. Have a Partner (Pair Programing)
  • 16. Tools & Tricks ❏ Observability ❏ Debug tricky's ❏ Linux Tools ❏ Write your own tools
  • 18. —Filipe Fortes "Debugging is like being the detective in a crime movie where you are also the murderer." -
  • 19. Debug tricks ❏ Know your IDE. ❏ Remote Debugging. ❏ Debug tricks like: ❏ Conditionals ❏ Log Expressions ❏ Runtime eval ❏ Exception Breakpoints ❏ Field Break points
  • 21. Write your own tools ❏ Help to nail down problems faster. ❏ Simple Utilitary. ❏ Program or scripts (Groovy, Python , Rust, Go). ❏ Quick diagnostics.
  • 22. Could you compare with something else? ❏ It's very likely the issue is a code change, so maybe was working before. Some digging is needed. ❏ Not always possible (i.g new feature) ❏ Use diff tools. ❏ Compare previous versions that worked. ❏ Run previous tests that worked. ❏ Debug and write down differences.
  • 23. Closing the Case Fix, Share & Improve ❏ Adding More Tests ❏ Post Mortems ❏ RCAs ❏ Retrospectives
  • 24. Adding more Tests ❏ Boys Scout rules. ❏ Closing the Case means you found the issue. ❏ So we need to create test to simulate the issue. ❏ Having the test will proof we don't suffer again.
  • 25. Closing the Case: Post Mortems
  • 26. Closing the Case: RCA ❏ Similar to Post Mortems. ❏ Lean tool. Can be used with: 5 whys, fishbone and other system thinking tools. ❏ Excel file: ❏ Issue ❏ classification ❏ Why it happen ❏ How we make sure it does not happen again
  • 27. Closing the Case: Retrospectives