I’ve been in debugging hell for a few days. I’ve had a few nightmare bugs, and learned a few things, as well as having my indie ass saved by some lucky stuff. here is the summary:

I had a bug that was a critical, game-ruining crash thing. When I debugged it, I found the exact line of code that was causing it. I had removed a certain if() statement. I remember doing it about two weeks ago. Can I remember why? Can I hell. IF I had proper comments in the code where I changed stuff, I would have worked out what was going on. IF I had forced myself to check in more regularly and ALWAYS type detailed comments into the check-in softwares submission dialog, I would have worked out what was going on.

Luckily, it wasn’t a disaster, because a long time ago, I clearly made a decision to include my ‘design log’ in the checked-in source-controlled files. This is a long rambling document where I always type everything I’m doing, and have my list of motivating ‘**DONE**’ statements for each day. Naturally, when I made that code change roughly two weks ago, I had written about the problem that needed me to do so. Normally, finding this comment would be a pain, because there are no date stamps on the log, and I wasn’t sure what I was looking for. Hurrah! the design log also has a changelist, and I found the bit I wanted just by seeing the changes made to it in the same check-in as the code change itself.

Lesson: Keep a log of your work, and source-control it. Adding better comments to code doesn’t hurt either.

I had a virus attack on my PC. I think it was some sneaky sleeper-thing that only triggered on a reboot, and I don’t reboot often, so I’m not sure where I got it. It could well be a warez site, which I still check now and then to get some pirated links removed. This virus was pretty nasty. Not only did it breeze past malwarebytes and spybot without triggering either of them (let alone windows defender and the firewall, and the browser settings), but it didn’t announce itself at all. What it did, was trawl through every file on every drive, and with html files, it appended some javascript to the bottom of each file which dropped an exe on peoples machines who ran it. Scary as hell.

I only noticed it because I was editing my website local copies, and spotted in windows explorer that the filesizes of some basic html files were too big. Thank kahless I spotted this before uploading them. The difficult part was then removing them. I noticed that even after running multiple virus scans, and my PC looking clean, if I created a new html file and left it for five minutes, the javascript would be added. There was no dodgy process running, it must have been a rootkit or service.

Anyway… Microsoft Security Essentials is apparently ‘teh awesome’ because it not only killed the virus, it restored every one of my files to their original state without problems. And it’s free. How awesome is that?

One thing I did do, as a precaution after all this (apart from keep MSE installed and running several deep scans overnight with 3 different scanners) is to create a truecrypt container and stick a copy of my website inside it. There is no chance of some virus cracking that open and ruining those files (although in theory it could delete the container). I also keep backups of vital stuff on a thumb drive, just in case. Scary stuff though. Especially because I’m not exactly some dork who accepts .exe files on IRC or opens random email attachments. This stuff is getting harder and harder to avoid.

10 Responses to “Programming tips (and some general tips)”

  1. John says:

    Interesting story, esp as I don’t often use source control, or comment my work as much as i should.

    I’m very keen to know which browser/OS combo allowed this buggr through. If it was a browser leak that’s pretty scary.

  2. cliffski says:

    it could have been firefox, or the latest IE as I have both installed, and occasionally do use IE.

  3. Jordi says:

    I can understand keeping the “bug tracking” and “todo” lists in source control, after all, they are part of the project and need to be versioned as well. This is specially useful in distributed system.

    What I can’t understand is why do you keep a detailed (you said “type everything I’m doing”) log in a file. I am confused because you said it is a “design log”. It is like a design specifications? Or it is really a “log of your work” (i.e., ChangeLog)? In the latter case, I don’t really think is a good idea. If you are so dedicated as to write down the changes you do, why don’t do it on the source control system itself? Later it could be read as any work log but with the benefit on automatic timestamps and a view of the actual changes on the code.

  4. cliffski says:

    You are right in many ways. The thing is, it contains a lot of ramblings about play balance and general ideas, which dont correspond to a specific submitted changelist. Sometimes there are pages of waffle about what needs testing, and what passes testing, and all this results in not a single change in code, which is why its done as a seperate thing.

  5. I agree on point about source control. It’s really difficult to live without it. Fortunately it’s relatively simple to handle once you get a hang of it. And IDE support is quite good these days as well. Personally I favor Git and various other DVCS’s. Particularly Fossil is interesting as it contains a wiki and an issue tracker in itself.

    Considering your notes you might find it handy to set up a local wiki. Something like TiddlyWiki (just a single HTML file) might do the trick. If you want, you can stash the HTML file to your VCS. Some wikis even provide some form of revision control themselves.

    If you want to manage it all in a single place consider giving services such as GitHub a go. It’s relatively cheap considering the benefits.

  6. Andy Krouwel says:

    Source control for the website is surely the safest way to go.

    Other things to put in source control that often get forgotten:
    – Build environment & tools
    – Environment variables

    It’s great when you get old code back, but not the version of make that went with it…

    Also, of course, automated tests!

    Gives you some confidence that when you fix something (eg. take out an ‘if’) you aren’t breaking something else (eg. the reason you put the ‘if’ there in the first place.) If you have a test for the bug too then when you come back in a few weeks and put that ‘if’ back, all hell will break loose on the tests not the release code.

  7. Jeremy says:

    Source control! Git, Mercurial, Fossil, whichever floats your boat. Learn it, love it, deploy only from it. Cheap branching and powerful merging can do surprising things to your habits of keeping changes small and described well by commit comments, and paying a few bucks a month for an online repo you can push to as a form of backup is cheap, cheap insurance.

    I can only speak for Git, but I can say that it changed my (professional) life with both what i mentioned above and with things like amending of commits and their comments, the ability to merge commits to keep history tidy, the ability to flexibly reorganize changes to ease change management, etc.

    And, just to say it again: deploy only from source control. :)

  8. Rob Basler says:

    The last while, I’ve been running Firefox on a Ubuntu 10.04 OS in Oracle’s virtualbox on my Windows box whenever I’m web browsing to a questionable site. It suspends and restores quickly. No risk of anything nasty escaping from there. It was completely painless to install and the Virtualbox integration extensions for screen sizing, mouse etc also work just great.

  9. CountVlad says:

    I use NoScript on Firefox which prettymuch bans everything that isn’t HTML until you say otherwise. You can customise it quite a lot and can also ban some HTML tags (like iFrames or Audio tags) if you think it necessary.
    The main reason I use it is to block adverts, but it also adds an extra layer of security against viruses.

  10. Jeremy says:

    Just popping by to echo Rob and Vlad: NoScript, virtual machines, and NoScript in virtual machines :) are all great things to look into. Hmm, what else. Make sure you are not running with admin rights! I know, as a developer it is hard to imagine running without them, but having gone through the transition some time ago it has done wonders for both the safety of the machine and my apps’ ability to run properly under regular user accounts.