One thing I've consistently had to teach junior engineering staff is to search for stuff.
Not even really how to search for stuff, just that they should. It's 2020 and everyone more or less knows how.
The Google brand has been associated with engineering excellence for a while, but the amount of productive engineers they've helped turn out is probably immeasurable. How do you track every technical person who's ever used search to solve a problem?
Nope, not binary search. Web search via Google or (for the conspiracy theorists) DuckDuckGo. Let's also count StackOverflow's local search, though I always like to cast a wider net when looking for answers.
There's a misconception that pops up somewhere in the growth path of a software engineer (or security engineer, etcetera) that one day they'll stop Googling.
"Real" engineers don't need to search. "Professional" developers have memorized every out-of-the-box thing in Python. Every Java compiler error and warning!
They are too embarrassed to search but not to call me over to see their Git conflict error. At which point I'll make sure to spread embarrassment anyway.
If you're in a technical job, you should try to search your way out of problems before using more senior staff's time. This is an easy way to stand out amongst your peers.
And this might be applicable to any job where you sit at a computer, though run-of-the-mill tech support's time might be better spent than yours. It could be cheaper. I don't know you.
Back in college, my last year of undergrad included a class titled "Software Engineering." We were 18 people who had to work together in groups to build one overall thing. However, it was really me and 2 others who carried the whole class. I think anyone who was there would agree.
It wasn't that we were necessarily gifted. That's not the case for me.
Really -- there are some truly crazy programmers I've met on the journey of my career, who blow me out of the water.
All it took to lead that undergrad course was a drive to aggressively Google error messages. And, though this should be a given, you have to care enough in the first place to even do that.
For security jobs, searching exact error messages you get back while attacking is often valuable reconnaissance.
Emphasis on the exact part. This weeds out noise in search results. You'll need to put quotes around your search query, possibly breaking it up into multiple parts with a plus sign between them.
As an example, let's say I am either building or attacking a web application (trust me there's a lot of overlap) and it gives me the message below* in a response.
Traceback (most recent call last): File "scraper.py", line 135, in asyncio.get_event_loop().run_until_complete(main()) File "C:\Users\1\AppData\Local\Programs\Python\Python38\lib\asyncio\base_event s.py", line 612, in run_until_complete return future.result() File "scraper.py", line 54, in main raise RuntimeError('Could not read environment variable ODDS_PORTAL_USERNAME ') RuntimeError: Could not read environment variable ODDS_PORTAL_USERNAME
* This is an actual error someone encountered trying to run an open source project of mine. It wasn't in an HTTP response though. That'd be bad. Just pretend.
The inexperienced search user might then try a query like
Could not read environment variable ODDS_PORTAL_USERNAME or
RuntimeError: Could not read environment variable ODDS_PORTAL_USERNAME. If that Python error is not obvious I'm going to guess you don't understand ODDS_PORTAL_USERNAME is an application-specific variable either. Anyway, at best you'd then get these noisy results below.
The battle-hardened search soldier would tend to look at the original error then derive the following query instead.
"RuntimeError" + "The environment variable is not set"
Here, we've dropped the variable that seems custom to our application. This tends to be a good idea unless you have reason to believe your error is coming from a vendor product. We also lost the colon because it doesn't add value.
If we try that in Google, our results are clean and allow for immediate action.
At this point I hope you get the idea. From here, you might go bookmark something about "advanced Google search tricks" to learn helpful syntax.
Notice I didn't link -- readers might get some practice here. 🙃
Join my mailing list
About once a month, you'll get an exclusive email catching you up with me and the blog. Feel free to write back too - it's great hearing from readers.