Just called Asus for a problem with my router, went to send them my systemlog.txt for analysis

"Oh we don't have an email you can send that to"

Me: "(me calling bullshit) let me talk to the tech team.."

*Get transferred*

"Hello this is the supervisor"

Me: "fml"

"Ya we don't have an email you can send that to, but we can use a different departments verification services to get a file from you, has to be a picture though"

Me: "What? I got a .txt file here, I just want to get it to you, does it really have to be a picture?"

"Has to be a picture or a PDF, we can't take txt files"

Me: "fkin.. srsly? Fine"

I can't believe Asus's system srsly. I think it's for virus protection, but viruses can be embedded in both picture formats and PDF, but not in txt. So wtf is going on lol

Who’s in charge of youtube verification?

Stolen from twitter

Well... Yeah... that can be a way of doing it. But really?

My current project at work: purchase verification, aka anti-fraud.

It's been two weeks, and my boss is flipping out because it isn't done. A robust anti-fraud solution. in two weeks. And he thought one week was a little much.

like, fucking really?

There are companies whose entire service is helping combat fraud. and he wants this done in a bloody week?

What makes me laugh through my tears of frustration is that the company that moved into the previous office? Yep, anti-fraud. Their entire business model is providing anti-fraud services to other businesses. They even tried selling him on it when they moved in. Bossman sales guy turned it around and sold my freaking desk out from under me instead.

But like. They're a small company: they had 9 people when they moved in, and were looking to add three more, so a total of 12 people. (I totally considered jumping ship, but their stack was too different.)

So. Bossman wants me to replace 9-12 people and their entire business in a fucking week. Yeah.

"Oh, but it's just sms verification" says he. What he also wants is the ability to flag users as fraudulent, have sticky verifications so they can't bypass them by backing out, have email checks as well as sms, have deferred verification to allow collecting required info (e.g. phone number), verification fallback, lockouts, manual admin whitelisting, admin blacklisting, and different rules per merchant and rule groups for affiliates to apply to all of their merchants, and of course the ability to customize those merchant/affiliate anti-fraud rules. But he shortens this gigantic list to "I want sms verification," despite actually asking for all of the above. I don't want to know about the mental gymnastics and/or blindfolding required to equate the two, but he's nuts.

Yeah.
All of that.
In a goddamn week.

And I get chewed out when it isn't done? Fuck off.

Go build me a goddamn 5m ft^2 castle out of basalt and marble using only your toothbrush and a rusty garden trowel, and have it done in a week. No outsourcing.

talk about ridiculous.

Mac: Hello welcome please sign in

Dev: Fair enough

Mac: Oh you haven’t signed in in awhile please get get verification from other device

Dev: kk

Mac: Oh you don’t have a dev account, please sign in on this website

Dev: Hm.

Mac: In order to sign up for a dev account you need to download this app

Dev: ???

Mac: Are you sure you want to open this app you just downloaded?

Dev: Sigh.

Mac: In order to sign up for a dev account on this app you need to sign into it

Dev: For the love of god

Mac: Ok now you can build with Xcode.

Xcode: No you can’t. You have to sign in

Dev: fuck sakes.

Mac: Are you sure you want Xcode to access files on your computer?

Dev: …Yup

Xcode: Signing in isn’t enough you have to select the fact you are signed in a dropdown nested 3 menus deep.

Dev: God damn.

Xcode: Build failed please sign in to phone as well.

Phone: New sign in detected, please verify with alternative device.

Dev: Jesus.

Xcode: Build success! Pushing to iPhone.

Dev: Finally.

Xcode: Unknown error occurred. Please go to support.apple.com for help. :)

Dev: …

During teacher office hours a few years back: if you have questions on your homework, maybe it's too hard and you should switch majors to something easier, many girls do, so there's no shame in it.

I had asked for verification that my standard deviation logic was correct before spending the time coding it and then figuring out what was wrong.

Ps- he's no longer employed by the school for other sexist reasons.

I... uhm... I... I can't... I ... I can't even.... THIS IS LIVE IN THE CLIENT'S SITE WHERE ANYONE CAN CREATE A LOGIN WITH NO VERIFICATION WHATSOEVER AND SEE THIS WHICH IS LINKED TO A BIG RED BUTTON THAT RESETS THE WHOLE DATABASE, YOU FUCKING DUMB PIECE OF SHIT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

// This event clears the entire solution in all active clients, truncates the database and also removes any stored PDFs in the server folder
$(document).on('click', '#resetDB', function () {
// This event only happens if the user correctly enters the password, this is to prevent other users than the admin from performing this action
var answer = prompt("Please enter the password required to perform this action.");
if(answer == "-REDACTEDBECAUSEHOLYSHIT-") {
socket.emit('resetDB');
} else {
alert("The password is incorrect, please try again!");
}
});

AAAAAAAAHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHH!!!!111!!1!!11!1!!1!1one!one!!!11

(I'm not inventing this, even though the "site" is internal only and not accessible through the web. That does *not* make it any less stupid!)

WHAT DO YOU MEAN INVALID CREDENTIALS.
I JUST LOGGED IN WITH THEM ON YOUR SHITTY FUCKING WEBSITE YOU FUCKING INCOMPETENT PIECE OF WANK.
FUCK YOU YOU ARE THE WORST FUCKING CREDENTIALS SYSTEM I'VE EVER FUCKING SEEN; AND I'VE USED YAHOO

All my unit tests work, all my component tests work, why the FUCK does it give me a 'Verification Failed' error?

1 hour later:
Oh wait this is the wrong public key

Appreciation post.

Fucking love Amazon even more now.

Story -
I created a new Aws account and they asked me to pay ₹2 (0.031$) as part of the verification process.

No big deal right?

2 days later, I got a notification saying - "Your account has been credited with ₹2.66"

Not only they returned me my money, but they also paid a certain interest with it too.

And the fact that they are taking care of their dev community (as if we are their customers) is appreciable.

Amazon - you bloody have my respect. I trust you.

No big deal

> Root struggles with her ticket
> Boss struggles too
> Also: random thoughts about this job

I've been sick lately, and it's the kind of sick where I'm exhausted all day, every day (infuriatingly, except at night). While tired, I can't think, so I can't really work, but I'm during my probationary period at work, so I've still been doing my best -- which, honestly, is pretty shit right now.

My current project involves legal agreements, and changing agent authorization methods (written, telephone recording, or letting the user click a link). Each of these, and depending on the type of transaction, requires a different legal agreement. And the logic and structure surrounding these is intricate and confusing to follow. I've been struggling through this and the project's ever-expanding scope for weeks, and specifically the agreements logic for the past few days. I've felt embarrassed and guilty for making so little progress, and that (and a bunch of other things) are making me depressed.

Today, I finally gave up and asked my boss for help. We had an hour and a half call where we worked through it together (at 6pm...). Despite having written quite a bit of the code and tests, he was often saying things like "How is this not working? This doesn't make any sense." So I don't feel quite so bad now.

I knew the code was complex and sprawling and unintuitive, but seeing one of its authors struggling too was really cathartic.

On an unrelated note, I asked the most senior dev (a Macintosh Lisa dev) why everything was using strings instead of symbols (in Rails) since symbols are much faster. That got him looking into the benchmarks, and he found that symbols are about twice as fast (for his minimal test, anyway), and he suggested we switch to those. His word is gold; mine is ignorable. kind of annoying. but anyway, he further went into optimizing the lookup of a giant array of strings, and discovered bsearch. (it's a divide-and-conquer lookup). and here I am wondering why they didn't implement it that way to begin with. 🙄

I don't think I'm learning much here, except how to work with a "mature" codebase. To take a page from @Rutee07, I think "mature" here means the same as in porn: not something you ever want ot see or think about.

I mean, I'm learning other things, too, like how to delegate methods from one model to another, but I have yet to see why you would want to. Every use of it I've explored thus far has just complicated things, like delegating methods on a child of a 1:n relation to the parent. Which child? How does that work? No bloody clue! but it does, somehow, after I copy/pasted a bunch of esoteric legacy bs and fussed with it enough.

I feel like once I get a good grasp of the various payment wrappers, verification/anti-fraud integration, and per-business fraud rules I'll have learned most of what they can offer. Specifically those because I had written a baby version of them at a previous job (Hell), and was trying to architect exactly what this company already has built.

I like a few things about this company. I like my boss. I like the remote work. I like the code reviews. I like the pay. I like the office and some socializing twice a year.

But I don't like the codebase. at all. and I don't have any friends here. My boss is friendly, but he's not a friend. I feel like my last boss (both bosses) were, or could have been if I was more social. But here? I feel alone. I'm assigned work, and my boss is friendly when talking about work, but that's all he's there for. Out of the two female devs I work with, one basically just ignores me, and the other only ever talks about work in ways I can barely understand, and she's a little pushy, and just... really irritating. The "senior" devs (in quotes because they're honestly not amazing) just don't have time, which i understand. but at the same time... i don't have *anyone* to talk to. It really sucks.

I'm not happy here.
I miss my last job.

But the reason I left that one is because this job allows me to move and work remotely. I got a counter-offer from them exactly matching my current job, sans the code reviews. but we haven't moved yet. and if I leave and go back there without having moved, it'll look like i just abandoned them. and that's the last thing I want them to think.

So, I'm stuck here for awhile.
not that it's a bad thing, but i'm feeling overwhelmed and stressed. and it's just not a good fit. but maybe I'll actually start learning things. and I suppose that's also why I took the job.

So, ever onward, I guess.
It would just be nice if I could take some of the happy along with me.

Ah, every time I am on VPN, on every single website I have to prove that I am not a robot.

Just because I am using a VPN service to protect my information, that does not mean I am about to fuck the website up or DDoS the shit out of you. I wish the CDN providers would understand that and make our life easier.

I am seriously tired of completing the Google verification. Select the vehicle, bike, sign post, dick, vagina, Mia Khalifa. FUCK OFF

Friend's site, mail verification, nextcloud etc. all went down...
Checked all his servers, all his configs and what not... Just to realize the moron forgot to pay his bills (so his domain expired)...

This is how 2 steps verification works..

First day at Internship. Did absolutely nothing other than filling up a police verification form

Recovering a legacy Gmail account after receiving a notice of a blocked login.

*Tries to remember the bloody password*
*Actually remembers it*

> Sorry your password isn't enough. Your father's phone number that you used a decade ago can be used for verification though!

Google, let's get this straight. Things have changed. I know the fucking phone number and yes I can enter it, and out of sheer stupidity I did send an authentication code his way. Unfortunately however, things have changed in 10 years. I can instantly kill the fucker on the spot if I were to meet him ever again. Do you think that I'm going to get that fucking code?!

> Oh but you can try to email the code to the very account that you're trying to recover, despite the fact that you know the password for it.

TO THE FUCKING SAME ACCOUNT THAT I'M RECOVERING.

Must've taken a true genius to code that in!!!

Boss insisted that verification link needs to be clicked from same IP address as account registration. Many arguments later, decision is final, we will ignore the numerous ways that this will be a burden to our users.

*Code code, test test, deploy*

We're getting a lot of traffic, we need this bitch to scale! *auto-scale and load balance all the things*

Account creation begins breaking at random, some people receiving the "Your IP address doesn't match" error. Look at login history table, what the shit... All recent logins coming from internal IP addressohfuckmylife need to look at X-Forwarded-For header for actual IP behind load balancer.

IP address matching feature stays. I am sad, drink away sadness.

Other services : Please type your phone number to verify that it is you. It will be only used for verification process.
Me : Sure, why not? (Happily types in my number)

Facebook : Please type your phone number to verify that it is you.
Me : Hmmm (sees help)
Facebook : It will be used for verification process and will be visible to your friends. You can always change the scope settings.
Me : (reads as...) It will be used for verification process and will be visible to your friends and will be automatically sent to the NSA for free. You can always change the scope settings when you become the CEO of Facebook.

#deletefacebook

!!oracle

I'm trying to install a minecraft modpack to play with a friend, and I'm super psyced about it. According to the modpack instructions, the first step is to download the java8 jre. Not sure if I actually need it or not, but it can download while I'm doing everything else, so I dutifully go to the download page and find the appropriate version. The download link does point to the file, but redirects to a login page instead. Apparently I need an oracle account to download anything on their site. stupid.

So I make an account. It requires my life story, or at least full name and address and phone number. stupid. So my name is now "fuck off" and I live in Hell, Michigan. My email is also "gofuckyourself" because I'm feeling spiteful. Also, for some reason every character takes about 3/4ths of a second to type, so it's very slow going. Passwords also cannot contain spaces, which makes me think they're doing some stupid "security" shenanigans like custom reversible encryption with some 5th grade math. or they're just stupid. Whatever, I make the stupid account.

Afterwards, I try to log in, but apparently my browser-saved credentials are wrong? I try a few more times, try enabling all of the javascripts, etc. No beans. Okay, maybe I can't use it until I verify the email? That actually makes some sense. Fine, I go check the throwaway inbox. No verification email. It's been like five minutes, but it's oracle so they probably just failed at it like everything else, so I try to have them resend the email. I find the resend link, and try it. Every time I enter my email address, though, it either gives me a validation error or a server error. I try a few mores times, and give up. I try to log in again; no dice. Giving up, I go do something else for awhile.

On a whim later, I check for the verification email again. Apparently it just takes bloody forever, but it did show up. Except instead of the first name "Fuck" I entered, I'm now "Andrew", apparently. okay.... whatever. I click the verify button anyway, and to my surprise it actually works, and says that I'm now allowed to use my account. Yay!

So, I go back to the login page (from the download link) and enter my credentials. A new error appears! I cannot use redirects, apparently, and "must type in the page address I want to visit manually." huh? okay, i go to the page directly, and see the same bloody error because of course i do because oracle fucking sucks. So I close the page, go back to the download list, click the link, wait for the login page redirect (which is so totally not allowed, apparently, except it works and manual navigation does not. yay backwards!), and try to log in.

Instead of being presented with an error because of the redirect, it lets me (try to) log in. But despite using prefilled creds (and also copy/pasting), it tells me they're invalid. I open a new tab container, clear the cache (just to be thorough), and repeat the above steps. This time it redirects me to a single signon server page (their concept of oauth), and presents me with a system error telling me to contact "the Administrator." -.- Any second attempts, refreshes, etc. just display the same error.

Further attempts to log in from the download page fail with the same invalid credentials error as before.

Fucking oracle and their reverse Midas touch.

So I just created this Registration GUI (part of a bigger app) for my uni project and was demonstrating how good the app was to all my friends.

Suddenly someone came and said let me verify this. I said go on with a doubtful mind. Obviously I had some verification for all the fields in the GUI but I was closely watching him.

He signed up with this email: " @ . "

😞

Holy fuck nvidia. Why the fuck you want me to login to your fucking app in order to download a fucking driver. You also want me to click a fucking link that you sent to my email for verification on every fucking login? Why on earth someone would stole my fucking nvidia account? To see which drivers I use? What the fuck nvidia? Oh wait. DO YOU DARE ASK ME TO SETUP TWO FACTOR AUTH TO SECURE MY ACCOUNT?!? What the fuck? Even if I put my credentials online no one would care to login my fucking nvidia account. Just let me download my fucking driver!

I bypassed SSL certificate verification because that goddam certificate had some flags which my JVM did not understand and threw errors. Still in prod after 10+ years 🤐

I've just noticed an app review that I've given and would fit right into the wk123 (that's the insult one, right?).

"Biggest pile of junk that I've ever seen. You have one job! To register the fucking phone number (which you could get with Phone permission) and verify it (which you can do with the SMS permission) and you should either have the user do that once upon installation or you automate it entirely so that it can run in the background! You can fully automate this, and it's not that complicated that it needs 10 whole seconds of loading time in between! Heck, this pile of crap can't even continue into the main view after entering the verification code! You haven't published the source code (and maybe that's for the best) but if it was, I'd probably immediately get cancer by viewing your crappy spaghetti code. Dear developer, please take a step back and (re)join the PC tech support guys. You have no place in the development world."

To top it all off, that app currently only needs phone permission to verify my number (at least they've done that much). So I figured, I've already gone through that authentication flow so let's remove that permission to abide by the principle of least privilege.

Except that the fucking crapp just goes through the "requires phone permission" shit again whenever that permission removal happens. Fucking piece of garbage!!! That such spaghetti code fuckers even have a job, it boggles my mind.

.... And it appears my Atom has Entered the Matrix. Full time.

In other news, I successfully completed the E-Commerce App I was working on, even though that Stripe Verification was a ball ache and the bane of the entire project giving me a stupid bug in jQuery whereby it was infinite looping over adding the token and not actually submitting the card charge. Somehow changing my button from using an id to using a class fixed my problem :/ (# -> .)

I WAS relaxed, now I am not.

What’s up with with passive-aggressiveness?

You app!

Just to clarify thing, FaceID isn't the same tech as what we've had on Android.

In Android, it's based on image recognition. That's the reason it was so easy to bypass with a high resolution photograph.

In FaceID, it projects thousands of dots on your face and creates a depth inclusive map which is used for verification. That's the reason why it's supposed to work even if you have glasses on, etc

So please let's stop with the comparison

Built a software portal that tied in with our schools user management systems (fuck that shit btw, was written in Java that tied back to a JS backend) and I couldnt get password verification working probably so put a test in that just let you put the username in and whatever password and as long as the user wasn't currently in use you login correctly (only used it to track download limits and display the student's name)

Planned on fixing it the following week when my contract was supposed to renew, but they never renewed it and every time they have had me come back I haven't had the chance to fix it ¯\_(ツ)_/¯

What kind of stupid verification is this ??
apparently, you have to hit the arrow buttons till the animal in the "front" is straight fro the screen and press on done, and if not done in 5 seconds, it says you need to faster, WTAF!!!

Apple has the best UX:

"Type your password followed by the verification code shown on your other devices"

I've got a feeling that it's gonna take a long time to complete this TODO.

*sigh*

Have you encountered projects that were beyond saving?

Been freelancing for a client via agency for the past year. In the beginning the deal was to maintain identity verification sdk for android maybe 10-15 hours a month or so. Their flow consisted of around 25-30 screens, so I took it thinking it was easy. Boy I was wrong.

Codebase was and still is a complete spaghetti, backend weird and overcomplicated and impossible to talk with someone in backend. Had to reverse engineer their complicated flows many times just to make a small change on the app. There also are lots of issues with capturing/sending camera recordings especially on older devices. The fact that Im the only dev maintaining this doesnt help either.

First few months it was just maintenance, later some small features and soon it become a 40 hour a month gig. I was able to deal with it but then management changed, they started micromanaging me heavily and now they want me to do 60-70 hours a month. Also they asked to implement some unnecessarily complicated features and to be honest without refactoring most of the codebase I cant even begin to think of how to implement them.

Also workload in my main job increased. Started sacrificing my evenings, weekends and basically my wellbeing to work on their product. Tried to relax but then I realized Im just spending my freetime thinking about their project all of the time. Best part is that last few updates fucked up the whole flow and I dont even understand where the problem is anymore: backend, 3rd party integration issues or something else that I did.

Last friday told them that my availability changed and Im quitting. Told them that Im gonna provide support till the end of the month but no big features. Just spent a full shift in my main job and another full shift working on their product, trying to untagle their spaghetti.. Im totally lost and burned out. Meanwhile stupid manager is asking why "simple" stuff according to him is taking too long.

I should receive my last payment from agency this week, also asked them to send it to me earlier but no answer so far. At this point Im so burned out that I dont care anymore about the last payment, even if client complains that everything is broken and doesnt want to pay me. Project is beyond fucked and that SDK as well as their backend is a ticking time bomb. Im done.

Hello devRant, this is going to be my first time posting on the site.

I work for a gaming community on the side, and today one of the managers asked me to implement a blacklist system into the chat and reactivate the previously existing one temporarily. This shouldn't have had any issues and should've been implemented within minutes. Once it was done and tested, I pushed it to the main server. This is the moment I found out the previous developer apparently decided it would be the best idea to use the internal function that verifies that the sender isn't blacklisted or using any blacklisted words as a logger for the server/panel, even though there is another internal function that does all the logging plus it's more detailed than the verification one he used. But the panel he designed to access and log all of this, always expects the response to be true, so if it returns false it would break the addon used to send details to the panel which would break the server. The only way to get around it is by removing the entire panel, but then they lose access to the details not logged to the server.

May not have explained this the best, but the way it is designed is just completely screwed up and just really needs a full redo, but the managers don't want to redo do it since apparently, this is the best way it can be done.

Finally finished the screwdriver followup ticket. I think.

I spent almost two full days (14 hours) on a seemingly simple bug on Friday, and then another four hours yesterday. Worse yet: I can’t test this locally due to how Apple notifications work, so I can only debug this on one particular server that lives outside of our VPN — which is ofc in high demand. And the servers are unreliable, often have incorrect configuration, missing data, random 504s, and ssh likes to disconnect. Especially while running setup scripts, hence the above. So it’s difficult to know if things are failing because there’s a bug or the server is just a piece of shit, or just doesn’t like you that day.

But the worst fucking part of all? The bug appeared different on Monday than it did on Friday. Like, significantly different.

On Friday, a particular event killed all notifications for all subsequent events thereafter, even unrelated ones, and nothing would cause them to work again. This had me diving through the bowels of several systems, scouring the application logs, replicating the issue across multiple devices, etc. I verified the exact same behavior several times over, and it made absolutely no sense. I wrote specs to verify the screwdriver code worked as expected, and it always did. But an integration test that used consumer-facing controller actions exhibited the behavior, so it wasn’t in my code.

On Monday while someone else was watching: That particular event killed all notifications but ONLY FOR RELATED EVENTS, AND THEY RESUMED AFTER ANOTHER EVENT. All other events and their notifications worked perfectly.

AKL;SJF;LSF

I think I fixed it — waiting on verification — and if it is indeed fixed, it was because two fucking push event records were treated as unique and silently failing to save, run callbacks, etc.

BUT THIS DOESN’T MATCH WHAT I VERIFIED MULTIPLE TIMES! ASDFJ;AKLSDF

I’m so fucking done with this bs.

First year: intro to programming, basic data structures and algos, parallel programming, databases and a project to finish it. Homework should be kept track of via some version control. Should also be some calculus and linear algebra.

Second year:
Introduce more complex subjects such as programming paradigms, compilers and language theory, low level programming + logic design + basic processor design, logic for system verification, statistics and graph theory. Should also be a project with a company.

Year three:
Advanced algos, datastructures and algorithm analysis. Intro to Computer and data security. Optional courses in graphics programming, machine learning, compilers and automata, embedded systems etc. ends with a big project that goes in depth into a CS subject, not a regular software project in java basically.

You know u have no life when you get a call, you're all excited about who's it going to be...
"oooh an unknown number!"
*picks up*
"who's this?"
... *automated voice* "This is apple calling you for your apple verification code... your code is..."

And u realize u have ur computer on which u need to enter your code because u tried to login 2 minutes ago...

So, this happened today...

Internal mail form CIO's office:

"Thank you for being part of the internal trial for NPMe, we have decided to remove this tool in favour of Artifactory because of its support for multiple platforms and tools. We are sorry for the inconvenience, here is a link to migration scripts ..."

Migration "script" readme, please clone this repo, create file A, and B, and install these 2 dependencies.

Dependency 1:

- "install via homebrew ..."
- .... homebrew needs to update, checking for updates
- 10 mins later = Update failed, please upgrade to Ruby version 2.3
- Installs ruby version manager
- GPG signature verification failed
- Install GPG v2 + accept keys
- Install ruby version manager
- "please execute this command before running rvm"
- execute command
- "rvm install ruby-2.3"
- Install failed, please see log file
- Opens log file
- "Xcode on its own is not sufficient, please install xcode cli tools"
- Install xcode tools
- 5 minutes later -> "rvm install ruby-2.3"
- 10 minutes later "brew install jq"

Ok back to read me, "login to Artifactory, go here and copy paste XXX."

- Login to Artifactory
- Eventually find repo
- Login again to actually see credentials for some reason
- Screen doesn't match instructions in readme
- Click around
- Back to readme
- Back to artifactory
- Login again
- Execute command auth / setup command
- Copy contents to npmrc file .... now all my scoped packages are going to point to 1 specific repo

Fuck the migration, Fuck these shitty instructions, i'll set them all up again manually. See tags below for further opinions on this matter.

Regarding Article 13 (or 17 or wherever it moved to now)… Let's say that the UK politicians decide to be dicks and approve the law. After that, we need to get it engineered in, right? Let's talk a bit about how.. well, I'd maybe go over it. Been thinking about it a bit in the shower earlier, so.. yeah.

So, fancy image recognition or text recognition from articles scattered all over the internet, I think we can all agree.. that's infeasible. Even more so, during this lobby with GitHub and OpenForum Europe, guy from GitHub actually made a very valid point. Now for starters, copyright infringement isn't an issue on the platform GitHub that pretty much breathes collaboration. But in the case of I-Boot for example, that thing from Apple that got leaked earlier. If that would get preemptively blocked.. well there's no public source code for it to get compared against to begin with, right? So it's not just "scattered all over the internet, good luck crawling it", it's nowhere to be found *at all*.

So content filtering.. yeah. Nope, ain't gonna happen. Keep trying with that, EU politicians.

But let's say that I am a content creator who hates the cancer of joke/meme because more often than not it manifests itself as a clone of r/programmerhumor.. someone decides to freeboot my content. So I go out, look for it, find it. Facebook and the likes, make it easier to find it in the first place, you dicks. It's extremely hard to find your content there.

So Facebook implements a way to find that content a bit easier maybe. Me being the content creator finds it.. oh blimey! It can't be.. it's the king of freebooting on Facebook, SoFlo! Who would've thought?! So at that point.. I'd like to get it removed of course. Report it as copyright infringement? Of course. Again Facebook you dicks, don't make it so tedious to fill in that bloody report. And look into it quickly! The videos those SoFlo dicks post is only relevant in the first 48h or so. That's where they make the most money. So act more quickly.

So the report is filled, video's taken down.. what else? Maybe temporarily make them unable to post as a bit of a punishment so that they won't do it again? And put in a limit to the amount of reports they can receive. Finally, maybe reroute the revenue stream to the original content creator instead. That way stolen content suddenly becomes free exposure! Awesome!

*suddenly realizes that I've been talking about the YouTube copyright strike system all along*

… Well.. maybe something like that then? That shouldn't be too hard to implement, and on YouTube at least it seems to be quite effective. Just imagine SoFlo and the likes that are repeat offenders, every 3 posts they get their account and page shut down. Good luck growing an audience that way. And good luck making new accounts all the time to start with.. account verification technology is pretty good these days. Speaking of experience here, tried bypassing Facebook's signup hoops a fair bit and learned a bit about some of the things they have red flags on, hehe.

But yeah, something like that maybe for social media in general. And.. let's face it, the biggest one that would get hurt by something like this would be Facebook. And personally I think it's about time for that bastard company to get a couple of blows already.

What are your thoughts on this?

TL;DR: Google asked me to PROVIDE a phone number to verify connection from a new device, on the said device.

Yesterdayto log into my work Google account from my personal laptop to check emails, calendars update and so on. I opened up a private navigation window, went to Google sign-in page, entered my credentials, all is well.

Google then decided to "verify it's me" and prompted me to PROVIDE a phone number (work account without work phone means no phone number set up) so that they can send a verification code to the number I just provided to make sure the connection is legit.

Didn't want to do that, clicked "use another method" and got asked to fill the last password I remember, which would be my current password thanks to my trusty password manager. After submitting, I'm prompted with an error saying I have to contact my admin to reset my password because they can't log me in with my CURRENT password.

I ain't gonna do that, so went back to login page, provided my phone number, got the code, filled in the code, next thing I know I'm browsing through my emails.

What the duck? Could have been anybody giving any phone number. So much for extra security.

Also don't care that they have my phone number, the issue is more about the way used to obtain it: locking me out of my account and having no other way of logging in.

Oh boy, this is gonna be good:

TL;DR: Digital bailiffs are vulnerable as fuck

So, apparently some debt has come back haunting me, it's a somewhat hefty clai and for the average employee this means a lot, it means a lot to me as well but currently things are looking better so i can pay it jsut like that. However, and this is where it's gonna get good:

The Bailiff sent their first contact by mail, on my company address instead of my personal one (its's important since the debt is on a personal record, not company's) but okay, whatever. So they send me a copy of their court appeal, claiming that "according to our data, you are debtor of this debt". with a URL to their portal with a USERNAME and a PASSWORD in cleartext to the message.
Okay, i thought we were passed sending creds in plaintext to people and use tokenized URL's for initiating a login (siilar to email verification links) but okay! Let's pretend we're a dumbfuck average joe sweating already from the bailiff claims and sweating already by attempting to use the computer for something useful instead of just social media junk, vidya and porn.

So i click on the link (of course with noscript and network graph enabled and general security precautions) and UHOH, already a first red flag: The link redirects to a plain http site with NOT username and password: But other fields called OGM and dossiernumer AND it requires you to fill in your age???
Filling in the received username and password obviously does not work and when inspecting the page... oh boy!

This is a clusterfuck of javascript files that do horrible things, i'm no expert in frontend but nothing from the homebrewn stuff i inspect seems to be proper coding... Okay... Anyways, we keep pretending we're dumbasses and let's move on.

I ask for the seemingly "new" credentials and i receive new credentials again, no tokenized URL. okay.

Now Once i log in i get a horrible looking screen still made in the 90's or early 2000's which just contains: the claimaint, a pie chart in big red for amount unpaid, a box which allows you to write an - i suspect unsanitized - text block input field and... NO DATA! The bailiff STILL cannot show what the documents are as evidence for the claim!

Now we stop being the pretending dumbassery and inspect what's going on: A 'customer portal' that does not redirect to a secure webpage, credentials in plaintext and not even working, and the portal seems to have various calls to various domains i hardly seem to think they can be associated with bailiff operations, but more marketing and such... The portal does not show any of the - required by law - data supporting the claim, and it contains nothing in the user interface showing as such.
The portal is being developed by some company claiming to be "specialized in bailiff software" and oh boy oh boy..they're fucked because...

The GDPR requirements.. .they comply to none of them. And there is no way to request support nor to file a complaint nor to request access to the actual data. No DPO, no dedicated email addresses, nothing.

But this is really the ham: The amount on their portal as claimed debt is completely different from the one they came for today, for the sae benefactor! In Belgium, this is considered illegal and is reason enough to completely make the claim void. the siple reason is that it's unjust for the debtor to assess which amount he has to pay, and obviously bailiffs want to make the people pay the highest amount.

So, i sent the bailiff a business proposal to hire me as an expert to tackle these issues and even sent him a commercial bonus of a reduction of my consultancy fees with the amount of the bailiff claim! Not being sneery or angry, but a polite constructive proposal (which will be entirely to my benefit)

So, basically what i want to say is, when life gives you lemons, use your brain and start making lemonade, and with the rest create fertilizer and whatnot and sent it to the lemonthrower, and make him drink it and tell to you it was "yummy yummy i got my own lemons in my tummy"

So, instead of ranting and being angry and such... i simply sent an email to the bailiff, pointing out various issues (the ones

Guys what I want to know is how do you secure your code so that they pay you after you deliver the code to them?
So recently I was in this internship that I secured with an over-the-phone interview and the guy who was contacting me was the CEO of the company (I'm going to refer to him as "the fucking cunt" from now on). He asked me to do some OCR and translations and I managed to write a few scripts that automate the entire process. The fucking cunt made me login remotely to his desktop which was connected to the server (who the fuck does that) and I had to operate on the server from his system. I helped him with the installation and taught him how to use the scripts by altering the parameters and stuff, and you know what the fucking cunt did from the next day onward? Dropped contact. Like completely. I kept bombing emails upon emails and tried calling him day after day, the fucking cunt either picked up and cut the call immediately on recognising its me or didn't pick up at all. And the reason he wasn't able to pay me was, and I quote, "I am in US right now, will pay you when I get back to India." I was like "The fuck was PayPal invented for?" Being the naive fool that I was, I believed him (it was my first time) and waited patiently till the date he mentioned and then lodged a complain in the portal itself where he had posted the job initially. They raised a concern with the employer and you know what the fucking cunt replied? "He has not been able to achieve enough accuracy on the translations". Doesn't even know good translation systems don't exist till date ( BTW I used a client for the google translate API). It has been weeks now and still the bitch has not yet resolved the issue.And the worst part of it was I got a signed contract and gave him a copy of my ID for verification purposes.
I'm thinking of making a mail bomb and nagging him every single day for the rest of his life. What do you guys think?

Seems someone from China was trying to hack my Apple ID. Due to 2-factor verification, was able to deny access and then I quickly changed password and forced sign-out of all accounts. Perhaps my password appeared in some data leak— it was not changed since 2 years.

Y’all make sure to enable 2-factor authentication and change passwords from time to time.

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

This “Auto save” feature in the latest app version is buggy..
-> new rant
-> prefilled with previous rant..

Anyway, here my actual rant begins.

Apple, go fuck yourself, seriously.. put your trillion dollars way up your arse...

Moved to Ireland, want to switch country..
“If you want to switch countries, cancel your Apple Music subscription first”..
so be it. Cancelled it..
“Your subscription will be cancelled in 28 days”.

FUCK YOU, YOU COCK SUCKING BASTARDS!!
I NEED TO SWITCH THE STORE TO BE ABLE TO DOWNLOAD BANKING APPS AND STUFF LIKE THAT..

But ok, I’m screwed in this regard..

Suddenly iMessage stopped working. This is kind of a big deal because I have unlimited data but only unlimited sms to Irish numbers and I need to communicate with people in Switzerland and Germany..
Internet works so I try to turn iMessage off and in again. But that doesn’t work.. i can only reactivate iMessage via WiFi.

So I go back to the hotel, reactivate iMessage..
“Verifying imessage” >> google..
Leads me to an Apple forum: “the verification of iMessage can take up to 24h”.

Are you fucking kidding me? I’m in a new country and rely on this overpriced shit..

Fun but sad fact, I have a second phone with me. IPhone 4 with iOS 7 and that thing WORKS!!

If this is where the future is going we’re all gonna die very soon.. plains crash, power plants explode but hey, at least they have data about it and it looks shiny. That’s all that matters..

Another reason to switch to android..

MacOs fucked me up so I already switched to windows + Linux. Next one will be getting rid of iOS, they don’t build small phones anymore anyway..

Google Business Profile is probably not meant for developers. "Help customers find your business by industry." Dev: set primary category to "Web Developer". Google: We didn't understand your category. Please select from the suggestions that appear when typing. Dev, typing: "Web D"... Google suggests: "Web Designer, Web hosting company, Well drilling contractor, Waterbed shop". Okay, Google, nevermind.
Google: "Update your customers. Keep your customers up to date about your business!" Dev clicks "add update", adds info about that customer should use different phone number temporarily due to broken phone. Google: "Your post has been removed from your Business Profile on Google because it violates one or more of our post content policies." Okay Google, at least you let me add an additional phone number on my profile without requiring to verify my primary number that I currently have not access to. Anything else?
Google: "Claim your €400 free advertising credit" Dev: clicks "claim credit" Google: "To access this Google Ads account, enable 2-Step Verification in your Google account." How to combine idiocy and deceptive patterns in a single UI: Google knows! Apart from their search engine, their unique business advantage is simple that they suck a little less than Apple and Microsoft. Sorry, not a day to be proud of our profession, once again.

Elon musk has shown himself to be a terrible person, a worse manager and someone who hasn't a clue of what a code review is. A summarily fires so many people that he can't find someone to open the doors for his big in person meeting or the vet the badges. He offers 3 months termination pay or you can work 12 hours a day 7 days a week hardcore. But none of the payroll people are around anymore either. Critical subsystems have not a single engineer left to work on them. He's paranoid that employees will sabotage the software. But I think he's doing such a good job it would be impossible to tell that anyone else was helping him.
An engineer wrote a prescient seven page report listing problems ahead including user verification. So Elon twit-fired him.
Also entirely predictable is the stress that the world cup will put on the system beginning today, I believe. He doesn't "like" microservices.
I work for the psychiatrist once who barely needed to sleep. Maybe Elon can function with 12-hour days week in week out. But it's cool to think you're going to squeeze substantially more work out of people by doubling their hours. More likely you will more than double their errors and what will that do to you budget? 50 years ago IBM determined that the best way to improve programmer productivity was to give each one their own office.
I can't believe he's whining over spending 13 million dollars a year on food. That is so far from being a strategic item. Soapbox out.

How long till I can try again? Please, tell me! I'm dying to know!!
And I never got the verification code either.
---___---

Chat apps. What's the idea? Those are basically tools of violence. They give you a possibility to in real-time stop someones work and start demanding service. Now. Immediately.

Usually people send you first email and then they after 10 seconds chat "did you see my email?? read it! serve it! please me!" Usually it's just a small request to document something, review someone else's document. Do it ASAP. If you were coding something, then drop it and do someones job for them instead.

You got a request for me to create some verification case list? Put it into my backlog. I might start doing that in week or two. Or month. In case there's nothing else more important. Since I know that you are working with something that you think is the whole universe, but trust me, I got my own problems already.

But hey, if I don't reply to your chat in a minute, please feel free to walk behind me and start explaining your life. No need to wait even for me to get my headphones off. "Oh you are in conf call? Well, this is just a quick thing blaa blaa..."

A checkout application where, in the confirmation screen, everything (amount, references, currency, quantity of items, etc.) was sent to the client as a form, and they submitted this form to confirm.

...but there was no verification on any of the above. So any of the above could be changed and it'd collect whatever funds, and order whatever items, with whatever references you gave it.

This wasn't a major player in the space, but was big enough that most people would likely have heard of at least some companies using it. It's still being actively used today, and I can near guarantee not all the flaws have been fixed.

As a legal thing at work I need to have someone verify my citizenship by filling out a form for my I-9. They ask the person for their title. My husband can’t be serious, so he put that his title is “Keeper of the Swans”.

Here’s hoping I don’t have an awkward convo with legal over the validity of verification by a man claiming the title “Keeper of the Swans”

In his _defense_, the form didn’t let him leave “Title” blank.

A swedish insurance company has two different solution for logging in to their system.

1. An advanced high security single sign on solution involving active directory, verification of the network the request came from etc etc.

2. Using a link and passing your credentials in the query string!!! Like: insurancecompany.com?username=admin&password=password.

Solution 2 works with admin accounts from anywhere.

oh FFS my university pissed me off so bad right now that I had to wait 20 min to cool down to be able to write a rant about it...

so, one of the university department offer an email address which is the official university approved email for student packs like jetbrain's. I wanted to renew my jetbrains subscription, but for that I have to get a verification email on that address..
But since the only time I use it is this annual renewal I dont know the webmail's url..
So I search for it on the department pages, services and its nowhere to be found. Finaly I found it on a student maintained wiki page.
I try to log in.. no luck. try another password, still not it. Try all of the passwords that I remember using in the previous 3 year and no luck.
well fck it the password change is managed by a website where I can log in with a different method, so I change the password and try to log in again.
No fcking luck! And at this point I bashed my head against the wall because I found out that the password change takes them about 1 or 2 hours... hours! wtf...

Really regretted to born in India. I know I should not say bad about the country in which I born and living it but there are so many reasons.

Govt of India is very poor. Nothing can be processed if you don't have offered bribe or you don't have political power and pressure.

My company offering me onsite to go London for my project, govt is not issuing me PCC Police Clearance Certificate even I never had any crime.

Police says for your current address 6 month is duration you're living here so we submitted 6 months crime is nil and 4.5 years is more required.

I went to passport office and happy to submit all documentation for previous addresses so that police verification can be done but no body is taking documents

No progress in my file.

I'm too much frustrated now.

I reported to ministry and prime minister of India but even no progress.

I'm really fed-up.

:(

Sometimes I feel like I am surrounded by idiots. My family are too stupid and lazy to have jobs or do anything involving a skill. They are too dumb to do anything properly so most of the house is fucked.

My co-workers are supposed to be Web devs but cba to learn the frameworks or languages we work on. Some of them have over 5 years experience and don't understand basics like backend verification vs front end.. Or even what json is. Needless to say everything I'm told to do is retarded such as implement roles and permissions where there are no roles, but ot allowed to add roles.

Anyone else surrounded by idiots 90% of the time? How do you not get worn down?

Google simply can't knock off harrassing their users with security theatre.

A friend of mine has a small personal YouTube channel. He has recently been bombarded with several phone verification requests a week: "Verify it's you. To continue your session, complete a brief verification. This extra step helps us keep your account safe by making sure it’s really you. "

While frequent verifications may be understandable on YouTube channels with millions of subscribers, channels with only a few dozen subscribers are not attractive hacking targets. A verification would be justified before a potentially harmful action such as deleting videos or deleting a channel. But not for normal everyday use.

What's next? Will they ask users to "verify it's them" every ten minutes, "just for extra security"? Just to verify that it is "really, really, really, really, really" them?

It's not security. It's security theatre.

Sorry, Google, but users are not in the mood of doing a phone verification every other day.

Has this been Google's perverted wet dream all along?

Using cookies for verification and validation without encrypting the values which should have been handled in the backend without any use of cookies.
I wonder how vulnerable by website was...

I think the report rant function should have a verification function. Like asking me if I'm sure I want to report this rant.
I just reported a rant I didn't mean to, because I wanted to mute notifications on it

That's it, where do I send the bill, to Microsoft? Orange highlight in image is my own. As in ownly way to see that something wasn't right. Oh but - Wait, I am on Linux, so I guess I will assume that I need to be on internet explorer to use anything on microsoft.com - is that on the site somewhere maybe? Cause it looks like hell when rendered from Chrome on Ubuntu. Yes I use Ubuntu while developing, eat it haters. FUCK.

This is ridiculous - I actually WANT to use Bing Web Search API. I actually TRIED giving up my email address and phone number to MS. If you fail the I'm not a robot, or if you pass it, who knows, it disappears and says something about being human. I'm human. Give me free API Key. Or shit, I'll pay. Client wants to use Bing so I am using BING GODDAMN YOU.

Why am I so mad? BECAUSE THIS. Oauth through github, great alternative since apparently I am not human according to microsoft. Common theme w them, amiright?

So yeah. Let them see all my githubs. Whatever. Just GO so I can RELAX. Rate limit fuck shit workaround dumb client requirements google can eat me. Whats this, I need to show my email publicly? Verification? Sure just go. But really MS, this looks terrible. If I boot up IE will it look any better? I doubt it but who knows I am not looking at MS CSS. I am going into my github, making it public. Then trying again. Then waiting. Then verifying my email is shown. Great it is hello everyone. COME ON MS. Send me an email. Do something.

I am trying to be patient, but after a few minutes, I revoke access. Must have been a glitch. Go through it again, with public email. Same ugly almost invisible message. Approaching a billable hour in which I made 0 progress. So, lets just see, NO EMAIL from MS, Yes it appears in my GitHub, but I have no way to log into MS. Email doesnt work. OAuth isn't picking it up I guess, I don't even care to think this through.

The whole point is, the error message was hard to discover, seems to be inaccurate, and I can't believe the IRONY or the STUPIDITY (me, me stupid. Me stupid thinking I could get working doing same dumb thing over and over like caveman and rock).

Longer rant made shorter, I cant come up with a single fucking way to get a free BING API Key. So forget it MS. Maybe you'll email me tomorrow. Maybe Github was pretending to be Gitlab for a few minutes.

Maybe I will send this image to my client and tell him "If we use Bing, get used to seeing hard to read error messages like this one". I mean that's why this is so frustrating anyhow - I thought the Google CSE worked FINE for us :/

telco sysadmin: hey maybe we should secure our SMTP server with SSL and password verification so our clients can e-mail safely!
senior exec be like: nah just filter incoming connections for our own IP-range, that'll do.

result: I can impersonate any client of the telco and send e-mail in their name (from any home network connected to that provider), but I can't send e-mail over cellular network.

Long time ago i ranted here, but i have to write this off my chest.

I'm , as some of you know, a "DevOps" guy, but mainly system infrastructure. I'm responsible for deploying a shitload of applications in regular intervals (2 weeks) manually through the pipeline. No CI/CD yet for the vast majority of applications (only 2 applications actually have CI/CD directly into production)

Today, was such a deployment day. We must ensure things like dns and load balancer configurations and tomcat setups and many many things that have to be "standard". And that last word (standard) is where it goes horribly wrong

Every webapp "should" have a decent health , info and status page according to an agreed format.. NOPE, some dev's just do their thing. When bringing the issue up to said dev the (surprisingly standard) answer is "it's always been like that, i'm not going to change". This is a problem for YEARS and nobody, especially "managers" don't take action whatsoever. This makes verification really troublesome.

But that is not the worst part, no no no.

the worst is THIS:

"git push -a origin master"

Oh yes, this is EVERYWHERE, up to the point that, when i said "enough" and protected the master branch of hieradata (puppet CfgMgmt, is a ENC) people lots their shits... Proper gitflow however is apparently something otherworldly.

After reading this back myself there is in fact a LOT more to tell but i already had enough. I'm gonna close down this rant and see what next week comes in.

There is a positive thing though. After next week, the new quarter starts, and i have the authority to change certain aspects... And then, heads WILL roll on the floor.

Uber is sending me a verification code every 5 minutes. I don't even have their app anymore.

Please someone tell them to stop, I feel attacked.

Bittrex is "amazing"...

I had lost my 2FA a long time ago (as my phone fried) and missed the account ferification deadline which caused my account to get disabled. Off we go to support!

0. Nothing to rant about at this point. I just created an account in their zendesk, logged in and logged a ticket to reset my 2FA and reactivate my account. They asked me for info, I provided it to them and got my 2FA disabled. Hooray!

1. I then asked to reenable my account. They sent me a link to restart the verification process. I open up that link and log in. I'm asked to upload some photos. I select requested photos from my galery and hit [UPLOAD]. An error pops up saying that smth wrong happened and I need to reload that site and reupload my photos. After page refresh they are telling me they are validating my uploaded info (w/o any way to resubmit my info, which, according to the error seen below, was not successfully submitted in the first place)...

2. So I reach out to the support guy again. Guess what he replies! He says he's sorry but he cannot help me any more and I need to create a NEW ACCOUNT in their support site with the same email <???!!!???>

3. I try to log in to the support portal and my access no longer works. MY ACCOUNT HAS BEEN DELETED! WTF!!!

4. I do as I'm told and create a new acc with the same email. Now I can log back in. So I'm raising a new ticket saying I still cannot finish my verification process due to the same error. It looks like it's going to be a fun ride with them so I can't wait to see what they'll reply.

I really hate sales people. My stakeholder wants to buy an address verification service but is hesitant to purchase now because the dev time needed would be substantial. Now the sales rep has planted seeds of doubt in my SH and SH thinks I grossly overestimated the labor I quoted.

Sales rep is all “major corporations have installed this in a weekend.” 🤬🤬🤬 Major corporations also have more than one developer and probably aren’t dealing with a website that has a dozen address forms that all work differently. Oh, and I DON’T WORK WEEKENDS MOFO.

My SH originally requested a labor estimate for installing the AVS on all address forms and that’s what I delivered. My audit revealed a dozen different forms. I’m working with a legacy code base that’s been bandaged together and maintained by an outside dev agency. The only thing the forms have in common is reusable address fields. They all work differently when it comes to validating and submitting data to the server and they all submit to different api endpoints. At least a quarter of those forms are broken and would need to be fixed (these are mostly admin-facing). I also had to provide an estimate on frontend implementation when I have no idea what they want the FE to look like.

My estimate was 5-8 weeks for implementation AND testing. I wrote up my findings and clearly explained the labor required, why it was needed, and the time needed. All was fine until the sales rep tried to get into SH’s head.

My SH is now asking for a new estimate and hoping for 1-2 weeks of labor, which is what will SH to buy the AVS. Then go to the outside dev agency you used to work with and ask for a second opinion. I’m sure they’d also tell you at least month if not more for testing, implementation, and deployment because you have a DOZEN FORMS you want to add this to. 1-2 weeks is only possible for a single form.

My manager doesn’t work in the same coding language I do, but he read my documentation and supports my original estimate.

I honestly want to ask my SH if this sales rep is giving a very good price for the AVS. If not, are there other companies in the mix? Because right now you have a sales rep that’s taking you for a ride and trying to pressure you all so he can get another notch in his belt for getting another “major corporation” as his account. I don’t think it’s a good idea to be locked in with a grimy sales rep.

Forgot to do server side verification.

As the service (an injectable game) was expanding and the old system relied on server side calculation without anything returned from the user, the expansion was done a little too fast.
The result could have been anyone passing wrong data and receiving the grand price like a holiday worth $10k. Quick fix ...

I think the sleep deprived me is finally cracking under the weight of incompetent assholes.

We just launched a major project in some weird cocktail of Agile slapped with MVP and release to the wild in a waterfall, but it was premature, premature in the sense QA hasn't even finished their side of things, but because some fuck with with "manager" in their title decided they have burnt through the budget with incompetence and scrapped an entire element of the project and outsourced just so they could make a shittier version that doesn't even fucking work.

How hard do you want to fail before you will start listening to the people that now have to work around the fucking clock to clean up this horse shit of a mess.

I'm literally arguing over field mapping with multiple 3rd parties, when the fucking requirements state WTF this is suppose to look like. All because they didn't validate or test their own shit.

Why is EVERY FUCKING cock head in this industry a waste of space and cash! Is it really to much to ask for 1 fucking project to fucking go live that actually fucking works where I don't need to work 2 weeks straight (including weekends) after going live just to be sure that what shit does hit the fan isn't going to create a SEV 1 issue...

Sorry, I'm pissed at the incompetence of others I need to deal with on a daily basis. It's not like this field is insanely hard. A little attention to detail and self validation, verification goes a long way. But clearly that's a rarity.

Once this shit is stable and actually works, I'll be pulling out the mop to clean up half this shit just so it actually works.

Oof, I'm getting to old for this bullshit.

Enter E-Mail-Address:
"finiteAutomaton@gmail.com"
|> E-Mail-Address is already taken!

Enter E-Mail-Address:
"finiteAutomaton+1@gmail.com"
|> Verification code sent!

I am a hacker!

Fuck the feelings of powerlessness and helplessness. when a friend comes crying for you for help with their hacked account and you keep asking them about what they did to protect it in the first place and they reply with nothing, no recovery email, no recover phone, no secondary verification, NOTHING. and you can do nothing but stand there and watch them cry while you can literally do nothing because there literally nothing you can do to retrieve their stolen accounts. FUCK BLACK HAT HACKERS.

The global joke of Information Security

So I broke my iPhone because the nuclear adhesive turned my display into a shopping bag.

This started the ride for my character arc in this boring dystopia novel:

Amazon is preventing me from accessing my account because they want my password, email AND mobile phone number in their TWO.STEP Verifivation.
Just because one too many scammers managed to woo one too many 90+y/o's into bailing their long lost WW2 comrades from a nigerian jail with Amazon gift cards and Amazon doesn't know what to do about anymore,

DHL is keeping my new phone in a "highly secure" vault 200m away from my place, waiting for a letter to register some device with a camera because you need to verify your identity with an app,

all the while my former car insurance is making regress claims of about 7k€ against me for a minor car accident (no-one hurt fortunately, but was my fault).

Every rep from each of the above had the same stupid bitchass scapegoat to create high-tech supra chargers to the account deletion request:

- Amazon: We need to verify your password, whether the email was yours and whether the phone number is yours.

They call it 2-step-verification.

Guess what Amazon requests to verify you before contacting customer support since you dont have access to your number? Your passwoooooord. While youre at it, click on that button we sent you will ya? ...

I call this design pattern the "dement Tupi-Guarani"

- DHL: We need an ID to verify your identity for the request for changing the delivery address you just made. Oh you wanted to give us ANOTHER address than the one written on your ID? Too bad bro, we can't help, GDPR

- Car Insurance: We are making regress claims against you, which might throw you back to mom's basement, oh and also we compensated the injured party for something else, it doesn't matter what it is but it's definitely something, so our claims against you just raised by 1.2k. Wait you want proof we compensated something to the injured at all? Nah mate we cant do that , GDPR. But trust me, those numbers are legit, my quant forecasted the cost of childrens' christmas wishes. You have 14 days or we'll see you in court haha

I am also their customer in a pension scheme. Something special to Germany, where you save some taxes but have to pay them back once you get the fund paid out. I have sent them a letter to terminate the contract.

Funniest thing is, the whole rant is my second take. Because when I hit the post button, devrant made me verify my e-mail. The text was gone afterwards. If someone from devRant reads this, you are free to quote this in the ticket description.

Fuck losing your virginity, or filing your first tax return, or by God get your first car, living through this sad Truman dystopia without going batshit insane is what becoming a true adult is.

I am grateful for all this though:

Amazon's safety measures prevented me from spending the money I can use to conclude the insurance odyssey, and DHLs "giving a fuck about customers" prevention policies made me support local businesses. And having ranted all this here does feel healthy too. So there's that.

Oh, cherry on top. I cant check my balance, because I can only verify my login requests to my banking account wiiiiiiith...?

Wow just realized Simpsons had an episode on crypto... all the way back in February.

If only the the MVC would actually mail me my new drivers license that I renewed almost 6 months ago... I could actually buy some... (exchanges require ID verification, so much for anonymity ¯\_(ツ)_/¯)

I just had such a forfilling moment.

Normally, i often (force myself) go to bed at night, after i worked on a project of mine, with these thought saying "oh man i wanted to get that feature done today" or "i want to finish this and that part of my code".I am sure everyone of you knows the feeling, when your brain communicates that you are just not done for today.

Today it was different. I got a project of mine working in it's first state, where i put much heart, love and time in.Just a few minutes before i finished for today i got my server responding the expected numbers(some kind of pin-code). It's a very easy system: Someone(at the time only me and my debug mode :3) on a android phone request a verification which is checked and processed by the server. The server creates a random six-digit number, returns it encoded to the client and sends an email to the user, which currently sends it in plain text(shame on me).
Yeah, the user enters the number and voilà
And of course, all the Pincodes can only be used once.
I got to bed with this feeling of luck and succes.

I hope tomorrow is going to be a productive day!

I am so lucky right now.

Have a good day everyone!

Sometimes I do wonder why can’t I just be content at getting best I can get at what I’m already good at - and what brings in the €€€? Why do I go ”oooh look shiny intetesting language, let’s try do shit with it” or ”hey, let’s try this thing called kernel dev/pld/program verification which are all so far outside my core expertise they might as well be in a different universe!”

Dude I mean writing a kernel in V and doing proof oriented programming in F* are fun and all, but what good’s that gonna do me when I’m in all likelihood still maintaining legacy web apps in PHP ten to twenty years from now?

I guess what I’m trying to say is that I’m torn inside with my current workplace offering me everything I value and stuff that’s rare to find - but at the same time I’d love to be challenged more and don’t really have enough of those opportunities in my current environment. Or some shit like that.

Well fuck that, back to writing my own embedded DSL into F* in F#….

Fucking regulations, can’t play with twilio api.
Waiting for verification of my identity to make a fucking test call to myself.

Wanted to make a proof of concept during weekend, but won’t happen cause some fucking policies.

Fuck you government pigs.
Probably need to wait to fucking Monday. I will forget what I wanted to do till that time.

We are making your life easier all the time in the news, yeah right eat those popups motherfuckers.

Next regulation - government code reviews before push to master and programmer certification, for sure those fuckers are able to do it.

Really considering emigration from Europe right now.
No fucking point to start a business on this continent.
More fucking law please so we would need a lawyer before wiping ass.
Need to watch that southpark episode about security toilet checkout once again.

My trying to login to my email account my.email.address@example.com via web:

Site: You need to verify that you are really you. We sent a verification email to my.email.address@example.com please click the link in this email to verify your identity.

The company I used to work for, despite me not working there contacts me to get a verification code because the crappy developer they hired can't change a couple settings on the apple website and add themselves as a developer.

At the start of this all, a couple months back I gave them the code out of courtesy, but at this point, as i'm heavily invested in the development stage of my actual job as a vr developer, I won't take time out of my day to even answer the phone for them.

But what really pisses me off is the person who contacts me, my assumbly best friend, who during the last 12 months has only called me for these codes, so work related shit or just personal shit and never to hang out or play games or generally what we used to do as friends before he got a job at that stupid company doesn't have the balls to tell his boss that i'm busy with my job, that maybe if payment was offered as an incentive that I would be happy to be contacted.

When I left that company I didn't setup anything to make it so they would have to contact me, all I did was add myself as a developer of their app. I also heavily documented everything I did, all the issues I faced and the workarounds I found, and everything including all login information needed to get things working, I went above just "developing" the app I added in all the credits to all work used in the app as partly to make sure we don't get sued for stealing someones work without the right credit.

I hate the fact that I worked for minimum wage and did all of this shit, but I never complained at all about things like the 1 1/2 hour travel time (one way I might add) to my boss, the amount of money I spent on public transportation, the little money left over that I didn't even spend and instead give to my parents.

They know nothing about how hard that year was for me, and if they want to get this code, my so called friend can come chat in person, in his off time and when I'm done working on my own shit and we can discuss terms because this shit is just not fair at all.

I've always thought that Wordpress is HOT CARBAGE for custom solutions. The opinion is influenced by devRant actually. And I'm really starting to see that after few of months working with it.

For context, it's a accommodation booking site with sub-theme that uses plugins such as Woocommerce Bookings. I didn't build it but I'm now developing and maintaining it.

The emails... I've tried to make them function properly. But no. Because we skip the fucking verification step to allow instant booking it just won't send them. I made yet another workaround and casted some spells. NOW IT SENDS THE EMAIL TWICE...

I'm done. It's good enough.

Just passed technical verification for senior dev, then went to subway. Question from the lady behind counter where tougher :P

A word of advice:
If you integrate email verification very tightly in the registration flow, it will be a world of pain to implement changing the email address.
It's alright, I didn't want to do anything this afternoon anyway.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

!rant. Story from my college abt 6 months old.

We had to make projects for our course.
One team made a very nice project. One part of that was mobile no. verification using OTP.

And the student who was supposed to to that, did it by sending the required otp to the frontend page, and when user enters it, validate it using javascript.

The prof got mad about it and the rest of the class couldn't stop laughing.

Just remembered. Thought it would be worth sharing.

It was the last year of high school.

We had to submit our final CS homework, so it gets reviewed by someone from the ministry of education and grade it. (think of it as GPA or whatever that is in your country).

Now being me, I really didn’t do much during the whole year, All I did was learning more about C#, more about SQL, and learn from the OGs like thenewboston, derek banas, and of course kudvenkat. (Plus more)

The homework was a C# webform website of whatever theme you like (mostly a web store) that uses MS Access as DB and a C# web service in SOAP. (Don’t ask.)

Part 1/2:

Months have passed, and only had 2 days left to deadline, with nothing on my hand but website sketches, sample projects for ideas, and table schematics.

I went ahead and started to work on it, for 48 hours STRAIGHT.

No breaks, barely ate, family visited and I barely noticed, I was just disconnected from reality.

48 hours passed and finished the project, I was quite satisfied with my it, I followed the right standards from encrypting passwords to verifying emails to implementing SQL queries without the risk of SQL injection, while everyone else followed foot as the teacher taught with plain text passwords and… do I need to continue? You know what I mean here.

Anyway, I went ahead and was like, Ok, lets do one last test run, And proceeded into deleting an Item from my webstore (it was something similar to shopify).

I refreshed. Nothing. Blank page. Just nothing. Nothing is working, at all.

Went ahead to debug almost everywhere, nothing, I’ve gone mad, like REALLY mad and almost lose it, then an hour later of failed debugging attempts I decided to rewrite the whole project from scratch from rebuilding the db, to rewriting the client/backend code and ui, and whatever works just go with it.

Then I noticed a loop block that was going infinite.

NEVER WAIT FOR A DATABASE TO HAVE MINIMUM NUMBER OF ROWS, ALWAYS ASSUME THAT IT HAS NO VALUES. (and if your CPU is 100%, its an infinite loop, a hard lesson learned)

The issue was that I requested 4 or more items from a table, and if it was less it would just loop.

So I went ahead, fixed that and went to sleep.

Part 2/2:

The day has come, the guy from the ministry came in and started reviewing each one of the students homeworks, and of course, some of the projects crashed last minute and straight up stopped working, it's like watching people burning alive.

My turn was up, he came and sat next to me and was like:

Him: Alright make me an account with an email of asd@123.com with a password 123456

Me: … that won't work, got a real email?

Him: What do you mean?

Me: I implemented an email verification system.

Him: … ok … just show me the website.

Me: Alright as you can see here first of all I used mailgun service on a .tk domain in order to send verification emails you know like every single website does, encrypted passwords etc… As you can see this website allows you to sign up as a customer or as a merc…

Him: Good job.

He stood up and moved on.

YOU MOTHERFUCKER.

I WENT THROUGH HELL IN THE PAST 48 HOURS.

AND YOU JUST SAT THERE FOR A MINUTE AND GAVE UP ON REVIEWING MY ENTIRE MASTERPIECE? GO SWIM IN A POOL FULL OF BURNING OIL YOU COUNTLESS PIECE OF SHIT

I got 100/100 in the end, and I kinda feel like shit for going thought all that trouble for just one minute of project review, but hey at least it helped me practice common standards.

Not a rant, just the completion of a very demanding and interesting task for this week.

Wrote a whole data scheme for this enterprise app my company is developing. Very proud of it, since it has a very restricted size, multiple layers of encryption and data verification, several user types with different requirements, and it all has to be rock solid in an offline environment.

The punchile is...I enjoyed writing the documentation for the whole package more than I should, I guess...spent the whole day being very thorough and documenting every member, function, constructor and exception.

Feelin fabulous.

Just remembered that I still had a foobar invite link in my email inbox 😋

The challenges are odd though, first challenge was super easy (basically an idiot check), but while I was able to convert 3 cans of energy drink into a functional solution in half an hour, the verification utility is not very verbose at all. So in Python 3.7.3 in my Debian box it worked just fine, yet the testing suite in Foobar was failing the whole time. After sending an email to my friend that gave the link (several years ago now, sorry about that! 😅) asking if he knew the problem, I found out that Google is still using Python 2.7.13 for some reason. Even Debian's Python is newer, at 2.7.16. To be fair it does still default to Python 2 too. But why.. why on Earth would you use Python 2.7 in a developer oriented set of challenges from a massive company, in 2020 when Python 2 has already been dead for almost a whole year?

But hey now that it's clear that it's Python 2.7, at least the next challenges should be a bit easier. Kind of my first time developing in SnekLang regardless actually, while the language doesn't have everything I'd expect (such as integer square root, at least not in Debian or the foobar challenge's interpreter), its math expressions are a lot cleaner than bash's (either expr or bc). So far I kinda like the language. 2-headed snake though and there's so much garbage for this language online, a lot more than there is for bash. I hate that. Half the stuff flat out doesn't work because it was written by someone who requires assistance to breathe.

Meh, here's to hoping that the next challenges will be smooth sailing :) after all most of the time spent on the first one (17.5 hours) was bottling up a solution for half an hour, tearing my hair out for a few hours on why Google's bloody verification tool wouldn't accept my functioning code (I wrote it for Python 3, assuming that that's what Google would be using), and 10 hours of sleep because no Google, I'm not scrubbing toilets for 48 hours. It's fair to warn people but no, I'm not gonna work for you as a cleaning lady! 😅

Other than the issues that the environment has, it's very fun to solve the challenges though. Fuck the theoretical questions with the whiteboard, all hiring processes should be like this!

Sus!
yesterday I bought a cool domain in namecheap, I was very lucky to find short and good one for my case.

Today (at weekends!!!!) I receive a letter:
>Hello **redacted name**,
>
>We are contacting you from the Namecheap Risk Management Team regarding your '**redacted name account**' account.
>
>Unfortunately, your Namecheap account was flagged by our fraud screening system as requiring verification and was locked.
>
>Please follow the instructions below to get your account verified:
>
>- take a color photo of the credit card used for the payment at **redacted link**
>
>Please make sure all of the edges of the credit card are visible, and that we can clearly see the card holder's name, expiration, and last four digits of the card number. The screenshots or images of the card cannot be accepted for verification. >If the submission does not meet these requirements, we can either request to submit the details again or permanently suspend your account.
>
>- provide a valid phone number and the best time to call you (within normal business hours, US Pacific time).
>
>If we do not hear back from you within 24 hours, we will be forced to cancel your orders.
>
>We apologize for any inconvenience that may result from this process. This extra verification is done for your security and to ensure that orders are legitimate. This industry, unfortunately, has a high rate of fraudulent orders, and this sort of >verification helps us drastically reduce fraud and ensure our customers remain secure. Such documents are used for verification only and are not provided to third parties in any way. Account verification is a one-time procedure, after your account >is verified, you will never face this issue again.
>
>Looking forward to your reply.
>
>---------------
>Dmitriy K.
>Risk Management
> Namecheap, Inc.

what if I did not notice it in 24 hours? It is the weekend for god's sake! People usually rest until monday.
They would what, cancel order and scalpel it to super high price?!
I have some doubts if the request is trully having anti fraudulent origins.

What if I used digital visa card? How was I supposed to photo it?

And the service they provided for photoing accepts only photos from web camera. I was lucky that I bought recently web camera with high enough amount of pixel power and manual focus. What if I did not?

That's all really SUS!
The person can not notice the letter within 24 hours time frame until the morning, when it would be already too late.

implementing an email verification .. it shows differently in different email .. If I fix something for yahoomail .. it shows broken in gmail .. just fedup of this .. my whole day has been wasted for this shit today .. 😑😑

So, there was that post about Valve that send your steam password through an email. I changed my password to see if it was true (I couldn't believe it). And I had to do phone verification....

I thought for a sec it wouldn't stop, but yeah atleast I got the message.

Got a problem with an AUR package. Decided to ask the AUR maintainer. Registered on the AUR page. Can't login, receiving HTTP400 bad referrer header.

Decided to report that issue. To do so, I need to register on the Arch Linux Website. Did that. To finish registration, I need to verify my account. However, the verification button just does nothing.

Removed AUR package.

FAIL!!
My driver's ed Course is online. It is a 32 hour course so in order to go through every slide you have to wait for a timer to countdown. The way they keep you from advancing is graying out the next button.

That's really stupid.
Because I just found out that you can change the button class to active in the Chrome inspector. You can continue.

The shocking part is is that there is no server side verification, so I could complete the entire hour course in less than 30seconds.

Wow. I didn't think a FUCKING DRIVERS ED COMPANY WOULD BE THAT STUPID!

I am developing a twitter bot which will post local weather daily. After few test tweets, twitter locked the account and asked to verify account by calling. They called and I wrote down the verification code but THE FUCKING TWITTER returns a "Something went wrong." error with no actual clue about the problem.

Just visited a website, which at the top of every page "Please paste your Google Webmaster Tools verification here"

What's odd, is this isn't a way I've seen to verify. Some kind of odd scam? 🤔

Ok... so I have a unique question/opportunity. I can't give all the details but here's the jist:

3yrs ago I was hired to consult a now prominent(still decently well known then) web-based company with many thousands of users, dealing with a lot of money and leveraging a social environment. They had several issues but initially they really needed me to find/train chat mods.

I did not take the offer for monetary reasons, like all consulting I've done, I had additional reason and/or fondness to fix the issues. In this case it was an interesting challenge and I knew several customers and some support staff so it'd be worthwhile.

They (without request) reduced their typical 2mo probationary period to 2wk for me. With less than a day left of that period, I was 'hacked' via a pushed telegram update, on the account they made me create for work purposes (they had control of the phone number not me).

During this 'hack' one of the 2, currently active, culprits sent a message to his tg account from the 'hacked' one and quickly deleted the entire convo. The other pretended (poorly) to be me in the chat with the mods in training (at least a few directly witnessed this and provided commentary).

Suddenly, I was fired without any rationale or even a direct, non-culprit, saying anything to me.

The 'hack' also included some very legit, and very ignorantly used, Ukrainian malware.

This 'hack' was only to a 2nd gen lenovo yoga I got due to being a certified refurbisher... just used for small bs like this chat mod/etc job. I even opened up my network, made honey pots, etc., waiting for something more interesting... nope not even an attempt at the static ip.

I started a screen recording program shortly after this crap started (unfortunately after the message sent be 'me' to the dude who actually sent it happened... so i still dont know the contents).

I figured I'd wait it out until i was bored enough or the lead culprit was at a pinnacle to fall from...

The evidence is overwhelming. This moron had no clue what he was doing (rich af by birth type)... as this malware literally created an unhidden log file, including his info down to the MAC id of his MacBook... on my desktop in real time (no, not joking... that stupid)

Here's my quandary... Due to the somewhat adjacent nature of part of our soon to be public start-up... as i dont want it to turn into some coat tail for our tech to ride on for popularity... it's now or never.

Currently im thinking, aside from any revenge-esq scheme, it'd be somewhat socially irresponsible to not out him to his fellow investors and/or the organisation that is growing with him as one of few at the forefront... ironically all about trust/safety/verification of admins in the industry.

I tried to reach out to him and request a call... he's still just as immature. Spent hours essentially spamming me while claiming it wasnt him but hed help me find whoever it was... and several other failed attempts to know what i had. When i confirmed he wasnt going to attempt a call, i informed him id likey mute him because i don't have time for back and forth bs. True to form he deleted the chat (i recorded it but its of no value).

So... any thoughts?

Haha, I’ve just managed to break Google’s picture captcha by clicking false pictures.

Keep getting this annoying new Google verification even though I'm already signed in 😑😑

Note to self:
Close off ALL ways things could go wrong..

Long story short; I released a new feature, to be able to better follow up on any stock moves, their amounts, locations and even expiry dates. An older tool just bypassed that very verification and nothing was logged or taken out of stock.

~

Taking out an amount for a certain orderline has a shortcut in place to mitigate some of the mandatory steps that pickers need to take in order to verify what's being taken. This little tool only available, visible and possible for a very few select users.

I assigned some orders to one of these people, which made him think it was an urgent batch. It's only one product, for multiple orders, so he went to the location, took out the amount needed and then used the tool to quickly be able to prepare them for shipping.

This bypassed the new methods to check if the location actually had stock to take, which I had just enabled for 1 account.

Luckily I caught the miss-hap as I was monitoring that product first-hand and noticed the batch of orders was collected but the stock amount didn't update.

It was 5min before I was leaving work, so I investigated and then ran to the person in question to ask what he did; which was "I used that tool"

I facepalmed myself internally while blaming myself, as he couldn't know that it wasn't ready to use for that purpose.

The tools to fix this up are there already.. so I used that to fix some missing stock-takes manually.. Though I'll need to close that little tool for these kind of orders for sure, asap, probably when I get home, at least until I bring over its new logic to it.

Happy Tuesday? (:

I understand risk aversion and fault tolerance and verification. But you have to realize mister tester and systems lead guy, WE DON'T HAVE INFINITE TIME!!! Gods damn, seriously. You can't keep pushing the schedule. Eventually we have to ship. That's, you know, how we get paid.

Good code is a lie imho.

When you see a project as code, there are 3 variables in most cases:

- time
- people / human resources
- rules

Every variable plays a certain role in how the code (project) evolves.

Time - two different forms: when certain parts of code are either changed in a high frequency or a very low frequency, it's a bad omen.

Too high - somehow this area seems to be relentless. Be it features, regressions or bugs - it takes usually in larger code bases 3 - 4 weeks till all code pathes were triggered.

Too low - it can be a good sign. But it should be on the radar imho. Code that never changes should be reviewed at an - depending on size of codebase - max. yearly audit. Git / VCS is very helpful here.
Why? Mostly because the chances are very high that the code was once written for a completely different requirement set. Hence the audit - check if this code still is doing the right job or if you have a ticking time bomb that needs to be defused.

People
If a project has only person working on it, it most certainly isn't verified by another person. Meaning that only one person worked on it - I'd say it's pretty bad to bad, as no discussion / review / verification was done. The author did the best he / she could do, but maybe another person would have had an better idea?

Too many people working on one thing is only bad when there are no rules ;)

Rules. There are two different kind of rules.

Styling / Organisation / Dokumentation - everything that has not much to do with coding itself. These should be enforced at a certain point, otherwise the code will become a hot glued mess noone wants to work on.

Coding itself. This is a very critical thing.

Do: Forbid things that are known to be problematic in the programming language itself. Eg. usage of variables in variables, reflection, deprecated features.

Do: Define a feature set for each language. Feature set not meaning every feature you want to use! Rather a fixed minimum version every developer must use and - in case of library / module / plugin support - which additional extras are supported.

Every extra costs. Most developers don't want to realize this... And a code base that evolves over time should have minimal dependencies. Every new version of an extra can have bugs, breakages, incompabilties and so on.

Don't: don't specify a way of coding. Most coding guidelines are horrific copy pastures from some books some smart people wrote who have no fucking clue what you're doing and why.

If you don't know how to operate on people, standing in an OR and doing what a book told you to do would end in dead person pretty sure. Same for code.

Learn from mistakes and experience, respect knowledge from other persons, but always reflect on wether this makes sense at this specific area of code.

There are very few things which are applicable to a large codebase on a global level. Even DRY / SOLID and what ever you can come up with can be at a certain point completely wrong.

Good code is a lie - because it can only exist at a certain point of time.

A codebase should be a living thing - when certain parts rot, other parts will be affected too.

The reason for the length of the comment was to give some hints on what my principles are that code stays in an "okayish" state, but good is a very rare state

Coinbase is a miserable clock sucker...

You can't understand that your stupid app doesnt split sir names during ID verification? A month of playing ring around the support email bot... "Try updating chrome!"...

Go duck yourself,
John S Jr. Smith

Fuck I feel fucked up just for completing user account management, authentication, email verification, password reset. Securing all of this with ssl and checking for any security loopholes.

I can't believe this took me more than a couple months.
Well I was lazy and unmotivated.
I fucking hate crafting stupid ass routes in nginx.
I fucking hate making a nice responsive gui.
I have to design even the stupid html for the emails. Fuuuuck.

So much boilerplate on top of that with username and email validation.

I learnt regex 5 times over the past couple months, still not enough.

And now I actually have to build the functional part.

On the plus side I can reuse this stupid boilerplate if I can make it more modular and readable.

There's shit ton of comments to the point where I feel like an idiot for including so much info. It's like I've written it for a toddler to take over.

Gawd. Anyways it's over now. 50% I guess.

I can finish the rest of the server more quickly and then spend another year designing the Android application.

I'm really lazy in places where I have to design UI/UX. Although at this point it's kinda what could put my application at the top. (I'm lazy, I ain't bad.. I just hate implementing my ideas I wish I could just visualize and have it appear on my screen)

I do like parts of gui that involve little math problems that would make motion smooth and efficient.

I hate the elasticsearch backup api.

From beginning to end it's an painful experience.

I try to explain it, but I don't think I will be able to cover it all.

The core concept is:
- repository (storage for snapshots)
- snapshots (actual backup)

The first design flaw is that every backup in an repository is incremental. ES creates an incremental filesystem tree.

Some reasons why this is a bad idea:
- deletion of (older) backups is slow, as newer backups need to be checked for integrity
- you simply have to trust ES that it does the right thing (given the bugs it has... It seems like a very bad idea TM)
- you have no possibility of verification of snapshots

Workaround... Create many repositories as each new repository forces an full backup.........

The second thing: ES scales. Many nodes / es instances form a cluster.

Usually backup APIs incorporate these in their design. ES does not.

If an index spans 12 nodes and u use an network storage, yes: a maximum of 12 nodes will open an eg NFS connection and start backuping.

It might sound not so bad with 12 nodes and one index...

But it get's pretty bad with 100s of indexes and several dozen nodes...

And there is no real limiting in ES. You can plug a few holes, but all in all, when you don't plan carefully your backups, you'll get a pretty f*cked up network congestion.

So traffic shaping must be manually added. Yay...

The last thing is the API itself.

It's a... very fragile thing.

Especially in older ES releases, the documentation is like handing you a flex instead of toilet paper for a wipe.

Documentation != API != Reality.

Especially the fault handling left me more than once speechless...

Eg:
/_snapshot/storage/backup
gives you a state PARTIAL
/_snapshot/storage/backup/_status
gives you a state SUCCESS

Why? The first one is blocking and refers to the backup status itself. The second one shouldn't be blocking and refers to the backup operation.

And yes. The backup operation state is SUCCESS, while the backup state might be PARTIAL (hence no full backup was made, there were errors).

So we have now an additional API that we query that then wraps the API of elasticsearch. With all these shiny scary workarounds like polling, since some APIs are blocking which might lead to a gateway timeout...

Gateway timeout? Yes. Since some operations can run a LONG (multiple hours) time and you don't want to have a ton of open connections hogging resources... You let the loadbalancer kill it. Most operations simply run in ES in the background, while the connection was killed.

So much joy and fun, isn't it?

Now add the latest SMR scandal and a few faulty (as in SMR instead of CMD) hdds in a hundred terabyte ZFS pool and you'll get my frustration level.

PS: The cluster has several dozen terabyte and a lot od nodes. If you have good advice, you're welcome - but please think carefully about this fact.

I might have accidentially vaporized people sending me links with solutions that don't work on large scale TM.

research 10.09.2024

I successfully wrote a model verifier for xor. So now I know it is in fact working, and the thing is doing what was previously deemed impossible, calculating xor on a single hidden layer.

Also made it generalized, so I can verify it for any type of binary function.

The next step would be to see if I can either train for combinations of logical operators (or+xor, and+not, or+not, xor+and+..., etc) or chain the verifiers.

If I can it means I can train models that perform combinations of logical operations with only one hidden layer.

Also wrote a version that can sum a binary vector every time but I still have
to write a verification table for that.

If chaining verifiers or training a model to perform compound functions of multiple operations is possible, I want to see about writing models that can do neighborhood max pooling themselves in the hidden layer, or other nontrivial operations.

Lastly I need to adapt the algorithm to work with values other than binary, so that means divorcing the clamp function from the entire system. In fact I want to turn the clamp and activation into a type of bias, so a network
that can learn to do binary operations can also automatically learn to do non-binary functions as well.

GoDaddy. Is. The. Worst.

I'm working on an SSL cert domain verification for a client. The chat support tech at GoDaddy has no freaking clue what she's doing. She keeps telling me to follow the same help article I already knew about the first second I heard I needed to do this job. It didn't work. But she keeps going back to it, sure that I'm just a complete and utter moron who doesn't read. Never mind that I have screenshots to prove everything she's telling me is 100% wrong according to every error message this process is generating.

Now she's checking with the "SSL team". Which is code for "I have absolutely no idea what I'm doing and I'm frantically searching the FAQ database to figure out what this SSL thing even is."

That's what the last hour of my life has been. And 20 minutes of that was waiting in the chat queue.

Im ranting in progress of the issue so i dont get the urge to do any of the things not seem as acceptable to fix this issue.

Issue: yesterday i activated a device i havent had any (even prepaid) service on in years, and had a 'new'(to me) number assigned...

Today, after being sick so muting nuisances immediately for rest, i check, 3missed calls from the same, less spammy looking number. I havent use this number for even a txt code verification at all... aside from 1 call to comcast (for the blissful irony of seeing if its an option (they need to survey physically) since im suing my current isp who didnt take my VERY NICE and explictly required in their business t&c, refund for the issue's duration.. after months of tryjng to directly get a message (not using my not technically hacking expertise like just scrubbing for email formatting and popped up in their inbox (calling them is more frowned upon)...

Their conclusion as to "why" (they nvr solved the issue... dhcpv6 was in aggressive lease mode(no response per lease(NOT batches) of about 60 for about 20 devices which i ofc use my /28 static ipv4 block... not ipv6 (they also claimed there was no logs til i dug and found verbose, long history high/med high debug level logs in their prop. dev's gui... which they forced me to use, has 2 separate cores/stacks which is done for 1 reason only... constant simultaneous ipv4 and ipv6 (so ofc was auto enabled)...

Basically it was spamming do to a config issue with their scripts, and their WAN6 dev/script's config. Have found a single person who knows what ipv6 (or v4) or wan6 device actually means... their conclusion from multiple "specialist departments " ..."we dont support ipv6 so if u had issues caused by using something we dont support it's your fault... sooooo ludacris.

.... ok back to main point.
callback options
1 schedule a call back for "later"
2 dont schedule and hang up/try some other time
3. cancel callback and join the end of the cue(from previous message it told me a callback in 6-10m or lose your place in line and go to the end... hours later no call and they definitely have the number as it reiterated -.-
...
answer to wait in line>
experiencing extremely high wait time
>your current wait time 31-60m
2.5sec later.. let me connect you to a rep ...etc (identical as in callback options intro)
> your current wait time is 30sec
waiting nearly 25min whilst typing this.(i did make sweet potato stuff, propagated a rose, fed JSON some of his new, in closure buffet of things he previously never encounted and bought a literal ton of rubber mulch)40min to a rep 5more to solve (last guy at same position didnt know this option exited, despite me decribing it verbosely to him.

Everything the automated syst asks is about account numer... there is none ive never even had a burner that was at&t brand.

Wzf.

holy shit I swear taxes are like the government trying to tell you you're a peasant to them

my medicare card is about to expire and FOR SOME REASON now the process to renew is a fucking interrogation about various documentation the government has given you. before it was just your damned name, date of birth, and a new photo for the card.

evidently they were supposed to send you snail mail 3 months before expiration. evidently also the only way to renew is get this said snail mail.
and evidently I have to go through this "catchall" change your address with everything in the government process
which is a little ironic
because
to use this service you need to give them something called a notice of assessment, which is when the government accepts your taxes they send you back one of those
well I haven't had access to my tax portal for years. I keep filing them and getting excess money back but I can't actually see any of my returns.
so I tried this time
12 pages of verification and more verification... you do one step, it says wrong info because if you have to write in 2,474 well turns out the , fucks it up and your info doesn't match what's on file and if you fail more than 3 times you'll be locked out. repeat. page after page. how many fucking pages are there? what format are they expecting? nobody fucking knows. you'll get to find out if you pass just this one more!
after about 4 hours of this shit
and they have 2 factor authorization now?! wtf.

then this next step is id verification or we snail mail you a code (WHICH AGAIN IS IRONIC)

I chose id. health card doesn't count, it notifies me later. thankfully I have a passport. bad news, passport expires this September so guess who is gonna be having more fun later
the app of course can't use my camera in the browser I have, so I start downloading fucking other browsers and finally hit one that works
also they lied. they also want a selfie. then it tells me I failed to look like myself. if you fail to look like yourself 3 times you are denied.

ok. so I try snail mail. the page says if I revoke consent to id I can go do the snail mailed code. they lied. if you revoke consent it exits the whole wizard. you enter all the verification steps again.

I try to get them to snail mail me the code. they want some basic info they asked me like 16 times now, and a postal code. ironic. well this is the tax people, so by this point I found all my previous sent in tax returns (though I can't access the government's replies). checked. yep. address all the same. put in the postal code. nope. somehow it's wrong. 3 times I put all this random info in in different ways. 5 times and I'm locked out.

now fucking what.

THE FUCKING IRONY OF
I NEED TO CHANGE WHERE I LIVE SO YOU CAN SNAIL MAIL ME SOMETHING
AND TO CHANGE WHERE I LIVE I HAVE TO CONFIRM WHERE I LIVE SO YOU CAN SNAIL MAIL ME SOMETHING FUCKING ELSE

the government just fucking dunks on you

guess we're all not having fucking medical cards anymore. all we do is pay taxes, and can't even see the paperwork to those taxes we pay.

TLDR: I wanted to change email to new one, but I could not remember which one I have
currently. I found out an API in DevRant JS files for email verification and used
it to find it out.

So, I am moving from Gmail to Protonmail Pro, absolutely love their service.
I wanted to do same on Devrant but I could not figure out my current mail for
"I lost my password" form. My Password Manager have only login saved, and profile does
not show email address.

I thought that this user information is stored on server so it have to be some way to retrieve it. I dug
in source code and I've found:

`<div class="signup-title">Verify Your Email</div>`

Which has event assigned to function which uses jQuery.ajax (love it btw :D) to call:

`url: "/api/users/me/resend-confirm",`

This seems like worth a shot. Few copy-pastes and one ajax call later:

*Ding*

From: support@devrant.io
To: dawid@dawidgoslawski.pl
"Welcome to Devrant"

Got it :) So I have already changed in march when DevRant on previous layout.

This is what I love in this profession - problem solving. AI will not replace human
in any way, we will just stop coding array iterations and data manipulation - we will focus
on real problem solving and human touch (like design, convincing management for changes).

Crypto. I've seen some horrible RC4 thrown around and heard of 3DES also being used, but luckily didn't lay my eyes upon it.
Now to my current crypto adventure.
Rule no.1: Never roll your own crypto.
They said.
So let's encrypt a file for upload. OK, there doesn't seem to be a clear standard, but ya'know combine asymmetric cipher to crypt the key with a symmetric. Should be easy. Take RSA and whatnot from some libraries. But let's obfuscate it a bit so nobody can reuse it. - Until today I thought the crypto was alright, but then there was something off. On two layers there were added hashes, timestamps or length fields, which enlarges the data to encrypt. Now it doesn't add up any more: Through padding and hash verification RSA from OpenSSL throws an error, because the data is too long (about 240 bytes possible, but 264 pumped in). Probably the lib used just didn't notify, silently truncating stuff or resorting to other means. Still investigation needed. - but apart from that: why the fuck add own hash verification, with weak non-cryptographic hashes(!) if the chosen RSA variant already has that with SHA-256. Why this sick generation of key material with some md5 artistic stunts - is there no cryptographically safe random source on Windows? Why directly pump some structs (with no padding and magic numbers) into the file? Just so it's a bit more fucked up?
Thanks, that worked.

LOL XCode....I think they meant "X"tra useless, resembling such as a bag of dicks without handles!!!!

Also, being fucking buried because there's aren't any devs anywhere to be found near me makes me extra cranky!
Ive been hammering away at this Flutter, Java, Swift, Python, and Google maps for just about 36 hours on 3.5 hrs sleep. I just can't stop, I fuckin love this shit!!!
Considering the fact that I'm self taught and just started writing code for real about 7 months ago, I'd say I'm handling this alright for now. Every bit of tech is getting shot out of a cannon at this one- maps, real time tracking, state level auth/Id verification, custom components like ID scans/native desktop applications on custom linux machines, body cams, SIP trunking... all in 3 apps which are 100% multi-platform and scaled up to high end enterprise levels and being groomed for national release. I'm writing the code and doing the tech for ALL of it- even down to custom painted barcode scanners, a wallet system built from scratch, GPS integration, location/geofence based document querying... holy fuck guys I'm gonna fuckin die haha!!!
I went from barely getting websites made in late summer to this very moment, where I am pumping shit out in Flutter, Dart, Python, CPP, Js, Swift, Java, Kotlin, Obj-C, SQL/noSQL, and who knows what else.
I don't even know what the hell I just said haha I hope everyone has a great day!

I’m having this issue for the online marketplace I’m working on the side. It’s blockchain tech where you can purchase normal goods and services(no, not like Amazon or Fiverr, eww, this one’s more inclined with promoting organic growth for small businesses and freelancers).

I’m stuck with what solution is in the best interest of the user and the business for the long-term.

The dilemma about anonymity, online freedom and privacy is yes, it protects users from predators and attackers, but then, it’s harder for authorities to hunt down people who uses platforms for malicious intent, and also, digital footprint is helpful during litigation as evidence.

You don’t know who to trust.

-There is nothing to differentiate normal users with spammers, scammers, etc.
-There is no accountability for if they break the rules. They can easily delete and create a new account.

Platforms, communities big or small are plagued with these.
There are a lot of people out there who would rather project their insecurities on other people than to seek therapy.

Also, how platforms uses psychology tricks to make platforms addicting, it’s safe to assume that it’s bound to get toxic. Fixation on these platforms, leads to other needs being neglected or people forget to stay present.

Another thing, automated moderation is not that effective as there are still biases in data and human verification is still required. But then, human moderators get exposed to extreme violence, gore, etc that leads to poor mental health. (see Facebook got sued by moderators)

Also, I’ve had a recent experience where some unstable dev was stalking and harassing me. During that turmoil, I’ve found the many loopholes in every platform out there and how crappy their support is. Like they’ll just say, “make your account more secure”, bitch it’s your platform not providing enough security, your blocking feature means nothing coz anyone can still create accounts and message anyone.
It happened like February-August (it ended coz I quit going online and made private all my accounts). UGH I MISS ALL MY FRIENDS THO. FUCK THAT DUDE. He deserves to be in jail TBH

Lol if this product booms, now u know the back story lololol

What a delight to have to work on macOS. Not.
Took me two days to notarize our app bundle. The ultimate issue was a dead symlink inside the bundle which would make the codesign verify (with strict option!) fail, while verification of signing operation itself passed.
Notarization would just give generic error: not properly signes.

So yesterday I had to do some windows updates.
Today, I turn my laptop back on and notice I don't have sound.

Alright, I'll just see if I have some outdated drivers. Oh, I have 3, and one it's the sound driver! Cool, let me just update that. What do you mean I can't? Alright, let me try this app I have installed to see if it can update everything for me. It did, great!

Oh, but now the sound is coming from my earphones AND the speaker... Let me check the app again. Nothing. Let me check the drivers again. Detection verification is outdated. Alright, I'll just update that one, no big deal. Windows could not find drivers? Alright, let's see if windows update can find something! Nothing.

Okay, let's check sound definitions. What about troubleshooting? Still nothing?

Well, now I'm pissed. Let's see what the internet thinks I should do. Almost one hour later, I've tried everything I can think of and still can't fix this. Fml

You know what sucks? Having to rely on a vendor for data verification. Especially when that vendor's systems go down every other freakin' day!

Hate it when clients told you a specific requirement but then changes it the last minutes. You can't justify or argue. Can't do nothing about it but only follow. Just a high paid slave.
Example:
Client-verbal: background color of all 5 pages
Me-with email verification: ok. I will bg color of all pages will be red based from our last meeting.
Client email reply: ok
After a few days
Client: I think we have misunderstanding. What I meant was 4 pages red only. The 5th page should be maroon.
Me in my mind: wtf. Of course I can't argue but just agree and follow. The demo is near and he'll just inform the last minute. I will not win this argument.

Also, there are no acceptance criterias in the user story.

FUCK TEAMVIEWER ... HAVEN'T USED THEN FOR YEARS BUT WANTED TO REMOTE FROM 1 ANDROID TO ANOTHER.

Spent an hour setting up dealing with account lockouts, devices verification.... Finally connected all the 2 phones to the account... And TV can't connect... Stuck at connecting....

Just built a solid desktop app for MacOS with Flutter that's worthy of shipping. I gotta say I'm pretty stoked about it, even if it isn't nearly as dope as LOIC. Haha chargin muh lazers!
I'll get some screenshots up soon!!
I also wrote a comple CLI interface for Firebase management using Python. Advanced auth abilities, CRUD capability, full json import/export, verification/password resets, you name it. Well, except full Firestore/mobile OTP features but it's still a win. Actually dicked around and made a cool little Firebase chat program in the terminal with the Python interpreter.
Finished up my first apps in React, React-Native and Ember, my 2nd with Electron, and also got my first Firebase hosted site up and running. Solid day!!! Cheers to that. And cheers to all of you amazing bastards!

TLDR
Apparently if you delete your google account as an only admin of a workplace by just clicking remove account on expired subscription screen when you are on document page you not only loose access to google workplace but also you can create new workplace google account using same domain and email immediately and it’s fresh google domain account without domain verification and with everything wiped off from your old account. So you don’t have access to anything but on the other side there is possibility to use gmail as spam hub if google fucked ip something in their dns verification and once verified and after that expired domain gets bought again it stays verified.

Well I luckily migrated my gmail to other provider 3 years ago and I lost nothing important there but lol.

You can easily lock out yourself from your domain.

I opened ticket using some questionnaire and by adding another dns txt record to my domain to claim access to workplace admin page and let’s see what they do.

If they ever respond to that ticket and how long it will take to get it resolved.

This is good test to see if google is still a people’s company or an evil corporation.

I was using workplace as long as it was free from days of google app engine and begging of cloud revolution. I remember at best times I could chat with google support employee about spam I got from domain registered on google servers and he was processing ticket for me.

Fuck the stack overflow verification algorithm for question 🤦🤦🤦🚶🚶

Search for How to stop Apple ID Verification pop up. Find relevant and possibly credible result from discussions.apple.com:
How do I stop the constant pop up on my iPad for APPLE ID VERIFICATION, posted in 2016.
Last post from OP: Did you ever find a solution to this problem? This Apple ID Verification request is driving me crazy.
83 Users: Me too.
Apple:
Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

I hate having too much security, on the user side. I have 2 step verification on anything that allows and also most of my passwords are up to a limit, seriously. This is why I have LastPass but obviously no work I ever been in allowed it. Except Freelancing and my own software / apps.

Anyone here uses scaleway VPS?

The tickets I raised got deleted without any proper resolution. And that is shady AF. The tickets were attended by some customer support guy and he had told he would call to verify. But that never happened.

And now all the tickets I raised has disappeared.

I can't activate my account because phone verification is not possible since the code they never arrives

I've been working for so long with API integrations and one part of that is security. We perform ssl key exchanges for 2-way verification and a large percent of those partners provides me with their own pkcs12 file which contains their private and public keys! What's the sense of the exchange!? I think they just implement it just to boast that they "know" how ssl works,

How would you implement a system that allow people to share a product that's normally one price but because of the referral there is a discount. Oh and the discount is supposed to based which country you live in.

Right now the whole system runs on the honor system and a little front end verification. How do I clean up this mess??

Sure getting the user's location could work until they use a vpn. I don't really know what to do here.

Is it normal to use rabbitmq AND kafka in the same backend?

Rabbitmq for email verification, password reset etc and all that email bullshit handling

While kafka handles real time chat communication?

Since i noticed both of them work exactly the same. Producer/consumer. Pub/sub shit. Cant tell the difference other than a slightly different syntax

Okay soo... I have been working on a "notepad" script using bash. I basically have finished it but it lacks one thing. Verification if the user has typed anything! I started searching on google how i could do that, and found nothing (lol).
I'm asking help from you people :D

Here's the code that doesn't work.

while [[ $name != 'name' ]] || [[ $name == '' ]]
do
read -rp "What would you like the file name to be? The file extension is .txt!$(echo -ne '\n: ')" name
echo "Enter a valid file name please."
done

There's probably one small thing wrong anyway lol
Thanks already!

The Node and its magic tricks never cease to surprise me.

I created several new components and tried to compile them for verification. Then this big fat error popped up.

I commented out all the newly created code (didn't remove any files, just did ^A^/). Recompiled. This big fat error again.

Undid modifications I made to the files that existed there before. Recompiled. This big fat error again.

Moved the newly created files outside of the project scope (mv app/<...>/featureX/ ../bkup/). Recompiled. SUCCESS.

Moved all of those files back (mv ../bkup/featureX app/<...>/). Recompiled. SUCCESS.

wtf...

Code verification
senior dev: You wrote this code yourself?
Me: Yes sir, it's clean right?
Senior Dev: Prove it
Me: Blah Blah Blah...
Senior Dev: Damn, You the realest

#Suphle Rant 9: a tsunami on authenticators

I was approaching the finish line, slowly but surely. I had a rare ecstatic day after finding a long forgotten netlify app where I'd linked docs deployment to the repository. I didn't realise it was weighing down on me, the thought of how to do that. I just corrected some deprecated settings and saw the 93% finished work online. Everything suddenly made me happier that day

With half an appendix chapter to go, I decided to review an important class I stole from my old company for clues when I need to illustrate something involved using a semblance of a real world example (in the appendix, not abstract foo-bar passable for the docs)

It turns out, I hadn't implemented a functionality for restricting access to resources to only verified accounts. It just hasn't been required in the scheme of things. No matter, should be a piece of cake. I create a new middleware and it's done before I get to 50 lines. Then I try to update the documentation but to my surprise, user verification status turns out to be a subset of authentication locking. Instead of duplicating bindings for both authentication and verification, dev might as well use one middleware that checks for both and throws exceptions where appropriate.

BUT!

These aspects of the framework aren't middleware, at all. Call it poor design but I didn't envisage a situation where the indicators (authentication, path based authorisation and a 3rd one I don't recall), would perform behaviour deviating from the default. They were directly connected to their handlers and executed after within the final middleware. So there's no way to replace that default authentication scheme with one that additionally checks for verification status.

Whew

You aren't going to believe this. It may seem like I'm not serious and will never finish. I shut my system down for that day, even unsure how those indicators now have to refactored to work as middleware, their binding and detachment, considering route collections are composed down a trie

I'm mysteriously stronger the following day, draw up designs, draft a bunch of notes, roll my sleeves, and the tsunami began. Was surprisingly able to get most of previous middleware tests passing again before bed, with the exception of reshuffled classes. So I guess we can be optimistic that those other indicators won't cause more suffering or take us additional days off course

How can I make a bot which makes a single commit everyday at a specific time for a particular repository?
The commit can be anything like insertion in readme or creating a new file.

I tried to accomplish this using python selenium I deployed it on heroku, the problem I am facing is github doesn't allows to crawl on it so it sends a verification code to me on mail and all my further selenium actions fail due it this.☹️

Hey guys, I have almost developed the backend of an app like reddit. My question is about authentication. How should I authenticate my user. Is phone number necessary to add phone otp?Because I don't want to get any legal trouble if someone posts objectionable content on the platform. Most of the apps today need phone number, I dont know why except reducing spam accounts.

Or shall I verify email by otp. But its hard to track disposable emails. I cant go for only gmail too as its banned in china. Email domains of china are weird.

Can I get into legal trouble for objectionable content posted by any evil user?

I dont want to go for auth.

Recently I made a dumb mistake :(

I have applied for credit card online and they have call me and asked me for info and send some messages which I need to forward someone that contain codes.

After that they ask for some docs, salary slips and bank statement etc. I got stuck for some tax forms.

So one day they just called that its ok if you can't submit your tax docs , we can make verification through debit card, I thought the call was genuine and I am in cc process, I shared my pin. and wohaaaa. my balance was deducted :( Thats was indeed a scam call.

While fucking my hot blonde gf this morning the Fucking DUREX condom BROKE and i creampied her. Here are the reasons why its not my fault:

1--Im not retarded

- 4 years of fcking my hot blonde gf with no protection and nothing ever happened cos im !retarded. Its a bigger risk to fuck with condom than without, how is this fucking normal???

2--I use condom the right way

- i was holding the tip so air comes out, just like it was explained on the box, but while rolling it down i was still holding the tip to make sure the air doesnt come back up

3--She was wet

- she wasnt dry. My hot blonde gfs pussy was so wet from how horny she was so its impossible that it got torn due to dryness

4--First verification

- it wasnt torn or ripped. It was normal. Everything looked absolutely fine

5--Second verification

- when i put it inside my hot blonde gf and fk her i pull it out in the first 10 seconds just to make sure it isnt torn--it was good and nothing was ripped so i slowly put it back inside

6--Condom is not thin

- i took the regular durex one (fuck this fucking dead fraud company I'll piss and shit on their grave) so it wasnt the thin bullshit one

7--Dont got a big black dick

- its normal. Average. Not small nor big. So latex elasticity isn't my problem

8--50-50%

- every FUcking time when i fked my hot blonde gf with a condom i always stressed if it'll break or not. This is not the first time it broke. FUCK the product that is THIS MUCH unreliable, unsafe and fragile! I'll fuck the whole durex company up. Im not the only one who had this problem. DUREX IS THE BIGGEST OVERRATED SCAM COMPANY SPENDING BILLIONS ON MARKETING FOR A LOW QUALITY SHIT PRODUCT THAT DOESNT EVEN WORK

9--Package didnt expire

- i bought a new box in the store on 8th march for womens day (modern women value having gifted with condoms more than flowers). It wasnt bought in a shit china quality shop. I fked her in the car at night and also creampied her but the condom did NOT break. Then i fked her this morning in bed with condom from the SAME BOX, and now it DID break. Are you Fucking kidding me???

10--Emergency contraception

- i died from high adrenaline of running so fast to the store to buy her contraception. Had to run to 4 fucking stores cause all of them don't work before 7:30am. Finally found one in the 4th store and she drank Escapelle within 20 minutes of incident, as soon as it was physically possible

11--And now what

- now what. What do i do. I did everything i could. Nothing is my fault. My hot blonde gf wanted me to creampied her it was her idea so shes at fault partially. She will get tested in 15 days while this contraception lasts. Dont know what else to try. This bullshit never happened before

Last day of a two week verification, I went to delete a duplicate folder. Instead I deleted the production folder. Never work on Allegra and zirtec. Luckily it was early in the morning and we only list about an hours work, from the day before's backup.

Is it just me or are graphical software verification libraries useless? I have had to take courses in several is them at uni. Usually, the diagrams end up being externally complex and more prone to errors than the software they are supposed to verify.

The fact that the "final project"of one course was to verify 100 lines of java in 2 weeks. Any beginning programmer could read the java code and confirm it was correct. The diagram my group produced could only be verified by a team of experts over the course of a year. How is it valuable to spend time "verifying"software if the verification needs even more verification than the original software.

Maybe I'm missing the point but I just don't get why there is a market for expensive propratary software in this area.

Wifi used to be an issue in my incubator. Like I had mentioned in my earlier rant. There are many wifi's available now, but once when there was only one wifi available. That wifi network, was so terrible that it asks for human verification number of times even on google searches.

And the person responsible for wifi, is one of the most useless, undeserved person, I had ever seen

When a team from incubator talked to him about the issue, that this particular wifi's is pathetic, too many blocks and always asking for human verification, his reply was

"Just write 'S' after 'http', then it will work"

No doubt, everybody hates that guy.

But that guy cant be fired from job, because government. But he can be FIRED

How long does site template verification takes on Envato Theme Forest?

So I developed this bot which will make one commit everyday for. But duh! Github's security service sends me a verification code Everytime my script tries to login and the further selenium actions fails. 😂😂😂

In short : all my pain went in bin
If anyone knows how can I overcome this issue please let me know

I have Avira Password Manager and for 3 days now I can't access it because they send a verification code to the phone but that code was never received... FUCK YOU AVIRA

HELP!!! I fucked up my OP6 again trying to install Lineage 17.1.

I was running Oxygen Pie and folloqed steps .. Flashed Lineage Recovery 20200609

And then the rom but just boots into Fastboot now.

I'm guessing it's bc I didn't first install Oxygen 10 and upgrade the firmware?

Not though I'm trying to sideload the zip but it keeps stopping at Signature Verification failed.... Even though I said override...

Ok so how many people on here know what VDM is. I cannot seem to find anyone outside of my uni that does.

Ranting doesn't help if the you didn't verified the email. Really devRant, all my ranting I did previous about the customer is gone. _-_

Just built out my first app using Cloudflare Workers, Typescript, and DurableObjects. Holy shit, this is nice stuff.

It's taken little to no time to build out:

* JSON API written in Typescript
* JWT verification against my OAuth backend (SAML support too)
* CI Automated Deployments including unit tests
* DurableObject support
* 3rd party HTTP calls + caching (built in to the framework!) to reduce network latency and hiccups.
* Cron-like tasks on each stored object so they can awaken the app on a schedule and update themselves as necessary
* Rapid deployment to new environments

The local testing with coordinated "miniflare" is dreamy too.

Lets say i have to send an email to the user when:

- user forgot password (email sent with a token to verify the user owns that email, and token identifies for which user is this link valid)

- email verification (email sent with a token to verify the user who just registered, where this token uniquely is generated for each newly registered user)

- etc

Notice how both of these cases include the same shit:
- sending emails
- generating unique tokens
- attaching each record to individual user

Does this mean i should pack this up in 1 single model in the database and differentiate which type of email it is over an enum (EMAIL_CONFIRM, FORGOT_PASSWORD etc)?

Or should these shits each have a different model and thus different tables in database?

🐟💩The image i fetch from s3 is of type byte array

I return it to angular as an ArrayBuffer

Which then needs to be somehow converted to an image so i can fucking show it

Then after research i had to convert ArrayBuffer to Blob

And from Blob to URL encoded object which returns a string that now shows the full image in img tag

Somehow, by a sheer of trials and error i have just accidentally made a very secure way of fetching a very sensitive piece of document (verification document with user's personal data on it) and now in browser this is shown as blob:shit-image/random-hash. Not even the file extension. This means nobody can download this image. You fucking cant. Its a Blob motherfucker! Like a Blob Fish. It saves either a .txt when you try to save it (no idea how) and if you try to open the image in new tab it shows gibberish text. This means you can read-only this highly sensitive document image and not manipulate it, not even download it. Perfect. I have just made a very secure software by accident.

(this blob fish looks like my shit)

Need help with selecting a proper backend and website frameworks. After trying out a couple identity verification service providers we were dissapointed with their lack of support (takes weeks to do minimal changes).

So now we are having discussions about building in-house id verification system. We already have libraries for ios/android apps (ZOOM lib for face recognition and another lib for data extraction via OCR from document picture). So what we need is a proper backend and then a decent web framework with proper ux/ui design for our web/ios/android apps.

Currently thinking what kind of backend framework should we choose? Backend's main responsibility is for each client registered from website to assign an api key and to create a database/storage where his users would authenticate via clients app and upload a picture and a video.

Also wondering what kind of framework for website apps (main web app, dashboard app where we display pending verifications, and of course verification app) to choose. Should be go for angular?