Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "you all get cookies"
-
I tutor people who want to program, I don't ask anything for it, money wise, if they use my house as a learning space I may ask them to bring cookies or a pizza or something but on the whole I do it to help others learn who want to.
Now this in of itself is perfectly fine, I don't get financially screwed over or anything, but...
Fuck me if some students are horrendous!
To the best of my knowledge I've agreed to work with and help seven individuals, four female three male.
One male student never once began the study work and just repeatedly offered excuses and wanted to talk to me about how he'd screwed his life up. I mean that's unfortunate, but I'm not a people person, I don't really feel emotionally engaged with a relative stranger who quite openly admits they got addicted to porn and wasted two years furiously masturbating. Which is WAY more than I needed to know and made me more than a little uncomfortable. Ultimately lack of actually even starting the basic exercises I blocked him and stopped wasting my time.
The second dude I spoke to for exactly 48 hours before he wanted to smash my face in. Now, he was Indian (the geographical India not native American) and this is important, because he was a friend of a friend and I agreed to tutor however he was more interested in telling me how the Brits owed India reparations, which, being Scottish, I felt if anyone was owed reparations first, it's us, which he didn't take kindly too (something about the phrase "we've been fucked, longer and harder than you ever were and we don't demand reparations" didn't endear me any).
But again likewise, he wanted to talk about politics and proving he was a someone "I've been threatened in very real world ways, by some really bad people" didn't impress me, and I demonstrated my disinterest with "and I was set on fire once cos the college kids didn't like me".
He wouldn't practice, was constantly interested in bigging himself up, he was aggressive, confrontational and condescending, so I told him he was a dick, I wasn't interested in helping him and he can help himself. Last I heard he wasn't in the country anymore.
The third guy... Absolute waste of time... We were in the same computer science college class, I went to university and did more, he dossed around and a few years later went into design and found he wanted to program and got in touch. He completes the code schools courses and understandably doesn't quite know what to do next, so he asks a few questions and declares he wants to learn full stack web development. Quickly. I say it isn't easy especially if it's your first real project but if one is determined, it isn't impossible.
This guy was 30 and wanted to retire at 35 and so time was of the essence. I'm up for the challenge, and so because he only knows JavaScript (including prototypes, callbacks and events) I tell him about nodejs and explain that it's a little more tricky but it does mean he can learn all the basis without learning another language.
About six months of sporadic development where I send him exercises and quizzes to try, more often than not he'd answer with "I don't know" after me repeatedly saying "if you don't know, type the program out and study what it does then try to see why!".
The excuses became predicable, couldn't study, playing soccer, couldn't study watching bake off, couldn't study, couldn't study.
Eventually he buys a book on the mean stack and I agree to go through it chapter by chapter with him, and on one particular chapter where I'm trying to help him, he keeps interrupting with "so could I apply for this job?" "What about this job?" And it's getting frustrating cos I'm trying to hold my code and his in my head and come up with a real world analogy to explain a concept and he finally interrupts with "would your company take me on?"
I'm done.
"Do you want the honest unabridged truth?"
"Yes, I'd really like to know what I need to do!"
"You are learning JavaScript, and trying to also learn computer science techniques and terms all at the same time. Frankly, to the industry, you know nothing. A C developer with a PHD was interviewed and upon leaving the office was made a laughing stock of because he seemed to not know the difference between pass by value and pass by reference. You'd be laughed right out the building because as of right now, you know nothing. You don't. Now how you respond to this critique is your choice, you can either admit what I'm saying is true and put some fucking effort into studying cos I'm putting more effort into teaching than you are studying, or you can take what I'm saying as a full on attack, give up and think of me as the bad guy. Your choice, if you are ready to really study, you can text me in the morning for now I'm going to bed."
The next day I got a text "I was thinking about what you said and... I think I'm not going to bother with this full stack stuff it's just too hard, thought you should know."23 -
** Non Dev Rant **
I just need to rant about this because I'm furious.
Last night I had a house warming party. It was mostly, if not all, of my girlfriend's friends. I'm a cranky old developer so I don't have friends.
Everyone was nice and dressed nice and brought us gifts.. all of the gifts were pretty much specifically for my girlfriend.
So this one girl came... she's younger.. around 25. She came with no gift (I wasn't expecting gifts I just need to mention it for the plot), and was dressed in sweat pants. Alright, no problem.. I really don't care at least she's here.
So as more guests arrive I finally get a gift. Someone brought me a case of beer and a couple of yummy cookies. I had to put it down on the kitchen counter for a bit because I needed to grab more chairs.
The basement door where the chairs are is 10 feet away from where I left my present..
I come back from upstairs.. not even 5 minutes later and I see sweat pant girl stuffing one cookie in her fucking mouth and the other in her pants...
Are you fucking kidding me!? I bought desserts and snacks and all the alcohol you can think of and you steal MY fucking present. Not just one of them... but BOTH.
She saw the other guests give me it.. say "here buddy this is for you"... followed me in the kitchen and STOLE my fucking cookies.
I was going to eat them this morning with my coffee and I realized I couldn't because this fucking ass hole took my fucking cookies!!!!
I hosted this party for my girlfriend's SJW ass hole fucked up friends... put a smile on my face... pretended to like people... and for once didn't yell at someone... and the fucking thanks I get is 2 stolen fucking cookies.
Fuck her.20 -
What kind of supercomputer you have to use to get these fucking websites to work smoothly????
I'm on a fucking gigabit connection, ryzen 7 7700x, 32GB ram, and a fucking nvme, all it takes is opening a fucking recipe site and I'm instantly transported back to the 80s. I swear if i see another 4k asset I'm gonna punch something.
WHAT THE FUCK HAPPENED TO FUNCTION OVER FORM????
Oh do you want me to disable my addblocker??? How about: you make a site that works you fuck. No i will not fucking subscribe to your brain-dead newsletter why the fuck would I???
And since when are cookies needed for a fucking plaintext site you asshat??? Tracking??? I swear if you could you would generate metadata from my clipped fingernails if it meant you could stick "Big data" next to that zip-bomb you call a website.
I WOULD like to read your article, possibly even watch a couple of ads on my sidebar for you, but noooooo you had to have the stupid fucking google vinegrette or however the fuck they are calling the fucking thing now.
The age of the web sucks the happiness out of life, and despite having all of this processing power, I am jealous of my fathers RSS feeds.
I'm sorry web people, I know it's not your fault, I know designers and management don't give a shit how long a website takes to load. I just wanted to make a fucking omelette.15 -
I'm so sick of all these fat frontend websites.
Transferring dozens of megabytes of mostly unused libraries is not acceptable.
A browser tab crunching up CPU time because everything must be "beautifully animated" (🤢) and processed without involving page reloads/backend is not acceptable.
A response time of over a second is not acceptable.
Cryptic error messages and random popups asking you to reload your page, not acceptable.
Sticky elements/popups breaking access on small screens is not acceptable.
Running hundreds of ajax calls per minute as heartbeats/probes
and crashing the page when the internet has a hiccup, not acceptable.
Fuck Asana, Fuck Twitch, Fuck LinkedIn, Fuck Youtube, Fuck the dozens of other SPAs which unload their truckload of diarrhea into a tab, yet fail to load crucial functionality about half of the time.
Fuck any page that breaks when you block Facebook, Doubleclick, Twitter or Google Analytics. To hell with websites depending on cookies or javascript loaders to display anything.
I want webpages to be interactive informational documents again.
Fuck off with your apps.
If you want to make an app, learn to use a real language, and get the fuck out of my browser.5 -
Well... I had in over 15 years of programming a lot of PHP / HTML projects where I asked myself: What psychopath could have written this?
(PHP haters: Just go trolling somewhere else...)
In my current project I've "inherited" a project which was running around ~ 15 years. Code Base looked solid to me... (Article system for ERP, huge company / branches system, lot of other modules for internal use... All in all: Not small.)
The original goal was to port to PHP 7 and to give it a fresh layout. Seemed doable...
The first days passed by - porting to an asset system, cleaning up the base system (login / logout / session & cookies... you know the drill).
And that was where it all went haywire.
I really have no clue how someone could have been so ignorant to not even think twice before setting cookies or doing other "header related" stuff without at least checking the result codes...
Basically the authentication / permission system was fully fucked up. It relied on redirecting the user via header modification to the login page with an error set in a GET variable...
Uh boy. That ain't funny.
Ported to session flash messages, checked if headers were sent, hard exit otherwise - redirect.
But then I got to the first layers of the whole "OOP class" related shit...
It's basically "whack a mole".
Whoever wrote this, was as dumb and as ignorant to build up a daisy chain of commands for fixing corner cases of corner cases of the regular command... If you don't understand what I mean, take the following example:
Permissions are based on group (accumulation of single permissions) and single permissions - to get all permissions from a user, you need to fetch both and build a unique array.
Well... The "names" for permissions are not unique. I'd never expected to be someone to be so stupid. Yes. You could have two permissions name "article_search" - while relying on uniqueness.
All in all all permissions are fetched once for lifetime of script and stored to a cache...
To fix this corner case… There is another function that fetches the results from the cache and returns simply "one" of the rights (getting permission array).
In case you need to get the ID of the other (yes... two identifiers used in the project for permissions - name and ID (auto increment key))...
Let's write another function on top of the function on top of the function.
My brain is seriously in deep fried mode.
Untangling this mess is basically like getting pumped up with pain killers and trying to solve logic riddles - it just doesn't work....
So... From redesigning and porting from PHP 7 I'm basically rewriting the whole base system to MVC, porting and touching every script, untangling this dumb shit of "functions" / "OOP" [or whatever you call this garbage] and then hoping everything works...
A huge thanks to AURA. http://auraphp.com/
It's incredibily useful in this case, as it has no dependencies and makes it very easy to get a solid ground without writing a whole framework by myself.
Amen.2 -
!rant
I am so proud of my dad :D Last weekend I went to Minecon and spent most of my time with other modders. When I posted on FB a friend replied "I didn't see you", to which I said "I was with the modders". My dad then replied what are modders. It was late at night so I didn't get to respond and forgot about it.
This morning when I talked to him he said he looked on the online dictionary and found the definition by himself. That made me really proud, considering he is not computer savy and always relied on me to answer IT questions 😍 -
TL;DR: If you make a contest where people get to vote online fucking make it right!
And here's the story: I play in a local coverband to make some cash on the side and because I love making music. We entered a contest hosted by a local radio-station. The first round was determined by judges and now 5 bands remain and of those 5 only 3 get to be voted into the final round. In the final round every bands wins something: 3rd place 250€, 2nd place 750€ and first place 5000€.
Now that stupid dipshit of a web-designer of that radio-station made a website where you can vote and it only fucking sets a cookie. You can delete it and vote again. You don't need no E-Mail and nothing. It doesn't even block multiple votes from one IP. It doesn't do shit.
Even my bandmates (who don't work in IT) where smart enough to figure out that you can just delete the cookies...
I think that now every band except for one is cheating. (we have over 5000 votes and combined all bands have like 4000 FB-Likes and sometimes and Band gets like 400 more votes in an hour) This is such a fucking messup and I don't know what to do. Maybe they'll look into stats but if they're so stupid to make a contest like this in the first place, maybe they won't. And even if they look into the stats it wouldn't be fair to kick out a band with much votes because how the fuck would they know if the band themselves cheated or if it was a fan of the band or even an enemy of the band just to get them kicked out.
I'm afraid of talking to the radio-station as a part of one band because maybe the web-designer there just gets frustrated and bans us from the contest entirely.
This is just fucking frustrating.undefined to cheat or not to cheat contest do it right or don't do it at all delete cookies so pissed.5 -
Most succesful project was around this time last year.
A scary club of privacy haters made a 'webapp' to advise people what to vote for in the national elections.
The tool was really bad in multiple ways. For instance, if two parties would score the same amount of points, one would, at random take second place without conveying this to the user.
Oh and it also collected all the data people entered "for scientific purposes". A very sketchy practice, a non profit, funded by the government and George Soros (I kid you not, illuminatie confirmed ;) ).
The tool had this disclaimer on the bottom, saying this webapp needs cookies to function. So that triggered me to make a copy of the tool that works better and ... offline, and without cookies. You could download a html file and turn of your wifi (for the paranoid ppl among us), use the tool, delete the file. No trace.
It was a little bit of tung and cheek project, a gimick, the original was called stemwijzer, mine was called offline stemwijzer.
It was a one day build and a day after launching I got a call of the original stemwijzer project leader. Demanding to take the thing offline for infringing copyright (yeah sort of was). I tried to explain him why I made this and why privacy for such things should be held in high regard. He basicly told me I was talking shit and did not want to discuss, I told him I don't take stuff offline because of phone calls. I told him to email me a seist and desist.
So that guy prolly had a stressful day (because of the launch of his tool), had a few glasses of wine, and wrote an email. He wrote me I was a pathtic kid and I should do more useful stuff. He wrote that anyone could program a tool like that. And he wrote me I should do him a favour not share this email with my measly amount of twitter followers. Super professional email.
So I did him that favour, I did not share it with my twitter followers, I shared it with one of the largest political blogs in the country.
My tool sort of took of after that. To stop infringing copy right I changed the name and I removed their content from the script and wrote instructions on how to copy and paste in the json content yourself and "make your own tool".
The response was great, people actually emailed me job offers and I think that the current job I have is due to the succes of said project. So be balsy, challenge giants, start riots, it will get you places.2 -
To all web devs adding cookie-nags on your companys pages: stop that! Now! No where does that cookie law require you to ruin your site with nagging popups. Where's the focus on usability?
And the rule about informed consent? Which normal user (like my mother) knows what that means anyway? I call bs! Politicians, don't get me started.
Every user on the internet goes JMIGA: Just Make It Go Away, click whatever making that crap disappear.
What user will go "holy shit, they're using cookies!! I'm outta here!" No one in the history of the internet, that's who. Argh.9 -
Those GDPR nag screens actually are more damaging than useful. Nobody has the energy to jump through the hoops all different sites set up for you to opt-out of tracking. Yet you will constantly see those pages if you have opted out.
If you use some privacy extensions that block tracking cookies and stuff, you will keep getting those nag screens, because they have no idea whether you have seen it or not (because of no tracking)
So browsing the web has become the constant of:
1) Search something
2) Deal with nagscreens
3) See the page
4) Go to other page
5) Repeat from step two
I wonder what this will lead to? People are less likely to visit random pages and stick to ones they have account on? Will darknet become more popular? Will somebody design some standard way to get rid of this nagscreen wave?11 -
ARGH!
Since that privacy cookie policy change thingy, every goddamn site pops up the dialog asking about it.
I just want to fucking read the page, quickly; get off my screeeeeeen!
There should be a standard to add something that lets the browser tell the page if you accept cookies or not, and which options to use; or at least make all the sites use a specific attribute for the elements of the div, so it can be automated (I know this is a dream).5 -
I don't know why people here dislike php
It's been 3 years since I was introduced to php and I never find it unworthy to be used in my project at all
Last night it was my first freelancing project and the guy asked me to scrap a table from a stock market website in vba script and append the table values to the excel sheet. That looked easy, I kid you not, from the image he sent me that looked too easy.
I decided to accept it, fml. Cause that site was using fucking cookies and javascript to load the table values.
There was no way to implement shit that in vba under my current knowledge.
Let's fuck this shit and jump to php, I inspected the site and found a cookie was enabling the site to load another part of the site through GET request.
Once I knew what was holding that GET request url, curl came to rescue. I attached cookies and sent the request header and parsed the ajax script url and fetched the response (table data).
Parsed the fetched data using explode and Voila! I made the fucking working script in php
As for the vba script, I wrote code to get this csv, append it to the file and delete the csv8 -
Question: Does using cookies for user session handling hinder the scalability of your backend because all the API's have to live on the same domain. Basically if one API starts to get a lot of request and you want to add another server to off balance the load you would have to add an entire webserver rather than just a small micro webserver with the API running on it mainly because cookies are used to authenticate user request and cookies don't survive CORS request. Am I right or don't know what the hell i'm talking about lol need some opinions I suggested we make all API's micro services and use JWT for user sessions12
-
So a while back I had found a hole in a website's security, one that I has used pretty frequently. I was able to change my cookies and become any user I wanted. The only caveat was that I had to log in as a user in order to get things started. But once I was in I could basically be anyone I wanted to be just by changing a few numbers in the user ID of the cookie. They also did all of their user processing on the client side. Even password checks.
A couple weeks back I decided to go back in to see if anything had changed since then. It did! But not in the way I had thought.
So these guys decided that instead of fixing their security hole, they would have users just contact their people directly in order to get a new account.
Wow that's so much fucking overhead for basically being a lazy shit and not fixing the security holes. I mean how bad is your architecture if you can't go in and fix this?
Not only that I found that they actually stripped all of the users of their original subscriptions. So now if you want to get back on your subscription you'll have to fork over another $399. So that means going to their shitty form filling out your name, your number, email, and just hope that someone contacts you via phone call.
I'm glad I dropped this service. They clearly can't get their shit together.rant hackerman what the fuck are you doing bold and brash it's all shit more like belongs in the trash front end is shit back end is shit -
You ever just get constantly shit on by life, work, and everything for weeks and then, one day, it finally just turns around for the better. After that, you finally feel normal again. Probably all the Christmas cookies I’ve been eating… In the words of forest gump, “I’m so happy I could bust!”9
-
“httpOnly cookies prevent XSS attacks”… wow.
As if not being able to get your cookies is going to stop me from doing bad things.
When I'm in via XSS, it's over. I'm changing the page content to your sign-in form with “please sign in again” notice, but it sends email/password straight to me. What percentage of users is going to enter their data? What do you think? With password managers prefilling data, and the annoyance being one “enter” hit away, I think a lot of users will fall for that. No one, including you, will be able to tell the difference without devTools.
You can rotate the session token, but good luck rotating the user's password.
Oh, did I tell you I could register a service worker using XSS that will be running in background FOREVER?
But don't listen to me. Don't think. Just use httpOnly and hope for the best. After all, your favorite dev youtuber said they could protect you from XSS.4 -
"Code"
And the website says "Lonely geeky people do need apply"
So I put my on my glasses and I went in to ask him why
He said you look like a fine outstanding young man, I think you'll do
So I shook his hand and, I said "I am glad I will be working for you."
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
And the sign says "If you want to use this site you must accept our cookies"
So I found the CEOs address and doxxed him all night!
To put up a dialog and block content from my sight.
If Todd was here, he'd tell it to your face, man, "it just works"
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
Oh, say now mister, can't you code
You got to have a laptop and a hoodie to get a job
You can't work, no you can't standup, you ain't supposed to be here
And the website says "You got to have an employee ID to get inside" - yo!
And the website says "Everybody welcome, come in, code and share"
But then they passed around a git pull at the end of it all
And I didn't have a character to code
So I got me laptop and I made up my own fuckin' code
I typed, "Thank you OSS for thinking 'bout me, I'm alive and doing fine", yeah
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
Code, code, everywhere there's code
Neo vision, tweakin' my mind
Do code this, and API that, can't you read the fucking manual
Yes! Some old song, called "Code code", I wish we did write that one, but
We didn't - git blame!
Hello World!6 -
This story happened to everyone, and i am sure that if i search, i will find dozens of similar stories, but the different here is, i tried, i really tried, in a hundred different ways to achieve my goal !
When you are stuck on a problem, let's say, that you have a program, project, website ... and need to achieve something technically weird (or hard) and need some help to save you time on experimentations. The first thing a lot of people do is : Google.com && put search dorks.
But, at a moment, google gets "dirty", you use it so often that he always think to know better then you what you are looking for.
It reminds of "Ted", the movie (for thows who know it) where they asked : "Hey ! Why does google always suggest us to look for black dicks ??"
It is exactly what happened to me, i got results who doesn't have anything to do with what i was looking for !
You can give it a try now : type "semantic web RDF to RDB"
You won't find anything, except results related to : NOSQL DBs, which is totally annoying.
Something else, i once google swift to get some updates, what results did i got ? Taylor Swift ... (musician)
I often get 2 or 3 results from google, which made me thinking that i somewhat reached the end of internet, or that people are so dumb that i will have spend hours trying to figure my solutions, but, before doing that, other solutions had to be tested.
1- TOR : Google tracks his users and uses its algos and bullshits to return results as close as possible to the user's demand (big fail ...) so how about moving to a different country ? DL TOR browser, open, setup, go to US, open google (got us version YAY !) enter my keywords, and, nothing, still nothing, more results for sure, but nothing related to what i was looking for.
2- VM
Pop a VM, launch TOR, use Hidden mode, delet all cookies and stuff (it is a new VM but who knows).
Use keywords (now in UK). Here they are !! my results !!! i finally found some decent results about my keywords !
But, i have the required knowledge to do this kind of stuff, but how about people who rely heavily on google ? they can't change country, clear everything, trick google to think you are a new user, they have almost biased and flawed results. I tried duckduckgo (i love them) but they are not that efficient.
Google says not to anything evil, but they ARE EVIL, miss guiding people, suggesting corrections who have nothing to do with the keywords, or results totally unrelated in any way to the keywords while results exist in other countries ???
Ever since, i don't pay attention to google at all, and started thinking that google's algos are manipulating people, i don't know if it is done on purpose or not, but the result is the same, people have biased results based on their country, on their tag, on their ID, and the recent keywords.
During that period i was cursing google every funcking day, and i am still doing it, too much trackers, too much manipulation, i will end-up enclosing myself in darknet.4 -
Motherfucking peace of shit....
Dont know to whom I should direct this to .
Was creating a new login page for web app using Quasar(vue.js). Since my application have 2 different types of user, which also have different UI, and functionality.
One is written in vanilla ( and is quiet heavy) and the other one in vuejs ( though earlier it was written in vanilla too ). Login page too was written in vanilla which was working fine.
Now just yesterday I finished a prototype for the third type of user, which is also written in vuejs. Now I decided to re create login page using vuejs. Quiet small and easy to do. Finished it yesterday itself. Now since today's morning I am trying to configure it so that it this piece of shit just let me log in. It was authentication and verifying but not letting me log in.
( On server after authentication, I set cookies/token on clients browser and auto reload the page, so during next request to server/ or during reload, server will read the cookie/token and send the specific admin panel to user)
Prick. Dick.
It was setting cookie, but not at the '/' path. Mother fucker.
It was setting cookie to the path I was sending login credentials ( which was different from '/', I.e.- /login/verify=password )
So it was setting cookie/token at '/login/verify=password'.
Even tried setting path for cookie at server. Read everything on internet. MF nothing worked. All I came across was, 'this is CORS' .... 'this is CORS'. Assholes, if it were CORS', how then I am able to make request to server and getting response without error
Only a hour ago, when I made get request to '/login/verify=password' I figured out, cookie is being sent to server for this path only. Then did some changes at server, so to send login credentials to '/'. Now that shit is working
Fucking waste of time. Wasted more than 6 hours. Asshole.
Btw, if you can suggest a better way to login, then please. -
Pluralsight is so infuriating. First of all my trial lapsed (classiccc move) so I figured I would use it.
They’re content is so outdated.. it’s driving me mad. The past 3 courses have been 2+ years out of date.. and I get it, it’s a lot of work to maintain a course but could you not at least provide links or new annotations?
And I’m not talking a couple of package version updates where things change. This guy is using Bower which to my knowledge is pretty much deprecated and references yarn. Which completely breaks the course.
My thing is, why are you charging $30/month (i think), if I have to jump through these hoops to learn??? I was doing a great job of that on my own via google and YouTube.
The one Udemy course I bought is constantly being updated with notes and annotations and boy do I appreciate that. They’re marketing and cookies are toxic but at least the content is reliable.3