Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.13 -
Netflix, why is your loading spinner so horrible!
Do you know what a percentage is??? 99% means you are ALMOST done. Just a tiny fraction to go. I should not see 99% for seconds or even minutes on end. Much less after the first 98% took only a couple seconds!!
Stop the lies!!!5 -
You motherfucking incompetent useless collection of hairy ballsacks even a trained monkey could do a better job than you do. And I swear once we literally cross the 99% availability rate I will find your headquarters and smash everyone's face into each of your fucking servers then set that whole place on fire.
You forget to flush the DNS cache after moving my server (of course on Friday when else), here is 2 days of error page for my site, whoose instructions a normal user simply couldn't follow. Not to mention it pointed to the wrong article.
Random 503 error, and you aren't answering my phone calls, though usually I am the first one who informs you of a fucking problem with your fucking server and I have to wait 5-10 minutes in line while you are figuring out the problem.
And now random forbidden error for my whole page. Out of nothing. I've changed nothing. You said one hour earlier that it's your mistake and it will took around 30 min. Still nothing.
I'm fed up with all your bullshit. Go fuck yourselves.
I'm out...5 -
Storytime!
I got a ticket near the end of the day, asking to install a printer on a computer. The branch in question was in a different time zone (I'm in US-Pacific [GMT-07] and the computer was in US-Eastern [GMT-04]). I figured I wouldn't worry about it; after all, I had other tickets to work on that were much higher priority.
The next day I come into work and immediately get a message from one of my East Coast coworkers, telling me that this branch is calling and asking how the printer is coming. I told him to tell them I would call them a bit later. I do a couple of easy jobs and then begrudgingly call the branch. I listen to the phone tree that they have (which requires two button presses instead of one in order to speak with someone) and finally get in contact with a person... only to have the call disconnect.
I call back and ask for the person who called in the ticket and then followed up, who had apparently gone to lunch. I informed the person that I was just going to install the printer and it would be good to go. This would be fine... up until she mentioned she needed scanning functionality.
Now I wasn't sure if the driver we have in AD is set up with the scan functionality, so I said okay, but that meant I would have to get the driver from the website. The connection to our branches are about 1Mbps, so even downloading Java updates (60-ish MB) take about 5-10 minutes on a good day. The file for this printer was about 700MB (thanks HP). So I went and did other stuff while that downloaded.
I come back after it finished and started the install process. Right away it asks to re-seat the USB cable. So I call the branch. The call disconnects. I call again. It disconnects. I call one more time, and finally get the person who called the ticket in. I instruct him to re-seat the cable. He does. The driver starts doing its thing. I tell him I'll call back if I run into any issues and we hang up.
The driver goes through the install process for about 20 minutes, stops at 99%, then fails. I want to restart the computer, just in case there's a conflict somewhere, but that would require calling the store again, so I put it off.
About an hour later I get a message from another East Coast coworker, telling me the branch is calling about the printer again. I was in the middle of another call and said I would call back later. I do. It disconnects. I call again, and get the person who called the ticket in again. I tell him I want to restart the computer, but wasn't sure if it was okay. He checks with the people using it, who says it's okay, so I reboot. I hang up.
Once the computer comes back up I start the install process again. It asks to re-seat the cable. Fuck. I don't want to call the store again, so I open notepad and say "Please take out the printer's USB connection from the back of the computer."
Three. Fucking. People. Saw it. They moved the window and one even tried to close it, but they didn't re-seat the cable. I opened another window, telling them to call me at my number. They didn't. I called them. Got disconnected. I called them again, finally got someone, told them to re-seat the printer cable again. They do, thank god.
I say thank you and hang up. Continue the installer. It stops at 99% again and fails. I reboot the computer; screw it, I'm just going to install the driver from Active Directory. Check Devices and Printers. It's installed successfully. Hallelujah!
I get the printer set up for the various programs they use and print a test page. I call them one last time; their phone system sounding like they were connected via an underwater line connected by tin cans. I get someone.
$me: Hi, I want to know if the printer has printed something.
$them (garbled): -et me shee... yesh, it -rint-d a *beezelborp*.
$me: Perfect, I'm going to close this ticket! Thanks, goodbye! *hangs up*
tl;dr - I hate printers -
A few months ago I bought an e scooter to get from home to work.
The backstory to this:
My car broke down on the highway, my sister's car broke down on the highway and we didn't have another car apart of my dad's anymore.
Which means I had to look for another car. The cars between 1k-5k € are dogshit and when you want to register the car you have to have an appointment at a government building which happens to be closed when I'm getting out of my 8-5 job.
I had enough and bought an e scooter.
Now back to now:
In the beginning it was cool.
Could get anywhere I wanted to in combination with the Germany ticket. Except for the Netherlands where my beautiful girlfriend is.
There I can legally not use it but that's ok lol.
The German government is hyping e mobility and public transportation up, but for what?
E mobility currently sucks ass with all the shit laws for e.g. e scooters and when you want to transport it in public transport, people give you weird looks, the bus driver wants you to buy a bicycle ticket even if I can fold the e scooter and more. The scanners in the bus of the German buses cannot read my German ticket for some reason and every bus driver in my city knows that and they just look at it and are like "Ok, you're cool. Continue moving", but this old grandma looking ass bitch is like "No, according to the law you need to show it to the scanner and not to me". I fucking know. I've been doing this shit for a year and you know that but it doesn't work. It says to me that I need to show it to you instead of to the scanner bc this machine is fucking dumb and apparently I'm holding the people because I started a discussion with her. This driver ... ugh. The buses in my city come whenever they want as well.
Like sometimes 5 minutes earlier, sometimes up to 30 minutes later.
Inconsistent motherfuckers and I am the one making everyone wait? Suck my donkey kong balls.
German trains... well you know how that goes. It doesn't. It sucks ass.
Every single fucking train line has a problem. Either a previous train has something, or staff is missing, or a technical error or the train driver's ass is itchy and needs scratches from his assistant. There's always something.
When I want to travelled home from my gf I spent not lying 8 fucking hours on the trains on Sunday.
Normally it takes max. 5 hours with a train and 3-4 hours with a car.
I can also go on a rant because of the Dutch train system because it also sucks, BUT they are reliable. They are there when they say they are gonna be there. 99% of the times.
In Germany it is somewhere at 10%.
Now I realized that e scooters are uncomfortable and expensive toys who need maintenance just like a car but nonetheless they are reliable unlike the public transport.
In the winter it will be even worse.
Electrical cars are way expensive and affordable electrical cars you need to keep charging every few baby steps.
I also looked at 125ccm motorcycles which you can drive if you upgrade your existing car driver's license, but ngl that's a scam. Not worth it at all.
And that's why I am looking for a traditional car now. E mobility is not there yet in Germany and public transport is not doable at this moment.15 -
So I traveled for an hour and 30 minutes to go to my school and complete an assignment that is mandatory for being accepted to my study next year. Guess what.. the assignment was writing a python script that prints specific characters of a set string based on user input. Seriously??? print(str[inp1:inp2]) I was done within a minute and got to leave again. 99% of my time was spent sitting in a train wondering what the point of a mandatory assignment in python is when we are only supposed to learn it once the study starts anyway.
-
Friend, jestingly: Gabe I did a hack, I edited the html on my browser and sent a pic to my boss so that it wouldn't look like I was 20 minutes late
Me, seriously: Friend that's literally 99% of IRL hacking. Human error.
Friend, who is positive about humanity, unlike me: why do you disappoint me like this -
I do IT support for a Uni.
A ticket comes in about how the site looks weird after an update.
Spend 10 minutes looking through Chrome dev view (we don't have access to backend).
Give up and assign to web team.
... Why do the people who manage the site not know anything about web development? 99% chance it's a just a quick CSS fix. -
There's this short programming book (~105 pages) I've been reading while the tests were running (3-40 minutes, depending on the how extensive the tests need to be).
I've arrived at page 99... A month ago. I'm finally able to work on the other lightweight project, where extensive tests take 7 seconds.
I know that I asked for tasks, to keep my idle time to a minimum, but let me finish this book already ˚‧º·(˚ ˃̣̣̥⌓˂̣̣̥ )‧º·˚2 -
Ugh I was looking into React Native Expo and build an app fairly quicky, everything was going well! I just finished a poc and wanted to build it. Well I have build two times before on Expo Cloud. Took like 10 minutes in total. I submited my build and bam 2 hours free plan queue. Motherfuckers! Sucking my dick for the first 2 builds and than asking for the money. When I want to have priority queue I have to pay 99$ per month or 1$ per build wtf is that?? See I get that I should not have expected much from this free service but be upfront with me pls.
Than I tried building the app locally on my MacBook but ofcourse that's always a pain in the ass and after staring at an error for half an hour and trying to fix it with minimal google search results, I gave up for now. Now I'm looking at the fucking downtime timer of 60 minutes before my mini app get's build and oh if it fails I'll have a mental breakdown
Top Tags
Weekly Rant
View