Me brute forcing into the appartment (where i rent my room) modem:

*tries all most easy/logical combinations*

Nope.

*tries more difficult ones*

Nope.

*hmm.... no please not both just blank....... 😷*

Admin access granted.

😩

You know side projects? Well I took on one. An old customer asked to come and take over his latest startups companys tech. Why not, I tought. Idea is sound. Customer base is ripe and ready to pay.

I start digging and the Hardware part is awesome. The guys doing the soldering and imbedded are geniuses. I was impressed AF.

I commit and meet up with CEO. A guy with a vision and sales orientation/contacts. Nice! This shit is gonna sell. Production lines are also set.

Website? WTF is this shit. Owner made it. Gotta give him the credit. Dude doesn't do computers and still managed to online something. He is still better at sales so we agree that he's gonna stick with those and I'll handle the tech.

I bootstrap a new one in my own simplistic style and online it. I like it. The owner likes it. He made me to stick to a tacky logo. I love CSS and bootstrap. You can make shit look good quick.

But I still don't have access to the soul of the product. DBs millions rows of data and source for the app I still behind the guy that has been doing this for over a year.

He has been working on a new version for quite some time. He granted access to the new versions source, but back end and DB is still out of reach. Now for over month has passed and it's still no new version or access to data.

Source has no documentation and made in a flavor of JS frame I'm not familiar with. Weekend later of crazy cramming I get up to speed and it's clear I can't get further without the friggin data.

The V2 is a scramble of bleeding edge of Alpha tech that isn't ready for production and is clearly just a paid training period for the dev. And clearly it isn't going so well because release is a month late. I try to contact, but no reaction. The owner is clueless.

Disheartening. A good idea is going to waste because of some "dev" dropping a ball and stonewalling the backup.

I fucking give him till the end of the next week until I make the hardware team a new api to push the data and refactor the whole thing in proper technologies and cut him off.

Please. If you are a dev and don't have the time to concentrate on the solution don't take it on and kill off the idea. You guys are the key to making things happening and working. Demand your cut but also deserve it by delivering or at least have the balls to tell you are not up for it.

Access granted. 😂

Had an interesting time these past few days. Had a customer who, when I left for vacay, was complaining that he couldn't get access to our private package registry. Get back, this issue is still active.

We'd granted access to his github enterprise, and for some reason he wasn't getting the activation email. We spent about 22 hours of customer support time on his failing to help himself before he finally escalated to the standard 40 person IT enterprise tantrum/come to jesus meeting.

Long story short, he had somehow ignored repeated attempts (35 email replies to the ticket chain, 4 phone calls) to get him to check his spam folder. In which, as it was revealed to all the hollywood squares in attendance, there were no less than 35 activation emails from github granting him access. Of course, none of this was his fault. And while screensharing his big brain to god and everyone he decides the problem is now actually Microsoft because their office 365 spam email filtered his emails incorrectly. We of course agreed with his big brain, smoothed over his bruised ego and went about our day.

I mean, fair enough, it's kind of dumb that Microsoft ever spam lists github, but still. I was just a fly on the wall, and he burned all his paid support tickets on the issue, so hopefully we won't be dealing with him again this year.

Also, this is an edge case with our new product line, most of our customers are painless.

"I need these permissions that J has"

J has those permissions because he worked on a different team that was granted those, you do not.

"I need it"

No

"I need it"

Its not within my power to allow you access, you have to talk with R and M.

"Okay well guess what I'm gonna escalate this up thr chain and its gonna come down on you"

*sigh* what do i do when i literally have no authority to give someone something and am clearly doing my jobb right, but someone thinks they can get me... idk... in trouble? Threaten me??? Logic, meet the window

My parents are real sticklers for who is allowed to be on Netflix. They only let people on when they are present, and they never click 'save password'.

Me being a poor college student and desperate for the Netflix password, created a fake website for one of my parents to sign into.

How did I do this? I created my own localhost server with a backend database for the password to go to. I then copied the Netflix home screen and log in and asked them to log me into their account.

They said I can be on for one hour, and then they were signing me out.

I agreed to these terms.

As a small twist, I had also copied the no internet tab from Chrome for the page to redirect to. Knowing that once they logged in they would be expecting the main UI.

They logged in and then waited for the page to load. I, of course, put in a delay for the page to load and then displayed the no internet tab. They were confused and asked me to refresh, still nothing. I asked them if the router was out, and they went to check.

While they were away I quickly switched back to the real Netflix website and yelled back saying I got it working again. They came back over and saw that it was asking for a password again. They signed in and saw the main homepage and none were the wiser that day.

Once they left I checked inside the DB and found the plaintext password they typed in... The damn password was so simple, I cursed myself for not having figured it out sooner. No matter, I had my parents Netflix password.

So you're probably wondering how they didn't see the URL above and think something was off?

I pressed F11 and fullscreened my entire browser. They did ask, and I simply replied with, I don't like seeing all the crap up above when I'm streaming. No further questions, perhaps I was lucky.

I was never really fond of 2FA, mostly due to the pain in the ass it creates if you lose or can’t access the 2nd device or jumping between GAuth to access Password Manager to access a password to use a login 😱.

But when your phone prompts up with a “allow some Asian, access to you’re iCloud account” you feel a world of relief that you have:

1) a notification you’re account is no longer secure,

And,

2) an immediate ability to change passwords before any access is granted.

Now it’s 1 more password I no longer know due to it being a scrambled mess of characters.

PS: Fuck you, you low life shithead!

I'm a junior programmer at a small company with mostly web dev. I had a C# project and before the deadline I granted access to the project repository one of my boss/senior coder. Several hours later I got an email with the whole project zipped and a note: I made some modifications, check it out.

Why someone doesn't want to use some kind of version control system?

Sometimes, being the only fullstack dev with access to a lot of systems gives you the ability to introduce functionality that:

A) prevents future errors

B) introduces new validations to users to make sure A) is prevented.

C) apply these changes to different projects

But most importantly...

D) without a single person in management getting involved or having to sign it off.

It's like running a company you own, but without owning it.

Granted with such power, comes the trust and responsibility of deploying changes with the adequate testing being done prior and handling change management, but fuck, sometimes I wonder if "god mode" for lack of a better term, is too much, or just enough to get the job done without the politics.

PHB wanted access to our team chat room where we do standup, among other things. Access granted. Immediately a new chat room was created.

Me: we should take this project a little more serious, follow the coding standards and please let us use git!

Pal: Oh sure.

//made a new repo and the first commit, sent the link and prepared everything (Granted access etc.)
//2 weeks later

Me: What's up, I already got quite some commits and you haven't pushed anything so far.

Pal: Pushed? what do you mean?

Me: I'm the talking about the git repo, I'm the only one contributing.

Pal: Oh yeah git, I installed it but I have no idea how that stuff works. I opened Git gui but i don't know what I'm supposed to do. I got everything in the Dropbox tho.

Me: ... ... ... FUUUUUUUUU WHAT THE FUCK MATE ARE YOU SHITTING ME, THE HELL DO WE HAVE GOOGLE FOR AND WHY DIDNT YOU ASK, LIKE WTF SERIOUSLY I EXPLICITLY TOLD YOU TO USE GIT.

😣

Spent two hours trying to figure out why I couldn't get SSH agent forwarding working in Docker. Turns out I was never granted access to that other obscure GitHub organization we use. 🤦‍♂️

Yet three other flaws...
Now it's pretty clear that Intel, either kept their backdoors pretty much knowingly and patch them when they find a better way to access data(yes I see you the functioning of ME) or it's like in the race of faster clock, took the safety of the data for granted.

Anyways, one word, Assholes. The management of Intel

So I figure since I straight up don't care about the Ada community anymore, and my programming focus is languages and language tooling, I'd rant a bit about some stupid things the language did. Necessary disclaimer though, I still really like the language, I just take issue with defense of things that are straight up bad. Just admit at the time it was good, but in hindsight it wasn't. That's okay.

For the many of you unfamiliar, Ada is a high security / mission critical focused language designed in the 80's. So you'd expect it to be pretty damn resilient.

Inheritance is implemented through "tagged records" rather than contained in classes, but dispatching basically works as you'd expect. Only problem is, there's no sealing of these types. So you, always, have to design everything with the assumption that someone can inherit from your type and manipulate it. There's also limited accessibility modifiers and it's not granular, so if you inherit from the type you have access to _everything_ as if they were all protected/friend.

Switch/case statements are only checked that all valid values are handled. Read that carefully. All _valid_ values are handled. You don't need a "default" (what Ada calls "when others" ). Unchecked conversions, view overlays, deserialization, and more can introduce invalid values. The default case is meant to handle this, but Ada just goes "nah you're good bro, you handled everything you said would be passed to me".

Like I alluded to earlier, there's limited accessibility modifiers. It uses sections, which is fine, but not my preference. But it also only has three options and it's bizarre. One is publicly in the specification, just like "public" normally. One is in the "private" part of the specification, but this is actually just "protected/friend". And one is in the implementation, which is the actual" private". Now Ada doesn't use classes, so the accessibility blocks are in the package (namespace). So guess what? Everything in your type has exactly the same visibility! Better hope people don't modify things you wanted to keep hidden.

That brings me to another bad decision. There is no "read-only" protection. Granted this is only a compiler check and can be bypassed, but it still helps prevent a lot of errors. There is const and it works well, better than in most languages I feel. But if you want a field within a record to not be changeable? Yeah too bad.

And if you think properties could fix this? Yeah no. Transparent functions that do validation on superficial fields? Nah.

The community loves to praise the language for being highly resilient and "for serious engineers", but oh my god. These are awful decisions.

Now again there's a lot of reasons why I still like the language, but holy shit does it scare me when I see things like an auto maker switching over to it.

The leading Ada compiler is literally the buggiest compiler I've ever used in my life. The leading Ada IDE is literally the buggiest IDE I've ever used in my life. And they are written in Ada.

Side note: good resilient systems are a byproduct of knowledge, diligence, and discipline, not the tool you used.

When I first started down the path to becoming a developer, I was a "business analyst" where I managed our departments reports and ended up migrating all the reports from daily query run in MS Access with Task manager and emailed out to all the managers including the VP of the entire business unit, I created
Views in the database and sent out the same spreadsheet with the view in excel daily since management didn't want "change". Granted this was at a large health care company in the US and didn't want to invest in a real dashboard for their reports. The only thing that was changed in the email and file was the file name with the current date. I left the company a while ago and recently applied for a similar position for the shits and gigs. Interviewed with the It manager and they're still using the same excel macro I wrote 3 years later.

Asking for a friend: Well actually a friend asked me (since "I'm good with computers", you know it ;)) and no real solution came to my mind, so I thought, why not ask the internet

Anyways. She's an artist and does a project (kind of a documentation) about the Egyptian revolution. She currently lives in Europe but still has her Egypian passport. As an Egyptian national, she fears, that she could be holden back for a while and have her laptop/external HD with all the photos/videos/interviews confiscated and/or searched. She asked me for help to have a "backup solution".

The requirements: a way to backup work (from a mac) to a secure location (I would offer my server running linux for it).
The upload would have to be encrypted (if possible, I suggested to use a VPN, is this enough?)
Access to the files should only be granted if you have the propper password (in my opinion the VPN tunnel should work here too, as when it's down, you can't just reopen it without a password.

What are your thoughts on this?

Long time no rant...
Just fuck apple.
I’m working in partnership with an startup as iOS dev.
We have payments in our app since it was released couple years ago. And everything was ok. Two months ago we implemented a subscription based program that granted our user access to a few things that we need to process manually. I specified that because in apple’s guidelines states that services consumed outside app are not allowed to be sold using inapp purchase and you have to implement your own payment method.
All nice and good we used what we had already in place and the updated was approved. Same for the next 6 versions. Now we discovered a quite critical bug and fixed and submitted a new update just so apple would reject it because we are using subscription that is not implemented using their fucking store kit. So they can’t get those 30% share cut.
Fuck them fuck their echo system fuck their overpriced product. I’v just abandoned my 15” mbp mid2015 in favor of a hackintosh just because my mbp was dying from high temps. Fuck it i’m almost done with mobile development after 6 years

I wanted to know what is the worst mistake you make on database.

I have actually implements the logic of token access control on database and not on business logic layer.

The database have a login procedure which accept username and password. That login procedure actually hash the password and try to authenticate user.

If it is a correct user , it generate a token. In other to use other procedure on database , you must provide a token. By using that token , the procedure know who is it and what permission is granted to that user.

I cannot access one of production machines from home while behind VPN. I wrote to support that I need to access it right now and stated this is very urgent. They changed priority form high to low... access will be granted withing 2 weeks....

I love this weekly group rant, it made me think back when my mom started to work in a kindergarten and she used to take me to work when i was 4-7 years old ('94 - '97).

There was this "TV" and all the kids used to smash the buttons on it. It also played sound, but there was always a lot of kids there so I was shy to ask them if I push the buttons too. But I was the teachers son, so I didn't had to sleep in the afternoon, and then I discovered this computer thing I was amazed, it was like nothing I saw before, you push it and it does what you pushed and, *_* this smiley is exactly me back then. It was probably an old commodore with green text on the black screen. It was the moment when I decided to get more information about this wonder.

In elementary school (around '98) we had this computer room and as I was one of the best students back then I was granted access to it. It was a huge success in a post communist country to get money for new computers to teach us kids to use them back then, so only the chosen ones could use them, and I was one of them, one of the best time time of my life, honestly. At this moment I knew for sure, I want one and when I grow up I gonna work with them. I had no idea what you can do with it but every adult is talking about how well paid are the people who use them at work. :D it sounds funny now

In '89 or '99 we visited our family in a town far away. My grandfathers sisters boyfriend had a computer and he said, look I also have internet. This face again *_* what the hell is internet. So he explained me this internet thing which "makes all computers connected, but you have to pay for it and it kinda works like wired phones you know. Here you put the address and you can open the website"
me: website, whoooa *_*
8-9 year old clever me: "but how do you know what are the addresses, do you have a phonebook for these addresses?"
he showed me google, and a slovak and czech search engine, I remember searching for "funny pictures" on the slovak search engine, because I was thinking If I search google, its english so he would pay too much :D

I didn't had a computer until I was 13 years old, but then I started to messing with Microsoft Front Page 2003, was amazed with the html and css generated by it and started to editing it.

Now Im a front end web dev

!rant

Got a question since I've been working with ancient web technologies for the most part.
How should you handle web request authorization in a React app + Rest API?
Should you create a custom service returning to react app what the user authenticated with a token has access to and create GUI based on that kind of single pre other components response?
Should you just create the react app with components handling the requests and render based on access granted/denied from specific requests?
Or something else altogether? The app will be huge since It's a rewrite off already existing service with 2500 entities and a lot of different access levels and object ownerships. Some pages could easily reach double digits requests if done with per object authorization so I'm not quite sure how to proceed and would prefer not to fuck it up from the get go and everyone on the team has little to no experience with seperated frontend/backend logic.

Desktop PUSH Notification requests are fucking stupid! I get that you’re all edgy and shit and made your stupid site into a PWA or are just trying to spam me with this amazing new access you’ve been granted over the last few years.... But fucking stop it.

If you have a PWA and a user is viewing you on desktop clearrrllyyyy they’re not mobile and your request is pointless. Log the access as 1 of the 3 they need before being allowed to install it as an icon and ONLY on mobile request push as part of the install. Maybe just maybe it’s ok if they’re mobile browsing...

Use your fucking heads people. Just because you can use something doesn’t mean you should.

Can anyone with some AWS IAM skills please shine a light on this one: I needed access to create a slack notification for a job in Code Pipeline. Simple enough, but we (devs) have next to no access to AWS so every time I try something I am stopped by the red "user X is not authorized to perform Y on resource Z.." warning message. I send an email to OPS and ask for permissions needed to do what I need (in this case: create a Slack notification for a pipeline), and I am granted that specific one. It gets me one step further, until I am stopped by a new red warning message. This has been going on for over a week, with a total of TEN new authorizations added to my user. That's TEN red warnings, TEN emails asking for access, and TEN replies saying "Ok, can you try now?". Today I finally got the god damn slack notifier set up, only to get one last red warning slapped in my face: I am not allowed to SEE the notifications configured for my pipeline. Please insert four letter word that rimes with DUCK here: [_________]!!.

I REFUSE to believe that this is how access should be granted in AWS. Can I tell my OPS person that there is somewhere they can find a list of required access rights to complete a specific operation ("Create slack notification for pipeline")? I know there are example policies for various things, but if there isn't one for what I need how should OPS go about granting me access without this totally ridiculous "try again now" approach?

Oh, and @assmaster: don't comment "nice" to this one. This is shitting me off.

So the developers in my workplace have blocked a server for themselves each when they know that there is a shortage and everyone needs to cooperate and share them. Now when they get stuck in any issue they expect me to get them out of it but just as soon as I ask for a server space, they are all like it will impact my working and we can't share. Now what would you expect me to do the next time you come to me? Do you seriously expect me to welcome you and your problems with open arms or make excuses to you when such a scenario occurs. Sometimes I think that the one thing missing here is a sense of basic human decency.

Now the zinger here - I've had similar experiences earlier and fortunately, I'm the resource administrator for the projects cloud account. Whenever these a**holes require any cloud resource, I make them go through tons of approvals which I have a blanket access granted before providing them access. Who's laughing now?