What it's like to be a network engineer...translated into normal people speak

User: I think we are having a major road issue.

Me: What? No, I just checked, the roads are fine. I was actually just on the roads.

User: No, I’m pretty sure the roads are down because I’m not getting pizzas.

Me: Everything else on the roads is fine. What do you mean you aren’t getting pizzas?

User: I used to get pizzas when I ordered them, now I’m not getting them. It has to be a road issue.

Me: As I said, the roads are fine. Where are you getting pizzas from?

User: I’m not really sure. Can you check all places that deliver pizzas?

Me: No I don’t even know all the places that deliver pizza. You need to narrow it down.

User: I think it is Subway.

Me: Okay, I’ll check…No, I just looked and Subway doesn't deliver pizzas.

User: I’m pretty sure it is Subway. Can you just allow all food from Subway and we can see if pizza shows up?

Me: Sigh, fine I’ve allowed all food from Subway, but I don’t think that is the issue.

User: Yeah I’m still not getting pizza. Can you check the roads?

Me: It’s not the roads, the roads are fine. I’m pretty sure Subway isn’t the place.

User: Okay, I found it. It’s Papa Johns.

Me: Okay, I looked and Papa Johns does deliver pizza. Is it the local Papa Johns or one in a different town?

User: I don’t know. Can you allow pizza from all Papa Johns to me?

Me: No I can’t do that. Can you get me an address for Papa Johns?

User: No, I only know it as Papa Johns. Can you get me all the addresses of all Papa Johns and I’ll tell you if one of them is correct?

Me: No, I don’t have time for that. Okay, I looked at the local one and it looks like they have sent you pizza in the past and they are currently allowed to send you pizzas. Try ordering a pizza while I watch.

User: Yeah still no pizza. I’m guessing they are getting blocked at the freeway. Can you check the freeway to make sure they can get through?

Me: No, this is a local delivery. They aren't even using the freeway.

User: Okay, well then it has to be a road issue.

Me: No, the roads are fine. Okay, I just drove from the Papa Johns to the address they have on file for you and there is nothing there.

User: Hmm, wait we did move recently.

Me: Did you give your new address to Papa Johns?

User: No, I just thought they would be able to look me up by name.

Me: No they need your new address. What’s your new address?

User: I’m not really sure. Can you look it up?

Me: Sigh, give me a second…Okay, I found your address and gave it to Papa Johns. Try ordering a pizza now.

User: HEY! PIZZA JUST SHOWED UP!

Me: Okay, good.

User: (To everyone else they know) I apologize for the delay in the pizza but there was a major road issue that was preventing the pizza from getting to me. The network engineer has fixed the roads and we are able to get pizza again.

Me: But it wasn’t the roads…whatever.

User: Oh, can you also check on an issue where Chinese food isn’t getting to me? I think it may be a road issue

As a Python user and the fucking unicode mess, this is sooooo mean!

My last internship (it was awesome). A programmer developed a vacation/free day request application for internal use.
Asked if I could test it for security.
The dev working on it thought that was a very good idea as he wasn't much into security and explained how the authentication process worked.
I immediately noticed a flaw just from his explanation. He said it was secure anyways (with an explanation but his way of thinking was wrong in this case). Asked if I was allowed to show him. He said he was intrigued by this so gave me a yes right away.

For the record, user levels were normal user, general admin and super admin (he was the only super admin).

Wrote a quick thingy server side (one of my own servers/domains) for testing purposes.

Then I started.

Went from normal user to super admin (his account) through a combination of XSS and Session Hijacking within 15 seconds.

Explained him where he went wrong and he wrote a patch under my guidance 😃.

That felt so fucking awesome.

"Make the feature more useful."

Please write a user story. It's hard to determine what you want.

"As Sales Agent I would like the <feature> to be extended so it's more useful to me."

(ノಥ,_｣ಥ)ノ彡┻━┻

Customer is always right.....

Committed to sustainable productivity..

Misunderstanding between the IT Department Staff member and the Finance Department Staff member in one of the establishments...

User: Hi, our printer is not working.

IT Service: What is wrong with it?

User: The mouse is jammed.

IT Service: Mouse? Are you sure it’s a printer, as they don’t come with a mouse?

User: Do you think I’m stupid? I’m telling you it’s the printer!

IT Service: I'm telling you, it can’t be the printer! They don’t have a mouse!

User: Oh really?... Mmmmm... I’ll send you a picture.

Scroll down...
. . . . .. .
. . . . . .
. . . . .
. . . .
. . .
. .
.
.
.

The customer is always right.
Listen to him/her and believe what he/she says.

Don’t jump into conclusions!

Request URL: /api/v1/user/53b49b5a30
Request Method: GET

Expected Response:
Status Code: 404 Not Found (as the user is actually not present in the DB)

Actual Response:
Status Code: 200 Ok
Response Content:
{
"status": "ERROR",
"errorCode": "404",
"errorMsg": "User Not Found. Please provide a valid user ID",
"type": "Error",
"userMsg": "User Not Found. Please provide a valid user ID"
}

#extremefacepalm

Seriously, god bless Laravel and Taylor Otwell.

I've just had a customer foolishly delete all their user accounts. The customer was seriously stressed about this and as it usually goes, this stress was echoed in the call.

I explained how they can easily restore the deleted records in a single click as I have configured Laravel's "soft delete" functionality site wide. i.e. when they delete a record it isn't really deleted. Functionality to physically delete the record is hidden away outside the client's user level.

Customer was seriously grateful and paid for 2 hours of my time (even though the call took 15 mins) and generally gave me lots of kudos.

Laravel, awesome.

Customer: "Why doesn't the user interface have a night mode?"
Me: It wasn't in the requirements, it also doesn't have bouncing pink elephants, do you want me to add those in as well?

Started using VS Code yesterday. As a Sublime Text user, I love it!

I just got handed a legacy php web project... Full of vulnerabilities... And it's using only mysql_ functions... Not only it's not OOP, there is not even a single class...

How good it's coded: User profiles are created manually by the frontend dev as htmls, and then the past php dev implemented them as links etc in the current page.

This is how I feel:

Imagine a database table where dates were saved as strings from raw user input. Then do migration to other database with table where dates are datetime.

Yep. That's me. 😶

I hate humans. 😧🔫

Especially those who try to be original like:
11|Sept.|2016 or 13;Juni;17

There are rules in this world, damn. 😥

Especially painful being a cybersecurity engineer;

Did something wrong with an if-statement.

Caused authentication to break completely; anyone could login as any user.

Was fixed veeeeeeery quickly 😅 (yes, was already live)

Can we just appreciate for a second how @dfox is active in his own community, both in support and as a user? I've seen like a dozen posts today of "dfox ++'d my post on my new account", my own included.

Best OP

GUI user: "How can you work from such a basic text interface like that terminal?"
Me: "How can you work with all those stupid buttons that more often than not can't do jack shit?"

Being a Powerline user, I do think that design matters a lot. But so does usability (I don't want my programs to take half a minute to load their bloated UI's) and the ability to use every feature that this or that piece of software has in its command line arguments but not necessarily as a GUI option.

So today I got a call that an end user decided to try to be a developer. He built and ran a bulk edit script on his company's server.....

Without a scaled test....
As root....
From root....
Without backups....

How's this my problem again?

Oh right, it's not (yet)!

At my first job, I got tired of having to type a user name and password every time I debugged the web application. Thinking I was clever, I put in a hack so that if you launched the application with the query string "?user=Administrator" it would log you in as the administrator. So much typing saved!

A couple days after the next release, I realized it shipped like that. In absolute horror, I walked into my boss' office, closed the door, and told him the tale of my mistake.

He just looked back at me, and after a moment or two said, "Loose lips sink ships."

And that was it.

One of our teachers developed a website for our university about three years ago. That was something like assignments management system + social network + schedule, everything in the world as one website.

It seemed like he didn't put any code escaping at all. Injected a block of CSS that made the entire page slowly fade away when some user tried to look at my page. Other teachers stared at it as if it was pure magic, doubting their sanity.

Still isn't fixed btw :)

Long story short, I'm unofficially the hacker at our office... Story time!

So I was hired three months ago to work for my current company, and after the three weeks of training I got assigned a project with an architect (who only works on the project very occasionally). I was tasked with revamping and implementing new features for an existing API, some of the code dated back to 2013. (important, keep this in mind)

So at one point I was testing the existing endpoints, because part of the project was automating tests using postman, and I saw something sketchy. So very sketchy. The method I was looking at took a POJO as an argument, extracted the ID of the user from it, looked the user up, and then updated the info of the looked up user with the POJO. So I tried sending a JSON with the info of my user, but the ID of another user. And voila, I overwrote his data.

Once I reported this (which took a while to be taken seriously because I was so new) I found out that this might be useful for sysadmins to have, so it wasn't completely horrible. However, the endpoint required no Auth to use. An anonymous curl request could overwrite any users data.

As this mess unfolded and we notified the higher ups, another architect jumped in to fix the mess and we found that you could also fetch the data of any user by knowing his ID, and overwrite his credit/debit cards. And well, the ID of the users were alphanumerical strings, which I thought would make it harder to abuse, but then realized all the IDs were sequentially generated... Again, these endpoints required no authentication.

So anyways. Panic ensued, systems people at HQ had to work that weekend, two hot fixes had to be delivered, and now they think I'm a hacker... I did go on to discover some other vulnerabilities, but nothing major.

It still amsues me they think I'm a hacker 😂😂 when I know about as much about hacking as the next guy at the office, but anyways, makes for a good story and I laugh every time I hear them call me a hacker. The whole thing was pretty amusing, they supposedly have security audits and QA, but for five years, these massive security holes went undetected... And our client is a massive company in my country... So, let's hope no one found it before I did.

Cleaning lady: *wants some tunes during work*
Me: "Sure, I wanted to listen to some music as well.. not sure if our genres match though 🤔"
Cleaning lady (CL): "So what kind of music do you listen to?"
Me: "Synthwave"
CL: "So um.. synthesizers?"
Me: "Well yes, but it kind of ties in with the dark side of technology.. the whole 1984 dystopian future etc. Privacy, lack of user freedom, etc."
CL: "So essentially cult music?"

TIL that the tech community is a cult for listening to synthwave. I bet she believes that tech peeps are lizards too.
*mentally slaps cleaning lady* - User!!

Today a user printed a pdf my system produced, scanned the printed pages and mailed the scan as pdf..... To me...
I'm physically hurting from seeing it...

expect([
row[‘blah’][0][1],
row[‘blah’][1][1],
row[’blah’][2][1],
row[‘blah’][3][1],
row[‘blah’][4][1],
]).to contain_exactly(
a.name(user), # “John doe”
c.name(user), # “John doe”
e.name(user), # “John doe”
b.name(user), # “John doe”
d.name(user), # “John doe”
)

(Note: The comments are mine.)

See the problem? No, not the ugly code (which is actually worse than what i posted here).

It’s using the same ridiculous getter (if you can call it that) that pulls a name out of the passed user object, and then expecting each row to have that name, in order. Not that order matters when they’re all the same.

Upon inspection, all objects created by the spec have the exact same name, so the above test passes (as long as there are 5 rows). It passes, but totally not because it should: those aren’t the objects that are actually in the table. All of the specs — all 22 of them — only check for that shared name on various rows, and no other data. And it’s not like this is the only issue, either.

Fuck me these are bad.

And this guy is a senior dev earning significantly more than me. Jesus what the fuck Christ.

What kind of cum gargling gerbil shelfer stores and transmits user passwords in plain text, as well as displays them in the clear, Everywhere!

This, alongside other numerous punishable by death, basic data and user handling flaws clearly indicate this fucking simpleton who is "more certified than you" clearly doesn't give a flying fuck about any kind of best practice that if the extra time was taken to implement, might not totally annihilate the company in lawsuits when several big companies gang up to shower rape us with lawsuits over data breaches.

Even better than that is the login fields don't even differentiate between uppercase or lowercase, I mean WHAT THE ACTUAL FUCK DO YOU SELF RIGHTEOUS IGNORANT CUNTS THINK IS GOING TO HAPPEN IN THIS SCENARIO?

Developer vs Tester

(Spoiler alert: developer wins)

My last developent was quite big and is now in our system testing department. So last week i got every 20 minutes a call from the tester, that something did not work as expected. For about 90% of the time i looked at the testing setup or the logs and told him, that the data is wrong or he used the tool wrong. After a couple of days i got mad because of his frequent interruptions. So I decided to make a list. Every time he came to me with an "error" i checked it and made a line for "User Error" or "Programming Error". He did not liked that much, because the User Error collum startet to grow fast:

User Errors: ||||| |||
Programming Errors: |||

Now he checks his testing data and the logs 3 times before he calls me and he hardly finds any "errors" anymore.

2 weeks ago I was writing an `rm -rf --no-preserve-root /` oneliner as a joke - as an answer to a question "I have access to my competitor's server; what should I do?". I was crafting it so that it'd do as much damage to the business (not the server) as it could.

And I accidentally executed it on my work laptop. In the background (with an `&`).

It ran for a good 5-7 seconds on an i7-11850H with an SSD, until I issued a `kill %%`

Good thing it ran as a non-root user. Bad thing - I have no idea what it may have deleted nor whether it touched my /home.

I'm afraid to restart my laptop now :)

whoopsie :)

I started a job as a developer on Monday for a large retail company. There was no computer available for me because of the IT department but I'm told it will arrive later in the day. It doesn't.
On Tuesday I get told that the PC is coming and later in the day a keyboard, mouse, monitor stand and two monitors arrive but no computer.
Today, Wednesday, I get into work and find that I now have a PC. Woo! I load windows, log into my user account with my new user and pass and go to install VSCode only to find that I don't have admin privileges and can't install almost anything. I'm told that IT will add me to the admin user group soon(tm). I wait. All day. They don't do what they are supposed to do despite us pushing them to do it.
I hope that tomorrow I can actually dev, but at least I've been paid three days wage for doing nothing lol

Anyone have any shitty IT department stories?

As a software developer the biggest bug in my software is the End user!

As a lifelong Windows user who recently started using a Mac (for iOS dev), I have to say, my mind is blown. I now get the Mac hype.

That moment when you're finally getting your user registration and login system up and running!
As a web dev student I feel like I have accomplished something :)

Story of a penguin fledgling, one of my end users whom I migrated from Win 7 to Linux Mint. She had been on Windows since Win 98 and still uses Windows at work.

Three months before. Me, Linux might not be as good, but Win 10 is even worse. User, mh.
Migration. User, looks different, but not bad.
One month later. User, it's nice, I like it.
Three months later. User, why does Windows reboot doing lengthy stuff?
Six months later. User, I hate Windows. Why is everyone using this crap?
One year later. Malware issues at work. User to IT staff, that wouldn't have happened with Linux. Me, that's the spirit!

Stumbled upon VS Code recently, an open source freeware from Microsoft. And as a VIM fan, I must say that it blew me away with its sleek nature.

Been a user of Sublime and Atom in the past as well, but VS code surely stands out.

Hello * ! I'm browsing devrant since few months and finally subscribe.
As a GNU/Linux user and Free software supporter I really appreciate to not be forced to be logged to use this app. And the community is great ! Thanks to the developers and the community for this awesome app !

I am looking for testers!
operationtulip.com is a small startup that is providing storage with Nextcloud. Currently every user gets 50 GB for free for as long as we are able to provide it.

We would like freeback from our users aswell:
feedback@operationtulip.com

Thank you :)

Use to have a client, annoying as fuck, nothing was right for him and the worst thing: IE user :O Anyways...finished the project hoped never to see him again...

Today he walks in my office: "Just got news we'll be working together again"

FML!

An adult cam website I worked on as freelancer had/has this code everywhere:
$user = $_POST['usr'];
$pass = $_POST['pwd'];
$row = $db->query ("SELECT * FROM users where username='".$user."' AND password='".$pass."' COUNT 1);

I was hired to add new features and was touch any other parts of the code. When my job was done, I tried to fix those as a good samaritan but the client thought I was messing with the system or should be thing of new features to add. So I got fired.

5 years later, I check out of curiosity and they are still there. I ask him again if I can work on them for a little less pay(I'm broke) and he doesn't reply. What a douche. I hope his site receives a shot of SQLi from a customer.

My own personal hell was a html page that had a script tag that called a rest endpoint that sent back a text block of JavaScript that was then dynamically executed to redirect the user to a php 3 page that was the exact same thing as the original page but with an extra bit of css to make the buttons blue and slightly rounded

You can’t make this shit up

User: Hey, we got a big issue with one of your tools. One of your pages isn't loading.
Me: Ok, so when did this happen?
User: We don't know? Its been like that for a long time though, so we thought it was normal 😃
Me: ....ok. So do you know what data is supposed to appear?
User: Uhhh we're not sure as well. Since, you know, its been like that for a while.

Just great 😑

I think my server got hacked, yesterday I made a new server on scaleway for the sake of testing I made a user called dev, with password dev. Forgot to change password before I went to bed.

Logged in today to find that load is 5x.x and this (image) in my crontab

Note to self: You are a disgrace, who the hell uses 'dev' as password for ssh on port 22 -_-

And this, ladies and gentlemen, is why you need properly tested backups!

TL;DR: user blocked on old gitlab instance cascade deleted all projects the user was set as owner.

So, at my customer, collegue "j" reviews gitlab users and groups, notices an user who left the organisation
"j" : ill block this user
> "j" blocks user
> minutes pass away, working, minding our own business
> a wild team devops leader "k" appears
k: where are all the git projects?
> waitwut?.jpg
> k: yeah all git projects where user was owner of, are deleted
> j.feeling.despair() ; me.feeling.despair();
> checks logs on server, notices it cascade deletes all projects to that user
> lmgt log line
> is a bugreport reported 3(!) years ago
> gitlab hasnt been updated since 3 years
> gitlab system owner is not present, backup contact doesnt know shit about it
> i investigate further, no daily backup cron tasks, no backup has been made whatsoever.
> only 'backups' are on file system level, trying to restore those
> gitlab requires restore of postgres db
> backup does not contain postgres since the backup product does not support that (wtf???)
> fubar.scene
> filesystem restore finished...
> backup product did not back up all files from git tree, like none of refs were stored since the product cannot handle such filenames .. Git repo's completely broken

Fuck my life

curl 127.0.0.1/robots.txt
User-agent: *
Disallow: Injuring a human being or, through inaction, allow a human being to come to harm.
Disallow: Disobeying the orders given by human beings except where such orders would conflict with the First Law.
Disallow: Not protecting own existence as long as such protection does not conflict with the First or Second Laws.

I managed to accidentally clear everybody's usernames and email addresses from an SQL table once. I only recovered it because a few seconds before, I'd opened a tab with all the user data displayed as an HTML table. I quickly copied it into Excel, then a text editor (saving multiple times!), then managed to write a set of queries to paste it all back in place. If I'd refreshed the tab it would have all gone!

Someone once sent me an email talking about vulnerabilities in my website. He sent a full document with step by step instructions and code.

I emailed back and said woah! Thanks for the heads up I really appreciate it!

He responds back and says
"usually people send a payment as thank you"

I said sorry we're poor.

And he responds with "should I disclose the issue to your users?"

I said "we have like 6 users and most of them are my mom. Lol"

This was the email title:

Vulnerability Report 1 : Clickjacking On Login Lead to Account Takeover Of Any User/Cross Site Scripting Attacks/User Account Privilege Escalation/Victim Privilege Escalation/Malware Execution/Victim PC Hijack/Unauthorized Access To Any User Account/Account Takeover Of All The Users Registered On Your Application 

Built a software portal that tied in with our schools user management systems (fuck that shit btw, was written in Java that tied back to a JS backend) and I couldnt get password verification working probably so put a test in that just let you put the username in and whatever password and as long as the user wasn't currently in use you login correctly (only used it to track download limits and display the student's name)

Planned on fixing it the following week when my contract was supposed to renew, but they never renewed it and every time they have had me come back I haven't had the chance to fix it ¯\_(ツ)_/¯

Thanks to @sain2424, we found a really weird bug in devRantron.

One of the user that commented on or upvoted his rant has deleted that account. So when the notification component was trying to fetch the user's avatar to show the notification, it was failling and causing the app to crash.

@Cyanite the bugs you reported is fixed as well. Please update 🙃 🙃

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Today I learned that in Unix/Linux or most command lines, when user is asked to choose an option as [Y/n], the uppercase one signifies the default.

I thought they made it a little harder as a security feature to prevent accidental keypress, and I’m shift+Y ing this for the last eight freaking years!!!!! Every time!

While trying to integrate a third-party service:

Their Android SDK accepts almost anything as a UID, even floats and doubles. Which is odd, who uses those as UIDs? I pass an Integer instead. No errors. Seems like it's working. User shows up on their dashboard.

Next let's move onto using their data import API. Plug in everything just like I did on mobile. Whoa, got an error. "UIDs must be a string". What. Uh, but the SDK accepts everything with no error. Ok fine. Change both the SDK and API to return the UID as a string. No errors returned after changing the UIDs.

Check dashboard for user via UID. Uh, properties haven't been updating. Check search properties. Find out that UIDs can only be looked up as Integers. What? Why do you ask me to send it as a string via the API then? Contact support. Find out it created two distinct records with the UID, one as a string and the other as an Integer.

GFG.

In PHP (yes, it's a language I... don't hate) I've always hated exceptions. They're like GOTO, in an OOP world with interfaces and contracts, try/catch is really odd as it breaks a promise about returning with a typed value.

But you can now do this in PHP8, which comes pretty close to Maybe/Either monads (Option, Result whatever it's called in other languages):

function getUser(): User | UserNotFound

PHP8 unions don't come with the same strong guarantees as in other languages but *pets PHP gently on the head* you did well, my boy.

Now I would really love it if PHP9 could do:

function getUsers(): Collection<User>

Type Tree<T> = Null | Node<T>;
function 🎄(): Tree<Branch<Ornament|Light|null>>

My current project. Won't reveal anything about it until I've got a usable version (which might take more than a month) but it would be a good way to give a middle finger to a big ass surveillance company.

It won't exactly match with their product since this is impossible for me to do as this would compromise user privacy but it'll come close enough!

User: - The application throws an errror message.

Me: - The error message is caused by a minor bug that doesn't affect functionality, though. This is an old solution that is in the pipe to be redesigned from scratch. As this function is rarely used, perhaps you can live with this cosmetic bug for a couple more months?

User (one week later): - I haven't got any answer from you. How is this issue proceeding?

As a fellow devRant user, what is it you primarily look for in this app ?

0. Some place to rant
1. Dev jokes/memes
2. Observer. devNews.
3. devProjects
4. Here because you don't like being in the presence of people but want to socialise anyway.
5. Finding your partner in life.

Linux is hard to learn and master. That's fine with me. Windows is intuitive, but not user-friendly. Linux has a steep learning curve, but then is far more user-friendly than any other operating system. To me, that steep learning curve was far more than worth it, as I now have a desktop that does whatever I want, and behaves exactly as I want.

People come to Linux hoping that it will be easy to pick up, and then get angry when it isn't. Then they claim that the community is toxic, because Linux users are happy with something they think is broken.

Linux is hard to learn, and that's fine. That's valuable, to me. That's part of the appeal to me(and millions of others). Linux is unforgiving when you lack the knowledge gained in that steep learning curve. That's fine with me too. As its userbase grows, so too does the number of knowledgeable people who work to make it better and invent more amazing things for it.

If Linux was easy to learn, it wouldn't be as good as it is, and to me, that's reason enough to love it.

“Fullstack dev morphs into a security expert”

We have a simple user registration system. Get the user details, generate an OTP, save in Oracle, email the OTP. The SMTP host is configured to send emails only to people who have an existing @a_very_famous_bank.com email address.

As a part of an enhancement request, the other day, we were trying to register a non-bank email address. As expected, it failed.

Manager: Meeting... meeting... meeting

Me: (Explained the problem)

Fullstack dev: so the thing is.. it’s like.. (doesn’t falter to open with these lines)...what I can do is...I can send you an HTTP security header in the HTTP request. It’ll work!

Me: (I hope an adult giraffe fucks you in your belly button)

More to come!

Anyone remembers that in windows XP you coud set any exe as screen saver, and it would run on time, even before you log into any user, as a default system user with administrator privileges?

Any Subtitle is a project that enables the user to watch a movie in a theater with a subtitle of any language on his device as assistance.

The user places his mobile handset on the holder on the seat in front of him

Normally I'm both the dev and QA... Today I was the dev, QA and the user... Of course, I'm paid only as a dev... But I'm blamed as all three... Ffs I can't do this anymore 😞

We devs are rather pessimistic when it comes to User intelligence... Trust us... bad things can and will happen, and in a Universe of infinitesimally many choices, it does not come as a surprise that someone will fuck everything up badly.

User: "Why isn't this process updated? There's something wrong with your system."

Me: "Did you submit the request?"

User: "Uh yeah I'm sure I did..."

Me: "Go submit the request again." (they never did the first time)

User: "I don't know how. Will you show me?" *shows user how to do it* "Ok I did it now."

Me: "You did it wrong, you need to resubmit it."

User: "Ok I resubmitted it."

* a week later *

User: "The process still hasn't shown any progress."

Me: "You didn't resubmit it like you said you did."

User: "Will you show me how to do it again?"

* fuck me *

Me: "Sure..."

Process works as expected and everyone lives happily ever after, except the developer that knows it is just a matter of time till the next user blatantly lies, has no respect for anyone's time, and demonstrates a complete lack of desire to care about their job at all and just wants to bitch and complain like a typical lazy ass-hat.

Pulled this from a web site's privacy policy. Remember, just because there's a switch doesn't mean anyone has to abide to that rule.

Browser “Do Not Track” Signals:  Most browsers contain a “do-not-track” setting.  In general, when a “do-not-track” setting is active, the user’s browser notifies other websites that the user does not want their personal information and online behavior to be tracked and used, for example, for behavioral advertising.  As required by recent Shine the Light law amendments we are required to inform you that, as is the case with most websites, we do not honor or alter our behavior when a user to one of our Websites has activated the “do-not-track” setting on his/her browser.

Anybody do any cloud gaming? As a Linux user, I lack access to a reliable Windows gaming machine, so I rent one through paperspace, and pay 40¢ an hour to stream gameplay though parsec to my Linux desktop.

I've been playing a lot of Subnautica lately with it. How about you?

My predecessor used auth as a bool. The only way he kept basic users from accessing admin functions was by including the word "admin" or "user" in the URL so any user could be the administrator by just changing the URL parameters after logging in

For example, mysite.com/admin/editorderdetails vs. mysite.com/user/editorderdetails

Hey !
A big question:
Assume we got an android app which graphs a sound file .
The point is: the user is able to zoom in/out so the whole data must be read in the begining , but as the file is a little longer , the load time increases.
What can i do to prevent this?

Oh finally I figured out how to use SSH pubkeys! It's simple:
1. Generate a public key on client
2. Somehow transfer it to server
3. Put it into user's authorized_ keys files
4. Now you can login as the user whp has your key in authorized_keys

My very first staggering steps with programming were made with Basic, and commands like INPUT that allowed me to create simple text adventures. As silly as it might sound, my biggest hurdle was to figure out how to make realtime action games, reading input from any sort of user device (using GET and JOY) without waiting for input, and designing game cycles in such way that they gave the impression of multitasking (keep in mind there was no such thing as threads). These machines and the Basic interpretor were extremely slow so making anything move a little...er...smoothly, let alone creating a game, was a challenge in itself.

Dear Client,

You said it was of paramount importance that this software work flawlessly. I've worked hard to make it so, even when your indecision and lack of attention to detail indicate you don't care as much as you say and have made the project late.

Yesterday when I handed you a step-by-step user acceptance test plan, you delegated it to someone not as familiar with your specific requirements. You said you don't have time for such things.

I will remind you of those words when the project launches and you find something you dislike.

Sincerely,
Me

Stack Overflow taught me to place all my respect for fellow users in a near arbitrary score.

As a new user here I feel trapped...

I think nobody as a developer or as a sysadmin wants to deal with a grouchy sysdba. As a full stack developer who sometimes does the work of a sysadmin or sysdba I prefer to do things myself when I can.
But last week I was notified that my app was failing in prod. After some debugging the problem seemed to be related to some queries.
Upon further inspection I realized that the cunt revoked the select grant for the user my app was using.
I will let that sink in. He revoked the fucking select grant. Wtf😶

Rails gems are like heroine. Addicting as fuck and dangerous when you stop using them.

Just the other day I was explaining user accounts explanations to a coworker when he asked me "what if for some reason you cannot use that package"

My brain froze for a minute trying to remember how would one go about doing that without devise.

Dangerous man.

Has anyone installed Elasticsearch on Linux - centos to be specific.

Trying to workout why the fucker won't install. Setting up a proof of concept so don't want to use it currently as SaaS.

From why I can tell, it only needs Java, (check) and to be ran as a user other then root (check) but running ./bin/Elasticsearch hangs after a while and starts powering up 100 odd threads with no progress.

Today in development: discovered that it's possible via combination of keys to rename a database in SQL Server Management Studio without as much as a dialog box to confirm.

Shout out to the 2000ish users in production that discovered this delightful nugget of info with me.

Lessons learned:

A) Don't trust Microsoft to create software that makes you confirm potentially catastrophic actions

B) Make sure your user hasn't been granted ALTER DATABASE permissions without your knowledge before you start using it.

Why the fuck do apps throw tantrums as soon the phone looses internet connectivity?

HBO stops steaming and closes the player as soon as wifi disconnects, discarding the buffered data.

For Quora, it replaces loaded answers with a UI asking you to reload the page. Now, what am I supposed to do in the lift? Stare awkwardly at the lift buttons?

At what point did we decided bad user experience and arbitrarily discarding cached data is the way forward?

Previous dev needed to validate new user names as unique. His solution? Query Top 1000 rows and do a string comparison. Totally scalable, amirite?

Tech Lead: We need to exclude logged in user from our all users API as we don't want to show user's self card on the frontend with other users.

Me (Backend dev): This should be handled by the frontend and they should exclude it by a condition in their loop:

If (user.id != loggedUser.id)
{
// Add card
}

We also need self user at several other places.

Tech Lead: Create a query param filter for that.

Me: We should keep our APIs as generic as possible.

(Real thing starts)

Tech Lead: Which has more processing power frontend or backend?

Me (confused): Backend

Tech Lead: This will add a break to our loop and Do you know how much processing power it will take because of this condition?

Me (dead): WHAAAA....?

Been a Debian and Ubuntu user since the age of fifteen (21 now). Let's start a new journey! Installing Fedora as we speak 😀

I just hate it when a co-worker says "AS LONG AS IT WORKS. It doesn't matter how you code it as long as it outputs what the client/user wants. They don't check how you code it anyway" *facepalm*

We effin' follow standards so that it will be convenient for everybody!

Bad code is still bad code if you don't follow standards even if it works.

Switched back to windows because I needed IIS for work and I did miss having a touch screen (could not get driver working on Linux).

A few gripes.

I mean, the standard "oh great, half a day downloading and updating my machine" applies.

The thing I forgot about Windows is that after everything I do it wants to restart. Updating itself forced the computer to restart several times, wtf.

Powershell (ironically) holds a shadow of bash's power

So many "power user" actions are done with a gui, dear lord give me a terminal command and a man page any day over the convoluted way to do some actions. Changing permissions for IIS was several layers of gui dialogues, where it would be a couple of commands in bash.

Sorry to be unoriginal and moan about an OS, as an end user windows is great and a lot more streamlined and arguably prettier, but as a programmer it doesn't make life half as easy as the realm of *nix

If a user ++ all your rants and they happen to delete their profile does that mean that all the ++ he/She gave you goes away as well? Or what?

I have a love hate relationships with Google.

As an investor, I love how they are a natural monopoly that keeps growing into new areas...

As a deaf user, And I hate how they find ways to screw me over while still looking good.

At first, I was skeptical and somewhat resilient of trying Arch Linux. As a former Debian based distros user, I have to say : once you go Arch you don't go back! Time to 🍚 it up a bit more!

That's a question I found today at stackoverflow, though it was deleted when I tried to read and the user was deleted as well.
What do you people think?

I think the person who wrote this is one of those people who think that stackoverflow is a place to find someone else to do your homework...

So yeah XML is still not solved in year 2018. Or so did I realize the last days.
I use jackson to serialize generic data to JSON.

Now I also want to provide serialization to XML. Easy right? Jackson also provides XML serialization facitlity similar to JAXB.

Works out of the box (more or less). Wait what? *rubbing eyes*

<User>
<pk>234235</pk>
<groups typeCode="usergroup">
<pk>6356679041773291286</pk>
</groups>
<groups typeCode="usergroup">
<pk>1095682275514732543</pk>
</groups>
</User>

Why is my groups property (java.util.Set) rendered as two separate elements? Who the fuck every though this is the way to go?

So OK *reading the docs* there is a way to create a collection wrapper. That must be it, I thought ...

<User typeCode="user">
<pk>2540591810712846915</pk>
<groups>
<groups typeCode="usergroup">
<pk>6356679041773291286</pk>
</groups>
<groups typeCode="usergroup">
<pk>1095682275514732543</pk>
</groups>
</groups>
</User>

What the fuck is this now? This is still not right!!!

I know XML offers a lot of flexibility on how to represent your data. But this is just wrong ...

The only logical way to display that data is:
<User typeCode="user">
<pk>2540591810712846915</pk>
<groups>
<groupsEntry typeCode="usergroup">
<pk>6356679041773291286</pk>
</groupsEntry>
<groupsEntry typeCode="usergroup">
<pk>1095682275514732543</pk>
</groupsEntry>
</groups>
</User>

It would be better if the individual entries would be just called "group" but I guess implementing such a logic would be pretty hard (finding a singular of an arbitrary word?).

So yeah theres a way for that * implementing a custom collection serializer* ... wait is that really the way to go? I mean common, am I the only one who just whants this fucking shit just work as expected, with the least amount of suprise?
Why do I have to customize that ...

So ok it renders fine now ... *writes test for it+
FUCK FUCK FUCK. why can't jackson not deserialize it properly anymore? The two groups are just not being picked up anymore ...

SO WHY, WHY WHY are you guys over at jackson, JAXB and the like not able to implement that in the right manner. AND NOT THERE IS ONLY ONE RIGHT WAY TO DO IT!

*looks at an apple PLIST file* *scratches head* OK, gues I'll stick to the jackson defaults, at least it's not as broken as the fucking apple XML:

<plist version="1.0">
<dict>
<key>PayloadOrganization</key>
<string>Example Inc.</string>
<key>PayloadDisplayName</key>
<string>Profile Service</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist

I really wonder who at apple has this briliant idea ...

I googled "scrum sucks" and now I can see a pattern described as an argument against the whole scrum/agile/whatever thing, which is already happening since we started adopting agile: we're consciously incurring technical debt and being allowed to create a mess out of the previously existing code architecture just to "get this ticket out of the way"

We're also refraining from acting immediately on negative user feedback on a feature just released, which I think can wear user perception of the company as a whole, all because it's "not the focus" of the current sprint

management logic.

dev : calling api on every product scroll is a stupid idea. we shouldn't do it. what if user has 100s of products bought?
mgmt : it isn't a practical scenario. in prod, we checked the data and we rarely have customers with more than 20 products
dev : 😮🤷‍♂️

dev : this is a rare issue that only happens for very old devices from this specific manufacturer. even manufacturers have acknowledged this.
mgmt : we don't care. fix it, as per data this error has been logged for more than 12 times (from 1 user only)
dev : 😮😢

The whole app was a shitshow...
- Cancel order as a post request (the same post request used to save the order).
I demoed the client how with a couple of lines of code I could change his "Cancel order" button to "Mark my order as payed" button....
- List orders method took an user id as input...
- Update profile did not care about wich properties you should be able to change as a non admin...
And so on...

People talk about how the Linux desktop is coming along. I don't really give a shit about Linux's viability as a desktop OS, or attempts to give it general appeal. In my opinion, that just introduces hits in performance and flexibility. It's a great desktop because I know what I'm doing. I want that. That doesn't have great appeal, but I don't care. Gnome, Unity, KDE, and Cinnamon are user friendly, but heavy as fuck.

Built a whole test suite around our Laravel app which has been pointed out to exec as slowing down CI and yielding no value to the user.

Arguing it’s ensuring something our users is using doesn’t accidentally break just gets brushed off as incompetence.

Oh well, I’ll just skip tests in CI and continue writing and running tests on my own as I don’t feel confident just cowboy fixing things.

Possibly the start of a very bad adventure: I'm helping my brother-in-law set up a website for a business he'd beginning with his wife. I'll be needing to provide him a simple cms & shopping cart that he can manage. No payments as we want to just use PayPal so as to avoid having to actually manage user data & credit card information.

Wish me well....

Also advices appreciated cause otherwise, I'm gonna use a simple Drupal or WordPress site with like 1 theme and 0 plug ins.

Someone wanted me to make a full system from zero with good UI/UX, for 2 different user types (think marketplace style), admin area, and cool features that could only be done through phones because the tech is not available in web. All of this with good security due to the delicate information it would handle. Also of course subscription support as well.

By myself, within a year.

As I am working with WordPress for the really first time I am making horrible experiences now.

My client wants a simple submenu on the sidebar if the user is logged in else he want the login form to be there. Easy peezy done with php and just good old plain html. Maybe some JavaScript to make the login process asynchronous.
But fucking bitch - NO. As I found out after searching and digging. I have to create a menu in wp-admin first. Then add a menu-widget to the sidebar. And then install a plug-in to make the links only visible for logged in user. Wtf?

WordPress takes all the joy in doing web development for me. I won't do that anymore. I will force all new clients to use proper tools to make their shit work for them. And as I am the expert in this things I am the one who suggests the right tool.

Fuck this shit.

Hmm...recently I've seen an increase in the idea of raising security awareness at a user level...but really now , it gets me thinking , why not raise security awareness at a coding level ? Just having one guy do encryption and encoding most certainly isn't enough for an app to be considered secure . In this day an age where most apps are web based and even open source some of them , I think that first of all it should be our duty to protect the customer/consumer rather than make him protect himself . Most of everyone knows how to get user input from the UI but how many out here actually think that the normal dummy user might actually type unintentional malicious code which would break the app or give him access to something he shouldn't be allowed into ? I've seen very few developers/software architects/engineers actually take the blame for insecure code . I've seen people build apps starting on an unacceptable idea security wise and then in the end thinking of patching in filters , encryptions , encodings , tokens and days before release realise that their app is half broken because they didn't start the whole project in a more secure way for the user .

Just my two cents...we as devs should be more aware of coding in a way that makes apps more secure from and for the user rather than saying that we had some epic mythical hackers pull all the user tables that also contained unhashed unencrypted passwords by using magix . It certainly isn't magic , it's just our bad coding that lets outside code interact with our own code .

If you are a web developer, consider using proper page titles.

Page titles are one of the most basic elements of a web page and yet websites often fail to make proper use of them.

Without a proper page title, your user does not have an accurate idea of what page is in the tab without having to open the tab, which gets tedious if many tabs are open. With a proper page title, an instant glance on the tab does suffice.

Some sites only put in their site name or something like "Search - Site Name" without including the search query in the page title, or "User profile - Site Name".

An example of this is, disappointingly, archive.org. As thankful as I am for the Archive, they could make better use of page titles to make browsing their library more convenient. While they use proper page titles on item pages (including both title and author!), they use non-descriptive titles on their 2023 search feature (downgraded from lightweight static HTML+AJAX to a JavaScript app) and user profile pages.

The user name of a profile or a search query and ideally a page number should be in the page title so a browser tab with a search can be found faster and can also be seen on social media sites that auto-generate preview cards with page titles.

Descriptive page titles also improve your search engine ranking! You surely don't want to miss out on that, do you?

A lot of people give Google, Facebook, Microsoft, etc. shit for "selling" user data although in my opinion acting as a matchmaker between advertisers and users does not really constitute selling data.

In contrast there seem to be a lot of companies that actually do sell user data that I never hear anyone here talking about.

I'm facing big issues on one of my apps and luckily a user is helping me doing some tests as I can't reproduce the issue. He just sent me an email and guess what?! He wrote "happy weekend". No. It's not going to be an happy weekend for me.

Never have I been so satisfied as I am right now after having implemented a login and user account system with the ability to update user preferences with databases n' shit in PHP after only knowing PHP for a day.

Speaking of all that, do you guys know of any good place to make sure all my stuff is secure? No SQL injections n' the like.

I wished there was a lmao button, because sometimes a post/comment makes you laugh your socks off or is very clever, but a ++ won't just do it.

and you also don't want to reply with a "that's hilarious", because
a) it's non-content thus not something that others than OP would ever want to read
b) on the internet, compliments are usually interpreted as sarcasm

but such thing would also degenerate quickly into a troll tool, eg, a user posting an opinion in a serious manner, and other users spamming that lmao button...

so maybe not exactly a lmao button, but something similar, like medium's clap (although I think 50 claps per user is a bit too much).

!Rant
Got a job offer as an Android Dev, signed the contract, while signing employer asked me if i am a mac or pc user. A day before my joining date got an email from him asking me to bring my mac with me on my first day. Turns out he won't be providing me with a machine to work on :).

It is not on production anymore, but it was for long enough. Someone thought it would be a great idea to be able to debug a web app while signed in as a user reporting a problem. How to do it? It's easy. Just check on every request if magic HTTP parameter SIGN_IN_AS=id is present and if it is, sign in as this user. Of course, it worked also with admin account with hard-to-guess id=1.

Looking for a second opinion/validation.

*Me: “Perhaps this simple and concise way to ensure the user doesn’t lose their data before they leave the page that requires non-zero yet minimal input from the user. (Read: ya gotta push a save/submit button)”

*Everyone else: Let’s pretend to read the user’s mind and perform relatively complicated functions behind the scenes, of which the user will most likely be unaware, that will add an undetermined amount of complexity to the development because we think it’s “where things are going,” by saving the value of a certain HTML element as it loses focus.

Edit: this is an exclusively-internally used app.

AS A User
I SHOULD be able to...

Fill in the blank. Worst one you’ve ever heard. 😂

As a .NET dev I get questioned about using VS Code in favor of full-blown VS. My arguments are that it is faster, lightweight and overall more user-friendly.

I use it exclusively, for all types of files and projects (JSON, SQL, Angular projects, .NET Core, ...)

Do you guys like using VS Code as well? What do you use it for?

Also, if you ever want to annoy a colleague, try associating all file extensions with Visual Studio and watch him go bonkers.

Okay so my ticket got rejected because the on screen texts are not in the correct case (upper/lower). Totally fair because nowhere in the spec are those texts defined. As a developer I am also responsible for what "makes sense" for the user.

I'm just gonna say this next time I ask for a raise.

It's a toss up between a basic software portal for my old school as a volunteer thing or an old game designed around user content creation.

The portal is more of a personal success but the game was a success in the respect it ended up rolling past a Bethesda employee and he gave me a one on one Skype chat about there design methods.

We really take for granted just how much ergonomics goes into the average user interface that has matured.

Like knowing that when I doubleclick a keyword, I don't want the comma as well to be selected.

Or that when I use a command in the terminal and I press tab I want a list of a specific element type.

Everything has gotten so much better since the 90s !

Today is my second anniversary as a full time linux user.

When do I get my Tux plushie and a personal letter from Linus?

Waiting 15+ minutes while Windows "indexes" a folder just so I can see the contents reminds me of why I dislike Windows as an OS so much.

This is a senseless operation that is of no benefit to the user.

As a webmail user, I want to be logged out automatically without any reasonable reason, to be able to read your notice that I have forgotten to log out, once I log in again.

Prepending user story titles with 'as a user' does not make you agile

This is a gripe about modern UX interfaces. UX interfaces need to have better ways to get information displayed in text as text. It is exceedingly annoying to be presented with an error message in a dialog with a cryptic error code. The user is forced to transcribe the error message to try and figure out what is causing the error. Just make the text copy-able with normal cut and paste interfaces. I think this should be a standard in interfaces that present text to make it easy to copy the message or text from interfaces. This makes information sharing easier and less cumbersome to the user. This is definitely a mindset change for UX. This is mostly a gripe about desktop. Phone systems are just shit to begin with.

Product owner and scrum master prioritized a not important user story. We are just new to the assigned team without proper turn over, KT, vague user story(one sentence) and no time to prepare our local environments. Then after sprint 1 the client wants a demo by next month but the PO and SM had prioritized the wrong user story so now they are pressuring the developers on finishing fast the other correct important user story. They mismanaged it and now they say the development was slow thus blaming us?! WTF. We hit the deadline of the first user story with unpaid overtimes.

The other PO was always asking us on how to fast track the development lol.

I'll tell them all their faults in the next meeting. As usual we are just high paid corporate slaves with golden hand cuffs trying to escape the rat race.

Something that I absolutely hate about the IT industry:

When a feature is deployed the chain is like this:

Dev -> Testers -> QA -> Product Manager -> End User

But when things break in production and management wants to yell at the staff... only the devs get the heat and no one else, as if they weren't responsible for anything at all.

Really fucking hate it.

As I am now in a leading position in the middle of a agile transition:

has anyone got a source for a project done completely with user stories?

I am searching a real life example with already finished stories an active backlog and a documentation.

I just can't wrap my head around it. When and what do you document? In which Form do you document? How are you writing user stories with more content like diagrams and such?

(we use jira and confluence but just started with stories)

I read some articles on the topic and watched some talks but sill don't get the picture.

Here's a hypothetical scenario: what if all web-developers in the world united and collectively decided to act as if there are no other browsers except Firefox and Chrome?
I know I do. Of course, everything I ever made targeted younger audiences, so only idiots, Apple fanboys and the ocassional Opera user used anything else...

An alternative OS for phones able to be installed super simply without flashing or unlocking the bootloader, similar to how easy it was to jailbreak am iPhone years ago. It would also have a focus on privacy and the ability to turn off and on as much functionality as the user wants

"Help" messages that are only shown once are not so helphul.

Some software and websites have help pop-ups and tooltips that are only displayed on the first use and then never again. There is no option to show it again.

That is a terrible idea, because the user might want to see it again as a reminder.

Showing something to the user only once means expecting the user to memorize it all at once.

Forgot to do server side verification.

As the service (an injectable game) was expanding and the old system relied on server side calculation without anything returned from the user, the expansion was done a little too fast.
The result could have been anyone passing wrong data and receiving the grand price like a holiday worth $10k. Quick fix ...

Here's an idea.

I wonder if a politician who work as a dev can belong here...

=======================
Content Boundaries and Use of devRant

Rule 2.
Politics: You may not post rants regarding politics unless they are directly related to a current event directly impacting development/tech. We've gathered lots of user feedback on this rule, and it is widely appreciated as devRant is a platform to have fun and somewhat of an escape for developers, who want to keep real-world issues and controversies off the app.

God damn I hate that "smart" and "convenient" autoscrolling to focus areas which has kind of exploded on webpages, most of the time just fucking the user over while one is trying to read something or generally use the site.
Pages bouncing all over with shitty response, who the fuck thought that were a great idea, they should've been put in the ground as a Thank you.

PM looking at Concept Design: "There were checkboxes and now you have radio buttons"

Me: "Those are two separate screens. One is the user inventory, the other populates an add"

PM: "So which is it? Are we using checkboxes or radio buttons?"

Me:"...both? Each where it makes sense?"

PM: "So what's the point of the radio button? If the user can only click one row, why do we need a radio button?"

Me: "Visual representation of what they selected. We could use row highlighting as well, it doesn't really matter"

PM: "But what's the point?"

Me:"...."

So I was just about to post a whole long rant about something breaking with an update. But I literally just found out, the whole thing was my fault because I changed something. I feel so fucking stupid. I went on a rant in a Discord chat with a couple friends, blamed fucking everything I could possibly think of.

Then I remembered when I tweaked a config file just a few days ago. "Maybe that has something to do with it....?" YUP, I'm a bit stupid.

Basically I changed an environment variable, and the variable I was referencing in it isn't being set (which is an issue itself, but I can figure that out), so instead of looking in that folder, it was looking in the root directory, and I was getting some permission denied errors cause..I was running the program as my normal user. Of course I shouldn't be able to write to root as a normal user.

I guess I'm a bit stupid sometimes when I'm sick.

PMs that start every ticket with "as a user I..."

I've been working on this fucking instagram connector for 4 weeks now, mainly due to idiotic red tape

Now the time has come to get it approved. I'm supposed to let them know how to test the connector with a test user. but FUCKING facebook's test users don't even work as test users! their own spam catcher identifies their own test users as bots!!!!

I mean what the fuck!!!! HOW AM I SUPPOSED TO GET THIS APPROVED IF YOUR TEST USERS DON'T FUCKING WORK AS PART OF THE TESTS

AAAAAAAAAAAAA THIS IS FUCKING INFURIATING

PM blindly puts user requests into JIRA as tasks to complete without thinking through their relevancy. Some of these are straight up not possible or don't make any damn sense. (╯°□°)╯︵ ┻━┻ just a constant reminder how great it will be when I leave here at the end of the month.

Working at a local seo sweat-shop as "whatever the lead dev does't feel like doing" guy.

Inherit their linux "server".
- Over 500 security updates
- Everything in /var/www is chmod to 777
- Everything in /var/www is owned by a random user that isn't apache
- Every single database is owned by root sql user
- Password for sudo user and mysql root user same as wifi password given to everyone at company.
- Custom spaghetti code dashboard with over 400 files in one directory, db/ api logins spread throughout these files, passwords in plain text.
- Dashboard doesn't have passwords, just usernames to login
- Dashboard database has all customer information including credit card stored in plain text
- Company wifi is shared by other businesses in the area

I suggest that I should try to fix some of these things.

Lead Developer / Tech Director : We're an SEO company, not a security company . . .

For me it has got to be Retroarch/Libretro (or as I've taken to call it etc.).

Retoarch is a frontend for Libretro which is an API that emulator developers can use so that I as the user don't have to worry about configuring each emulator (and some other stuff).
It's a godsend piece of software that makes it possible for someone like me to really just enjoy my (but but expanding) library of old games (that I can only dream of playing on original hardware)
Also, it's multiplatform!

I also tagged it as wk119 since this is my school setup

A banking application helps businesses attract new customers, increase audience loyalty, and improve the quality and speed of service delivery. The banking application can also act as a new marketing channel and a tool for detailed analytics of user actions. What do you think about it? Is it convenient to have a banking application on your phone and always at hand?

Heads-up, stop using email as a user-id in your systems. netikras@gmail.com and net.ikras@gmail.com are the same recipient. And noone really checks for that dot when validating a new user in our systems, do we? :)

If you think parametised queries will save the day think again.

I occasionally test sites I visit throwing a few quotes at inputs and query params.

I also always test logging in as % with user or pass.

Not only are plaintext passwords a thing but so is this:

WHERE username LIKE ? AND password LIKE ?.

Once I saw an OR.

XCode you fucking piece of shit...

So I just wanted to process my ios app to the app store and start the archive process. All of the sudden:
Command CodeSign failed with a nonzero exit code

What? So there is an error and you cannot tell me the error code? All information you give me that it isn't zero!? Wow... Amazing... What a great user experience. Maybe it cannot resolve the error? Maybe it is some external tool Apple has no access to and that is the only valid error they can throw at us?

Oh hell no! It has something to do with the keychain access! But why tell the user? That wouldn't be as much fun as just tell it is a nonzero error, isn't it apple?!

In the end locking and unlocking my key chain solved the problem... Thanks for nothing XCode!

Last week someone from a clients IT mailed me saying some user needed setting up in the software we develop. There was a flurry of emails from the person, the persons boss, their IT, etc. I sent instructions to the IT person explaining how to create users. Next day another flurry of emails asking if I created the user or not. Seems like they cant follow instructions so I went in and created the user for them then didn't think anything more of it.

Then last night I binged watched many episodes of this TV series 12 monkeys which is all about time traveling. Anyway in this morning I get into the office and there are all these emails from this same person, from last week, also emails from their boss and their IT people again all asking how this same person can be set up as a user. I had to quietly just ask one of the other developers "what day is it?" just in case..

Allowing only 1-2 chosen apps to use mobile internet while being run in user-space (as in you see the shit and are able to close it via a swipe) would be sick..

Today I completed my first user story as a developer, an feature to edit and update comments posted. It passed the test too.

I'm proud of myself about the achieving this given my actually development experience is very minimal :)

More challenges to conquer..

Thanks

- Implemented oauth1 - no body hashing
- URL contains credentials in plain text
- Used Azure API management feature as a proxy of the our API, however the documentation was on the our API, thus exposing the API URL with no management to developers.
- easy resource DDoSing because each trial user got a DB, the registration process did not have bot checks. You could literally freeze the db instance by spamming registration requests.

As a i3wm user for a long time, i had my first vodka yesterday. i use gnome now

No. I’m not going to take a 20 minute user-testing job disguised as a “survey” for you - for free, LinkedIn - and all your other super rich companies. You gotta pay people to work for you.

UX-wise, it should be absolutely forbidden to alter anything that is being overlapped by the cursor.

One example is the (mostly) terrible search in Windows 10. I have a tendency to use the keywords "fire" for either Firefox or Firefox Developer Edition. Sometimes, Windows will give me Developer Edition as the top result, which is fine. But as I I'm about to click the icon, Windows will find the other Firefox and place it as the top result.

This is known as terrible UX. The user interface is working against the end-user.

I checked out this new hybrid app that was released by some local senior developers.

Turns out that on my user profile, my user ID is set as the value of a hidden field and changing it to any other user ID and saving the form will update the profile of that user. Including changing the password.

The password reset form also allows me to change the user ID to reset that user's password.

Speaking of passwords, the value of the password field on the profile is my actual password in plain text.

Yes, I said this app was released by a couple of "senior developers". One has over 15 years of experience and the other works at an IT company that builds online banking systems. They appear to have outsourced this side project to some other development team but... Come on. At least take one quick look at the source code before releasing it, why don't you?

I don't even...

Shadow DOMs – the WORST invention in web standard history.

As a user script and user style developer, the shadow DOM has been a massive headache. Shitow DOMs block custom CSS, blocks parts of the page from being saved, and blocks user scripts and browser extensions. Shitow DOMs are an utter nightmare, especially closed ones.

And now, Google Gerrit's entire user interface is shadowdoomed. The only way to save pages locally is to scrape the JSON from the developer tools, but that is not possible on mobile.

Can I please rant? So my Acer Computer started misbehaving and turned my firewall off by itself a few weeks ago. After that, the dumb thing decided to revoke my admin rights, and since I was the ONLY admin, I have zilch admin privileges, can't download any apps, and can't make any new user profiles.

How in the living fu*k am I supposed to do my schoolwork and homework for school on a piece of sh*t computer I paid lots of money for? I have tried the built-in admin trick, and it did NOT work. My other user account I can NOT open, as Windows 10 states that "you need an app to open this".

As a Windows user tryin' to type a simple @ in a MacBook Pro: Every time a PITA!

User feedback

Been working on an application for the three days then yesterday happened to present a demo to my target client base.
Me:I need you to go through the app and tell me your experience using it.
User: Great let me see it and comment on it.
Me:I wait patiently as he goes through the app asking for clarification on some activities .
User:I love it but I think would be nice if we improve on the following.
Me:Okay go ahead all ears.
User:How about on the share feature instead of sharing the apps link then one goes and downloads it and install,how about you simply share the APK and install it instant.
Me:Okay that's a good thought and later go on to explain to him why we share links as compared to sending the APK directly .

I want to cry... Fuck it.. shiit. .. :( :( ;(

Wasted half of the Weekend to Setup MySQL on my vServer which uses ssl encryption, have specific User and so on.
Thought: well, the User mysql is not so good as a Name. Drop it, you don't need it.
What did I? Instead of Drop User mysql , I typed Drop Database mysql.

Fuck that fucking Shit. I'm so sad right now. Broked the complete MySQL Database. Nothing is working anymore. And the server is new, I've Just made One Backup. Deleted this a few hours ago.. also accidently.

Help me :( Shit :( so sad :( Now, I don't have Motivation anymore to work with the vServer :(

So, yeah it's been a month in the industry for me now. Rant time - I got mind fucked when I saw my teammate making a drop-down list which was editable, when I confronted him and explained him the disadvantages of that. His explanation is that user will not take advantage of that as the feature is for our internal use. But on a positive note he fixed it.

Somebody needs to look at the whole user admin side of all of google products from a users perspective. Then realise what a disjointed dysfunctional, horrible, confusing, pile of shit it all is. I would say the same for zoho, another example of how to put as many obstacles in the way of doing straight forward tasks.

As a user I want to fart before some one opens the door.
As a user I want to wait if someone farted.
As a admin I want to see who farted.

Does anyone else get annoyed with tasks like that? So much unnecessary words.

Bla bla bla do this bla bla bla

Bash on Windows is incoming soon! As a dual boot win10/Ubuntu user I am pretty psyched. Curious as to what you all think, and opinions from insider program participants.

I just hope it isn't half-assed.

as a new user of maven, my current frustration level: pom.xml

What a day we are testing a system which was supposed to handle 10 maybe twenty user to handle 12k users.
And i am being lectured this system is using way more resources as it is supposed to be 😔. At design time the same people just wanted to save time.

As a user getting warnings and errors containing the word "unknown" it can be kind of frustrating, but as a programmer I can relate...

As somebody who works in the industry, 2FA is a great idea, we need to do it more.
As a user, fuck 2FA, I ain't have time for that shit, if you make me type my screen lock once again I will throw my computer out of the window.

Is there a way to sign code for free (or atleast not need to pay over £200 for it)? Im a student and cant really afford much but I have been working on a website and made an electron build for it, however downloading the installer prompts the user to discard it in chrome, then running the installer prompts the user to select do not run in the windows security thingy as its from another computer.

What would be the best way around this if I cant get a certificate for it?

I was a Windows user from the start had an old windows pc og and ever since that computer and my first HTML book I've wanted to code and design as a passion hobby and now work

On a personal project, running some tests.
I had errors in specific tests, I just removed them and added a comment:
// We assume the user will use it as intended

As opposed to my horrific experiences with PayPal, Swish, a Swedish (really smooth) payment processor has some really nice documentation. An example:

"The callback, in the happy case, will return an intermediate response with the status DEBITED."

And other nice things such as clear numbered lists describing user flows, with images for extra clarification. Also, they provide full lists of error responses and in many cases suggested way to proceed with these error cases.

And as the cherry on top, this is developed as a cooperation between a few Swedish banks. The banks, who are the most thick type of companies when it comes to IT, does it better than PayPal.

On stackoverflow, I saw a new user post a comment as an answer, probably just because they had not enough reputation to post a comment. Before I could finish a helpful comment about the situation, that post got downvoted -5 and deleted because the user considered his own abilities "shitty" which was considered an illegal swear word by stackoverflow. Stackoverflow is like the Sunday school of programming, oh my ️🤦‍♂️😠

I can't believe it is real: I just had to talk someone out of calling a navigation point "FAQ User"

Had to admit I'm from Germany and so was the client. It's quiet common people pronounce FAQ as fuck here

@notRant
The devRant team seem quite humble. I feel it's quite important to have a humble face to your user base, because without it, our jobs as devs would be meaningless, even if you develop a cool app like {{ $coolApps[0] }}.
@include('funny_meme.jpg')
@endNotRant

We have a role/team/user system where we can add people to teams so they can see our code.

Every time I have to add people to something, 20-something emails arrive to inform the new users' managers and let the user know that a request has been made.

Never do I feel as anxious as when all these emails go out and everybody sees my name and I immediately feel like I fucked up

Why does nobody talk about security, even as basal on user accounts?

Its rare when i find a a framework/tool/talk/library/spec where the docs give an explanation, and more important an example of doing it the right way, and i mean without going into the history of ancient Greece and their scytale stick

At internship with a fellow student from my class, making a SqliteHelper class in php to make things easier. Delete methods only have only one parameter (Primary key)

Coworker: "Why do you use the primary key as parameter? The user has no access to it!"

I can't express in words how close I was to snapping.

I'm studying a mix of computer science and engineering. This semester we were tasked with hacking a "smart-production"-production-machine.... And OMFG it's shit!

This is a product by a major company and it's version 4... How the fuck is it this bad?
Like, using the same 5-letter password on all the PLC's FOR THE ROOT USER!!! WTF!!! AND open, unencrypted Telnet.....
This is a million dollar machine and, as soon as a hacker is on the same network it is done for! wtf.... I just can't believe how easy it was to get in and reek havoc.

It's done. Agile has taken over my life. The other day I looked outside and thought, "As a user, I can stand on my lawn without my feet disappearing." And that's how I decided to mow my lawn.

Been doing java for years now, and finally got to trying out an IDE. Been using VIM and notepad++ for ages, and tried Netbeans. It honestly frustrates me, is this where it's at, or is there something a bit more user friendly? Google yes I know, but Googles opinions are about as reliable as Bill Clinton around Monica Lewinski

I think I've learnt something worthwhile from nearly every project I've been involved with. If I had to pick one however:

Started an open source project designed for projecting multimedia content during church services as procrastination from final year undergrad revision.

Fast forward nearly a decade, and I've learnt tremendous amounts as a result of starting it - dealing with everything from GStreamer on a native C layer, right through to WebRTC stuff (STUN, TURN, ICE, etc.) at the other end. What started as some odd attempts to show text and images on a screen in a user friendly fashion has grown tremendously, and is now used all over the world.

I hate cloud corps like GCP for pushing down our throats half-baked solutions as Datastore. Why can't i do a simple "NOT IN [list]" query ffs?! Why do you have multiple syntax for doing the same things? Where is your fkin user guide for everything your app can/cannot do? fk u goog

Is it just me or is everyone thinking the binary ++ counter is a good idea?

I think it’s really cool because it sort of hides the number of ++ you have behind a wall of laziness. Like people probably aren’t going to convert every score and I personally just look at the length of it as a rough estimate of how upvoted a user is.

I think this really helps eliminate the “likes contest” that can come with other social media. (And as a result reduces spam that is posted/reposted just to get likes)

Anyone agree? Disagree?

I hate code imperfections. I have a cookie which is linked to a permanent user setting and I was looking to make it infinite, but I was disappointed to find out the best option is Cookie.setMaxAge(int seconds), so I put Integer.MAX_VALUE, and I'm not as disappointed anymore.

Microservices

Lets take an example: Products service & orders service.

When I want to save an order for a user, data saved as
1. UserId, ProductId, Quantity, Date

Or
2. UserId, Name, Email, ProductId, ProductName, Quantity, Date

I'm a bit confused here because if I'm going to fetch that purchase, in example 1, it will return IDs requiring another trip to server to get user & product info

In example two it takes only one trip BUT if any changes is made to either user info or product info it means I'm returning wrong info to the user.

What do we do in this scenario? Excuse my questions first time applying Microservices and been using monolith all my life

As an Android user I constantly think I coulda got a better cheaper phone.

Such is life **typed from my Moto G**

Why the industry jumped on photoshop as a web design and layout tool is beyond me. It's like trying to stir coffee with your thumb. I'm a descent photoshop user but have always used inDesign in web mode. Far quicker for chucking around layouts and options (as page). It also exports as rgb png's either full pages or selections with or without transparency (at any resolution). Which are perfect for then optimising in Photoshop (Pixelmator these days) or any other less costly image editor. I hand code my sites then in Coda, love it.

Found out a contractor stored 2.5 million rows of user info as json objects. 2.5 million is our sample size. Please tell me this is nuts right... Searching that would be taxing right?

I happened to purchase a multi currency card as I was preparing to travel abroad. I enquired a few non tech friends of mine about a bunch of providers/lenders and I got a consistent suggestion of how company XXX is safe and user friendly. I took a leap of faith and went with them, since I didn't have any time left to do my own research.

Met the vendor, loaded some money and all is well. At least so far.

I went to their website to create an account for checking my balance and to do a bunch of stuff online.

Nothing unusual so far.

I fill up the new user register page. At the end I get a message which says "SUCCESS" and asks me to check my email.

VOILA!

I have an email with my user id, password and security questions in CLEAR TEXT sitting in my inbox.

Good job XXX.

I wrote a stored procedure and declared the input as varchar instead of varchar(100). everything seemed to be working. later on we noticed that the procedure only saved the first character of the input (a user form). unfortunately we found out first when the monthly form reports where issued. a whole month of incomplete forms from our users. the client wasn't happy.

Hello, can someone help me with this one ? I guess that the fucking SO elitist community would have beaten me to death if I asked this question.

I'm trying to create a relational table between a Tutorial object and a User object (to know which tutorial the user has access to) using Sequelize, and I figure out that I have two PRIMARY keys in my table. How is it possible ? UserID is also marked as Index.
The both keys are not Unique in themselves but their combinations are unique.