Agency: " Sir, we found 3 candidates as per your requirements, now how do you want their placements sir?"

M.D: "Put about 100 bricks in a closed room. Then send the candidates into the room & close the door, leave them alone & come back after a few hours and analyse the situation:-

1) If they are counting the bricks, Put them in Accounts deptt.

2) If they are re-counting the bricks, Put them in Auditing.

3) If they have messed up the whole room with the bricks, Put them in Engineering.

4) If they are arranging the bricks in some strange order, Put them in Planning.

5) If they are throwing the bricks at each other, Put them in Operations.

6) If they are sleeping, Put them in Security.

7) If they have broken the bricks into pieces, Put them in Information Technology.

8) If they are sitting idle, Put them in Human Resources.

9) If they say they have tried different combinations yet not a single brick has been moved, Put them in Sales.

10) If they have already left for the day, Put them in Marketing.

11) If they are staring out of the window, Put them in Strategic Planning.

And.......

12) If they are talking to each other and not a single brick has been touched, Congratulate them and put them in Top Management.

😂🤣😃😁😅😜

I wrote a Student Information system for my midterm project back in 94 written in Clipper and runs on MS-DOS.

I demoed & explained to the panel of professors how it tracks enrollments, payments, class schedules, grades and attendance of each and every student. Has user authentication, auditing and reporting functionalities.
It has a lite version also written in Clipper that can be installed on a Professor's laptop so that he/she can update records even at home, and would be able to sync with the db at school via a BBS. Telix for DOS (self-taught) was my choice for the BBS as it was shareware, has built-in Zmodem support and comes with it's own programming language called SALT (Script Application Language for Telix) that can be used for automating tasks. The lite version of my project would dump the updates on an ASCII file, compress the file using PKZIP, use the laptop's modem to dial-up the number to the school's BBS and send the file across using Zmodem protocol.
The main version would then download the file(s) from the BBS and proceed to do a sync.

After the doing the demo and answering all their questions the panel asked me to wait outside the room, called me back in after 15mins and told me that I don't have to attend that class for the remainder of the term. The happiness as the my classmates outside of the room gawked at me felt like King Midas himself gave my balls his golden touch.

Then in 97, 2yrs after I graduated, I accompanied my cousins to a different campus of the same school for their enrollment and right there on the bottom of the screen were my initials on a very very familiar UI! They actually used, and were still using, my school project. Needless to say my cousins didn't believe that it was written by me.

Watching the Dutch government trying to get through the public procurement process for a "corona app" is equal parts hilarious and terrifying.

7 large IT firms screaming that they're going to make the perfect app.

Presentations with happy guitar strumming advertisement videos about how everyone will feel healthy, picnicking on green sunny meadows with laughing families, if only their app is installed on every citizen's phone.

Luckily, also plenty of security and privacy experts completely body-bagging these firms.

"It will connect people to fight this disease together" -- "BUT HOW" -- "The magic of Bluetooth. And maybe... machine learning. Oh! And blockchain!" -- "BUT HOW" -- "Shut up give us money, we promise, our app is going to cure the planet"

You got salesmen, promising their app will be ready in 2 weeks, although they can't even show any screenshots yet.

You got politicians mispronouncing technical terminology, trying hard to look as informed as possible.

You got TV presenters polling population support for "The App" by interviewing the most digitally oblivious people.

One of the app development firms (using some blockchain-based crap) promised transparency about their source code for auditing.... so they committed their source, including a backup file from one of their other apps, containing 200 emails/passwords to Github.

It's kind of entertaining... in the same way as a surgery documentary about the removal of glass shards from a sexually adventurous guy's butthole.

Imma keep watching out of morbid fascination.... from a very safe distance, far away from the blood and shit that's splattering against the walls.

And my phone -- keep your filthy infected bytes away from my sweet baby.

I'll stick with social distancing, regular hand washing, working from home and limited supermarket trips, thank you very much.

!rant

So I am building a website and already finished it and ready to be deployed.
Got server access and found that there are many other websites files and folder.

Note : multiple copies of website that I am working on.

So I raise my concern with client about which folder is actually handling the website. She contact the old dev guy and got the webroot for that website. She told me to delete everything and clean it up and make tge current websites available.

I realize that there are many other websites may rely on those files and folder and inform about the consequences. And finally told her I will not touch any files except for the website I am working on.

So, I deployed the website and works good as expected. After 3 weeks clients comes back with an issue that one of her websites is notworking and trying to blame me for it.

Fyi : before my deploymemt she says that she will talk to hosting providers to clean their webspace. I am not sure on that yet.

So I tried to do auditing and found that after 2 days frm my deployment some has already wiped everything from those other websites.
I showed my audits and its someone did it.
You should contact your hosting provider or the other dev who she contacted for wiping.

From the begining I am telling that lady to take backups. She said no need.

The reason I didnt took it because I am not working on those website and obviously client isnt going to pay me for those back.

There is still more to go waiting for her resonses.

OMFG I don't even know where to start..
Probably should start with last week (as this is the first time I had to deal with this problem directly)..

Also please note that all packages, procedure/function names, tables etc have fictional names, so every similarity between this story and reality is just a coincidence!!

Here it goes..

Lat week we implemented a new feature for the customer on production, everything was working fine.. After a day or two, the customer notices the audit logs are not complete aka missing user_id or have the wrong user_id inserted.
Hm.. ok.. I check logs (disk + database).. WTF, parameters are being sent in as they should, meaning they are there, so no idea what is with the missing ids.

OK, logs look fine, but I notice user_id have some weird values (I already memorized most frequent users and their ids). So I go check what is happening in the code, as the procedures/functions are called ok.

Wow, boy was I surprised.. many many times..
In the code, we actually check for user in this apps db or in case of using SSO (which we were) in the main db schema..
The user gets returned & logged ok, but that is it. Used only for authentication. When sending stuff to the db to log, old user Id is used, meaning that ofc userid was missing or wrong.

Anyhow, I fix that crap, take care of some other audit logs, so that proper user id was sent in. Test locally, cool. Works. Update customer's test servers. Works. Cool..

I still notice something off.. even though I fixed the audit_dbtable_2, audit_dbtable_1 still doesn't show proper user ids.. This was last week. I left it as is, as I had more urgent tasks waiting for me..

Anyhow, now it came the time for this fuckup to be fixed. Ok, I think to myself I can do this with a bit more hacking, but it leaves the original database and all other apps as is, so they won't break.
I crate another pck for api alone copy the calls, add user_id as param and from that on, I call other standard functions like usual, just leave out the user_id I am now explicitly sending with every call.
Ok this might work.

I prepare package, add user_id param to the calls.. great, time to test this code and my knowledge..

I made changes for api to incude the current user id (+ log it in the disk logs + audit_dbtable_1), test it, and check db..
Disk logs fine, debugging fine (user_id has proper value) but audit_dbtable_1 still userid = 0.

WTF?! I go check the code, where I forgot to include user id.. noup, it's all there. OK, I go check the logging, maybe I fucked up some parameters on db level. Nope, user is there in the friggin description ON THE SAME FUCKING TABLE!!
Just not in the column user_id...

WTF..Ok, cig break to let me think..

I come back and check the original auditing procedure on the db.. It is usually used/called with null as the user id. OK, I have replaced those with actual user ids I sent in the procedures/functions. Recheck every call!! TWICE!! Great.. no fuckups. Let's test it again!
OFC nothing changes, value in the db is still 0. WTF?! HOW!?

So I open the auditing pck, to look the insides of that bloody procedure.. WHAT THE ACTUAL FUCK?!
Instead of logging the p_user_sth_sth that is sent to that procedure, it just inserts the variable declared in the main package..
WHAT THE ACTUAL FUCK?! Did the 'new guy' made changes to this because he couldn't figure out what is wrong?! Nope, not him. I asked the CEO if he knows anything.. Noup.. I checked all customers dbs (different customers).. ALL HAD THIS HARDOCED IN!!! FORM THE FREAKING YEAR 2016!!! O.o

Unfuckin believable.. How did this ever work?!

Looks like at the begining, someone tried to implement this, but gave up mid implementation.. Decided it is enough to log current user id into BLABLA variable on some pck..
Which might have been ok 10+ years ago, but not today, not when you use connection pooling.. FFS!!

So yeah, I found easter eggs from years ago.. Almost went crazy when trying to figure out where I fucked this up. It was such a plan, simple, straight-forward solution to auditing..

If only the original procedure was working as it should.. bloddy hell!!

Im gonna turn this topic on its head a little and mention the MOST NECESSARY feature that was never implemented in one of my projects.
It was an iOS client for a medical records system. Since it contained actual confidential medical information, some patient records could be “restricted”. Thos meant if you tried to open them you would be prompted for a reason, and this would be audited.
We already had 2 different iOS apps with this feature in place matching the web app. But for some reason with the 3rd app they just decided not to bother. I discovered that it was because the PO in charge of that project didnt consider it important enough for the demo. So we have one app where you can just bypass the whole auditing process and open restricted patient records freely.

This might not resonate with many ranters here... but FUCK Taylor Otwell & Graham Campbell.

Like, not on a personal level. Maybe they're great to drink a beer with. But as framework devs... fuck everything about them.

Laravel seems so nice, it takes away many annoyances of developing in PHP. Collections are the array object you've always needed. The route bindings, middlewares, request validation objects, it's all sweet.

But eventually your company serves a few million customers, you run into specific performance problems or missing features on a deeper level. You open the issue tracker... and see a few hundred issues about the problems you are encountering, they already exist.

Some just have a short paragraph with a request for a feature, some complete PRs with tests in the style of the framework. All of them closed.

Reasons?

"We don't think anyone will ever need this"
"This seems complicated, you can just do <super non-DRY hacky code>"

FUCK YOU WITH YOUR TODO APP SNIPPETS AND USER-POST-ARTICLE EXAMPLES. I'M NOT BUILDING THE NEXT WORDPRESS. I'M DEALING WITH THE REALITY OF GRAPH DATABASE CLUSTERS, COMPLEX AUDITING LOGS AND A GAZILLION QUERIES PER SECOND.

Sigh... the problem with all these "simple" and "elegant" languages & frameworks is that they don't fucking scale.

Not because the language, server or framework intrinsically can't do it, but because the maintainers are stuck thinking in terms of their retarded non-realistic example apps.

I think I'll go back to my cave and write some Haskell or Rust to calm down.

My laptop is so bad it can't even run chrome auditing and deliver accurate results... :(

One of the executives at my work insisted we rush to get a project done back in January so that he could use it immediately for auditing purposes.

Just pulled a report and found out he hasn't used a single thing we built for him not even ONCE since we pushed it. He hasn't even logged in. So livid.

-- Best --
> Submitted my notice of termination for my current job
> Found a new job starting next year
> Can switch from Windows to Linux/MacOS in new job
> Got more time to work on personal projects due to the pandemic

-- Worst --
> Huge amount of software restrictions (current job) almost got several projects at work canceled. Maybe its important to say that the core business of my current workplace is auditing so there are a lot of law regulations which then apply in the softwaredevelopment process.
> New managers that do not have the slightest clue of what they're doing
> Online Teambuilding events
> Absurd amount of segmentation of tools and also different coding guidelines that are used at work. E.g. one team uses jira, another trello, another github issue tracker and so on.

"The Phoenix project" alternative ending:

Bill Palmer manages to avert disaster with heroic efforts, working 18 hours per day for weeks.
His wife files for divorce. He starts to sleep at office, next to the servers room.
At the last moment a huge hacker attack almost destroys everything, but he finally manages to announce that Phoenix is ready on time, security auditing passed and any kind of great improvements.

Steve, the CEO, calls him and says: "are you crazy? we put you on an impossible project with short notice to make you fail! All our investors have been secretly short selling our stocks, so now they are waiting a big failure to cash in. We also paid korean hackers to bring you on your knees. But you are really stubborn! "

All Phoenix Project is rolled back, huge shit happens, stocks fall, investors ripe great benefits. All IT is outsourced to an external company (owned by members of the board)

Bill is fired. His reputation tainted by the failure, he can't find job anymore. his technical skills and knowledge are out of date.
As he didn't have time to take care of divorce he has lost also all his personal wealth.

He writes a book about his experience, well, actually a rant, but the company sues him forcing him to pay more money.

In the final scene, police arrests him, drunk while trying to burn a server farm with matches.

I had a dream about AI.

I was contracted at a company that did some dodgy things. One of the things they "produced" was train car covers. They said the beauty of "selling" these is that they only showed that they shipped them to customers, despite never shipping them. This allowed the customers to take credit for covering their train cars to meet some environmental quota. It was a racket to satisfy someones auditing books somewhere.

Well my specialty was AI systems. I provided various types of AI for them to use to run their scams. However, there was a rule. I was not allowed to sell them or bring onsite any level 5 or above AIs. Level 5 or above AIs were AIs capable of independent thought. Not sure what levels were below, but I can imagine level 1 was probably pattern matching. Level 2 maybe can make decisions based upon rule sets.

As the dream progressed I found myself smuggling a level 5 AI onsite by combining 2 lower level AIs with complementary systems. Once "hooked up" they would act as a single level 5 AI. Not sure if I was working on some sort of industrial espionage or undercover for some sort of legal agency. I woke up too soon to find out who I really was.

Let's asume I wan't to use software X. I notice software X is open source.

How do I validate that said software doesn't do shady stuff?

Is there some kind of platform which lists the audits of each software or alerts the internet if shady stuff happens?

I know about alternativeTo.net, where you can find software alternatives with licencing filters. (Which is great btw) but I'm missing proper validation of open source software...

So, have been working for this company for 4 years now as a warehouse associate, but over time they finally realized I can code. I was given the opportunity to work on different projects (even though the first project was a setup for failure but still prevail completing it).

Long story short, next year plan on finishing my bachelor's degree in Software Development. Once I get the degree (or during the process) should I strive to try to work at the:

Tech position (at the current job)

or

Data Analyst department (current job) ,

since I would be the only developer (for data analyst and impressed the team members at my current job,

or

should I try to find another job in software development for a new field when the opportunity come up for a fresh start in just programming and not warehouse associate work?

P. S. Close friends with the Tech department, have high recognition and have done some projects for them. They would love to see me join the team if it happens. When I am not working with the tech department during off season (needs to be approved by management to work on these projects during off season) I am literally cutting a box, wasting my skills and potential in auditing during the season.

You know what pisses me off about Solidity?

The lack of useful information and the bullshit around it.

How many times I see a video named “Advanced Smart Contract Testing” and go through it to see that it includes...

- setup the testing in a project
- run a simple test
- test the basic attributes of a token (name, symbol etc.)
- the end

THE FUCKING END???!!!

Are you kidding me! Advanced what?

The problem is that smart contract “auditors” are getting paid $500,000 USD for 2 months of auditing. Yeah, that’s right, half a million to look over code and write a report.

So why would those folks ever share that knowledge? They wouldn’t.

That’s why you have these fucking jokers who go and get a basic understanding of Solidity and then make an “Advanced Solidity Course”

To each their own though, if it makes them feel good about themselves then go for it.

But from me, you can take your “advanced” course and shove it up your basic ass, sideways.

Any example of machine learning / artificial intelligence on video auditing that the community knows of?

I 'm auditing the code of a client application and :

How the fuck do you create an external dependency (private npm) with it doesn't work outside of your project?!?!?!?

If it needs your project to work IT CAN'T BE AN EXTERNAL DEPENDENCY!!!!

Spent half an hour auditing my code coz there were Out of Memory errors
Decide to profile it, the top 3 highest heap hoggers were from StartApp :v

Bullshittery continues. This time around, absolutely innocent, clamav is root cause. For once not incompetent idiot, but piece of software. IDK if that makes me happy or upset.

So our email server that I configured and took care of died. RIP. Damn, better put it back together ASAP. So Im under pressure, while still pissed at everything that I ranted before (actually my last 2 rants were throttled, and in total all of that happened past 60 minutes but devrant rate limiting) I start auditing logs. You imagine, we kindda need it NOW, and it's second time last month clamav is pulling stunts and MTA refuses (properly) to work without antivirus. So pressurized, I look at logs, what the fuck went wrong.

clamav deamonize() failed - cannot allocate memory

Hmm. Intresting, but sounds like bullshit. I know server is quite micro becouse they wanted to save on costs as much as possible, but it has well over half a gig free ram just before it crashes (like 800MB) with that message. Is it allocating almost gig in one call or what? Looked carefully at trusty htop while it was starting, and indeed, suddenly it just dies with quite a bit of ram free, almost as much as it weights already. And I remember booting it up when I was configuring it, and it had fair bit of headroom.

Google, help me friend... Okay, great, so apparently at some point clamav loads virus DB into ram (dafuq?), and than forks, which causes spike of 2x the ram usage, and than immidietely frees it up.

Great, that sounds like great design decision... At least I know, I can just slap on SWAP file, restart it and call it a day.

It worked, swap file is almost empty (used 15megs, 900 megs free ram, whatever).

That leaves me wandering, who figured out to load DB to ram? That means pretty much that clamav will eat a little bit more ram each vir db update, and that milisecond "double ram" spike will confuse innocent people who just wanted to run clamav and it worked last *long period of time* and now crashes without warning without any changes to configuration.

Maybe there is logical explanation, I want to know it.

Persisterising derived values. Often a necessary evil for optimisation or privacy while conflicting with concerns such as auditing.

Password hashing is the common example of a case considered necessary to cover security concerns.

Also often a mistake to store derived values. Some times it can be annoying. Sometimes it can be data loss. Derived values often require careful maintenance otherwise the actual comments in your database for a page is 10 but the stored value for the page record is 9. This becomes very important when dealing with money where eventual consistency might not be enough.

Annoying is when given a and b then c = a + b only b and c are stored so you often have to run things backwards.

Given any processing pipeline such as A -> B -> C with A being original and C final then you technically only need C. This applies to anything.

However, not all steps stay or deflate. Sum of values is an example of deflate. Mapping values is an example of stay. Combining all possible value pairs is inflate, IE, N * N and tends to represent the true termination point for a pipeline as to what can be persisted.

I've quite often seen people exclude original. Some amount of lossy can be alright if it's genuine noise and one way if serving some purpose.

If A is O(N) and C reduces to O(1) then it can seem to make sense to store only C until someone also wants B -> D as well. Technically speaking A is all you ever need to persist to cater to all dependencies.

I've seen every kind of mess with processing chains. People persisting the inflations while still being lossy. Giant chains linear chains where instead items should rely on a common ancestor. Things being applied to only be unapplied. Yes ABCBDBEBCF etc then truncating A happens.

Extreme care needs to be taken with data and future proofing. Excess data you can remove. Missing code can be added. Data however once its gone its gone and your bug is forever.

This doesn't seem to enter the minds of many developers who don't reconcile their execution or processing graphs with entry points, exist points, edge direction, size, persistence, etc.