Writing a change log must be fun.

There's this guy that sits next to me in a class.

Guy: Hey, you're a hacker right?
Me: I'm a programmer.
Guy: Can you hack into my email account?
Me: Nope, I work in a different field of computer science.

In reality, I want to give him a piece of my mind.

I already know his email so I open up the login page and enter it. I click "forgot password", and it asks for his favorite teacher's name. Keep in mind that he made this account this year.

Me: So anyways, who's your favorite teacher?
Guy: *proceeds to give me favorite teacher's name*
Me: 🤦‍♂️

I change his password and log into his account. After that, I show him and tell him about how he should keep his account secure.

He left class with a priceless look on his face.

Best kind of change log.

This is super childish but it's the gameserver insidstry and karma is a bitch.

TLDR: I hacked my boss

I was working for a gameserver and I did development for about 3 months and was promised pay after the network was released. I followed through with a bunch of dev friends and the guy ended up selling our work. He didn't know that I was aware of this as he tried to tell people to not tell us but one honest person came forward and said he sold our work for about 8x the price of what he owed ALL OF US collectively.

I proceeded to change the server password and when he asked why he couldn't log in I sent him an executable (a crypted remote access tool) and told him it was an "encryption tunnel" that makes ssh and file transfers secure. Being the idiot that he is he opened it and I snagged all of his passwords including his email and I changed them through a proxy on his machine to ensure I wouldn't get two factored with Google. After I was done I deleted system 32 :3

Worst thing you've seen another dev do? Long one, but has a happy ending.

Classic 'Dev deploys to production at 5:00PM on a Friday, and goes home.' story.

The web department was managed under the the Marketing department, so they were not required to adhere to any type of coding standards and for months we fought with them on logging. Pre-Splunk, we rolled our own logging/alerting solution and they hated being the #1 reason for phone calls/texts/emails every night.

Wanting to "get it done", 'Tony' decided to bypass the default logging and send himself an email if an exception occurred in his code.

At 5:00PM on a Friday, deploys, goes home.

Around 11:00AM on Sunday (a lot folks are still in church at this time), the VP of IS gets a call from the CEO (who does not go to church) about unable to log into his email. VP has to leave church..drive home and find out he cannot remote access the exchange server. He starts making other phone calls..forcing the entire networking department to drive in and get email back up (you can imagine not a group of happy people)

After some network-admin voodoo, by 12:00, they discover/fix the issue (know it was Tony's email that was the problem)

We find out Monday that not only did Tony deploy at 5:00 on a Friday, the deployment wasn't approved, had features no one asked for, wasn't checked into version control, and the exception during checkout cost the company over $50,000 in lost sales.

Was Tony fired? Noooo. The web is our cash cow and Tony was considered a top web developer (and he knew that), Tony decided to blame logging. While in the discovery meeting, Tony told the bosses that it wasn't his fault logging was so buggy and caused so many phone calls/texts/emails every night, if he had been trained properly, this problem could have been avoided.

Well, since I was responsible for logging, I was next in the hot seat.

For almost 30 minutes I listened to every terrible thing I had done to Tony ever since he started. I was a terrible mentor, I was mean, I was degrading, etc..etc.
Me: "Where is this coming from? I barely know Tony. We're not even in the same building. I met him once when he started, maybe saw him a couple of times in meetings."
Andrew: "Aren't you responsible for this logging fiasco?"
Me: "Good Lord no, why am I here?"
Andrew: "I'll rephrase so you'll understand, aren't you are responsible for the proper training of how developers log errors in their code? This disaster is clearly a consequence of your failure. What do you have to say for yourself?"
Me: "Nothing. Developers are responsible for their own choices. Tony made the choice to bypass our logging and send errors to himself, causing Exchange to lockup and losing sales."
Andrew: "A choice he made because he was not properly informed of the consequences? Again, that is a failure in the proper use of logging, and why you are here."
Me: "I'm done with this. Does John know I'm in here? How about you get John and you talk to him like that."
'John' was the department head at the time.
Andrew:"John, have you spoken to Tony?"
John: "Yes, and I'm very sorry and very disappointed. This won't happen again."
Me: "Um...What?"
John: "You know what. Did you even fucking talk to Tony? You just sit in your ivory tower and think your actions don't matter?"
Me: "Whoa!! What are you talking about!? My responsibility for logging stops with the work instructions. After that if Tony decides to do something else, that is on him."
John: "That is not how Tony tells it. He said he's been struggling with your logging system everyday since he's started and you've done nothing to help. This behavior ends today. We're a fucking team. Get off your damn high horse and help the little guy every once in a while."
Me: "I don't know what Tony has been telling you, but I barely know the guy. If he has been having trouble with the one line of code to log, this is the first I've heard of it."
John: "Like I said, this ends today. You are going to come up with a proper training class and learn to get out and talk to other people."

Over the next couple of weeks I become a powerpoint wizard and 'train' anyone/everyone on the proper use of logging. The one line of code to log. One line of code.

A friend 'Scott' sits close to Tony (I mean I do get out and know people) told me that Tony poured out the crocodile tears. Like cried and cried, apologizing, calling me everything but a kitchen sink,...etc. It was so bad, his manager 'Sally' was crying, her boss 'Andrew', was red in the face, when 'John' heard 'Sally' was crying, you can imagine the high levels of alpha-male 'gotta look like I'm protecting the females' hormones flowing.

Took almost another year, Tony released a change on a Friday, went home, web site crashed (losses were in the thousands of $ per minute this time), and Tony was not let back into the building on Monday (one of the best days of my life).

Welcome back to practiseSafeHex's new life as a manager.

Episode 2: Why automate when you can spend all day doing it by hand

This is a particularly special episode for me, as these problems are taking up so much of my time with non-sensical bullshit, that i'm delayed with everything else. Some badly require tooling or new products. Some are just unnecessary processes or annoyances that should not need to be handled by another human. So lets jump right in, in no particular order:

- Jira ... nuff said? not quite because somehow some blue moon, planets aligning, act of god style set of circumstances lined up to allow this team to somehow make Jira worse. On one hand we have a gigantic Jira project containing 7 separate sub teams, a million different labels / epics and 4.2 million possible assignees, all making sure the loading page takes as long as possible to open. But the new country we've added support for in the app gets a separate project. So we have product, backend, mobile, design, management etc on one, and mobile-country2 on another. This delightfully means a lot of duplication and copy pasting from one to the other, for literally no reason what so ever.

- Everything on Jira is found through a label. Every time something happens, a new one is created. So I need to check for "iOS", "Android", "iOS-country2", "Android-country2", "mobile-<feature>", "mobile-<feature>-issues", "mobile-<feature>-prod-issues", "mobile-<feature>-existing-issues" and "<project>-July31" ... why July31? Because some fucking moron decided to do a round of testing, and tag all the issues with the current date (despite the fact Jira does that anyway), which somehow still gets used from time to time because nobody pays attention to what they are doing. This means creating and modifying filters on a daily basis ... after spending time trying to figure out what its not in the first one.

- One of my favourite morning rituals I like to call "Jira dumpster diving". This involves me removing all the filters and reading all the tickets. Why would I do such a thing? oh remember the 9000 labels I mentioned earlier? right well its very likely that they actually won't use any of them ... or the wrong ones ... or assign to the wrong person, so I have to go find them and fix them. If I don't, i'll get yelled at, because clearly it's my fault.

- Moving on from Jira. As some of you might have seen in your companies, if you use things like TestFlight, HockeyApp, AppCenter, BuddyBuild etc. that when you release a new app version for testing, each version comes with an automated change-log, listing ticket numbers addressed ...... yeah we don't do that. No we use this shitty service, which is effectively an FTP server and a webpage, that only allows you to host the new versions. Sending out those emails is all manual ... distribution groups?? ... whats that?

- Moving back to Jira. Can't even automate the changelog with a script, because I can't even make sense of the tickets, in order to translate that to a script.

- Moving on from Jira. Me and one of the remote testers play this great game I like to call "tag team ticketing". It's so much fun. Right heres how to play, you'll need a QA and a PM.

*QA creates a ticket, and puts nothing of any use inside it, and assigns to the PM.
*PM fires it back asking for clarification.
*QA adds in what he feels is clarification (hes wrong) and assigns it back to the PM.
*PM sends detailed instructions, with examples as to what is needed and assigns it back.
*QA adds 1 of the 3 things required and assigns it back.
*PM assigns it back saying the one thing added is from the wrong day, and reminds him about the other 2 items.
*QA adds some random piece of unrelated info to the ticket instead, forgetting about the 3 things and assigns it back.

and you just continue doing this for the whole dev / release cycle hahaha. Oh you guys have no idea how much fun it is, seriously give it a go, you'll thank me later ... or kill yourselves, each to their own.

- Moving back to Jira. I decided to take an action of creating a new project for my team (the mobile team) and set it up the way we want and just ignore everything going on around us. Use proper automation, and a kanban board. Maybe only give product a slack bot interface that won't allow them to create a ticket without what we need etc. Spent 25 minutes looking for the "create new project" button before finding the link which says I need to open a ticket with support and wait ... 5 ... fucking ... long ... painful ... unnecessary ... business days.

... Heres hoping my head continues to not have a bullet hole in it by then.

Id love to talk more, but those filters ain't gonna fix themselves. So we'll have to leave it here for today. Tune in again for another episode soon.

And remember to always practiseSafeHex

Perfect change log doesn't exis-

With the other members of the team refusing to learn git and making changes directly to the staging server i get to write the commit messages for everyone.

Log:
UPDATE: *informative details *

UPDATE: mark made some changes

UPDATE: colin made the same changes as mark but different

UPDATE: andrew undid all colins updates to change one link and I had to add them back in, thank gawd I commit the night before

BUGFIX: andrew keeps changing the database host to localhost and uploading it without changing it back

UPDATE: we all hate andrew

I've had many, but this is one of my favorite "OK, I'm getting fired for this" moments.

A new team in charge of source control and development standards came up with a 20 page work-instruction document for the new TFS source control structure.
The source control kingpin came from semi-large military contract company where taking a piss was probably outlined somewhere.

Maybe twice, I merged down from a release branch when I should have merged down from a dev branch, which "messed up" the flow of code that one team was working on.
Each time I was 'coached' and reminded on page 13, paragraph 5, sub-section C ... "When merging down from release, you must verify no other teams are working
on branches...blah blah blah..and if they have pending changes, use a shelfset and document the changes using Document A234-B..."

A fellow dev overheard the kingpin and the department manager in the breakroom saying if I messed up TFS one more time, I was gone.

Wasn't two days later I needed to merge up some new files to Main, and 'something' happened in TFS and a couple of files didn't get merged up. No errors, nothing.
Another team was waiting on me, so I simply added the files directly into Main. Unknown to me, the kingpin had a specific alert in TFS to notify him when someone added
files directly into Main, and I get a visit.

KP: "Did you add a couple of files directly into Main?"
Me:"Yes, I don't what happened, but the files never made it from my branch, to dev, to the review shelfset, and then to Main. I never got an error, but since
they were new files and adding a new feature, they never broke a build. Adding the files directly allowed the Web team to finish their project and deploy the
site this morning."
KP: "That is in direct violation of the standard. Didn't you read the documentation?"
Me: "Uh...well...um..yes, but that is an oddly specific case. I didn't think I hurt any.."
KP: "Ha ha...hurt? That's why we have standards. The document clearly states on page 18, paragraph 9, no files may ever be created in Main."
Me: "Really? I don't remember reading that."
<I navigate to the document, page 18, paragraph 9>
Me: "Um...no, it doesn't say that. The document only talks about merging process from a lower branch to Main."
KP: "Exactly. It is forbidden to create files directly in Main."
Me: "No, doesn't say that anywhere."
KP: "That is the spirit of the document. You violated the spirit of what we're trying to accomplish here."
Me: "You gotta be fracking kidding me."

KP grumbles something, goes back to his desk. Maybe a minute later he leaves the IS office, and the department manager leaves his office.

It was after 5:00PM, they never came back, so I headed home worried if I had a job in the morning.

I decided to come in a little early to snoop around, I knew where HR kept their terminated employee documents, and my badge wouldn't let me in the building.

Oh crap.

It was a shift change, so was able to walk in with the warehouse workers in another part of the building (many knew me, so nothing seemed that odd), and to my desk.

I tried to log into my computer...account locked. Oh crap..this was it. I'm done. I fill my computer backpack with as much personal items as I could, and started down the hallway when I meet one of our FS accountants.

L: "Hey, did your card let you in the building this morning? Mine didn't work. I had to walk around to the warehouse entrance and my computer account is locked. None of us can get into the system."

*whew!* is an understatement. Found out later the user account server crashed, which locked out everybody.

Never found out what kingpin and the dev manager left to talk about, but I at least still had a job.

I'm trying to sign up for insurance benefits at work.

Step 1: Trying to find the website link -- it's non-existent. I don't know where I found it, but I saved it in keepassxc so I wouldn't have to search again. Time wasted: 30 minutes.

Step 2: Trying to log in. Ostensibly, this uses my work account. It does not. Time wasted: 10 minutes.

Step 3: Creating an account. Username and Password requirements are stupid, and the page doesn't show all of them. The username must be /[A-Za-z0-9]{8,60}/. The maximum password length is VARCHAR(20), and must include upper/lower case, number, special symbol, etc. and cannot include "password", repeated charcters, your username, etc. There is also a (required!) hint with /[A-Za-z0-9 ]{8,60}/ validation. Want to type a sentence? better not use any punctuation!

I find it hilarious that both my username and password hint can be three times longer than my actual password -- and can contain the password. Such brilliant security.

My typical username is less than 8 characters. All of my typical password formats are >25 characters. Trying to figure out memorable credentials and figuring out the hidden complexity/validation requirements for all of these and the hint... Time wasted: 30 minutes.

Step 4: Post-login. The website, post-login, does not work in firefox. I assumed it was one of my many ad/tracker/header/etc. blockers, and systematically disabled every one of them. After enabling ad and tracker networks, more and more of the site loaded, but it always failed. After disabling bloody everything, the site still refused to work. Why? It was fetching deeply-nested markup, plus styling and javascript, encoded in xml, via api. And that xml wasn't valid xml (missing root element). The failure wasn't due to blocking a vitally-important ad or tracker (as apparently they're all vital and the site chain-loads them off one another before loading content), it's due to shoddy development and lack of testing. Matches the rest of the site perfectly. Anyway, I eventually managed to get the site to load in Safari, of all browsers, on a different computer. Time wasted: 40 minutes.

Step 5: Contact info. After getting the site to work, I clicked the [Enroll] button. "Please allow about 10 minutes to enroll," it says. I'm up to an hour and 50 minutes by now. The first thing it asks for is contact info, such as email, phone, address, etc. It gives me a warning next to phone, saying I'm not set up for notifications yet. I think that's great. I select "change" next to the email, and try to give it my work email. There are two "preferred" radio buttons, one next to "Work email," one next to "Personal email" -- but there is only one textbox. Fine, I select the "Work" preferred button, sign up for a faux-personal tutanota email for work, and type it in. The site complains that I selected "Work" but only entered a personal email. Seriously serious. Out of curiosity, I select the "change" next to the phone number, and see that it gives me four options (home, work, cell, personal?), but only one set of inputs -- next to personal. Yep. That's amazing. Time spent: 10 minutes.

Step 6: Ranting. I started going through the benefits, realized it would take an hour+ to add dependents, research the various options, pick which benefits I want, etc. I'm already up to two hours by now, so instead I decided to stop and rant about how ridiculous this entire thing is. While typing this up, the site (unsurprisingly) automatically logged me out. Fine, I'll just log in again... and get an error saying my credentials are invalid. Okay... I very carefully type them in again. error: invalid credentials. sajfkasdjf.

Step 7 is going to be: Try to figure out how to log in again. Ugh.

"Please allow about 10 minutes" it said. Where's that facepalm emoji?

But like, seriously. How does someone even build a website THIS bad?

1/2
This app's change log is hilarious 😂
I want to smoke what they smoked while writing it.
Part 2 in next rant 😂

Dev: “Ughh..look at this –bleep- code! When I execute the service call, it returns null, but the service received a database error.”
Me: “Yea, that service was written during a time when the mentality was ‘Why return a service error if the client can’t do anything about it?’”
Dev: “I would say that’s a misunderstanding of that philosophy.”
Me: “I would say it’s a perfectly executed example of a deeply flawed philosophy.”
Dev: “No, the service should just return something that tells the client the operation failed.”
Me: “They did. It was supposed to return a valid result, and the developer indicated a null response means the operation failed. How you deal with the null response is up to you.”
Dev: “That is stupid. How am I supposed to know a null response means the operation failed?”
Me: “OK, how did you know the operation failed?”
Dev: “I had to look at the service error logs.”
Me: “Bingo.”
Dev: “This whole service is just a –bleep-ing mess. There are so many things that can go wrong and the only thing the service returns is null when the service raises an exception.”
Me: “OK, what should the service return?”
Dev: ”I don’t know. Error 500 would be nice.”
Me: “Would you know what to do with error 500?”
Dev: ”Yea, I would look at the error log”
Me: “Just like you did when the service returned null?”
<couple of seconds of silence>
Dev: “I don’t know, it’s a –bleep-ing mess.”
Me: “You’re in the code, change it.”
Dev: “Ooohhh no, not me. The whole thing will have to be re-written. It should have been done correctly the first time. If we had time to do code reviews, I would have caught this –bleep- before the service was deployed.”
Me: “Um, you did.”
<a shocked look from Dev>
Dev: “What…no, I’ve never seen this code.”
Me: “I sat next to Chuck when you were telling him he needed to change the service to return null if an exception was raised. I remember you telling him specifically to pop-up an error dialog ‘Service request failed’ to the user when the service returned null.”
Dev: “I don’t remember any of that.”
Me: “Well, Chuck did. He even put it in the check-in comments. See…”
<check in comments stated Dev’s code review and dictated the service return null on exceptions>
Dev: “Hmm…I guess I did. –bleep- are you a –bleep-ing elephant? You –bleep-ing remember everything.”

<what I wanted to say>
No, I don’t remember everything, but I remember all the drive-by <bleep>-ed up coding philosophies you tried to push to the interns and we’re now having all kinds of problems I spend waaaaay too much time fixing.
<what I said, and lied a little bit>
Me: “No, I was helping Nancy last week troubleshoot the client application last week with the pop-up error. Since the service returned a null, she didn’t know where to begin to look for the actual error.”
Dev: “Oh.”

!rant
The change log from notepad++ update. The last paragraph is the cream!

" The issue of a hijacked DLL concerns scilexer.dll (needed by Notepad++) on a compromised PC, which is replaced by a modified scilexer.dll built by the CIA. When Notepad++ is launched, the modified scilexer.dll is loaded instead of the original one.
It doesn't mean that CIA is interested in your coding skill or in your sex message content typed in Notepad++, but rather it prevents raising any red flags while the DLL does data collection in the background.

It's not a vulnerability/security issue in Notepad++, but for remedying this issue, from this release (v7.3.3) forward, notepad++.exe checks the certificate validation in scilexer.dll before loading it. If the certificate is missing or invalid, then it just won't be loaded, and Notepad++ will fail to launch.

Checking the certificate of DLL makes it harder to hack. Note that once users’ PCs are compromised, the hackers can do anything on the PCs. This solution only prevents from Notepad++ loading a CIA homemade DLL. It doesn't prevent your original notepad++.exe from being replaced by modified notepad++.exe while the CIA is controlling your PC.

Just like knowing the lock is useless for people who are willing to go into my house, I still shut the door and lock it every morning when I leave home. We are in a f**king corrupted world, unfortunately. "

Not even algo this time. Probably not what the ranter meant by change log, but close enough

2/2
Multithreading has a new perspective now.
Also, fast is cute.
Part 2 of the awesome change log. 😂

!dev I'd just helped a client cut over to a new fiber connection and then left for Vegas, about 2 days into the trip my wife and I decided to hit a breakfast spot that had bottomless mimosa's, which was of course a claim we had to test.

As we are walking(stumbling) out of the restaurant I get a call that the connection has crashed and the entire car dealership is unable to sell cars, which they tell me is important functionality.

So I make it up to my room and break out the laptop, luckily the mgmt interfaces are still available externally so I'm able to log in and then have the fun challenge of 1) not falling off of my chair 2) not accidentally making a change that kills what connection I have in and 3) fixing their actual issue.

Took me almost an hour to find a simple OSPF issue but at least got them working and happy. However by that time I was beginning to sober up, which is the absolute worst thing that can happen while day-drinking and ended up basically causing me to be be hung-over for the rest of the night, including my wifes friends wedding, which she wasn't thrilled about...

The moral of this story is to make sure to NOT stop drinking while dealing with unexpected production impacting events.

3 rants for the price of 1, isn't that a great deal!

1. HP, you braindead fucking morons!!!

So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.

- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!

Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.

2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!

Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.

So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.

3. devRant web app!!

As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.

So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?

Bank forces me to change my password. Figured I'd use Safari's strong password generation. Submit. Password changed.

Go to log in with new password. Password not saved because I had previously told Safari not to save this site's password.

Okay… so the strong password you JUST generated and submitted without showing me is now my banking password but neither of us knows what it is?

Fucking brilliant. I mean at least let me fucking copy it so I can store it in my password manager. The most hilarious thing is the message that appeared on the generated password saying my password would be available from Safari preferences. Yup, nope. Nothing there except a note saying no passwords will be stored for this site.

This is the state of Apple in 2018, folks. Fucking sad.

Legacy code.

Honestly though, this is some of the better legacy code I've worked with at this company. It's a nifty alert system wherein you can trigger sending messages to subscribers of that alert via whatever means (phone/email) they've entered.

I'll save you the technical analysis of its internals, but suffice to say it's actually pretty nice, with good separation of concerns, internal logic hidden away, dead-simple public interface, etc. documentation is kinda crap, but it exists (!), so that's a nice change.

but.

For some unknown and bloody bizarre reason, the thing breaks when a user wants both sms AND email notifications. Either by themselves work totally fine, but both together? nonono. Email alerts give ArgumentErrors, so something internal isn't correct, and SMS alerts complain about uninitialized Twilio::Error constants.

but.
they both work fine otherwise?

also, the two notification preferences aren't stored on the same object anywhere. if a user wants both, the user creates two AlertContact objects with different info, and when performed, the Alert basically iterates over these and does its thing for each, so there is no knowledge shared between them. totally should work the same regardless.

idfgi.

ALSO.
AND THIS PART REALLY PISSES ME OFF.

WHEN THERE'S AN ERROR, THIS THING DOESN'T LOG IT. IT STRINGIFIES THE ERROR OBJECT (basically just extracting the message) AND INSERTS THAT INTO THE DATABASE INSTEAD. WHAT THE CRAP.

So, I don't get a stack trace, line number, or anything. just the basic error message. instead of my alert text. because of course that makes sense and totally helps debugging.

aklsjfak;sldfj.
legacy code.

The gym I go to has an app for user's to scan a QR code when they arrive and it has multiple HUGE issues.

This app shows the credit card info used for the direct debit without anything being redacted.

When the gym is signing up someone they give them a password so they can login, not too bad except the password is always the person's first name with the first letter capitalised.

This gets worse when you figure out that their is no way to change the password given to you AT ALL.

And just to top it all off, when you click the "Forgot Password" link on the login screen, the app just sends you an email with your password (your first name) in plain text.

The app also doesn't log you out or notify you if your login is used on a different device.

So I have tested this with 2 of my friends that go to the same gym and, with only knowing their email and first name (which I could have gotten from their email if I didn't know them), I can get into their app and see their credit card info without them being any the wiser.

I had a huge epiphany on Friday... not all developers enjoy coding.

Discovered when they brought down 2 of our environments, well told them what was wrong with the changes in their code that caused the environments to break, gave them links directly to the file in the gitlab repo that needed to be updated, and...

They fucking went home. The change would’ve taken all of about 30-45 seconds to update and they fucking left.

This person’s team lead come storming in pissed off because her manager is furious about 2 environments going down and preventing everyone else from being able to deploy their changes.

We provide the exact same details to the team lead about what needs to be changed, and advise that her team member took off....

30 mins later, her manager is storming up to us (devops/sre) livid as hell.

Explain the situation for a third time... manager is like, why can’t you guys fix it?

Look here you dense motherfuckers, we can fix the code. We can be the plumbers that clean up your shit. But what value do you gain as a developer if you don’t understand how the systems work and you keep pushing shit in?

Made the changes, fixed the environments, done right? Wrong.

The original developer made more changes not knowing what would happen and thoroughly fucked the environments again.

This dumb-fucking dumpster fire of a dude then sends us a slack message. “It’s down again, can you fix it?”

Our manager steps in and tells us to send him a link to the logs and have him fix it himself!

Thank goodness we have a badass manager.

Send logs, send repo file links (again), and send line numbers in the logs to try and help just a bit more. Dude goes almost the whole day without fixing it, environments are down, other devs are pissed, we throw this dude to the wolves. His manager starts to head over and was about to talk with my team lead when our manager steps out of his office and tells him the in’s and out’s of the situation and that our job isn’t to play log parser/error fixer for the developers. This dude that’s breaking the environments needs to be the one to fix the issue and his team lead should be aware of the problems and should have been able to correct his errors before it ever came to us.

The amount of hand-holding we do is ridiculous.

(Disclaimer, this one guy making some mistakes doesn’t sound too bad, but this is actually a common occurrence for like 40% of all of our developers)

We literally have interns still in college running circles around some of our full time devs. I know I’m not a developer, but for anyone that’s new-ish to developing, when you see shit like that please don’t lose hope. Those ass-hats got into programming purely for a paycheck, not because of passion.

Stick with it and your greatness will know no bounds 👍

As for you craptastic dipstick lickers, FUCK YOU!!! Go back to school and learn how to give a damn.

Dev: Can you please tell me why you changed this?
Me: Because we need to handle permissions in the app. The quickest way of doing it, according to the docs, is [insert change log here]
Dev: But we can just check for the user's token.
Me: That's not exactly a permission, because...
Dev: I was only showing the information related to the user according to their token.
Me: I understand. But that means you're filtering data, not authorising users to access it. If a user is logged in, but changes query parameters, they can still access data they shouldn't be able to.
Dev: Whatevs.

Le me then proceeds to try to push my changes (that took the whole day to implement), gets a "you need to pull first" message from git, doesn't understand why, logs onto GitHub and realises dev has implemented their "permissions".

I was the one responsible for making those changes. Le dev was meant to be doing other things.

How do I even begin to explain?

CR: "Add x here (to y) so it fits our code standards"
> No other Y has an X. None.

CR: "Don't ever use .html_safe"
> ... Can't render html without it. Also, it's already been sanitized, literally by sanitize(), written by the security team.

CR: "Haven't seen the code yet; does X change when resetting the password?"
> The feature doesn't have or reference passwords. It doesn't touch anything even tangentially related to passwords.
> Also: GO READ THE CODE! THAT'S YOUR BLOODY JOB!

CR: "Add an 'expired?' method that returns '!active'?"
> Inactive doesn't mean expired. Yellow doesn't mean sour. There's already an 'is_expired?' method.

CR: "For logging, always use json so we can parse it. Doesn't matter if we can't read it; tools can."
CR: "For logging, never link log entries to user-readable code references; it's a security concern."
CR: "Make sure logging is human-readable and text-searchable and points back to the code."
> Confused asian guy, his hands raised.

CR: "Move this data formatting from the view into the model."
> No. Views are for formatting.

CR: "Use .html() here since you're working with html"
> .html() does not support html. It converts arrays into html.

NONE OF THIS IS USEFUL! WHY ARE YOU WASTING MY TIME IF YOU HAVEN'T EVEN READ MY CODE!?

dfjasklfagjklewrjakfljasdf

Real fact: 1999

IT: IT, how can I help?
MrB: I'm Butcheek. This program is shit, I can't even log-in!
IT: oh.. Ok Mr. Butcheek, let’s see if I can help...
MrB: of course you can: fix this shitty program and made me log in!
IT: I’ll try to do my best to assist you, can you...
MrB: I just want to log in! Can you speak my language? This new program is ridiculous, I wonder why you IT guys changed the old one, it was a mess but at least I could log in...
IT: I'm sorry you are experiencing this problem, but to assist you I need to know exactly what's the problem
MrB: I CANT LOG IN!!!
IT: ok, I understand this, but can you please provide some more information? Do you receive any particular error messages?
MrB: it says “wrong password” but it's not true!
IT: Ok, that's strange. Look, I'm resetting your password and then you will try again. At the first log in you will be asked to change it again, ok?
MrB: just be quick, I can't waste any more time on this!
IT: sure... Ok done. Please, can you try again? The password is “butcheek”
MrB: it asks for the username. What am I supposed to write here?
IT: “butcheek”
MrB: oh... Ok. And what's the password?
IT: “butcheek”
MrB:... No... Wait... Ok, “butcheek” is the password but what's the username?
IT: “butcheek”!
MrB: you don't understand, I have to put both username AND password!
IT: I know! “butcheek”! For both username AND password!
MrB: so I have to write “butcheek”-”butcheek”?
IT: yes, “butcheek”-”butcheek”!
MrB: so... “butcheek”...twice? Sounds weird... are you sure?
IT: yes I'm sure! However, you can choose either to write “butcheek” twice or “ASS” once, if you prefer...

So I have that custom-made wifi router I've built. And it uses a USB wifi adapter with AC (wifi5) capability - the fastest one I could find in AliExpress.

I set it up a while ago - the internet access works fine, although speeds are somewhat sluggish. But hey, what to expect from a cheapo on Ali! Not to mention it's USB, not a PCIe...

A few days ago I ran a few speedtest.net tests with my actual AC router and the one I've built. Results were so different I wanted to cry :( some pathetic 23Mbps with my custom router :(

This evening I had some time on my hands and finally decided to have an umpteenth look.

nmcli d wifi
this is what caught my eye first. The RATE column listed my custom router as 54Mbps, whereas the actual router had 195Mbps.

I have reviewed the hostapd configuration sooo many times - this time nothing caught my eye as well.

Googling did not give anything obvious as well.

What do we do next? Yes, that's right - enable debug and read the logs.

> VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities

This is one of the lines at the top of the log. Waaaaiiitttt.. VHT is something I definitely want with ac -- why does it disable that??? Sounds like a configuration fuckup rather than the HW limitation! And config fuckups CAN be fixed!

Turns out, an innocently looking
`wpa_pairwise=TKIP`
change into
`wpa_pairwise=TKIP CCMP`

made a world of a difference!

:wq
!hostapd
connect to the hostapd hotspot and run that iperf3 test again, and... Oh my. Oh boi! My pants fell off -- the speed increased >3x times!

A quick speedtest.net test deems my custom router's download speeds hardly any worse than the speeds obtained using my LInksys!!

The moral of the story: no matter how innocent some configurations look, they might make a huge difference. And RTFL [read the fucking logs]

In the pic -- left - my actual router, right - my custom-built router with a USB wifi adapter. Not too shabby!

Commas.
I fix one display, and another breaks.

Now I’m getting “$$1002.99” and can’t figure out why. Where is this popup coming from? Where does the encrypted URL point to? What does this ajax call do? Where does the amount go? When does it change? Why is it a string now? Where does the total get defined? How far down the rabbit hole do I need to go?

Short short version:

I found something to try fixing. I made some changes, forced a crash to inspect, and… Joy! My log stopped updating. How long have I been debugging on stale data?

Skipping a long debugging session…

I discover a suspect instance var in a suspect method, and… i have no freaking clue where it’s being defined. It’s used in the class, but never defined in it. Oh, and the name is pretty generic, so searching for it is even more fun.

Just.
Qxfrfjkalstf.

WHO WRITES THIS CRAP?!
AND WHY DO PEOPLE CALL THEM “LEGENDS”? Like, really. That’s the word they use. “Legends.” I still can’t believe it.

I'm going to kill management.
After a serious migration fiasco at one of our biggest costumers the platform was finally usable again (after two days instead of 10 hours) and, of course, users started to report bugs. So good old po came in ranting that we as qa did a horrible job and basically tried to fault us for a fucked up update (because we produced user pain, which of course not being able to log in didn't do). Among the issues: If the user has more than a hundred web pages the menu starts looking ugly, the translation to dutch in one string on the third submenu of a widget doesn't work and a certain functionality isn't available even if it's activated.
Short, they were either not a use case or very much minor except for that missing function. So today we've looked through the entire test code, testing lists, change logs and so on only to discover that the function was removed actively during the last major update one and a half years ago.

Now it's just waiting for the review meeting with the wonderful talking point "How could effective QA prevent something like this in the future" and throwing that shit into his face.

I mean seriously, if you fuck shit up stand by it. We all make mistakes but trying to pin it on other people is just really, really low.

So... did I mention I sometimes hate banks?

But I'll start at the beginning.

In the beginning, the big bang created the universe and evolution created humans, penguins, polar bea... oh well, fuck it, a couple million years fast forward...

Your trusted, local flightless bird walks into a bank to open an account. This, on its own, was a mistake, but opening an online bank account as a minor (which I was before I turned 18, because that was how things worked) was not that easy at the time.

So, yours truly of course signs a contract, binding me to follow the BSI Grundschutz (A basic security standard in Germany, it's not a law, but part of some contracts. It contains basic security advice like "don't run unknown software, install antivirus/firewall, use strong passwords", so it's just a basic prototype for a security policy).

The copy provided with my contract states a minimum password length of 8 (somewhat reasonable if you don't limit yourself to alphanumeric, include the entire UTF 8 standard and so on).

The bank's online banking password length is limited to 5 characters. So... fuck the contract, huh?

Calling support, they claimed that it is a "technical neccessity" (I never state my job when calling a support line. The more skilled people on the other hand notice it sooner or later, the others - why bother telling them) and that it is "stored encrypted". Why they use a nonstandard way of storing and encrypting it and making it that easy to brute-force it... no idea.

However, after three login attempts, the account is blocked, so a brute force attack turns into a DOS attack.

And since the only way to unblock it is to physically appear in a branch, you just would need to hit a couple thousand accounts in a neighbourhood (not a lot if you use bots and know a thing or two about the syntax of IBAN numbers) and fill up all the branches with lots of potential hostages for your planned heist or terrorist attack. Quite useful.

So, after getting nowhere with the support - After suggesting to change my username to something cryptic and insisting that their homegrown, 2FA would prevent attacks. Unless someone would login (which worked without 2FA because the 2FA only is used when moving money), report the card missing, request a new one to a different address and log in with that. Which, you know, is quite likely to happen and be blamed on the customer.

So... I went to cancel my account there - seeing as I could not fulfill my contract as a customer. I've signed to use a minimum password length of 8. I can only use a password length of 5.

Contract void. Sometimes, I love dealing with idiots.

And these people are in charge of billions of money, stock and assets. I think I'll move to... idk, Antarctica?

5 stages of failing WIFI connectivity on Linux

This morning I woke up my laptop to start my work day. I have 2 very important meetings today, so I better get all prepared.

"Wifi connection failed"
Syslog says:
- wpa_supplicant: wlp9s0: SME: Trying to authenticate with <MAC>
- kernel: wlp9s0: authenticate with <MAC>
- kernel: wl9s0: send auth to <MAC> (try 1/3)
- kernel: wl9s0: send auth to <MAC> (try 2/3)
- kernel: iwlwifi: Not associated and the session protection is over already...
- kernel: wl9s0: send auth to <MAC> (try 3/3)
- kernel: wl9s0: authentication with <MAC> timed out

#### DENIAL #####

No biggie, let's try another AP (I have 3). All 3 failed to connect. Fine, let's try my phone's hotspot! FAILED!!!!!

w00t.... okay, let's restart the router... but failing to connect to a phone hotspot is already a worrying sign.

Wifi connection failed

wtf.. disable and re-enable wifi

Wifi connection failed

#### ANGER #####

the fuuuuuuck. Maybe my router is dead. But my phone connects to it, no fuss. My personal lappy also connects there easily.

wtf... Does that mean I'm about to lose my uptime?? Come one!! It's Linux - there MUST be something I could do! I don't see processes hanging in D state so the radio must be fine - it's gotta be a software issue!

ChatGPT – type all the log entries manually, via phone (that took a while...). Nothing useful there: update firmware, restart NetworkManager, etc.

#### BARGAINING #####

Alright... How about a USB dongle? Plug it in and wifi connects immediately! Yayyy!!! But that's only b/g/n and I'd very much like to have ac. It works well as a limping backup, but not something I'd use for the meetings.

rfkill block/unblock all the radios. No change. USB dongle connects right away but the PCIe adapter keeps throwing notifications at me with failure messages. It's annoying, to say the least.

So I've already tried
- restarting the router(s)
- disabling/reenabling the radios
- multiple APs
- suspending/waking again several times
- praying

#### DEPRESSION #####

The only thing I haven't tried yet is the most cruel one - restarting the laptop. But that's unfair... It's LINUX! How could it disappoint me. I have so many tmux sessions open, so many unsaved leafpad notes, terminal histories with oh so comfy ^r and ! retriggers all ready and waiting to be executed...

#### ACCEPTANCE #####

But I can't miss the meeting. So I slowly start closing off apps, starting with the least important ones, trying to preserve as much history and recent commands as I can. I'm gonna lose my uptime, that's the inevitable obvious truth... Linux has failed me. Or maybe it's a hardware issue... I can't be sure until I restart.

I must reboot.

#### A NEW HOPE #####
Hold on.. What if... What if before restarting I try to reload the Intel wifi kernel module? Just for the giggles. I've got nothing to lose anyway...

rmmod iwlmvm
rmmod iwlwifi
modprobe iwlwifi
modprobe iwlmvm

*WiFi Connected*

YESSSS!!!!!!!!! My uptime is saved!
403 days and counting! YEAH BABY!!!

Linux is the best!

I previously worked as a Linux/unix sysadmin. There was one app team owning like 4 servers accessible in a very speciffic way.
* logon to main jumpbox
* ssh to elevated-privileges jumpbox
* logon to regional jumpbox using custom-made ssh alternative [call it fkup]
* try to fkup to the app server to confirm that fkup daemon is dead
* logon to server's mgmt node [aix frame]
* ssh to server directly to find confirm sshd is dead too
* access server's console
* place root pswd request in passwords vault, chase 2 mangers via phone for approvals [to login to the vault, find my request and aprove it]
* use root pw to login to server's console, bounce sshd and fkupd
* logout from the console
* fkup into the server to get shell.

That's not the worst part... Aix'es are stable enough to run for years w/o needing any maintenance, do all this complexity could be bearable.

However, the app team used to log a change request asking to copy a new pdf file into that server every week and drop it to app directory, chown it to app user. Why can't they do that themselves you ask? Bcuz they 'only need this pdf to get there, that's all, and we're not wasting our time to raise access requests and chase for approvals just for a pdf...'

oh, and all these steps must be repeated each time a sysadmin tties to implement the change request as all the movements and decisions must be logged and justified.

Each server access takes roughly half an hour. 4 servers -> 2hrs.

So yeah.. Surely getting your accesses sorted out once is so much more time consuming and less efficient than logging a change request for sysadmins every week and wasting 2 frickin hours of my time to just copy a simple pdf for you.. Not to mention that threr's only a small team of sysadmins maintaining tens of thousands of servers and every minute we have we spend working. Lunch time takes 10-15 minutes or so.. Almost no time for coffee or restroom. And these guys are saying sparing a few hours to get their own accesses is 'a waste of their time'...

That was the time I discovered skrillex.

tl;dr:
The Debian 10 live disc and installer say: Heavens me, just look at the time! I’m late for my <segmentation fault

—————

tl:
The Debian 10 live cd and its new “calamares” installer are both complete crap. I’ve never had any issues with installing Debian prior to this, save with getting WiFi to work (as expected). But this version? Ugh. Here are the things I’ve run into:

Unknown root password; easy enough to get around as there is no user password; still annoying after the 10th time.

Also, the login screen doesn’t work off-disc because it won’t accept a blank password, so don’t idle or you’ll get locked out.

The lock screen is overzealous and hard-locks the computer after awhile; not even the magic kernel keys work!

The live disc doesn’t have many standard utilities, or a graphical partition editor. Thankfully I’m comfortable with fdisk.

The graphical installer (calamares) randomly segfaults, even from innocuous things like clicking [change partition] when you don’t have a partition selected. Derp.

It also randomly segfaults while writing partitions to disk — usually on the second partition.

It strangely seems less likely to segfault if the partitions are already there, even if it needs to “reformat” (recreate) them.

It also defaults to using MBR instead of GPT for the partition table, despite the tooltip telling you that MBR is deprecated and limited, and that GPT is recommended for new systems. You cannot change this without doing the partitions manually.

If you do the partitions manually and it can’t figure out where to install things, it just crashes. This is great because you can’t tell it where to install things, and specifying mount points like /boot, /, and /home don’t seem to be enough.

It also tries installing 32bit grub instead of 64bit, causing the grub installer to fail.

If you tell it to install grub on /boot, it complains when that partition isn’t encrypted — fair — but if you tell it to encrypt /boot like it wants you to, it then tries installing grub on the encrypted partition it just created, apparently without decrypting it, so that obviously fails — specific error: cannot read file system.

On the rare chance that everything else goes correctly, the install process can still segfault.

The log does include entries for errors, but doesn’t include an error message. Literally: “ERROR: Installation failed:” and the log ends. Helpful!

If the installer doesn’t segfault and the install process manages to complete, the resulting install might not even boot, even when installed without any drive encryption. Why? My guess is it never bothered to install Grub, or put it in the wrong place, or didn’t mark it as bootable, or who knows what.

Even when using the live disc that includes non-free firmware (including Ath9k) it still cannot detect my wlan card (that uses Ath9k).

I’ve attempted to install thirty plus times now, and only managed to get a working install once — where I neglected to include the Ath9k firmware.

I’m now trying the cli-only installer option instead of the live session; it seems to behave at least. I’m just terrified that the resulting install will be just as unstable as the live session.

All of this to copy the contents of my encrypted disks over so I can use them on a different system. =/

I haven’t decided which I’m going with next, but likely Arch, Void, or Gentoo. I’d go with Qubes if I had more time to experiment.

But in all seriousness, the Debian devs need some serious help. I would be embarrassed if I released this quality of hot garbage.

(This same system ran both Debian 8 and 9 flawlessly for years)

To all you fuckers out there giving bad app rating because some shit does not work on your shitty phone and you are to fucking lazy to report the bug via the fucking "send log to dev"-button that pops up with the exception.
Go fuck yourself.
And to all the user whose bugs I fixed and did not change their Bad rating - fuck you too.
And oh.. The fucktards that did not even install the app and give a Bad rating because i am your competitor - guess what...fuck you.

Today was a manic-depressive kind of day. Spent the morning helping some developers with getting their code to run a stored procedure to drop old partitions, but it wasn't working on their end. It was a fairly simple proc. But working with partitions is a little like working with an array. I figured out that they were passing the wrong timestamp, and needed to add +1 to delete the right partition. Got that sorted out, and things were good. Lunch time.

After lunch I did some busy work, and then the PO comes up at about 2PM and says he's assigned some requests to me. The first was just attaching some scripts. Easy. The second, the user wants a couple of schemas exported ... at 6PM. I've been in the office since 6:45AM.

While I'm setting up some commands to run for the data export, a BA walks up and asks if I'm filling in for another DBA who is out for a few weeks. Yep. There's a change request that hasn't been assigned, and he normally does the work. I ask when it's due. Well, the pre-implementation was supposed to be done in the morning, but it wasn't, and we're in the implementation window ... half way through. I bring up the change task, and look at. Create new schema and users. That's all it says. The BA laughs. I tell I need more to go on. 10 minutes later he sends an email with the information. There's only two hours left in the window, and I can only use half of it, because the production guys have to their stuff, and we're in their window. Now I'm irritated, because I'm new to Oracle, and it's an unforgiving mistress. Fortunately, another DBA says he'll do it, so that we can get it done in time. But can't work it either, because Dev DBAs don't have access to QA, and the process required access for this task. Gets shelved until the access issue is resolved. It's now after 4:15PM. I'm going to in traffic with that 6PM deadline.

I manage to get home and to the computer by 5:45PM. Log in. Start VPN. Box pops on screen. Java needs to update. I chose skip update. Box pops up again. It won't let me log in until Java is current. Passed.

I finally get logged in, and it's 6:10PM. I'm late getting the job started. I pull up Putty and log into the first box, and paste my pre-prepared command in the command line and hit error. Command not found. I'm tired, so it's a moment to sink in. I don't have time for this.

I log into DBArtisan and pull up the first data base, use the wizard to set the job, and off it goes. Yay. Bring up the second database, and have enter the connect info. Host not found. Wut? Examine host name. Yep, it's correct. Try a different method. Host not found. Go back to Putty. Log in. Past string. Launch. Command not found. Now my brain is quitting on me. Why now? It's after 6:30PM. Fiddle with some settings, reset $Oracle home. Try again. Yay. It works. I'm done. It's after 7PM.

There is nothing like technology to snatch the euphoria of a success away from you. It's a love-hate thing, but I wouldn't trade it for anything else. I'm done. Good night.

This was some time ago. A Legendary bug appeared. It worked in the dev environment, but not in the test and production environment.

It had been a week since I was working on the issue. I couldn't pinpoint the problem. We CANNOT change the code that was already there, so we needed to override the code that was written. As I was going at it, something happened.

---
Manager: "Hey, it's working now. What did you do?"
Me: *Very confused because I know I was nowhere close to finding the real source of the problem* Oh, it is? Let me check.
Also me: *Goes and check on the test and prod environment and indeed, it's already working*
Also me to the power of three: *Contemplates on life, the meaning of it, of why I am here, who's going to throw out the trash later, asking myself whether my buddies and I will be drinking tonight, only to realize that I am still on the phone with my manager*
Me again: "Oh wow, it's working."
Manager: "Great job. What were the changes in the code?"
Me: "All I did was put console logs and pushed the changes to test and prod if they were producing the same log results."
Manager: "So there were no changes whatsoever, is that what you mean?"
Me: "Yep. I've no idea why it just suddenly worked."
Manager: "Well, as long as it's working! Just remove those logs and deploy them again to the test and prod environment and add 'Test and prod fix' to the commit comment."
Me: "But what if the problem comes up again? I mean technically we haven't resolved the issue. The only change I made were like 20 lines of console logs! "
Manager: "It's working, isn't it? If it becomes a problem, we'll work it out later."
---

I did as I was told, and Lo and Behold, the problem never occurred again.

Was the system playing a joke on me? The system probably felt sorry for me and thought, "Look at this poor fucker, having such a hard time on a problem he can't even comprehend. That idiotic programmer had so many sleepless nights and yet still couldn't find the solution. Guess I gotta do my job and fix it for him. I'm the only one doing the work around here. Pathetic Homo sapiens!"

Don't get me wrong, I'm glad that it's over but..

What the fuck happened?

Hey Citrix:

FUCK YOU.

Learn to make an accessible log in page you fucks.

Maybe instead of vague fucking "you're user name and password is wrong" say things like "your account is locked because we somehow decided we don't like your password anymore. . . . without telling you"

Fucking 2 hours of my day wasted trying to log into my company's VM because first it wouldn't take my password (that I've had for over a month and doesn't expire for another month) over and over again. I changed it, logged in. Got up to do something that'd take less than 5 minutes. And OF COURSE the people who set up the VM made them log you out if you're gone for more than 3 minutes (fuck that guy too). Come back to a log in screen and it won't accept my new password.

Change it again. Except this time it won't accept my new password because it's "like my old password." It is in that it uses the alphabet and numbers, but it's also different in that those alphanumeric characters are LITERALLY DIFFERENT IN EVERY PLACE. I finally get it to accept a new password.

I'm also loving the whole "answer these security questions that literally anyone who does minimal research on you can answer" before I get to change my password. Yeah. Because finding my mother's maiden name or the city I was born in is so fucking hard. Literally impossible to find out what my Dad's dad's name is. Shit like that isn't publically available. Nope. Why the fuck are we still using "security" questions?

I log into Citrix again. And it takes me to . . . the log in for Citrix.

There is no word in elvish, entish or the tongues of men for this stupidity.

Fuck Citrix. Fuck the people behind the password manager (Aviator or something like that), and fuck whatever administrator setting turns my computer off due to inactivity in such a stupid short amount of time. 10 minutes, 15 minutes, that'd be fine. But it's more like 3 or 5, like wtf.

When you escape the change log...

A client is like: Help! We got a 500 in our wordpress administration panel and there is no error in the log, it must be your infrastructure at fault!

So I calmly replied to them that wordpress handles its errors on its own, and without the appropriate debug flags enabled, doesn't log it anywhere. Even mentioned that a PHP app can change the error handler no problem, and linked them to both, PHP and Word press docummentation.

Didn't hear from them since.

Long story short: University fucked up single sign on.

For every online service I have, I set a different password, randomly generated ~ 20 characters long. At our university we have multiple systems but they offer a single sign on service which is quite nice because it is so non-transparent which service now uses which authorization. I changed my password a while ago and around the same time they also updated our mail client. Since then I am not able to log in which is not a big deal for me because I have mail forwarding.

Yesterday however I needed another service and also got rejected with my password. I knew from a friend that the passwords are fucked up and that some services have different restrictions (only 12 chars max.), so I decided to search how to reset my password. What the fuck was wrong with these people? It takes you five different pages to get the tiniest bit of information how to reset the password. Then on one page you can login with your single sign on and change the password. On that page you can also set the single sign on password, but if you enter an invalid password (in respect of the the other services) guess what? No feedback that you just locked yourself out of half the systems. Nice job. Also the password requirements are not next to the input fields where you change the password. Noo. That would be way to easy, remember the little small one line on the wall of text three pages ago? There you go.

Ok step one done. Now it should work, shouldn't it? Ohh no not so fast. One needs to activate the seperate service. Where you ask? Perfectly fine question. On the top of page four is a fucking one line table which looks like some five year old had some fun in excel. The button which takes you to the activation page is nearly invisible because of the non existing contrast. Also it is not a button but some arrow pointer thingy. Behind set arrow you have a page listing all differnt kinds of services, the description which you find on page two btw. No padding to decipher this shit what so ever. Nearly on the bottom is your needed button. Yes finally.

Finally I want to login, no good. Try again. Still no good. Go back to the fucked up excel table look at my username and think to myself what's the difference here? The table is so small and again no margin or padding. Apparently they cut of the last character of my normal username which i have which is fucking ridiculous.

What is wrong with you people, we are a TECHNICAL UNIVERSITY, is it so hard for you to find someone decend to unify this shit?

Want to make someone's life a misery? Here's how.

Don't base your tech stack on any prior knowledge or what's relevant to the problem.

Instead design it around all the latest trends and badges you want to put on your resume because they're frequent key words on job postings.

Once your data goes in, you'll never get it out again. At best you'll be teased with little crumbs of data but never the whole.

I know, here's a genius idea, instead of putting data into a normal data base then using a cache, lets put it all into the cache and by the way it's a volatile cache.

Here's an idea. For something as simple as a single log lets make it use a queue that goes into a queue that goes into another queue that goes into another queue all of which are black boxes. No rhyme of reason, queues are all the rage.

Have you tried: Lets use a new fangled tangle, trust me it's safe, INSERT BIG NAME HERE uses it.

Finally it all gets flushed down into this subterranean cunt of a sewerage system and good luck getting it all out again. It's like hell except it's all shitty instead of all fiery.

All I want is to export one table, a simple log table with a few GB to CSV or heck whatever generic format it supports, that's it.

So I run the export table to file command and off it goes only less than a minute later for timeout commands to start piling up until it aborts. WTF. So then I set the most obvious timeout setting in the client, no change, then another timeout setting on the client, no change, then i try to put it in the client configuration file, no change, then I set the timeout on the export query, no change, then finally I bump the timeouts in the server config, no change, then I find someone has downloaded it from both tucows and apt, but they're using the tucows version so its real config is in /dev/database.xml (don't even ask). I increase that from seconds to a minute, it's still timing out after a minute.

In the end I have to make my own and this involves working out how to parse non-standard binary formatted data structures. It's the umpteenth time I have had to do this.

These aren't some no name solutions and it really terrifies me. All this is doing is taking some access logs, store them in one place then index by timestamp. These things are all meant to be blazing fast but grep is often faster. How the hell is such a trivial thing turned into a series of one nightmare after another? Things that should take a few minutes take days of screwing around. I don't have access logs any more because I can't access them anymore.

The terror of this isn't that it's so awful, it's that all the little kiddies doing all this jazz for the first time and using all these shit wipe buzzword driven approaches have no fucking clue it's not meant to be this difficult. I'm replacing entire tens of thousands to million line enterprise systems with a few hundred lines of code that's faster, more reliable and better in virtually every measurable way time and time again.

This is constant. It's not one offender, it's not one project, it's not one company, it's not one developer, it's the industry standard. It's all over open source software and all over dev shops. Everything is exponentially becoming more bloated and difficult than it needs to be. I'm seeing people pull up a hundred cloud instances for things that'll be happy at home with a few minutes to a week's optimisation efforts. Queries that are N*N and only take a few minutes to turn to LOG(N) but instead people renting out a fucking off huge ass SQL cluster instead that not only costs gobs of money but takes a ton of time maintaining and configuring which isn't going to be done right either.

I think most people are bullshitting when they say they have impostor syndrome but when the trend in technology is to make every fucking little trivial thing a thousand times more complex than it has to be I can see how they'd feel that way. There's so bloody much you need to do that you don't need to do these days that you either can't get anything done right or the smallest thing takes an age.

I have no idea why some people put up with some of these appliances. If you bought a dish washer that made washing dishes even harder than it was before you'd return it to the store.

Every time I see the terms enterprise, fast, big data, scalable, cloud or anything of the like I bang my head on the table. One of these days I'm going to lose my fucking tits.

When the change log says "fixed bugs and improved performance" only to find the entire application has been redesigned.

Devrant doesnt log you out on one platform when you change your password on other platforms

I've been thinking about how to answer this for a while, but I'll approach it from a different angle. The time I (nearly) lost faith in my dev future wasn't because of a technology, bad programming language or an external influence. It was *me*.

The first job I had after the PhD, I was (in the first couple of weeks) tasked with updating various packages on a live Redhat server. "No problem", I thought, "I've done this before many a time on Debian, easy as pie!"

Long story short, I ended up practically bricking the server because I mistyped and uninstalled something I shouldn't have, didn't understand a piece of configuration, then tried to bodge it back and cocked things up further. Couldn't even log in via SSH, the hosting company had to be called, a serial connection set up, etc.

To say I was mortified, embarrassed and had my pride dented would be a massive understatement. I seriously thought I'd get fired on the spot, and that I should perhaps change careers to something where I couldn't cock things up as much.

...but you can't think like that, otherwise the world leaves you behind. So I picked myself up, apologised profusely, took some relevant training, double checked everything I was doing on that server in future and got back to work. After a few months of "proving myself", it was then seen as nothing more than a rather amusing story, and I became a senior dev there a couple of years later.

updates without a change log make me want to uninstall the app 😫

Fucking Square Enix Website is just a huge pile of shit. NOTHING WORKS!

Wanna change your password? Nah sorry an error occured.

Wanna change your username? Nah sorry I'll just show you a loading symbol forever.

Wanna add a game to your collection? Nah sorry the "add" button is on fucking holiday and doesn't do anything.

Wanna change your avatar? Nah sorry I'll just redirect you and don't do anything.

Most amazing part is where you log in, then get redirected to the home page but it still shows the "Log in" button. Then you click on that "Log In" button and wosh! Home page reloads and tada! You're logged in!

Seriously who let this code into production? Also I know that you're using GraphQL now, due to an error message. Thank you!

Fucking bullshit...

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Not as much of a rant as a share of my exasperation you might breathe a bit more heavily out your nose at.

My work has dealt out new laptops to devs. Such shiny, very wow. They're also famously easy to use.
.
.
.
My arse.
.
.
.
I got the laptop, transferred the necessary files and settings over, then got to work. Delivered ticket i, delivered ticket j, delivered the tests (tests first *cough*) then delivered Mr Bullet to Mr Foot.

Day 4 of using the temporary passwords support gave me I thought it was time to get with department policy and change my myriad passwords to a single one. Maybe it's not as secure but oh hell, would having a single sign-on have saved me from this.

I went for my new machine's password first because why not? It's the one I'll use the most, and I definitely won't forget it. I didn't. (I didn't.) I plopped in my memorable password, including special characters, caps, and numbers, again (carefully typed) in the second password field, then nearly confirmed. Curiosity, you bastard.

There's a key icon by the password field and I still had milk teeth left to chew any and all new features with.
Naturally I click on it. I'm greeted by a window showing me a password generating tool. So many features, options for choosing length, character types, and tons of others but thinking back on it, I only remember those two. I had a cheeky peek at the different passwords generated by it, including playing with the length slider. My curiosity sated, I closed that window and confirmed that my password was in.

You probably know where this is going. I say probably to give room for those of you like me who certifiably. did. not.

Time to test my new password.
*Smacks the power button to log off*
Time to put it in (ooer)
*Smacks in the password*
I N C O R R E C T L O G I N D E T A I L S.

Whoops, typo probably.
Do it again.
I N C O R R E C T L O G I N D E T A I L S.

No u.
Try again.
I N C O R R E C T L O G I N D E T A I L S.

Try my previous password.
Well, SUCCESS... but actually, no.

Tried the previous previous password.
T O O M A N Y A T T E M P T S

Ahh fuck, I can't believe I've done this, but going to support is for pussies. I'll put this by the rest of the fire, I can work on my old laptop.

Day starts getting late, gotta go swimming soonish. Should probably solve the problem. Cue a whole 40 minutes trying my 15 or so different passwords and their permutations because oh heck I hope it's one of them.
I talk to a colleague because by now the "days since last incident" counter has been reset.

"Hello there Ryan, would you kindly go on a voyage with me that I may retrace my steps and perhaps discover the source of this mystery?"

"A man chooses, a slave obeys. I choose... lmao ye sure m8, but I'm driving"

We went straight for the password generator, then the length slider, because who doesn't love sliding a slidey boi. Soon as we moved it my upside down frown turned back around. Down in the 'new password' and the 'confirm new password' IT WAS FUCKING AUTOCOMPLETING. The slidey boi was changing the number of asterisks in both bars as we moved it. Mystery solved, password generator arrested, shit's still fucked.

Bite the bullet, call support.
"Hi, I need my password resetting. I dun goofed"
*details tech support needs*
*It can be sorted but the tech is ages away*
Gotta be punctual for swimming, got two whole lengths to do and a sauna to sit in.
"I'm off soon, can it happen tomorrow?"
"Yeah no problem someone will be down in the morning."

Next day. Friday. 3 hours later, still no contact. Go to support room myself.
The guy really tries, goes through everything he can, gets informed that he needs a code from Derek. Where's Derek? Ah shet. He's on holiday.

There goes my weekend (looong weekend, bank holiday plus day flexi-time) where I could have shown off to my girlfriend the quality at which this laptop can play all our favourite animé, and probably get remind by her that my personal laptop has an i2350u with integrated graphics.

TODAY. (Part is unrelated, but still, ugh.)
Go to work. Ten minutes away realise I forgot my door pass.
Bollocks.
Go get a temporary pass (of shame).
Go to clock in. My fob was with my REAL pass.
What the wank.
Get to my desk, nobody notices my shame. I'm thirsty. I'll have the bottle from my drawer. But wait, what's this? No key that usually lives with my pass? Can't even unlock it?
No thanks.

Support might be able to cheer me up. Support is now for manly men too.
*Knock knock*
"Me again"
"Yeah give it here, I've got the code"
He fixes it, I reset my pass, sensibly change my other passwords.
Or I would, if the internet would work.

It connects, but no traffic? Ryan from earlier helps, we solve it after a while.

My passwords are now sorted, machine is okay, crisis resolved.

*THE END*

If you skipped the whole thing and were expecting a tl;dr, you just lost the game.

Otherwise, I absolve you of having lost the game.

Exactly at the char limit

I can't figure out how to get in contact with Firefox to figure out why every time i log into a website i need for work on Nightly, it states that my username or password aren't on record, and i have to change my password (even when switching browsers). Only started after their last update today, and now that I'm testing other sites, it's multiple sites, but not all.

Ideas? help?

I really like Stack Exchange's change log writing style 😁

Long meeting with a coworker presenting a huge, complicated system to track changes to configuration files.

Basically, whenever someone needs to change a config file, this person is supposed to manually enter an entry to a changelog file, and the build system is supposed to give an error if the person forgets to update the changelog.

At the end of the 1 hour long presentation, I raise my hand and say: "we are already using git for our config files, look:

$ git log <filename>

here you can see the list of changes to the file. What you describe is already available, no need to reinvent it."

Long akward silence in the room.

The presenter: "okay, I will look into that. Any other questions?"

Haven't heard about that project since then.

I love one particular old game. It's called Port Royale (the first one). Why? Because the game crashes a lot. Players know that, devs knew that. It's so old and unknown to people who haven't played that devs don't even fix it. But, but... why do you write it here?

This game tought me autosaving! Yeah, they have autosaving in [5, 10, 15] minute intervals, but the game is so fast, that even a little change you do will cripple your whole economy. Not to mention the saving mechanism is partially broken (or that's what the log says, fml). By broken I mean it tries to autosave, but sometimes it crashes the whole thing, just because it can. A game with special effects - crashing in _intervals_!

Because of this lovely game I have a habit of saving and staging (or even commiting). Maybe they should be proud for making such a bug. Saved me once again a minute ago when I managed to crash Emacs with Python. :D

Other staff: I’m having trouble logging in to website A. My password doesn’t work.

[Me thinking: That’s weird. When I set up your account, the password worked. I told you to change it. So maybe you forgot your new password. We haven’t changed anything to about the login process.]

Me: I reset your password. [sends new password]

Other Staff: The new password doesn’t work. But I can log in with Google.

Me: 😶 Website A does not have sign in with Google. What website are you actually on???

I am about to do the unthinkable.
I am going to a place no dev wants to go.
I am about to take an unhinged decision everyone would warn me against.
I am about to cause a change to my future, whether good or bad I guess I'll find out.

But what I do know, is YOLO.

I'm deploying to production on Friday just half an hour before I log off for the day and come back on Monday.

Wish me luck. I'm gonna need it.

I love software. Seriously, I love it. /s

Transmission is given a bad torrent (which, given that it's a torrent service, you'd expect it handles quite robustly) and completely fucks up. Like, really badly. It doesn't respond to RPC anymore, systemd has to resort to sending it a SIGKILL to get it off the process tree, and the web interface.. yeah. Nothing.

It doesn't log by default, so fine I'll add that to the systemd unit and restart it with debugging options enabled.

# systemctl daemon-reload && systemctl daemon-reexec

Turns out that /var/log/transmission.log can't be written to by my Transmission user. Well shit. Change that to /home/condor/transmission.log.

# systemctl daemon-reload && systemctl daemon-reexec
# systemctl restart transmission-daemon

*blood starts to reach its boiling point*

Still logs in the wrong fucking location. Systemd, I told you to log over there. I did everything I could to make you steaming pile of shit reload that fucking config. What's the fucking problem!?

*about 15 minutes of fighting systemd*
Finally! It spits out a log in the right location! Thank you Transmission and systemd for finally doing your fucking jobs. So a bad torrent it is, hmm...

*removes torrent from .config/transmission/torrents*
Transmission: *still fucking shits itself on that ostensibly removed torrent*

That's it. BEGONE!!!

Oh and don't get me started on the fact that apparently a service needs some 400MB of memory. Channeling your inner Chrome Transmission?

oh FFS my university pissed me off so bad right now that I had to wait 20 min to cool down to be able to write a rant about it...

so, one of the university department offer an email address which is the official university approved email for student packs like jetbrain's. I wanted to renew my jetbrains subscription, but for that I have to get a verification email on that address..
But since the only time I use it is this annual renewal I dont know the webmail's url..
So I search for it on the department pages, services and its nowhere to be found. Finaly I found it on a student maintained wiki page.
I try to log in.. no luck. try another password, still not it. Try all of the passwords that I remember using in the previous 3 year and no luck.
well fck it the password change is managed by a website where I can log in with a different method, so I change the password and try to log in again.
No fcking luck! And at this point I bashed my head against the wall because I found out that the password change takes them about 1 or 2 hours... hours! wtf...

When my mom died in 2014, I was shocked to find that her profile on Facebook was suddenly changed to “memorial” mode and therefore I was no longer able to log into it. (If you’re tempted to tell me I’m dumb for using it, I don’t disagree, but save it for another thread...she and I kept in touch over FB because it was easier for her to manage.)

I think it was triggered by their monitoring of things and seeing keywords like “funeral” and “passed away” associated with her account, then having a person on their end change its status. Or something like that.

What I hadn’t known about (or I would have used it) was the legacy contact setting where she could have set me as the contact so I’d have at least a little access and control. But because of their strict policies, I’m forever locked out.

I get why they need to do this (to avoid fraud and impersonations) but the fact that there are zero documents or proofs I, as the executor of her estate, can provide that Facebook will accept to make an exception seems unnecessarily severe.

Anyone else experience this? Known workarounds?

Had to change password on computer for administrative reasons (sysadmins and infosec make us change our pass every quarter). Changes didn't sync to everything so now I can't even log into my computer.
Need to go to the office tomorrow so some guy can type in an admin password on my pc and do stuff to it. If that doesn't work I will just be given a new laptop.

Seriously fuck this week

When I was in 11th class, my school got a new setup for the school PCs. Instead of just resetting them every time they are shut down (to a state in which it contained a virus, great) and having shared files on a network drive (where everyone could delete anything), they used iServ. Apparently many schools started using that around that time, I heard many bad things about it, not only from my school.
Since school is sh*t and I had nothing better to do in computer class (they never taught us anything new anyway), I experimented with it. My main target was the storage limit. Logins on the school PCs were made with domain accounts, which also logged you in with the iServ account, then the user folder was synchronised with the iServ server. The storage limit there was given as 200MB or something of that order. To have some dummy files, I downloaded every program from portableapps.com, that was an easy way to get a lot of data without much manual effort. Then I copied that folder, which was located on the desktop, and pasted it onto the desktop. Then I took all of that and duplicated it again. And again and again and again... I watched the amount increate, 170MB, 180, 190, 200, I got a mail saying that my storage is full, 210, 220, 230, ... It just kept filling up with absolutely zero consequences.
At some point I started using the web interface to copy the files, which had even more interesting side effects: Apparently, while the server was copying huge amounts of files to itself, nobody in the entire iServ system could log in, neither on the web interface, nor on the PCs. But I didn't notice that at first, I thought just my account was busy and of course I didn't expect it to be this badly programmed that a single copy operation could lock the entire system. I was told later, but at that point the headmaster had already called in someone from the actual police, because they thought I had hacked into whatever. He basically said "don't do again pls" and left again. In the meantime, a teacher had told me to delete the files until a certain date, but he locked my account way earlier so that I couldn't even do it.
Btw, I now own a Minecraft account of which I can never change the security questions or reset the password, because the mail address doesn't exist anymore and I have no more contact to the person who gave it to me. I got that account as a price because I made the best program in a project week about Java, which greatly showed how much the computer classes helped the students learn programming: Of the ~20 students, only one other person actually had a program at the end of the challenge and it was something like hello world. I had translated a TI Basic program for approximating fractions from decimal numbers to Java.
The big irony about sending the police to me as the 1337_h4x0r: A classmate actually tried to hack into the server. He even managed to make it send a mail from someone else's account, as far as I know. And he found a way to put a file into any account, which he shortly considered to use to put a shutdown command into autostart. But of course, I must be the great hacker.

I talk to clients. I prepare the requirements. I design the database structure. I design prototype frontend. I do documentation. I code. I debug. I update change log.

I die.

Why can't big companies like Facebook include a fucking change log I the update description in App Store?

It all started with an undelivereable e-mail.

New manager (soon-to-be boss) walks into admin guy's office and complains about an e-mail he sent to a customer being rejected by the recipient's mail server. I can hear parts of the conversation from my office across the floor.

Recipient uses the spamcop.net blacklist and our mail was rejected since it came from an IP address known to be sending mails to their spamtrap.

Admin guy wants to verify the claim by trying to find out our static public IPv4 address, to compare it to the blacklisted one from the notification.
For half an hour boss and him are trying to find the correct login credentials for the telco's customer-self-care web interface.
Eventually they call telco's support to get new credentials, it turned out during the VoIP migration about six months ago we got new credentials that were apparently not noted anywhere.

Eventually admin guy can log in, and wonders why he can't see any static IP address listed there, calls support again. Turns out we were not even using a static IP address anymore since the VoIP change. Now it's not like we would be hosting any services that need to be publicly accessible, nor would all users send their e-mail via a local server (at least my machine is already configured to talk directly to the telco's smtp, but this was supposedly different in the good ol' days, so I'm not sure whether it still applies to some users).

In any case, the e-mail issue seems completely forgotten by now: Admin guy wants his static ip address back, negotiates with telco support.
The change will require new PPPoE credentials for the VDSL line, he apparently received them over the phone(?) and should update them in the CPE after they had disabled the login for the dynamic address. Obviously something went wrong, admin guy meanwhile having to use his private phone to call support, claims the credentials would be reverted immediately when he changed them in the CPE Web UI.

Now I'm not exactly sure why, there's two scenarios I could imagine:
- Maybe telco would use TR-069/CWMP to remotely provision the credentials which are not updated in their system, thus overwriting CPE to the old ones and don't allow for manual changes, or
- Maybe just a browser issue. The CPE's login page is not even rendered correctly in my browser, but then again I'm the only one at the company using Firefox Private Mode with Ghostery, so it can't be reproduced on another machine. At least viewing the login/status page works with IE11 though, no idea how badly-written the config stuff itself might be.

Many hours pass, I enjoy not being annoyed by incoming phone calls for the rest of the day. Boss is slightly less happy, no internet and no incoming calls.

Next morning, windows would ask me to classify this new network as public/work/private - apparently someone tried factory-resetting the CPE. Or did they even get a replacement!? Still no internet though.
Hours later, everything finally back to normal, no idea what exactly happened - but we have our old static IPv4 address back, still wondering what we need it for.

Oh, and the blacklisted IP address was just the telco's mail server, of course. They end up on the spamcop list every once in a while.

tl;dr: if you're running a business in Germany that needs e-mail, just don't send it via the big magenta monopoly - you would end up sharing the same mail servers with tons of small businesses that might not employ the most qualified people for securing their stuff, so they will naturally be pwned and abused for spam every once in a while, having your mailservers blacklisted.

I'm waiting for the day when the next e-mail will be blocked and manager / boss eventually wonder how the 24-hours-outage did not even fix aynything in the end...

Good change log Twitter !

I have been debugging for like hours trying to figure out the cause an unknown bug spoiling my UI by making my elements overlap.
I'm working on a Unit Converter that takes kWh and then converts to mWh. (Logical Conversion: 1000 kWh = 1 mWh).
Just an easy shit i thought, using Javascript I just passed the dynamically generated kWh value to a function that takes maximum of 6 chars and multiply it by 0.001 to get the required result but this was where my problem started. All values came out as expected until my App hits a particular value (8575) and outputs a very long set of String (8.575000000000001), i couldn't figure the cause of this until i checked my console log and found the culprit value, and then i change the calculation logic from multiply by 0.001 to divide by 1000 and it came out as expected (8.575)

My question is that;
Is my math logically wrong or is this another Javascript Calculation setback?

This is the story of the API documentation.
Which btw I couldn't find on the producent's website anywhere. I had the pdf shared with me by a coworker.

I knew the api was fucked up the moment I looked at endpoint documentation.

GET params? WHERE, ORDERBY etc. Literally make a SQL select in a GET request.

Returned stuff? The whole thing. Not some DTO, you literally get everything you can get.
Eg if you get IP in your response, you get it in several formats: dotted form, as hex, and as int. In 3 different json fields.

Oh, and regarding IP - one would imagine you can use masks or prefixes for subnets, right? Nope. The only param you can use there is the subnet size. So you have to calculate the power of 2 every time you want to make a request.

That's from the endpoint documentation. But what about some general info on the API, before all that?

As I was looking for something, I decided to read that intro and general info about the API.

Okay, so there was a change log between API versions. "removed [endpoint which sounds like correct REST design], please use [this generic thing with SQL-like GETs]"... Several of them.

And there was also this sentence which said that the API is not restful, "it's REST-like". <facepalm>

If it was a bad attempt at REST API, I would let it go. But this sentence clearly showed they knew they did everything wrong. And the changelog showed they didn't stop there, they were actively making it worse.

I'm ashamed of it, but I want to share my tifu-story:
My colleague asked me if I could rename his windows user name because he married and changed his last name. I changed it in the Active Directory, but he got some problems when he wants to log on. On every startup his old name appears. Simpliest task. Let me google that.
Easy going, let me just change this registry entry. Reboot. Old behaviour. Okay, I changed some of the other entries. Reboot. Yeah, his new name appears. But wait a moment. Windows just nulled his entire user profile and deleted all the data. "oh, haha you have a backup, right?" - "no, I saved everything on the desktop, all my work is gone!"
But at the end, the boss was mad at HIM, because he doesn't used the file server or any backup system.

i am not a smart man

2 hour meeting to brainstorm ideas to improve our system health monitoring (logging, alerting, monitoring, and metrics)

Never got past the alerting part. Piss poor excuses for human being managers kept 'blaming' our logging infrastructure for allowing them to log exceptions as 'Warnings', purposely by-passing the alerting system.

Then the d-head tried to 'educate' everyone the difference between error and exception …frack-wad…the difference isn't philosophical…shut up.

The B manager kept referring to our old logging system (like we stopped using it 5 years ago) and if it were written correctly, the legacy code would be easier to migrate. Fracking lying B….shut the frack up.

The fracking idiots then wanted to add direct-bypass of the alerting system (I purposely made the code to bypass alerting painful to write)

Mgr1: "The only way this will work is if you, by default, allow errors to bypass the alerting system. When all of our code is migrated, we'll change a config or something to enable alerting. That shouldn't be too hard."
Me: "Not going to happen. I made by-passing the alert system painful on purpose. If I make it easy, you'll never go back and change code."
Mgr2: "Oh, yes we will. Just mark that method as obsolete. That way, it will force us to fix the code."
Me: "The by-pass method is already obsolete and the teams are already ignoring the build warnings."
Mgr1: "No, that is not correct. We have a process to fix all build warnings related to obsolete methods."
Mgr2: "Yes. It won't be like the old system. We just never had time to go back and fix that code."
Me: "The method has been obsolete for almost a year. If your teams haven't fixed their code by now, it's not going to be fixed."
Mgr1: "You're expecting everything to be changed in one day. Our code base is way too big and there are too many changes to make. All we are asking for is a simple change that will give us the time we need to make the system better. We all want to make the system better…right?"
Me: "We made the changes to the core system over two years ago, and we had this same conversation, remember? If your team hasn't made any changes by now, they aren't going to. The only way they will change code to the new standard is if we make the old way painful. Sorry, that's the truth."
Mgr2: "Why did we make changes to the logging system? Why weren't any of us involved? If there were going to be all these changes, our team should have been part of the process."
Me: "You were and declined every meeting and every attempt to include your area. Considering the massive amount of infrastructure changes there was zero code changes required by your team. The new system simply worked. You can't take advantage of the new features which is why we're here today. I'm here to offer my help in any way I can with the transition."
Mgr1: "The new logging doesn't support logging of the different web page areas. Until you can make that change, we can't begin changing our code."
Me: "Logging properties is just a name+value pair dictionary. All you need to do is standardize on a name and how you add it to the collection."
Mgr2: "So, it's not a standard field? How difficult would it be to change the core assembly? This has to be standard across all our areas and shouldn't be up to the developers to type in anything they want."
- Frack wads smile and nod to each other like fracking chickens in a feeding frenzy
Me: "It can, but what will you call this property? What controls its value?"
- The look I got from both the d-bags I could tell a blood vessel popped.
Mgr1: "Oh…um….I don't know…Area? Yea … Area."
Mgr2: "Um…that's not specific enough. How about Page?"
Mgr1: "Well, pages can cross different areas, and areas cross different pages…what do you think?"
Me: "Don't know, don't care. It's up to you. I just need a name."
Mgr2: "Modules! Our MVC framework is broken up in Modules."
DevMgr: "We already have a field for Module. It's how we're segmenting the different business processes"
Mgr1: "Doesn't matter, we'll come up with a name later. Until then, we won't make any changes until there is a name."
DevMgr: "So what did we accomplish?"
Me: "That we need to review the web's logging and alerting process and make sure we're capturing errors being hidden as warnings."
Mgr1: "Nooo….we didn't accomplish anything. This meeting had no agenda and no purpose. We should have been included in the logging process changes from day one."
Mgr2: "I agree, I'm not sure why we're here"
Me: "This was a brainstorming meeting as listed in the agenda. We've accomplished 2 of the 4 items. I think we've established your commitment to making the system better. Thank you all for coming."

- Mgr1 and 2 left without looking at me or saying a word.

On today's episode of Corporate BS

I must please go update logstash on this server. Okay, so I literally just need to ssh in and run "yum update logstash"

No, I need to apply for temp root access and depending who picks up that ticket, I may have to log a change request

Please tell me why my boss thinks instead of just implimenting a language picker, it's a good idea to:

1) store the browser's language option in the DB only for new users, but only the first time they log in, never again.

2) never give existing users the ability to change language, and just default them to English.

3) deal with all upcoming language change tickets by having devs manually do DB updates ON THE LIVE PROD DB.

I'm screaming.

FUCK FUCK FUCK Windows share feature
just fuck it !
and fuck the people who made it!!!44

ok calm mode on

I had to copy a 30 gb file from my computer to my sister's one, and since the largest pendrive I have is 8gb, and I'm just lazy to split the file into parts, I thought it would be a great idea to copy it over LAN. (tldr: it's not)

First attempt:
Right click on file and share it with everyone = fail
Enable network discovery in sharing settings = still fail
Ohh, right, I just forgot it, disable firewall, it usually solves everything = still fail (2)
Google the problem and try every possible solution = still fking fail

Second attempt:
Ok, when last time I had the same problem, I made a homegroup and it worked.
Let's enable it on my Win10 = it's missing
After some googling: "We removed the home group feature from Windows 10, because why not and we would be fired if the change log was empty."
Ok, fuck it.

Third attempt:
Download a portable FTP server.
Enable it.
Create an account.
It works.

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

Developer just emailed our team a complaint that our logging assembly was resulting in their poor test coverage and they sent a change request to give them the ability to mock the underlying log provider (ex. from the event log to ‘something else’).

Looked at their tests, and they are testing whether or not the .Log was executed (on an exception, if the .Log method was not executed, the test failed), which seemed a bit worthless because we’ve already got coverage in our unit tests.
We had a meeting to discuss the issue.
Me: “I’m OK with changing the logging code if it’s necessary, but I want to understand why.”
DevA: “Logging errors is crucial to the database transaction. If someone removes the logging, the tests should fail.”
Me: “If someone removes the error logging on purpose, then they likely have an agenda and will remove the test validation too. It wouldn’t be an accident.”
DevA: “That’s not my problem. They will have to deal with HR.”
Me: “We purposely prevented someone from intercepting the logging just for that purpose. Your test code already covers the business rule, testing the logging seems out of place. That would like writing a test to make sure the System.IO.File.ReadAllText actually reads all the text from a file. You kinda assume a few smart Microsoft engineers already wrote tests for that.”
DevA: “Yea, I guess that would be silly.”

Got cc’ed an email a little bit ago from DevA to his boss..
“We’re not going to be able to change logging assembly. This may have some impact on our overall test coverage as those lines of code will not get testing coverage. You will have to let the DevMgr know we will not meet our test coverage goals.”

WTF!

I have an issue with my Laravel routing. Can you help me out, @bittersweet?

I have a custom "/home" route called "/admin" and I set the protected property in the LoginController:

$redirectTo = "/admin";

And it works fine, if I log in from guest. But when I navigate to "/login" as auth-user it still redirects me to "/home".

What the fuck is this? What do I have to change to make this work? Who has to be fucked? Is it possible to solve this without sacrificing a virgin at bloodmoon? And why are Platypus so fucking ugly?

Me: Alright, new week, back from vacation fully rested and focused, lets get productive.

Apple(safari 10.3 update): Fuck you.

Basically the change log was:
*fixed critical security bug.
*added more bugs to fix later.

Well fuck you too safari... You disgust me.

The least the fucking imbeciles, or monkeys, behind safari can do is add a fucking css prefix. For fucks sake.

So I work for an IT consulting firm (web development) and was hired by a customer 7 months ago for coaching Git, implementation of VueJS on the front-end and fostering teamwork with devs who'd been in their solo comfort zone for the last 15 years.
I asked for confirmation multiple times on whether they were sure they wanted to go through with a bigger investment in front-end. Confirm they did, multiple times.

After half the team's initial enthusiasm faded (after 1 month), the 'senior' of them who's worked there for 18 years on a single -in the end, failed- project got a burn-out after half a week of showing up (without doing actual work) from the stress, and started whining about it with management that has no technical clue whatsoever. This and other petty office politics lead to the dumbest organizational and technical decisions I've seen in my short 5-year career (splitting a Laravel app that uses the same database in two, replacing docker container deployment with manual ssh'ing and symlinking, duplicating all the models, controllers, splitting a team in two, decreasing productivity, replacing project management dashboards with ad-hoc mail instructions and direct requests).

Out of curiosity I did a git log --author --no-merges with the senior's name on the 2 projects he was supposed to help on, and that turned up... ZERO commits. Now the dept. hired 3 new developers with no prior experience, and it's sad to see the seniors teach them "copy paste" as the developer's main reflex.

Through these 7 months I had to endure increasingly vicious sneers from the IT architect -in name only- who gets offended and hysterical at every person who dares offer suggestions. Her not-so-implicit insinuation is that it's all my fault because I implemented Vue front-end (as they requested), she has been doing this for months, every meeting at least once (and she makes sure other attendees notice). Extra background: She's already had 2 official complaints for verbal abuse in the past, and she just stressed another good developer into smoking again.

Now I present her my timesheet for January, she abuses her power by refusing to sign it unless I remove a day of work.
Earlier this week I asked her politely to please stop her unjust guilt-tripping to which she shouted "You'll just have to cope with that!", and I walked out of the room calmly (in order to avoid losing my nerves). She does this purely as a statement, and I know she does it out of bad faith (she doesn't actually care, as she doesn't manage the budgets). She knows she wields more power over me than the internal devs (I am consultant, so negative reviews for me could delay further salary raises).

I just don't know how to handle this person: I can't get a word in with her, or she starts shouting, and it's impossible to change her (completely inaccurate technological) perception.

When you are creating a tool for a direct client that has no idea about development. She asks you to develop a tool to open a log file and format in a specific way inside Excel.

Ok, this is simple. In about 4 hours I can do that. After delivery and the client has tested, they answer: "Oh, it's working fine. You just forgot to include Y".

Of course Y were not in the initial scope. They supposed it was as it would makes sense to them, but at first they just asked a tool open a log. Ok, not a problem, I will implement it.

Weeks after implementation they answered it was not working with another specific file format (from a not industry default tool), but they have this client and my code should work with it too.

Ok, let's implement that. I had to change some functions and with some extra hours I could make it work. Once more, after delivery, they said the tool has to use a specific formatting for this file extension, that was not only different to the others, but I had to rewrite the entire code to make it work.

At least they paid me some extra hours...

What's so damn hard about a simple change log when you update your app? Or at least point me to somewhere where I can see that. Ugh. Come on.

My website which uses Vue.js (with node) and Flask.I can log into it and change details but then the holidays were over and I lost my already lacking motivation. 😩

Nothing makes me not want to take a full-time job at your company more than having to go through IT tickets every quarter year when my password expires to actually change my password. Why have a fucking self-service portal for employees if logging in with an expired password doesn't work and the reset password link tells me that I need to log in to enroll with security questions (???). It feels like these websites are glued together with sticks and spit and there's a million of them each sporting one specific purpose! I have to go through this shit multiple times since I'm an intern and I didn't have access to my account through the course of the semester. Get your fucking shit together!

I was told to build a logging app for one of the work streams on my project. The lead briefly brainstormed about the data fields they'd need to log and told me to go make it.

I am handing off the app and they ask me what they are supposed to put in each field.

Me: oh [team lead] just told me to put in these fields, but you guys are going to use it so why don't you tell me which fields you need and I can change it easily.

They refuse to tell me how to build the app they're going to use and will definitely complain about it not doing what they want later.

I'm a backend developer who for the last year has been helping the iOS-, Android and Frontend team with rewriting their shit.

Now I got yelled at for not making any new features on the backend, and we need to ship fast. So my manager dropped all further work on our backend, since it clearly needed a rewrite, since there have been no new features which to him indicates bad code that is hard to change.

Now all the developers are rewriting their applications to fit the new backend created by some new guy, which for some reason is stuck in creating a log-aggregator from scratch instead of the actual product.

Random guy messages me on WhatsApp that he needs help, that his friend told him I'm good at blah blah blah.........

the issue: he paid for some random php bitcoin thingy blah blah, sent me a link to the site, pretty straightforward instructions on how to use it. I explained everything to him and he says he wants to tweak the php script before he puts it out.
me: then do it

him: how do I start?

me(in my head): did you not think of this before paying for the script?!

also me: oh well, download xampp, good for beginners, easy to setup.

him: not working! please help me

I knew from the onset that he was a windows user.

he started by running it without admin privileges
I had no idea and kept solving problems that didn't exist until I asked him to snap the log, after explaining how to run a software as administrator, we Solved it

port 80 was taken. had to go through the process of changing the ports, I had to validate every single change.

going through the procedure of reinstalling because he installed to some crappy directory. after all the headaches and then redoing all the processes stated above, it still doesn't work.

one final solution left and I am dropping him like a hot potato. I must have close to a hundred pictures of someone's screen on my phone.

little question: when he types localhost on his browser windows IIS page thingy pops up. I was thinking of changing the server name to localserver: new port address

## Learning k8s

Okay, that's kind of obvious, I just have no idea why I didn't think of it..

I've made a cluster out of a rpi, a i7 PC and a dell xps lappy. Lappy is a master and the other two are worker nodes.

I've noticed that the rpi tends to hardly ever run any of my pods. It's only got 3 of them assigned and neither of them work. They all say: "Back-off restarting failed container" as a sole message in pod's description and the log only says 'standard_init_linux.go:211: exec user process caused "exec format error"' - also the only entry.

Tried running the same image locally on the XPS, via docker run -- works flawlessly (apart from being detached from the cluster of other instances).

Tried to redeploy k8s.yaml -- still raspberry keeps failing.

wtf...

And then it came to me. Wait.. You idiot.. Now ssh to that rpi and run that container manually. Et voila! "docker: no matching manifest for linux/arm/v7 in the manifest list entries."

IDK whether it's lack of sleep or what, but I have missed the obvious -- while docker IS cross-platform, it's not a VM and it does not change the instructions' set supported by the node's cpu. Effectively meaning that the dockerized app is not guaranteed to work on any platform there is!

Shit. I'll have to assemble my own image I guess. It sucks, since I'll have to use CentOS, which is oh-so-heavy compared to Alpine :( Since one of the dependencies does not run well there..

Shit.

Learning k8s is sometimes so frustrating :)

So there I am sitting in front of my laptop, and trying to npm i and I am getting all sorts of sha mismatch errors.

After lot of debug I conclude it is coming from the proxy as it refuses to download and supplies the error page.

It says it's because I'm using the old proxy so they give me the new URL which I set up and it works.

All good until my password expires. I use our bash script to change it. NPM is buggered again throwing the same errors.

Go to IT, tell them the saga begins.

After a countless hours of looking at the log files we notice that the npm registry is set to http instead of the standard https (thanks bash script). so our firewall blocks the download.

Sorted, finally.

Almost. NPM now works fine, but when I go and I play around with node and axios, I get my requests time out. My instinct says its the bloody proxy again.

So I hit up my trusted WIN Support guy and he confirms that the url is not blocked. So he starts monitoring whats going on and turns out, every time I run the node app, node casually ignores the system-wide proxy settings and tries to send the request as the PC rather then my username.

Since the pc's don't have rights on the proxy it is being refused...

Thank fuck for the corporate proxies, without them, I could just develop things not ever learning these quirks of node...

Another rant got me thinking about this.

There must be plenty of us on here who have worked as part of or with a customer support department at some point in our careers.

What is the stupidest idea you've ever heard with regards to support?

To start things off my last place had problems with support, over worked, under staffed and expected to support 12+ versions of the same software, some clients were running installations over 15 years old without ever having applied an upgrade.

The management decided that they would get rid of the conventional triage system for tickets, you know the sort priority 1 would be system down etc.

Instead we had to log tickets at whatever priority the client said it was. Customer report written by the client has a spelling mistake? Yep that's a P1.

Client wants to change the colour of their menu? Yep P1

As you can imagine that went down like a shit sandwich

So a while back I had found a hole in a website's security, one that I has used pretty frequently. I was able to change my cookies and become any user I wanted. The only caveat was that I had to log in as a user in order to get things started. But once I was in I could basically be anyone I wanted to be just by changing a few numbers in the user ID of the cookie. They also did all of their user processing on the client side. Even password checks.

A couple weeks back I decided to go back in to see if anything had changed since then. It did! But not in the way I had thought.

So these guys decided that instead of fixing their security hole, they would have users just contact their people directly in order to get a new account.

Wow that's so much fucking overhead for basically being a lazy shit and not fixing the security holes. I mean how bad is your architecture if you can't go in and fix this?

Not only that I found that they actually stripped all of the users of their original subscriptions. So now if you want to get back on your subscription you'll have to fork over another $399. So that means going to their shitty form filling out your name, your number, email, and just hope that someone contacts you via phone call.

I'm glad I dropped this service. They clearly can't get their shit together.

Don't trust that update with change log -
"Bug fixes and performance improvements".

// Pretty long rant.

Already made some rants some months ago about coding experience in Smalltalk for a school project, but to sum it up :
Because of administrative things, Smalltalk change from option to obligatory course to everyone (we were told that "we had 3 choices out of 3" for options. Not even kidding)

So whole prom got to do a Smalltalk project, a basic shapes editor with Drag'n'Drop and keyboard shortcuts implemented.

But literally everyone didn't get a grasp of the language nor VisualWorks, the IDE. So we got projected in a "Do-it yourself, learn by yourself" project with a language that nobody understood.

Took me 1 week of browsing on Google to find books explaining more than the teacher did. Took me another week to notice that the teacher actually provided VisualWorks's manual. (No one would have noticed if I didn't tell them, and the teacher went silent on it.)

And then the coding started. My teacher thought this project would require something like 20-30 hours of coding. Took me 2 whole months and a half to do moist of the features he asked (only the Keyboard shortcuts weren't implemented, explanation below), and I was the most advanced of whole prom, so I had to answer every single question of fellows. Not complaining, but this took me a lot of time.

But why didn't you ask the teacher ?
- If I ask him every question I had in mind, I would actually harass him since I had too many of them, and I wasn't the only one.
- I actually went twice to his office to ask him question. First question, that was pretty straightforward, I forgot something, blablabla all done. Second time, that was for the keyboard. And then, things are getting even funnier. The teacher didn't have VisualWorks installed on his Mac, so he tried to install it while I was waiting. And he took too long time to actually launch it, because VisualWorks asked for him to log in, to provide an email, the download is a little long thanks to the network and the size, etc. When he finally was able to launch it, I had some classes to attend, so he couldn't answer. And since then, I had no time because last year, flooded with work, exams, classes ,etc.

All of that to have only 13 out of 20. I kinda shrugged, knowing that I wouldn't get more, and said that Smalltalk will only be a line of my resume.

Pretty long rant, sorry about that, but had to explain so you can see how bad it was to me.

Today our customer tried to change the log dir of Kafka. Too bad he did not change the intended log4j.log, instead he changed the log.dir where kafka writes his data.

He basically tried to change the tires at 180km/h at the Autobahn. Only god knows how he managed to get the tires off. After that he slided a kilometer on his rims and wondered why the car wouldn't drive anymore.

Consumers fucked, Topics fucked and Producers fucked

When the school district decides to change the passwords to every school related account of every student in your grade. Right before you take an online quiz. (They do this every year for the sophomores to make them change their passwords but they usually do it the first day, not two weeks in) Couldn't even log into the school computers, the site to check our grades, anything. Nice job guys, purposely reset passwords in the middle of the day.

Gitkraken's Glo latest change log.

Gotta love this team <3

macs... I know I didn't like them before, but recently I wanted set up a vpn on another person's pc and first it didn't want to install because it was a third party program. understandable, change security settings, try again, works. and now... EVERY TIME the user wants to connect it asks for a password, because the vpn client is "changing system settings". whenever the pc is locked, it disconnects and asks for a password whenever you log in again.

The saying that macbooks "just work" has to be extended to "the most basic functionality kind of works, most of the time".

Or maybe I'm just ignorant and unable to handle the glory of mac osx

Magento Debugging Horror!
Changing lots of things in magento with no problem. Continuing development for quite sometime. Suddenly decide to clear cache to see affect of a change on a template in frontent. Suddenly magento crashes! There's no error message. No exception log. No log in any file anywhere on the disk. All that happens is that magento suddenly returns you to the home page!
Reverting all the changes to the template. Clear the cache. Nope! Still the same! Why? Because the problem has happened somewhere in your code. Magento just didn't face it, because it was using an older version of your code. How? Because magento 2 even caches code! Not the php opcache. Don't get me wrong. It has it's own cache for code, in a folder called generated. Now that you cleared all the caches including this folder, you just realized that, somewhere something is wrong. But there is no way for you to know where as there is absolutely no exception logged anywhere!
So you debug the code, from index.php, down to the deepest levels of hell. In a normal php code, once the exception happens, you should see the control jumps to an exception handler, there, you can see the exception object and its call stack in your debugger. But that's not the case with magento.
Your debugger suddenly jumps to a function named:
write_close();
That's all. No exception object. No call stack. No way to figure out why it failed. So you decide to debug into each and every step to figure out where it crashes. The way magento renders response to each request is that, it calls a plugin, which calls a plugin loop, which calls another plugin, which calls a list of plugins, which calls a plugin loop, which calls another plugin.....
And if in each step, just by accident, instead of step through, you use the step over command of your debugger, the crash happens suddenly and you end up with the same freaking write_close() function with no idea what went wrong and where the error happened! You spend a whole day, to figure out, that this is actually a bug in core of magento, they simply introduced after your recent update of magento core to the latest STABLE version!!! It was not your mistake. They ruined their own code for the thousandth of time. You just didn't notice it, because as I said, you didn't clear the `generated` folder, therefore using an older version of everything!
Now that after spending 7 hours figuring out what has failed with absolutely no standard way of debugging and within a spaghetti of GOTO commands (Magento calls them plugin), why not report it to github? So you report it with a pull request. This also takes 1 hour of your time. Just to next day get informed that your pull request is rejected because another person already fixed the bug and made the same pull request. It was just not on the latest stable version yet!
So you decide to avoid updating magento as much as possible. Because you know that the next Stable version will make your life and career unstable. But then the customer complains that the Admin Panel is warning him of using old Magento version which might pose SECURITY THREATS!

There is a pretty popular job search site I have used for quite some time. I wanted to close my account due to spam phone calls and emails. The website has no ui for closing your account. I fly into a fit of rage and change my email address to 20 random characters @gmail.com. Now I still have an account there but can't log in. Still getting the spam.

PSA: If you want to change your password on devrant.io, log out and click Forgot Password.

>finally gets around to installing vsftpd on home server RPi
>doesn't work
hmm.mp2
>configurating
>confusing as fuck template documentation
>man page isn't much better
>gets it working
>goes to log in
User: pi
Password: a
(What? It's a home file/command server isolated from the Internet. Sue me.)
nope.avi
>why
>tries again
nope.svg
>FUCK
>sees small raw-command log in bottom-right of phone FTP client
hmm.flac
>tries again, watches log
PASS *****
>the fuck
>goes to change user pass over SSH
# passwd
"Current password?"
about half a second later
"passwd: auth token manipulation denied"
>the delay tho
>WAIT A SECOND
one time i got past some parental software bullshit on a tablet by abusing the delay between opening a banned app and the redirect to the normal software at like age 7. (Doing so let me enable remote wipe through Google. bye bye software!)
>*inner 7 year old has autistic screech*
# nano temp
a
abcdefghi
abcdefghi
^O Y ^X
# passwd < temp
>fucking works
>logs in to FTP server successfully
>does the one file download that was needed

why and how did that fucking work

So a web developer is driving home from work when his girlfriend phones him. She says her sister can't log into Windows anymore even though she didn't change her password!

What happened?

Not really a bad review, just that one change was to remove a log where the message was nonsense text I put just to figure if the code block is reached! I felt so unprofessional

You know what is THE stupidest and most fucking anoying thing ever? (And partially my fault) I recently reinstalled Ubuntu on my device, meaning I lost my SSH keys. Today I wanted to make a quick change to a website hosted on digitalocean. Now as per good practice I had disabled the root account and the only way to log in is via SSH or using their web terminal. Obviously I couldn't use SSH so I had no choice but their awful web terminal. Not only is it laggy as balls but it would keep hanging up meaning I had to close it and start again. As if that wasnt fucking frustrating enough all I wanted to do was add my new SSH so I could just use my terminal. But NO you can't fucking paste anything into their terminal! Like what the fuck? How can you not have this basic functionality in 2017???

some call
- yo bro do you have some time ?
- quick cause I'm taking a dump
- I think I have been hacked, got black screen kernel panick, linux freeze seldomly I have to reboot, no internet connexion
- save your stuff and reinstall linux
- I don't have enough stockage to backup
- Then buy one and save, probably either OS is fcked up or you have some hdd problems

Time that it will take: ~30min to reinstall whole shit
Peace duration: ~2years

Later on the same day
aunt
- I can't log into windows
- Did you change the password ?
- Yes but it does not work anymore
* looking at shit
* logs successfully. Reason: interface changed after automatic update.
* wait.
* wait some more so fucking windows fucking starts
* Desktop is ugly as fck.
* Some stupid settings messed up (like high contrast set, black theme or so)

aunt (the same)
- I can't log into my (other) laptop either
* logs
* wait more more more

Guess what: automatic updaaaates. Freezes 100%cpu

* Being a very experienced user: wait before reboot because this suckass os will probably fail to boot otherwise
* Blackscreen with a percentage: Installing updates...
* reboots
* Blackscreen with a percentage: Installing updates continuing...
* finally boot (feels like a miracle windows succeeds lol)
* still slow
aunt now sleeps
* look at running process and install programs
* sees shits like camera recognition (vendor installed), candycrush
* occasionnaly get adds

time lost: 2h
peace duration: ~3month

FFS I am a dev, not a fucking trash lover
It is already pain to fix someone os, but windows is the cream of cream

It brings no ease of use for novice user
It is so insanely slow
It has stupid settings set up by default!!!!!!!! Who FFS wants candycrush and ads
The maj are so fcking hazardous. It is 2022 pretty much the same as 15y back then. Updates take fucking eternity. And needs reboot. and are not even finished!!!

I swear I am gonna stretch my ass and install linux and any fckin other toolsuite needed so they can use Micro$$ word, which is the only fucking usecase they need windows for in the first case anyway
I SO wish this OS would die

I mean, even more than safari

Just spent 10 minutes wondering why my change log hadn't updated after I knew I made a change to a file.

I updated the public version instead of the src.

So a few months ago I decided to use Slim Framework for the smaller projects. I chose it mainly because of the number of the recommendations here when I asked for help. The other reason is the PHP version of our server (which we can't change unfortunately). Everything about Slim is pretty awesome. It's easy to use and stuff - but without virtual hosts, I can't run multiple sites written with it on our server. The last uploaded one always wins in selecting vendor and config paths, and so the older ones want to use those new paths, too. This generates a lot of errors in the log and of course, we can't load completely any sites but the last uploaded one. We've tried everything until now, so guess we need a workaround.

I might sound stupid, but why don't solo-developers use things like dropbox for active file history that keeps track of every change and also gives diff options and up to 1 year log - instead of git?

Don't get me wrong, git is amazing when you have to work with a team or multiple people in general, but it's simply a pain in the ass when working alone and having to keep track of every state yourself.

I've been wondering about renting a new VPS to get all my websites sorted out again. I am tired of shared hosting and I am able to manage it as I've been in the past.

With so many great people here, I was trying to put together some of the best practices and resources on how to handle the setup and configuration of a new machine, and I hope this post may help someone while trying to gather the best know-how in the comments. Don't be scared by the lengthy post, please.

The following tips are mainly from @Condor, @Noob, @Linuxxx and some other were gathered in the webz. Thanks for @Linux for recommending me Vultr VPS. I would appreciate further feedback from the community on how to improve this and/or change anything that may seem incorrect or should be done in better way.

1. Clean install CentOS 7 or Ubuntu (I am used to both, do you recommend more? Why?)
2. Install existing updates
3. Disable root login
4. Disable password for ssh
5. RSA key login with strong passwords/passphrases
6. Set correct locale and correct timezone (if different from default)
7. Close all ports
8. Disable and delete unneeded services
9. Install CSF
10. Install knockd (is it worth it at all? Isn't it security through obscurity?)
11. Install Fail2Ban (worth to install side by side with CSF? If not, why?)
12. Install ufw firewall (or keep with CSF/Fail2Ban? Why?)
13. Install rkhunter
14. Install anti-rootkit software (side by side with rkhunter?) (SELinux or AppArmor? Why?)
15. Enable Nginx/CSF rate limiting against SYN attacks
16. For a server to be public, is an IDS / IPS recommended? If so, which and why?
17. Log Injection Attacks in Application Layer - I should keep an eye on them. Is there any tool to help scanning?

If I want to have a server that serves multiple websites, would you add/change anything to the following?
18. Install Docker and manage separate instances with a Dockerfile powered base image with the following? Or should I keep all the servers in one main installation?
19. Install Nginx
20. Install PHP-FPM
21. Install PHP7
22. Install Memcached
23. Install MariaDB
24. Install phpMyAdmin (On specific port? Any recommendations here?)

I am sorry if this is somewhat lengthy, but I hope it may get better and be a good starting guide for a new server setup (eventually become a repo). Feel free to contribute in the comments.

How do you feel about not creating database tables for objects that only exist in relations?

For example, I have made a wiki engine. Because nothing on wiki pages can actually change, they aren't an entity. Revisions are an entity, and they refer to the title of the page which was changed. The same application also includes two non-version-controlled directed graphs between the pages (element of category and navigation log), which are represented by tables that link two titles. Of course the indexes are all set up so that it works like a foreign key would, but there is no Page or Article table.

3 weeks back took a bug..
**long rant**

Looked into it and found that it is exist in older version(say V1) as well.
Sent mail to client stating i can fix this in current version (say V2). Since V1 is already released and our current code stream is V2 and so if we fix in V2 , the code will not reach V1 code base.
**explained to client**

Client : I mean if you fix why it won't work in older release.

Me: Explains how code streams will work.

Client : Okay.. but it will support the functionality in V1 , right ?

Me: (*internally* are fucking kidding me? It won't work dumb ass.) No. It won't work in older versions. I am fixing it in V2.

client: okay.. Let's proceed.

Me: Done code changes. Send code to review. (we have to send review to upper level manager).

Manager1 : I didn't liked this part. can you change this ?
Me : sure. Done.

Manager1 : Now i liked it. Sent review to Manager2.

Me: why the fuck ? Are you not sure about my changes are good?
Manager 2: I liked it, but need some log changes.
Me: Fuckkkk...... Let me change this.. Done. Now can I promote those changes?

Manager2: No we need to send review to client manager as well.

Me: Goddammit.. Okay.. sent review.

*After a fucking week..*
Client Manager : Looks good. Push the code.
Me: Finally..

(This process took 18 days which would have been completed in 3 days if there is only one peer review)

Now the other guy from client whose tracking the bugs reported why it took so long to fix it.

I think my client manager is over paid and can't even know how his company code stream works. Fuck you . why client has these lazy ass old fucking "I don't look into my email" type people. God I hate these "I am in rich country" people.

I have to build a database migration that generates user handles. The user handles are unique within an organization. The user can change them. The auto generated handles are either the first name + last name, or the business name depending on which user type it is. Unless it would be a duplicate. Duplicates auto increment if the handle is taken. The character limit for a user handle is the same length as first name plus last name so I have to check for possible overflow if I add digits. I also have to see if the generated name is in the DB already because a user could have custom entered the result of the auto generation.

This has to be programmed async. The DB driver is using a transaction but multiple calls have to be made to check if the generated handle exists for that organization. Also I have to check the migration script itself for possible duplicates. 3/4 of the users have a handle and with the scale there will definitely be duplicate names.

My idea is if there is a collision, use a UUID and let the users pick something nicer next time they log in. Business says “Reeeeeee!!!! The users shouldn’t see a UUID!!! You can do this!!!” Absurd uniqueness requirements. Absurd backfill procedure. Absurd business rules.

I’m working on a new app I’m pretty excited about.

I’m taking a slightly novel (maybe 🥲) approach to an offline password manager. I’m not saying that online password managers are unreliable, I’m just saying the idea of giving a corporation all of my passwords gives me goosebumps.

Originally, I was going to make a simple “file encrypted via password” sort of thing just to get the job done. But I’ve decided to put some elbow grease into it, actually.

The elephant in the room is what happens if you forget your password? If you use the password as the encryption key, you’re boned. Nothing you can do except set up a brute-forcer and hope your CPU is stronger than your password was.

Not to mention, if you want to change your password, the entire data file will need to be re-encrypted. Not a bad thing in reality, but definitely kinda annoying.

So actually, I came up with a design that allows you to use security questions in addition to a password.

But as I was trying to come up with “good” security questions, I realized there is virtually no such thing. 99% of security question answers are one or two words long and come from data sets that have relatively small pools of answers. The name of your first crush? That’s easy, just try every common name in your country. Same thing with pet names. Ice cream flavors. Favorite fruits. Childhood cartoons. These all have data sets in the thousands at most. An old XP machine could run through all the permutations over lunch.

So instead I’ve come up with these ideas. In order from least good to most good:

1) [thinking to remove this] You can remove the question from the security question. It’s your responsibility to remember it and it displays only as “Question #1”. Maybe you can write it down or something.

2) there are 5 questions and you need to get 4 of them right. This does increase the possible permutations, but still does little against questions with simple answers. Plus, it could almost be easier to remember your password at this point.

All this made me think “why try to fix a broken system when you can improve a working system”

So instead,

3) I’ve branded my passwords as “passphrases” instead. This is because instead of a single, short, complex word, my program encourages entire sentences. Since the ability to brute force a password decreases exponentially as length increases, and it is easier to remember a phrase rather than a complicated amalgamation or letters number and symbols, a passphrase should be preferred. Sprinkling in the occasional symbol to prevent dictionary attacks will make them totally uncrackable.

In addition? You can have an unlimited number of passphrases. Forgot one? No biggie. Use your backup passphrases, then remind yourself what your original passphrase was after you log in.

All this accomplished on a system that runs entirely locally is, in my opinion, interesting. Probably it has been done before, and almost certainly it has been done better than what I will be able to make, but I’m happy I was able to think up a design I am proud of.

Experience with Plasma Mobile, part 2.

I was able to clone the official master repository and commit my hacks to it, but when I sent the pull request, the current active maintainer said that the master branch was actually severely out of date and to try the "halium-flash" branch.

So I did. I checked out the "halium-flash" branch and attempted to install Plasma Mobile. The bash file used to flash the phone still needed to be hacked around, though my previous commit was made irrelevant by the change. However, I did get it working on my phone.

So, here are my thoughts: It's most definitely not ready. The lock screen looks pretty and is well put together, and the "desktop" and icons for applications look very nice.

However, my phone does not have a physical "home" button, and Plasma Mobile to date does not have a digital "home" button. So, in order to close an application I have to literally reboot my phone.

As of yet there seems to not be any tactile feedback or visual feedback, which is odd when typing in the passcode to log into Plasma Mobile or trying to open an application.

Firefox crashes if you try to open it, and currently there are two choices of wallpaper. I haven't tried calling someone, but I'm fairly certain that Plasma Mobile does not support telephony on my phone type.

So, my verdict is still the same: I have great hopes for the Plasma Mobile project, but unless you are a developer who is interested in making it a better product, I would stay away for now.

Dashlane sucks. It’s the absolute worst password manager ever. Not a day goes by when it tries to log me into a site incorrectly, forgets a password, freezes up, etc. Yesterday I attempted to very carefully change the master password and it locked me out with the new password. Had to reset using the revoke process and it sent me back 6 months in time. Now I have to reconstruct all my logins a day before I go on vacation. I’m stuck with it because my employer reviewed LastPass and decided Dashlane had a few features LastPass didn’t that they really need. Seriously, SCREW DASHLANE!!

Not really a programming rant, but still very annoying. It is almost 2017 and so I will need to get my health insurance sort out. You would think that it isn't that big of a deal, but almost everything can only be done by calling the insurance company. Even when you can log in with digID (a dutch digital identification system), you still can't change the insurance on the internet.
Come on guys we live in 2016! Something simple like insurances should you be able to fix online!

😂😂😂 mfw redid all my logging statements today to change sentences into keyvalue pairs (for log querying) and the script broke due to an invalid parameter reference in one of the debug statements.

Causing more errors trying to prevent errors smh

I feel in love with mediums change log.

Technical lead decides to change some transitively resolved dependencies to Maven with some configurations not existing, 2 days before release to production. Thanks to our none existing regression tests, no users can log in after releasing. Guess who can fix it ASAP (of which business thinks it means, in half an hour)

Compare and harmonize the web configs

Oh no someone set execution timeouts to 14 days

Fuck fuck fuckity duck

Hey compare all the web configs of all environments and harmonize them all wtf cmon bruh do your job as a developer

Take them and back them up into svn. What do you mean svn isn't a back up system of course it is well its the only thing we have fuck

What do you mean we have shit logging where people will catch an exception and only print the word exception in the log you can figure it out can't you we have live produxtion issues that hace to be solved now what the fuck

How dare you make a. Mistake copying our shitload of a bloated codebase and configuring our 100s of different options all by fukcing hand what the fuck dude do yoh write anyrhing down?

Please catalogue all the exception mails we are getting but we have no db or error reporting system so they all just plop into tue inbox and thats all ypur fuckjng data figure it out kid

This is a rewarding, fulfilling job whwrw you can be both dev ops and a developer and manage all of our fucking environments of which there are about 15 of all your own with no sort of tool or software to aid you because haha what the fuck we wouldn't make your life easy

Whata that you want to spend time to write stuff or change stuff that will nake it easier fot you fuxk that bruh get back to your biklable tasks like holy shit you thjnk this is a charity ofr aomw shit

Live production issues
Live production issues
Produxtion issues. A ghost in the machine. Find it fix if find it fix it find it fix it cmon why can't you fix it I expect you to spend your day hopelessly pretending to try to solve something you fucker

One of the only peopel able to help you sometimes though hes a bit of an old laxky, yeah hea fucking leaving see ya seeya kid and now we're not hirinf anyone to fuckjng help you no no no managing and monitoring the environments its your jov alll fof them every sngle on do you knkw all the xonfiguraiton values for them yet??

Instead we are hiring a new sales person to fucking make us some more money and we don't need naother seceloper to help you infqct lets have you use this mid end retail computer from 2014 to develop on yeah yeah oh but all our shitty code and visual studip will destry your memory but too bad!! Hahahahahdhsj

Go lice is all you, why sare you so slow

How long will it take
How long will it take
How long will it take
How long witll it tqk2
How long will it take holy shit
Give time estimate for sonethign that I don't fucking know how about it will tqke till fuxk you oxloxk

Algolia says:
"So our price widget doesn't allow decimals, you'll have to create a custom widget"

I do it.

"Hey, It's not working and I verified it's applying the filter correctly. I noticed my price is a string in your index, maybe that's incorrect and causing it to not work?"

They say: "Yep, you'll need to run an update to fix that and change all to floats" (charges an arm and a leg for the thousands of index operations needed to update the data type)

I clear the index and send a single one as a test, verifying it's a float by casting it using (float) then var_dumping. It shows "double(3.99)", but when it gets to Algolia, it's 0.

So I contact support.

"Hi, I'm sending across floats like you say but it's receiving it as 0, am I doing something wrong? Here's my code and the result of the var_dump"

They respond: "Looks like you're doing it right, but our log shows us receiving 3.999399593939, maybe check your PHP.ini for "serialize_precision" and make sure it's set to -1"

I check and it's fine, then I realize that var_dump is probably rounding to 2 decimal points so I change my cast to (float) number_format($row['Price'], 2) and wallah...it works.

Now I've wasted days of paying for their service, a ton of charges for indexing operations, and it was such a simple fix.

if they had thrown an error for the infinite decimal, that would have helped, but instead I had to reach out to find out that was the issue.

#Frustrated.

!ng5

Out of nowhere my directive stops working... Didn't change anything there in die last weeks.😥
No console Errors and no console log entries i added.

Why? 😥

Relatively often the OpenLDAP server (slapd) behaves a bit strange.

While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.

Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?

To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...

The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).

But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.

The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.

PR done and dusted. Welp! Somehow all permissions on files have been changed. I didnt change it. Wtf happened? Log search turns up I did change it while resolving merge conflicts. I don't know how. Anyway now I am spending my afternoon working on the vaguest fucking issue and reverting back all file permissions. Might have somehow fucked up two repos and will have to fix them all. Kill me. Now

Nothing quite so frustrating as intellij resetting your code styles. You put them back as best you can and they get put back to default again.

So you log in to every computer you use, disable settings sync, and do it AGAIN only to find some of your code styles settings aren't even available anymore. So now you have to be extra careful formatting a document doesn't change things you've had just the way you wanted for years.

But realistically, what other option does a person have?

Anyone else unable to get into Oracle Cloud right now?

When I log in, it forces me to change my password then just hangs

Am I the only one who's hands start shaking when about to send "CHANGE MASTER TO" on a dev server?

Happened to me yesterday, replication got stuck after corrupting a relay log file when the database segfaulted under my hands.

I could check and recheck the positions I was about to reset it to a bilion times and I was still nervous!

>Be me
>Have the COMPAL modem with the DOCSIS OS
>Change my bedroom router's IP to static after doing factory reset on the modem
>As expected, I get booted from the modem settings page
>Cannot log in now, because "another user is already signed into the modem settings page"

Stupid piece of silicon waste, whyyyy. I hate that thing, ugh!