C: application not working
Me: k. What changed?
C: we didn't make changes
Me: k... *gets a tech team (W) on the phone*
W: Hey, what's broken?
Me: C's application. How do things look?
W: running healthy. I'll check logs.
Me: thanks. *gets tech team (S) on the line*
S: hey, everything clear on our end, will check logs.
Me: thanks *gets tech team (U)*
U: hey! They asked us to deploy their new version today during normal deployment time. Is it acting up?
Me: C, what did you change?
C: nothing major, just how we connect to W and S...
W&S: are you shitting me???
Me: U, will you please roll it back?
C: no! Must stay on this version, you need to fix your side!!
Me: nope. *calls U boss (UG)*
UG: U, you have my permission to roll back, they need to fix. C, if your boss doesn't like it, have them call me.
*rollback fixes problem*

IF I FUCKING ASK YOU WHAT THE FUCK YOU CHANGED, YOU BETTER TELL ME THE TRUTH, OR I WILL STRIP YOUR CODE OFF OUR FUCKING SYSTEMS AND SHOVE IT DOWN YOUR THROAT. MY JOB IS TO HELP YOU AND YOU NEED TO BACK TO FUCK UP AND NOT GET IN THE WAY OF MY JOB OR YOU WON'T HAVE ONE ANYMORE.

Manager: THE SERVER IS DOWN THE SERVER IS DOWN!!!!

Dev: Ok I’ll look into it

*5 mins later

Dev: Wow these are really strange logs, it’s like config values are being changed all over the place while I’m looking at it

Manager: Well I figured while you were looking into it I’d go i to the server settings and change everything I could find in order to try and get the server back up again. Two sets of hands are better than one, Is it up yet???

Dev: …No.

Manager: I THOUGT YOU SAID YOU’D LOOK INTO THIS. I NEED ANSWERS NOW. WHAT IS TAKING SO LONG?!?!?

Dev: …

Sister = bee ( who isn't a stranger to Ubuntu)
Me = Cee

Bee: can I use your laptop?
Cee : why ? Use yours ,it's works fine.
Bee : no I want to use yours and I need to work with windows.
Cee: 🤯
Bee : my work can only be done using windows.
Cee : fine do whatever ( doesn't want to argue )
* Le bee opens MS word, and starts her work *
Cee : 😤😤Seriously?
Bee : I don't like libre
Cee : 😑😑😑^∞
* Few moments later *
Bee : my work is done ,you can have your laptop,btw it's updating.
Cee : 😑😑😑😑😑
* 2000 years later *
*Opens Ubuntu *
*Getting a weird bug*
*Tried to fix *
*Can't open OS files * 👏👏👏🎆
* Windows not shutdown properly *
* Opens windows *
* Not able to login via pin *
* Password ? not accepted *
* Changes outlook password *
* Please chose a password you haven't chosen before *
* Logs in *
* types old pin to change pin *
*You've entered wrong pin too many times *
*System hanging a lot *
* Removes pin *
* Gets huge mcAfee restart system popups , every 10 sec *
* Just shutdown , feels irritated for the rest of the day*

* Regrets dual booting, shd have wiped the windows partition 😫😫*

*Wonders,what the hell did my sister even do to my laptop ?*

Root: Fleshes out missing data in some factories. Tests affected code and finds the change breaks some specs (but shouldn’t).

Root: Reaches out to spec author.

Root: Messages thundercunt (the ticket’s code reviewer) on slack about the specs and the reaching out. No response.

Root: Works on another ticket while blocked.

Root: Logs off.

Root: Talks with spec author chick in the morning. Decide to pair on specs later.

TC: Still no slack response.

Root: Gives update in standup. Mentions factories and broken specs. Mentions pairing with spec chick.

TC: Still no slack response.

Root: Pulled off tickets in favor of prod issue. Gets ignored by everyone else diagnosing prod issue. Investigates prod issue by herself. Discovers prod issue isn’t from bad code, but bad requirements — code works as requested. Communicates this with details. Gets ignored by people still diagnosing prod issue. Tries again. Gets ignored. Gives up. Works on non-blocked tickets instead.

TC: Still no slack response.

Hours later:

TC: Comments on PR telling me I broke specs (how did I not notice?), that I need to reach out to spec chick and work with her, and that I can’t resolve the ticket until it’s fixed and passes code review.

TC: Still no slack response. (21 hours later at this point)

TC: Logs off. Still no response (25 hours at this point)

———

Ignoring the prod issue for the moment…

I broke specs. No shit.
I need to talk with spec chick. No shit.
I can’t resolve the ticket. No shit!

Bitch, I told you all of this 21 fucking hours prior, and again 3 hours prior during standup. But no, I clearly “don’t communicate” and obviously have no bloody clue what I’m doing, either, so I need everything spelled out for me.

And no, I didn’t resolve the fucking ticket. Why the fuck would I if it still has pending changes? Do you even check? Ugh!

And what the fuck with that prod issue? I’m literally giving you the answer. fucking listen! Stupid cunts.

Why is it all of the women I work with are useless or freaking awful people? Don’t get me wrong, many of the men are, too, but I swear it’s every single one of the women. (Am I awful, too?)

Just. Ugh.
I can’t wait to leave this sewer of a company.

Oddly still a good day, though. Probably because I talked to recruiters and sent out my resume again.

Dev: “Ughh..look at this –bleep- code! When I execute the service call, it returns null, but the service received a database error.”
Me: “Yea, that service was written during a time when the mentality was ‘Why return a service error if the client can’t do anything about it?’”
Dev: “I would say that’s a misunderstanding of that philosophy.”
Me: “I would say it’s a perfectly executed example of a deeply flawed philosophy.”
Dev: “No, the service should just return something that tells the client the operation failed.”
Me: “They did. It was supposed to return a valid result, and the developer indicated a null response means the operation failed. How you deal with the null response is up to you.”
Dev: “That is stupid. How am I supposed to know a null response means the operation failed?”
Me: “OK, how did you know the operation failed?”
Dev: “I had to look at the service error logs.”
Me: “Bingo.”
Dev: “This whole service is just a –bleep-ing mess. There are so many things that can go wrong and the only thing the service returns is null when the service raises an exception.”
Me: “OK, what should the service return?”
Dev: ”I don’t know. Error 500 would be nice.”
Me: “Would you know what to do with error 500?”
Dev: ”Yea, I would look at the error log”
Me: “Just like you did when the service returned null?”
<couple of seconds of silence>
Dev: “I don’t know, it’s a –bleep-ing mess.”
Me: “You’re in the code, change it.”
Dev: “Ooohhh no, not me. The whole thing will have to be re-written. It should have been done correctly the first time. If we had time to do code reviews, I would have caught this –bleep- before the service was deployed.”
Me: “Um, you did.”
<a shocked look from Dev>
Dev: “What…no, I’ve never seen this code.”
Me: “I sat next to Chuck when you were telling him he needed to change the service to return null if an exception was raised. I remember you telling him specifically to pop-up an error dialog ‘Service request failed’ to the user when the service returned null.”
Dev: “I don’t remember any of that.”
Me: “Well, Chuck did. He even put it in the check-in comments. See…”
<check in comments stated Dev’s code review and dictated the service return null on exceptions>
Dev: “Hmm…I guess I did. –bleep- are you a –bleep-ing elephant? You –bleep-ing remember everything.”

<what I wanted to say>
No, I don’t remember everything, but I remember all the drive-by <bleep>-ed up coding philosophies you tried to push to the interns and we’re now having all kinds of problems I spend waaaaay too much time fixing.
<what I said, and lied a little bit>
Me: “No, I was helping Nancy last week troubleshoot the client application last week with the pop-up error. Since the service returned a null, she didn’t know where to begin to look for the actual error.”
Dev: “Oh.”

3 rants for the price of 1, isn't that a great deal!

1. HP, you braindead fucking morons!!!

So recently I disassembled this HP laptop of mine to unfuck it at the hardware level. Some issues with the hinge that I had to solve. So I had to disassemble not only the bottom of the laptop but also the display panel itself. Turns out that HP - being the certified enganeers they are - made the following fuckups, with probably many more that I didn't even notice yet.

- They used fucking glue to ensure that the bottom of the display frame stays connected to the panel. Cheap solution to what should've been "MAKE A FUCKING DECENT FRAME?!" but a royal pain in the ass to disassemble. Luckily I was careful and didn't damage the panel, but the chance of that happening was most certainly nonzero.
- They connected the ribbon cables for the keyboard in such a way that you have to reach all the way into the spacing between the keyboard and the motherboard to connect the bloody things. And some extra spacing on the ribbon cables to enable servicing with some room for actually connecting the bloody things easily.. as Carlos Mantos would say it - M-m-M, nonoNO!!!
- Oh and let's not forget an old flaw that I noticed ages ago in this turd. The CPU goes straight to 70°C during boot-up but turning on the fan.. again, M-m-M, nonoNO!!! Let's just get the bloody thing to overheat, freeze completely and force the user to power cycle the machine, right? That's gonna be a great way to make them satisfied, RIGHT?! NO MOTHERFUCKERS, AND I WILL DISCONNECT THE DATA LINES OF THIS FUCKING THING TO MAKE IT SPIN ALL THE TIME, AS IT SHOULD!!! Certified fucking braindead abominations of engineers!!!

Oh and not only that, this laptop is outperformed by a Raspberry Pi 3B in performance, thermals, price and product quality.. A FUCKING SINGLE BOARD COMPUTER!!! Isn't that a great joke. Someone here mentioned earlier that HP and Acer seem to have been competing for a long time to make the shittiest products possible, and boy they fucking do. If there's anything that makes both of those shitcompanies remarkable, that'd be it.

2. If I want to conduct a pentest, I don't want to have to relearn the bloody tool!

Recently I did a Burp Suite test to see how the devRant web app logs in, but due to my Burp Suite being the community edition, I couldn't save it. Fucking amazing, thanks PortSwigger! And I couldn't recreate the results anymore due to what I think is a change in the web app. But I'll get back to that later.

So I fired up bettercap (which works at lower network layers and can conduct ARP poisoning and DNS cache poisoning) with the intent to ARP poison my phone and get the results straight from the devRant Android app. I haven't used this tool since around 2017 due to the fact that I kinda lost interest in offensive security. When I fired it up again a few days ago in my PTbox (which is a VM somewhere else on the network) and today again in my newly recovered HP laptop, I noticed that both hosts now have an updated version of bettercap, in which the options completely changed. It's now got different command-line switches and some interactive mode. Needless to say, I have no idea how to use this bloody thing anymore and don't feel like learning it all over again for a single test. Maybe this is why users often dislike changes to the UI, and why some sysadmins refrain from updating their servers? When you have users of any kind, you should at all times honor their installations, give them time to change their individual configurations - tell them that they should! - in other words give them a grace time, and allow for backwards compatibility for as long as feasible.

3. devRant web app!!

As mentioned earlier I tried to scrape the web app's login flow with Burp Suite but every time that I try to log in with its proxy enabled, it doesn't open the login form but instead just makes a GET request to /feed/top/month?login=1 without ever allowing me to actually log in. This happens in both Chromium and Firefox, in Windows and Arch Linux. Clearly this is a change to the web app, and a very undesirable one. Especially considering that the login flow for the API isn't documented anywhere as far as I know.

So, can this update to the web app be rolled back, merged back to an older version of that login flow or can I at least know how I'm supposed to log in to this API in order to be able to start developing my own client?

From my work -as an IT consultant in one of the big 4- I can now show you my masterpiece

INSIGHTS FROM THE DAILY LIFE OF A FUNCTIONAL ANALIST IN A BIG 4 -I'M NOT A FUNCTIONAL ANALYST BUT THAT'S WHAT THEY DO-

- 10:30, enter the office. By contract you should be there at 9:00 but nobody gives a shit
- First task of the day: prepare the power point for the client. DURATION: 15 minutes to actually make the powerpoint, 45 minutes to search all the possible synonyms of RESILIENCE BIG DATA AGILE INTELLIGENT AUTOMATION MACHINE LEARNING SHIT PISS CUM, 1 hour to actually present the document.
- 12:30: Sniff the powder left by the chalks on the blackboards. Duration: 30 minutes, that's a lot of chalk you need to snort.

13:00, LUNCH TIME. You get back to work not one minute sooner than 15.00

- 15:00, conference with the HR. You need to carefully analyze the quantity and quality of the farts emitted in the office for 2 hours at least
- 17:00 conference call, a project you were assigned to half a day ago has a server down.
The client sent two managers, three senior Java developers, the CEO, 5 employees -they know logs and mails from the last 5 months line by line-, 4 lawyers and a beheading teacher from ISIS.
On your side there are 3 external ucraininans for the maintenance, successors of the 3 (already dead) developers who put the process in place 4 years ago according to God knows which specifications. They don't understand a word of what is being said.
Then there's the assistant of the assistant of a manager from another project that has nothing to do with this one, a feces officer, a sys admin who is going to watch porn for the whole conference call and won't listen a word, two interns to make up a number and look like you're prepared. Current objective: survive. Duration: 2 hours and a half.
- 19:30, snort some more chalk for half an hour, preparing for the mail in which you explain the associate partner how because of the aforementioned conference call we're going to lose a maintenance contract worth 20 grands per month (and a law proceeding worth a number of dollars you can't even read) and you have no idea how could this happen
- 20:00, timesheet! Compile the weekly report, write what you did and how long did it take for each task. You are allowed to compile 8 hours per day, you worked at least 11 but nobody gives a shit. Duration: 30 minutes
- 20:30, update your consultant! Training course, "tasting cum and presenting its organoleptic properties to a client". Bearing with your job: none at all. Duration: 90 minutes, then there's half an hour of evaluating test where you'll copy the answers from a sheet given to you by a colleague who left 6 months ago.
- 22:30, CHANCE CARD! You have a new mail from the HR: you asked for a refund for a 3$ sandwich, but the receipt isn't there and they realized it with a 9 months delay. You need to find that wicked piece of paper. DURATION: 30 minutes. The receipt most likely doesn't even exist anymore and will be taken directly from your next salary.
- 23:00 you receive a message on Teams. It's the intern. It's very late but you're online and have to answer. There's an exception on a process which have been running for 6 years with no problems and nobody ever touches. The intern doesn't know what to do, but you wrote the specifications for the thing, 6 years ago, and everything MUST run tonight. You are not a technician and have no fucking clue about anyhing at all. 30 minutes to make sure it's something on our side and not on the client side, and in all that the intern is as useful as a confetto to wipe your ass. Once you're sure it's something on our side you need to search for the senior dev who received the maintenance of the project, call him and solve the problem.
It turns out a file in a shared folder nobody ever touches was unreachable 'cause one of your libraries left it open during the last run and Excel shown a warning modal while opening it; your project didn't like this last thing one bit. It takes 90 minutes to find the root of the problem, you solve it by rebooting one of your machines. It's 01:00.

You shower, watch yourself on the mirror and search for the line where your forehead ends and your hair starts. It got a little bit back from yesterday; the change can't be seen with the naked eye but you know it's there.

You cry yourself to sleep. Tomorrow is another day, but it's going to be exactly like today.

Girl I work with says she's going to make a change on the "back-end of the website"... logs into Wordpress... no comment, just keep swimming

Me passing time on the weekend

Random call from unknown number

Turns out it's the manager

M: hey , how is your weekend going ...

Me: nothing much ... Whatsup ?

M : yeah well , we wanted to push some minor adhoc fixes as some clients wanted it urgently

The Devops folks need developer support . Can you pitch in and monitor

Me : I'm not aware of what changes are going , i don't think i can provide support

M : don't worry it's minor changes , it's already tested in pre prod , you just need to be on call for 30 mins

Me : ugh okay .. guess 1 hr won't hurt

M: thanks 👍🏽

Me: *logs in

*Notices the last merged PR
+ 400 lines , implemented by junior dev and merged by manager

*Wait , how is this a *minor* release...

*Release got triggered already and the CI CD pipeline is in progress

*5 mins later

*Pipeline fails , devops sends email - test coverage below 50%

Manager immediately pitches in ...

M: hey , i see test coverage is down , can you increase it ?

Me: and how do u suppose I do that ?

M : well it's simple just write UTC for the missing lines ... Will it take time ?

Me : * ah shit here we go again

Yeah it will take time , there are around 400 lines , I am not aware of this component all together

Can you ask junior dev to pitch in and write the UTC for this

*Actually junior dev is out on a vacation with his girlfriend

M : well he's out for the weekend , but
as a senior dev , i expect you to have holistic understanding of the codebase and not give excuses ,
this is a priority fix which client are demanding we need this released ASAP

Me : * wait wat ?

---

I ended up being online for next 3 hours figuring out the code change and bumping up the UTC 🤦🏾

I had a huge epiphany on Friday... not all developers enjoy coding.

Discovered when they brought down 2 of our environments, well told them what was wrong with the changes in their code that caused the environments to break, gave them links directly to the file in the gitlab repo that needed to be updated, and...

They fucking went home. The change would’ve taken all of about 30-45 seconds to update and they fucking left.

This person’s team lead come storming in pissed off because her manager is furious about 2 environments going down and preventing everyone else from being able to deploy their changes.

We provide the exact same details to the team lead about what needs to be changed, and advise that her team member took off....

30 mins later, her manager is storming up to us (devops/sre) livid as hell.

Explain the situation for a third time... manager is like, why can’t you guys fix it?

Look here you dense motherfuckers, we can fix the code. We can be the plumbers that clean up your shit. But what value do you gain as a developer if you don’t understand how the systems work and you keep pushing shit in?

Made the changes, fixed the environments, done right? Wrong.

The original developer made more changes not knowing what would happen and thoroughly fucked the environments again.

This dumb-fucking dumpster fire of a dude then sends us a slack message. “It’s down again, can you fix it?”

Our manager steps in and tells us to send him a link to the logs and have him fix it himself!

Thank goodness we have a badass manager.

Send logs, send repo file links (again), and send line numbers in the logs to try and help just a bit more. Dude goes almost the whole day without fixing it, environments are down, other devs are pissed, we throw this dude to the wolves. His manager starts to head over and was about to talk with my team lead when our manager steps out of his office and tells him the in’s and out’s of the situation and that our job isn’t to play log parser/error fixer for the developers. This dude that’s breaking the environments needs to be the one to fix the issue and his team lead should be aware of the problems and should have been able to correct his errors before it ever came to us.

The amount of hand-holding we do is ridiculous.

(Disclaimer, this one guy making some mistakes doesn’t sound too bad, but this is actually a common occurrence for like 40% of all of our developers)

We literally have interns still in college running circles around some of our full time devs. I know I’m not a developer, but for anyone that’s new-ish to developing, when you see shit like that please don’t lose hope. Those ass-hats got into programming purely for a paycheck, not because of passion.

Stick with it and your greatness will know no bounds 👍

As for you craptastic dipstick lickers, FUCK YOU!!! Go back to school and learn how to give a damn.

Fucking bruteforce man. Was supposed to go sleep when got few messages from my gameserver players that their accounts have been hacked.

Checked their logs, all of their accounts have been accessed from Russia. Told them to change their passwords and they told me their previous passwords which were easy af to guess.

Digged deeper and found hundreds of thousands failed logins in the last few hours and all of them from different ips.

Since I cant modify gamefiles on client side, the solution for now was to disable in-game registration and force player registration through the website form with captcha and also where each players login name gets appended with a random suffix chosen by player from a random list..

Fuck you bruteforce scriptkiddies, good luck guessing accounts now. At least I can sleep now.

I was on vacation when my employer’s new fiscal year started. My manager let me take vacation because it’s not like anything critical was going to happen. Well, joke was on us because we didn’t foresee the stupidity of others…

I had to update a few product codes in the website’s web config and deploy those changes. I was only going to be logged in for 30 minutes to complete that.

I get messaged by one of our database admins. He was doing testing and was unable to complete a payment on the website. That was strange. There was a change pushed by our offsite dev agency, but that was all frontend changes (just updating text) and wouldn’t affect payments.

We don’t want to enlist the dev agency for debugging work, especially when it’s not likely that it’s a code issue. But I was on vacation and I couldn’t stay online past the time I had budgeted for. So my employer enlists the dev agency for help. It’s going to be costly because the agency is in Lithuania, it was past their business hours, and it was emergency support.

Dev agency looks at error logs. There are Apple Pay errors, but that doesn’t explain why non Apple Pay transactions aren’t going through. They roll back my deployment and theirs, but no change. They tell my employer to contact our payment processor.

My manager and the Product Manager contact Payroll, who is the stakeholder for our payment gateways. Payroll contacts our payment gateway and finds out a service called Decision Manager was recently configured for our account. Decision Manager was declining all payments. Payroll was not the person who had Decision Manager installed and our account using this service was news to her.

Payroll works with our payment processor to get payments working again. The damage is pretty severe. Online payments were down for at least 12 hours. Our call center had logged reports from customers the night before.

At our post mortem, we had to find out who ok’d Decision Manager without telling anyone. Luckily, it was quick work. The first stakeholder up was for the Fundraising Dept. She said it wasn’t her or anyone on her team. Our VP of Analytics broke it to her that our payment processor gave us the name of the person who ok’d Decision Manager and it was someone on the Fundraising team. Fundraising then starts backtracking and says that oh yes she knew about it but transactions were still working after the Decision Manager had been configured. WTAF.

Everyone is dumbfounded by this. How could you make a big change to our payment processor and not tell anyone? How did our payment processor allow you to make this change when you’re not the account admin (you’re just a user)?

Our company head had to give an awkward speech about communication and how it’s important. The web team can’t figure out issues if you don’t tell us what you did. The company head was pissed because it was a shitty way to start off the new fiscal year. Our bill for the dev agency must have been over $1000 for debugging work that wasn’t helpful.

Amazingly, no one was fired.

Dev: Can you please tell me why you changed this?
Me: Because we need to handle permissions in the app. The quickest way of doing it, according to the docs, is [insert change log here]
Dev: But we can just check for the user's token.
Me: That's not exactly a permission, because...
Dev: I was only showing the information related to the user according to their token.
Me: I understand. But that means you're filtering data, not authorising users to access it. If a user is logged in, but changes query parameters, they can still access data they shouldn't be able to.
Dev: Whatevs.

Le me then proceeds to try to push my changes (that took the whole day to implement), gets a "you need to pull first" message from git, doesn't understand why, logs onto GitHub and realises dev has implemented their "permissions".

I was the one responsible for making those changes. Le dev was meant to be doing other things.

How do I even begin to explain?

So I have that custom-made wifi router I've built. And it uses a USB wifi adapter with AC (wifi5) capability - the fastest one I could find in AliExpress.

I set it up a while ago - the internet access works fine, although speeds are somewhat sluggish. But hey, what to expect from a cheapo on Ali! Not to mention it's USB, not a PCIe...

A few days ago I ran a few speedtest.net tests with my actual AC router and the one I've built. Results were so different I wanted to cry :( some pathetic 23Mbps with my custom router :(

This evening I had some time on my hands and finally decided to have an umpteenth look.

nmcli d wifi
this is what caught my eye first. The RATE column listed my custom router as 54Mbps, whereas the actual router had 195Mbps.

I have reviewed the hostapd configuration sooo many times - this time nothing caught my eye as well.

Googling did not give anything obvious as well.

What do we do next? Yes, that's right - enable debug and read the logs.

> VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities

This is one of the lines at the top of the log. Waaaaiiitttt.. VHT is something I definitely want with ac -- why does it disable that??? Sounds like a configuration fuckup rather than the HW limitation! And config fuckups CAN be fixed!

Turns out, an innocently looking
`wpa_pairwise=TKIP`
change into
`wpa_pairwise=TKIP CCMP`

made a world of a difference!

:wq
!hostapd
connect to the hostapd hotspot and run that iperf3 test again, and... Oh my. Oh boi! My pants fell off -- the speed increased >3x times!

A quick speedtest.net test deems my custom router's download speeds hardly any worse than the speeds obtained using my LInksys!!

The moral of the story: no matter how innocent some configurations look, they might make a huge difference. And RTFL [read the fucking logs]

In the pic -- left - my actual router, right - my custom-built router with a USB wifi adapter. Not too shabby!

I was pressued to shift the blame.

We received an angry email from a customer that some of their data had disappeared. The boss assigns me to this task. This feature is relatively new and we've found some bugs in the past in here. I go through request logs, search the database, run some diagnostics, etc. for about 5 hours and I cannot find the problem. I focus on the bugs that we've had before but they don't seem to be the problem.

I tell the boss "sorry but I checked XYZ and I can't find the problem. I'm out of ideas." But the boss wanted answers by the end of the day. They did not want to admit to the client that we couldn't figure out what's wrong.

By now I was more pressured to find an answer, find something or someone to blame it on, not exactly to find the real solution. So I made up some BS:

"Sometimes, in HTML forms, the number inputs allow you to change the number by scrolling. We have some long forms where the user has to scroll. Perhaps the focus remained on the number input, so when they scrolled down they accidentally changed the number they meant to input."

The boss was happy with that. We explained this to the customer, and there's now a ticket to change type="number" to type="text" in our HTML forms and to validate it in th backend.

A week later another customer shows us a different error. This one is more clear because it had a stack trace, but I realise that this error is what caused our last error. It was pretty obscure, mind you, the unit tests didn't detect it.

I didn't tell the boss that they were connected tho.

With two angry clients in two weeks, I finally convinced the boss to give us more time to write more unit tests with full coverage.

I'm going to kill management.
After a serious migration fiasco at one of our biggest costumers the platform was finally usable again (after two days instead of 10 hours) and, of course, users started to report bugs. So good old po came in ranting that we as qa did a horrible job and basically tried to fault us for a fucked up update (because we produced user pain, which of course not being able to log in didn't do). Among the issues: If the user has more than a hundred web pages the menu starts looking ugly, the translation to dutch in one string on the third submenu of a widget doesn't work and a certain functionality isn't available even if it's activated.
Short, they were either not a use case or very much minor except for that missing function. So today we've looked through the entire test code, testing lists, change logs and so on only to discover that the function was removed actively during the last major update one and a half years ago.

Now it's just waiting for the review meeting with the wonderful talking point "How could effective QA prevent something like this in the future" and throwing that shit into his face.

I mean seriously, if you fuck shit up stand by it. We all make mistakes but trying to pin it on other people is just really, really low.

*logs in to pc*
- Your password will expire in 3 days. Consider changing it.
+ yeah sure...
*tries to change password*
- Your password must be different from your old 25 passwords
+ ....
+ What the fuck?!? I mean, really, what the fuck is this bullshit? You force me to use EXACTLY 8 char long passwords and this? Fuck you!

Partner of ours claimed they are going to update their api. No breakage. My hopes were low and they did not disappoint.

Soon after the new version of their api went live, of course, loads of breakage. And the email contact with them is really fun.

Me: "Hello, since your update we get the issue A. Here's the complete communication."

Them: "We did not change the existing behavior. You are doing X wrong. Repeat that one call during the step and you should be fine."

Me: "Thank you, if I repeat the call, it does indeed work, albeit slower, since we are now repeating calls. Furthermore, our application was consuming your api for years and we did not change anything. So why is that step necessary now? Only after your update do our logs show errors from your API. And by the way, we now also have a issue with B. Why is that?"

Them: "Oh that's because your query the endpoint with "Fnord", try "Baz".

Me: "Yes, I do know that we query it with "Fnord" as that is what a previous endpoint of yours is responding to us. Why are we getting "Fnord"? What request do I have to make to get a "Baz" back?"

It feels like a game of wackamole. Squash one issue, ten more will pop up. I am one step away from becoming active-aggressive.

Jesus christ what is wrong with this one

12: Colleague deploys something to production (with a second pair of eyes)
14: Asks me why other team isn't seeing the result, I ask whether they have monitored the logs, they have not
17: They finally read the logs and find the problem, change window has ended so tomorrow there's another attempt

Today, they deployed again around 10 and then went away because they had some private responsibilities. Never looked at the logs, never bothered to verify if anything still worked. Just dropped it in a chat.

10 years older than I am, how can you be so irresponsible

This was some time ago. A Legendary bug appeared. It worked in the dev environment, but not in the test and production environment.

It had been a week since I was working on the issue. I couldn't pinpoint the problem. We CANNOT change the code that was already there, so we needed to override the code that was written. As I was going at it, something happened.

---
Manager: "Hey, it's working now. What did you do?"
Me: *Very confused because I know I was nowhere close to finding the real source of the problem* Oh, it is? Let me check.
Also me: *Goes and check on the test and prod environment and indeed, it's already working*
Also me to the power of three: *Contemplates on life, the meaning of it, of why I am here, who's going to throw out the trash later, asking myself whether my buddies and I will be drinking tonight, only to realize that I am still on the phone with my manager*
Me again: "Oh wow, it's working."
Manager: "Great job. What were the changes in the code?"
Me: "All I did was put console logs and pushed the changes to test and prod if they were producing the same log results."
Manager: "So there were no changes whatsoever, is that what you mean?"
Me: "Yep. I've no idea why it just suddenly worked."
Manager: "Well, as long as it's working! Just remove those logs and deploy them again to the test and prod environment and add 'Test and prod fix' to the commit comment."
Me: "But what if the problem comes up again? I mean technically we haven't resolved the issue. The only change I made were like 20 lines of console logs! "
Manager: "It's working, isn't it? If it becomes a problem, we'll work it out later."
---

I did as I was told, and Lo and Behold, the problem never occurred again.

Was the system playing a joke on me? The system probably felt sorry for me and thought, "Look at this poor fucker, having such a hard time on a problem he can't even comprehend. That idiotic programmer had so many sleepless nights and yet still couldn't find the solution. Guess I gotta do my job and fix it for him. I'm the only one doing the work around here. Pathetic Homo sapiens!"

Don't get me wrong, I'm glad that it's over but..

What the fuck happened?

Want to make someone's life a misery? Here's how.

Don't base your tech stack on any prior knowledge or what's relevant to the problem.

Instead design it around all the latest trends and badges you want to put on your resume because they're frequent key words on job postings.

Once your data goes in, you'll never get it out again. At best you'll be teased with little crumbs of data but never the whole.

I know, here's a genius idea, instead of putting data into a normal data base then using a cache, lets put it all into the cache and by the way it's a volatile cache.

Here's an idea. For something as simple as a single log lets make it use a queue that goes into a queue that goes into another queue that goes into another queue all of which are black boxes. No rhyme of reason, queues are all the rage.

Have you tried: Lets use a new fangled tangle, trust me it's safe, INSERT BIG NAME HERE uses it.

Finally it all gets flushed down into this subterranean cunt of a sewerage system and good luck getting it all out again. It's like hell except it's all shitty instead of all fiery.

All I want is to export one table, a simple log table with a few GB to CSV or heck whatever generic format it supports, that's it.

So I run the export table to file command and off it goes only less than a minute later for timeout commands to start piling up until it aborts. WTF. So then I set the most obvious timeout setting in the client, no change, then another timeout setting on the client, no change, then i try to put it in the client configuration file, no change, then I set the timeout on the export query, no change, then finally I bump the timeouts in the server config, no change, then I find someone has downloaded it from both tucows and apt, but they're using the tucows version so its real config is in /dev/database.xml (don't even ask). I increase that from seconds to a minute, it's still timing out after a minute.

In the end I have to make my own and this involves working out how to parse non-standard binary formatted data structures. It's the umpteenth time I have had to do this.

These aren't some no name solutions and it really terrifies me. All this is doing is taking some access logs, store them in one place then index by timestamp. These things are all meant to be blazing fast but grep is often faster. How the hell is such a trivial thing turned into a series of one nightmare after another? Things that should take a few minutes take days of screwing around. I don't have access logs any more because I can't access them anymore.

The terror of this isn't that it's so awful, it's that all the little kiddies doing all this jazz for the first time and using all these shit wipe buzzword driven approaches have no fucking clue it's not meant to be this difficult. I'm replacing entire tens of thousands to million line enterprise systems with a few hundred lines of code that's faster, more reliable and better in virtually every measurable way time and time again.

This is constant. It's not one offender, it's not one project, it's not one company, it's not one developer, it's the industry standard. It's all over open source software and all over dev shops. Everything is exponentially becoming more bloated and difficult than it needs to be. I'm seeing people pull up a hundred cloud instances for things that'll be happy at home with a few minutes to a week's optimisation efforts. Queries that are N*N and only take a few minutes to turn to LOG(N) but instead people renting out a fucking off huge ass SQL cluster instead that not only costs gobs of money but takes a ton of time maintaining and configuring which isn't going to be done right either.

I think most people are bullshitting when they say they have impostor syndrome but when the trend in technology is to make every fucking little trivial thing a thousand times more complex than it has to be I can see how they'd feel that way. There's so bloody much you need to do that you don't need to do these days that you either can't get anything done right or the smallest thing takes an age.

I have no idea why some people put up with some of these appliances. If you bought a dish washer that made washing dishes even harder than it was before you'd return it to the store.

Every time I see the terms enterprise, fast, big data, scalable, cloud or anything of the like I bang my head on the table. One of these days I'm going to lose my fucking tits.

This is getting annoying.

For the past >half a year I've been chasing windmills. This is what my BAU day looks like:

- We login to client's network
- We start running some Sanity tests before the actual runs (actual runs are hell of an expensive (financially and time-wise) thing to launch) to make sure environment is OK.
- Sanity tests fail. wtf? Nothing's been changed since y-day!
- Spend ~3-4 hours digging logs, code, more logs,... Apparently some genius decided to change a single parameter.
- Spend another 1-2 hours trying to work around that parameter (since apparently that genius did have a task to do that, so we'll most likely have to find a way to live with it)
- Restart the whole env (~30min).
- Launch a Smoke, Sanity tests to verify env state.
- Launch the actual test
- Go home.

Next day:
- We login to client's network
- We start running some Sanity tests before the actual runs to make sure environment is OK.
- Sanity tests pass.
- Run the actual test
- Concurrency on RDS database is sky-rocketing! WTF did that come from??? Nothing's been changed since y-day!!
- Spend ~1-2 hours looking for anything changed, dig some logs for anything unusual. Nothing.
- Escalate to DBA. 2 hours later DBA says "fix the app". thanks for nothing mate....
- Spend remaining 2 hours analysing AWR. Give up, restart the whole RDS instance. Another hour wasted.
- Time to go home. Out of curiosity run Sanity test -- all good. Run the actual test -- all good. wtf??
- Go home

Next day
- We login to client's network
- We start running some Sanity tests before the actual runs to make sure environment is OK.
- Sanity tests fail. wtf? Nothing's been changed since y-day!
- Spend ~3-4 hours digging logs, code, more logs,... Apparently some genius decided to change a single parameter.
- Spend another 1-2 hours trying to work around that parameter
- ..... I think you know where this is going.

And this keeps going on and on, day by day. Spending the better half of the day chasing windmills and doing our actual work on the last hour of the working day or even after that.

We have plenty of interesting tasks in our Jira but we're squirels spinning in the wheel and never being able to touch them.

It feels like I'm wasting my time. I could do so much more with my time!

[just needed to vent ]

I hate lying customers.

Today a customer opened a support ticket related to his website account. Apparently he is losing his session right after the login success.
I've debugged everything, checked all logs and couldn't reproduce it.
I know every bit of business logic on the website by heart.
The only explanation could be that his browser either doesn't allow cookies or expires them after page change.
So I asked him to check.
"Yes, cookies are allowed in my browser" he wrote.
Well... fuck me... I will change the code to put the session ID in the URL as well. If it works - and I'm 100% sure of that - I will personally mail him a collection of the finest turds.

I don't understand how these people worked like this. Every time I make a change in the JS, CSS or HTML files, the entire app rebuilds with Webpack, and logs you out, so you have to log back in and navigate back to where you were working at.

Apparently they did this because clients were complaining that front end files were being cached and doesn't see any changes, so to clear the cache, every time you refresh the web app in the browser, it logs you out, effectively clearing your session.

Fuck the morons who built this piece of feces.

Ugh.

Currently working on app that is about 10 years old at work. Here’s how today has gone:

Can’t run application locally because the process management engine doesn’t allow access locally, can’t access in development because process management engine doesn’t work here either, can run app in test but waiting on special server access to get the logs.

Make the request to security to access the server - they decline it telling me that the form I submitted is outdated and to submit a new one. Requires three approvals, am still waiting on them.

Every time I make a change and want to test, I have to commit the changes, wait for them to build. Release the changes, build the release project and then deploy it in bamboo.

I can’t wait for my new job to start.

So my country's president just decided that Turkey is too cool to set clocks back for an hour and it fucked all of my device's times up. And I'm not even sure how to convert time zones anymore.. And some devices (un) update time back to summer time so logs and notifications go crazy.

This is just a stupid idea that doesn't make the single bit of sense, are they that unoccupied to change time on their whim ?! You are the government first find a fucking proper solution for all the immigrants from neighboring countries and our unbalanced ass economy.. I'm so fucking pissed this isn't the first time our president plays with the country like this.

Uugh I just want to renounce my citizenship and reside somewhere else that isn't as fucked up as Turkey.. I'm sorry my ancestors that shed blood for this country. It's crumbling because of ignorant masses that follow a dictator blindly.

!rant

Need some opinions. Joined a new company recently (yippee!!!). Just getting to grips with everything at the minute. I'm working on mobile and I will be setting up a new team to take over a project from a remote team. Looking at their iOS and Android code and they are using RxSwift and RxJava in them.

Don't know a whole lot about the Android space yet, but on iOS I did look into Reactive Cocoa at one point, and really didn't like it. Does anyone here use Rx, or have an opinion about them, good or bad? I can learn them myself, i'm not looking for help with that, i'm more interested in opinions on the tools themselves.

My initial view (with a lack of experience in the area):

- I'm not a huge fan of frameworks like this that attempt to change the entire flow or structure of a language / platform. I like using third party libraries, but to me, its excessive to include something like this rather than just learning the in's / out's of the platform. I think the reactive approach has its use cases and i'm not knocking the it all together. I just feel like this is a little bit of forcing a square peg into a round hole. Swift wasn't designed to work like that and a big layer will need to be added in, in order to change it. I would want to see tremendous gains in order to justify it, and frankly I don't see it compared to other approaches.

- I do like the MVVM approach included with it, but i've easily managed to do similar with a handful of protocols that didn't require a new architecture and approach.

- Not sure if this is an RxSwift thing, or just how its implemented here. But all ViewControllers need to be created by using a coordinator first. This really bugs me because it means changing everything again. When I first opened this app, login was being skipped, trying to add it back in by selecting the default storyboard gave me "unwrapping a nil optional" errors, which took a little while to figure out what was going on. This, to me, again is changing too much in the platform that even the basic launching of a screen now needs to be changed. It will be confusing while trying to build a new team who may or may not know the tech.

- I'm concerned about hiring new staff and having to make sure that they know this, can learn it or are even happy to do so.

- I'm concerned about having a decrease in the community size to debug issues. Had horrible experiences with this in the past with hybrid tech.

- I'm concerned with bugs being introduced or patterns being changed in the tool itself. Because it changes and touches everything, it will be a nightmare to rip it out or use something else and we'll be stuck with the issue. This seems to have happened with ReactiveCocoa where they made a change to their approach that seems to have caused a divide in the community, with people splitting off into other tech.

- In this app we have base Swift, with RxSwift and RxCocoa on top, with AlamoFire on top of that, with Moya on that and RxMoya on top again. This to me is too much when only looking at basic screens and networking. I would be concerned that moving to something more complex that we might end up with a tonne of dependencies.

- There seems to be issues with the server (nothing to do with RxSwift) but the errors seem to be getting caught by RxSwift and turned into very vague and difficult to debug console logs. "RxSwift.RxError error 4" is not great. Now again this could be a "way its being used" issue as oppose to an issue with RxSwift itself. But again were back to a big middle layer sitting between me and what I want to access. I've already had issues with login seeming to have 2 states, success or wrong password, meaning its not telling the user whats actually wrong. Now i'm not sure if this is bad dev or bad tools, but I get a sense RxSwift is contributing to it in some fashion, at least in this specific use of it.

I'll leave it there for now, any opinions or advice would be appreciated.

TLDR; I was editing the wrong file, let's go to bed.

We have this huge system that receives data from an API endpoint, does a whole bunch of stuff, going through three other servers, and then via some calculation based on the data received from the UI, and data received from the endpoint, it finally sends the calculated fields to the UI via websocket.

Poor me sitting for over 4 hours debugging and changing values in the logic file trying to understand why one of the fields ends up being null.

Of course every change needs a reboot to all the 4 servers involved, and a hard refresh of the UI.

I even tried to search for the word null in that file, but to no avail.

After scattering hundreds of console logs, and pulling my hair out, I found out that I am editing the wrong file.

I guess it's time for some sleep.

Oh Arch head
Oh Raven head
Oh Linux fanbase
I want to confess. Please here me!
Today my windows FINALLY successfully update. I was happy that when in an accident I'll require to boot in Windows I'll have less fear of random and sudden restart and applying of updates. But oh great men, I fouled this fearlessness to a greater extend. I was just checking the change logs and, this 01:57 hrs, 3 hrs later, I find myself hearing music on groove music, liking the integration of cortana with edge, groove music, settings and just all....

It's not that I'm loving 'it' more than GNU/Linux but my current installation of GNU/Linux has been fucked so hard by me already that it needs nothing but a reinstall... I'd like to spend a few more time with Windows before I go to bed(I'm sitting on my bed already tho) and promise to never see Windows this way ever again.
I promise

Will I be forgiven?

Google, I can understand why you would want to translate the change logs to my language, but THIS IS NOT MY LANGUAGE! I am very curious what language it is though.

I love software. Seriously, I love it. /s

Transmission is given a bad torrent (which, given that it's a torrent service, you'd expect it handles quite robustly) and completely fucks up. Like, really badly. It doesn't respond to RPC anymore, systemd has to resort to sending it a SIGKILL to get it off the process tree, and the web interface.. yeah. Nothing.

It doesn't log by default, so fine I'll add that to the systemd unit and restart it with debugging options enabled.

# systemctl daemon-reload && systemctl daemon-reexec

Turns out that /var/log/transmission.log can't be written to by my Transmission user. Well shit. Change that to /home/condor/transmission.log.

# systemctl daemon-reload && systemctl daemon-reexec
# systemctl restart transmission-daemon

*blood starts to reach its boiling point*

Still logs in the wrong fucking location. Systemd, I told you to log over there. I did everything I could to make you steaming pile of shit reload that fucking config. What's the fucking problem!?

*about 15 minutes of fighting systemd*
Finally! It spits out a log in the right location! Thank you Transmission and systemd for finally doing your fucking jobs. So a bad torrent it is, hmm...

*removes torrent from .config/transmission/torrents*
Transmission: *still fucking shits itself on that ostensibly removed torrent*

That's it. BEGONE!!!

Oh and don't get me started on the fact that apparently a service needs some 400MB of memory. Channeling your inner Chrome Transmission?

Not sure if One of the most famous troll applications is trolling or what.

Pentesting for undisclosed company. Let's call them X as to not get us into trouble.
We are students and are doing our first pentest at an actual company instead of assignments at school. So we're very anxious. But today was a good day.
We found some servers with open ports so we checked a few of them out. I had a set of them with a bunch of open ports like ftp and... 8080. Time to check this out.
"please install flash player"... Security risk 1 found!

System seemed to be some monitoring system. Trying to log in using admin admin... Fucking works. Group loses it cause the company was being all high and mighty about being secure af. Other shit is pretty tight though.

Able to see logs, change password, add new superuser, do some searches for USERS_LOGGEDIN_TODAY! I shit you not, the system even had SUGGESTIONS for usernames to search for. One of which had something to do with sftp and auth keys. Unfortunatly every search gave a SQL syntax error. Used sniffing tools to maybe intercept message so we could do some queries of our own but nothing. Query is probably not issued from the local machine.

Tried to decompile the flash file but no luck. Only for some weird lines and a few function names I presume. But decompressing it and opening it in a text editor allowed me to see and search text. No GET or POST found. No SQL queries or name checks or anything we could think of.

That's all I could do for today. So we'll have to think of stuff for next week. We've already planned xss so maybe we can do that on this server as well.

We also found some older network printers with open telnet. Servers with a specific SQL variant with a potential exploit to execute terminal commands and some ftp and smb servers we need to check out next week.

Hella excited about this!

If you guys have any suggestions let us know. We are utter noobs when it comes to this.

my 4TB Seagate HDD is failing in a very strange way:

I noticed an issue where my PC would just outright hang for a minute or two occasionally when swapping to the 4TB HDD. When I look at logs, when it hangs, the 4TB HDD times out but then on a retry IMMEDIATELY reads whatever sector just fine. In fact, it reads fine constantly for a few days until the same sector has an issue. So, the timeout is a remap, then? No, as the spare sector and bad sector counts in the SMART info don't change. It doesn't even change how many read errors or anything it's had. Strange, but let's test it with Seatools to be sure.

Tests go as follows:

- Short: pass
- Short: pass
- Long: seatools immediately crashes. Reopening seatools, it pulled a serial of all zeroes... okay....?
- Long: seatools immediately crashes. Seatools gets the right serial on reopen.
- Long: pass
- Long: fail
- Long: pass
- Long: seatools immediately crashes. All zero serial again.

i have no idea what's happening

Don't need Netflix when you have a production deployment right before a long weekend. It has failed since last two weeks due to vulnerabilities present in one of libraries(P.S. FUCK JAVASCRIPT and Post release vulnerability scans!). You have rewritten the whole functionality from scratch twice! Security gates finally open for you, welcoming with arms wide open. So you click Deploy! DAFUQ!! FUCK MY LIFE! Deployment failed! It's only a 3 hour window to deploy! You frantically re-review your code, is it me?? Not again!! It isn't! Well, why is the deployment failing, you work against the clock. Going through configs, code, documentation! WTF is it?? Should I give up and raise a support ticket? Nope! You login to the server, sifting through logs and configs, there's a couple of other tickets with today's deadline. What are you going to do? And you get a hint! You take the hunch, change the config 5 minutes before deadline!
Get merge request approved, wait for the build, hit DEPLOY!! Nail biting 3 minutes! Your eyes fixed on the logs! Building..... Pushing instances..... Starting App..... SUCCESS!!! Finish the remaining tickets! Your long weekend still exists!

So I made an update to my React Native app. I changed UI of a couple of screen, added a few animations here and there, refactored how my graphQL resolvers work in the backend(no breaking changes), changed how data gets loaded into the database etc.

It worked in dev so I figured hey let's deploy it. Today is(was because it's now 3am but more on that later) a national holiday so no one goes to work so no one will use my app so I have an entire day to deploy.

I started at 15:00(because i woke up at 13:00 lol). I tested the update once again in dev and proceeded to deploy it to prod. I merged backend to master, built docker images, did migrations on the db, restarted docker-compose with new images. And now for the app. I run ./gradlew assembleRelease and it starts complaining that react-native-gesture-handler is not installed. Ugh, rm -rf node_modules && yarn install. It worked. But now gradlew crashes and logs don't tell me anything. Google tells me to change a bunch of gradle settings but none of them work. Fast forward 5h, it's around 20:00 and I isolated the issue to, again, react-native-gesture-handler. They updated from 2.2.4 to 2.3.0 which didn't fucking compile. 2 more hours passed (now 22:00) and I got v2.3.1 working which fixed the problem in 2.3.0 but made my app crash on startup. YOUR FUCKING LIBRARY GETS 250K WEEKLY DOWNLOADS AND YOU DONT EVEN BOTHER CHECKING IF IT COMPILES IN PROD ON ANDROID?! WHAT THE FUCK software-mansion?

After I solved that, my app didn't crash. Now it threw an error "Type errors: Network Request Failed" every time I fetch my legacy REST API(older parts use rest and newer use graphql. I'll refactor that in the next update). I'll spare you the debugging hell i went through but another 5h passed. Its 3am. My config had misspelled url to prod but good for dev... I hate myself and even more so react-native-gesture-handler.

Been working on a new project for the last couple of weeks. New client with a big name, probably lots of money for the company I work for, plus a nice bonus for myself.

But our technical referent....... Goddammit. PhD in computer science, and he probably. approved our project outline. 3 days in development, the basic features of the applications are there for him to see (yay. Agile.), and guess what? We need to change the user roles hierarchy we had agreed on. Oh, and that shouldn't be treated as extra development, it's obviously a bug! Also, these features he never talked about and never have been in the project? That's also a bug! That thing I couldn't start working on before yesterday because I was still waiting the specs from him? It should've been ready a week ago, it's a bug that it's not there! Also, he notes how he could've developes it within 40 minutes and offered to sens us the code to implement directly in our application, or he may even do so himself.... Ah, I forgot to say, he has no idea on what language we are developing the app. He said he didn't care many times so far.

But the best part? Yesterday he signales an outstanding bug: some data has been changed without anyone interacting. It was a bug! And it was costing them moneeeeey (on a dev server)! Ok, let's dig in, it may really be a bug this time, I did update the code and... Wait, what? Someone actually did update a new file? ...Oh my Anubis. HE did replace the file a few minutes before and tried to make it look like a bug! ..May as well double check. So, 15 minutes later I answer to his e-mail, saying that 4 files have been compromised by a user account with admin privileges (not mentioning I knee it was him)... And 3 minutes later he answered me. It was a message full of anger, saying (oh Lord) it was a bug! If a user can upload a new file, it's the application's fault for not blocking him (except, users ARE supposed to upload files, and admins have been requestes to be able to circumvent any kind of restriction)! Then he added how lucky I was, becausw "the issue resolved itself and the data was back, and we shouldn't waste any more yime.on thos". Let's check the logs again.... It'a true! HE UPLOADED THE ORIGINAL FILES BACK! He... He has no idea that logs do exist? A fucking PhD in computer science? He still believes no one knows it was him....... But... Why did he do that? It couldn't have been a mistake. Was he trying to troll me? Or... Or is he really that dense?

I was laughing my ass of there. But there's more! He actually phones my boss (who knew what had happened) to insult me! And to threaten not dwell on that issue anymore because "it's making them lose money". We were both speechless....

There's no way he's a PhD. Yet it's a legit piece of paper the one he has. Funny thing is, he actually manages to launch a couple of sort-of-nationally-popular webservices, and takes every opportunity to remember us how he built them from scratch and so he know what he's saying... But digging through google, you can easily find how he actually outsurced the development to Chinese companies while he "watched over their work" until he bought the code

Wait... Big ego, a decent amount of money... I'm starting to guess how he got his PhD. I also get why he's a "freelance consultant" and none of the place he worked for ever hired him again (couldn't even cover his own tracks)....

But I can't get his definition of "bug".
If it doesn't work as intended, it's a bug (ok)
If something he never communicated is not implemented, it's a bug (what.)
If development has been slowed because he failed to provide specs, it's a bug (uh?)
If he changes his own mind and wants to change a process, it's a bug it doesn't already work that way (ffs.)
If he doesn't understand or like something, it's a bug (i hopw he dies by sonic diarrhoea)

I'm just glad my boss isn't falling for him... If anything, we have enough info to accuse him of sabotage and delaying my work....

Ah, right. He also didn't get how to publish our application we needes access to the server he wantes us to deploy it on. Also, he doesn't understand why we have acces to the app's database and admin users created on the webapp don't. These are bugs (seriously his own words). Outstanding ones.

Just..... Ffs.

Also, sorry for the typos.

The amount of energy spent to just write ‘Hi’ and click a send button is so big that we should consider banning of sending hi messages.

Instead of just saying “Hi!” we are now using analog to digital preprocessors that convert it to bunch of 0 and 1 to send it over communication layer and deliver it to other human being that will convert it from digital to analog by reading it but that is simple.

By sending message using phone we also:
- save it to local phone
- convert it to couple protocols
- transmit it over air so make connection to internet provider services that would generate logs on this provider as well as whole routing table before it gets to the target person
- save it on messaging provider disk
- probably be processed by filters by provider, sometimes be reviewed or listened by third parties and also processed in bulk by artificial intelligence algorithms
- finally delivered to target phone and saved there where that person would just change this text to their inner voice and save it
- sometimes encrypted and decrypted
- sometimes saved on provider
- sometimes saved on phone manufacturer cloud backup
- don’t get me started on people involved to keep this infrastructure in place for you just to say hi

There are also some indirect infinite possibilities of actions for example:
- emit sound and light that can lead to walking from one room to other
- the floor in your house is destroyed cause of it so you need to renovate your floor
- sound can expose your position and kill you if you’re hiding from attacker
- sound can wake you up so you wake up in different hours
- it can stop you from having sex or even lead to divorce as a result simple hi can destroy your life
- can get you fired
- can prevent from suicide and as a result you can make technology to destroy humans

and I can write about sound and light all day but that’s not the point, the point is that every invention makes life more complicated, maybe it saves time but does it really matter ?

I can say that every invention we made didn’t make world simpler. The world is growing with complexity instead.

It’s just because most of those inventions lead to computer that didn’t make our world simpler but made it more complicated.

People need to stop trying to be funny when writing change logs. Just stick to the facts.

I need guidance about my current situation.
I am perfectionist believing in OOP, preventing memory leak in advance, following clean code, best practices, constantly learning about new libraries to reduce custom implementation & improve efficiency.
So even a single bad variable name can trigger my nerves.

I am currently working in a half billion $ IT service company on a maintenance project of 8 year old Android app of security domain product of 1 of the top enterprise company of the world, which sold it to the many leading companies in the world in Govt service, banking, insurance sectors.

It's code quality is such a bad that I get panic attacks & nightmares daily.

Issues are like
- No apk obfuscation, source's everything is openbook, anybody can just unzip apk & open it in Android Studio to see the source.
- logs everywhere about method name invoked,
- static IV & salt for encryption.
- thousands of line code in God classes.
- Irrelevant method names compared to it's functionality.
- Even single item having list takes 2-3 seconds to load
- Lag in navigation between different features' screens.
- For even single thing like different dimension values for different density whole 100+ lines separate layout files for 6 types of densities are written.
- No modularized packages, every class is in single package & there are around 100+ classes.

Owner of the code, my team lead, is too terrified to change even single thing as he don't have coding maturity & no understanding of memory leak, clean code, OOP, in short typical IT 'service' company mentality.

Client is ill-informed or cost-cutting centric so no code review done by them in 8 years.

Feeling much frustrated as I can see it's like a bomb is waiting to blast anytime when some blackhat cracker will take advantage of this.

Need suggestions about this to tackle the situation.

Logs in to client office 365.

Big recommendation at the top

"Disable password auto expiry, it's currently set to 90 days"

Why is this a recommendation? I suppose there's an argument that making a user change every now and again will weaken their passwords over time, but really?

At school during my first Java project we had to make a simulation of a parking garage and what effects price changes would have in order to find the most optimal business model from some company.

At the project kick off.

School: "we will be checking your code for plagiarism. if you use code from the internet, even if its 2 lines you need to mention the source. otherwise you will fail this cource."

We go on to do the project.

Friend of mine who was in another class sees a group presenting a 2 days old version of my teams application. theres literaly a credits button that displays the names of the people that worked on it in a popup.

Me: mentions to a teacher that my project was stolen.

They literaly didnt even change the name and pulled the entire repository from github and handed it in.

The fucking teacher doesnt even check the code / git logs after i mentioned that the entire codebase was stolen from a public github repository.

There was an endless mountain of proof to support my claim such as our team members names hard coded in the code they handed in and about 500 commits from our accounts.

I will from now on NEVER EVER mention sources when i hand in code at school.

>finally gets around to installing vsftpd on home server RPi
>doesn't work
hmm.mp2
>configurating
>confusing as fuck template documentation
>man page isn't much better
>gets it working
>goes to log in
User: pi
Password: a
(What? It's a home file/command server isolated from the Internet. Sue me.)
nope.avi
>why
>tries again
nope.svg
>FUCK
>sees small raw-command log in bottom-right of phone FTP client
hmm.flac
>tries again, watches log
PASS *****
>the fuck
>goes to change user pass over SSH
# passwd
"Current password?"
about half a second later
"passwd: auth token manipulation denied"
>the delay tho
>WAIT A SECOND
one time i got past some parental software bullshit on a tablet by abusing the delay between opening a banned app and the redirect to the normal software at like age 7. (Doing so let me enable remote wipe through Google. bye bye software!)
>*inner 7 year old has autistic screech*
# nano temp
a
abcdefghi
abcdefghi
^O Y ^X
# passwd < temp
>fucking works
>logs in to FTP server successfully
>does the one file download that was needed

why and how did that fucking work

some call
- yo bro do you have some time ?
- quick cause I'm taking a dump
- I think I have been hacked, got black screen kernel panick, linux freeze seldomly I have to reboot, no internet connexion
- save your stuff and reinstall linux
- I don't have enough stockage to backup
- Then buy one and save, probably either OS is fcked up or you have some hdd problems

Time that it will take: ~30min to reinstall whole shit
Peace duration: ~2years

Later on the same day
aunt
- I can't log into windows
- Did you change the password ?
- Yes but it does not work anymore
* looking at shit
* logs successfully. Reason: interface changed after automatic update.
* wait.
* wait some more so fucking windows fucking starts
* Desktop is ugly as fck.
* Some stupid settings messed up (like high contrast set, black theme or so)

aunt (the same)
- I can't log into my (other) laptop either
* logs
* wait more more more

Guess what: automatic updaaaates. Freezes 100%cpu

* Being a very experienced user: wait before reboot because this suckass os will probably fail to boot otherwise
* Blackscreen with a percentage: Installing updates...
* reboots
* Blackscreen with a percentage: Installing updates continuing...
* finally boot (feels like a miracle windows succeeds lol)
* still slow
aunt now sleeps
* look at running process and install programs
* sees shits like camera recognition (vendor installed), candycrush
* occasionnaly get adds

time lost: 2h
peace duration: ~3month

FFS I am a dev, not a fucking trash lover
It is already pain to fix someone os, but windows is the cream of cream

It brings no ease of use for novice user
It is so insanely slow
It has stupid settings set up by default!!!!!!!! Who FFS wants candycrush and ads
The maj are so fcking hazardous. It is 2022 pretty much the same as 15y back then. Updates take fucking eternity. And needs reboot. and are not even finished!!!

I swear I am gonna stretch my ass and install linux and any fckin other toolsuite needed so they can use Micro$$ word, which is the only fucking usecase they need windows for in the first case anyway
I SO wish this OS would die

I mean, even more than safari

I feel like i am being forced to own a shitty module in our codebase.
It was developed by previous owners and they made a frankenstien monster out of it: Its one part of codebase that is very huge, does not follow the code standards, is making complex kinds of api calls and using very niche components. It gets bugs once in a while BUT IT WORKS.

It fuckin works and is one of the important steps before customer purchases a company product, so kinda part of revenue generation flow.

But this module was never a part of our codebase which we would usually touch. it was owned by another team, they would add enhancements , new features to it and fix the bugs .

When i joined the team, i was once asked to help those guys as a "resource" because they wanted to get something shipped and were low on bandwidth. So i just worked on one of the screens, added a small bugifx and voila, task is done and am back to other part of the app.

But now out of random, they decided to pass on the ownership to ur team, gave a small KT which didn't really explained a lot of actual codebase, but rather the business functionality of it(and that too poorly). And my TL is saying that i should own it because "I worked on that module before"

I don't know how to deal with this frankenstien monster. Earlier a bug came and i was out of my wits to understand why this bug came. their logging is weird and not explaining a lot, their backend devs help provide aws logs but those aren't very helpful either .

the best i could do was declare that their technical approach is wrong and we should modify it, but that idea was quickly squashed.

ITs quite possible that company isn't going to change this module or add any new features further. but everytime a bug would come, i would be getitngfrustrated looking at their frankenstien monster

Before turning our app upside down read the change logs

AHHHHHHHHHHGGGH

I HATE VPN SETUP

- Trying OpenSwan
Installing open swan on a Debian machine.. setting up the config.
Restarting openswan. Syntax error. No syntax error to be found.
Different tutorial.. it starts! Try to connect.. I can’t connect. Look at the logs. No errors.
Tcpdump. My traffic is coming through.. all fine.. try to connect again.. it works! (Nothing changed!)
Try to ping somewhere else.. no connectivity.
Try to ping an IP in the same network.. works fine. So I have connectivity, just no internet.
Spend an hour finding out about traffic directions of which no one seems to know what they really mean.
Boss tells me to stop using openswan because it’s deprecated and replaced by strong swan..

- Strongswan
Reinstall Debian machine, install strongswan. Copy openswan config. Oh, they’re incompatible? Look up strong swan config, and the service starts.
Connect to the VPN.. it works! Again, no internet, just connectivity in the same network. Spend 2h debugging the config, disable firewalls everywhere, find an ancient bug in the Debian package related to my issues.. ok, let’s try compiling from source.. you know what, let’s not. I’ll throw this Debian machine away and try something completely different.

- pfSense
Ok, this looks easy enough! Let’s just click through the initial setup, change some firewall rules, create an L2TP VPN with a simple wizard.
Try to connect to VPN. First, it times out. Maybe a firewall issue? Turn off firewall.. ah, something happens now. I get an error message right after trying to connect to the VPN. Hmm, the port doesn’t even get opened when I enable the firewall.. this implementation seems a bit buggy.. let’s try their OpenVPN module.

Configure OpenVPN. Documentation isn’t that clear.. apparently a client isn’t actually a client but a user is a client.. ok, there’s a hidden checkbox somewhere.
Now where do I download my certificate? Oh, I need a plug-in for that.. ok, interesting. Able to download the certificate, import it, connect and.. YES!!! I can ping! But, I have no DNS..
Apparently, ICMP isn’t getting filtered but all outbound ports are.. yet the firewall is completely disabled. Maybe I need outbound NAT? Oh. There’s no clear documentation on where to configure it. Find some ancient doc, set it up, still no outbound connectivity.

AHAHAHAHHHHHHHHHHG

Then I tried VyOS. I had a great L2TP VPN working in less than 15 mins. Thank you VyOS for actually providing proper docs and proper software.

Me (Km) - I develop android applications in my company.
TM - Dumbest technical manager taking care of backend for company products(app).
PM - Product Manager

Incident - PM went to some event to give demo on our App but due to some backend issue there was wrong data for his account. PM reported this TM. And the conversation between Me and TM went like this.

TM : Km app is not working for PM, its not showing anything to him.

Me : Okay let me check...

I logged in with PM credential and checked the logs and i found that there was some error message saying that there was no data. I copy-pasted the error message to TM.

After few minutes (TM added dummy data to PM account)...

TM : Km app is working now, what was the issue for not working previously ?

Yes she asked me like this even though it was related backend issue.

Me : Its backend issue...!

TM : But I did'nt change anything at backend.

Me : Neither I, I did'nt build new APK and uploaded to Crashlytics Beta and he(PM) is not using new build.

I copy-pasted the previous error message again and asked her (TM)

Me : Why was this error message coming ?

TM : There was some wrong data for his account, So i added some dummy data.

Me : (FacePalm) How come its not called as change in Backend.

The worst part is TM still thinks it not a backend issue.

include ::rant
rant::newentry {'new-job-rant' :
ensure => latest,
location => goverment-employment-office-HQ,
job => DevOps,
content => {'
So, i've been at my new job for some time now, almost two weeks (hurray!) but boy oh boy, what a job it is!
I'm working at a goverment office charged with helping the unemployed to get a job or a new education course. I'm hored as re-enforcements for their DevOps team. I get my pay, easy transportation home<->office, coffe is adequate in quality and quantity, so no complaints there...

But the actual job is a FUCKING MENTAL CLUSTERFUCKS OF WHAT THE ACTUAL FUCK MULTIPLIED BY TEN TO THE POWER OF GOOGOL!

A few items that make my blood boil to new temperature records defying medical science:

* devs refuse to use linting, say the builder will catch it when there is an error, never look at the builder error logs
* (puppet) modules have NO TESTS
* (puppet) modules get included in several git repo's as submodules, in turn they are part of a git repo, in turn they are replicated to several puppet masters, and they differentiate the environment by bash scripts... R10K or code manager? never heard of it.
* Me cleaning up code, commit, gets accepted, some douchebag checks out code, reverts it back to the point where linting tools generate 50+ lines of warnings, complains to ME his code doesnt work! (Seriously, bitch? Serously?) , explain to that person what linting does, that persons hears the bells ring on the other end of the galaxy, refuses to use it.
* Deployment day arrives (today) -> tasks are set up on an excel sheet (on google docs) , totally out of sync with what really must be done -> something breaks, spend 30 minutes finding out who is to blame, the whole deploy train stops, find out it's a syntax error, ... waiting for person to change that since that person can only access it...
...

the list goes on and on and on. And did you expect to ahve any docs or guidelines? NO , as if docs are something for the luxurious and leisurely people having "time" to write it...

I can use another coffee... hopefully i wake up from this nightmare at my 15th cup...
},
require => [Class['::coffee'], Class['::auxiliary_brain'], Class['::brain_unfuck_tools'],],
}

Fuck Kibana and their latest update. Want to change timeframes? 5 fucking clicks to get there. Changed the query and the timerange? 'update' will only have you looking at the new timerange for the old query which is confusing as fuck if you don't realise it. So you need to click 'update' a second time.

So many times i've been staring at the wrong logs after changing correlation ID and time range just pulling out grey hairs trying to understand what the fuck is going on.

Am I the only one who feels the change logs should be more specific?

Relatively often the OpenLDAP server (slapd) behaves a bit strange.

While it is little bit slow (I didn't do a benchmark but Active Directory seemed to be a bit faster but has other quirks is Windows only) with a small amount of users it's fine. slapd is the reference implementation of the LDAP protocol and I didn't expect it to be much better.

Some years ago slapd migrated to a different configuration style - instead of a configuration file and a required restart after every change made, it now uses an additional database for "live" configuration which also allows the deployment of multiple servers with the same configuration (I guess this is nice for larger setups). Many documentations online do not reflect the new configuration and so using the new configuration style requires some knowledge of LDAP itself.
It is possible to revert to the old file based method but the possibility might be removed by any future version - and restarts may take a little bit longer. So I guess, don't do that?

To access the configuration over the network (only using the command line on the server to edit the configuration is sometimes a bit... annoying) an additional internal user has to be created in the configuration database (while working on the local machine as root you are authenticated over a unix domain socket). I mean, I had to creat an administration user during the installation of the service but apparently this only for the main database...

The password in the configuration can be hashed as usual - but strangely it does only accept hashes of some passwords (a hashed version of "123456" is accepted but not hashes of different password, I mean what the...?) so I have to use a single plaintext password... (secure password hashing works for normal user and normal admin accounts).

But even worse are the default logging options: By default (atleast on Debian) the log level is set to DEBUG. Additionally if slapd detects optimization opportunities it writes them to the logs - at least once per connection, if not per query. Together with an application that did alot of connections and queries (this was not intendet and got fixed later) THIS RESULTED IN 32 GB LOG FILES IN ≤ 24 HOURS! - enough to fill up the disk and to crash other services (lessons learned: add more monitoring, monitoring, and monitoring and /var/log should be an extra partition). I mean logging optimization hints is certainly nice - it runs faster now (again, I did not do any benchmarks) - but ther verbosity was way too high.

The worst parts are the error messages: When entering a query string with a syntax errors, slapd returns the error code 80 without any additional text - the documentation reveals SO MUCH BETTER meaning: "other error", THIS IS SO HELPFULL... In the end I was able to find the reason why the input was rejected but in my experience the most error messages are little bit more precise.

- Running a release build on my phone (forgot to change variant)
- Spent 5 minutes figuring out why my changes with the logs weren't working.
🤦‍♂️