Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Is it just me, or has @LastPass hired too many interns lately?
First: you can't login for hours before they actually go and admit they fucked up.
Now: the chrome extension has been deleted from the web store.
I'm a patient guy, but what on the unholy fuck is going on.
https://status.lastpass.com/
The LastPass extension in the Chrome Web Store was accidentally removed by us and we are working with the Google team to restore it ASAP. Thank you for your understanding and patience in the meantime.9 -
That feeling when your product is is used worldwide and has over 1000 users in less than one and a half month
*Developer power intensifies*
9 -
What the hell.. Stylish got removed from the Chrome web store?
https://chrome.google.com/webstore/...18 -
Yesterday I submitted my chrome extension to the chrome web store.
Today it got accepted!
https://chrome.google.com/webstore/...16 -
#fuckapple for holding back the open-web. Most folk don't know that Chrome on iOS is just Safari with a skin; neither Google or Apple want you to know that.
If you hate web-apps on iOS, that is Apple's intentional doing. Apple cannot allow a bug-free and modern browser to run on their iOS devices, else they lose their 30% tax + dev fees cut. There are literally so many crippling bugs in iOS Safari that it HAS to be intentional.
There are email exchanges between Phil Shaffer and Steve Jobs from years past, where Phil didn't believe Apple could continue to gouge users 30%. He argued the open-web would make native apps largely redundant, and so to stay competitive, they'd need to drop the store fees to something reasonable. I suppose Steve Jobs saw a different solution -- just impede browser development.
As someone who develops free and open-source apps, I believe I am doing the world a favour by not supporting a native iOS app. When users complain about missing features in the web-app version, I tell them to take it up with Apple or buy an Android. Guess what? They sometimes actually do just that.
Join me if you have the balls. Tell Apple to FUCK OFF the only way they understand -- threaten their bottom line. At the very least, you'll never need to touch XCode again if you do. If time is money, that alone will make you wealthy.
8 -
Chrome, Firefox, and yes even you Opera, Falkon, Midori and Luakit. We need to talk, and all readers should grab a seat and prepare for some reality checks when their favorite web browsers are in this list.
I've tried literally all of them, in search for a lightweight (read: not ridiculously bloated) web browser. None of them fit the bill.
Yes Midori, you get a couple of bonus points for being the most lightweight. Luakit however.. as much as I like vim in my terminal, I do not want it in a graphical application. Not to mention that just like all the others you just use webkit2gtk, and therefore are just as bloated as all the others. Lightweight my ass! But programmable with Lua, woo! Not like Selenium, Chrome headless, ... does that for any browser. And that's it for the unique features as far as I'm concerned. One is slow, single-threaded and lightweight-ish (Midori) and another has vim keybindings in an application that shouldn't (Luakit).
Pretty much all of them use webkit2gtk as their engine, and pretty much all of them launch a separate process for each tab. People say this is more secure, but I have serious doubts about that. You're still running all these processes as the same user, and they all have full access to the X server they run under (this is also a criticism against user separation on a single X session in general). The only thing it protects against is a website crashing the browser, where only that tab and its process would go down. Which.. you know.. should a webpage even be able to do that?
But what annoys me the most is the sheer amount of memory that all of these take. With all due respect all of you browsers, I am not quite prepared to give 8 fucking gigabytes - half the memory in this whole box! - just for a dozen or so tabs. I shouldn't have to move my web browser to another lesser used 16GB box, just to prevent this one from going into fucking swap from a dozen tabs. And before someone has a go at the add-ons, there's 4 installed and that's it. None of them are even close to this complete and utter memory clusterfuck. It's the process separation. Each process consumes half a GB of memory, and there's around a dozen of them in a usual browsing session. THAT is the real problem. And I want to get rid of it.
Browsers are at their pinnacle of fucked up in my opinion, literally to the point where I'm seriously considering elinks. Being a sysadmin, I already live my daily life in terminals anyway. As such I also do have resources. But because of that I also associate every process with its cost to run it, in terms of resources required. Web browsers are easily at the top of the list.
I want to put 8GB into perspective. You can store nearly 2 entire DVD movies in that memory. However media players used to play them (such as SMPlayer) obviously don't do that. They use 60-80MB on average to play the whole movie. They also require far less processing power than YouTube in a web browser does, even when you download that exact same video with youtube-dl (either streamed within the media player or externally). That is what an application should be.
Let's talk a bit about these "complicated" websites as well. I hate to break it to you framework web devs, but you're a dime a dozen. The competition is high between web devs for that exact reason. And websites are not complicated. The document itself is plain old HTML, yes even if your framework converts to it in the background. That's the skeleton of your document, where I would draw a parallel with documents in office suites that are more or less written in XML. CSS.. oh yes, markup. Embolden that shit, yes please! And JavaScript.. oh yes, that pile of shit that's been designed in half a day, and has a framework called fucking isEven (which does exactly what it says on the tin, modulo 2 be damned). Fancy some macros in your text editor? Yes, same shit, different pile.
Imagine your text editor being as bloated as a web browser. Imagine it being prone to crashing tabs like a web browser. Imagine it being so ridiculously slow to get anything done in your productivity suite. But it's just the usual with web browsers, isn't it? Maybe Gopher wasn't such a bad idea after all... Oh and give me another update where I have to restart the browser when I commit the heinous act of opening another tab, just because you had to update your fucking CA certs again. Yes please!19 -
APPLE IM GONNA BURN YOU WITH GASOLINE.
So i want to send my build to app store, from my iphone.
I want to log into iTunesConnect.
"It just works"
Yeah, right. Login page for itunesconnect does not render correctly on Safari web browser, on iphone, login arrow is not visible, and elements are scattered around.
Grrrrrrr.
On Google Chrome, it looks okay!!!!!!!!!!!
Spartaaaaaaaaaa.
After some tapping on screen, and rotating the device, i somehow found invisible arrow and managed to sign in.
BUT. Once inside i was unable to complete the process because UI refuses to scroll down :(
The pain...
14 -
C'mon, really?
Okay, I understand that they want to lock down the Chromebooks they send home with us, we don't own them and they have the right to do that. But I'm still annoyed when I find "harmless" stuff is blocked.
They said it themselves that they want us to be able to do basically anything we want web browsing wise on them.
It's not a fun experience to say to your self "hey let's look at the current humble bundles!" just to find that humblebundle.com is blocked for "games". (Which makes sense, but I can't remember any other examples)
Imagine thinking to yourself "I'm going to go to the Os Dev Wiki" and typing that into the Omnibox (tm) and pressing enter, directing you to your favorite search engine duckduckgo, but instead of finding the amazing duckduckgo results page you find the godforsaken securly "THIS PAGE IS BLOCKED" screen.
I can guess why they do that (probably because, to my knowledge, duckduckgo doesn't have any form of "safe-search" feature they can force it to use because they do that) but it's kind of annoying to not be able to use your favorite search engine anymore.
Should I really be getting so annoyed at this? No, because it's not my device, it's theirs and, they have the final say on what goes, but sometimes it really annoys me. I should be, and am, thankful they even let us bring the Chromebooks home, which is pretty cool.
Ugh...
If you want a fun time, just read the reviews on the Securly extension in the chrome web store!6 -
ZNC shenanigans yesterday...
So, yesterday in the midst a massive heat wave I went ahead, booze in hand, to install myself an IRC bouncer called ZNC. All goes well, it gets its own little container, VPN connection, own user, yada yada yada.. a nice configuration system-wise.
But then comes ZNC. Installed it a few times actually, and failed a fair few times too. Apparently Chrome and Firefox block port 6697 for ZNC's web interface outright. Firefox allows you to override it manually, Chrome flat out refuses to do anything with it. Thank you for this amazing level of protection Google. I didn't notice a thing. Thank you so much for treating me like a goddamn user. You know Google, it felt a lot like those plastic nightmares in electronics, ultrasonic welding, gluing shit in (oh that reminds me of the Nexus 6P, but let's not go there).. Google, you are amazing. Best billion dollar company I've ever seen. Anyway.
So I installed ZNC, moved the client to bouncer connection to port 8080 eventually, and it somewhat worked. Though apparently ZNC in its infinite wisdom does both web interface and IRC itself on the same port. How they do it, no idea. But somehow they do.
And now comes the good part.. configuration of this complete and utter piece of shit, ZNC. So I added my Freenode username, password, yada yada yada.. turns out that ZNC in its infinite wisdom puts the password on the stdout. Reminded me a lot about my ISP sending me my password via postal mail. You know, it's one thing that your application knows the plaintext password, but it's something else entirely to openly share that you do. If anything it tells them that something is seriously wrong but fuck! You don't put passwords on the goddamn stdout!
But it doesn't end there. The default configuration it did for Freenode was a server password. Now, you can usually use 3 ways to authenticate, each with their advantages and disadvantages. These are server password, SASL and NickServ. SASL is widely regarded to be the best option and if it's supported by the IRC server, that's what everyone should use. Server password and NickServ are pretty much fallback.
So, plaintext password, default server password instead of SASL, what else.. oh, yeah. ZNC would be a server, right. Something that runs pretty much forever, 24/7. So you'd probably expect there to be a systemd unit for it... Except, nope, there isn't. The ZNC project recommends that you launch it from the crontab. Let that sink in for a moment.. the fucking crontab. For initializing services. My whole life as a sysadmin was a lie. Cron is now an init system.
Fortunately that's about all I recall to be wrong with this thing. But there's a few things that I really want to tell any greenhorn developers out there... Always look at best practices. Never take shortcuts. The right way is going to be the best way 99% of the time. That way you don't have to go back and fix it. Do your app modularly so that a fix can be done quickly and easily. Store passwords securely and if you can't, let the user know and offer alternatives. Don't put it on the stdout. Always assume that your users will go with default options when in doubt. I love tweaking but defaults should always be sane ones.
One more thing that's mostly a jab. The ZNC software is hosted on a .in domain, which would.. quite honestly.. explain a lot. Is India becoming the next Chinese manufacturers for software? Except that in India the internet access is not restricted despite their civilization perhaps not being fully ready for it yet. India, develop and develop properly. It will take a while but you'll get there. But please don't put atrocities like this into the world. Lastly, I know it's hard and I've been there with my own distribution project too. Accept feedback. It's rough, but it is valuable. Listen to the people that criticize your project.9 -
The beta version of the new DEVRANT TOOLBOX is available now.
Its an unofficial web extension for Chrome and Firefox.
Chrome Web Store:
https://chrome.google.com/webstore/...
Firefox:
The certifaction process takes a long time, therefore I provided a direct download for the xpi file (for side loading).
https://drive.google.com/drive/...
Additional features: DUAL FRAME MODE (feeds left, rants right), themes (black, mono, darkgray, darkblue, comic, solarized), scrollbar plugin (perfect scrollbar, FF only), extended controls, fixed header, sorted userprofiles (by votes), autoreload (recent feed, 180 sec), highlighting new rants (recent feed), personal filter, image preview (mouseover), keyboard shortcuts, timestamps for rants, compact mode, colored notifs with clickable usernames, weekly rant.
I tested the extension with Windows Browsers only.
It would be great to get a feedback how it works with other systems!
Have fun with the toolbox.
7 -
The dangers of PHP eval()
Yup. "Scary, you better make use of include instead" — I read all the time everywhere. I want to hear good case scenarios and feel safe with it.
I use the eval() method as a good resource to build custom website modules written in PHP which are stored and retrieved back from a database. I ENSURED IS SAFE AND CAN ONLY BE ALTERED THROUGH PRIVILEGED USERS. THERE. I SAID IT. You could as well develop a malicious module and share it to be used on the same application, but this application is just for my use at the moment so I don't wanna worry more or I'll become bald.
I had to take out my fear and confront it in front of you guys. If i had to count every single time somebody mentions on Stack Overflow or the comments over PHP documentation about the dangers of using eval I'd quit already.
Tell me if I'm wrong: in a safe environment and trustworthy piece of code is it OK to execute eval('?>'.$pieceOfCode); ... Right?
The reason I store code on the database is because I create/edit modules on the web editor itself.
I use my own coded layers to authenticate a privileged user: A single way to grant access to admin functions through a unique authentication tunnel granting so privileged user to access the editor or send API requests, custom htaccess rules to protect all filesystem behind the domain root path, a custom URI controller + SSL. All this should do the trick to safely use the damn eval(), is that right?!
Unless malicious code is found on the code stored prior to its evaluation.
But FFS, in such scenario, why not better fuck up the framework filesystem instead? Is one password closer than the database.
I will need therapy after this. I swear.
If 'eval is evil' (as it appears in the suggested tags for this post) how can we ensure that third party code is ever trustworthy without even looking at it? This happens already with chrome extensions, or even phone apps a long time after reaching to millions of devices.11 -
Finally created my first thing ever, a chrome extension. It was only when I finished it and tried to upload it to the web store that I saw that all new extensions are bound to Chrome OS.
FML2 -
Hey guys, I built a dead simple and minimal chrome extension which will give you your web page's PageSpeed Insights score in an instant. I hope this will be a real productivity booster for web dev friends.
You can get it on Chrome web store: goo.gl/vW6tRZ
Any kind of feedback is much appreciated ^_^2 -
Progressive Web apps :
In chrome you can use <6% of the free memory to store things.
Now imagine this situation :
Let's assume you have x amount of free memory in the system.
For first application : 0.06x
For second app : 0.06(x-0.06x)
And it goes on.
So for the thousandth developer,
It's a total fuckall.
How is this helping developers! -
So noob question, is automated web scraping a thing? What would you do if you wanted to grab the same information off similar sites and store it in a table that can be manipulated later? All you would have to do is enter the web site link after you finished coding it. I've used Chrome web scraping extensions but want a more automated solution.10
Top Tags
Weekly Rant
View