Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Worst legacy experience...
Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.
Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.
The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.
Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).1 -
update of after i got fired: after the fuck developers company llc was left with no developers, there was a girl there that i didn't mention earlier because as i said: the story is more complex. she came there with good intentions but after she knew the cruel nature of fuck and shit she became notoriously mad, we're still in contact with her so it's nice to hear from her some of the gags that happen there, one of which my really intelligent ex-boss the wordpress DEVELOPER himself told her to finish one of the projects i was working on, and a friend of mine who is infamous of his coding shenanigans left it in my hands before he left as well a couple of months prior (well he was fed up before us, and when i told him to stay with us he said "dude just listen to the motherfucker's voice, i can't do this anymore", my lovely ex-boss has this equally lovely screechy high pitched voice that caused me tinnitus), it's an asp.net project, uses web forms, and a lot of apis, the database is sql server, standard shit but there's no original creation script and i fucked up the only existing database which was in a local computer he used to like calling a SERVER, now to the point: this girl is not a developer, she was however working as a reporter?? kind of like jaspersoft the human or sap crystal woman and she claims that she's pretty good at it, and she's a genuinely good person who was dragged to hell just because she wanted to be close to her daddy (she was working in a different city with more than double the salary she's given now), but she's rich and her dada convinced her to come. she's currently learning java ee on her own so she'd probably leave in the next two months, in her resume she wrote that she know php, well i know php you know php we all know php (the syntax) kind of like mr. shit who passed the sololearn php CERTIFICATE and couldn't stop telling his boss and his boss a.k.a my ex-boss goes "sweet!". going back to the punchline of this rant: she told us that he came to her and asked her to finish the project with php.12
-
The cleaning lady saga continues...
(previous: https://devrant.com/rants/1850777)
Had an appointment with their manager, stuff gets discussed and coordinated at a 3x slower pace than if I'd done it myself (as usual because fuck efficiency when there's muggles involved -_-), yada yada.
*mail addresses for contact start getting discussed*
Incompetent fuck of a manager: And you $realName, your email address is $company@nixmagic.com, then changed to $nickname@nixmagic.com? Mind explaining this?
Me: Oh yeah that's just because I give out different email addresses to each contact person when it involves public forms or registrations, helps with spam prevention and putting the company name of the correspondent in there helps with easy recognition when some company's database leaks and I start getting a lot of spam on that mailbox.
IFOM: Really.. we actually weren't sure whether we should reply to something with our company name in it.. you know, not sure whether it's legit etc. Why would anyone want to use one of our email addresses as theirs?
… Let that sink in for a moment. They think that $company@nixmagic.com is theirs? Just because it's their domain (minus TLD) in front of MY FUCKING DOMAIN? How about you start by learning how email addresses work first, because clearly you have no fucking clue about it. Are you the kind of brainless fucks that get lured in by http://totallylegitbank.com.freehost.com/... scams? Fucking stupid piece of fucking shit.
Oh, and when you're using MS Exchange, of course you can't know that when you're having your own domain, you actually also own every fucking mailbox on it, because Microshaft doesn't allow you to have more than n amount of mailboxes, unless you gobble up money for them. But you know what, in my case it's a fucking catch-all domain running Linux on its servers, so yeah I can use whatever the fuck I want in front of it, including your stupid fucking cleaning company.
IFOM: And then there's your current designated email address. $nickname@nixmagic.com..
Oh you're going to criticise that as well?! Yeah condor is my fucking nickname all over the internet, and my username on all my systems. That's why I use it. But you know what else is an email address that you might come across, because people are shallow idiots like that? ILoveBigTits69@gmail.com or something like that. You know what, how about I address you next time from ILoveBigTits69_OhAndYoursAreAWashboard@nixmagic.com, because you know what? I CAN FUCKING DO THAT. But you know, I at least am halfway fucking professional about my business-related stuff, so I won't because I really don't want to be associated with such an email address. So don't you fucking dare to criticize me for using my fucking nickname instead of my real name.
Long story short, people are fucking idiots.6 -
NO. NO. A THOUSAND TIMES: NO.
I clicked on this out of genuine curiosity to see if someone was finally trying to discourage people from annoying the shit out of website visitors. A summary of the suggestions in their article as to what to use popups for:
1. Announce new products/services, features, policy updates, new blog posts
2. Promote your sales or coupons (including countdowns)
3. Encourage people to input their e-mail address / subscribe, perhaps also offering some vague thing they will get as a reward for doing so
4. Contact forms (e.g. support etc.)
5. Prompt visitors to confirm their age before showing content
6. Login/register forms
7. Display social media "share" buttons when a visitor has scrolled a certain way through the page content.
8. Display cookie consent prompt.
9. Help guide visitors to the part of the website they want to go to.
Of these: 1, 2, 3, and 7 need to die for sure. If a website does any of these things I'm inclined to immediately leave and never return. 8 is a little annoying but seems a necessity.
Someone even replied to the Tweet saying that popups are annoying, the company responded with "let's change that!"
Blank portions of the screenshot are to avoid promoting the company unintentionally as a result of the rant ;)
3 -
Any alternative to Googles reCAPTCHA?
Backstory we have a contact form, in a bootstrap modal, loading the form as an ajax request. The form has (as of today) a captcha, as we where getting a lot of spam.
Guess what it does on safari? Right... It renders outside the modal and since there's no need for scrolling, bootstraps modal adds an overflow hidden to the body. Results in non submitable forms on some resolutions.
Any idea on how to fix this, or other captcha systems we could use (it's a Symfony app).
4 -
Wow so much hate for WordPress. Le me to the rescue 💀
Yes WP is bloated and crappy and full of security issues etc etc. Agreed. That doesn't mean it is useless though.
It is alright to use for someone who is not really good with web, someone who just needs a blog, someone who just needs a home page, about page and contact form with a possibility of updating photo and text once or two times a month.
It is not suitable for e-commerce nor lots of transactions/forms involving websites.
As long as you know what kind of horse/vehicle you are on, you won't end up in the dirt.4 -
Salespeople telling clients "Your site doesn't need a privacy policy/cookie policy since you don't actually sell anything on your site."
Wrong wrong wrong WRONGITY WRONG WROOONNGGGG!!!!!
Client to PM to me: "Well Jim said we don't need those on this site."
Me: "Well Jim is misinformed, since we use Google analytics, Facebook Pixel, and contact forms, you need to have both a privacy and cookie policy."
PM to client: "We'll find you a template you can use to get started, it'll cover most of what you need."
Me to PM: "we will do no such thing, we can send them a few links explaining why they need these, but they should consult a legal professional and cover their asses for their own business practices. I can provide any technical details they may need like what data the cookies collect if necessary."
PM to me: "well I'll just find something for them then."
*In my head* please just go crawl in a hole and die.4 -
So I want to inform my internet provider of my new phone number, but I can't remember any of my login info for their web interface because I never used it. Luckily, they have a "forgot my username" function, where I submit my email address and get a confirmation that my username has been sent to me.
Yet, I just don't get said email. I try again, but no avail. So I just guess my username and use their "forgot password" form, which – hooray! – confirms it just sent my an email.
But I don't get any email. I retry, I retry after a day, but no automatic response. I remember a incident a few years back when I didn't get some automatically generated mails from a company and decide to contact their support if they could just reset my password manually.
Nearly a week passes.
Now I received the answer. I just don't have an account.
Lesson learned: Next time I'll just input garbage first to check if those forms are sane. -
How to get a developers attention?
Simple, just leave a negative review on one of his apps. This will surely motivate the fellow to help you out. Contact forms are for the weak.1 -
What the actual fuck is wrong with companies that have websites with useless buttons. And i mean useless like a "Click here for our api documentation" which takes you to a contact form that you fill out and wait 3 days for someone to email you a link to a publicly accessable webpage on the same fucking website, a link that is just an extra tier on the contact forms link 😠 or they make their website a motherfucking labyrinth just to find the api documentation or a phone number to contact them.
-
A customer has this project that smells ... like it could be not fun.
They're doing business with walmart (actually a walmart satellite company, even worse).... I've seen this story before. They're super excited, they're seeing $$$... seen it not work out so many times.
Anyway they're having us rush out these forms and documents and so on and I can see there's a lot of data that is going to be required missing.
My contact is super peppy and happy and so sunshiny that my concerns are going over her head... she just sends emails to people, like FW, RE RE ... this is gonna be a mess of last minute / 'where is this?!?!?!' kinda work...
Granted I work at a good place, this won't have any blowback on me... but god damn guies listen to coder guy that the data that will be needed isn't there and there is a SHIT ton that I'm pretty sure isn't ... anywhere. -
Story of a first-time hackathon.
So, I took part in the COVID-19 Global Hackathon.
Long story short, I got excited at OCR and just went with the most challenging challenge - digitizing forms with handwritten text and checkboxes, ones which say whether you have been in contact with someone who could have Coronavirus.
And, unsurprisingly, it didn't work within 4 days. I joined up with 2 people, who both left halfway through - one announced, one silently - and another guy joined, said he had something working and then dissapeared.
We never settled on a stack - we started with a local docker running Tesseract, then Google Cloud Vision, then we found Amazon Textract. None worked easily.
Timezone differences were annoying too. There was a 15-hour difference across our zones. I spent hours in the Slack channel waiting.
We didn't manage the deadline, and the people who set the challenge needed the solution withing 10 days, a deadline we also missed. We ended up with a basic-bitch Vue app to take pictures with mock Amazon S3 functionality, empty TDD in Python and also some OCR work.
tbh, that stuff would've worked if we had 4 weeks. I understand why everyone left.
I guess the lesson from this is not to be over-ambitious with hackathons. And not to over-estimate computers' detection abilities.2 -
The contact forms sent emails from no-reply@ and in the last meeting the client told us a colleague of them asked once who "No repli" was and why he's not answering her emails. Well...
(German client, so she may not knew what "no reply" means)2 -
!rant, more of an incredulous/cruelly amused "you had ONE job..."
so: biggest IT/PC/electronics store in my (and neighboring) country. their webpage, of course with the function to buy online, because of course.
the big green "Buy" button does nothing. doesn't work. doesn't react. I keep clicking it multiple times, shorter, longer, etc, because maybe their JS scripts are just shit so they slow.
nope.
okay. open devtools, JS console.
hover over the button: "Error: isMobile is not a function".
click the button: "Error: isMobile is not a function"
WAT.
search for isMobile in the script.
173 occurences.
fuck this.
console: isMobile = function(){return false;}
because I'm not on my phone.
click the "Buy" button.
works flawlessly.
...HOW?
THE WHOLE PAGE IS AN ESHOP YOU COMIC RELIEF INCOMPETENTS! =D
173 uses of non-existing function that blocks business-critical feature, THE ONLY CORE FEATURE FOR WHICH YOUR SITE EVEN EXISTS, and NOBODY, not the dev who fucked it up, NOT EVEN QA, noticed it??? =D =D
if I was the boss of the devs, or even boss of the whole company...
git blame
...and then i'd go the whole chain from the dev who caused the bug, through all of the QA people who "tested" that version before deploy, and I would personally, on the spot, fire each and every single one of them.
mainly because of who knows how much money this stupid not even a proper bug lost them.
but secondarily, because clearly none of those people give a single shit (n)or have an idea how to do their jobs.
=D =D
yeah but I was a good guy, filed a bug report in the "Complaints" section of their Contact form.
it goes to some call-center-like peon, so it starts with a sentence "forward this to your site's dev people outright to file as a bug, thank you".
but... HOW.... =D
HOW can you let something like this through? =D
the bottleneck of your whole user interaction, which forms first of the three steps OF THE MAIN AND MOST IMPORTANT FUNCTION of your whole business... =D
...I...
...does not compute =D
...BUT THEY USING ANGULAR, SO THEY ALL MODERN AND HIGH-TECH AND EVERYTHING'S FINE!!! =D =D1 -
Form plugin for WordPress on a seriously out of date install won't update until I update WordPress core. Fine, I update core and update the plugin and test the forms again. Form still isn't sending emails on submission. Look into forms settings. Oh look error messages, awesome!
Message: "There are 2 configuration errors"
OK, what are the errors where are the errors?
"There are two configuration errors."
Gee that's really fucking helpful, why even tell me you can see the errors if you aren't going to fucking tell me where the blasted things are. Spend 4 fucking hours trying to figure this out, checking "docs" wiki, support forums, nothing.
Finally decided to just trash the client's form plugin they were using and installed my reliable Gravity Forms.
P.S. if you are going to write code to find errors, and tell me about them, then you had better fucking tell me what the goddamned error is. There is no need to waste a developer's time trying to debug your shitty plugin because you couldn't be bothered to write a useful error handler. -
Applied to 4 companies last weekend. One of them didnt even have proper working contact forms (they all gave somekind of 503 error).
I even took the effort to just mail them my resumé, do i receive an answer that they are looking for someone with React experience.
I looked over the function a second time, no mention of React anywhere.
To whoever is working over there or ever going to work over there; i already feel sorry for you.
Top Tags
Weekly Rant
View