Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
Client : pls put the disclaimer that the site uses cookies.
Me: but we don't use cookies this is a static page
Client: Still, the pop up makes the site look more professional, kindly add the feature asap
Me: :/22 -
😤😤😤 People need to stop believing these sheets in fortune cookies, they are printed using a Linux binary!
10 -
!dev
It was late night after work I went into Macdonald's take-away:
Me: Can I have a Maharaja Mac Medium Meal with extra regular fries?
Guy: Yes sir, that will XX.XX amt.
Me: Gives him my card.
Guys: So what's the pin?
Me: What??
Guys: The Pin sir.
Me: Are you ok? Who the hell shares a pin with you?
Guy: Sir, we don't have a wireless swipe machine.
Me: So why is it a take-away if I have to come inside and drop my pin anyways?
*Guy looks awkwardly at other employees. :/
I had to finally get out of the vehicle and I took another 15 mins seperately explaining him why cards have a security pin and that the word security isn't a joke before the pin. With this, I might have also slipped in some GDPR cookie policy along with it. and why Microsoft bought GitHub. Good Lad. He will learn.16 -
** Non Dev Rant **
I just need to rant about this because I'm furious.
Last night I had a house warming party. It was mostly, if not all, of my girlfriend's friends. I'm a cranky old developer so I don't have friends.
Everyone was nice and dressed nice and brought us gifts.. all of the gifts were pretty much specifically for my girlfriend.
So this one girl came... she's younger.. around 25. She came with no gift (I wasn't expecting gifts I just need to mention it for the plot), and was dressed in sweat pants. Alright, no problem.. I really don't care at least she's here.
So as more guests arrive I finally get a gift. Someone brought me a case of beer and a couple of yummy cookies. I had to put it down on the kitchen counter for a bit because I needed to grab more chairs.
The basement door where the chairs are is 10 feet away from where I left my present..
I come back from upstairs.. not even 5 minutes later and I see sweat pant girl stuffing one cookie in her fucking mouth and the other in her pants...
Are you fucking kidding me!? I bought desserts and snacks and all the alcohol you can think of and you steal MY fucking present. Not just one of them... but BOTH.
She saw the other guests give me it.. say "here buddy this is for you"... followed me in the kitchen and STOLE my fucking cookies.
I was going to eat them this morning with my coffee and I realized I couldn't because this fucking ass hole took my fucking cookies!!!!
I hosted this party for my girlfriend's SJW ass hole fucked up friends... put a smile on my face... pretended to like people... and for once didn't yell at someone... and the fucking thanks I get is 2 stolen fucking cookies.
Fuck her.20 -
!rant
My parents gave me a lovely surprise😍
4gigs of gtx960m and a 6th gen i5, I think I am set for a few years
27 -
Anyone else find those cookie notices on websites more annoying than the fucking cookies themselves?
//They suck even more on mobile6 -
Fuck the cookie warnings on websites!
They don't do anything helpful and are just fucking annoying. Especially on some websites where they take up half og the fucking screen.15 -
Jesus fucking christ, entering w3schools.com (don't ask) and I immediately get a cookie consent thing shoved in my face.
WHY?! Please don't tell me it's so I can get the 'best experience' because that's straight out bullshit. I don't need cookies and you fucking name it to get 'the best fucking experience' while looking up again how that one PHP or HTML or CSS or WHAT-THE-FUCK-EVER thing worked.
E-v-e-r-y GODDAMN site has this nowadays, to 'improve my experience' - I block ads anyways so what's the motherfucking point?!
Mother of FUCKING god.
alskdjaioethsdjlkjrfoikmedr31 -
Hey websites
For the fuckzillionth time, I don’t want to receive your notifications.
Store my preference in a cookie or something and stop harassing for fuck’s sake.
Fucking cunts!14 -
If you thought your legacy code was bad, this is what I'm dealing with. The below SQL is stored in a cookie on login and executed to on every further request to determine the user / privileges.
15 -
What the flying fuck is happening on the EU with the fucking GDPR corsairs!!
I made two - TWO - entirely static websites, hand-made, 100% cookie-free!! I didn't even need to store a goddam boolean cookie! No third-party content is EVER invoked, called or summoned! I hosted a small video to avoid Youtube! Facebook and twitter share buttons are links!! I DID ALL OF THIS ON PURPOSE AND INFORMED THE FUCKING CLIENT.
And THEN (and, of course, unsolicited), the fucking lawyers of an asshole GDPR corsair office came and scared the shit out of my clients and convinced BOTH of them to put the goddam GDPR cookie consent popup on the fucking websites!! And they took their bribe, of course...
In order to avoid billionaire fines because of the NON EXISTENT cookies of the SMALLEST, SIMPLEST, 2KB MINIFIED HTML page on the Internet.
Anybody else is suffering from this kind of behavior??10 -
So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)
Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.
Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.
Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.
It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.
I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.
So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.
I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.
Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.
An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:
"please reenter card number to validate."
Bupkiss. Dead end.
OR SO YOU WOULD THINK.
One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:
"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"
One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:
With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.
So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.13 -
Did you read about the new Digital Services Act and Digital Markets Act laws of the European Union, that will go in effect in 2022? Pretty neat stuff, more transparency, user rights and a tool against internet monopolies.
"Very big online plattforms" must submit reports on freedom of speech, abuse of human rights, manipulation of public opinion.
EU assigned scientists will gain access to trade secrets like google search or Amazon recommendation algorithm to analyze potential threats.
The EU can fine serial offenders 10 % of their yearly income. And break up companies that stiffle competition.
Internet companies like Facebook will not be permitted to share user data between their products like Instagram and WhatsApp.
There will be a unified ruleset on online advertisement. Each add must have the option to find out why this add is shown to the user.
Unlike the GDRP data protection rule the two acts will be valid at the Union level. So that there won't be any exceptions from single member states.
Let's hope this leads to a better Internet and not things like cookie pop ups 😄
Link to the EU DMA DSA page
> https://ec.europa.eu/digital-single...
49 -
I'm working on a project with a teacher to overview the project at my school to be responsible for the confidential student data...
Teacher: How are we going to authenticate the kiosk machines so people don't need a login?
Me: Well we can use a unique URL for the app and that will put an authorized cookie on the machine as well as local IP whitelisting.
Teacher: ok but can't we just put a secret key in a text file on the C drive and access it with JavaScript?
Me: well JavaScript can't access your drive it's a part of the security protocol built into chrome...
Teacher: well that seems silly! There must be a way.
Me: Nope definately not. Let's just make a fancy shortcut?
Teacher: Alright you do that for now until I find a way to access that file.
I want to quit this project so bad4 -
This fucker right here. Two pages under the same site return different session data:
Session cookie is the same.
The session file itself doesn't change.
Same machine is being used.
I don't change the session variables at any moment.
HOW?!8 -
* login tutorial *
Alright, everything looks good and secure and all
"and now to keep the user logged in..."
Aww ye, this is just what I needed
"we set logged in to \"true\" in a cookie and add another cookie with the users name"
2 -
The NOS (Dutch national news agency/company) was criticized recently because the cookie/tracking consent thing was 'too much/inconvenient'.
Seriously, their consent thing exists out of three yes-no buttons (one for each subject and the subjects have a very short but understandable description) which you can click or tap (it works perfectly on mobile) within a fucking second.
It's the best fucking consent thing I've seen and now they're saying it's inconvenient.
Inconvenient my ass, other companies should take it as example! (https://nos.nl)14 -
If you know haskell, you know the pain of learning Monads, functors and applicatives, especially when coming from imperative background.
But this guy filtered out all the witchfuckery out of this seemingly complex subject. And there are pictures.
http://adit.io/posts/...6 -
Finally finished the blog post and (nearly) the last bugs (few remaining, still gotta think about how to solve them) are fixed.
The new blog post is online! I've taken a look at the Telegram messaging app and basically burned it into the ground. (Provided sources as well)
Next to that, a new domain name! As this blog is about online security AND privacy, I decided to change the domain name. The new one:
https://much-security-such-privacy.info/...
Dark theme can be enabled but will only work on one domain, you have to enable it on the other one as well to get a dark theme there. It stores the value in a cookie so it will remain when you reload the page and don't remove the cookies.
The RSS feed generator has a bug right now which makes that the page doesn't get updated, will work on that one tomorrow.
Thanks!
Last but not least, you can email me suggestions and so on at linuxxx@much-security.nl :)34 -
The concept of, "hacking" at my school is so disgustingly bloated, as it probably is everywhere else. Some kid the other day said that he had hacked cookie clicker. Friggin cookie clicker. After opening inspect element and changing some local data to get infinite cookies. And he was hacking.
I swear, if I EVER told any of these idiots about some hacking project I did with an Arduino, they would start asking me how much money I made off with in the heist.
There is one kid in particular that annoys me, his name is Matthew, and he is the most pompous little piece of crap you have ever met. Every time they talk about him, they use the word, "hack" casually in conversation. "Wow dude he's gonna HACK you now", and it really boils my gears. I mean, come on, our school password is a birthday and initials, if he got into your account, he certainly didn't do it by hacking anyone. It has gotten to the point that I can't even hear the word without wanting to lash out at them and tell them how stupid they are. Maybe I can just send them a link to this rant.17 -
I wrote this blog post entirely on my phone through doing an SSH on my home server. Why, you ask, well because I don't have my laptop and I am hella bored. Stupid, you say, well I agree.
http://iostreamer.me/chip/2016/...
7 -
!rant
NASA using Node.js to build a mission control framework. I just hope they don't get discouraged by the haters 😃
https://nasa.github.io/openmct/8 -
I see all these tools for the past few years claiming...
"build an app without writing code"
Great, if you want to build a prototype and then try to find a technical co-founder who can actually build something.
Otherwise, none of us need another shitty cookie-cutter app.
There is a 0% chance you can build anything that will scale without writing some code. Your best case scenario is you sell it to some sucker who doesn't understand that what they are buying is garbage.
I give those folks 3 options...
1. Find a technical co-founder
2. Learn to build software
3. Fuck off
Thinking you can build a software company without building actual quality software if fucking moronic.
Of course, that won't stop the thousands of business grads each year from trying and saying...
"I have such a great idea, I just need someone to build it"
Let's get things straight. You have nothing. NOTHING! You idea is worthless without execution.5 -
If you want to learn about bad UX design, look at every GDPR-compliant cookie alert on websites. The dialogues generally follow this pattern:
* Highlighting "Accept all" instead of "Reject" to bait you into habit-clicking.
* After clicking "Reject", you'll be redirected to an infinite list of usages. There is never a "deselect all" option. You need to opt-out everything manually.
* Sliders use some ambiguous coloring scheme without labels, which means you never know if you turned it on or off.
* Instead of "Reject", there is an "Other options" button. Clicking it redirects to a EULA document, with at the end... no other options.
Everything looks compliant, but they are still boobietrapping everything so you just wouldn't be able to opt out. Fucking data-vendoring assholes.17 -
To all developers,
Please stop making web applications where ALL state is saved in cookies. If I make a search and select a result, why the hell are the search parameters not in the address bar, but rather in a bloody cookie, and why when I select a result is this page not identified by a unique address? Rather saved in a COOKIE. This makes having multiple tabs open pretty useless.4 -
A store in Russia was robbed for 30k$ using ArtMoney.
ArtMoney is a Game cheating program that is used in games that have no AntiCheat system or it is insanely horrible(Cookie clicker as an example for a game that had no anticheat and ArtMoney is used in it)
The robbers placed orders for tech(like phones and laptops) and then used the program to change the prices from thousands of dollars down to 5$.
The cheat program is insanely easy to defend against or detect its changes.
This is a good reminder to check your security if youre adminstating things like online shops or other stuff thag can be targeted at a similar fashion.4 -
Dear fucktards with cookie notifications.
Give me a damn button of just “NO, I don’t agree”
Ain’t nobody got time to unstick 500 check boxes every single visit, surely theres no good or useful reason of some of these sites having more cookies then words on their home pages.14 -
After a long wait of 8 months, C.H.I.P the 8$ headless computer finally arrived. And since I have already made something like a cheap hack of siri(I call it dyna and it lets me control my laptop with voice), I am going to automate the f*** out of my home!!!7
-
First thing to do after downloading swift for linux is to obviously place the folder inside another folder named Taylor2
-
I understand the fact that your website uses cookie but fucking hell it can use it to remember that I accepted 7373738594929738849393 times2
-
What you see in that screenshot, that was earned.
I'm on the plane and I want an hour of free Gogo (read: crappy) WiFi on my laptop (so I can push the code I'm probably the most proud of, more on that another time). The problem is that the free T-Mobile WiFi is apparently only available on mobile.
So after trying to just use responsive mode, and that still (almost obviously) not working. I realize it's time to bring in the big guns: A User Agent switcher. Small catch: I don't have an add-on for FF that can do that.
So on my phone I find an add-on that can and download the file. To send it to my computer, I initially thought to go through KDEConnect, but Gogo's network also isolates each system, so that doesn't work. So I try to send it over Bluetooth, except I can't. Why? Because Android's Bluetooth share "doesn't support" the .xpi extension, so I dump it in a zip (in retrospect, I should have just renamed it), and now I can share.
After a few tries, I successfully get the file over, extract the zip, and install the extension. Whew! Now I open up Gogo's page and proceed to try again, but this time I change the user-agent. Doesn't work... Ah! Cookies! I delete the cookies for Gogo (I had a cookie editor add-on already), but I had to try a few times because Gogo's scripts keep trying to, but I got it in the end.
Finally that stupid error saying it's for phones only went away, and I could write this rant for you.
22 -
Aaaaand my whole world came crumbling down. All I have is a laptop with a battery backup of 15mins, and now the charger broke.
I was almost done with coding a nice feature, just few more lines and I would have been able to push.
But, rather it went dark. And now I can't code, nothing matters, everything is meaningless 😞10 -
Last week my company thought it would be a great idea to introduce a new sh*tty internal web portal that gives federated access to aws (instead of using our own accounts to assume dev roles like we used to do).
This broke a lot of sh*t that simply used to ask for an MFA token and used our practically permissionless accounts to assume a proper dev role. An MFA token that we'd enter directly into the terminal/tool. It was very seamless. But nooooooo we now have to go a webpage, login with sso (which also requires mfa), click "generate credentials," copy-paste those into terminal/creds file and _then_ continue our aws cli call. Every. Single. Day.
BUT TODAY I HAD ENOUGH.
I spent the entire day rewriting the auth part of our tools so they would basically read the cookie that's set by the web portal, and use it to call the internal api that generates the credentials, and just automatically save those. Now all we need to do is log into the portal, then return to the tool and voilà, the tool's also got access! Sure, it's not as passive as just entering an MFA token directly, but it's as passive as it gets. Still annoyed by this sh*tty and unnecessary portal, but I learned a thing or two about cookies.9 -
So...is Android O really being called Oatmeal Cookie?
That's two sub par "dessert" in a row.
Step up your game Google!
That being said it should be a great update to the OS. 😀23 -
Make your cookies banner have equal "Accept All" and "Reject All" buttons, and I'll probably Accept All.
Bury rejection under a fucking "Manage Cookies" button and I will go out of my way to disable/opt out of every fucking one of them.
Also why the fuck would rejecting all take "a few minutes" but accepting be instantaneous?
Fucking hell.
18 -
The more I visit a wide range of sites, the more I hate obnoxious cookie policy pop ups. The ones that take 2/3 are UN-FUCKING-NECESSARY.
Web devs that make them like this can you please tell me why?12 -
TLDR someone in my team took credit for work he didnt do;
I know teamwork is a good thing and when everyone does their share of the work, it is.
I submitted a computer science project to an event in the UK called the Big Bang fair, I was in a group of 3. We had been meeting every week after for the past 10 months. During these sessions me and uke have been meeting for 1h 30m where as oon could only meet for 1h because "he had stuff to do" and he never saw the point in staying longer. Oon had also been a massive distraction whilst the time he was there as he did no work and messed around on cookie clicker.
Anyway we found out last week that the Big Bang fair was coming very soon and we had not written a write up or done any preparation for the presentation we had to do. Me and uke set up a google doc and started adding stuff to it (as we only had a few days left at this point). Whereas oon did nothing.
I ended up staying up till 3am in the morning finalising the write up over the weekend with uke helping. We asked oon to help but he said he didnt want to stay up late so didnt help.
Then the most stressful 2 days come round. I devoted all of my free time towards the project, uke devoted most of his time and oon devoted 1 hour after school on one day. He said that he couldn't do one lunchtime but I found him in the ICT room playing games :/.
This didn't matter THAT much but what pissed me off is that he started boasting to all his friends about all the work I did and credited it as his own. At the actual event he said nothing during the presentation because he knew nothing about the project. HE DIDNT EITHER BOTHER TO READ THE WRITE UP HE WAS BOASTING ABOUT. What do people get out of taking credit for work other people did.
We didn't win anything and I wonder why
wow thanks for reading all this you deserve a sticker
1 -
That's it. That's all I have for my home server setup. I don't even know why we have that sticky red thing, but today it came handy. And now I can SSH anytime I want, it's never going get shutdown 😂
1 -
I'm attacking all the guys who run arch and think they are heroes. Just a load of noobs following online guides who want a cookie for their cv or water cooler street cred. Just fo.8
-
Noticed my RAM usage was around 41% when just browsing internet. So, getting more RAM was a good move, until I saw the usage shoot to 52%.
And you already know who eats that much RAM.
PS: Maybe it's some extension, because I just have 2 tabs open and killing that process didn't kill any tab.
8 -
Fukken School project
I spent days writing good documentation with step-by-step tutorials. I broke the project down into small, simple tasks.
Trying so hard to make everyone’s job easy.
And they still fail.
Give me a cookie2 -
Just in case you guys run out of ideas for your side projects, black mirror will always be there for inspiration.6
-
TL;DR: If you make a contest where people get to vote online fucking make it right!
And here's the story: I play in a local coverband to make some cash on the side and because I love making music. We entered a contest hosted by a local radio-station. The first round was determined by judges and now 5 bands remain and of those 5 only 3 get to be voted into the final round. In the final round every bands wins something: 3rd place 250€, 2nd place 750€ and first place 5000€.
Now that stupid dipshit of a web-designer of that radio-station made a website where you can vote and it only fucking sets a cookie. You can delete it and vote again. You don't need no E-Mail and nothing. It doesn't even block multiple votes from one IP. It doesn't do shit.
Even my bandmates (who don't work in IT) where smart enough to figure out that you can just delete the cookies...
I think that now every band except for one is cheating. (we have over 5000 votes and combined all bands have like 4000 FB-Likes and sometimes and Band gets like 400 more votes in an hour) This is such a fucking messup and I don't know what to do. Maybe they'll look into stats but if they're so stupid to make a contest like this in the first place, maybe they won't. And even if they look into the stats it wouldn't be fair to kick out a band with much votes because how the fuck would they know if the band themselves cheated or if it was a fan of the band or even an enemy of the band just to get them kicked out.
I'm afraid of talking to the radio-station as a part of one band because maybe the web-designer there just gets frustrated and bans us from the contest entirely.
This is just fucking frustrating.5 -
That moment when your project is trending on HackerNews.
Your positive response was a big push, which finally made me post it on hn. Thank you so much, love you all!😃3 -
I know we're trying to stay away from Flash. I've heard that most browsers these days support cookies. Could you work it into a "cookie applet?"1
-
Does anyone know a provider for webhosting with this needs?
- decently priced (~4€/month)
- domain included
- email stuff included
- no analytics/cookie stuff from the provider (that's the point of change)
- easy sftp access
- ssl included12 -
We have to use this tool in work for classifying new and existing projects for GDPR. Long story short you have to fill out a REALLY long questionnaire, then it gets reviewed by someone in legal. The tool will also assign you tasks and suggest actions to common issues (e.g. suggesting a banner to explain cookie policy if you tick a certain box).
I have spent about an hour trying to re-assign the assessment I started, as i'm due to leave the company in a few days, to the guy taking over from me.
1. There is a “generate shareable URL” button, with the ability to click a button that says “replace me with the logged in user who opens this”. All it does is duplicate the name and description fields and send a new copy to that person, with no access to any of my other content or answers.
2. I did find a re-assign button eventually, again all it does it create a duplicate, and throws and error saying names must be unique when I try to save it.
3. While I couldn’t find a way to do that, I did find another button to at least assign the reviewer. It told me i’m forbidden to change the reviewer on assessments i’ve created.
This is THE WORST piece of nonsensical shit on earth. The entire application is absolute garbage and sssssssooooooo slow.
When you first create an assessment it brings you to a page that has all the questions, makes sense right? Wrong. All the questions are in read-only mode, and they are simply there as a "this is what you can expect to see later on", telling you whether or not they will be freeform, multiple choice etc.
The way to actually answer the questions is to click the "start survey" button hidden in the "status" dropdown.
I don't have much advice to anyone around GDPR, but please stay the hell away from TrustArc. -
Installed Cookie Clicker yesterday. This app literally bombs my PiHole with ad- and tracker domains.
This is pretty bad...
9 -
Me when I fuck up my sleep schedule badly by turning my life into a coding sprint and then trying to go normal
-
Note to my past self:
Thank you for taking care of me and assuming that out of no fucking sudden authorization token will be required to perform an API call!
You saved me so much refactoring and modifications with your tiny little assumption of how fuckups will think :)1 -
Glassdoor is the perfect example of how annoying, even just opening a website can be, first it asks for your permission to use your location, then half the screen is filled with a cookie agreement and after you clicked it all away, you get a "download our app" filling just 30% of your screen, now that you clicked that all away, you may use the website, ludicrous.
edit: well fuck, just noticed the app message glitched away when taking the screenshot, you get the idea though
6 -
The overreach by a single company near or close to near monopoly on the internet is beyond bone chilling.
To be precise, I am talking about Google extending its reach by forcing people to use AMP in the webpages.
I get insta furious when i see my favorite webpages using them and effectively my entire browsing activity on that page is happily recorded for clicks and ads.
To just bypass that i have to unnecessarily add more and more addons to lock them out of my browsing which in turn WEAKENS my entire browser.
And sincerely saying, this sort of outreach is becoming really annoying. Because plain JS and Cookie Blocking will not work. and slowly people are running out of options.
If posts about AMP are being made earlier, I apologize.8 -
!rant
Starting from today, I officially love windows and ubuntu equally .
Now I can game whenever I want without switching OS.
I think bash on win is all I ever wanted and I really thank MS for it.
8 -
stored username and password in a cookie .... in plaintext
*speaks from my partner's point of view*1 -
GRANDPAFUCKING RETARDS!
I HOPE YOU ALL DIE ON SOME ELEPHANT DICKS TURNED AROUND YOUR HEADS WHILE GETTING RAPED BY THOUSANDS OF GIRAFFES (EACH OF THEM BEING SO HORNY THAT THEY ALSO COULD FUCK YOUR WIFE AT THE SAME TIME!)
THEY ASK ME A FUCKING QUESTION AND ONLY GIVE ME THE OPTION TO AGREE ON THE COOKIE POP-UP TO ENTER THE WEBSITE! YOU DIPSHITS!
YOU SISTERFUCKING ASSHOLES!
WELL... I FUCKING CLICKED "AGREE" AND WHEN I FINALLY FOUND THE PRIVACY CENTER (LOL) THE SAME FUCKING POP-UP DID APPEAR!
HOW ABOUT YOU FUCKING FUCK YOURSELF, DISTROWATCH?!
Btw. they really still use tables instead of proper css styling.
DO WE LIVE IN THE FUCKING STONE AGE?!
10 -
The entire fucking internet is an unusable pile of shit. Why is it that every time I click on LITERALLY ANY link on google and I start reading, 2 seconds later the text shifts to an other location because the fucking font loads, 3 seconds later it fucking moves again because a god damn ad just loaded above it, and after all the loading bullshit is done it shoves a fucking cookie banner (that usually covers half the page) and a fucking newsletter popup in my face. This makes it literally impossible to quickly read someting on a website without interruption. It's fucking 2020 and we bout to put a fucking man on mars, yet the technology still isn't advanced enough to make the internet less fucking annoying.13
-
TIL how to mess with your neighbors who steal your wifi.
Simple, just turn everything they request upside down.
http://ex-parrot.com/~pete/...5 -
TLDR: Find a website that requires a subscription but doesn't check their cookies' integrity, now I'm on a website for free.
>be me
>wonder if it's possible to intercept browser data
>download Wireshark
>download Fiddler
>find that none of these really fit me
>go to youtube, search how to intercept POST data
>find something called BurpSuite
>Totally what I was looking for
>start testing BurpSuite on devrant
>neat!
>I can see all the data that's being passed around
>wonder if I can use it on a website where my subscription recently ended.
>try changing my details without actually inputting anything into the website's form
>send the data to the server
>refresh the page
>it worked
>NEAT!
>Huh what's this?
>A uid
>must be a userID
>increment it by 1 and change some more details
>refresh the page
>...
>didn't work 😐
>Hmmm, let's try forwarding the data to the browser after incrementing the uid
>OH SHIT
>can see the details of a different user
>except I see his details are the details I had entered previously
>begin incrementing and decrementing the uid
>IFINITE POWER
>realize that the uid is hooked up to my browsers local cookie
>can see every user's details just by changing my cookie's uid
>Wonder if it's possible to make the uid persistent without having to enter it in every time
>look up cookie manipulator
>plug-in exists
>go back to website
>examine current uid
>it's my uid
>change it to a different number
>refresh the webpage
>IT FUCKING WORKED
>MFW I realize this website doesn't check for cookie integrity
>MFW I wonder if there are other websites that are this fucking lazy!!!
>MFW they won't fix it because it would require extra work.
>MFuckingFW they tell me not to do it again in the future
>realize that since they aren't going to fix it I'll just put myself on another person's subscription.5 -
Any other devs forget to eat... Then when you do eat, a guy has to drive a lorry to you because you just realised you're sooooo hungry (lorry full of food)7
-
how do websites have the option to deny all cookies? don't they need a cookie to know you don't want cookies?
13 -
Amazing how one can easily browse the web nowadays...
A popup to allow notifications, that shitty cookie information, a subscription box and a fucking video that automatically starts playing while drowning my mobile internet.
Maybe I'll write another rant about the actual topic I looked up...
7 -
It took straight 2 minutes to send 3 values to their server and even then it failed, just fucking great, what fills my eyes with blood is how calm the message is supposed to sound, you fuck can't receive opt-outs over https, what?!
3 -
!rant
I sure as hell am not a designer, but I do love design. Amidst all this backend, professional work, I found some time to do what I always wanted to try. Make a sleek web page.
And here is the result:
http://iostreamer.me/design/2016/...
I would like to get some honest feedback 😃18 -
Websites: Let me slide in a little piece of data in your browser for your convenience so that you don't have to enter your password every time you come back. We even have a great name for it - Cookie!
EU - WHAT ARE YOU DOING TO OUR COMPUTERS, HOW DARE YOU MAKE OUR LIVES BETTER WITHOUT LETTING US KNOW FIRST.
(also pay us €10000000 k bye)4 -
NO. NO. A THOUSAND TIMES: NO.
I clicked on this out of genuine curiosity to see if someone was finally trying to discourage people from annoying the shit out of website visitors. A summary of the suggestions in their article as to what to use popups for:
1. Announce new products/services, features, policy updates, new blog posts
2. Promote your sales or coupons (including countdowns)
3. Encourage people to input their e-mail address / subscribe, perhaps also offering some vague thing they will get as a reward for doing so
4. Contact forms (e.g. support etc.)
5. Prompt visitors to confirm their age before showing content
6. Login/register forms
7. Display social media "share" buttons when a visitor has scrolled a certain way through the page content.
8. Display cookie consent prompt.
9. Help guide visitors to the part of the website they want to go to.
Of these: 1, 2, 3, and 7 need to die for sure. If a website does any of these things I'm inclined to immediately leave and never return. 8 is a little annoying but seems a necessity.
Someone even replied to the Tweet saying that popups are annoying, the company responded with "let's change that!"
Blank portions of the screenshot are to avoid promoting the company unintentionally as a result of the rant ;)
3 -
!rant
I'm developing an OS. I tried running it on the laptop that's on the ground. Everything works fine except text mode. There is no output when running it in text mode(not the high resolution one shown on image). Since the OS sends all data that is printed to the first serial port I might as well read the output from the serial ports. Since the laptop I use for development doesn't have any serial ports I had to use the older Windows 98 PC. For unknown reasons I could not get any output from the serial ports so I gave up.
tl;dr I wasted some time trying to debug my OS.
Image of my debugging setup(taken with the latest potato).
13 -
This is somewhat oddly satisfying because the dip corresponds to the day I had my birthday, and that gives this graph a pretty smooth and symmetric curve :p
-
If your cookie preference setting doesn't include triple chocolate then it's not much of a cookie preference setting3
-
I like js and node in general.
But there's this thing I hate about NodeJs...
The blogs. The goddamn blogs.
Every goddamn blog post. Is code. Dozens of lines of code.
Oh, so you want X feature? Just copy paste this shit.
I swear to god, blog posts are the source versioning system to these people.
What they should instead is
a) Create a package.
b) Add tests to it.
c) Present the package to the reader with some minimal code.
But I'm a getting a huge impression that node blog writers want you to copy the code in their post, paste it in your project, and be happy with it.
Now, I'm not assuming that every person posting in medium.com is a software engineer (and by engineer I mean an engineer, not some fuckwad who begs for github stars on dev communities).
The problem to me is that they fucking SATURATE the goddamn search results.
The same goes for finding an npm package for your need, because there are so many low quality packages it's saturated too, you have too plow this stinking pile of projects that have very low quality,
and there's not a really good npm finder out there. Half of them are dead, some look and load like shit, and npm search has a low barrier for good code.
Me on rails, OTOH "ok, I need this thing", I google that and I swear to [-∞,+∞] I find GOOD packages, well designed, no cookie cutter bullshit, no obscure marketing shit on the README.md, it is very clear what this shit does, and the api is designed for HUMANS.
and it actually takes very little time to know if there's no such package.
I don't have to read dozens of fucking my-fuck-blog.io (jesus christ, the io domain has become such a fucking joke, it got fucking abused to death, there are some cool sites out there using it, but my god, James H. Marketing likes to just absorb everything he can, and the internet was not going to be a fucking exception)
does all of this make sense?3 -
And then I thought why not turn my resume into something weird and nerdy. And the result is this, a web app which looks like a terminal and connects to an actual Ubuntu terminal. It's not great, but it's something. 😃
https://resume-rahul-ramteke.herokuapp.com/...22 -
I need a name for a new app.
It's a spur of the moment travel app that lets you select the temp and humidity ranges you want and finds you the cheapest flights.
Dazzle me please.40 -
To all web devs adding cookie-nags on your companys pages: stop that! Now! No where does that cookie law require you to ruin your site with nagging popups. Where's the focus on usability?
And the rule about informed consent? Which normal user (like my mother) knows what that means anyway? I call bs! Politicians, don't get me started.
Every user on the internet goes JMIGA: Just Make It Go Away, click whatever making that crap disappear.
What user will go "holy shit, they're using cookies!! I'm outta here!" No one in the history of the internet, that's who. Argh.9 -
It doesn't happen very often when I get to publish my side project, but this time is a charm!
Here is something I hacked together and will probably break but give it a try, you might like it😉
https://npmjs.com/package/awkward/9 -
Starting to feel like shit about my new job. Every task my boss gives me I return with a "sorry it can't be done" for one reason or another. At first it was because user interface testing is a nightmare, then it was because the API postman tests he wanted is for endpoints we haven't exposed so it can't be done and the automated login on postman and retrieval of cookie information can't be done through postman because it requires rendering the site in a browser. I feel worthless to the company but I also feel he keeps making up tasks for me without checking if they're actually useful to us or even possible first, rather than let me touch any of the real code.. I don't know if I should just quit tbh.16
-
Aaaah ! So fuckin done with this Server error !
I am checking if a cookie is set in Php and if it is, I am redirecting user to some page, basically its a 'remember me' logic. But this fucking error comes in everytime my page redirects.
I have a similar logic to check if user is currently logged in the current session,and if he opens a new window and types the url(index.php) he is automatically logged in (obviously,duh !) and redirected,bt it dosent crash at that time!
Help 😥
15 -
Everyday I lose more and more hope in humanity
One thing I noticed is that arguments don't matter in politics. Most people won't even read them, they will just assume they disagree with you and project the most simplistic arguments into yours which they can then easily object to with cookie cutter phrases from their ideology. EVEN when you agree with their main point but criticize some small associated thing
It feels like people can only be swayed in their opinion by direct indoctrination
Maybe it always was like that. But now we have twitter. And suddenly every joe feels like they have a well thought out opinion that must be shared and even better they have a convenient cult-like filter bubble that unconditionally agrees with them
I actually, unironically fear for our future
#SorryForThePoliticalRant5 -
If nothing new is posted here I go to Facebook. If I exhaust the feed there I come here. Such has been my life for the past one hour 😶
-
To all the grown up devs. Since you have had quite an experience of naming variables and side projects, did you find it easy to name your own child? 😃21
-
Before internship, js code with semicolons looked stupid to me. Then jshint happened and here I am at 3AM in the morning, adding semicolons to a forgotten but not abandoned design project of mine!
-
Shout-out to the sites that make cookie popups the least annoying they can by actually providing options in the quickest way.
Those that hide them while having "allow all" take up 50% of the modal? Suck my fucking nuts.6 -
I know there is websites that guide you through upcoming gdpr changes*
But I wish there was some website or "awesome"** list that in the same fashion takes you through all things privacy policy, ToS, cookie agreement popup, gdpr etc. to be sure you have it all and it covers the newest standards
I feel I haven't been quite updating myself enough on things like that, so I often miss out a part, whenever I do have to add it myself, but finding it all feels like an endless maze
* https://ultimategdprquiz.com
** https://github.com/sindresorhus/...3 -
The company that I work for has recently recruited a team for Web Development, so they don't have to pay a monthly fee to the previous team who designed their website.
They have over 3000+ products in the old website, and no logical way to import them to the new website. The old team was asking for 300$ to give them an API which would return the product details in an XML format.
Obviously, paying that amount of money wasn't logical for a dying website, so the manager decided to hire someone to manually copy the content from the old admin panel to the new one, that is until I stopped him.
My solution? Write a simple web scraper to login to the old panel and collect data. Boom! 300$ saved from going to waste.
Now, the old team found about this and as much as my manager was happy, they were quite angry. So they implanted a Google reCaptcha to prevent my bot from scraping the old panel.
I spent about 20 minutes, and found out once you're logged in to the old panel, the session is saved in a cookie and you are no longer greeted by a Captcha.
So I re-written a small portion of my bot, and Boom! Instant karma from manager. We finished publishing the new site, and notified the old team, only to see the precious look on their face. Poor guy, he thought I was a wizard or something 😂😂
That's what you get for overcharging people!
TL;DR: Company's old website team wanted to overcharge us writing an API to fetch 3000+ records.
Written a basic web scraper to do the same job in less than an hour.3 -
Riddle:
Alice and bob want to communicate a secret message, lets say it is an integer.
We will call this msg0.
You are Chuck, an interloper trying to spy on them and decode the message.
For keys, alice chooses a random integer w, another for x, and another for y. she also calculates a fourth variable, x+y = z
Bob follows the same procedure.
Suppose the numbers are too large to bruteforce.
Their exchange looks like this.
At step 1, alice calculates the following:
msg1 = alice.z+alice.w+msg0
she sends this message over the internet to bob.
the value of msg1 is 20838
then for our second step of the process, bob calculates msg2 = bob.z+bob.w+msg1
msg2 equals 32521
he then sends msg2 to alice, and again, you intercept and observe.
at step three, alice recieves bob's message, and calculates the following: msg3 = msg2-(alice.x+alice.w+msg0)
msg3 equals 19249. Alice sends this to bob.
bob calculates msg4 = msg3-(bob.x+bob.w)
msg4 equals 11000.
he sends msg4 to alice
at this stage, alice calculates ms5.
msg5 = (msg4-(alice.y)+msg0.
alice sends this to bob.
bob recieves this final message and calculates
the sixth and final message, which is the original hidden msg0 alice wanted to send:
msg6 = msg5-bob.y
What is the secret message?
I'll give anyone who solves it without bruteforcing, a free cookie.18 -
I have unspent credits in Azure that waste each month. To not waste them I spun up a VM to run cookie clicker on it.
-
Debugging that responsive website and can't figure out where it is applying the viewport for the mobile layout. Cookie isn't set to view full site, nothing in html....checking Google's Dev Tools even in incog mode...until I notice Chrome is zoomed in....CTRL-0 = fixed. Dammit. Zoom on page just wasted 5 mins. I want my 5 mins back!
-
My project had a pretty decent state until I decided to add more features. New features had new requirements which in turn added more code along with a bug which nearly destroyed my will to live.
Went into 'fuck it' mode and reverted aaallll the way back to the decent state. Now I don't feel like sticking firecrackers to my laptop and lighting them up. 😌 -
# Retrospective as Backend engineer
Once upon a time, I was rejected by a startup who tries to snag me from another company that I was working with.
They are looking for Senior / Supervisor level backend engineer and my profile looks like a fit for them.
So they contacted me, arranged a technical test, system design test, and interview with their lead backend engineer who also happens to be co-founder of the startup.
## The Interview
As usual, they asked me what are my contribution to previous workplace.
I answered them with achievements that I think are the best for each company that I worked with, and how to technologically achieve them.
One of it includes designing and implementing a `CQRS+ES` system in the backend.
With complete capability of what I `brag` as `Time Machine` through replaying event.
## The Rejection
And of course I was rejected by the startup, maybe specifically by the co-founder. As I asked around on the reason of rejection from an insider.
They insisted I am a guy who overengineer thing that are not needed, by doing `CQRS+ES`, and only suitable for RND, non-production stuffs.
Nobody needs that kind of `Time Machine`.
## Ironically
After switching jobs (to another company), becoming fullstack developer, learning about react and redux.
I can reflect back on this past experience and say this:
The same company that says `CQRS+ES` is an over engineering, also uses `React+Redux`.
Never did they realize the concept behind `React+Redux` is very similar to `CQRS+ES`.
- Separation of concern
- CQRS: `Command` is separated from `Query`
- Redux: Side effect / `Action` in `Thunk` separated from the presentation
- Managing State of Application
- ES: Through sequence of `Event` produced by `Command`
- Redux: Through action data produced / dispatched by `Action`
- Replayability
- ES: Through replaying `Event` into the `Applier`
- Redux: Through replay `Action` which trigger dispatch to `Reducer`
---
The same company that says `CQRS` is an over engineering also uses `ElasticSearch+MySQL`.
Never did they realize they are separating `WRITE` database into `MySQL` as their `Single Source Of Truth`, and `READ` database into `ElasticSearch` is also inline with `CQRS` principle.
## Value as Backend Engineer
It's a sad days as Backend Engineer these days. At least in the country I live in.
Seems like being a backend engineer is often under-appreciated.
Company (or people) seems to think of backend engineer is the guy who ONLY makes `CRUD` API endpoint to database.
- I've heard from Fullstack engineer who comes from React background complains about Backend engineers have it easy by only doing CRUD without having to worry about application.
- The same guy fails when given task in Backend to make a simple round-robin ticketing system.
- I've seen company who only hires Fullstack engineer with strong Frontend experience, fails to have basic understanding of how SQL Transaction and Connection Pool works.
- I've seen company Fullstack engineer relies on ORM to do super complex query instead of writing proper SQL, and prefer to translate SQL into ORM query language.
- I've seen company Fullstack engineer with strong React background brags about Uncle Bob clean code but fail to know on how to do basic dependency injection.
- I've heard company who made webapp criticize my way of handling `session` through http secure cookie. Saying it's a bad practice and better to use local storage. Despite my argument of `secure` in the cookie and ability to control cookie via backend.18 -
Soo there's this new language in town.
It says it looks like ruby but runs like c.
Any one tried crystal yet?
Is a compiled language but with all the funky features.3 -
"We value your privacy, that's why we want you to agree to all of these tracking cookies."
Fucking GDPR, is getting on my nerves now, can't go anywhere without encountering a cookie wall.11 -
Why does Windows think that my wireless keyboard is a toaster? That is the question :p
http://superuser.com/questions/...2 -
PouchDB.
It promised full-blown CRDT functionality. So I decided to adopt it.
Disappointment number one: you have to use CouchDB, so your data model is under strict regulations now. Okay.
Disappointment number two: absolutely messed up hack required to restrict users from accessing other users’ data, otherwise you have to store all the user data in single collection. Not the most performant solution.
Disappointment number three: pagination is utter mess. Server-side timestamps are utter mess. ANY server-side logic is utter mess.
Just to set it to work, you need PouchDB itself, websocket adapter (otherwise only three simultaneous syncs), auth adapter (doesn’t work via sockets), which came out fucking large pile of bullshit at the frontend.
Disappointment number four, the final one: auth somehow works but it doesn’t set cookie. I don’t know how to get access.
GitHub user named Wohali, number one CouchDB specialist over there, doesn’t know that either.
It also doesn’t work at Incognito mode, doesn’t work at Firefox at all.
So, if you want to use PouchDB, bear that in mind:
1. CouchDB only
2. No server-side logic
3. Authorization is a mess
4. Error logs are mess too: “ERROR 83929629 broken pipe” means “out of disk space” in Erlang, the CouchDB language.
5. No hosting solutions. No backup solutions, no infrastructure around that at all. You are tied to bare metal VPS and Ansible.
6. Huge pile of bullshit at frontend. Doesn’t work at Incognito mode, doesn’t work at Firefox.8 -
So, a few weeks ago I was asked by a client to add a cookie consent popup.
Specifically the site must not track the user via Google analytics until they consent.
All fine and I added the normal popup bar at the top the screen.
The client asked me make this smaller and place it into the bottom right hand corner, as to not "scare visitors". After some design hanged on his end the message ending up being 80px side. I.e. tiny.
Weeks later the client is now moaning about decreased traffic levels in analytics.
This is to be expected as cookie message can barely been seen.
Facepalm.1 -
As if somebody who isn't a dev can understand these Explanations and even cares about the Name and Provider of a cookie. Maybe they took GDPR a step to far.
But it's nice to see that you can even say, which cookies you want them to use.
2 -
Just put a little cookie in someone elses coffie, it will sink but in the end the drinker will notice...1
-
"You should accept your employees for who they are and optimize for their abilities. I am a night owl, always have been, always will be. I am done trying to work in the mornings—it is a waste of time as I am not effective and make more mistakes when I try to work at this time."
https://qz.com/891537/...2 -
Just found this today in the Terms for a VPN provider...
hide.me uses Google Analytics to analyze in aggregate information about our website visitors. When your web browser loads a page on our site, a small snippet of javascript code is executed within your browser which submits information about the device from which you are connecting such as your browser user-agent, language, screen resolution, referring website, etc. to the Google Analytics service. To enhance your anonymity, hide.me have opted to only allow Google to collect only a portion of the IP address. Google Analytics may also store a web cookie to facilitate the identification of users who revisit the site. If users are concerned with being tracked by Google analytics scripts on hide.me or any other site running Google analytics, we recommend installing a browser add-on which allows you to opt out.
source: https://hide.me/en/legal
ARE YOU FUCKING JOKING?!? GO BOIL WHAT SMALL MAN JUNK YOU HAVE AND EAT IT.2 -
some shitty scam site is "giving away free gams" like Hello Neighbor, FNAF, etc.
Someone asked me to look at one of their EXEs.
Electron app with nothing really going on and a hardcoded key.
Turns out all this shit is systematic. A couple splash screens and a config file for "download" size, name, key, download page, etc. and they're immediately ready to ship the cookie-cutter scam program meant for "free license key BUT SURVEY FOR OUR PROTECTION" ad revenue.
Have source of the Hello Neighbor one i guess?
(jesus, 204MB of source for an 8MB dropper app???)
https://drive.google.com/open/...1 -
I think accept cookie thing should be done by browser itself. If it was like when using
document.cookies=bla browser wod show the popup that if we (users) are okay with the site storing a cookie. It'd be much standard as I can set accept cookie from all web sites etc so I don't have to8 -
ARGH!
Since that privacy cookie policy change thingy, every goddamn site pops up the dialog asking about it.
I just want to fucking read the page, quickly; get off my screeeeeeen!
There should be a standard to add something that lets the browser tell the page if you accept cookies or not, and which options to use; or at least make all the sites use a specific attribute for the elements of the div, so it can be automated (I know this is a dream).5 -
And for the first time I am delving deep into an open source project(Node.js). I wish to understand the source but it's just different. There are soooo many things I don't know. I hope this will be a learning experience and I would finally be able to contribute to an open source project. 😃2
-
Tmw your side project makes it to the front page of HackerNews and then to the top 😃
This is really nice positive reinforcement 😅3 -
My laptop charger is dead and my laptop can't work without it. So, basically I can't even look at code.
Colleague calls, says there is a problem with package.json and it requires my immediate attention as the APIs need to be deployed.
Me enters Sherlock mode, and remembers that I have a git hook which took a backup of my code every time I pushed and saved it on my headless tiny CHIP.
I get excited, and do an SSH from my phone, hoping to see the faulty code/file. But all I see is an outdated repository because I am an idiot who forgot to turn the fucking CHIP on after I shut it down for cleaning.
This is the most anti climatic ending I have been ever part of.
3 -
...when you find yourself circumventing your own security measures that you lectured the entire team about...1
-
Salespeople telling clients "Your site doesn't need a privacy policy/cookie policy since you don't actually sell anything on your site."
Wrong wrong wrong WRONGITY WRONG WROOONNGGGG!!!!!
Client to PM to me: "Well Jim said we don't need those on this site."
Me: "Well Jim is misinformed, since we use Google analytics, Facebook Pixel, and contact forms, you need to have both a privacy and cookie policy."
PM to client: "We'll find you a template you can use to get started, it'll cover most of what you need."
Me to PM: "we will do no such thing, we can send them a few links explaining why they need these, but they should consult a legal professional and cover their asses for their own business practices. I can provide any technical details they may need like what data the cookies collect if necessary."
PM to me: "well I'll just find something for them then."
*In my head* please just go crawl in a hole and die.4 -
The moment when your CEO freaks out because he can’t login and starts insulting your architecture because he thinks its a caching issue even though it is a cookie issue because his CTO changed the domain on your cookie for no reason.
2 -
Those EU cookie law notices COVERING UP the website so I have to click them and I'm not even in the EU so it doesn't apply here!2
-
still the most humiliating thing in the world is being interviewed by someone half your age for a job that is beneath you and being expected to answer their cookie cutter questions.
'how would you handle this'... well. first I'd start by putting my cock up their ass, and then when they said ow, i'd ask what was the matter....
HOW THE FUCK DO YOU THINK I'D HANDLE IT ! JESUS CHRIST !4 -
I am a Technical Lead in the department in my company that writes code for our clients that have money but doesn't have the technical expertise to handle the complexities of our own software.
Part of my tasks involve taking care of a few projects written by employees that have left after using third-party tools rather than using our own software. No one else in this department knows these third-party tools, they only know our own, and my *still limited* web development experience means I get dumped these things in my lap.
And I'm SO pissed at these projects and their authors and the manager that let these ex-employees write these things. There is this one project that was managed by two different "developers" (I don't know they deserve this title) at two different times, and it is so riddled with different technologies it makes me want to throw up almost daily.
Don't believe me? Here is a complete list of the dependencies listed in the package.json of this project: babel-polyfill, body-parser, cookie-parser, debug, edge, edge-sql, excel-to-json, exceljs, express, html-inline, jade, morgan, mssql, mysql, pug, ramda, request, rotating-file-stream, serve-favicon, webpack, xlsx, xml2js
What this doesn't even show, is that one part of this project (literally one page) is made using react, react-dom, react-redux, and jade. The other part (again literally one page) is made using Angular and Pug. In case you missed it while picking up your jaw, there's also mssql, mysql, edge and edge-sql. excel-to-json, exceljs, xlsx.
Oh you want *more* juicy details? This project takes the entire data object used by the front-end, stringifies it into JSON, and shoves it into the database *as a single field*. And instead of doing WHERE clauses in the SQL queries, it grabs the entire table, loops, parses the json, and does a condition on it. If even one of those JSON entries gets corrupted, the entire solution breaks because these "developers" don't know what try/catch is.
The client asked for a very simple change in their app, which was to add a button that queries the back-end for a URL, shows it in a modal dialog, after which a button is clicked to verify the link by doing a second query to the back-end before modifying a couple of fields in the page.
This. Took. Me. Two. Months*. Save me. Please, save me.
*between constant context switches between this and other projects that were continuously failing because of their mistakes.4 -
Cookies... They are a mess. (To roughly translate what happened here) the text states: you diss-alowed cookies but to view our video you must accept them. (So far so good) If you want to watch the video, you can do that if you allow them. (Still good) to do this, remove your cookies (wait wat) and hit refresh. So... I did not allow cookies, and you set a cookie to not set cookies????
2 -
Latest Yandex browser (Chromium based) throws an error if "document.hasStorageAccess()" is called (:
Ie the StorageAPI that allows cross-site cookie access on user-interaction
the iFrame sandbox flags that compliment it, ie "allow-storage-access-by-user-activation" also fails on execution.
Both of these work on Edge/Chrome/Firefox.
I thought Firefox and Chromium browsers are all ive to deal with and im done but NO.
Now within Chromium-based browsers theres differences of API as well?
Kill me.
11 -
Fuck the EU.
Their privacy laws fucking suck and don't even get me started on their braindead cookie law.
I think we should be able to make laws for them and not just them making laws for us.
First order of business is that by law all EU bureaucrats must have "I'm a fucking moron, punch me in the face to accept." tattooed to their foreheads in large bold letters with the rest of their face in intricate detail tattooed explaining what a fucking moron is so to educate their subjects.11 -
I was browsing websites in search of a nice digital camera because my wife saw one but it's long since been discontinued. So I found this one article about a few current ones. I open it, it shows the typical GDPR consent request about cookies with a prominent button 'ACCEPT ALL,' and a less prominent button 'MANAGE PREFERENCES.'
But tapping the button 'MANAGE PREFERENCES' did not show any preferences to manage! WHAT THE HECK? There was only a list of 'partners' whose cookies I need to accept. A long list. A very long list. I stopped counting at 500.
ARE YOU FUCKING KIDDING ME? WHAT REASON COULD A WEBSITE POSSIBLY HAVE TO REQUIRE COOKIE CONSENT FOR MORE THAN 500 PARTNERS?
Fucking capitalist internet.4 -
I've deployed an instance of OWASP Juice Shop on Heroku, if anyone wants to practice and/or learn pen testing or just web based vulnerabilities in general it's an amazing application to learn from and practice on.
Your progress is dependant on the cookie, so it won't affect one another.
owaspshop.herokuapp.com
It's free, so if you want to deploy your own instance you can.7 -
Why can't the iOS documentation save a cookie to my machine so it can remember what fucking language I want to view it in.4
-
A new developer started working with us a few months back. Plenty years of experience, both front- and backend.
He was the perfect guy for the job, according to management. Two weeks ago he asked me what JWS Cookie I used to send my requests.
After a few minutes we realized that he meant JWT token.
Said developer is no longer working with us, he didn’t like all the new technology.1 -
Code in index.php: if(!isset($_COCKIE['access'] == '123') {
echo 'Denied'; die;
}
And then there was the access.php which set the cookie.
So you had to go to foo.com/access.php which displayed a white page and set the cookie. Then navigate back to foo.com for access2 -
After reading the news I am way more determined to make my startup a success. Evan spiegel is my main source of inspiration, for now. 😆2
-
What better way to learn a language than creating something with it. So I went ahead and made an API for devRant in crystal.
https://github.com/iostreamer-X/...
And I swear that language has potential. It flawlessly(almost) combines the best of both worlds(interpreted and compiled).
IGN: 7/10 Too new but fresh af1 -
Just me, or does anyone else abandon the pcmag site because of this?
Changed to lowest cookie setting but takes ages to change throughout their network. Bye bye!
4 -
REST service documentation translated in italian language.
"arricciare" => curl
"biscotto" => cookie
1 -
Not really a rant, but working on a side project alone is tiring 😴.
It has been 4 days and all I have made is this page and login
12 -
Telling the users of my website that the only cookie being used is the cookie that says that you've read and agreed to usage of the cookie on the website.
Can this GDPR madness end now please.25 -
At the car workshop, the mechanics are trying to print some pdf from the net. It looks like the job is sent to the printer, but nothing comes out. Restart the printer: no luck. Restart the computer: no cookie. Open the pdf in chrome instead of IE: yep.3
-
I've switched from pycharm to sublime to vsocde in a month, now vim is catching my eye, my mentor will kill me if i started using vim now but it's freaking interesting, will be learning a little bit of vim, will stick to vscode for long term i guess.13
-
The most annoying popup I hope to not see clicking on a link.
Other cookie [de]selectors seem to have proper "reject all" mechanism. This one not only doesn't have that, it also always has an annoyingly long vendor list.
Also, if I unselect cookies, my choice is only saved for several days. After a week or two it tends to expire and the clickfest starts again
They prolly hope to overwhelm me with the number of clicks required to unselect them all. Well joke's on them, it's a matter of principle. I know where I'll spend the next 15minutes of my life now...
17 -
So, it's been a while since I've been working on my current project and I've never had the "luck" to touch the legacy project wrote in PHP, until this week when I got my first issue.
And damn, this goddamn issue. It was a bug, a very strange bug, that only happens in production and that nobody has any idea what was happening, so yeah, I didn't have anyone to ask and I got less time than usual ( because Thanksgiving ).
And thus, I have no starting point, no previous knowledge on PHP and less time! I expected a very fun week 😀 and it was beyond my expectations.
First I tried to understand what might be causing the issue, but there wasn't any real clue to star with, so no choice, time to read the flow on the code and see what are they're doing and using ( 1k line files, yay, legacy ). Luckily I got some clues, we're using a cookie and a php session variable for the session, ok, let's star with the session variable. Where it's that been initialize ? Well, spoiler alert, I shouldn't start with that, because my search end up in the login method of the API that set a that variable and for some reason in the front end app it was always false and that lead me to think that some of the new backend functions were failing, but after checking the logs I got no luck.
Ok, maybe the cookie it's the issue, I should try open the previous website on the brow...redirect to new project login, What? Why ? I ask around and it's a new feature push on Monday, ok I got Chrome Dev tools I can see which value of the cookie it's been set and THERE IT WAS it has a wrong domain! After 2 days ( I resume a lot of my pain ) I got what I've been looking for, so now I should be able to fix the bug. Then where is the cookie initialized ? In the first file the server hits whenever you tried to enter any page of the app, ok, I found the method, but it's using a function that process the domain and sets it correctly? wtf ? Then how in heaven do I get the incorrect domain ? Hello? Ok, relax, you still have one more day to fix this, let's take it easy.
Then, at the end of the Wednesday, nope I still have no clue how this is happening. I talked with the Devops guy and he explain me how this redirection happens and with what it depends on, I followed the PHP code through and nothing, everything should works fine, sigh. Ok I still have 2 days, because I'm not from US and I'm not in US, so I still have time, but the Sprint is messed up already, so whatever I'm gonna had done this bug anyhow.
Thursday ! I got sick, yay, what else could happen this week. Somehow I managed to work a little and star thinking in what external issue could affect the processing, maybe the redirection was bringing a wrong direction, let's talk with the Devops guy again, and he answer me that the redirection it was being made by PHP code, IN A FILE THAT DOESN'T EXIST IN THE REPOSITORY, amazing, it's just amazing. Then he explained me why this file might be missing and how it's the deployment of this app ( btw the Devops guy it's really cool and I will invite him a beer ) . After that I checked the file and I see a random session_star in the first line of the code, without any configuration, eureka ! There was the cause and I only need to ask someone If that line it's necessary anymore, but oh they're on holiday, damn, well I'll wait till Monday to ask them. But once and for all that bug was done for ! 🎉
What do I learn ? PHP and that I don't want any more tickets of PHP 😆. -
How must it feel to build pagination for the partner list in a cookie consent popup? Did the dev realize that they and their company are the primary reason for the GDPR? That they are the ultimate bad guys of online privacy, even worse than accumulators like Google who process their data in-house?
-
Ok so I had a phone interview with a start-up for an internship and didn't get a call, for like a week(actually more) but today they called and wanna meet me tomorrow for work. Problem is, I fucked up my sleep cycle, big time. I hope me requesting to meet them at 7pm won't cause a problem!
-
The fuck? I'm trying to automate login for an asp.net website from a C# console app using HttpWebRequests. I used Fiddler to see how the login happens and how the browser obtains the session and auth cookies from the server. When I replicate the same procedure from C#, I am able to get both cookies withoth a problem, but when I try to use them to get data about the user, I get a 500 ISE. What the actual fuck? I've double-checked every single header and the URLs and it's doing literally the same thing as chrome: Get asp session id (POST)-> get an auth cookie (POST username and passwd) -> interact with the site using the session id and auth cookie (GET). And obiviously I don't have access to the server logs... :/2
-
And finally my favorite OS on my favorite laptop.
Had trouble in the past with wifi and straight up not booting.
But Loki fixes everything, except the screenshot button but ok fine. I can at least use linux normally. Till now I was using bash on windows and tbh it was good.
1 -
I have been working on a, dare I say it, a Cookie Banner JavaScript Plugin for GDPR requirements. It's completely customisable and provides users opt-in/opt-out options. More features to follow. You can check out the updated build at
https://github.com/clive-machado/... 🤙2 -
My company wants me to add semicolon in my JS code. I now have to change 191 lines. Why would you want the goddamn ;
😭12 -
9000 internet cookie points to whoever figures out this shit:
I'm trying to import a secret gpg key into my keyring.
If I run "gpg2 --import secring.gpg" and manually type each possible password that I can think of, the import fails. So far, nothing unusual.
HOWEVER
If I type the same passwords into a file and run:
echo pwfile.txt | gpg2 --batch --import secring.gpg
IT ACTUALLY FUCKING WORKS
What the fuck??? How can it be that whenever I type the pw manually it fails, but when I import it from a file it works??
And no, it's not typos: I could type those passwords blindfolded from muscle memory alone, and still get them right 99% of the time. And I'm definitely not blindfolded right now.
BUT WAIT, THERE'S MORE!!
Suppose my pwfile.txt looks something like this:
password1
password2
password3
password4
password5
password6
Now, I'm trying to narrow it down and figure out which one is the right password, so I'm gonna split the file in two parts and see which one succeds. Easy, right?
$ cat pw1.txt
password1
password2
password3
$ cat pw2.txt
password4
password5
password6
$ echo pw1.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported
$ gpg2 --delete-secret-key "149C7ED3"
[confirm deletion]
$ echo pw2.txt | gpg2 --batch --import secring.gpg
gpg: key 149C7ED3: secret key imported
In other words, both files successfully managed to import the secret key, but there are no passwords in common between the two!!
Am I going retarded, or is there something really wrong here? WTF!4 -
!rant
I am in awe that neural nets are being used at such low level 😵
I had no idea about this.
http://theregister.co.uk/2016/08/...1 -
Aaaand my side project is in the prototype stage now!
It is a node based terminal emulator and it's Open source.
https://github.com/iostreamer-X/...3 -
http://www.phpthewrongway.com
I am not a php dev but I really like the following statement:
In the software industry you can compare a pre-built house to a general purpose framework. Building software using general purpose frameworks doesn’t make you a coder or a programmer any more than putting together a pre-built house makes you a carpenter.14 -
Oh look, a notification from LinkedIn, ut should be that job application.
*open LinkedIn*
Say congratulations to sOmEunKnOwN for his...
pfft shut up, like I give a damn cookie3 -
When you keep telling your boss that you remade one of their sites so that it has BCrypt(currently use SHA-512),CSRF checks, stricter Auth/Cookie encryption and that we should swap it and all he says we will get to it.
wot n tarnation-_-1 -
Yo fun idea you know who most certainly knows which cookies are stored in your browser??? YOUR FUCKING BROWSER!
How about uuuummmmmm... When making a proposal about annoying users with cookie notices suggest that browsers implement it ALONG WITH A YES, TAKE ALL MY DATA ALWAYS I JUST WANT TO USE THE FUCKEN INTERNET button?
Fuuuuuck me those notices are so dumb!1 -
It has been 2 days since I completed a project and I still don't feel like working. I wake up, waste the whole time and repeat. Ugghhh its frustrating!!!1
-
ASP: Here's your cookie value. I went ahead and automatically removed all the space characters for you. Wasn't that nice?
Me: GO FUCKING SHOOT YOURSELF IN THE FUCKING FACE AND FUCKING DIE IN A FUCKING FIRE YOU FUCKING PIECE OF SHIT!!!!
ASP: :( but I just--
Me: FUCKING DO IT -
I hate code imperfections. I have a cookie which is linked to a permanent user setting and I was looking to make it infinite, but I was disappointed to find out the best option is Cookie.setMaxAge(int seconds), so I put Integer.MAX_VALUE, and I'm not as disappointed anymore.
5 -
Whoever downvoted my previous post, get your cookie dough ass off devRant you fucking weakling.
Never thought we'd have snowflakes in here. This community now has morons.8 -
This whole GDPR, cookie law thing is really getting annoying.. Every website you load:
A wild large popup dialog appears, reasons this and that, options this and that, click next, are you sure, yes, yes,..
The dialog itself is annoying, but it's even more annoying if it pops-up 10 seconds after you've already scrolled and are reading stuff.
Am I the only one who didn't care that I got tracked and whatnot and analytics stuffs were stored etc?2 -
So a while back I had found a hole in a website's security, one that I has used pretty frequently. I was able to change my cookies and become any user I wanted. The only caveat was that I had to log in as a user in order to get things started. But once I was in I could basically be anyone I wanted to be just by changing a few numbers in the user ID of the cookie. They also did all of their user processing on the client side. Even password checks.
A couple weeks back I decided to go back in to see if anything had changed since then. It did! But not in the way I had thought.
So these guys decided that instead of fixing their security hole, they would have users just contact their people directly in order to get a new account.
Wow that's so much fucking overhead for basically being a lazy shit and not fixing the security holes. I mean how bad is your architecture if you can't go in and fix this?
Not only that I found that they actually stripped all of the users of their original subscriptions. So now if you want to get back on your subscription you'll have to fork over another $399. So that means going to their shitty form filling out your name, your number, email, and just hope that someone contacts you via phone call.
I'm glad I dropped this service. They clearly can't get their shit together. -
I just implemented the cookie popup you wanted me to make. And now you give me a call that your tracking code doesn't appear in the source code?
Oh, but you don't see the cookie popup? You saw it right? So you've already set your cookie permissions, probably not to accept tracking cookies. We can check by... what's that?
If I can make the tracking code appear anyway?
...
Yeah, sure, no problem, change will be live in five minutes.2 -
I waa pretty sure fortune cookies were getting weirder... but seriously, it's gotten THIS bad? Not a fortune, nor a proverb, just a one-liner on political finance?
Just seems extra messed up that you can now be prompted to discuss national debt via fortune cookie from chinese take-out. We do owe the most to china afterall. Yet fortune cookies are invented by us(and typically one of the few things produced stateside). Just seems extra off...
6 -
If I lay my hands on those fucking EU beurocrats that decided we need cookie notices I'll stick them in a cage above lava/lazer-sharks with a phone that doesn't let them call for help until they accept/reject the cookie policy for every website in the world.8
-
TIL that rants not loading when there's no internet is not a bug but a feature. A friend was going through the phone, and I don't keep mobile data, so he wasn't able know about the wk13 rants. Which is good because that would have destroyed him.
-
My phone got stuck in funky restart boot loop yesterday. The first 2 restarts was odd but after 3 cycles, I started panicking. Went on my PC, googled for all kinds of button combinations of power button, volume button, back button, and home button to get into fastboot, recovery and safe mode to see if I can clear stuff or at least get backup of my stuff. I also tried taking the battery out. Nothing works, except when I factory reset.
Everything was new again and as it booted up, I have to remember to change my authentication keys in LastPass, my private ssh key in Krypt. But fortunately, Google remembered all my apps and suggested if I wanted to install them again since it recognized my phone was an old phone. Thanks for tracking me Google. And now since its a reset, everything is clean, no cache, cookie, and some of my music files are all gone. Well at least its fast like before.2 -
If you give a mouse a cookie is all too real. Started sending out release notes to those who benefit from the changes and they're now asking for access to our ticket system 'just because'2
-
One of our products has so many obscure debugging flags settable via cookie I wrote my first Chrome extension to manage them.2
-
So I just released a thing I've been working on for the past few days and I'm very glad that it's finally public!
It's a thing that you can use on your website to let the user choose which cookie they want to allow.
https://github.com/metaa/cookiebox
It's worth playing around with the cookie panel in your developer console of your browser on the example page, too!
https://metaa.github.io/cookiebox/
I'd be glad to get some serious feedback and I hope it could be useful to someone out there. 😊 -
Wonderful experience today
I'm scraping data from an old system, saving that data as json and my next step is transforming the data and pushing it to an api (thank god the new system has an api)
Now I stumbled upon an issue, I found it a bit hard to retrieve a file with the scraper library I'm using, it was also quite difficult to set specific headers to download the file I was looking for instead of navigating to the index of the website. Then I tried a built-in language function to retrieve the files that I needed during the scrape, no luck 'cause I had to login to the website first.
I didn't want to use a different library since I worked so hard and got so far.
My quick solution: Perform a get request to the website, borrow the session ID cookie and then use the built-in function's http headers functionality to retrieve the file.
Luckily this is a throwaway script so being dirty for this once is OK, it works now :) -
— You and other scientists like you., — my sister said after tasting a half cake half cookie, made with wall mold instead of yeast. — You liked to say “no fate”, implying each one chooses their own path as science liberated them. People are equal. You’re right though: they are. They’re equally fragile and meaningless. They indeed have no fate; not because of freedom, but because the bomb you made will obliterate everyone on this planet. There will be no survivors. No fate indeed.
— Wait, but…, — I replied.
— Now go. Lay down in an empty hall somewhere its not real, generated procedurally. You dying there will maybe make me forgive you.2 -
Safari refuses to load images on some websites lately.
I thought about resetting the browser / clearing the cache, but this will also result in millions of shitty privacy policy popups bugging me for months.
Honestly, I'm not quite sure if I prefer a broken browser, or useless shit I don't care for... :/6 -
Spent most of the week adding alerts to sites to tell users to look at their cookie policy - so that they can inform users that the only cookie on the site is the one that was just added to close the new cookie warning.
-
Please, dear god, is there a browser extension to answer all these shitty cookie/data storage/privacy popups with MY SPECIFIC ANSWER?
As a web dev I understand that websites need cookies, and as a tech company employee I understand that essential cookies as well as functional cookies are okay-ish (most of the time). I just don't want marketing cookies/tracking.
All those extensions just block the popup or block all cookies. This is not what I want!
And why the hell on earth didn't they come up with one single solution for all websites beforehand, so we dont have 6.388.164.341 different popups/bars/notifications/flyouts/drop-ins/overlays???
THIS. IS. JUST. ANNOYING.
Thank you for your attention.6 -
This is how my login and authentication works
Check for cookie on request
if cookie doesnot exist, send login page ( login )
1) check for credentials
2) if valid, set username's JWT as cookie
3) reload page
4) proceed for authentication
If cookie exist, decode JWT ( authentication )
1) check username
2) if username exist on database, send user panel
Anything wrong with this ?? What is the better way to do this6 -
!rant
So I'm making the system for my University's cafeteria.
Pretty ez and all but THIS FUCKING PAGE, THIS GOD FORSAKEN PAGE JUST BUGS.
I'll elaborate: Basically I have a bunch of pages that bring up some pie charts and a .pdf of earnings, all of them work and they are pretty much cookie cutter so I can re-use the code. But this random one, with the same code, repeats the same entry a couple of times.
And by god have I tried to change every variable, code format and minimal shit. Still doesn't budge.
Guess I'll have a cheeky ciggy break and try to fix it later when I'm not steaming my noggin
Ps: yeah yeah, shitty jpg quality but its the "Busca Unidade" field that just cloned itself 7 more times underneath
-
So, I browse to a video livestream and an annoying ad starts before the livestream is shown. Furthermore, the page jumps around because of a cookie notification that also blocks some UI elements at the top.
Note: this is the website of a public (government-paid) national news website with very high standards and a good reputation.
Action 1: refresh page; I hope the ad is skipped. Nope, annoying ad restarts. Page jumps around again because of the cookie notification.
Action 2: accept cookies to remove notification blocking the top UI (it's OK, I know it can't actually save any cookies on my machine). Instead of some nice JS doing it for me in the background, the page refreshes because you know, HTTP requests and whatnot.
Annoying ad restarts again... FML 🤬
Lessons to be learned from this for any web dev: these annoyances can and *will* exponentially get worse if used simultaneously against your users, instead of being used to help or inform your users.
As a user of you website, I want to watch a livestream. I don't care what stupid legislation forced you to shove a fucking cookie notification in my face. Make sure it is not annoying me to the point that I close you website and take minutes to rant about it!
Also, give me the freedom of choice to watch an ad or not. You and I both know that some ads simply are not for me. Better save yourself and myself the bandwidth.
And go get good at web development. You're a news site. That's more than just text and images. If you want great apps, social media coverage, videos, live streams, blogs, etc. go get some better web devs. Your current web frontend devs only qualify to get fired.1 -
After the long haul of designing, structuring and finally implementing, my side project is done. The only challenge I faced was to not lose interest or get distracted :p
I made this to get a hang of haskell. It adds haskell functionality to your shell and lets you apply functions to outputs of other programs(ls,ps,df etc)
https://github.com/iostreamer-X/...
Your honest feedback is highly valued.
Thanks!
:D -
@Engyne reminded me that I got Enki from here and I must give back. So, here's the code, works for 3 people! 😃
Your Enki invite code: IOSTR756.
Learn more at: https://enki.com/1 -
It is 4:08 am here, I am supposed to complete my first task as an intern by tomorrow night(technically tonight) and here I am on devRant.
Plot twist: I already did the job. It was writing test cases ffs. 😕2 -
According to a report from VentureBeat: Verizon Media has launched a "privacy-focused" search engine called OneSearch and promises that there will be no cookie tracking, no ad personalization, no profiling, no data-storing and no data-sharing with advertisers.
By default, Advanced Privacy Mode is activated. You can manually toggle this mode to the "off" but you won't have access to privacy features such as search-term encryption. In the OneSearch privacy policy, Verizon says it it will store a user's IP address, search query and user agent on different servers so that it can not draw correlations between a user's specific location and the query that they have made. "Verizon said that it will monetize its new search engine through advertising but the advertising won't be based on browsing history or data that personally identifies the individual, it will only serve contextual advertisements based on each individual search," reports VentureBeat.
https://www.onesearch.com/5 -
What are staging systems for?
In my opinion (and of my dev co-workers): that everyone can test the software before it’s being deployed to production.
PM (at least based on how they act): that we devs test our software. They will test it when it’s live.
Today: cookie banner was missing, and the page has been on staging for around 3 months and it already has been live for 2 weeks.
No. One. Noticed. That. On. Stage.
Ridiculous.4 -
Thought I'd post this for my friend in QA, because she's been having a horrible week at work.
So we were supposed to have production deployments last night (Tuesday) and tonight (Wednesday). We were told these dates a week ago, which is fine. The QA support cleared their after-office schedules on those dates to accommodate, since the deployments would be happening at 10pm.
Last Monday they moved the deployments to Thursday and Friday, because our "project managers" want to cram as many fixes and resolutions as possible. So of course, we devs are being rushed to speed these additional tasks through to being included (bypassing a LOT of quality checks).
Of course, the QA team finds defects (we devs were expecting that, so no big) and the PMs start blaming them for the delays. Which is just stupid. And my QA friend? They're trying to make her a scapegoat by throwing her under the bus with business.
Fortunately, she's a smart cookie and not only has all communications with the PMs documented, she also has the other QAs backing her up by running the same tests.
tldr; Fuck those project managers who suck up to business and don't give a shit about the people who do the actual work. May they burn in hell and their souls rot in a cesspool of acidic farts for all eternity. -
When you were up until 3am figuring out why you're Guzzle cookie jar in Laravel wasn't working...
Needed:
$this->app->bind(...);
Instead of:
$this->app->singleton(...);
Stupid service providers... -
Doing the Full Stack Nanodegree from Udacity
Using Google's oAuth Sign in in my Flask App, I realized that no matter what browser I use, I was unable to logout, Google always threw an error my way. I figured something must be wrong with my code..
Searched on Google, couldn't find anything relevant, gave up on first 4 results(not pages, yeah I'm that lazy!)
Spent 3 hours Debugging at different points, removing all the abstraction I've put in using various libraries (Bad move)
Finally it dawned on to me to check Udacity forum as well. It's a frickin cache/cookie thing. Tried the app in an incognito window, worked like a charm. Reverted code back with all the libraries, worked like a charm again!
FUCK YOU GOOGLE! In your attempts to track users, you're even making our work difficult!
(in hindsight, I should probably be better at asking/looking for help)1 -
In my school we had a CS lab and we were supposed to do lab assignments.
I had a book which gave a basic introduction on event driven programming, and introduced me to two new functions which I couldn't have ever known(I got internet in 2013) if I had gone with just the curriculum, kbhit() and gotoxy(). With this new knowledge I created my first 2d game. And that feeling of creating something no one expects and something fun, which also gets you attention of the whole room(Nothing like that was ever created in that lab, it was a shitty school), made me realize that this is what I want to do for the rest of my life. 😃 -
!!rant
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
https://github.com/socketio/... -
So you guys know how universities can sometimes have TERRIBLE old software that hasn't been updated for years, and sometimes you want to do a specific process over and over again so you end up automating it, now, we've built a tool that automates downloading projects from the University Moodle website, and we would like to publish it for other students to use.
Problem.
The University is using SSO.
And so far we've made the application to work by observing the network connections over the Android app version in order to extract the cookie session, now imagine that we publish this little tool, and tell people to do those exact steps, of course it's impractical and misses the whole point of the tool itself for being easy to use.
So, where can I read more about SSO, how can I figure out what the University uses? And if I had to reverse engineer this, where should I start? (It goes over 4 pages and I'm not able to capture those requests to even figure out what's going on)
In short is there a guide where you take a university SSO service and build on top of it? I couldn't find anything that is helpful. -
Tmw you realize your new shiny laptop has issues with linux.
Gonna have to do some grub stuff, the shipped kernel doesn't support my skylake gfx :/6 -
I can't believe express would betray me like that. Doing a POST request to the Twitter API every time I use it, tsk tsk tsk 😫
https://medium.com/friendship-dot-j... -
Microsoft pushing to get its js engine included in Node, I thought forced win10 updates is where they would stop at. But then again maybe chakracore and Node will play along exceptionally well, maybe better than v8.
-
All designers and developers are secretly in love with cookie banners and other kinds of popups, as long as they distract users, obscure content and contain a lot of text that is hard to understand.
We must love to deceive our users and make them click a primary call to action button to make sure that they are fine with bypassing anything that privacy laws have been made for in the first place.
Or where are the best practice examples, code snippets and plugins do find a better way by default? Any commercial website will sooner or later require some kind of cookie banner and that's the whole point of contemporary web design.3 -
Well I used to be that guy who was always cursing gradle sync but I realize I was just preparing myself for this, the next level!
10 -
Motherfucking peace of shit....
Dont know to whom I should direct this to .
Was creating a new login page for web app using Quasar(vue.js). Since my application have 2 different types of user, which also have different UI, and functionality.
One is written in vanilla ( and is quiet heavy) and the other one in vuejs ( though earlier it was written in vanilla too ). Login page too was written in vanilla which was working fine.
Now just yesterday I finished a prototype for the third type of user, which is also written in vuejs. Now I decided to re create login page using vuejs. Quiet small and easy to do. Finished it yesterday itself. Now since today's morning I am trying to configure it so that it this piece of shit just let me log in. It was authentication and verifying but not letting me log in.
( On server after authentication, I set cookies/token on clients browser and auto reload the page, so during next request to server/ or during reload, server will read the cookie/token and send the specific admin panel to user)
Prick. Dick.
It was setting cookie, but not at the '/' path. Mother fucker.
It was setting cookie to the path I was sending login credentials ( which was different from '/', I.e.- /login/verify=password )
So it was setting cookie/token at '/login/verify=password'.
Even tried setting path for cookie at server. Read everything on internet. MF nothing worked. All I came across was, 'this is CORS' .... 'this is CORS'. Assholes, if it were CORS', how then I am able to make request to server and getting response without error
Only a hour ago, when I made get request to '/login/verify=password' I figured out, cookie is being sent to server for this path only. Then did some changes at server, so to send login credentials to '/'. Now that shit is working
Fucking waste of time. Wasted more than 6 hours. Asshole.
Btw, if you can suggest a better way to login, then please. -
Firefox won't access iFrame's domain's Auth cookies when the iFrame is hosted on a 2nd domain, even when the cookies are Secore,SameSite=None, and sandbox is as lax as possible.
Works on chromium-based browsers.
Looked up SO and it's just "oh im facing the same" x10. FFS.
Why does Firefox behave so retarded. Not doing their shrinking userbase numbers any favour :v9 -
Love this kind of humor, coworkers output into a log on errors begins with "Found Unidentified Critical Keyerror". Took a while before I noticed the genius message in this error! My colleague deserves a cookie!1
-
Yesterday,
I was reading the code from my mentor and plugging it into my project.
I noticed a statement that at that moment seemed buggy to me.
Asked my mentor if that's needed, he looked at it and said no it's not needed remove it and said thank you to me.
Later, I noticed that statement wasn't extra at all, but some part of my code was not as it was supposed to be hence that statement seemed buggy.
I should be telling this to my mentor but i liked that thank you. :/ what will happen when he finds out that ?? lol2 -
The TRUSTe / TrustArc cookiewall is a bitch! My ass it takes over a minute to update my cookie policy... 😡
-
My experience with getting Linux on my dell i7559 was not so good. So, here is a tiny blog post, just to help a fellow ranter.
http://iostreamer.me/chip/2016/... -
I have never understood the default configuration of Javascript Back-end frameworks.
The documentation says -> Install expressjs. Its a "framework".
But then u need to setup EVERYTHING yourself. Install cookie-parser, body-parser, io, routing FUCKING everything !!!
Why can someone not make it a standard installation covering the basic necessities ??5 -
Sooo, while having dinner I was watching this video which talked about automation and how it's inevitable that a lot of manual labor will be replaced by cheaper ai workforce, and how we are not prepared to handle it. Your thoughts on how something like this might affect our software industry?
https://youtu.be/7Pq-S557XQU10 -
tldr: I am looking for recommendations for a basic website for my parents. GOTO question;
Pre-Story:
My parents have a small (offline) business. They have a website to give some general information and list their weekly offers.
When I felt that what has come out of the website-building tool (you know, clicky clicky stuff) looked a bit too early 2000's and is a total ripoff for what you get (almost 20€ per month), I created something with Google Sites for them. Feel free to roast me, but web development is not my field and now it looks much more modern, is mobile friendly and does what it is supposed to do. Weekly offers are edited in a google sheets file, which is embedded in the website. Not great, but this way my mom doesn't have to deal with editing a tables on the page - trust me, it won't look good. This also meant they could downgrade the hosting package to discard the clicky-tool and just the domain (maybe 1€ per month). The website itself is hosted for free by Google.
Some time ago GDPR became a thing and then I was tasked to have a look at it. (side note: I don't want to rant about being responsible for it, that's fine. My parents don't really ask me to do a lot for them.) You can't enter any data on the website, it's just very basic stuff and data protection wise there's just the "usual" stuff (cookies, embedded tools, logs). I added another site with a halfway complete privacy policy. Regarding the whole cookie issue (do not enforce unnecessary cookies) I couldn't find an easy solution. It's not 100%, but what can you really expect from a small business like this? I've seen worse.
Now to the question:
Can you recommend a good alternative to the current solution (Google Sites)?
It should be cheap (<3€/month incl. domain) and my parents should be able to make some basic changes (just text in predefined locations). I am not afraid to get my hands dirty - I can deal with some HTML, CSS, JS - but I don't want to sink a lot of time into this. No need for analytics or the like. Maybe a newsletter would be cool (with the weekly offers), but that's just a random thought of mine and definitely not necessary.
Thanks for reading :)18 -
Heeyyy! On my journey of becoming a full stack dev, I have finally achieved a tiny milestone. I made an app which lets you live stream your laptop's audio, and the web interface will let the users listen to it.
The building experience was magical, and I scaled and made the ui look pretty all sorts of things. I hope you will enjoy this 😃
http://ze-al.herokuapp.com3 -
taking hours for string/object conversion to handle cookie based favourites depending on number of clicks left me considering being dumb, finally seeing just 15 lines of code.
-
Why people do that shit ? is a free backdoor to sniff other user content XD
if(isset($_COOKIE["user"])){
resetSession("user","user");
}
function resetSession($cookiename,$sessionname){
$_SESSION[$sessionname] = $_COOKIE[$cookiename];
}8 -
The worst thing about cookies is that almost all pages forget / don't realize you have to handle cookie ( -> localstorage ) permissions!6
-
I want to make an mobile app(Android, don't have any apple products). Please give me some ideas, I cannot come up with any. I'm not intending to sell the app(nor publish it to the Play Store because I don't have a dev Google account)4
-
I shouldn't have to explain to you how to get value of a cookie and pass it in to a remote call (cookie not passed from generated clients) when you make 6 figure salaries + rsu3
-
Just please make the rule, if you don't have a cookie, don't show the pop up asking you to register for shit. If I haven't been to your site before, I DON'T WANT TO SIGN UP TO ANYTHING BADGER TURD!! Are there people that actually do that? If so, they deserve a whole evening talking to a project manager about their next great idea. Or, being flayed with a potato peeler. Which ever is worse.1
-
A bit of an off-topic, but people need to shut up about copyright.
I see people making cool fun stuff all the time, and they start talking about a liscence to use it and copyrights and stuff. Wtf!? I get it if you're making a big commercial project, but no one's gonna steal your cookie clicker clone nor your minecraft mod.
I get it that people want their work to be protected, but ffs it reay annoys me when people bring up legal stuff when mentioning a project that was clearly just made for fun.8 -
FFS if you're Ajaxing some shit onto your crappy webpage, show that it's loading.
Even just "Loading..." is better than making me click on a random piece of shit on the page because the thing I wanted to click jumped down the screen a nano-second before I clicked it because you Ajaxed some cookie warning/advert above it.
The Internet is becoming unusable.1 -
I have had this laptop with 2nd gen i3 for the past 5 years and it has seen things, run things that it shouldn't have and now I can't even run chrome and atom smoothly. And a ray of hope is seen when HP launches a new laptop but my hopes are crushed when it's only available in US.
All I want is a decent laptop 😭 -
Hello everybody! =)
I'm currently looking for a Trello / planning program for Linux that doesn't require an email signup nor requires a monthly payment (I know I R super cheap), since I have way too many tabs open as is and I just need something to help me keep on track with my projects easily and preferably in a visual manner. I would really appreciate any help and/or tips you wonderful guys and gals might have.
(>^-^)> Here's a cookie and some coffee in advance. <(^-^<)21 -
Glad ml is being used to save one's ass by switching screen when boss approaches!
http://ahogrammer.com/2016/11/... -
Am I the only one to get randomly disconnected from the Web version? Also, light theme pops up randomly. Looks like a cookie issue if you ask me, but that's just at random.1
-
!rant
Quite an insight
"Is npm worth $2.6M?"
http://words.steveklabnik.com/is-np...
On a read sprint and I am sharing whatever I find interesting. -
I asked the Node gitter community but didn't get any response, and I fear for my life when I am posting on SO.
So, I would be posting my query here. Any help would be appreciated.
Query:
Hey! So I have a code like
var cached = true;
if(cached){
}else{}
When the v8 will profile and mark this function as hot, will the full compiler optimize it so that the 'if(cached)' is not checked every time?2 -
That very moment when you start to visualize your workflow after hours of head scratching, and realize how simply it could be implemented with so much lesser lines of code in comparison to what you thought previously.
-
I was given a perl script to help change ubnt airos devices passwords from the command line. I was give no instructions on how to use it and I am not use to working with perl If anyone can give me some help I would really appreciate it. Here is the code.
#!/usr/bin/perluse
FindBin qw($Bin $Script);
use WWW::Mechanize;
die "Syntax: $Script ...Changes the password on 1 or more AirOS units." unless @ARGV >= 6;
my $user = shift @ARGV;
my $op = shift @ARGV;
my $np = shift @ARGV;
my $rouser = shift @ARGV;
my $ropass = shift @ARGV;
my @addresses = @ARGV;
open L, ">>$Bin/$Script.log" or die "Unable to write to $Bin.log: $!";
sub l {
print STDERR @_;
print L @_;
}
for my $a (@addresses) {
l "Changing password on $a\n";
my $mech = WWW::Mechanize->new();
my $entry;
my $start = "http://$a/login.cgi?uri=/system.cgi";
$mech->get($start);
$mech->field('username',$user);
$mech->field('password',$op);
$response = $mech->submit();
# to get login cookie
if (!$response->is_success) {
l $response->status_line, "\n";
}
$mech->get(qq|http://$a/system.cgi|);
$mech->field('NewPassword',$np);
$mech->field('NewPassword2',$np);
$mech->field('OldPassword',$op);
$mech->field('ro_status', "enabled");
$mech->field('rousername', $rouser);
$mech->field('roPassword', $ropass);
$mech->field('hasRoPassword', "true");
$mech->click_button(name => "change");
$response = $mech->submit();
if (!$response->is_success) {
l $response->status_line, "\n";
}
$response = $mech->get(qq|http://$a/apply.cgi|);
if (!$response->is_success) {
l $response->status_line, "\n";
}
}close L;
exit 0;8 -
And now I know why Node.js is the only real dev language.
This is the best meme because of the comments
https://youtu.be/ame2PH67gnk -
!rant
Often times while working/debugging I get to a state where the app/whatever works but then I realize that it didn't, so some more changes and I get to a new state.
Question is, does there exist something which lets me switch between these states without messing up my git? I do have a solution in mind but want to know if it already exists.16 -
Um hey guys, so I was working with websockets in node.js and wanted to have some form of authentication. Did a bit of googling, read some docs and finally implemented something. It's just I am not sure if it is the right way. Can the experts give their 2 cents?
This is not a rant exactly, so if it comes under self promotion or irrelevant, please tell. 😃
http://iostreamer.me/ws/node.js/...6 -
Funny when people who thought they had power just end fat walking wads of thick glasses wearing cookie dough lol1
-
Why do you support sessions for an API (not REST)??
You remove the token and still get positive replies because the session cookie allows it.
At least the session in the cookie gets killed when the token is invalidated, but really, why?3 -
Backend developers, your thoughts on this?
"Why you should never use MongoDB"
http://sarahmei.com/blog/2013/...3 -
They asked me to build a small website they will embed in a native application with some web wrapper in Android and iOS.
But also asked me to build a login web service that will return a JWT. Done.
They want to do a native code login form that opens up the web wrapper with my small website already logged in using the login web service.
I have no idea how to proceed in the backend.
At first i tried using postman with a POST request to the sessions/sign_in route and sending a form with the authenticity token and the email and password; but CSRF stopped me. I don't want to turn it off because of reasons.
Now i am wondering how to use this JWT to generate a cookie with a session inside it that they can use in the web wrapper.
Any help would be appreciated :)4 -
There's time crunch already, we need to finish this feature, this stupid fucking feature, quickly.
We design, and then code and obviously because of Murphy's law, our code doesn't work. Why, you ask. Because some shithead was modifying arguments behind the scenes and it took us fuckload of time to reach this conclusion.
Out of frustration, I made this.
https://github.com/iostreamer-X/...
It's a tiny library which helps you log every single change done to your object.
But seriously, fuck that shithead who modifies things without a care in the world!
Top Tags
Weekly Rant
View