"Privacy reminder: This website uses cookies, and if you delete them, you'll have to click away this reminder again and again."

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

What you see in that screenshot, that was earned.

I'm on the plane and I want an hour of free Gogo (read: crappy) WiFi on my laptop (so I can push the code I'm probably the most proud of, more on that another time). The problem is that the free T-Mobile WiFi is apparently only available on mobile.

So after trying to just use responsive mode, and that still (almost obviously) not working. I realize it's time to bring in the big guns: A User Agent switcher. Small catch: I don't have an add-on for FF that can do that.

So on my phone I find an add-on that can and download the file. To send it to my computer, I initially thought to go through KDEConnect, but Gogo's network also isolates each system, so that doesn't work. So I try to send it over Bluetooth, except I can't. Why? Because Android's Bluetooth share "doesn't support" the .xpi extension, so I dump it in a zip (in retrospect, I should have just renamed it), and now I can share.

After a few tries, I successfully get the file over, extract the zip, and install the extension. Whew! Now I open up Gogo's page and proceed to try again, but this time I change the user-agent. Doesn't work... Ah! Cookies! I delete the cookies for Gogo (I had a cookie editor add-on already), but I had to try a few times because Gogo's scripts keep trying to, but I got it in the end.

Finally that stupid error saying it's for phones only went away, and I could write this rant for you.

TL;DR: If you make a contest where people get to vote online fucking make it right!

And here's the story: I play in a local coverband to make some cash on the side and because I love making music. We entered a contest hosted by a local radio-station. The first round was determined by judges and now 5 bands remain and of those 5 only 3 get to be voted into the final round. In the final round every bands wins something: 3rd place 250€, 2nd place 750€ and first place 5000€.
Now that stupid dipshit of a web-designer of that radio-station made a website where you can vote and it only fucking sets a cookie. You can delete it and vote again. You don't need no E-Mail and nothing. It doesn't even block multiple votes from one IP. It doesn't do shit.
Even my bandmates (who don't work in IT) where smart enough to figure out that you can just delete the cookies...
I think that now every band except for one is cheating. (we have over 5000 votes and combined all bands have like 4000 FB-Likes and sometimes and Band gets like 400 more votes in an hour) This is such a fucking messup and I don't know what to do. Maybe they'll look into stats but if they're so stupid to make a contest like this in the first place, maybe they won't. And even if they look into the stats it wouldn't be fair to kick out a band with much votes because how the fuck would they know if the band themselves cheated or if it was a fan of the band or even an enemy of the band just to get them kicked out.
I'm afraid of talking to the radio-station as a part of one band because maybe the web-designer there just gets frustrated and bans us from the contest entirely.
This is just fucking frustrating.

Most succesful project was around this time last year.

A scary club of privacy haters made a 'webapp' to advise people what to vote for in the national elections.

The tool was really bad in multiple ways. For instance, if two parties would score the same amount of points, one would, at random take second place without conveying this to the user.

Oh and it also collected all the data people entered "for scientific purposes". A very sketchy practice, a non profit, funded by the government and George Soros (I kid you not, illuminatie confirmed ;) ).

The tool had this disclaimer on the bottom, saying this webapp needs cookies to function. So that triggered me to make a copy of the tool that works better and ... offline, and without cookies. You could download a html file and turn of your wifi (for the paranoid ppl among us), use the tool, delete the file. No trace.

It was a little bit of tung and cheek project, a gimick, the original was called stemwijzer, mine was called offline stemwijzer.

It was a one day build and a day after launching I got a call of the original stemwijzer project leader. Demanding to take the thing offline for infringing copyright (yeah sort of was). I tried to explain him why I made this and why privacy for such things should be held in high regard. He basicly told me I was talking shit and did not want to discuss, I told him I don't take stuff offline because of phone calls. I told him to email me a seist and desist.

So that guy prolly had a stressful day (because of the launch of his tool), had a few glasses of wine, and wrote an email. He wrote me I was a pathtic kid and I should do more useful stuff. He wrote that anyone could program a tool like that. And he wrote me I should do him a favour not share this email with my measly amount of twitter followers. Super professional email.

So I did him that favour, I did not share it with my twitter followers, I shared it with one of the largest political blogs in the country.

My tool sort of took of after that. To stop infringing copy right I changed the name and I removed their content from the script and wrote instructions on how to copy and paste in the json content yourself and "make your own tool".

The response was great, people actually emailed me job offers and I think that the current job I have is due to the succes of said project. So be balsy, challenge giants, start riots, it will get you places.

I don't know why people here dislike php

It's been 3 years since I was introduced to php and I never find it unworthy to be used in my project at all

Last night it was my first freelancing project and the guy asked me to scrap a table from a stock market website in vba script and append the table values to the excel sheet. That looked easy, I kid you not, from the image he sent me that looked too easy.

I decided to accept it, fml. Cause that site was using fucking cookies and javascript to load the table values.

There was no way to implement shit that in vba under my current knowledge.

Let's fuck this shit and jump to php, I inspected the site and found a cookie was enabling the site to load another part of the site through GET request.

Once I knew what was holding that GET request url, curl came to rescue. I attached cookies and sent the request header and parsed the ajax script url and fetched the response (table data).

Parsed the fetched data using explode and Voila! I made the fucking working script in php

As for the vba script, I wrote code to get this csv, append it to the file and delete the csv

Some interesting keyboard shortcuts that are lesser-known but can be quite useful:

1.Windows Key + . (Period): In Windows 10 and later versions, this shortcut opens the emoji panel, allowing you to quickly insert emojis into your text.

2.Ctrl + Shift + T: This shortcut reopens the last closed tab in most web browsers (Chrome, Firefox, Edge). It's handy if you accidentally close a tab and want to retrieve it quickly.

3.Ctrl + Backtick (`): In some text editors and IDEs (like Visual Studio Code), this shortcut toggles the integrated terminal window, allowing you to quickly switch between editing and running commands.

4.Ctrl + Shift + Esc: This directly opens the Task Manager in Windows, skipping the intermediary step of opening Ctrl + Alt + Delete and selecting Task Manager.

5.Alt + Drag: In many graphics and design applications (like Photoshop), holding down the Alt key while dragging an object duplicates it. This can save time compared to copying and pasting.

6.Ctrl + Alt + D: This shortcut shows the desktop on Windows, minimizing all open windows to quickly access icons and shortcuts on your desktop.

7.Ctrl + Shift + N: In most web browsers, this shortcut opens a new incognito or private browsing window, useful for browsing without saving history or cookies.

8.Alt + Enter: In Excel, this shortcut opens the Format Cells dialog box for the selected cell or range, allowing quick formatting changes without navigating through menus.

9.Shift + F10: This shortcut performs a right-click action on the selected item or text, useful when you can't or don't want to use the mouse.

10.Ctrl + Shift + V: In many applications, including Google Chrome and Microsoft Word, this shortcut pastes text without formatting (paste as plain text). It's useful when copying text from websites or other documents.

++ if you like this

I was signing up for a new account on Magic. I wasn't paying attention so I accidentally didn't change my date of birth, so it didn't let me create an account because they thought I was just born today. I changed that field but nope, it remembered I had told it I was 1 day old and it didn't let me change my mind. Delete cookies, nothing. Reload page, nothing. So I go into Postman and re-create the request and BOOM! I even got an access token for their API. This is why I love being a dev.

Everyone in the world can browse to my client's website on every browser. I can get to my client's website on every browser EXCEPT Chrome even on mobile devices. Doesn't even work in Incognito mode, nor after flushing cookies, cache, and history. Just the annoying ERR_CONNECTION_TIMED_OUT. And then I switch over to another Chrome profile I have and it's all fine. Google Forums are completely non-helpful because they all say it's ipconfig /flushdns or reinstall All The Things and delete and re-create my whole profile. Things like this make me want to flush Chrome forever.

I haven't been able to access ChatGPT since Friday. I thought it might help to delete all cookies so I did, and managed to access their login page. However, when clicking on "Log in", nothing happens, which shouldn't come as a surprise as there is no event listener on the button element, nor on any of its ancestors or descendants (see attached screenshot).