So, some time ago, I was working for a complete puckered anus of a cosmetics company on their ecommerce product. Won't name names, but they're shitty and known for MLM. If you're clever, go you ;)

Anyways, over the course of years they brought in a competent firm to implement their service layer. I'd even worked with them in the past and it was designed to handle a frankly ridiculous-scale load. After they got the 1.0 released, the manager was replaced with some absolutely talentless, chauvinist cuntrag from a phone company that is well known for having 99% indian devs and not being able to heard now. He of course brought in his number two, worked on making life miserable and running everyone on the team off; inside of a year the entire team was ex-said-phone-company.

Watching the decay of this product was a sheer joy. They cratered the database numerous times during peak-load periods, caused $20M in redis-cluster cost overrun, ended up submitting hundreds of erroneous and duplicate orders, and mailed almost $40K worth of product to a random guy in outer mongolia who is , we can only hope, now enjoying his new life as an instagram influencer. They even terminally broke the automatic metadata, and hired THIRTY PEOPLE to sit there and do nothing but edit swagger. And it was still both wrong and unusable.

Over the course of two years, I ended up rewriting large portions of their infra surrounding the centralized service cancer to do things like, "implement security," as well as cut memory usage and runtimes down by quite literally 100x in the worst cases.

It was during this time I discovered a rather critical flaw. This is the story of what, how and how can you fucking even be that stupid. The issue relates to users and their reports and their ability to order.

I first found this issue looking at some erroneous data for a low value order and went, "There's no fucking way, they're fucking stupid, but this is borderline criminal." It was easy to miss, but someone in a top down reporting chain had submitted an order for someone else in a different org. Shouldn't be possible, but here was that order staring me in the face.

So I set to work seeing if we'd pwned ourselves as an org. I spend a few hours poring over logs from the log service and dynatrace trying to recreate what happened. I first tested to see if I could get a user, not something that was usually done because auth identity was pervasive. I discover the users are INCREMENTAL int values they used for ids in the database when requesting from the API, so naturally I have a full list of users and their title and relative position, as well as reports and descendants in about 10 minutes.

I try the happy path of setting values for random, known payment methods and org structures similar to the impossible order, and submitting as a normal user, no dice. Several more tries and I'm confident this isn't the vector.

Exhausting that option, I look at the protocol for a type of order in the system that allowed higher level people to impersonate people below them and use their own payment info for descendant report orders. I see that all of the data for this transaction is stored in a cookie. Few tests later, I discover the UI has no forgery checks, hashing, etc, and just fucking trusts whatever is present in that cookie.

An hour of tweaking later, I'm impersonating a director as a bottom rung employee. Score. So I fill a cart with a bunch of test items and proceed to checkout. There, in all its glory are the director's payment options. I select one and am presented with:

"please reenter card number to validate."

Bupkiss. Dead end.

OR SO YOU WOULD THINK.

One unimportant detail I noticed during my log investigations that the shit slinging GUI monkeys who butchered the system didn't was, on a failed attempt to submit payment in the DB, the logs were filled with messages like:

"Failed to submit order for [userid] with credit card id [id], number [FULL CREDIT CARD NUMBER]"

One submit click later and the user's credit card number drops into lnav like a gatcha prize. I dutifully rerun the checkout and got an email send notification in the logs for successful transfer to fulfillment. Order placed. Some continued experimentation later and the truth is evident:

With an authenticated user or any privilege, you could place any order, as anyone, using anyon's payment methods and have it sent anywhere.

So naturally, I pack the crucifixion-worthy body of evidence up and walk it into the IT director's office. I show him the defect, and he turns sheet fucking white. He knows there's no recovering from it, and there's no way his shitstick service team can handle fixing it. Somewhere in his tiny little grinchly manager's heart he knew they'd caused it, and he was to blame for being a shit captain to the SS Failboat. He replies quietly, "You will never speak of this to anyone, fix this discretely." Straight up hitler's bunker meme rage.

Who the fuck came up with the idea of using SharePoint? What it even is?! Is it a website, wiki, document repo...?

Our version seems to be a broken wiki with no info content, old links, illogical navigation. And somehow word documents are integrated into it. Sometimes you see some weird calendar and timelines (from old projects). You can navigate into a folder, but you cannot get back. There's no ".." button?? You can map it like OneDrive to yourself, but Windows doesn't support any document version control. Where's the check in/out option from explorer menu??? I sure as shit have those for SVN, GIT etc. Is there a new version created everytime I press ctrl-s or only when I close the document?

Well, I could open the document in "online" mode. Ok, the formatting goes weird and everything is super slow. But at least I can fuck up someone elses document by accidentaly copy/pasting stuff, deleting lines, hitting my face into keyboard etc. There's automatically new version added!

Somehow you can enable the forced check in/out for documents. Obviously only the library admin can do that. And since he's just a program manager, he has no clue what the fuck is version control or document management. So he has this thing on his "things to do" list. For him, document management means sending various spec versions as email attachments. And the developers can figure out together who has the most recent one.

How did M$ push shit piece of shit to corporations? They even use this crap for the intranet making it slower than creation of galaxies. Though it's ok, since you cannot find anything from the intranet. It's all just head honchos blogs, seasonal greetings and stock market statuses. Nowhere is seen the downstairs cafeteria menu for the day. Or where to report for broken toilet. You know, stuff that 99% of people would like to see.

I complained to M$ about the SharePoint, but apparently there's no problem. You can code it yourself? Yeiii! So, instead of just updating some line in design spec, I have to take a 3 month class and get a MS sertificate, code some class-based-web-shit for 6 months and maybe, maybe then I can make the page/document look normal?

I am thinking, that I will just start writing my specs on paper. I will put them on the shelf and if you want to read it, you will check it out manually. And if someone else tries to edit it while you are editing it, you just cover the paper with your hands. There might be a requirement to make the document look more like MS Word, but that's easy to do. Just go to WC with the paper and wipe with it a couple of times.

I would like to rant one more time about my internship.

I began in July, the first. That's my sister who helped me to find this internship and I was a little scared about how bad it could be.
I came at the office, my boss told me that I would work in an "Innovation lab", an apartment where people works on projects that are less corporate than the enterprise's ones.

To me, it was amazing. So I came in this apartment, it was like a dream. I didn't know that I would have such luck to be in this environment : kitchen, sofas, beds, many decorations for all political ideologies, ideas. There was some decorations that were about weed and many cool things for the young guy I am.

The lab's leader told me that it was a very free environment and all the awesome stuff I could use.
Then they showed me where I would work.

We were two interns employed as web developers. We had a complete room for us.
Then we began to work there, and I was presented to my internship tutor.
He gave me some instructions but told me that I had a week before the project begin.

Here began the troubles.

We waited a complete week without having any instructions. Then we began to build something in PHP with our knowledge and the informations someone from the lab gave us.
When finally we had news from the project, two weeks later, we learned that the project would be built with ASP. NET.
Here we go, I learn ASP. NET alone. I have many problems and nobody helps (even if the problem comes from enterprise's API/Framework). I finally make something usable with no help, after I discovered that my mate wasn't developer at all and just took an option for her classes which forced her to get an internship.

She had 3 month left, I had 6.
Then when the project really began, nobody came to verify what I was doing and on a meeting, they said that I was doing nothing.

The boss even became mad on us because he couldn't see what we were doing (we're back end developers).
I asked for help to the developers of the enterprise and someone came, sad to have to help an internship, and learned some tricks but nothing else.

To have a concrete explanation of what DDD was, I had to ask 4 times for help.

Finally I had something that could receive data from the connected hives we are working on and store them into a database in the architecture of the enterprise.

Then, they wanted me to try an API for them. I tried, and it wasn't working at all. So they make me still wait to change my whole architecture when the API will be released.

Recently, I was told that I would never do the front-end of the project (which was an horror because of the fantasm of the lab leader). Then they realized that my late wasn't a programmer. So they asked me to make a prototype for the front-end. I did for a presentation.

Then they didn't tell me the device they would use for the presentation and it was an iPhone 7. Idk why, safari couldn't display what IE can.

They blamed me for having done a bad work. It wasn't my job. I did it to help because they can't find a fucking front-end developer with a little more experience than me.

Actually, I am an alone developer since my mate is gone and the lab leader don't want me to show up because she considers me as a shame.
I asked to be moved back in the office of the enterprise, they agreed and said it was a 2-weeks delay. It's the Thursday of the second week and I have no news. I send mails to my tutor, even SMS, he doesn't answer me. They didn't call me to give me my pay with a week late. And the person who is responsible doesn't answer me neither. I came to see her, but she wasn't available. I'm now alone in a desk, waiting the time to pass.

Fucking this shit.

I'm in France.

EDIT : I forgot to say that I can't use the sofas or bed because I'm allergic to cats and there were 3 cats. Now there is still one and this beast vomits and poos everywhere in the house...

Forced choice between two options which both seemingly have irreversible and potentially destructive consequences. Tapping back or outside the modal doesn't dismiss it. No 'Read more' type link for the first option.

Laws and regulations against dark pattern design when?

edit: okay the readmore link is passable but I still want to be grumpy about it.

Reasons not to work here...
Windoze
Insurance
One line scripts with no help option
Java
Windoze
5am meetings, working 10 hours a day then getting on again between 9pm and 5am, to accommodate for employees in India
WINDOZE

Edit - can't forget the worst laptop track pad in history 😂

Just got a lovely update on Windows 10. It pops up on login and informs me of this great new browser called edge. Then it fucking takes over the screen and gives me one fucking option: "Get Started". I cannot escape, I cannot close the app, I cannot right click the app icon on the toolbar and close this POS. My only option is to fucking ctrl-alt-del and kill this piece of garbage. You also cannot uninstall this shit either. I even found a thread where the MS guy was trying to help them uninstall, but the end result is that you cannot on newer Windows 10. So I have this POS thing that keeps updating flash and other shit periodically that is nothing but a security hole. Now I never want to ever run this garbage.

The irony is this. I have read a lot of good things about Edge. I was considering it as an alternative to Chrome for specific use cases. Now I absolutely no longer want to run this fucktard pos software. This one experience has now tarnished any gains MS has in the browser arena. It is just more overbearing malware being pushed by assholes. Tech these days is defined by assholes. Apple is assholes, Google is bigger assholes, and MS is still the classic assholes.

Microsoft LET ME FUCKING JUST WORK! Is this not the pro version or what?

Fuck you edge and your pos os.

Now I feel better!

Edit: That was a rendition of the evil caption Kirk from episode 27.

TIL google calendar app on Android doesn't let you change a reminder's reminding time.

There is edit but it only let you change title and date time and repeated options.

I can't find an option to postpone the reminder to next hour or something.

With that said, if you know how to do it, please share.

Why fucking windows explorer's search is fucking case-sensitive? I could not find any fucking option for it.

Edit : actually it's not but sometimes it couldnot find files

Maxi-Rant, rest in the first comment!

Yay, I've caught up with my "watch later" list on YouTube! Next thing: Just quickly go through my subscribed channels and add old videos that I haven't seen yet to the watch later list so that I have more stuff to watch the next months. The easiest way to do that is to go to the "all uploads" playlist of the channel (that is luckily always linked now, it used to be hidden sometimes) and use "add all to" to get them on my playlist. Then sort out the stuff that I've already seen and turn on automatic sorting by date, easy. Yeah...
Firstly, in the new design there's no "add all to", I have to go to the old design. For my own playlists, there's a handy "edit" button to do that, but on other pages I have to do it manually. Luckily I have set Ctrl+Shift+1 as a shortcut for "&disable_polymer=true" long ago.
Next surprise: On "all uploads" playlists, there is no "add all to" button. It's on every single other playlist on YouTube, including "liked", "watch later", "favourites" and so on, just not there.
Fine, I'll just abuse my subscription playlist script that I already have by making a copy of it, putting the channel IDs in it and setting the last execution date to 1.1.2001. Little problem with that: Google apps scripts can run for at most 5 minutes and the YouTube API restricts it to add one video per second. So it doesn't work for more than 300 videos. I could now try to split it up by dates, but I didn't write the script myself and I don't know how it sorts the videos to add, so I'll just google for another solution instead.
Found one: Go to the video overview of the channel in the old layout, Ctrl+Shift+I, paste this little Javascript thing and it automatically clicks all the little clocks that add the video to the watch later list. Yay, that works! Ok, i'm restricted to 5000 videos, because that's the maximum size of a YouTube playlist, so I can't immediately add all 8000+, but whatever, that's a minor problem and I'll sort out later anyway. Still another little problem: For some reason I can't automatically sort the watch later list. Because that would be too easy.
But whatever, I'll just use "add all to" from there to add it to my creatively named "WL" list. If that thing is restricted by the same rate limit of 1 video per second, it should be done in about 1½ hours. A bit long, but hey, I'm dealing with 5000 videos. Waiting 2 hours... Waiting 3 hours... Nothing happens. It would be nice if it at least added them one by one, but no, it waits an eternity and then adds all at once. At least in theory, right now it does absolutely nothing.
Shortly considered running it for more hours or even days on my Raspberry Pi, but that thing already struggles when using Chromium normally, I shouldn't bother it with anything that has to do with 5000 videos.
Ok, what else can I do then? Googling, trying out different things, mainly external services that have their own concept of "playlists" and can then add them to an arbitrary playlist later...
Even tried writing my own Java program with the YouTube API, but after about an hour not even the example program in the YouTube API tutorial worked (50 errors and even more open questions, woohoo), so I discarded that idea.
Then I discovered "DiskYT". Everything looked like it would work and I'm still convinced that I can do it with that little pile of shit. Why is it a pile of shit? Well, for example the site reloads itself after a while, so it can at most add 700 videos to a playlist. Also I can't just paste the channel link (even though it recognises those links, but just to show an error message that it can't copy from channels). I can't enter/paste URLs, I have to drag them. The site saves absolutely nothing (should in theory work, but in practise it doesn't), so I have to re-drag everything on every try. In one network, the "authorise YouTube" button (that I have to press again on every computer) does absolutely nothing ("inspect" reveals that there isn't even any action bound to the button), in another network the page mostly doesn't work at all or the button to copy from playlists is suddenly gone or other weird stuff. Luckily I have the WiFi at home, there it works in theory. But just on my desktop PC, no other device, wow. I tried to run it on my new laptop, but it's so new that it still has the preinstalled OS and there I can't deactivate going to standby when closing the laptop, so while I expected it to add 5000 videos, it instead added 4 and went to standby. But doesn't matter, because it would have failed at about 700 anyway. Every time I try to use this website, I get new problems, but it seems to still be the best option, because everything else just doesn't do anything. This page at least got to 700 before.

Continuing in first comment!

So I got a new project idea , an app that takes your image and fits it in a mac window like a border .
Basically when I make a new website or app and I want to post screenshots of it , just the plain screenshot of the app looks bland but if I have a nice aesthetic ✨ mac OS window around it with rounder corners and stuff , it would look very cool . I bet everybody here has seen something like this once or twice. Is there an app that does this already ? takes an image from the user and puts a window around it , with the minimize ,maximize and close buttons and let's the user download the final image . Not necessarily a mac window with there could be option for different types of windows . Even VS code repo on Github has a mac window around it lol . So I would like to make an app that makes this whole process easier instead of requiring you to edit images of your app (in case u don't have windows or a mac for screenshot)
What tools (tech stack )would I require to make a web app for this purpose ?

I want to go to gym but im too broke

Gyms in my country are expensive as fuck. German gym Synergy (im not from germany) costs $27 not per month but per 7 trainings within 1 month. That means if i go every day monday through sunday i have wasted my ticket and have to pay another $27. And thats just the minimum package level, there are other more expensive packages out there that include sauna and various other shits. Other gyms are just as expensive, more or less

On top of that I'd have to pay the private gym coach several hundreds of euros (depending on gym coach) ranging from 100-500 or more euros per month. I live in a country where engineer's minimum salary is 500 euros per month

Not to mention the special expensive food I'd have to eat to follow the training diet which will cost additional several hundred euros more??

double costs = gym + coach + food;

It saddens me to throw away so much money on a liability like this. I'd rather throw that money into some crypto asset thats gonna yield me more money

How the fuck do people afford gym? I want to go to the gym but im too broke for this... Like how perfect and complete life do some people already live in order to be able to afford gym membership so easily?

I cant believe im working such a difficult software java backend job and cant afford a goddamn gym membership

Edit: I just wanted some minimal workouts to maintain my physical health, not some intensive sports workout. Just enough so i look good physically but not too much difficult or heavy weight workouts because i dont care about bodybuilding etc thats not my primary job. So therefore if im asking for bare minimum shouldn't there be some ultra cheap option for me?

Can we get an option to edit our comment? You need to delete and add comment again in case of typos. #OCDAboutTypos lol

@dfox

Why not allow edits after any amount of time, but have an option to see how the post was before each edit?

Can some1 please do something about email
A "modify/edit" functionality is helpful

Why doesn't it have it already

I have actively started using Twitter.
Why isn't there an edit tweet option yet?

DevRant! I need an option to edit my comments for typos and shet, at least for a minute or so.

Got a question for any programmers . Maybe it depends on what version of Windows but Registry Edit for No lock screen option. I believe the desktop where I enabled it was a Windows 10. Would any one know where Windows 11 option would be in the registry. When I created DWORD with disable lock screen. I tested it out and I was still stuck on lock screen