Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple APILearn More
Search - "encryption problems"
Fixing family / friends technical problems, episode 2.
Problem: "I lost my iPhone, I know there's a thing that lets you find it. Can you help?"
Me: sure, it's called "find my iPhone"
Friend: ah yes that's it. How do I use it?
Me: I'll show you, just login here and ... oh you didn't set it up?
Friend: Probably not, I don't know much about this computer stuff.
Me: ... when you setup your phone for the first time, it's a full screen thing that says "do you want us to locate your phone if it's lost. Yes / No". It's hardly writing an encryption algorithm now is it?
Friend: no it's not, but still I just didn't know. I probably clicked no for everything.
Me: ... says here you clicked yes for iCould ... and yes for photo sync ... so you read the one about your pictures but not about lost or stolen property ... nice.
Friend: ... so you can't find it then.
Me: No, natural selection took it away from you.
Friend: oh **** off.6
I’m back for a fucking rant.
My previous post I was happy, I’ve had an interview today and I felt the interviewer acted with integrity and made the role seem worthwhile. Fuck it, here’s the link:
So, since then; the recruiter got in touch: “smashed it son, sending the tech demo your way, if you can get it done this evening that would be amazing”
Obviously I said based on the exact brief I think that’s possible, I’ll take a look and let them know if it isn’t.
Having done loads of these, I know I can usually knock them out and impress in an evening with no trouble.
Here’s where shit gets fucked up; i opened the brief.
I was met with a brief for an MVP using best practice patterns and flexing every muscle with the tech available...
Then I see the requirements, these fucking dicks are after 10 functional requirements averaging an hour a piece.
+TDD so * 1.25,
+DI and dependency inversion principle * 1.1
+CI setup (1h on this platform)
+One ill requirement to use a stored proc in SQL server to return a view (1h)
+UX/UI design consideration using an old tech (1-2h)
+unobtrusive jquery form post validation (2h)
+AES-256 encryption in the db... add 2h for proper testing.
These cunts want me to knock 15-20h of Work into their interview tech demo.
I’ve done a lot of these recently, all of them topped out at 3h max.
The job is middling: average package, old tech, not the most exciting or decent work.
The interviewer alluded to his lead being a bit of a dick; one of those “the code comes first” devs.
Here’s where shit gets realer:
They’ve included mock ups in the tech demo brief’s zip... I looked at them to confirm I wasn’t over estimating the job... I wasn’t.
Then I looked at the other files in the fucking zip.
I found 3 of the images they wanted to use were copyright withheld... there’s no way these guys have the right to distribute these.
Then I look in the font folder, it’s a single ttf, downloaded from fucking DA Font... it was published less than 2mo ago, the license file had been removed: free for Personal, anything else; contact me.
There’s no way these guys have any rights to this font, and I’ve never seen a font redistributed legally without it’s accompanying licence files.
This fucking company is constantly talking about its ethical behaviours.
Given that I know what I’m doing; I know it would have taken less time to find free-for-commercial images and use a google font... this sloppy bullshit is beyond me.
Anyway, I said I’d get back to the recruiter, he wasn’t to know and he’s a good guy. I let him know I’d complete the tech demo over the weekend, he’s looked after me and I don’t want him having trouble with his client...
I’ll substitute the copyright fuckery with images I have a license for because there’s no way I’m pushing copyright stolen material to a public github repo.
I’ll also be substituting the topic and leaving a few js bombs in there to ensure they don’t just steal my shit.
Here’s my hypotheses, anyone with any more would be greatly welcomed...
1: the lead dev is just a stuck up arsehole, with no real care for his work and a relaxed view on stealing other people’s.
2: they are looking for 15-20h free work on an MVP they can modify and take to market
3: they are looking for people to turn down this job so they can support someone’s fucking visa.
In any case, it’s a shit show and I’ll just be seeing this as box checking and interview practice...
Arguments for 1: the head told me about his lead’s problems within 20mn of the interview.
2: he said his biggest problem was getting products out quickly enough.
3: the recruiter told me they’d been “picky”, and they’re making themselves people who can’t be worked for.
I’m going to knock out the demo, keep it private and protect my work well. It’s going to smash their tits off because I’m a fucking great developer... I’ll make sure I get the offer to keep the recruiter looked after.
Then fuck those guys, I’m fucking livid.
After a wonderful interview experience and a nice introduction to the company I’ve been completely put off...
So here’s the update: if you’re interviewing for a shitty middle level dev position, amongst difficult people, on an out of date stack... you need people to want you, don’t fuck them off.
If they want my time to rush out MVPs, they can pay my day rate.
Fuuuuuuuuck... I typed this out whilst listening to the podcast, I’m glad I’m not the only one dealing with shit.
Oh also; I had a lovely discriminatory as fuck application, personality test and disability request email sent to me from a company that seems like it’s still in the 90s. Fuck those guys too, I reported them to the relevant authorities and hope they’re made to look at how morally reprehensible their recruitment process is. The law is you don’t ask if the job can be done by anyone.6
Hello guys and girls!
My company tasked me to do something insane.
Little background info: I'm a trainee, in my first year (of three, even though I will shorten my apprenticeship to two years). I told my trainer that I like encryption in a somewhat private talk.
Now to the insane part. I got tasked to develop a whole security concept ~2 weeks ago to protect our products against industrial espionage. I feel in no way competent enough to achieve this especially because my concepts so far have been dismissed with a 'naaaah. Can't we just do X for now and add the other stuff later?' or 'we can't do that.'
I seriously don't want my name under a concept we would use world wide on our customers pcs which I know has serious flaws.
What should I do? What would you do?22
Ever encrypt files on a USB drive before?
Ever do that then forget the password you used for the encryption?
Had to extend the platform of a customer. For one part of my task (generating an encrypted string) there already was a class with encryption and decryption methods. This class is used in a gazillion places all over the code, so I thought it might be a good idea to re-use already existing stuff... Until I saw that the encryption method using basic Java methods (all fine with that) wrapped in a try-catch block, 'cause the Java methods may throw, returning err.getMessage() in the catch block...
Yeah...sure...makes sense... Instead of throwing an error or returning null just remove the possibility to handle the error.
So I decided to basically copy the methods and return null so I can work with that.
Created a merge request and was told by another dev of that company to remove my own impelemtation of the encryption method and use the already existing. Arguing that I won't have a possibility to prevent my code, that returns an URI containing the encrypted string, from generating something like "http://..../Encryption failed because of null" without success.
So I had to use the already existing crappy code...5
When you wake up on a sat, log in to your emails to share with your bosses a new hacking framework just out that can decode encrypted strings, and no one replies because it's the weekend
Fucking finally something i can do while this corona crap is going on. ESP32's arrived today and i had to port entire project to them.
Luckily libraries support it so no problems there but the Bluetooth stuff is different kinda.
And oh fuck is it fucking faster. Oh yes. And as added bonus it fixed my main bug somehow.
The bug was that random stuff would show up in the Bluetooth log. Like random char's.
Anyways. That's fixed so now just add nice LED control to it so i know when I'm sending and receiving and then encryption.
Yes Yes i know project without using encryption and i send data trough it. Well if you want to help you can.
Sadly this ESP32 crap fucking broke Arduino support.
So yeah. Lets have fun while I'm sitting home.10
Korora 26 finally came out and I wanted to install it on my new laptop. I'd previously put Ubuntu MATE on there, with Cinnamon kind of tacked on, but it wasn't great, mostly because it wasn't Korora.
Unfortunately, Korora (and Fedora) still have a bug in the installer where it will complain if your /boot/efi partition is not on /dev/sda, which in my case it was on my M.2 drive. However, I was able to eventually get it working.
But when I booted it up and tried to log in, it would take me back to the log in screen. I logged into a TTY, where I was reminded that when I had set up my Ubuntu install, I had chosen to encrypt the home folder.
Not knowing how to set up the eCryptFS with an existing encrypted home folder setup, I opted to wipe the drive and reinstall from scratch--I had a backup of most of my files from the Ubuntu installation. However, I lost some very important documents that I'd set up since then.
Fast forward to today where my laptop won't boot unless it is either a.) unplugged with just the battery or b.) plugged in without the battery, with a different power cable from the one I got with the computer.
Thankfully the people responded quickly after I mentioned I was having issues. Hopefully it doesn't get worse...
So I'm building this environmental monitoring system for one of the Labs to monitor Temperature and Humidity. the "software" that comes as part of the package with these sensors is really just a website you host yourself if you don't choose the cloud option. No big deal really, (see my previous rant about getting windows server through SSC) I setup IIS and get the "software" registered get a couple sensors running looks good. However I don't like the error messages that popup because it's unsecured. do some reading and I find out that most browsers will give you a warning if your not using HTTPS even if it's for internal use only. OK we'll how hard can it be in implement encryption, turns out it's not that hard and you can do it for free how with letsencrypt and other places. I like free, now i have to use SSH to get into the server and run an ACME client. Hey open SSH is part of windows now cool, download an ACME client SSH into the server and nope doesn't work. Oh right I'm behind a corporate firewall and a bunch of other shit I can't control. Why is so damn arduous to setup this god dam internal website and the problems aren't even the site. Now I'm playing with AWS spinning up an instance to be able to try and get an SSL certificate just so i don't have to tell people it's OK to trust this site ignore the big angry warning.
Best part is other similar internal sites don;t use SSL and all have big messages about someone stealing your soul if you go there and these are commercial systems that run all the HVAC for all the campuses across Canada.
I need more Tylenol.