How do I un-idiot my users when it comes to clicking on dodgy email-links??

Got a forwarded email just there from a user who said;

Good afternoon,
Is the below ok to open?
I just tried but got a popup saying I've been blocked from opening it.
I'm not sure who it is coming from and I am not waiting on anything but as it says its from dropbox and is important, i know it's okay.
Can you unblock the link ASAP please?
This is really impeding my work-day as I need to know what it is and act accordingly.
Regards... user.

The Original email came from a random jumble of letters with a subject line of 'important dropbox program' - not only does it look dodgy but its english is horrible! It said;

"Hi tu my freind,

You tu still read a pending verrry important document sent by one of your own contact to be vieweddd.

Install "Highly Confidential english.pdf" by clickinggg here

*insert link leading to something called 'viral-update-trojan.exe'*"

I mean, seriously... help!!! 😢
We have sent emails explaining how to hover over links and to not to click them if it looks wrong.
No one does it.
We hired a company to send fake phishing emails to train users in what to do.
It made no difference!
We now make people 'verify' their email addresses when opening any sort of link to try get them to actually look at what they're opening.
We also strip emails of original attachments and create 'safe' html copies as we can't trust them to look at what they're opening.
Everyone complains about it but Jesus Christ, this is why!!!

Its so exhausting!! What is wrong with people!!! Argh!!! 😤

OH MY GOD

WHO NAMES A CONFERENCE ROOM AFTER AN -ADDRESS-??

At my new job, we had all day training on Friday. It was emphasized many times that we should not be late. I look at the meeting invite many times, and it says [123 Fake], with Fake being a Very Well Known Street, and I see on Google Maps that there's an office building there. Great, we must have an off-site training facility to help our clients become certified in our product. It doesn't say which floor, but I assume the small space we have in that large office building will become evident once I check in with lobby security.

Friday morning comes, I get to the office building 20 minutes early, and try to check in. They've never heard of my company. Maybe there's a computer lab we rent out? No, they don't know anything about that. I don't have work email or slack set up on my phone yet, so who do I call? I try reception, no one answers. Eventually I call our customer support line.

I shouldn't be at 123 Fake St. I should be at the office. Because that's the name of the conference room!

YOU HAD ONE JOB, ROOM NAMER!

Last night my boyfriend and I tried to think of worse names for conference rooms. The only ones I could think of were "meeting canceled" (but with that, at least I would be in the correct fucking building!) or just naming every conference room "conference room". Here's the thing: there's not just one 123 Fake St room! There's two of them right next to each other! So you can easily show up and think, I remember I was supposed to be in this room, but which one?

And I'm not even the first person to make this mistake. CLIENTS have gone to the wrong building before because they get included on meeting invitations that include conference room names! WTF!

It's pretty common to have Chicago conference rooms named after neighborhoods, or iconic buildings, etc. But nobody is going to think, "meeting in Bucktown? I'll just wander around the neighborhood until I find people with laptops". It's obviously a conference room. BUT A FUCKING ADDRESS OF A NEARBY OFFICE BUILDING? It's not even an iconic of a building!

Names matter. I care a lot about names in code. I never realized it could apply to the physical world as well. So now I am on a mission to change the names of these Goddamm conference rooms so I'm the last person to be directed to the wrong fucking building.

OH, and I'm out $9 for a taxi ride and a pair of gloves that got lost in the taxi so that's GREAT.

My private Email Account got hacked when I was in school, and they sent out a mail with something along the lines of "hey, you should really use this product to lose weight, it is great" to all of my contacts. Many of them ignored it, some of them called me to inform me about the issue (the worst part was, long after I used 2fa and changed passwords regularly, they still had my name and contact list, so they just made email adresses that looked like mine and continued to send out spam to my contacts). Anyway, one teacher of mine didn't know that this was a scam and was insulted because I regularly sent emails about her losing weight. And as if the whole situaion, which I couldn't do anything about, wasn't bad enough, my parents and I had do have a 1h conversation (which ended up in me explaining how those hacks work, and luckily she understood, but still). Never again. I prefer those fake ms support guys that call me over this every day.

So we hired an intern and his first task was to change a few things in email layout for our client, which is an investment bank.

I told to one of my developers to make his local database dump and setup the project for an intern. When intern completed the task, my developer thought that title "Dow Jones index crashed" was pretty funny title for a test.

What he didn't thought through enough, is that he forgot to configure fake SMTP server and he had production database dump with real email addresses.

I had really awkward 20 minutes conversation with our client. Fuck my life.

About 2 years ago, our management decided to "try outsourcing". I was in charge for coordinating dev tasks and ensuring code quality. So management came up with 3 potential candidates in India and I had to assess them based on Skype calls and little test tasks. Their CVs looked great and have been full of "I'm a fancy experienced senior developer." ....After first 2 calls I already dismissed two candidates because they had obviously zero experience and the CV must have been fake. ..After talking to the third candidate, I again got sceptical. The management, however, started to think that I'm just an ass trying to protect my own position against outside devs. They forced me to give him a chance by testing him with a small dev task. The task included the following statement

"Search on the filesystem recursively, for folders named 'container'. For example '/some_root_folder/path_segments/container' " The term 'container' was additionally highlighted in red!

We also gave him access to a git repo to do at least daily push. My intention was to look at his progressions, not only the result.
I tried the task on my own and it took me two days, just to have a baseline for comparison. I, however, told him to take as much time as he needs. (We wanted to be fair and also payed him.)

..... 3 weeks went by. 3 weeks full of excuses why he isn't able to use git. All my attempts to help him, just made clear that he has never seen or heard of git before. ...... He sent me his code once a week as zip per email -.- ..... I ignored those mails because I made already my decision not wanting to waste my time. I mean come on?! Is this a joke? But since management wanted me to give him a chance .... I kept waiting for his "final" code version.

In week 5, he finally told me that it's finished and all requirements have been met. So I tried to run his code without looking at it ..... and suprise ... It immediately crashed.

Then I started to look through the code .... and I was ..... mind-blown. But not in a good way. .....

The following is what I remember most:

Do you remember the requirement from above? .... His code implementing it looked something like this:

Go through all folders in root path and return folders where folderName == "/some_root_folder/path_segments/container".

(╯°□°）╯︵ ┻━┻

Alone this little peace of code was on sooooooo many levels wrong!!!!! Let me name a few.

- It's just sooooo wrong :(
- He literally compared the folderName with the string "/some_root_folder/path_segments/container"...... Wtf?!?
- He did not understand the requirement at all.
- He implemented something without thinking a microsecond about it.
- No recursive traversal
- It was Java. And he used == instead of equals().
- He compares a folderName with a whole path?!? Wtf.
- How the hell did he made this code return actual results on his computer?!?

Ok ...now it was time to confront management with my findings and give feedback to the developer. ..... They believed me but asked me to keep it civilized and give him constructive feedback. ...... So I skyped him and told him that this code doesn't meet the requirements. ......... He instantly defended himself . He told me that I he did 'exactly what was written in the requirements document" and that there is nothing wrong. .......He had no understanding at all that the code also needs to have an actual business purpose.

(╯°□°）╯︵ ┻━┻

After that he tried to sell us a few more weeks of development work to implement our "new changed requirements" ......

(╯°□°）╯︵ ┻━┻

Footnote: I know a lot of great Indian Devs. ..... But this is definitely not one of them. -.-

tl;dr
Management wants to outsource to India and gets scammed.

THE WORST PRANK ATTEMPT

If i remember true, it was 2012. april fool day..

me and my co-worker (we were the founders) decided to fool our members (we had a script's unofficial support forum). so, we did the plan. we register another account on march and wrote a few useful messages with it. help guys with that fake account (named as Root).

on fool day, we move the site to hidden folder (but didnt backup it) and added an index file as "hi, i am Root. you know me who am i. i hacked this site and deleted all dbs. cya later" (in turkish of course)

and we sit our chairs, began the watch our messages from facebook,skype,whatsapp etc..

we act like we are in trouble and we cant solve the problem.
at the same time, one of the our crew, decided to help us :D
so, he contact with our server's management crew. they dont know the fool too :)

server management looked up the situation without try to contact with me or my co. and we got an email from server like that
"hello tilkibey and impack, we just realized your site is hacked. so we delete your all ftp and db for safety. please contact with us asap"

we shocked and contact with them, explain the truths and request the recover our site (because we though they backup site before deleting all things). but they didnt backup it :(

so, we recover our last backup which is got nearly 10 days ago :(

TLDR: There’s truth in the motto “fake it till you make it”

Once upon a time in January 2018 I began work as a part time sysadmin intern for a small financial firm in the rural US. This company is family owned, and the family doesn’t understand or invest in the technology their business is built on. I’m hired on because of my minor background in Cisco networking and Mac repair/administration.

I was the only staff member with vendor certifications and any background in networking / systems administration / computer hardware. There is an overtaxed web developer doing sysadmin/desktop support work and hating it.

I quickly take that part of his job and become the “if it has electricity it’s his job to fix it” guy. I troubleshoot Exchange server and Active Directory problems, configure cloudhosted web servers and DNS records, change lightbulbs and reboot printers in the office.

After realizing that I’m not an intern but actually just a cheap sysadmin I began looking for work that pays appropriately and is full time. I also change my email signature to say “Company Name: Network Administrator”

A few weeks later the “HR” department (we have 30 employees, it’s more like “The accountant who checks hiring paperwork”) sends out an email saying that certain ‘key’ departments have no coverage at inappropriate times. I don’t connect the dots.

Two days later I receive a testy email from one of the owners telling me that she is unhappy with my lack of time spent in the office. That as the Network Administrator I have responsibilities, and I need to be available for her and others 8-5 when problems need troubleshooting. Her son is my “boss” who is rarely in the office and has almost no technical acumen. He neglected to inform her that I’m a part time employee.

I arrange a meeting in which I propose that I be hired on full time as the Network Administrator to alleviate their problems. They agree but wildly underpay me. I continue searching for work but now my resume says Network Administrator.

Two weeks ago I accepted a job offer for double my current salary at a local software development firm as a junior automation engineer. They said they hired me on with so little experience specifically because of my networking background, which their ops dept is weak in. I highlighted my 6 months experience as Network Administrator during my interviews.

My take away: Perception matters more than reality. If you start acting like something, people will treat you like that.

We were 6 devs on a big project that needed to be completed in 3 months. Probably my first project as a full-stack dev and the work was very demanding.

The senior of my team was a very sharp and energetic, but also a very "in your face" kinda guy. Like, he was cool, but sometimes a little too much to handle for some people.

Anyway, this guy "Senior dev" worked faster (naturally) and harder than the rest of us and was always willing to help if somebody had problems with a framework, tool or other technology. Also, there was this other guy also a good dev (second best I would say) that just hated the first guy's guts for being "rude and obnoxious" as he put it.

One day, the PM and the senior had an argument about a major change that the PM had agreed to (just to save face with the client) that will force the team to come to work on the weekend. In the end he saved us the trouble of going throught that and the PM had to tell the client that the change wouldn't be made. From then on it went downhill for "Sr. dev" in the company. Until one day he was told that his contract was not gonna be renewed.

Short after, he showed some of us a screen cap. somebody sent him of an email from the "hateful" dev to the PM in which he wrote he had heard that the senior guy was leaving and he couldn't be happier because he was "damaging, problematic and a stressful part of his job". That was such a dick move, we thought he should get back at the guy.

So he sent a fake email to the PM using the "hateful" guy's email ID, that read:

"Dear PM. I'm sorry I said those things about 'Senior dev', I guess I'm just mad that he's a better professional than me and mad that I was born with no genitalia".

After the senior dev left I worked on one more project with the "hateful" dev and he was let go mid project for "not being proactive and making little effort on completing the project".

Disclaimer: Long tale of a tech support job. Also the wk29 story is at the bottom.

One time I was working tech support for a website and email hosting firm that was in town. I was hired and worked as the only tech support person there, so all calls came in through me. This also meant that if I was on a call, and another one came through, they would go straight to voice mail. But I couldn't hang up calls either, so, sometimes someone would take up tons of time and I'd have to help them. I was also the "SEO" and "Social Media Marketing" person, as well; managed peoples' social media campaigns. I have tons of stories from this place but a few in particular stick out to me. No particular order to these, I'm just reminiscing as I write this.

I once had to help a man who couldn't find the start button on his computer. When I eventually guided him to allowing me to remote into his computer via Team Viewer, I found he was using Windows XP. I'm not kidding.

I once had to sit on the phone with a man selling Plexus Easy Weight Loss (snake oil, pyramid scheme, but he was a client) and have him yell at me about not getting him more business, simply because we'd built his website. No, I'D not built his website, but his website was fine and it wasn't our job to get him more business. Oh yeah, this is the same guy who said that he didn't want the social media marketing package because he "had people to hide from." Christ.

We had another client who was a conspiracy theorist and wanted the social media marketing package for his blog, all about United States conspiracies. Real nut case. But the best client I've ever had because sometimes he'd come into the office and take up my time talking at me about how Fukushima was the next 911 and that soon it'll spill into the US water supply and everybody was going to die. Hell, better than being on the phone! Doing his social media was great because he wanted me to post clearly fake news stories to his twitter and facebook for him, and I got to look at and manage all the comments calling him out on his bullshit. It was kinda fun. After all, it wasn't _me_ that believed all this. It felt like I was trolling.

[wk29] I was the social media and support techie, not a salesperson. But sometimes I was put in charge _alone_ in front of clients for status meetings about their social media. This one time we had a client who was a custom fashion-type person. I don't really remember. But I was told directly to make them a _new_ facebook page and post to it every day with their hot new deals and stuff. MONTHS pass since I do that and they come in for a face-to-face meeting. Boss is out doing... boss things and that means I have to sit in with her, and for some fucking reason she brought her boyfriend AND HER DAD. Who were both clearly very very angry with me, the company, and probably life. They didn't ever say anything at first, they didn't greet me, they were both just there like British royal guards. It was weird as fuck. I start showing them the page, the progress on their likes goals, etc etc. Marketing shit. They say, "huh, we didn't see any of these posts at home." Turns out they already had a Facebook page, I was working on a completely seperate one, and then the boyfriend finally chimes in with the biggest fucking scowl, "what are you going to do about this?" He was sort of justified, considering this was a payed and semi-expensive service we offered, but holy shit the amount of fire in all three of them. Anyway, it came down to me figuring out how to merge facebook pages, but they eventually left as clients. Is this my fuck up? Is it my company's? Is it theirs? I don't know but that was probably the most awkward meeting ever. Don't know if it comes across through text but the anxiety was pretty real. Fuck.

tl;dr Tech support jobs are a really fun and exciting entry level position I recommend everybody apply for if they're starting out in the tech world! You'll meet tons of cool people and every day is like a new adventure.

* A job application followup email I received:

Hi [programmerName],
Thank you for your interest in joining [companyName].

While we appreciate your application, we decided to move forward with other candidates whose skills and experience are a closer match to our requirements for this specific role.
Feel free to check back, as we are always adding new positions.

Best of luck with your career search!
-The [companyName] Team

* My (probably trashed) reply:

Hello

I personally ignore this precompiled stuff you HR people send.
I feel this answer will be probably trashed somewhere but I feel the need to write this.

You know absolutely nothing about my skills because you didn’t even talk with me.

Maybe I am not the best person in writing a resume or an introduction letter, the key skill appreciated in companies doing head hunting instead of building a solid corporate culture and cultivating talent. Or at least HR people in such companies.

Please consider that, maybe you didn’t like my resume or I didn't write a list of words matching your check list, but at least I honestly wrote my experience instead of trying to hack my way to a job interview writing a fake one that triggers usual HR patterns.
Consider that I do a job for a living and I don't live or have the time to make the perfect resume, I don’t even apply for all companies I see, I only apply for the ones I believe I can work well because I like them. I am not a professional job searcher, jumping from a company to another.

You keep posting this very same add since October 2019 and probably even earlier.
This sounds to me like:
- or your selection process does not work well and you end up hiring the wrong people
- or maybe your work place is not that good as you describe it, so that you have zero retainment despite your high salary.
But I cannot be sure because, guess what, I could not check personally.

If you want to talk about my skills and compare me to other people please test me otherwise don’t write (copy/paste) this offensive trash.

Best of luck with your career as a HR person in a tech company!

-A person tired of HR managers that do not give a f**k about the word “human” in their job description.

Today I decided that I will quit my internship.
So mamy things are mismanaged and my supervisor avoids helping me. I'm not gonna even rant about shitty coding practices, or rather, lack of them.

Now out of 10 ppl team I'm sitting alone in the office because everybody, apart from me, can work from home. When I asked why do I have stay in the office - this is to provide me the best placement experience (wtf). So I sit here, knowing that even if I send an email with a technical questions, I will not get an answer. Atm, can't even give a fuck about trying to be productive. I'm so tired with these fake smily faces that cannot manage a single intern but expect me to do everything without any help.

Luv this fake email I received yesterday, didn't know Microsoft used DPD to deliver their emails lol!!!

A people person is only a people person to another people person. I fucking hate them. Most sales people I see don’t really have any skills per say. They think they do by claiming to be a people person. The entire sales community is like this. Fake as shit. They pay thousands to learn something that has been written in Medium or you could just Youtube. I think I can pretty much get the fact if you wanna make a video do well, you need a good title. They speak everything on the surface. And they claim to a be a layperson. Well, no. Fuck you. I not giving you an average. You are stupid as shit. They can’t write a proper fucking email. I have to go through kubernates and monads and they still make more money than devs via commission. They are too sober and fucking pretentious too. Fuck em fuck em fuck em.

So ok here it is, as asked in the comments.

Setting: customer (huge electronics chain) wants a huge migration from custom software to SAP erp, hybris commere for b2b and ... azure cloud
Timeframe: ~10 months….

My colleague and me had the glorious task to make the evaluation result of the B2B approval process (like you can only buy up till € 1000, then someone has to approve) available in the cart view, not just the end of the checkout. Well I though, easy, we have the results, just put them in the cart … hmm :-\
The whole thing is that the the storefront - called accelerator (although it should rather be called decelerator) is a 10-year old (looking) buggy interface, that promises to the customers, that it solves all their problems and just needs some minor customization. Fact is, it’s an abomination, which makes us spend 2 months in every project to „ripp it apart“ and fix/repair/rebuild major functionality (which changes every 6 months because of „updates“.

After a week of reading the scarce (aka non-existing) docs and decompiling and debugging hybris code, we found out (besides dozends of bugs) that this is not going to be easy. The domain model is fucked up - both CartModel and OrderModel extend AbstractOrderModel. Though we only need functionality that is in the AbstractOrderModel, the hybris guys decided (for an unknown reason) to use OrderModel in every single fucking method (about 30 nested calls ….). So what shall we do, we don’t have an order yet, only a cart. Fuck lets fake an order, push it through use the results and dismiss the order … good idea!? BAD IDEA (don’t ask …). So after a week or two we changed our strategy: create duplicate interface for nearly all (spring) services with changed method signatures that override the hybris beans and allow to use CartModels (which is possible, because within the super methods, they actually „cast" it to AbstractOrderModel *facepalm*).
After about 2 months (2 people full time) we have a working „prototype“. It works with the default-sample-accelerator data. Unfortunately the customer wanted to have it’s own dateset in the system (what a shock). Well you guess it … everything collapsed. The way the customer wanted to "have it working“ was just incompatible with the way hybris wants it (yeah yeah SAP, hybris is sooo customizable …). Well we basically had to rewrite everything again.
Just in case your wondering … the requirements were clear in the beginning (stick to the standard! [configuration/functinonality]). Well, then the customer found out that this is shit … and well …

So some months later, next big thing. I was appointed technical sublead (is that a word)/sub pm for the topics‚delivery service‘ (cart, delivery time calculation, u name it) and customerregistration - a reward for my great work with the b2b approval process???

Customer's office: 20+ people, mostly SAP related, a few c# guys, and drumrole .... the main (external) overall superhero ‚im the greates and ur shit‘ architect.
Aberage age 45+, me - the ‚hybris guy’ (he really just called me that all the time), age 32.
He powerpoints his „ tables" and other weird out of this world stuff on the wall, talks and talks. Everyone is in awe (or fear?). Everything he says is just bullshit and I see it in the eyes of the others. Finally the hybris guy interrups him, as he explains the overall architecture (which is just wrong) and points out how it should be (according to my docs which very more up to date. From now on he didn't just "not like" me anymore. (good first day)
I remember the looks of the other guys - they were releaved that someone pointed that out - saved the weeks of useless work ...

Instead of talking the customer's tongue he just spoke gibberish SAP … arg (common in SAP land as I had to learn the hard way).
Outcome of about (useless) 5 meetings later: we are going to blow out data from informatica to sap to azure to datahub to hybris ... hmpf needless to say its fucking super slow.
But who cares, I‘ll get my own rest endpoint that‘ll do all I need.

First try: error 500, 2. try: 20 seconds later, error message in html, content type json, a few days later the c# guy manages to deliver a kinda working still slow service, only the results are wrong, customer blames the hybris team, hmm we r just using their fucking results ...
The sap guys (customer service) just don't seem to be able to activate/configure the OOTB odata service, so I was told)
Several email rounds, meetings later, about 2 months, still no working hybris integration (all my emails with detailed checklists for every participent and deadlines were unanswered/ignored or answered with unrelated stuff). Customer pissed at us (god knows why, I tried, I really did!). So I decide to fly up there to handle it all by myself

A friend saw me on stack overflow and said 'wow, 4,000 points - you must do this all day.' I explained that I just do it to reinforce my understanding and not really for points(although those are useful for bounties). I showed them an account with 22k and tried to show how one might choose questions for maximum points vs quick solves for noobs etc. I write overly thorough answers to try and pin-point the blind spot as opposed to just fixing other people's code. It's not often rewarded by points. My friend - conspiracist - was convinced that the 20+k accounts were cheating the system.

At my old work we had a stack overflow account just for asking embarrassing questions that you didn't want on the company record. Silly, I know. Occasionally some of the guys would use it to have fake arguments or just cause trouble for fun / vote each other's stuff up.

So - I reached into 1Password and signed into that account and showed him that you could essentially vote up your answers but that it's not likely how people get points. I voted up my last 5 personal answers as an example and made some comment like 'that is right.' And that was that. Closed the computer. The next day my account was suspended and I was reprimanded for sockpuppeting. So, - in case you think you can get away with cheap tricks - you can't, which is nice to know - but after reading the email - my face was red for hours. How embarrassing! Not quite as bad as that time I got caught stealing a G.I. Joe action figure at the mall...

My job sends out emails with things like "You won a prize!" In the subject line with embarrassingly vague reasons to click the links in the email. If you do, the links take you to a site where they slap your wrists for clicking an unknown link and teach you about the dangers of phishing.

It's fake spam. Ironically enough, though, it's the ONLY spam I ever get. It's more annoying than real spam because it never gets blocked by the system like an actual phishing attack would...

It is driving me crazy having to delete these stupid messages every day and they're clogging up my otherwise clean inbox! I don't even know who to contact about this bullshit because they're so "haha we got you!" about it, there's no department claiming responsibility. They're creating their own spam trying to prevent spam. What the hell?

So here's my problem. I've been employed at my current company for the last 12 months (next week is my 1 year anniversary) and I've never been as miserable in a development job as this.

I feel so upset and depressed about working in this company that getting out of bed and into the car to come here is soul draining. I used to spend hours in the evenings studying ways to improve my code, and was insanely passionate about the product, but all of this has been exterminated due to the following reasons.

Here's my problems with this place:

1 - Come May 2019 I'm relocating to Edinburgh, Scotland and my current workplace would not allow remote working despite working here for the past year in an office on my own with little interaction with anyone else in the company.

2 - There is zero professionalism in terms of work here, with there being no testing, no planning, no market research of ideas for revenue generation – nothing. This makes life incredibly stressful. This has led to countless situations where product A was expected, but product B was delivered (which then failed to generate revenue) as well as a huge amount of development time being wasted.

3 - I can’t work in a business that lives paycheck to paycheck. I’ve never been somewhere where the salary payment had to be delayed due to someone not paying us on time. My last paycheck was 4 days late.

4 - The management style is far too aggressive and emotion driven for me to be able to express my opinions without some sort of backlash.

5 - My opinions are usually completely smashed down and ignored, and no apology is offered when it turns out that they’re 100% correct in the coming months.

6 - I am due a substantial pay rise due to the increase of my skills, increase of experience, and the time of being in the company, and I think if the business cannot afford to pay £8 per month for email signatures, then I know it cannot afford to give me a pay rise.

7 - Despite having continuously delivered successful web development projects/tasks which have increased revenue, I never receive any form of thanks or recognition. It makes me feel like I am not cared about in this business in the slightest.

8 - The business fails to see potential and growth of its employees, and instead criticises based on past behaviour. 'Josh' (fake name) is a fine example of this. He was always slated by 'Tom' and 'Jerry' as being worthless, and lazy. I trained him in 2 weeks to perform some basic web development tasks using HTML, CSS, Git and SCSS, and he immediately saw his value outside of this company and left achieving a 5k pay rise during. He now works in an environment where he is constantly challenged and has reviews with his line manager monthly to praise him on his excellent work and diverse set of skills. This is not rocket science. This is how you keep employees motivated and happy.

9 - People in the business with the least or zero technical understanding or experience seem to be endlessly defining technical deadlines. This will always result in things going wrong. Before our mobile app development agency agreed on the user stories, they spent DAYS going through the specification with their developers to ensure they’re not going to over promise and under deliver.

10 - The fact that the concept of ‘stealing data’ from someone else’s website by scraping it daily for the information is not something this company is afraid to do, only further bolsters the fact that I do not want to work in such an unethical, pathetic organisation.

11 - I've been told that the MD of the company heard me on the phone to an agency (as a developer, I get calls almost every week), and that if I do it again, that the MD apparently said he would dock my pay for the time that I’m on the phone. Are you serious?! In what world is it okay for the MD of a company to threaten to punish their employees for thinking about leaving?! Why not make an attempt at nurturing them and trying to find out why they’re upset, and try to retain the talent.

Now... I REALLY want to leave immediately. Hand my notice in and fly off. I'll have 4 weeks notice to find a new role, and I'll be on garden leave effective immediately, but it's scary knowing that I may not find a role.

My situation is difficult as I can't start a new role unless it's remote or a local short term contract because my moving situation in May, and as a Junior to Mid Level developer, this isn't the easiest thing to do on the planet.

I've got a few interviews lined up (one of which was a final interview which I completed on Friday) but its still scary knowing that I may not find a new role within 4 weeks.

Advice? Thoughts? Criticisms?

Love you DevRant <3

So one of my clients had a different company do a penetrationtest on one of my older projects.

So before hand I checked the old project and upgraded a few things on the server. And I thought to myself lets leave something open and see if they will find it.

So I left jquery 1.11.3 in it with a known xss vulnerability in it. Even chrome gives a warning about this issue if you open the audit tab.

Well first round they found that the site was not using a csrf token. And yeah when I build it 8 years ago to my knowledge that was not really a thing yet.

And who is going to make a fake version of this questionair with 200 questions about their farm and then send it to our server again. That's not going to help any hacker because everything that is entered gets checked on the farm again by an inspector. But well csrf is indeed considered the norm so I took an hour out of my day to build one. Because all the ones I found where to complicated for my taste. And added a little extra love by banning any ip that fails the csrf check.

Submitted the new version and asked if I could get a report on what they checked on. Now today few weeks later after hearing nothing yet. I send my client an email asking for the status.

I get a reaction. Everything is perfect now, good job!

In Dutch they said "goed gedaan" but that's like what I say to my puppy when he pisses outside and not in the house. But that might just be me. Not knowing what to do with remarks like that. I'm doing what I'm getting paid for. Saying, good job, your so great, keep up the good work. Are not things I need to hear. It's my job to do it right. I think it feels a bit like somebody clapping for you because you can walk. I'm getting off topic xD

But the xss vulnerability is still there unnoticed, and I still have no report on what they checked. So I have like zero trust in this penetration test.

And after the first round I already mentioned to the security guy in my clients company and my daily contact that they missed things. But they do not seem to care.

Another thing to check of their to do list and reducing their workload. Who cares if it's done well it's no longer their responsibility.

2018 disclaimer: if you can't walk not trying to offend you and I would applaud for you if you could suddenly walk again.

this just happened a few seconds ago and I am just laughing at the pathetic site that is Facebook. xD
4 years ago:
So I was quite a noobie gamer/hacker(sort of) back then and i had a habit of having multiple gmail/fb accounts, just for gaming, like accounts through which i can log in all at once in the same poker room, so 4/5 players in the game are me, or just some multiple accounts for clash of clans for donations.
I had 7-8 accounts back then. one had a name that translated to "may the dead remain in peace "@yahoomail.com . it was linked to fb using same initials. after sometime only this and 2 of my main accs were all i cared about.even today when i feel like playing, i sometimes use those accs.

2 years ago.
My dad is a simple man and was quite naive to modern techs and used to hang around with physical button nokia phones.But we had a business change, my father was now in a partnership in a restaurant where his daily work included a lot of sitting job and and casual working. So he bought a smartphone for some time pass.
He now wanted to download apps and me to teach him.I tried a lot to get him his own acc, but he couldn't remember his login credentials.
so at the end i added one of my own fake ID's(maythedead...) so he could install from playstore, watch vids on youtube and whatever.

The Actual Adventure starts now
Today, 1 hour ago:
I had completely forgot about this incident, since my parents are now quite modern in terms of tech.
But today out of nowhere i recieved an email that someone has JUST CHAINGED MY FB PASSWORD FOR ONE OF MY FAKE ACCS!?!??
what the hell, i know it was just a useless acc and i never even check my fb from any acc these days, but if someone could login into that acc, its not very difficult to track my main accs, id's, etc so i immediately opened this fb security portal and that's where the stupidity starts:

1)To recover your account they FUCKIN ASKS FOR A PHYSICAL ID. yeah, no email, no security question you have to scan your driving license or passport to get back to your account.And where would I get a license for some person named "may the dead remain in peace"? i simply went back.
2) tried another hack that i thought that will work.Closed fb help page, opened fb again , tried to login with my old credentials, it says" old password has been changed,please enter new password", i click forget password and they send an otp. i thought yes i won, because the number and recover mail id was mine only so i received it.
when i added the otp, i was first sent to a password change page (woohoo, i really won! :)) but then it sends me again to the same fuckin physical id verification page.FFFFFFFFFuck

3)I was sad and terrified that i got hacked.But 10 mins later a mail comes ,"Your Facebook password was reset using the email address on Tuesday, April 10, 2018 at 8:24pm (UTC+05:30)."
I tried clicking the links attached, hoping that the password i changed(point<2>) has actually done something to account.NADA, the account still needs a physical license to open:/

4) lost, i just login to my main account and lookup for my lost fake account. the fun part:my account has the display pic of my father?!!?!
So apparently, my father wanted to try facebook, he used the fake account i gave him to create one, fb showed him that this id already has an fb account attached to it and he accidently changed my password.MY FATHER WAS THE HACKER THE WHOLE TIME xD.
but response from fb?" well sir, if you want your virtually shitty account back , you first will have to provide us with all details of your bank transactions or your voter id card, maybe trump will like it"

Fucking finally

So some asshole keeps sending phishing emails to every student and prof in our university and the IT department is too pathetic to block it. They all come from the same email and contain the same text yet they cant filter it and just send warnings not to click it.

Im getting sick of recieving 5 of these a day, i scanned and viewed the page and its just a simple form copying the outlook login page with a redirect to the actual page after submission.

Whats the easiest way to write a script that will spam them with thousands of fake accounts? How can i fuck with these guys?

There is a new phishing site going around called "rogstrike.com" that is being spread by Steam DMs.

Infected asks victim to "vote for their team" and in order to do that, you need to login with steam. The steam login part is sketchy af, litterally spawns a fake new window in the same tab. Doesn't matter what OS you use, it's always Win 10 styled. Lol.

I reported on twitter and via email, i'll see what they will do.

I was testing a change on my local copy of our companies calendar application under my co workers account because he has different settings.
Turns out email notifications are working, and I've been spamming people about fake events under my co workers name.
Whoops

When my manager, blatantly miscommunicated several things to me a couple of years ago, and scapegoated me by saying a comment I NEVER once heard said about me, in any context ever, "you communicate badly-- you need to communicate better", I took it seriously.

Fast forward, two years later. I'm doing wonderful at my job, yet I cannot get over that incident. I thought about it some more. Why did she say that to me? Why did she address it to me after her mistake? Why was she not aware of the real reason I missed the meeting?

Out of all useful bits of knowledge I gathered over the years, it's kinda comical that psychology came in the most handy at the workplace. There's very little to be gained from trying to psychoanalyze strangers, friends, and family... but it's almost saved my life at the job.

You see, if I attack an approach even in the most formal tones, or even worse, defend my approach, there's nothing coming from that. The situation now becomes my situation. When I become "aware" of the truth of the situation I become able to control the situation, not just myself. That way, you're not in a fisticuff fight with your boss, and you are not left defeated by the situation. Exercising control of the situation in such a manner that they are left defeated by the situation, not by you directly, is the only way you can win as an employee.
Any other way, you'll get under-appreciated, underpaid, overworked, overlooked, etc.
So, my boss at the time, was defeated by the situation of her being a bad leader; and instead of clarifying those feelings to me or ignoring them entirely... she validated her false self using her real emotions.

You can only reverse that, by developing fake emotions, to display a real self.

They can't blame you, and when they feel self-defeated, they cannot pretend it was you who caused it (bringing it back to a sane level of reality). They might rage if they're childish but it will not cause a single hair in your body to twitch because you did not "respond to their email" or "throw someone under the bus for their convenience", the situation did, they beat themselves by attacking you while the situation came down on them.
If I had to explain I would say that the situation is controlled by creating a mirror of the employee that follows their orders perfectly. That employee won't feel defensive: they already do everything right. The employee is crafted by becoming aware of the teams impacted in the situation and their true intent and creating "the situation", "the owner".
"The owner" reflects to people from the perspective of the situation and not from your own. This way you can't make a wrong move and are not emotionally involved with yourself.
It enables you to emotionally notice others. It also makes you safe, because you have the situation-mirror that's really doing the battling. The situation-mirror eventually creates a situation where the other person starts attacking reality (the situation) instead of attacking you.

Now, it's up to you whether you want to use that as a way to cooperate with your boss to beat this new reality, or as a way to gain coherence on your reality outside of your boss. I have noticed most people tend to realize this somewhere along the line and retreat and stop fighting, and quit their jobs.

I've been doing this in a corporate environment for a couple of weeks. I have already become greatly stressed and subjugated by the company for which my company works for. 20 of them sit here every day and devalue everything. Yet.... They're completely incompetent, spoilt, lazy and worst of all, they control how the software is being created. There isn't a single person on their side responsible for their requests to make sense and work with each other. So you can imagine how much blame they need to assign to us devs. They don't know what they want but want something anyway and then they'll see if that's what they want but everything under the tightest deadline possible. They're all clients and they all escalate to the board of directors any bad word directed at them. So you can imagine the narcissism that develops in that environment.
I have made them argue with reality and self-defeat numerous times. They have now started to back off and are being more polite and courteous. They have also not escalated anything anymore. Just as I was faking "happy" while I felt intimidated by them. I have not committed a single angry act and yet they are not feeling superior anymore. The reality of the situation is that we need to make a software and if you make them battle this instead of battling you, they can't beat you.

Brave Browser.

There’s a reason why brave is generally advised against on privacy subreddits, and even brave wanted it to be removed from privacytools.io to hide negativity.

Brave rewards: There’s many reasons why this is terrible for privacy, a lot dont care since it can be “disabled“ but in reality it isn’t actually disabled:

Despite explicitly opting out of telemetry, every few secs a request to: “variations.brave.com”, “laptop-updates.brave.com” which despite its name isn’t just for updates and fetches affiliates for brave rewards, with pings such as grammarly, softonic, uphold e.g. Despite again explicitly opting out of brave rewards. There’s also “static1.brave.com”

If you’re on Linux curl the static1 link. curl --head
static1.brave.com,
if you want proof of even further telemetry: it lists cloudfare and google, two unnecessary domains, but most importantly telemetry domains.

But say you were to enable it, which most brave users do since it’s the marketing scheme of the browser, it uses uphold:

“To verify your identity, we collect your name, address, phone, email, and other similar information. We may also require you to provide additional Personal Data for verification purposes, including your date of birth, taxpayer or government identification number, or a copy of your government-issued identification
Uphold uses Veriff to verify your identity by determining whether a selfie you take matches the photo in your government-issued identification. Veriff’s facial recognition technology collects information from your photos that may include biometric data, and when you provide your selfie, you will be asked to agree that Veriff may process biometric data and other data (including special categories of data) from the photos you submit and share it with Uphold. Automated processes may be used to make a verification decision.”

Oh sweet telemetry, now I can get rich, by earning a single pound every 2 months, with brave taking a 30 percent cut of all profits, all whilst selling my own data, what a deal.

In addition this request: “brave-core-ext.s3.brave.com” seems to either be some sort of shilling or suspicious behaviour since it fetches 5 extensions and installs them. For all we know this could be a backdoor.

Previously in their privacy policy they shilled for Facebook, they shared data with Facebook, and afterwards they whitelisted Facebook, Twitter, and large company trackers for money in their adblock: Source. Which is quite ironic, since the whole purpose of its adblock is to block.. tracking.

I’d consider the final grain of salt to be its crappy tor implementation imo. Who makes tor but doesn’t change the dns? source It was literally snake oil, all traffic was leaked to your isp, but you were using “tor”. They only realised after backlash as well, which shows how inexperienced some staff were. If they don’t understand something, why implement it as a feature? It causes more harm than good. In fact they still haven’t fixed the extremely unique fingerprint.

There’s many other reasons why a lot of people dislike brave that arent strictly telemetry related. It injecting its own referral links when users purchased cryptocurrency source. Brave promoting what I’d consider a scam on its sponsored backgrounds: etoro where 62% of users lose all their crypto potentially leading to bankruptcy, hence why brave is paid 200 dollars per sign up, because sweet profit. Not only that but it was accused of theft on its bat platform source, but I can’t fully verify this.

In fact there was a fork of brave (without telemetry) a while back, called braver but it was given countless lawsuits by brave, forced to rename, and eventually they gave up out of plain fear. It’s a shame really since open source was designed to encourage the community to participate, not a marketing feature.

Tl;dr: Brave‘s taken the fake privacy approach similar to a lot of other companies (e.g edge), use “privacy“ for marketing but in reality providing a hypocritical service which “blocks tracking” but instead tracks you.

tldr; Finally my NordVPN subscription comes to an end so I was looking at other VPN providers and I chose Mullvad. So far, it is an amazing experience.

It has been 2 years since I was using NordVPN. It was great at first but soon first problems started to appear. Speeds were not exactly breathtaking and I barely sqeezed more than 40Mb out of it. Another problem was connecting from PC to PC on local network with both of them connected to VPN. I never found a working solution.
Then Tefincom started pushing it literally everywhere. Ads on YouTube (+ partnerships), fake websites redirecting to NordVPN, etc. That was when I decided to just fucking wait until my subscription ends so I can finally delete my account there...
Today is the day. I decided to go Mullvad because it seemed to be really privacy focused (don't kill me - I know I can't have *real* privacy with VPN, but you also can't have that with your own VPN) - they don't know anything about me, no email, no name, no payment data (Bitcoin Cash). Speeds are absolutely f*cking amazing and also local network works!

I deployed one of our staging websites to a free plan because the site is rarely used. Project Manager sends the stakeholders the new url. There will be a lot of 🤦‍♀️🤦‍♂️🤦 all around. Some of it’s my fault. A lot of it is just WTF.

Stakeholder: We still need the staging site because we don’t want to test in the live site…

PM: Okay. We didn’t say we were deleting the site. We are just moving it to a new and better hosting platform, so we’re letting you know the url has changed.

Stakeholder: This url is for the front facing page. How do I access the backend? [they mean the admin interface]

Me: The only thing that’s changed is the url for the staging website. So domain-A/account is now domain-B/account.

I thought that was a pretty straightforward way of explaining things, that even a non technical person would get it. They took the /account example as the literal login url.

Stakeholder: I forgot the password for our admin login and I submitted a password reset, but I realize I don’t know if I have access to the admin email. Or if it’s even a real email account.

WTF

I look back at the email chain and I realize that I gave the PM the wrong url.

Also, WTF x 2. How did this stakeholder not realize they were looking at the wrong website?? There are definitely noticeable style and content differences. And why would you have an admin login that uses a fake email??

Me: My apologies. I sent over the incorrect url. My instructions are mostly the same. All that’s changed is the domain.

Stakeholder’s assistant: [DMs me] How do we access the backend?

WTF…are they seriously playing this game and demanding I type out the url for them?! 🤬 I’m not playing this game and I just copy and paste the example that I already sent over.

They figure it out eventually. Apparently, they never used /account to login before They used /admin/index… but that would still bring them to /account, but with ?redirect=/admin/index appended to the url if they weren’t logged in. Again, WTF.

I know I made mistakes in this whole thing, but damn. I can’t even. I’m pretty sure this whole incident is fueling my boss’s push to stop supporting this particular website anymore so I can focus on sites that actually bring in revenue…and have stakeholders that aren’t looney and condescending like this.

After waiting weeks and weeks for my account to be deleted (they asked for email to support for that, altough egistration takes 5s) I finally asked last time, this time using magical word "GDPR"

Got my account and data deleted under an hour and now their account settings page have delete account button. Even if it's this fake one which only changes email/id to prefixed one, still it was worth it.

Is anyone else annoyed and / or bothered with how google handles the publishing of apps on its store.

Like I have an account for a client with the clients name and all other his data. I publish a new app on his account with the same name as his account and the app gets rejected for copyright violation because the name and material are copyrighted to the client who is publishing the app.

This is the scenario:

Lets call the client Luis, and he has a developer account named Luis with email luis@luis.com

And the app is called Luis, but when I tried to publish it it was rejected because it contains copyrighted material from Luis.

Wtf?!?!???

Like I understand they need to protect the store from fake apps and all, but how do I give myself the permission to use something I own ?

And now I need to find a way for a client to make a contract from him to him for his material so that google will publish the app

wait,
if there are 3.4 Billions FaceBook fake users, that means than there are also at least 3.4 Billions fake email accounts around. Jeez.

And the spam traffic estimates are at 260Billions email per day or 260B/3.4B=76 emails sent by each fake email accounts per day. Much less as probably fake email accounts are more.

So, only 76 spam emails sent per account per day. I think there is still room for a big improvement

Got a scammer on my hook. Ideas welcome to fuck him/her over.

He/she confused me with someone else and messaged me acting as a support person of an exchange. I acted along and s/he is insisting on sharing account details.

Played along like a dumb internet noob and I think I got him to share his fake email id.

Now I'm thinking of ways to extract more details about him via email.

From top of my mind, these are some ideas I have:
- get his IP address
- zip bomb or something like that? But g mail is probably gonna detect that.

Ideally, If I could social engineer him to give his phone number, I could easily report him to police and find his identity.

Have you busted some scammers? Would appreciate some tips.

Used own fake/spam mail to sign up here... (real address I kept for several years)

Wants to get stickers but need to send them real name and address with this email account..

Well fuck :~

guide to make successful software house company for future me:

1.find shortest domain name with code / star / best / it / super / ai / - whatever banger word you find
2. parse companies work board / linkedin jobs
3. parse people profiles
4. setup email server and create fake linkedin profiles that match jobs and candidates so company looks big
5. fake c-level management so company looks big
6. spam likes and create posts generated by ai from multiple profiles
7. spam invitations to people that match job descriptions and to people working within companies posting jobs
8. offer fake candidates that match job description
9. find real but less promising candidates and offer them the job
10. tell that fake candidate is no longer available but you have someone better

success

My school has a completely open SMTP server. A friend today who works for the tech department just showed me how anyone could fake an email. He did this by sending me an email as the president of the school, it looked legit. He told the security dudes but they can't secure it due to legacy systems. This is madness surely!?! Is open SMTP as bad as I think? (It is at least only accessible on the schools network).

What's wrong with the fake messages on #LinkedIn ?????
a long message talk about making business and something and in the end of it it says just email me and you'll know everything!

Why don't you just text me here...well that's when the fake alarm rings.

Testing some new SAAS. Need registration put some mailinator email. Test continues​

Sometimes I respond to spam email with a fake account because I'm that bored.

I have a really sad life

created about 1000 test users for my system all with fake email addresses. forgot about the welcome email that goes out. SendGrid was not happy with all the bounces and trashed the reputation score. whoops

Is there any anonymous chat app for developers??.. i am not talking about creating a fake name or email id to stay anonymous but truly anonymous?