Buy it, use it, break it, fix it
Trash it, change it, mail - upgrade it
Charge it, point it, zoom it, press it
Snap it, work it, quick - erase it
Write it, cut it, paste it, save it
Load it, check it, quick - rewrite it
Plug it, play it, burn it, rip it
Drag and drop it, zip - unzip it
Lock it, fill it, call it, find it
View it, code it, jam - unlock it
Surf it, scroll it, pause it, click it
Cross it, crack it, switch - update it
Name it, rate it, tune it, print it
Scan it, send it, fax - rename it
Touch it, bring it, pay it, watch it
Turn it, leave it, start - format it

*my first day on the job to work on a website used by dozens of companies worldwide and 1000s of users*

me: So where can I find the git repository?
dev: Git?
me: Uh... what kind of source control do you use?
dev: We don't use anything fancy like that.
me: *freaking out a little, I already committed to this job*
me: So then where do you edit your code and how do you back it up?
dev: Oh, I just edit it on FTP and zip all the code every week.

Buy it, use it, break it, fix it,
Trash it, change it, mail, upgrade it,
Charge it, point it, zoom it, press it,
Snap it, work it, quick, erase it,
Write it, cut it, paste it, save it,
Load it, check it, quick, rewrite it
Plug it, play it, burn it, rip it,
Drag and drop it, zip, unzip it,
Lock it, fill it, curl it, find it,
View it, code it, jam, unlock it
Surf it, scroll it, pose it, click it
Cross it, crack it, twitch, update it,
Name it, read it, tune it, print it,
Scan it, send it, fax, rename it,
Touch it, bring it, pay it, watch it,
Turn it, leave it, stop, format it.

What you see in that screenshot, that was earned.

I'm on the plane and I want an hour of free Gogo (read: crappy) WiFi on my laptop (so I can push the code I'm probably the most proud of, more on that another time). The problem is that the free T-Mobile WiFi is apparently only available on mobile.

So after trying to just use responsive mode, and that still (almost obviously) not working. I realize it's time to bring in the big guns: A User Agent switcher. Small catch: I don't have an add-on for FF that can do that.

So on my phone I find an add-on that can and download the file. To send it to my computer, I initially thought to go through KDEConnect, but Gogo's network also isolates each system, so that doesn't work. So I try to send it over Bluetooth, except I can't. Why? Because Android's Bluetooth share "doesn't support" the .xpi extension, so I dump it in a zip (in retrospect, I should have just renamed it), and now I can share.

After a few tries, I successfully get the file over, extract the zip, and install the extension. Whew! Now I open up Gogo's page and proceed to try again, but this time I change the user-agent. Doesn't work... Ah! Cookies! I delete the cookies for Gogo (I had a cookie editor add-on already), but I had to try a few times because Gogo's scripts keep trying to, but I got it in the end.

Finally that stupid error saying it's for phones only went away, and I could write this rant for you.

This is something I'll never forget.

I'm a senior UI engineer. I was working at a digital agency at the time and got tasked with refactoring and improving an existing interface from a well known delivery company.

I open the code and what do I find? Indentation. But not in the normal sense. The indentation only went forward, randomly returning a bunch of tabs back in the middle of the file a few times, but never returning to its initial level after closing a tag or function, both on HTML and JS.

Let that sink in for a minute and try to imagine what it does to your editor with word wrapping (1 letter columns), and without (absurd horizontal scrolling).

Using Sublime at the time, ctrl+shift+P, reindent. Everything magically falls beautifully into place. Refactor the application, clean up the code, document it, package it and send it back (zip files as they didn't want to provide version control access, yay).

The next day, we get a very angry call from the client saying that their team is completely lost. I prove to the project manager that my code is up to scratch, running fine, no errors, tested, good performance. He returns to the client and proves that it's all correct (good PM with decent tech knowledge).

The client responds with "Yeah, the code is running, but our team uses tabs for version control and now we lost all versioning!".

Bear in mind this was in 2012, git was around for 7 years then, and SVN and Mercury much longer.

I then finally understood the randomness of the tabs. The code would go a bunch of tabs back when it went back to a previous version, everything above were additions or modifications that joined seamlessly with the previous version before, with no way to know when and so on.

I immediately told the PM that was absurd, he agreed, and told the client we wouldn't be reindenting everything back for them according to the original file.

All in all, it wasn't a bad experience due to a competent PM, but it left a bad taste in my mouth to know companies have teams that are that incompetent, and that no one thought to stop and say "hey, this may cause issues down the line".

Oh fucking Huawei.
Fuck you.
Inventory:
- Honor 6x (BLN-L22C675)
- Has EMUI4.1 Marshmallow
- Cousin brother 'A' (has bricking XP!)
- Uncle 'K'
- Has Mac with Windows VM
Goal:
- Stock as LineageOS / AOSP

Procedure (fucking seriously):
- Find XDA link to root H6X
- Go to Huawei page and fill out form
- Receive and use bootloader code
- Find latest TWRP
- Flash latest TWRP
- TWRP not working? Bootloops
- XDA search "H6X boot to recovery"
- Find and try modded TWRP
- TWRP fails, no bootloop
- Find & flash TWRP 3.1.0
- Yay! TWRP works
- Find and download LineageOS and SuperSU
- Flash via TWRP
- Yay! Success.
- Attempt boot
- Boot fails. No idea why
- Go back to TWRP
- TWRP gives shitload of errors
"cannot mount /data, storage etc."
- Feel fucked up
- Notice that userdata partition exists,
but FSTAB doesn't take
- Remembers SuperSU modded boot
image and FSTABS!
- Fuck SuperSU
- Attempt to mod boot image
- Doesn't work (modded successfully
but no change)
- Discover Huawei DLOAD
Installer for "UPDATE.APP" OTAs
Note: Each full OTA is 2+ GB zipped
- Find, download, fail on 4+ OTAs
- Discover "UPDATE.APP Extractor"
Runs on Windows
Note: UPDATE.APP custom format
Different per H6X model
- Uses 'K''s VM to test
- My H6X model does not have
a predefined format
- Process to get format requires
TWRP, which is not working
- FAIL HERE
- Discover "Firmware Finder"
Windows app to find Huawei
firmwares
- Tries 'K''s VM
- Fails with 1 OTA
- Downloads another firmware ZIP
- Unzips and tries to use OTA
- Works?!
- Boots successfully?!
- Seems to have EMUI 5.0 Nougat
- Downloads, flashes TWRP
- TWRP not working AGAIN?
- Go back to XDA page
- Find that TWRP on EMUI 5 - NO
- Find rollbacks for EMUI5 -> EMUI4
- Test, fail 2-4 times (Massive OTAs)
- DLOAD accepts this one?!!!
- I HAVE ORIG AGAIN!!!
- Re-unlock and reflash TWRP
- Realise that ROMs aren't working on
EMUI 4.1; Find TWRPs for EMUI5
- Find and fail with 2-3 OTAs
Note: Had removed old OTAs for
space on Chromebook (32GB)
- In anger, flash one with TWRP
instead of DLOAD (which checks
compatability)
- Works! Same wasn't working with
DLOAD
- Find and flash a custom TWRP
as old one still exists (not wiped in
flash)
- Try flashing LineageOS
- LineageOS stuck in boot
- Try flashing AOSP
- Same
- Try flashing Resurruction Remix
- Same
- Realise that need stock EMUI5
vendor
- Realise that the firmware I installed
wasn't for my device so not working
- FUCK NO MORE LARGE DLs
- Try another custom TWRP
- Begin getting '/cust mounting' errs
- Try reflashing EMUI5 with TWRP
- Doesn't work
- Try DLOADing EMUI5
- Like before, incompatability
- DLOAD EMUI4
- Reunlock and reflash TWRP
- WRITE THIS AS A BREAK
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAARRRRRRRRRRRRRRRRRRRRRRRRGGGGGGGGGGGGGGGGGGGGGGGGGHHHHHHHHHHHHHH

Oh boy I got a few. I could tell you stories about very stupid xss vectors like tracking IDs that get properly sanitized when they come through the url but as soon as you go to the next page and the backend returns them they are trusted and put into the Dom unsanitized or an error page for a wrong token / transaction id combo that accidentally set the same auth cookie as the valid combination but I guess the title "dumbest" would go to another one, if only for the management response to it.

Without being to precise let's just say our website contained a service to send a formally correct email or fax to your provider to cancel your mobile contract, nice thing really. You put in all your personal information and then you could hit a button to send your cancelation and get redirected to a page that also allows you to download a pdf with the sent cancelation (including all your personal data). That page was secured by a cancelation id and a (totally save) 16 characters long security token.

Now, a few months ago I tested a small change on the cancelation service and noticed a rather interesting detail : The same email always results in the same (totally save) security token...
So I tried again and sure, the token seemed to be generated from the email, well so much about "totally save". Of course this was a minor problem since our cancelation ids were strong uuids that would be incredibly hard to brute force, right? Well of course they weren't, they counted up. So at that point you could take an email, send a cancelation, get the token and just count down from your id until you hit a 200 and download the pdf with all that juicy user data, nice.

Well, of course now I raised a critical ticket and the issue was fixed as soon as possible, right?
Of course not. Well I raised the ticket, I made it critical and personally went to the ceo to make sure its prioritized. The next day I get an email from jira that the issue now was minor because "its in the code since 2017 and wasn't exploited".

Well, long story short, I argued a lot and in the end it came to the point where I, as QA, wrote a fix to create a proper token because management just "didn't see the need" to secure such a "hard to find problem". Well, before that I sent them a zip file containing 84 pdfs I scrapped in a night and the message that they can be happy I signed an NDA.

We recently had an error in legacy systems about a user trying to find photographers in Virginia but somehow it shows photographers in Mexico. Apparently it's because both Mexico and Virginia have the same zip code XD guess whatever it uses to search stuff didn't think the company would be used past the US.

> be me
> be developing a react native app
>realize the iPhone X notch is clipping your content on the first/home screen of the app
>google says: simple fix
>find a built-in react native thing to add safe area padding
> refresh the app
> ohno.png
> the other screens with navigation bars already have built in padding
> TOOMUCHPADDING.jpeg
> remove safe area thingy
> finds a clever, not particularly hacky way to pad the home screen without showing the header bar by setting its height to 0 and the color to match the content background
> more-problems.app
> there’s a small 1–pixel light colored line separating the header from the content clearly breaking the otherwise continuous single color background
> google.sh
> wtf.txt
> stackoverflow.html
> no responses except something I’d already done
> keep experimenting
> tries basically everything to figure out where that line is coming from
>sets borders to thicccc and bright red
>no bottom border? Ok that’s not it
>opacity?
>forgetaboutit.mov
>try shifting the header position around by a few pixels? Maybe it’s misaligned with the white parent layer underneath?
> nope.jpg
>it’s past bedtime
>Sleep.jpg
>thenextday(today).zip
> what about the content? Is that misaligned?
> nope2.jpg
>Maybe its an iOS feature not a react thing?
> make a test Xcode project, completely native to test
> negative.dng (pun intended)
> more-furious-googling.mp3
> find a native iOS stackOverflow question with the same issue (1px line)
> realize your Xcode test wasn’t done properly.
>atleastimmakingprogress.iso
> start looking into the SO post
>it’s native so I have to find out how to do it in react-native
>invent a bunch of style parameters that don’t exist in the documentation to see if there’s an undocumented thing
>loadsaloadsaerrors.log
>googles for a react native version of the iOS only SO post
> somethingpromising.tar.gz
> *tries it*
> “Haha nope” -my code
> whataboutthisotherthing.bin
> KENSISHSBUCNEGWISBVSIDNRVSIDNFIRJRBDKFNFIDJFIFKFNR
> HOLY FUCK
> IT WORKED
> AFTER TWO FUCKING DAYS OF SHITTERY AND SHENANIGANS
>AND MANY STACKOVERFLOW EDITS TO A NOW VERY MESSY POST
>THEREISNOMOREBORDER(final).zip
>*screams of relief*

A long long time ago ( 2007 I think ) I worked for a company that made landing sites, so basically an email campaign would go out, users would be sent to a 1 page website with a form to capture their data, ready to be spammed even more. You know how it was back then.

So I worked with a guy who we had just hired, I didn't do the hiring but his CV checked out, so I gave him one of my tasks. Now most pages were made with js and html, with a PHP backend ( called with Ajax). Now this guy didn't know PHP so I was like all good, ASP works too at the end of the day we don't judge, we do like 2 or 3 of these a day and never look at them again. So he goes of and does is thing.

3 weeks later, the customer calls up to me they still haven't received their landing page. Ok so he probably forgot to email the customer np, I tell him to double check he has emailed the customer. Another week goes by end the customer calls back, same problem. At this point I'm getting worried, because we're days away from the deadline and it was originally my task.

So I go back to the guy and I tell him I want that landing page so I can send it myself, half thinking to myself that we had a freeloader, that guy that comes in to companies for 3 weeks, doesn't work, but still cashes his pay. But no, this was much worse.

So he tells me he has finished yet. I ask him why, what's the blocker ? You had 4 weeks to tell me you were blocked and couldn't progress. And his answer was simply, because I wasn't blocked I have been working on it this whole time. So I tell him to zip his project up and email it to me. We didn't do SVN or git back then, simply wasn't worth it. So he comes back to me and says the email server is telling him attachments can't be bigger then 50mb. At this point I'm thinking he didn't properly sized the art or something, so I give him a flash drive to put it on.

When I then open the flash drive, the archive is 300mb, thinking to myself, the images weren't even that big to begin with.
So I open it up, and I don't even find any images, just a single asp page. About 500mb. When I opened that up and it finally loaded, I saw the most horrendous things ever.

The first 500 lines was just initializing empty vars. Then there was some code that created an empty form with an onChange event that submits the form. After that.. it was just non stop nested if's. No loops, no while, for, foreach, NO elseif's, just nested if's, for every possible combination of the state the form could be in. Abou 5000 of them, in a single file. To make matters worse, all the form ( and page ) layout was hardcoded in the if's. Includes inline css, base64 encoded images, nothing but as dynamic, based on the length of the form he changes the layout, added more background etc. He cut the images up for every possible size of the page and included them in the code.

I showed it to my boss, he fired the guy on the spot. I redid the work from scratch, in under 4 hours. Send it to the client. they had no ammends to make, happy as Larry. Whish I kept the code somewhere.

Morale of the story, allways do a coding test on interviews, even if small things just to sanity check.

Over the summer I was recruited to be a supplement instructor for a data structures course. As a result of that I was asked (separately by the professor) to be a grader for the course. Because of pay limitations I've mostly been grading homework project assignments. In any case, it's a great job to get my foot into the department and get recognized.

Over the course of the semester I've had this one person, OSX, named after their operating system of choice, who has been giving me awkward submissions. On the first assignment they asked the professor for extra time for some reason or the other, and that's perfectly fine.

So I finally receive OSX's submission, and it's a .py file as per course of the course. So I pop up a terminal in the working directory and type "python OSX_hw1.py". Get some error spit out about the file not being the right encoding. I know that I can tell python to read it in a different encoding, so I open it up in a text editor. To my surprise it's totally not a text file, but rather a .zip file!

I've seen weirder things done before, so no big deal. I rename the file extension, and open it up to extract the files when I see that there's no python files. "Okay, what's goin on here OSX..." I think to myself.

Poking around in the files it appears to be some sort of meta-data. To what, I had no clue, but what I did find was picture files containing what appeared to be some auto-generated screenshots of incomplete code. Since I'm one to give people the benefit of doubt even when they've long exhausted other peoples', I thought that it must be some fluke, and emailed OSX along with the professor detailing my issue.

I got back a rather standard reply, one of which was so un-notable I could not remember it if my life depended on it. However, that also meant I didn't have to worry about that anymore. Which when you're juggling 50 bazillion things is quite a relief. Tragically, this relief was short lived with the introduction of assignment 2.

Assignment 2 comes around, and I get the same type of submission from OSX. At this time I also notice that all their submissions are *very* close to the due time of 11:59pm (which I don't care about as long as it's in before people start waking up the next morning). I email OSX and the professor again, and receive a similar response. I also get an email from OSX worried about points being deducted. I reply, "No issue. You know what's wrong. Go and submit the right file on $CentralGradingCenter. Just submit over your old assignment".

To my frustration OSX claimed to not know how to do this. I write up a quick response explaining the process, and email it. In response OSX then asks if I can show them if they comes to my supplemental lesson. I tell OSX that if they are the only person, sure, otherwise no because it would not be a fair use of time to the other students.

OSX ends up showing up before anyone else, so I guide them through the process. It's pretty easy, so I'm surprised that they were having issues. Another person then shows up, so I go through relevant material and ask them if they have any questions about recent material in class. That said, afterwards OSX was being somewhat awkward and pushy trying to shake my hand a lot to the point of making me uncomfortable and telling them that there's no reason to be so formal.

Despite that chat, I still did not see a resubmission of either of those two assignments, and assignment 3 began to show it's head. Obviously, this time, as one might expect after all those conversations, I get another broken submission in the same format. Finally pissed off, I document exactly how everything looks on my end, how the file fails to run, how it's actually a zip file, etc, all with screenshots. That then gets emailed to the professor and OSX.

In response, I get an email from OSX panicking asking me how to submit it right, etc, etc. However, they also removed the professor from the CC field. In response I state that I do not know how to use whatever editor they are using, and that they should refer to the documentation in order to get a proper runnable file. I also re-CC the professor, making sure OSX's email to me is included in my reply.

OSX then shows up for one of my lessons, and since no one had shown up yet, I reiterate through what I had sent in the email. OSX's response was astonished that they could ever screw up that bad, but also admits that they had yet to install python(!!!). Obviously, the next thing that comes from my mouth is asking OSX how they write their code. Their response was that they use a website that lets them run python code.

At this point I'm honestly baffled and explain that a lot of websites like those can have limitations which might make code run differently then it should (maybe it's a simple interpreter written on JavaScript, or maybe it is real python, but how are you supposed to do file I/O?) .

After that I finally get a submission for assignment 1!