Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
So I was hired about 4 months or so in this companty, we will name it 'Derp & Co.'
The first task they want me to do was to 'clean' an android app that, for what they told me:
- Previous dev fired. said that tasks have been done but totally a lie.
- Took a fully week of 2 fellows coworkers to 'undo' the mess.
- And for the last but not least, zero documentation, like ZERO.
So, I clone the repo, install android studio, blah blah blah, get hands to the pile of code and jesus...
- The whole app was working with a gargantuan json, there was no use of POJOs at all. Objects are for normies.
- A masive copy/paste code, like 'I will need this here, crtl-c... ctrl-v, DONE!'
- Threads are free, isn't it? let's just put a thread whenever I desire to make an HTTP request and not reuse code at all.
So... with this on mind, my first task is to make proper objects:
- Coworker: 'Sorry dev, we don't have documentation for this, you must debug the code to se what the server will send to you'.
- Me: 'Real?'
Shit... ok. So I first try to figure out how the hell is made my gargantuan json. A month was entirely lost to unravel this data and implement Objects, improve their code, reuse code, etc. but at the very end:
- coworker: 'Good job dev, when the POJOs are done, we can focus on the next task, whe have to define a new DATA MODEL because the one we are using now is not good at all'.
*note: the app is on production and working with all the previous 'features' and today it still on use on some enviroments.
- Me: 'Wait... this is a joke, now you want to define new data models? This should have been done in first place!' <WTF face>
- Coworker: 'I don't think so dev, Mr. boss have this list with things to improve on the app an this is the order of do the tasks'.
Mr. boss is on vacations, two days after he came back:
- Mr boss: 'Coworker said that you have been working with POJOs, is that right?'
- Me: 'Yes'
- Mr boss: 'Why? Did not see the need of a new data model?'
- Me: 'I told that to him, but he insist on "the order" of the list.
- Mr. boss <facepalm>
This is one of the few tales i have from 'Derp & Co.'
PS: Sorry if i made a mistake on writing, english is not my first language and maybe I have done some mistakes.7 -
I've been pleading for nearly 3 years with our IT department to allow the web team (me and one other guy) to access the SQL Server on location via VPN so we could query MSSQL tables directly (read-only mind you) rather than depend on them to give us a 100,000+ row CSV file every 24 hours in order to display pricing and inventory per store location on our website.
Their mindset has always been that this would be a security hole and we'd be jeopardizing the company. (Give me a break! There are about a dozen other ways our network could be compromised in comparison to this, but they're so deeply forged in M$ server and active directories that they don't even have a clue what any decent script kiddie with a port sniffer and *nix could do. I digress...)
So after three years of pleading with the old IT director, (I like the guy, but keep in mind that I had to teach him CTRL+C, CTRL+V when we first started building the initial CSV. I'm not making that up.) he retired and the new guy gave me the keys.
Worked for a week with my IT department to get Openswan (ipsec) tunnel set up between my Ubuntu web server and their SQL Server (Microsoft). After a few days of pulling my hair out along with our web hosting admins and our IT Dept staff, we got them talking.
After that, I was able to install a dreamfactory instance on my web server and now we have REST endpoints for all tables related to inventory, products, pricing, and availability!
Good things come to those who are patient. Now if I could get them to give us back Dropbox without having to socks5 proxy throug the web server, i'd be set. I'll rant about that next.
http://tapsla.sh/e0jvJck7 -
Sometimes life takes unexpected turns:
I studied mechanical engineering and did some "computer stuff" in my free time, you know, "programming" with Java, toyed around with HTML/CSS/PHP a few years ago, some local server stuff with a raspberry pi, nothing fancy.
Half a year ago i got hired as engineer first but they said they needed an "IT Guy" also.
What i did since then
*Researching, Testing and Planning the introduction of an ERP software
*Planning, coordinating and (partially) setting up a new server for the company (actually two cause redundancy (heavy lifting got done by our IT partner, its not like i suddenly know how to do the entire windows server administration)
*Writing 3 minor tools for some guys in the company in java
*Creating numereous excel vba scripts that make work a lot easier
*doing all the day to day business that comes up when absolutly noone know how to use a pc in the company
*consulting the boss about webshops and websites in general and finding a decent partner
*and some engineering
Did i mentioned that i studied mechanical engineering? I know nothing about all this, or rather, i know enough to know that i know not enough.
My current side project is creating a small intranet, so creating a new VM in Hyper V, setting up some OS (probably slim CentOS), getting a Webserver running and making it somewhat secure. Then i need to create some content, i am very close to just install a mediawiki and call it a day. If i write anything in PHP i fear that i make way to many erros or just reinvent the wheel, on the other hand, i couldnt find anything resembling what i need. I also had to create the front end side, i knew CSS around 2010, there is probably tons of stuff i dont know and i will make so many errors.
This is frustrating, everything i touch feels like i am venturing the beaten path but noone ever showed me the ropes so everything i do feels like childs play. I need an adult. Also the biggest Question remains: What i am?1 -
I'm currently between jobs and have a few rants about my previous job (naturally). In retrospect, it's somewhat therapeutic to range about the sheer brainfuckery that has taken place. Enjoy!
First, let me set the scene: legacy B2B web app made with LEMP stack and sencha ext.js 3 + 4 (don't ask) and a lot of madness. Let's call that app "Alpha".
Alpha is a self made CMS build for typical ERP stuff. Yes, a self made CMS: entities are containers, containers have types and fields and values. Like so many legacy PHP apps, it does not have a dedicated FE: the HTML is rendered on the server and then spewed out to the browser.
Easy right? Coding like it's 1999! But there was a twist: Because everything is basically a container, the HTML-templates are saved in the DB. Along with the nessary JS and the CSS. And the translation variables. Why? Because fuck you! That's why. Who needs a git history anyways.
For some reason, Alpha was kinda slow.
There was also an editor, that allowed you to modify templates (web, mail, pdf) on the fly in prod. Because templates contain repeating data (header/footer), one template could contain additional templates. Much confusion. You could change templates via migration (slow, boring) or just ctrl-c/ctrl-v that sucker (fast, much excitement).
Did I mention Alpha was slow?
On with the rant: e-mails! How do they work? Noone knows. How to send mails asynchronous in PHP? Witchcraft is the only possible answer to that riddle. Here is your enterprise™ solution:
1. create mail
2. insert mail into DB
3. WAIT UP TO 59 SECONDS FOR A FUCKING CRON TO SEND MAIL
Why? "Because that way, we can resend mails in case the network is down :)"
Same procedure for the SOAP-API (db-queue + cron). You read that right: all requests to various other systems are processed once a minute.
Alpha slow.
Alpha was only one of several systems. Imagine a bunch of monolithic php apps, interconnected via SOAP, REST and GraphQL like a godamn intergalactic orgy. Image having to debug that cluster fuck.
Let's say there is a bad request. These things happen. No biggie. Remember the db-queue? Let's try to send the bad request a second time! And a third time! Still no luck? How odd. Let's create a specific file in a specific directory: a LOCK-file. Now, "the db-queue is on hold and no request gets processed :)"
Golly gee thanks Alpha.
Anyhow, did you know that MySQL has a join limit of 61 tables?
3 -
just found out a vulnerability in the website of the 3rd best high school in my country.
TL;DR: they had burried in some folders a c99 shell.
i am a begginer html/sql/php guy and really was looking into learning a bit here and there about them because i really like problem solving and found out ctfs mainly focus on this part of programming. i am a c++ programmer which does school contest like programming problems and i really enjoy them.
now back on topic.
with this urge to learn more web programming i said to myself what other method to learn better than real life sites! so i did just that. i first checked my school site. right click. inspect element. it seemed the site was made with wordpress. after looking more into the html code for the site i concluded all the images and files i could see on the site were from a folder on the server named 'wp-content/uploads'. i checked the folder. and here it got interesting. i did a get request on the site. saw the details. then i checked the site. bingo! there are 3 folders named '2017', '2018', '2019'. i said to myself: 'i am god.'
i could literally see all the announcements they have made from 2017-2019. and they were organised by month!!! my curiosity to see everything got me to the final destination.
with this adrenaline i thought about another site. in my city i have the 3rd most acclaimed high school in the country. what about checking their security?
so i typed the web address. looked around. again, right click, inspect element and looked around the source code. this time i was more lucky. this site is handmade!!! i was soooo happy because with my school's site i was restricted with what they have made with wordpress and i don't have much experience with it.
amd so i began looking what request the site made for the logos and other links. it seemed all the other links on the site were with this format: www.site.com/index.php?home. and i was very confused and still am. is this referencing some part of the site in the index.php file? is the whole site written inside the index.php file and with the question mark you just get to a part of the site? i don't really get it.
so nothing interesting inside the networking tab, just some stylesheets for the site's design i guess. i switched to the debugger tab and holy moly!! yes, it had that tree structure. very familiar. just like a project inside codeblocks or something familiar with it. and then it clicked me. there was the index.php file! and there was another folder from which i've seen nothing from the network tab. i finally got a lead!! i returned in the network tab, did a request to see the spgm folder and boooom a site appeared and i saw some files and folders from 2016. there was a spgm.js file and a spgm.php file. there was a contrib, flavors, gal and lang folders. then it once again clicked me! the lang folder was las updated this year in february. so i checked the folder and there were some files named lang with the extension named after their language and these files were last updated in 2016 so i left them alone. but there was this little snitch, this little 650K file named after the name of the school's site with the extension '.php' aaaaand it was last modified this year!!!! i was so excited! i thought i found a secret and different design of the site or something completely else! i clicked it and at first i was scared there was this black/red theme going on my screen and something was a little odd. there were no school announcements or event, nononoooo. this was still a tree structured view. at the top of the site it's written '!c99Shell v. 1.0...'
this was a big nono. i saw i could acces all kinds of folders. then i switched to the normal school website and tried to access a folder i have seen named userfiles and got a 403 forbidden error. wopsie. i then switched to the c99 shell website and tried to access the userfiles folder and my boy showed all of its contents. it was nakeeed naked. like very naked. and in the userfiles folder there were all, but i mean ALL files and folders they have on the server. there were a file with the salary of each job available in the school. some announcements. there was a list with all the students which failed classes. there were folders for contests they held. it was an absolute mess and i couldn't believe it.
i stopped and looked at the monitor. what have i done? just to learn some web programming i just leaked the server of the 3rd most famous high school in my country. image a black hat which would have seriously caused more damage. currently i am writing an email to the school to updrage their security because it is reaaaaly bad.
and the journy didn't end here. i 'hacked' the site 2 days ago and just now i thought about writing an email to the school. after i found i could access the WHOLE server i searched for the real attacker so if you want to knkw how this one went let me know in the comments.
sorry for the long post, but couldn't held it anymore13 -
Today i chartered new realms for me.
I created a new hyper-v vm on the company windows servers and added a 5th instance to it, but instead of running another windows server i installed an ubuntu 18.04 (cause i am a bit familiar with debian from my raspberry pi)
we have two servers, one which runs the 4 vms and a replica. I first had the new vm on the main server but it occured me to move it instead to the unusued replica machine. That kinda worked..i did a planned failover but the main server isnt configured to be the replica..and even when activating that it didnt work. This is weird.
For the moment i ignored that and proceeded to install nginx, mariadb and php 7.2..basically the lemp stack. I managed to setup nginx and a static ip adress for the machine (which was different from how i remembered it to do (in 18.04 its not done with the network conf but a yaml file).
in the end i added two different virtual servers, one for actual use and one for dev stuff (with phpmyadmin running for instance), listening on port 80 and some random other port.
as a test i brought a mediawiki onto the Port 80 server and it worked.
on monday i have to figure out how to implement the wildcard certificate i have for our company domain (internal dns simply routes intranet.company.com to the local server vm)
i am mighty proud cause all my experience with linux was with a raspberry pi so far and i am fairly certain i did it right and without shortcuts this time. (unlike my raspberry experience)
just wanted to share
(i also sweated a lot of blood when editing the hyper v settings as i did not set up the server in the first place)
((i also installed xrdp and a mate desktop, but i am less proud of that, but sometimes seeing folders graphically helps me)) -
Bought a new Bare-metal Server in India and SSH to it was visibly slow (even when it's a 1GBpS line)
Did a trace-route via my location in South East Asia
The pings went from SEA -> San Jose (im guessing US) -> … more US -> Chiba (Japan) -> … more Japan -> Singapore -> India.
So it crosses CONTINENTS and OCEANS even though both are in Asia, connected by land.
Also, there's direct submarine cable route to Singapore, so why go to US in the first plane :v
Idk whom to blame but have internet routes always been this unmanaged/inefficient? I was sure DCs go out of their way to ensure the shortest connection route is followed -.- but look at this ffs7 -
I have an Webspace for years, today I Just bought a very Small v server so I can play with it a Little bit.
Its cool.
I connected to it via ssh.
Installed everything I needed, then I wanted to allow login only with rsa keys and with No Password. Set it Up, it worked. But it was possible to Login also with the Password even when I forbidden that.
I accidently set PermitRootLogin to No.. Yeah... You know what.. now I Cant Access my Server anymore xD Shit.
Have to reinstall the complete Server..9
Top Tags
Weekly Rant
View