Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Search - "full access"
-
The best parts of being a developer:
1. Full Internet access and admin rights.
2. It's nearly impossible for someone to tell if you are working or just zoning out.
3. We have the best online communities... because we make all of them.7 -
So a few days ago I felt pretty h*ckin professional.
I'm an intern and my job was to get the last 2003 server off the racks (It's a government job, so it's a wonder we only have one 2003 server left). The problem being that the service running on that server cannot just be placed on a new OS. It's some custom engineering document server that was built in 2003 on a 1995 tech stack and it had been abandoned for so long that it was apparently lost to time with no hope of recovery.
"Please redesign the system. Use a modern tech stack. Have at it, she's your project, do as you wish."
Music to my ears.
First challenge is getting the data off the old server. It's a 1995 .mdb file, so the most recent version of Access that would be able to open it is 2010.
Option two: There's an "export" button that literally just vomits all 16,644 records into a tab-delimited text file. Since this option didn't require scavenging up an old version of Access, I wrote a Python script to just read the export file.
And something like 30% of the records were invalid. Why? Well, one of the fields allowed for newline characters. This was an issue because records were separated by newline. So any record with a field containing newline became invalid.
Although, this did not stop me. Not even close. I figured it out and fixed it in about 10 minutes. All records read into the program without issue.
Next for designing the database. My stack is MySQL and NodeJS, which my supervisors approved of. There was a lot of data that looked like it would fit into an integer, but one or two odd records would have something like "1050b" which mean that just a few items prevented me from having as slick of a database design as I wanted. I designed the tables, about 18 columns per record, mostly varchar(64).
Next challenge was putting the exported data into the database. At first I thought of doing it record by record from my python script. Connect to the MySQL server and just iterate over all the data I had. But what I ended up actually doing was generating a .sql file and running that on the server. This took a few tries thanks to a lot of inconsistencies in the data, but eventually, I got all 16k records in the new database and I had never been so happy.
The next two hours were very productive, designing a front end which was very clean. I had just enough time to design a rough prototype that works totally off ajax requests. I want to keep it that way so that other services can contact this data, as it may be useful to have an engineering data API.
Anyways, that was my win story of the week. I was handed a challenge; an old, decaying server full of important data, and despite the hitches one might expect from archaic data, I was able to rescue every byte. I will probably be presenting my prototype to the higher ups in Engineering sometime this week.
Happy Algo!8 -
Hey everyone,
We have a few pieces of news we're very excited to share with everyone today. Apologies for the long post, but there's a lot to cover!
First, as some of you might have already seen, we just launched the "subscribed" tab in the devRant app on iOS and Android. This feature shows you a feed of the most recent rant posts, likes, and comments from all of the people you subscribe to. This activity feed is updated in real-time (although you have to manually refresh it right now), so you can quickly see the latest activity. Additionally, the feed also shows recommended users (based on your tastes) that you might want to subscribe to. We think both of these aspects of the feed will greatly improve the devRant content discovery experience.
This new feature leads directly into this next announcement. Tim (@trogus) and I just launched a public SaaS API service that powers the features above (and can power many more use-cases across recommendations and activity feeds, with more to come). The service is called Pipeless (https://pipeless.io) and it is currently live (beta), and we encourage everyone to check it out. All feedback is greatly appreciated. It is called Pipeless because it removes the need to create complicated pipelines to power features/algorithms, by instead utilizing the flexibility of graph databases.
Pipeless was born out of the years of experience Tim and I have had working on devRant and from the desire we've seen from the community to have more insight into our technology. One of my favorite (and earliest) devRant memories is from around when we launched, and we instantly had many questions from the community about what tech stack we were using. That interest is what encouraged us to create the "about" page in the app that gives an overview of what technologies we use for devRant.
Since launch, the biggest technology powering devRant has always been our graph database. It's been fun discussing that technology with many of you. Now, we're excited to bring this technology to everyone in the form of a very simple REST API that you can use to quickly build projects that include real-time recommendations and activity feeds. Tim and I are really looking forward to hopefully seeing members of the community make really cool and unique things with the API.
Pipeless has a free plan where you get 75,000 API calls/month and 75,000 items stored. We think this is a solid amount of calls/storage to test out and even build cool projects/features with the API. Additionally, as a thanks for continued support, for devRant++ subscribers who were subscribed before this announcement was posted, we will give some bonus calls/data storage. If you'd like that special bonus, you can just let me know in the comments (as long as your devRant email is the same as Pipeless account email) or feel free to email me (david@hexicallabs.com).
Lastly, and also related, we think Pipeless is going to help us fulfill one of the biggest pieces of feedback we’ve heard from the community. Now, it is going to be our goal to open source the various components of devRant. Although there’s been a few reasons stated in the past for why we haven’t done that, one of the biggest reasons was always the highly proprietary and complicated nature of our backend storage systems. But now, with Pipeless, it will allow us to start moving data there, and then everyone has access to the same system/technology that is powering the devRant backend. The first step for this transition was building the new “subscribed” feed completely on top of Pipeless. We will be following up with more details about this open sourcing effort soon, and we’re very excited for it and we think the community will be too.
Anyway, thank you for reading this and we are really looking forward to everyone’s feedback and seeing what members of the community create with the service. If you’re looking for a very simple way to get started, we have a full sample dataset (1 click to import!) with a tutorial that Tim put together (https://docs.pipeless.io/docs/...) and a full dev portal/documentation (https://docs.pipeless.io).
Let us know if you have any questions and thanks everyone!
- David & Tim (@dfox & @trogus)53 -
Rant
Why do shithead clients think they can walk away without paying us once we deliver the project !!!
So, here goes nothing..
Got an online gig to create a dashboard.
Since i had to deal with a lot of shitheads in the past, I told them my rules were simple, 20% advance, 40% on 50% completion and 40% after i complete and send them proof of completion. Once i receive the payment in full, only then i will hand over the code.
They said it was fine and paid 20%.
I got the next 40% also without any effort but they said they also needed me to deploy the code on their AWS account, and they were ready to pay extra for it, so i agreed.
I complete the whole project and sent them the screenshots, asking for the remaining 40% payment. They rejected the request saying my work was not complete as i had not deployed on AWS yet. After a couple of more such exchanges, i agreed to setup their account before the payment. But i could sense something fishy, so i did everything on their AWS account, except registered the domain from my account and set up everything. Once i inform them that its done and ask for the remaining payment.
The reply i got was LOL.
I tried to login to the AWS account, only to find password had been changed.
Database access revoked.
Even my admin account on the app had been removed. Thinking that they have been successful, they even published ads about thier NEW dashboard to their customers.
I sent them a final mail with warning ending with a middle finger emoji. 24 hours later,
I created a github page with the text " This website has been siezed by the government as the owner is found accused in fraud" and redirected the domain to it. Got an apology mail from them 2 hours later begging me to restore the website. i asked for an extra 10% penalty apart from the remaining payment. After i got paid, set an auto-reply of LOL to thier emails and chilled for a week before restoring the domain back to normal.
Dev : 1
Shithead Client: 024 -
!rant
This was over a year ago now, but my first PR at my current job was +6,249/-1,545,334 loc. Here is how that happened... When I joined the company and saw the code I was supposed to work on I kind of freaked out. The project was set up in the most ass-backward way with some sort of bootstrap boilerplate sample app thing with its own build process inside a subfolder of the main angular project. The angular app used all the CSS, fonts, icons, etc. from the boilerplate app and referenced the assets directly. If you needed to make changes to the CSS, fonts, icons, etc you would need to cd into the boilerplate app directory, make the changes, run a Gulp build that compiled things there, then cd back to the main directory and run Grunt build (thats right, both grunt and gulp) that then built the angular app and referenced the compiled assets inside the boilerplate directory. One simple CSS change would take 2 minutes to test at minimum.
I told them I needed at least a week to overhaul the app before I felt like I could do any real work. Here were the horrors I found along the way.
- All compiled (unminified) assets (both CSS and JS) were committed to git, including vendor code such as jQuery and Bootstrap.
- All bower components were committed to git (ALL their source code, documentation, etc, not just the one dist/minified JS file we referenced).
- The Grunt build was set up by someone who had no idea what they were doing. Every SINGLE file or dependency that needed to be copied to the build folder was listed one by one in a HUGE config.json file instead of using pattern matching like `assets/images/*`.
- All the example code from the boilerplate and multiple jQuery spaghetti sample apps from the boilerplate were committed to git, as well as ALL the documentation too. There was literally a `git clone` of the boilerplate repo inside a folder in the app.
- There were two separate copies of Bootstrap 3 being compiled from source. One inside the boilerplate folder and one at the angular app level. They were both included on the page, so literally every single CSS rule was overridden by the second copy of bootstrap. Oh, and because bootstrap source was included and commited and built from source, the actual bootstrap source files had been edited by developers to change styles (instead of overriding them) so there was no replacing it with an OOTB minified version.
- It is an angular app but there were multiple jQuery libraries included and relied upon and used for actual in-app functionality behavior. And, beyond that, even though angular includes many native ways to do XHR requests (using $resource or $http), there were numerous places in the app where there were `XMLHttpRequest`s intermixed with angular code.
- There was no live reloading for local development, meaning if I wanted to make one CSS change I had to stop my server, run a build, start again (about 2 minutes total). They seemed to think this was fine.
- All this monstrosity was handled by a single massive Gruntfile that was over 2000loc. When all my hacking and slashing was done, I reduced this to ~140loc.
- There were developer's (I use that term loosely) *PERSONAL AWS ACCESS KEYS* hardcoded into the source code (remember, this is a web end app, so this was in every user's browser) in order to do file uploads. Of course when I checked in AWS, those keys had full admin access to absolutely everything in AWS.
- The entire unminified AWS Javascript SDK was included on the page and not used or referenced (~1.5mb)
- There was no error handling or reporting. An API error would just result in nothing happening on the front end, so the user would usually just click and click again, re-triggering the same error. There was also no error reporting software installed (NewRelic, Rollbar, etc) so we had no idea when our users encountered errors on the front end. The previous developers would literally guide users who were experiencing issues through opening their console in dev tools and have them screenshot the error and send it to them.
- I could go on and on...
This is why you hire a real front-end engineer to build your web app instead of the cheapest contractors you can find from Ukraine.19 -
Client: Can you provide some kind of guaranteed timeline that you're going to be able to move our website to our new servers with the optimizations implemented? I know you said it should take a week, but we have 3 weeks to get this moved over and we cannot afford to be double billed. I'm waiting to fire up the new server until you can confirm.
Me: As I said, it SHOULD take about a week, but that's factoring in ONLY the modifications being made for optimization and a QA call to review the website. This does not account for your hosting provider needing to spin up a new server.
We also never offered to move your website over to said new server. I sent detailed instructions for your provider to move a copy of the entire website over and have it configured and ready to point your domain over to, in order to save time and money since your provider won't give us the access necessary to perform a server-to-server transfer. If you are implying that I need to move the website over myself, you will be billed for that migration, however long it takes.
Client: So you're telling me that we paid $950 for 10 hours of work and that DOESN'T include making the changes live?
Me: Why would you think that the 10 hours that we're logged for the process of optimizing your website include additional time that has not been measured? When you build out a custom product for a customer, do you eat the shipping charges to deliver it? That is a rhetorical question of course, because I know you charge for shipping as well. My point is that we charge for delivery just as you do, because it requires our time and manpower.
All of this could have been avoided, but you are the one that enforced the strict requirement that we cannot take the website down for even 1 hour during off-peak times to incorporate the changes we made on our testbed, so we're having to go through this circus in order to deliver the work we performed.
I'm not going to give you a guarantee of any kind because there are too many factors that are not within our control, and we're not going to trap ourselves so you have a scapegoat to throw under the bus if your boss looks to you for accountability. I will reiterate that we estimate it would take about a week to implement, test and run through a full QA together, as we have other clients within our queue and our time must be appropriately blocked out each day. However, the longer you take to pull the trigger on this new server, the longer it will take on my end to get the work scheduled within the queue.
Client: If we get double billed, we're taking that out of what we have remaining to pay you.
Me: On the subject of paying us, you signed a contract acknowledging that you would pay us the remaining 50% after you approved the changes, which you did last week, in order for us to deliver the project. Thank you for the reminder that your remaining balance has not yet been paid. I'll have our CFO resend the invoice for you to remit payment before we proceed any further.
---
I love it when clients give me shit. I just give it right back.6 -
"full stack" means "you'll be doing everything from gathering client requirements through data architecture up to the UI design and of course implementing all of it"
"backend" means "you'll be coding everything from database through server-side code and client-side code including html and css"
"we need you on-site all day every day" means "we have no idea how and why we should use repositories with remote access despite being a company developing an internet app, and we don't trust that you would be working anyway"
"interesting challenging projects" means "the same boring crap as every other company, running on an incredibly botched and dezorganized codebase".
"competitive pay" means "actual pay is around 1.5 times the minimum allowed pay, and everything else is being siphoned off into (stupid and useless) 'benefits' like massage and fitness discount coupons"
"friendly collective having fun at numerous company events each years" means "it is mandatory for you to participate on our weekend drinking retreats but you'll only find out when we fire you because you're 'not a team player' after you refused to participate on those"9 -
Hello!
I'm a member of an international hacker group.
As you could probably have guessed, your account [cozyplanes@tuta.io] was hacked, because I sent message you from it.
Now I have access to you accounts!
For example, your password for [cozyplanes@tuta.io] is [RANDOM_ALPHABET_HERE]
Within a period from July 7, 2018 to September 23, 2018, you were infected by the virus we've created, through an adult website you've visited.
So far, we have access to your messages, social media accounts, and messengers.
Moreover, we've gotten full damps of these data.
We are aware of your little and big secrets...yeah, you do have them. We saw and recorded your doings on porn websites. Your tastes are so weird, you know..
But the key thing is that sometimes we recorded you with your webcam, syncing the recordings with what you watched!
I think you are not interested show this video to your friends, relatives, and your intimate one...
Transfer $700 to our Bitcoin wallet: 13DAd45ARMJW6th1cBuY1FwB9beVSzW77R
If you don't know about Bitcoin please input in Google "buy BTC". It's really easy.
I guarantee that after that, we'll erase all your "data" :)
A timer will start once you read this message. You have 48 hours to pay the above-mentioned amount.
Your data will be erased once the money are transferred.
If they are not, all your messages and videos recorded will be automatically sent to all your contacts found on your devices at the moment of infection.
You should always think about your security.
We hope this case will teach you to keep secrets.
Take care of yourself.
>> RE >>
Well f### you, thanks for telling my password which is obviously fake. I have sent your details to the local police department, shall rest in peace. Don't earn money by this kind of action. STUPID!17 -
My team handles infrastructure deployment and automation in the cloud for our company, so we don't exactly develop applications ourselves, but we're responsible for building deployment pipelines, provisioning cloud resources, automating their deployments, etc.
I've ranted about this before, but it fits the weekly rant so I'll do it again.
Someone deployed an autoscaling application into our production AWS account, but they set the maximum instance count to 300. The account limit was less than that. So, of course, their application gets stuck and starts scaling out infinitely. Two hundred new servers spun up in an hour before hitting the limit and then throwing errors all over the place. They send me a ticket and I login to AWS to investigate. Not only have they broken their own application, but they've also made it impossible to deploy anything else into prod. Every other autoscaling group is now unable to scale out at all. We had to submit an emergency limit increase request to AWS, spent thousands of dollars on those stupidly-large instances, and yelled at the dev team responsible. Two weeks later, THEY INCREASED THE MAX COUNT TO 500 AND IT HAPPENED AGAIN!
And the whole thing happened because a database filled up the hard drive, so it would spin up a new server, whose hard drive would be full already and thus spin up a new server, and so on into infinity.
Thats probably the only WTF moment that resulted in me actually saying "WTF?!" out loud to the person responsible, but I've had others. One dev team had their code logging to a location they couldn't access, so we got daily requests for two weeks to download and email log files to them. Another dev team refused to believe their server was crashing due to their bad code even after we showed them the logs that demonstrated their application had a massive memory leak. Another team arbitrarily decided that they were going to deploy their code at 4 AM on a Saturday and they wanted a member of my team to be available in case something went wrong. We aren't 24/7 support. We aren't even weekend support. Or any support, technically. Another team told us we had one day to do three weeks' worth of work to deploy their application because they had set a hard deadline and then didn't tell us about it until the day before. We gave them a flat "No" for that request.
I could probably keep going, but you get the gist of it.4 -
Site (I didn't build) got hacked, lots of data deleted, trying to find out what happened before we restore backup.
Check admin access, lots of blank login submissions from a few similar IPs. Looks like they didn't brute force it.
Check request logs, tons of requests at different admin pages. Still doesn't look like they were targeting the login page.
We're looking around asking ourselves "how did they get in?"
I notice the page with the delete commands has an include file called "adminCheck".
Inside, I find code that basically says "if you're not an admin, now you are!" Full access to everything.
I wonder if the attack was even malicious.3 -
Our website once had it’s config file (“old” .cgi app) open and available if you knew the file name. It was ‘obfuscated’ with the file name “Name of the cgi executable”.txt. So browsing, browsing.cgi, config file was browsing.txt.
After discovering the sql server admin password in plain text and reporting it to the VP, he called a meeting.
VP: “I have a report that you are storing the server admin password in plain text.”
WebMgr: “No, that is not correct.”
Me: “Um, yes it is, or we wouldn’t be here.”
WebMgr: “It’s not a network server administrator, it’s SQL Server’s SA account. Completely secure since that login has no access to the network.”
<VP looks over at me>
VP: “Oh..I was not told *that* detail.”
Me: “Um, that doesn’t matter, we shouldn’t have any login password in plain text, anywhere. Besides, the SA account has full access to the entire database. Someone could drop tables, get customer data, even access credit card data.”
WebMgr: “You are blowing all this out of proportion. There is no way anyone could do that.”
Me: “Uh, two weeks ago I discovered the catalog page was sending raw SQL from javascript. All anyone had to do was inject a semicolon and add whatever they wanted.”
WebMgr: “Who would do that? They would have to know a lot about our systems in order to do any real damage.”
VP: “Yes, it would have to be someone in our department looking to do some damage.”
<both the VP and WebMgr look at me>
Me: “Open your browser and search on SQL Injection.”
<VP searches on SQL Injection..few seconds pass>
VP: “Oh my, this is disturbing. I did not know SQL injection was such a problem. I want all SQL removed from javascript and passwords removed from the text files.”
WebMgr: “Our team is already removing the SQL, but our apps need to read the SQL server login and password from a config file. I don’t know why this is such a big deal. The file is read-only and protected by IIS. You can’t even read it from a browser.”
VP: “Well, if it’s secured, I suppose it is OK.”
Me: “Open your browser and navigate to … browse.txt”
VP: “Oh my, there it is.”
WebMgr: “You can only see it because your laptop had administrative privileges. Anyone outside our network cannot access the file.”
VP: “OK, that makes sense. As long as IIS is securing the file …”
Me: “No..no..no.. I can’t believe this. The screen shot I sent yesterday was from my home laptop showing the file is publicly available.”
WebMgr: “But you are probably an admin on the laptop.”
<couple of awkward seconds of silence…then the light comes on>
VP: “OK, I’m stopping this meeting. I want all admin users and passwords removed from the site by the end of the day.”
Took a little longer than a day, but after reviewing what the web team changed:
- They did remove the SQL Server SA account, but replaced it with another account with full admin privileges.
- Replaced the “App Name”.txt with centrally located config file at C:\Inetpub\wwwroot\config.txt (hard-coded in the app)
When I brought this up again with my manager..
Mgr: “Yea, I know, it sucks. WebMgr showed the VP the config file was not accessible by the web site and it wasn’t using the SA password. He was satisfied by that. Web site is looking to beat projections again by 15%, so WebMgr told the other VPs that another disruption from a developer could jeopardize the quarterly numbers. I’d keep my head down for a while.”8 -
Worst legacy experience...
Called in by a client who had had a pen test on their website and it showed up many, many security holes. I was tasked with coming in and implementing the required fixes.
Site turned out to be Classic ASP built on an MS Access database. Due to the nature of the client, everything had to be done on their premises (kind of ironic but there you go). So I'm on-site trying to get access to code and server. My contact was *never* at her desk to approve anything. IT staff "worked" 11am to 3pm on a long day. The code itself was shite beyond belief.
The site was full of forms with no input validation, origin validation and no SQL injection checks. Sensitive data stored in plain text in cookies. Technical errors displayed on certain pages revealing site structure and even DB table names. Server configured to allow directory listing in file stores so that the public could see/access whatever they liked without any permission or authentication checks. I swear this was written by the child of some staff member. No company would have had the balls to charge for this.
Took me about 8 weeks to make and deploy the changes to client's satisfaction. Could have done it in 2 with some support from the actual people I was suppose to be helping!! But it was their money (well, my money as they were government funded!).1 -
In this day and age, what's my fucking excuse for not using a vpn full-time on my phone as well (next to my laptop)?
I do way more personal stuff on my phone anyways and add to that that I've got access to at least three self managed VPN servers...
Yup, going full VPN from now on.29 -
this.rant == "long";
This is something I feel strongly about, I hope you do too...
I fucking hate it when I hear that people don't care about net neutrality (and I've heard people say it). There is little in this world untouched by shitty corporations encroaching on the little good that is left in this world.
Yes the internet is full of edgy teenagers, incompetent Seniors (both old people and Devs) and god knows what else. But you know what? I pay my money to copy and paste code from SO (we ALL do let's not lie to ourselves) and I'm not paying a special fee to look at this content or that or send this type of text to that kind of person.
Now then to the point... On 14th December 2017 the FCC will vote on whether or not to allow companies like Verizon and - dare I say it - Comcast to charge more to access certain sites or block you access altogether and otherwise control what you say and do.
I for one, say FUCK OFF and I hope you do to. If you can, call or otherwise contact your Congressperson - you can do that here: https://house.gov/representatives/... . If you're not from the US, you can still help! https://www.battleforthenet.com has lots of information on what you can do to help.
I hope you'll all join me in shouting as loud as we can and preventing this moronic idea from going through.
Peace.
this.rant.end();rant shout help us help we can end this net neutrality wk79 this isn't related to wk79 but it's important idiot10 -
Friend of mine killed his MacBook with some Softdrink.
Just poured it all over his poor a1502.
He let it dry for a few days, it starts to work again.
Except the battery.
Goes on Amazon and buys a new battery.
New battery doesn't work either and so he tells me about it and I as stupid as I am couldn't resist the temptation to finally work on a MacBook like my "hero" Lois Rossmann does.
So turns out the board is good.
Cleaned it up and basically nothing happened to it.
So what's the deal with "los batlerias"?
The first got hit by liquid, the second had a broken connection to a cell.
That could have happened through my friend, installing it without testing it first, or at the seller, so it being a DOA battery.
Now away from the stupidity of my friend and the situation to the actual source for this rant.
Once something happens to a modern Managed battery, the Battery Management System (BMS) disconnects the voltage from the system and goes into an error state, staying there and not powering anything ever again.
For noobs, it's dead. Buy a new one.
But It can be reset, depending you know how to, and which passwords were set at the factory.
Yes, the common Texas instruments BQ20Zxx chips have default passwords, and apple seems to leav them at default.
The Usb to SMBus adaptors arrived a few days ago and I went to prod the BMS.
There is a very nice available for Windows called BE2works, that I used the demo of to go in and figure out stuff. The full version supports password cracking, the demo not.
After some time figuring out how Smart Battery Systems (SBS) "API" works, I got to actually enter the passwords into the battery to try get into manufacturer and full access mode.
Just to realise, they don't unlock the BMS.
So, to conclude, my friend bought a "new" battery that was most likely cut out of a used / dead macbook, which reports 3000mah as fully charged instead of the 6xxx mah that it should have, with 0 cycles and 0hours used.
And non default access.
This screams after those motherfuckers scaming the shit out of people on Amazon, with refurb, reset, and locked fucken batteries.
I could kill those people right now.
Last but not least,
My friend theoretically can't send it back because I opened the battery to fix the broken connection.
Though maybe, it'll get send back anyway, with some suprise in the package.9 -
--- New API allows developers to update Android Apps while using them ---
Today, at the Android Dev Summit, Google announced a new API which allows developers to update an app while using it.
Until now, you were forced to close the app and were locked out of it until the update has finished.
This new API adds two different options:
1.) A Full-Screen experience which locks the user out of the app which should be used for critical updates when you expect the user to wait for the update to be applied immediately. This option is very similar to how the update flow worked until now.
2.) A flexible update so users can keep using the app while it's updating. Google also said that you can completely customize the update flow so it feels like part of your app!
For now, the API is only available for early-access partners, but it will be released for everyone soon!
Source:
https://android-developers.googleblog.com/...19 -
UPDATE: devRant Trans-Oceanic Journey Community Project
It was a mere 12 days ago that I asked the question; 'Could devRanters, as a community, build a 21st Century Technology-Laden ‘devRant devie-Stressball-in-a-Bottle’ and send it on a journey across the Atlantic ocean?
I am thrilled to report that devRanters enthusiastically accepted this difficult challenge. A core team quickly formed and a tremendous amount of research and progress has been made in a short period of time. I want to give you a high level-flavor of what we are doing. Please keep in mind we still need your help. We welcome all develops to take part in this journey.
I want to give appreciation to the devRant Founders @dfox and @trogus. Without your support and sponsorship this project would not have been possible. devRant brought us together and it a reality. Devie journeying across the Ocean the Columbus sailed will stir the imagination of children and adults worldwide when we launch on May 1, 2017.
Some of the research and action items in progress:
- Slack and trello environments were created to capture research and foster discussion.
- A Stony Brook University Oceanography Professor suggested the Gulf Stream would be a good pathway across the ocean. We researched it very and agree. The Gulf Stream has been a trans-Atlantic conduit for hundreds of years. We are deciding whether to launch from Cape Hatteras, NC or the Virginia coast. Both have easy access to the rapid currents in the Gulf Stream.
- We are researching every detail of the Gulf Stream to make the journey easier and faster for devie. We have maps and a team member gathered valuable ideas reading a thorough book – ‘The Gulf Stream’.
- We decided on using a highly resilient plastic rather than glass for the bottle material. Plastic is much lighter, faster and glass breaks down more easily. The lightweight enclosure will allow us to take full advantage of waves and ample trade winds. We are still discussing the final design as we want to minimize friction and mimic the non-locomotion fish that migrate thousands of miles riding the Gulf Stream.
-The enclosure might be 3D printed unless we can locate a commercial solution. We have 3D specs and are speaking with some experts. There are advantages and dis-advantages to each solution.
- We will be using Iridiums' RockBLOCK two-way satellite technology to bounce lat-long coordinate pings off their 36 low-orbit satellites. The data will be analyzed by our devRant devie analysis software. IOS and Android public apps being built by the team will display devie's location throughout the journey in.
- Arduino will be used as the brains
- Multiple sensors including temperature and depth are being considered
-A project plan will be published to the team Friday 12/9. Sorry I am a few days late but adding some new ideas.
There are still a lot of challenges we must overcome and we will.
That’s all for now. I will send updates and all ideas / comments are valued.6 -
HO. LY. SHIT.
So this gig I got myself into, they have a whitelist of IP addresses that are allowed to access their web server. It's work-at-home. We just got a new internet provider, and it looks like I get a different public IP address everytime I disconnect and connect to the WIFI. And since it looks like the way they work on their codebase is that you either edit the files right on the server or you download the files that you need to work on, make the changes, and then re-upload the file back to the server and refresh the website to see the changes, now I can't access the server because I get different IP addresses. And it's highly inconvenient to keep emailing them to add IP addresses to the whitelist.
No source control, just straight-up download/upload from/to the server. Like, srsly. So that also means debugging is extremely hard for me because one, they use ColdFusion and I've never used that shit before and two, how the hell do you debug with this style of work?
I just started this last Tuesday, and I already want to call it quits. This is just a pain in the ass and not worth my time. I'll be glad to just go back to driving Lyft/Uber to make money while I look for a full-time, PROPER job.
By the way, can I do that to a contracting job? Just call it quits when you haven't even finished your first task? How does this work?17 -
Decompiled a .exe from a program that was written in Visual Basic 6.
Got a public server IP, username and Password that was hardcoded in the program.
Found out it was a SQL Server. I've now got full access to the server.
I want to tell the company about this, but I'm afraid I might get sued. Any advice?12 -
Today was fucking awesome!
I always wanted to do a project in C++ since I've been more of a Java guy for years now.
And today, I finally wrote a full console program in C++! (For windows, it's a .exe)
The purpose of that program is to show if a file has a file lock on it (because of copying for example).
It started as simple as that, but got complicated quickly:
- It needs colors! So I added colors.
- Just a single file? Boring. I need wildcards, so I can put a * for anything in the file name! Jup.
- Just one directory? Boring. I need a recursive directory walk! Got it.
- But wait! There has to be an option to switch between recursive and wildcard/single mode! So I checked if the first argument equals "-r"! Hacky but works.
- Oh uh... that spams a lot now! The purpose was to show locked files, so I need another argument to specify that I only want to see locked files! Damn now it get's hard... I need a Linux-like command line argument parser (this -h and -s "hello" stuff). So I took the opportunity to write one myself! Done.
- Refactoring everything to use my new fancy parser...
- Adding more and more arguments, just because I can:
- "-d" hides "access denied" messages
- "-l" shows only locked files
- "-r" activates recursive directory walk
- "-f" formats everything nicely, basically printf("%-150.150s | %s", filename, locked); a maximum width which get's truncated if too long so everything lines up nicely
- "-h" which of course displays the help page
- "-w file" watches a file, if the file is locked it will refresh every 500ms, if it's still locked nothing happens, if it's unlocked, the program prints "unlocked" in green and exits. And yes, it does have a rotating line (something like this: "-" "\" "|" "/" "-" and so forth...)
That project was just awesome to make. I learn languages fastest if I just do a big project in them, and today, I really learned a lot.
Thank you for reading all this!3 -
The gift that keeps on giving... the Custom CMS Of Doom™
I've finally seen enough evidence why PHP has such a bad reputation to the point where even recruiters recommended me to remove my years of PHP experience from the CV.
The completely custom CMS written by company <redacted>'s CEO and his slaves features the following:
- Open for SQL injection attacks
- Remote shell command execution through URL query params
- Page-specific strings in most core PHP files
- Constructors containing hundreds of lines of code (mostly used to initialize the hundreds of properties
- Class methods containing more than 1000 lines of code
- Completely free of namespaces or package managers (uber elite programmers use only the root namespace)
- Random includes in any place imaginable
- Methods containing 1 line: the include of the file which contains the method body
- SQL queries in literally every source file
- The entrypoint script is in the webroot folder where all the code resides
- Access to sensitive folders is "restricted" by robots.txt 🤣🤣🤣🤣
- The CMS has its own crawler which runs by CRONjob and requests ALL HTML links (yes, full content, including videos!) to fill a database of keywords (I found out because the server traffic was >500 GB/month for this small website)
- Hundreds of config settings are literally defined by "define(...)"
- LESS is transpiled into CSS by PHP on requests
- .......
I could go on, but yes, I've seen it all now.12 -
This one time I aliased a coworkers 'sudo' with 'sl' (sl shows a train running across the screen)
And then I removed him from the sudoers group and sudoers list.
I then magnified his screen 200%
Changed his background to a shitty narwhal.
And then full screened a terminal with the 'sl' train stuck in a while loop.
You can't control c out of the terminal.
He solved the first part really quickly, fixing the full screened terminal and exiting out of it, magnification and the background.
But took him 4 days to find that I had fucked up his sudo. Apparently, he didn't need to use sudo in those 4days. It wasn't until he mentioned it out of the blue.
How did he find out about it? He was running an important script that had sudo in it. When he ran the script a train would pop up and his script would terminate early.
He came to me and cursed me to Satan's anus. He then asked me to fix it, but then changed his mind and said that he'd do it himself. After a while he couldn't figure out what I had done.
I walked him through it. Told him that he had to go to his .bashrc file and remove the alias.
Later he comes back to me and curses me to the 12th circle of hell. He found that he was no longer a sudoer. At this point he gave me access to his computer and told me to reverse everything that I had done.
Added him back into the sudoers group and called it a day.
Lesson to be learned? Don't leave your machine unlocked.20 -
I was working as a contractor for a client who just got enough funding to hire a full-time dev. I lovingly referred to him as "Mr. Koolaid" because he was obsessed with whatever the newest hotness was and cried constantly about how the 3-year-old code-base didn't use The Next Big Thing(tm). This was my first interaction with him:
Mr. Koolaid: I'd like access to the github repository. My username is xxxx.
Me: We currently aren't hosting the code on github. If you send me your public ssh key, I'll get you access to the private server.
Mr. Koolaid: I'd like to access the github repository.
Me: It's not on github; send me your public key and I'll get you access.
Mr. Koolaid: Can we skype real quick? You don't need my public key to grant me access to the github repo.
*Mr. Koolaid proceeds to forward me github's documentation on adding users to an organization and the documentation for adding users to a private repo. The email is written in a very passive-aggressive tone.*
ಠ_ಠ9 -
The bossman asked if our signup service sends an automated email after we successfully process someone's payment or when we promote them to full customer.
That sounds like a simple query, yeah?
Well.
Here's some background:
We have four applications; one in React, three in Rails. I'll replace their names to retain some anonymity.
1) "IceSkate" is the React app, and it's a glorified signup form. (I wrote this one.)
2) "Bogan" is the main application, and is API-only; its frontend has been long since deprecated by the following two:
3) "Bum" is a fork of "Bogan" that has long since diverged. It now contains admin-only tools.
4) "Kulkuri" is also a fork of "Bogan" that has long since diverged. It now contains tools specifically for customers, which they can access.
All but IceSkate (obv) share a database.
Here's how signups happen:
Signups come in from IceSkate, which hits a backend API on Bogan. Bogan writes the data to the database, charges the card immediately, and leaves the signup for moderation.
And here's how promotion from signup to customer happens:
Bum has a view allowing admins to validate, modify, and "promote" a signup to a full customer. Upon successful promotion, Bum calls "ServerWrap", a module which calls actions on the other applications; in this case: Bogan.
Bogan routes execution through three separate models before calling "ServerWrap" again, this time calling KulKuri.
Finally, KulKuri actually creates the customer!
After KulKuri finishes creating the customer, execution resumes on Bogan, which then returns, causing execution to resume on Bum. Bum then runs through several other models, references the newly-created customer object (as all three share a database), and ... updates the customer with its current data, and then updates the signup object. After all of this, it finally shows the admin the "new customer" view.
It took me 25 minutes to follow the chain of calls, and I still don't know quite what's going on. I have no idea if any of it sends an email or not -- I didn't see any signs of this, but I very easily could have overlooked something.
So, to answer bossman's question... I asked the accounting people if they send the email manually. If they don't, it's automatic, which means I missed something and get to burrow through that mess all over again!
I really hope I missed something; otherwise I need to figure out how and where (and when!) to send the email...
just...
errrrgghh9 -
This happend to me around 2 weeks ago. For some reason, I decied to post this now.
I won the lottery, yey! I mean, bot really, but I am <19yo student, "less than junior dev" in my office, but sonce I am the only one who is capable of working with hardware, I was working month back as a sysadmin for a few days. Our last sysadmin was really good working but really, really toxic guy, so he got fired on a spot after argument with some manager or whatever, no big deal, we could have another guy hired in a week. But, our backup server literally was on fire, all data probably dead because bad capacitor or whatever. This was our only backup of everything at the time. Everyone in full fucking panic mode, we had literally no other working HW we could use for backup, but then comes me, intern employed on his first dev job for 3 months. That day I bought some HW for my own personal server at home (Intel NUC with some Celeron, 4GB DDR4 RAM and two 240GB SSDs for RAID 1. My manager asked everyone in the office for sollution how to survive next 4 days before new server arrives. People there had no idea what tk do and no knowedgle about HW, I just came from a break and offered my components for a week, since there was noone else who can work with HW, servers and stuff like this, manager offered me $500+HW cost if I, random intern, can make it work. I installed Debian on that little PC, created RAID1 from both SSDs, installed MySQL server and mirrored GIT server from our last standing server (we had two before one of them went lit 🔥), made simple Python script to copy all data on that RAID, with some help of our database guy copied whole DB from production to this little computer and edited some PHP so every SQL request made on our server will run on that NUC too. Everything after ±2 hours worked perfectly. Untill a fucking PSU burned in our server and took RAID controller with him in sillicon heaven next night, so we could not access any data unltill we got a new one. Thanks to every god out there, I was able to create software RAID from survived HDDs on our production server and copy all data from that NUC on the servers software RAID and make it working at 3 AM in the night before an exam 😂. Without this, we would be next ±40 hours without aerver running and we might loose soke of our data and customers. So my little skill with Linux, Python, MySQL and most importantly my NUC hardware I got that day running as a backup server saved maybe whole company 😂.
Btw, guess who is now employee of the year with $2500 bonus? 😀
Sorry for bragging and log post, but I was so lucky an so happy when everything worked out, good luck to all sysadmins out there! 👍
TL:DR: Random intern saved company and made some money 😂7 -
Not just another Windows rant:
*Disclaimer* : I'm a full time Linux user for dev work having switched from Windows a couple of years ago. Only open Windows for Photoshop (or games) or when I fuck up my Linux install (Arch user) because I get too adventurous (don't we all)
I have hated Windows 10 from day 1 for being a rebel. Automatic updates and generally so many bugs (specially the 100% disk usage on boot for idk how long) really sucked.
It's got ads now and it's generally much slower than probably a Windows 8 install..
The pathetic memory management and the overall slower interface really ticks me off. I'm trying to work and get access to web services and all I get is hangups.
Chrome is my go-to browser for everything and the experience is sub par. We all know it gobbles up RAM but even more on Windows.
My Linux install on the same computer flies with a heavy project open in Android Studio, 25+ tabs in Chrome and a 1080p video playing in the background.
Up until the creators update, UI bugs were a common sight. Things would just stop working if you clicked them multiple times.
But you know what I'm tired of more?
The ignorant pricks who bash it for being Windows. This OS isn't bad. Sure it's not Linux or MacOS but it stands strong.
You are just bashing it because it's not developer friendly and it's not. It never advertises itself like that.
It's a full fledged OS for everyone. It's not dev friendly but you can make it as much as possible but you're lazy.
People do use Windows to code. If you don't know that, you're ignorant. They also make a living by using Windows all day. How bout tha?
But it tries to make you feel comfortable with the recent bash integration and the plethora of tools that Microsoft builds.
IIS may not be Apache or Nginx but it gets the job done.
Azure uses Windows and it's one of best web services out there. It's freaking amazing with dead simple docs to get up and running with a web app in 10 minutes.
I saw many rants against VS but you know it's one of the best IDEs out there and it runs the best on Windows (for me, at least).
I'm pissed at you - you blind hater you.
Research and appreciate the things good qualities in something instead of trying to be the cool but ignorant dev who codes with Linux/Mac but doesn't know shit about the advantages they offer.undefined windows 10 sucks visual studio unix macos ignorance mac terminal windows 10 linux developer22 -
What an absolute fucking disaster of a day. Strap in, folks; it's time for a bumpy ride!
I got a whole hour of work done today. The first hour of my morning because I went to work a bit early. Then people started complaining about Jenkins jobs failing on that one Jenkins server our team has been wanting to decom for two years but management won't let us force people to move to new servers. It's a single server with over four thousand projects, some of which run massive data processing jobs that last DAYS. The server was originally set up by people who have since quit, of course, and left it behind for my team to adopt with zero documentation.
Anyway, the 500GB disk is 100% full. The memory (all 64GB of it) is fully consumed by stuck jobs. We can't track down large old files to delete because du chokes on the workspace folder with thousands of subfolders with no Ram to spare. We decide to basically take a hacksaw to it, deleting the workspace for every job not currently in progress. This of course fucked up some really poorly-designed pipelines that relied on workspaces persisting between jobs, so we had to deal with complaints about that as well.
So we get the Jenkins server up and running again just in time for AWS to have a major incident affecting EC2 instance provisioning in our primary region. People keep bugging me to fix it, I keep telling them that it's Amazon's problem to solve, they wait a few minutes and ask me to fix it again. Emails flying back and forth until that was done.
Lunch time already. But the fun isn't over yet!
I get back to my desk to find out that new hires or people who got new Mac laptops recently can't even install our toolchain, because management has started handing out M1 Macs without telling us and all our tools are compiled solely for x86_64. That took some troubleshooting to even figure out what the problem was because the only error people got from homebrew was that the formula was empty when it clearly wasn't.
After figuring out that problem (but not fully solving it yet), one team starts complaining to us about a Github problem because we manage the github org. Except it's not a github problem and I already knew this because they are a Problem Team that uses some technical authoring software with Git integration but they only have even the barest understanding of what Git actually does. Turns out it's a Git problem. An update for Git was pushed out recently that patches a big bad vulnerability and the way it was patched causes problems because they're using Git wrong (multiple users accessing the same local repo on a samba share). It's a huge vulnerability so my entire conversation with them went sort of like:
"Please don't."
"We have to."
"Fine, here's a workaround, this will allow arbitrary code execution by anyone with physical or virtual access to this computer that you have sitting in an unlocked office somewhere."
"How do I run a Git command I don't use Git."
So that dealt with, I start taking a look at our toolchain, trying to figure out if I can easily just cross-compile it to arm64 for the M1 macbooks or if it will be a more involved fix. And I find all kinds of horrendous shit left behind by the people who wrote the tools that, naturally, they left for us to adopt when they quit over a year ago. I'm talking entire functions in a tool used by hundreds of people that were put in as a joke, poorly documented functions I am still trying to puzzle out, and exactly zero comments in the code and abbreviated function names like "gars", "snh", and "jgajawwawstai".
While I'm looking into that, the person from our team who is responsible for incident communication finally gets the AWS EC2 provisioning issue reported to IT Operations, who sent out an alert to affected users that should have gone out hours earlier.
Meanwhile, according to the health dashboard in AWS, the issue had already been resolved three hours before the communication went out and the ticket remains open at this moment, as far as I know.5 -
The website for our biggest client went down and the server went haywire. Though for this client we don’t provide any infrastructure, so we called their it partner to start figuring this out.
They started blaming us, asking is if we had upgraded the website or changed any PHP settings, which all were a firm no from us. So they told us they had competent people working on the matter.
TL;DR their people isn’t competent and I ended up fixing the issue.
Hours go by, nothing happens, client calls us and we call the it partner, nothing, they don’t understand anything. Told us they can’t find any logs etc.
So we setup a conference call with our CXO, me, another dev and a few people from the it partner.
At this point I’m just asking them if they’ve looked at this and this, no good answer, I fetch a long ethernet cable from my desk, pull it to the CXO’s office and hook up my laptop to start looking into things myself.
IT partner still can’t find anything wrong. I tail the httpd error log and see thousands upon thousands of warning messages about mysql being loaded twice, but that’s not the issue here.
Check top and see there’s 257 instances of httpd, whereas 256 is spawned by httpd, mysql is using 600% cpu and whenever I try to connect to mysql through cli it throws me a too many connections error.
I heard the IT partner talking about a ddos attack, so I asked them to pull it off the public network and only give us access through our vpn. They do that, reboot server, same problems.
Finally we get the it partner to rollback the vm to earlier last night. Everything works great, 30 min later, it crashes again. At this point I’m getting tired and frustrated, this isn’t my job, I thought they had competent people working on this.
I noticed that the db had a few corrupted tables, and ask the it partner to get a dba to look at it. No prevail.
5’o’clock is here, we decide to give the vm rollback another try, but first we go home, get some dinner and resume at 6pm. I had told them I wanted to be in on this call, and said let me try this time.
They spend ages doing the rollback, and then for some reason they have to reconfigure the network and shit. Once it booted, I told their tech to stop mysqld and httpd immediately and prevent it from start at boot.
I can now look at the logs that is leading to this issue. I noticed our debug flag was on and had generated a 30gb log file. Tail it and see it’s what I’d expect, warmings and warnings, And all other logs for mysql and apache is huge, so the drive is full. Just gotta delete it.
I quietly start apache and mysql, see the website is working fine, shut it down and just take a copy of the var/lib/mysql directory and etc directory just go have backups.
Starting to connect a few dots, but I wasn’t exactly sure if it was right. Had the full drive caused mysql to corrupt itself? Only one way to find out. Start apache and mysql back up, and just wait and see. Meanwhile I fixed that mysql being loaded twice. Some genius had put load mysql.so at the top and bottom of php ini.
While waiting on the server to crash again, I’m talking to the it support guy, who told me they haven’t updated anything on the server except security patches now and then, and they didn’t have anyone familiar with this setup. No shit, it’s running php 5.3 -.-
Website up and running 1.5 later, mission accomplished.6 -
It was a normal school day. I was at the computer and I needed to print some stuff out. Now this computer is special, it's hooked up onto a different network for students that signed up to use them. How you get to use these computers is by signing up using their forms online.
Unfortunately, for me on that day I needed to print something out and the computer I was working on was not letting me sign in. I called IT real quick and they said I needed to renew my membership. They send me the form, and I quickly fill it out. I hit the submit button and I'm greeted by a single line error written in php.
Someone had forgotten to turn off the debug mode to the server.
Upon examination of the error message, it was a syntax error at line 29 in directory such and such. This directory, i thought to myself, I know where this is. I quickly started my ftp client and was able to find the actual file in the directory that the error mentioned. What I didn't know, was that I'd find a mountain of passwords inside their php files, because they were automating all of the authentications.
Curious as I was, I followed the link database that was in the php file. UfFortunately, someone in IT hadn't thought far enough to make the actual link unseeable. I was greeted by the full database. There was nothing of real value from what I could see. Mostly forms that had been filled out by students.
Not only this, but I was displeased with the bad passwords. These passwords were maybe of 5 characters long, super simple words and a couple number tacked onto the end.
That day, I sent in a ticket to IT and told them about the issue. They quickly remedied it by turning off debug mode on the servers. However, they never did shut down access to the database and the php files...2 -
I got transferred to a new city at the client location for few months.
I got the credentials for internet access, but I was not able to get internet. I contacted the admin and after troubleshooting it for few minutes, he asked where is Internet Explorer in this laptop?
I immediately understood, why they need me here. I was using a MacBook. 😐
PS: In the end, he gave me the full access without any credential requirements.1 -
Why is there so much hate against QA in general??
I read tons of rants about how bad testers are... and as a dev who does a lot of QA work, IT SUCKS!
We (devs) have to accept that are work needs to be tested! Otherwise we want be successful with our products.
BUT the testers need to know the development business! They should be trained at the same level as the devs are.
BECAUSE if the mug on my desk is smarter than the tester it is not going to work!
If the tester has full access to all the technologies, environments and tools (and are capable of using it) he has the ability to HELP!
I THINK that testing should be more than just follow predefined steps and let a random tool generate a bugreport.
I am sure that some of you are lucky enough to work with highly skilled testers so please let them help18 -
About 2 years ago, our management decided to "try outsourcing". I was in charge for coordinating dev tasks and ensuring code quality. So management came up with 3 potential candidates in India and I had to assess them based on Skype calls and little test tasks. Their CVs looked great and have been full of "I'm a fancy experienced senior developer." ....After first 2 calls I already dismissed two candidates because they had obviously zero experience and the CV must have been fake. ..After talking to the third candidate, I again got sceptical. The management, however, started to think that I'm just an ass trying to protect my own position against outside devs. They forced me to give him a chance by testing him with a small dev task. The task included the following statement
"Search on the filesystem recursively, for folders named 'container'. For example '/some_root_folder/path_segments/container' " The term 'container' was additionally highlighted in red!
We also gave him access to a git repo to do at least daily push. My intention was to look at his progressions, not only the result.
I tried the task on my own and it took me two days, just to have a baseline for comparison. I, however, told him to take as much time as he needs. (We wanted to be fair and also payed him.)
..... 3 weeks went by. 3 weeks full of excuses why he isn't able to use git. All my attempts to help him, just made clear that he has never seen or heard of git before. ...... He sent me his code once a week as zip per email -.- ..... I ignored those mails because I made already my decision not wanting to waste my time. I mean come on?! Is this a joke? But since management wanted me to give him a chance .... I kept waiting for his "final" code version.
In week 5, he finally told me that it's finished and all requirements have been met. So I tried to run his code without looking at it ..... and suprise ... It immediately crashed.
Then I started to look through the code .... and I was ..... mind-blown. But not in a good way. .....
The following is what I remember most:
Do you remember the requirement from above? .... His code implementing it looked something like this:
Go through all folders in root path and return folders where folderName == "/some_root_folder/path_segments/container".
(╯°□°)╯︵ ┻━┻
Alone this little peace of code was on sooooooo many levels wrong!!!!! Let me name a few.
- It's just sooooo wrong :(
- He literally compared the folderName with the string "/some_root_folder/path_segments/container"...... Wtf?!?
- He did not understand the requirement at all.
- He implemented something without thinking a microsecond about it.
- No recursive traversal
- It was Java. And he used == instead of equals().
- He compares a folderName with a whole path?!? Wtf.
- How the hell did he made this code return actual results on his computer?!?
Ok ...now it was time to confront management with my findings and give feedback to the developer. ..... They believed me but asked me to keep it civilized and give him constructive feedback. ...... So I skyped him and told him that this code doesn't meet the requirements. ......... He instantly defended himself . He told me that I he did 'exactly what was written in the requirements document" and that there is nothing wrong. .......He had no understanding at all that the code also needs to have an actual business purpose.
(╯°□°)╯︵ ┻━┻
After that he tried to sell us a few more weeks of development work to implement our "new changed requirements" ......
(╯°□°)╯︵ ┻━┻
Footnote: I know a lot of great Indian Devs. ..... But this is definitely not one of them. -.-
tl;dr
Management wants to outsource to India and gets scammed.9 -
Internship Rant #2
I can't believe I'm hating my job right now. It sucks because I have never coded in javascript and they expect me to code in javascript. I don't even know what I am doing, but I'm trying my best. I kinda have something already, but the worst part of it is that my boss comes in once in a while and sits beside me looking at my screen and of course, he expects me to tell him what I have been doing and what progress I have done. It's stressful cause I specifically told him that I have never coded in JavaScript and he still thinks I can get things done in a few days.
Perks of new job:
- I can take a bath there whenever I want
- gr8 bathroom 11/10
- gr8 heater, no need to have my hands shaking all the time
- workspace is nice and everyone has an extension so my phone and laptop are always on full charge
- flexible work schedule
- easy access to company files hehehe including credentials
Anyways, so I have to deal with this for three months.16 -
Did I every tell you about that time I scared a boss (not mine, he was in the room) so much, that he was to scared to enter my office for the next couple of weeks? 😅
Good times 😊
Tl;dr: He was the reason I was working at max capacity and then he started complaining that shit wasn't working.
Full story:
I was out of office, building up a new site. I was the only IT working that day, others were out on vacation.
Suddenly I start getting flooded with calls from other sites, that nothing works. It is so bad, that my boss can't reach me on the company phone, so he calls me on my private phone.
Apparently all the servers are down.
So me into a taxi, heading for the main office.
When I get there I just start booting the servers on by one, because they didn't like that they had lost power. While I'm working, my boss is standing there, ready to help.
Another boss enters the office and goes: "I can't access Navision". To which I quickly reply something like: "Well everything is down, I'm the only one who can fix it and I'm working as fast as I can".
Two weeks later, another employee tells me, that the other boss has been running all his equipment off a battery backup, since the failure, because his power cord failed. He spilled a cup of coffee on it and therefore was the reason, that all the servers lost power (bad setup, I know). And apparently I was so frightening that he didn't have the courage to ask for a new power cord 😂
Best thing was that my boss never stopped me or told me that I did something wrong.2 -
Admin Access
Have you ever been in a position where you become the de-facto person who works with a certain tool, but are denied full admin access to that tool for no real reason?
Two years ago I was put on the Observability squad and quickly discovered it was my thing, implementing tracking and running queries on this third-party tool, building custom stuff to monitor our client-side successes and failures.
About a year ago I hit the point where if you asked anyone "Who is the go-to person for help/questions/queries/etc. for this tool", the answer was just me lol. It was nice to have that solid and clear role, but a year later, that's still the case, and I'm still not an admin on this platform. I've asked, in an extremely professional way armed with some pretty good reasons, but every time I'm given some lame non-answer that amounts to No.
As far as I'm aware, I'm the only dev on our team at all who uses custom/beta features on this site, but every time I want to use them I have to go find an admin and ask for an individual permission. Every time. At the end of 2020 it was happening once a month and it was so demoralizing hitting up people who never even log into this site to ask them to go out of their way to give me a new single permission.
People reach out to me frequently to request things I don't have the permissions to do, assuming I'm one of the 64 admins, but I have to DM someone else to actually do the thing.
At this point it feels very much like having to tug on the sleeve of a person taller than me to get what I need, and I'm out of ways to convince myself this isn't demoralizing. I know this is a pretty common thing in large companies, meaningless permissions protocols, and maybe it's because I came from IT originally that it's especially irritating. In IT you have admin access to everything and somehow nobody gets hurt lol-- It still blows my mind that software devs who make significantly more money and are considered "higher up" the chain (which i think is dumb btw) are given less trust when it comes to permissions.
Has anyone figured out a trick that works to convince someone to grant you access when you're getting stonewalled? Or maybe a story of this happening to you to distract me from my frustration?13 -
I need a new 'main' language to do all my projects in as java is kind of grinding away at my psyche.
Golang I liked quite a lot when I used it for my job a year ago, I'll give that a try..
Golang installed and up and working fine.
Oh, I know lets see if there are GLFW bindings for golang. And sure there are lets go!
Oh I need gcc and mingwex + mingw32 which I will acquire through cygwin.
hmm.. mingwex + mingw32 not found and my drive is almost full. I'll reinstall on my D:\ drive before continuing troubleshooting.
> Delete C:\Cygwin Access denied.
> cmd rmdir c:\test /s /q Access denied.
> Change permissions Access denied.
No problem I just don't own this object!
> Change to be the 'object owner' Success!
> Change permissions Success!
> Delete C:\Cygwin Access denied.
> cmd rmdir c:\test /s /q Access denied.
> takeown /F C:\Cygwin /A /R /D Y Success!
> cmd rmdir c:\test /s /q Access denied.
At this point it would be more efficient to manually open up my ssd, and using a fridge magnet change every single bit to be exactly what I want it to be.
Or install linux.7 -
I've run into problems with the app I'm working on, the problems are related to issues regarding code.
No in fact it's related the last guy who wrote the app, the code has no comments and the variable names make no sense, the only comments in the code are blocks of code... With no reason as to why it was commented.
I have to add in some checks to determine if a person that has logged in is a full member or not (full member has access to the feature I've added) and the way the guy has made this app works makes no sense to me at all.
I've tried my best to avoid all contact with his code because it makes me want to yell out in frustration.
But for this one case I have to work with what's there.
I know I've mentioned this before but I've hit my limit yet again.
And for those who don't know this guy managed to scrape together skeleton code from two apps to make part of this app, rather than using parts of the other apps he left out code that was specifically made for the other apps, (majority of the commented out code).
One app was a taxi app and from the looks of it the feature he used was to get GPS location (which I don't understand before Google maps is a think after all... The taxi app USES Google maps), the other app is some sort of funeral webcasting app (I found code imports for it, without any actual code).
I don't actual understand how this guy could put this together without not thinking "maybe this is a bad idea"
Always code as if the person who ends up maintaining your code is a violent psychopath who knows where you live
I'm that psychopath right now..... Fuck that guy (don't know where he lives though)1 -
The state of informatics education is just saddening.
You study "Software Development" and then you get to do exams asking you to do some basic linux commands - with full internet access on a computer. People are allowed to fail this and study on. On the other hand you have to do real coding with pen and paper, have to calculate from hex to bin to dec and stuff and most Importantly - know about all kinds of math stuff completely unreleated to cs.
Graph Theory absolutely makes sense in my eyes, but not if it's plain fucken math without even mentioning computers or applications of it. But if you fail that everyone looks weird at you.
I know about coding. I got A's and B's in all the coding exams _without even doing much for them_ but then fail all the fucken math exams. Makes no sense. FML.8 -
I was supporting a legacy CRM app which front end used Visual Basic 6 and almost the entire business logic was written on SQL store procedures.
A "feature" of the product was the open code, anyone with admin access could modify forms, code and store procedures.
We also sold "official" (and expensive) consulting services to modify the code.
A long time customer owned this thing and it was heavily customized. They had hired us to change something, hired a third party to make other changes and decided to modify some stuff themselves because, why not?
Suddenly they came to product support asking to fix a bug. The problem happened on a non customized form.
After reviewing, I realized the form used several of the modified store procedures in the business layer. I tried saying we don't support custom code but my boss was being pushed and said "look into it"
All 3 parties denied responsibility and said their changes were NOT the problem (of course). Neither of them commented or documented their changes.
The customer started to threaten to sue us.
I spent 5 full days following every field on the form through the nested and recurrent SQL store procedures and turns out it was a very simple error. A failed insert statement.
I was puzzled of why the thing didn't throw any error even while debugging. Turns out in SQL 2003 (this was a while ago) someone used a print line statement and SQL stopped throwing errors to the console. I can only assume "printing" in SQL empties the buffered error which would be shown in the console.
I removed the print statement and the error showed up, we fixed it and didn't get sued
:)4 -
So, to anyone defending IBM at this point, a member of a client's offshore team used their paystub as test data. Aaaaand I was horrified by what I saw.
Their pay is less than $2/hr ($3973/yr, 300k INR).
I can't even. Not only that someone would pay so little to a supposedly degreed professional (I question the validity of that claim based on performance, that's a story for another time), but that companies feel comfortable giving full production system access to people I would not blame for taking bribes.
Fuck.14 -
I've seen many devs doing crazy things in my entire career till now. But this one dude stands out.
He used to:
- Push binaries to git repo
- Use some old libraries which were used during Indus Valley civilization
- Had no sense of database and used to delete random data from it and call it as TESTING (Thank God! I never gave him prod access)
- And on top of this, he had an ass full of attitude!2 -
This is response I got from my ex tech lead in a company that I left six months ago..
Btw account is registered on my private email and has admin access to Slack full of confidential files.
Don't even know why I worked there..13 -
Chrome, Firefox, and yes even you Opera, Falkon, Midori and Luakit. We need to talk, and all readers should grab a seat and prepare for some reality checks when their favorite web browsers are in this list.
I've tried literally all of them, in search for a lightweight (read: not ridiculously bloated) web browser. None of them fit the bill.
Yes Midori, you get a couple of bonus points for being the most lightweight. Luakit however.. as much as I like vim in my terminal, I do not want it in a graphical application. Not to mention that just like all the others you just use webkit2gtk, and therefore are just as bloated as all the others. Lightweight my ass! But programmable with Lua, woo! Not like Selenium, Chrome headless, ... does that for any browser. And that's it for the unique features as far as I'm concerned. One is slow, single-threaded and lightweight-ish (Midori) and another has vim keybindings in an application that shouldn't (Luakit).
Pretty much all of them use webkit2gtk as their engine, and pretty much all of them launch a separate process for each tab. People say this is more secure, but I have serious doubts about that. You're still running all these processes as the same user, and they all have full access to the X server they run under (this is also a criticism against user separation on a single X session in general). The only thing it protects against is a website crashing the browser, where only that tab and its process would go down. Which.. you know.. should a webpage even be able to do that?
But what annoys me the most is the sheer amount of memory that all of these take. With all due respect all of you browsers, I am not quite prepared to give 8 fucking gigabytes - half the memory in this whole box! - just for a dozen or so tabs. I shouldn't have to move my web browser to another lesser used 16GB box, just to prevent this one from going into fucking swap from a dozen tabs. And before someone has a go at the add-ons, there's 4 installed and that's it. None of them are even close to this complete and utter memory clusterfuck. It's the process separation. Each process consumes half a GB of memory, and there's around a dozen of them in a usual browsing session. THAT is the real problem. And I want to get rid of it.
Browsers are at their pinnacle of fucked up in my opinion, literally to the point where I'm seriously considering elinks. Being a sysadmin, I already live my daily life in terminals anyway. As such I also do have resources. But because of that I also associate every process with its cost to run it, in terms of resources required. Web browsers are easily at the top of the list.
I want to put 8GB into perspective. You can store nearly 2 entire DVD movies in that memory. However media players used to play them (such as SMPlayer) obviously don't do that. They use 60-80MB on average to play the whole movie. They also require far less processing power than YouTube in a web browser does, even when you download that exact same video with youtube-dl (either streamed within the media player or externally). That is what an application should be.
Let's talk a bit about these "complicated" websites as well. I hate to break it to you framework web devs, but you're a dime a dozen. The competition is high between web devs for that exact reason. And websites are not complicated. The document itself is plain old HTML, yes even if your framework converts to it in the background. That's the skeleton of your document, where I would draw a parallel with documents in office suites that are more or less written in XML. CSS.. oh yes, markup. Embolden that shit, yes please! And JavaScript.. oh yes, that pile of shit that's been designed in half a day, and has a framework called fucking isEven (which does exactly what it says on the tin, modulo 2 be damned). Fancy some macros in your text editor? Yes, same shit, different pile.
Imagine your text editor being as bloated as a web browser. Imagine it being prone to crashing tabs like a web browser. Imagine it being so ridiculously slow to get anything done in your productivity suite. But it's just the usual with web browsers, isn't it? Maybe Gopher wasn't such a bad idea after all... Oh and give me another update where I have to restart the browser when I commit the heinous act of opening another tab, just because you had to update your fucking CA certs again. Yes please!19 -
Hello devRant, this is going to be my first time posting on the site.
I work for a gaming community on the side, and today one of the managers asked me to implement a blacklist system into the chat and reactivate the previously existing one temporarily. This shouldn't have had any issues and should've been implemented within minutes. Once it was done and tested, I pushed it to the main server. This is the moment I found out the previous developer apparently decided it would be the best idea to use the internal function that verifies that the sender isn't blacklisted or using any blacklisted words as a logger for the server/panel, even though there is another internal function that does all the logging plus it's more detailed than the verification one he used. But the panel he designed to access and log all of this, always expects the response to be true, so if it returns false it would break the addon used to send details to the panel which would break the server. The only way to get around it is by removing the entire panel, but then they lose access to the details not logged to the server.
May not have explained this the best, but the way it is designed is just completely screwed up and just really needs a full redo, but the managers don't want to redo do it since apparently, this is the best way it can be done.7 -
Okay, so I have a question...
Although unethical, I’m considering disabling a clients services without warning. They’re 6 months behind on paying me and I have complete access over their network infrastructure. Upon reading our contract, I’ve made the mistake of incorporating services will be discontinued due to lack of payment... But, I know if I disable things they’re not smart enough to figure out why they aren’t working and call me... That’s when I’ll tell them that I can’t preform work until past bills are paid in full.
I’m located somewhere in the US. Is this too unethical, too illegal? I just want my fucking money... Thanks!
EDIT: Yes I have invoiced then monthly. They’ve received them because I had deliver al invoices to avoid the “oh I never received it” claims.25 -
I’m LOLing at the audacity of one of our vendors.
We contract with a vendor to build and maintain a website. Our network security team noticed there was a security breach of the vendor’s website. Our team saw that malicious users gained access to our Google Search console by completing a challenge that was issued to the vendor’s site.
At first, the vendor tried to convince us that their site wasn’t comprised and it was the Google search Console that was compromised. Nah dude. Our Search Console got compromised via the website you maintain for us. Luckily our network team was able to remove the malicious users from our search console.
That vendor site accepts credit card payments and displays the user’s contact info like address, email, and phone. The vendor uses keys that are tied to our payment gateway. So now my employer is demanding a full incident report from the vendor because their dropping the ball could have compromised our users’ data and we might be responsible for PCI issues.
And the vendor tried to shit on us even more. The vendor also generates vanity urls for our users. My employer decided to temporarily redirect users to our main site (non vendor) because users already received those links and in order to not lose revenue. The vendor’s solution is to build a service that will redirect their vanity urls to our main site. And they wanted to charge us $5000 usd for this. We already pay them $1000 a month already.
WTAF we are not stupid. Our network service team said we could make the argument that they do this without extra charge because it falls in the scope of our contract with them. Our network team also said that we could terminate the contract because the security breach means they didn’t render the service they were contracted to do. Guess it’s time for us to get our lawyer’s take on this.
So now it looks like my stakeholders want me to rebuild all of this in house. I already have a lot on my plate, but I’m going to be open to their requests because we are still in the debrief phase.2 -
Had an online programming interview for a start-up, writing code into a shared Google doc while on the phone with the interviewer.
Specifically told that I could just use pseudocode, so I did, without worrying about access modifiers, full variable declarations and use of "new" for making objects, or specific type declarations, etc.
Got told at the end that I "lack experience, and really should have defined access modifiers, declared types, and so on, and that they needed someone proficient in Java. That was the first time I knew about their Java requirement.5 -
Imagine: It's the year 2109.
You pay a subscription of $2.00/week to be able to shut off your alarm.
You open up your laptop and after watching 5 un-skippable ads, Windows 35 boots up so you can start working.
You start VSCode and it requires you to watch an ad, to boot up.
You pay a subscription of $29.99/month to get full access to your keyboard.
You pick up your mobile phone and you have to pay a subscription of $49.99/month to be able to unlock your phone as many times as you want.
Your mobile network allows you to make 1 phone call free for the day, post which you have to pay $1.50 per call. Data costs are seperate and its sold to you as a package, labled as an "Offer".
Your salary is compared to peanuts even though tech has gone beyond its limits.
Life is Good.12 -
MySQL databases beginning with "test" in the name gives even people without login full access to its tables.
Somebody deleted all tables so we had to get a backup from out hoster.
Thanks MySQL.1 -
After a few weeks of being insanely busy, I decided to log onto Steam and maybe relax with a few people and play some games. I enjoy playing a few sandbox games and do freelance development for those games (Anywhere from a simple script to a full on server setup) on the side. It just so happened that I had an 'urgent' request from one of my old staff member from an old community I use to own. This staff member decided to run his own community after I sold mine off since I didn't have the passion anymore to deal with the community on a daily basis.
O: Owner (Former staff member/friend)
D: Other Dev
O: Hey, I need urgent help man! Got a few things developed for my server, and now the server won't stay stable and crashes randomly. I really need help, my developer can't figure it out.
Me: Uhm, sure. Just remember, if it's small I'll do it for free since you're an old friend, but if it's a bigger issue or needs a full recode or whatever, you're gonna have to pay. Another option is, I tell you what's wrong and you can have your developer fix it.
O: Sounds good, I'll give you owner access to everything so you can check it out.
Me: Sounds good
*An hour passes by*
O: Sorry it took so long, had to deal with some crap. *Insert credentials, etc*
Me: Ok, give me a few minutes to do some basic tests. What was that new feature or whatever you added?
O: *Explains long feature, and where it's located*
Me: *Begins to review the files* *Internal rage wondering what fucking developer could code such trash* *Tests a few methods, and watches CPU/RAM and an internal graph for usage*
Me: Who coded this module?
O: My developer.
Me: *Calm tone, with a mix of some anger* So, you know what, I'm just gonna do some simple math for ya. You're running 33 ticks a second for the server, with an average of about 40ish players. 33x60 = 1980 cycles a minute, now lets times that by the 40 players on average, you have 79,200 cycles per minute or nearly 4.8 fucking cycles an hour (If you maxed the server at 64 players, it's going to run an amazing fucking 7.6 million cycles an hour, like holy fuck). You're also running a MySQLite query every cycle while transferring useless data to the server, you're clusterfucking the server and overloading it for no fucking reason and that's why you're crashing it. Another question, who the fuck wrote the security of this? I can literally send commands to the server with this insecure method and delete all of your files... If you actually want your fucking server stable and secure, I'm gonna have to recode this entire module to reduce your developer's clusterfuck of 4.8 million cycles to about 400 every hour... it's gonna be $50.
D: *Angered* You're wrong, this is the best way to do it, I did stress testing! *Insert other defensive comments* You're just a shitty developer (This one got me)
Me: *Calm* You're calling me a shitty developer? You're the person that doesn't understand a timer, I get that you're new to this world, but reading the wiki or even using the game's forums would've ripped this code to shreds and you to shreds. You're not even a developer, cause most of this is so disorganized it looks like you copy and pasted it. *Get's angered here and starts some light screaming* You're wasting CPU usage, the game can't use more than 1 physical core, and after a quick test, you're stupid 'amazing' module is using about 40% of the CPU. You need to fucking realize the 40ish average players, use less than this... THEY SHOULD BE MORE INTENSIVE THAN YOUR CODE, NOT THE OPPOSITE.
O: Hey don't be rude to Venom, he's an amazing coder. You're still new, you don't know as much as him. Ok, I'll pay you the money to get it recoded.
Me: Sounds good. *Angered tone* Also you developer boy, learn to listen to feedback and maybe learn to improve your shitty code. Cause you'll never go anywhere if you don't even understand who bad this garbage is, and that you can't even use the fucking wiki for this game. The only fucking way you're gonna improve is to use some of my suggestions.
D: *Leaves call without saying anything*
TL;DR: Shitty developer ran some shitty XP system code for a game nearly 4.8 million times an hour (average) or just above 7.6 million times an hour (if maxed), plus running MySQLite when it could've been done within about like 400 an hour at max. Tried calling me a shitty developer, and got sorta yelled at while I was trying to keep calm.
Still pissed he tried calling me a shitty developer... -
EoS1: This is the continuation of my previous rant, "The Ballad of The Six Witchers and The Undocumented Java Tool". Catch the first part here: https://devrant.com/rants/5009817/...
The Undocumented Java Tool, created by Those Who Came Before to fight the great battles of the past, is a swift beast. It reaches systems unknown and impacts many processes, unbeknownst even to said processes' masters. All from within it's lair, a foggy Windows Server swamp of moldy data streams and boggy flows.
One of The Six Witchers, the Wild One, scouted ahead to map the input and output data streams of the Unmapped Data Swamp. Accompanied only by his animal familiars, NetCat and WireShark.
Two others, bold and adventurous, raised their decompiling blades against the Undocumented Java Tool beast itself, to uncover it's data processing secrets.
Another of the witchers, of dark complexion and smooth speak, followed the data upstream to find where the fuck the limited excel sheets that feeds The Beast comes from, since it's handlers only know that "every other day a new one appears on this shared active directory location". WTF do people often have NPC-levels of unawareness about their own fucking jobs?!?!
The other witchers left to tend to the Burn-Rate Bonfire, for The Sprint is dark and full of terrors, and some bigwigs always manage to shoehorn their whims/unrelated stories into a otherwise lean sprint.
At the dawn of the new year, the witchers reconvened. "The Beast breathes a currency conversion API" - said The Wild One - "And it's claws and fangs strike mostly at two independent JIRA clusters, sometimes upserting issues. It uses a company-deprecated API to send emails. We're in deep shit."
"I've found The Source of Fucking Excel Sheets" - said the smooth witcher - "It is The Temple of Cash-Flow, where the priests weave the Tapestry of Transactions. Our Fucking Excel Sheets are but a snapshot of the latest updates on the balance of some billing accounts. I spoke with one of the priestesses, and she told me that The Oracle (DB) would be able to provide us with The Data directly, if we were to learn the way of the ODBC and the Query"
"We stroke at the beast" - said the bold and adventurous witchers, now deserving of the bragging rights to be called The Butchers of Jarfile - "It is actually fewer than twenty classes and modules. Most are API-drivers. And less than 40% of the code is ever even fucking used! We found fucking JIRA API tokens and URIs hard-coded. And it is all synchronous and monolithic - no wonder it takes almost 20 hours to run a single fucking excel sheet".
Together, the witchers figured out that each new billing account were morphed by The Beast into a new JIRA issue, if none was open yet for it. Transactions were used to update the outstanding balance on the issues regarding the billing accounts. The currency conversion API was used too often, and it's purpose was only to give a rough estimate of the total balance in each Jira issue in USD, since each issue could have transactions in several currencies. The Beast would consume the Excel sheet, do some cryptic transformations on it, and for each resulting line access the currency API and upsert a JIRA issue. The secrets of those transformations were still hidden from the witchers. When and why would The Beast send emails, was still a mistery.
As the Witchers Council approached an end and all were armed with knowledge and information, they decided on the next steps.
The Wild Witcher, known in every tavern in the land and by the sea, would create a connector to The Red Port of Redis, where every currency conversion is already updated by other processes and can be quickly retrieved inside the VPC. The Greenhorn Witcher is to follow him and build an offline process to update balances in JIRA issues.
The Butchers of Jarfile were to build The Juggler, an automation that should be able to receive a parquet file with an insertion plan and asynchronously update the JIRA API with scores of concurrent requests.
The Smooth Witcher, proud of his new lead, was to build The Oracle Watch, an order that would guard the Oracle (DB) at the Temple of Cash-Flow and report every qualifying transaction to parquet files in AWS S3. The Data would then be pushed to cross The Event Bridge into The Cluster of Sparks and Storms.
This Witcher Who Writes is to ride the Elephant of Hadoop into The Cluster of Sparks an Storms, to weave the signs of Map and Reduce and with speed and precision transform The Data into The Insertion Plan.
However, how exactly is The Data to be transformed is not yet known.
Will the Witchers be able to build The Data's New Path? Will they figure out the mysterious transformation? Will they discover the Undocumented Java Tool's secrets on notifying customers and aggregating data?
This story is still afoot. Only the future will tell, and I will keep you posted.6 -
> Startup: ok listen up, we got this super cool thing we want to do with Twilio. Doesn't get any easier: some calls to book a restaurant, you ask for booking data and save that on some db.
> iHateForALiving: I'm on it. We got a couple weeks of development, never worked with Twilio, but should be easy enough
> Startup: Hold it big guy, we can't just write code like this. There's this OTHER developer with a super cool framework he wrote himself, it supports OAuth2 and multitenancy, written in Huskell, microservices to authenticate several apps all working concurrently in our environment, some orchestrator, cloud computing on AWS, you're going to love it. There's this Postman project with 200-something calls (the ones I need for my project, one and only consumer for those APIs, are 5 including the login)
> iHateForALiving: You are aware you'll have approximately six clients and they'll pay some 30 bucks each per month, aren't you?
> Startup: You don't understand, this infrastructure is CRITICAL for the future of our company
> ffwd 6 months
> iHateForALiving: guys we had this 2 weeks project and it's taking months, I'm ready, what is going on there?
> Startup: someone killed our DB, the OTHER developer pushed on git the access credentials :(
THE FULL MOON IS DRAWING NEAR AND THE FUCKING WERECODERS STRIKE AGAIN! -
There’s no better feeling then doing a full server rebuild, modifying several projects heavily to be portable and keep working under new infrastructure and loosing access to dependent systems.
Migrating everything across, firing up Apache.... and BAM the fucker just works and ssl labs gives it an A (it was a giant F with multiple vulnerabilities yesterday on the old server)7 -
Our Professor gave us a predefined Datebase with access methods. The whole database is full of
value == 0 ? false : true
How can this guy teach programming languages when he can't apply a simple != operand6 -
Me and my developer friend worked with my ex-colleague with this fitness directory website because he promised to give us {{ thisAmount }} upon the {{ completionDate }}.
He was my friend and I trusted him.
It took me weeks of sleepless nights building the project. I had a full-time job that time, and I worked on the project during evenings. All went well, and as we reach the {{ completionDate }}, the demo site is already up and running.
A week before the {{ completionDate }}, he hired his new wife as the COO of the startup. It was cool, she keep noticing things on the site which shouldn't be there, and keeps on suggesting sections that has to be there. I was okay with it, until I realized that we are already a month late with the deadline.
Every single hour, I get a message from them like, "it's not working", "when can you finish this feature?", blah blah blah.. and so on.
I got frustrated.
"I want my fucking life back", I told them. No one cared about the {{ completionDate }}, the sleepless zombies they are working with and our payment. They keep on coming up with this "amazing" ass features, and now they are not paying because they said "it's not complete".
Idiot enough to trust a friend. I was unprotected, there was no legal-binding document that states their obligation to pay.
My dev friend and I handed over the project to this web development company which they prefer, and kept a backdoor on the application.
I kind of moved on with the payment issue after a month. But without their knowledge, I kept an eye on the progress and made sure that I still have the access to their server, DNS, etc..
BUT when they announced the official launch on social media, I realized that I was on the wrong train the whole time.
They switched to a different server.
They thanked all the people involved with the project via social media, EXCEPT me and my coding partner who originally built the site from ground up. A little "thank you" note from them will make us feel a little better. But, never happened.
I checked up the site and it was rewritten from originally Laravel 5 to CodeIgniter 1. That is like shifting from a luxury yacht where you can bang some hot chicks, to a row boat where your left hand is holding the paddle whilst your right hand is wanking yourself.
I almost ran out of bullets.
Luckily, CodeIgniter 1 was prone to SQLi by default.
I was able to get the administrator password in plain text and fucked with their data. But that didn't make me feel better because other people's info are involved.
So, I looked for something else to screw with. What I found? A message with the credit card details.
Finally, a chance to do something good for humanity. I just donated a few thousand dollars to different charity websites.3 -
Owner of the company I freelance for: The proposal I sent yesterday to [PR Company we do work for] got bounced back. They said it was incomplete.
Me: Well no shit, they didn't provide us with a detailed itinerary of everything they need, nor did they give us access to sections that they want copied to the new website. I can't and won't provide a full quote when I don't have all the information needed to build one. I would be guessing at this point and it would be shitty guesses.
Owner: Here's a proposal they got from another company. We need to make it like this [sends file].
Me: They mention a one sentence footnote about what I laid out. Everything else is marketing jargon that I don't know, because I'm a developer, not a marketer. I'm not sure what it is you want me to do, because you're asking the wrong person.
Owner: Are you going to help me or not?
Me: Help you with what? You got my notes. Paraphrase them if you need to, but I have more important things on my agenda, like being a web developer, not a proposal drafter. -
What kinda blockhead moron at my ISP decided that I require a new modem & router that is managed by THEM! I'm not really baffled by the privacy concerns but more about that I am unable to manage my home network. I literally cant open ports, manage ip adresses and do other shit I NEED FOR WORKING AT HOME.
I cant print!
I cant read mail!
I cant access my network drives!
My website is down!
Colleagues are asking why the Minecraft server is offline!
And using the new brick they gave me as a modem only, is not possible as there is no setting to be found to turn the router off!
And if I call their imbecile's of support they tell my that if they change a setting, that my phone will disconnect. (The phone line is also connected to the modem!) And right after the support guy said that and wanted to start explaing me further steps, his settings apply and I get kicked off the line. Bruh! You knew this would happen so why didnt you work around it?!?!?!!
Thing is, this new modem isnt even necessary as it doesnt use a different standard like fiber for example.
If I cant figure out how to get my stuff to work again, I swear to god I will turn on full Karen mode and ramble into their next store looking to get some manager fired!
(Ill post an update soon!)7 -
I have come across the most frustrating error i have ever dealt with.
Im trying to parse an XML doc and I keep getting UnauthorizedAccessException when trying to load the doc. I have full permissions to the directory and file, its not read only, i cant see anything immediately wrong as to why i wouldnt be able to access the file.
I searched around for hours yesterday trying a bunch of different solutions that helped other people, none of them working for me.
I post my issue on StackOverflow yesterday with some details, hoping for some help or a "youre an idiot, Its because of this" type of comment but NO.
No answers.
This is the first time Ive really needed help with something, and the first time i havent gotten any response to a post.
Do i keep trying to fix this before the deadline on Sunday? Do i say fuck it and rewrite the xml in C# to meet my needs? Is there another option that i dont even know about yet?
I need a dev duck of some sort :/39 -
Sorry I haven't been as active lately, however this is one of the better prompts, so I feel I should have it in my track record. Beware, it's a long one...
Let's trace the roots: My uncle was building desktops and he told my dad he'd build him one if my dad paid him for the components. These days I know builds aren't rocket science, but back then my parents didn't do their research. So my dad paid him.
Give or take some time, and most of the parts are complete. He underestimated the prices of a few things and had to ask for $200 more to complete the build. This...caused my dad to explode.
Later, I heard my dad ranting to my stepmom in January 2017 about how the last convo he had with his brother was a "Fuck-you conversation" - it was the last because my uncle had died in 2003.
Flash forward to March 2017. My mom and I are sitting in a Fazoli's, a nice sunset out of the full-length windows. I had to probe. HAD TO.
"You promise you won't tell your dad I told you this?" she asked.
"You know Kellie and I can't stand to be around him." I replied.
As the story goes, that last "Fuck-you conversation"? Over a fucking measly $200. Yup, the last conversation between my dad and his brother to ever happen was a shouting match over a relatively short amount of money. I wish I could say my dad had remorse, but he doesn't. He still talks shit. He's also technologically illiterate, so I doubt there was a way his brother was going to be able to reason with him.
In late 2003, my uncle, who had been a smoker, passed away due to cardiac arrest. The build was still not finished. This was one of the OTHER things that I have mixed feelings about.
After my uncle passed, my aunt paid someone to finish the build and get it shipped to my dad. We'll get back to why I feel this is fucked up, stay tuned...
---------
It's Spring 2004. I'm in the last half of what I think is Kindergarten or some shit...too lazy to do the math. Anyway, my dad announces we have a family computer - however, I couldn't read yet. That didn't stop the waste of oxygen that is my father from going in the Windows XP screensavers and putting text in that said "GAGE MORGAN WILL NOT TOUCH THIS COMPUTER." He's such a fuckin' dick, now AND back then.
My mom had an issue with this. I don't know why, but she did. Later, I was slowly taught how to use the mouse, under heavy supervision. Then I went to my grandma's house. She taught me one very specific thing on her old Win98 (386, maybe? IDK my old hw shit man), and because I know you guys are gonna love this one:
"The blue "e" opens up your games!"
The blue "e" does not open up your games, it opens something that can lead to your games.
I went home and tried this...without permission. My dad came down and discovered my lollygagging on the homepage - this is fucking weird. It was before Nextel, IIRC, so Sprint's logo was red still. Yes, we had broadband from Sprint. I don't know what saga led to that going the way of the dodo, but...
Back on track, I literally got my pants pulled down and had my bare bottom beat. He was gonna drag my ass upstairs and lock me in my room, but before he could, he accidentally slammed MY FUCKING RIGHT TEMPLE into the corner of a hardwood table at the bottom of the staircase.
The wailing that resulted probably was different than the previous form, which is probably what got my mom involved. My dad had a way of going too far, and in retrospect I'm more terrified now of what could've happened than I was then.
Later, I was given access to games in the form of my own account and bookmarks bar. That wasn't the end of the madness/drama from my use of that machine, but it was the earliest form.
Ever since Kindergarten, that one fateful day, I've been defying any/all imposed limitations on tech set on me by my parents...well, not anymore, but literally grades K-12. I'm living on my own, aka "adulting" now. It sucks more than you think, man.
---------
Let's tie this up before I reach the limit. I said I thought it was fucked up when my aunt paid to have the build finished and shipped to us after my uncle's death.
Yes, my aunt's intervention led to me ultimately majoring in computer science.
That doesn't change the fact that she shouldn't have done it.
My dad was an asshole to her husband, who passed. She is ultimately too caring. I don't think my jackass father should've been able to get by with that, he didn't deserve the freebie. Someone else should've told him his brother did in fact need that $200.
I haven't seen her IRL since the funeral when my grandpa passed in 2005. 2006 spelled the end of my parents' marriage.
Hope you guys enjoyed this - it's only a small segment of how I got to where I am now - tiny, actually.2 -
GDPR is about to happen.
Has anyone read the provisions?
It's like they put some flat earther anti-vaxers in a room and made them scribble up a law.
For those who don't know - it's a new, EU-wide "data privacy" law that's about to take effect on May 25th.
The gist of it is that if you fuck up even a little bit, you get to personally pay a fine of up to 10 Million Euros (for companies there's a separate clause, this is for employees only), or/and 2-3 years in jail if that fuck-up has caused material damages.
That little fuck-up can be as simple as losing a tiny amount of data between back-ups, or entrusting a third party with full access to some data (which is not prohibited) without controlling 100% what he can do with that data (which IS prohibited).
I shit you not, these are the explicit articles of that law.
If it is enforced in this way, it is the swift death of European economy. Just because some retards didn't read the privacy policy before agreeing to it, and then made a shit storm, everyone has to suffer.50 -
Sometimes I have to work with physical hardware. There are over 300 machines in our lab, split among two subnets. But for some reason, I can never access my machines by hostnames.
Every other week, there's an IP conflict on this network, requiring me to log into the active directory server and delete old DNS entries. This usually happens because someone decided to deploy 64 VMs on a huge server, all at once, didn't boot them with a delay, let alone with with a warning to IT.
Then when my superior asks how my progress has been and I respond with "I can't even get the machines to ping each other by hostname, there's something wrong with the DNS:, I get the following response: "HOW COME NOBODY ELSE IS HAVING PROBLEMS WITH THIS. YOU'RE FULL OF SHIT", from someone who spends 90% of the year abroad, working remotely.5 -
I don't know how managers are planning deadlines and counting December as a full working month!
Most companies that I worked with, count either half a month or push the deadline until the end of January when the workforce is back but not here.
Our division manager has promised the customer that the production environment will be ready on the first week of January, without even consulting the team or checking the schedule like WTF!
The person responsible for setting the infrastructure was on vacation for 2 weeks and he didn't hand over the access to production or share the progress done.
Fast forward, the manager went to slack and pinged the whole company with full caps message that the production should be done today.
Fun times :/7 -
At my last job, I created a Google Map for a client, where you could click on any department from France, and it would tell you about all the antennas (think "outpost") of his society. I used a Google Fusion Table where I registered everything: the datas to display, the coordinates for every departments and for every region.
I then wrote a 15-pages long document to tell how to maintain that, since I used my personal Google account to create the map. Anyone having a full access to the website should be able to recreate the map from nothing and witout writing a single line of code.
Then I switched project, the company kind of fucked me over, and I just received a mail saying that Google Fusion Table will be put down in a year.
I just hope they didn't receive the mail. -
The Sys Admin limited everyone's access on an application through the admin panel. He forgot I have access to the database and I now have full access 😂1
-
Another story of mine is when me and my friends were playing games in the school library. I decided to fuck around on windows XP file systems to see what I could find. After clicking around for a bit, I found a way to access all of the student files in my year, with full access privileges.
What ended up happening was that my friends figured it out too, many of them changing files and writing messages for the other people in our class. After writing messages to each other and leaving messages to students here and there, I decided that it probably should be a good idea to report this.
The response at the IT room wasn't like the woman's response (bitch from last rant). They were like "Cool, thanks." The fix happened immediately and I wasn't really told off. It was a good day c: -
So I log into a great new site with my development machine. 64G of RAM, and 2 hex core CPU's; GTX 1070 video, SSD, etc. 4K display screen. (Motherboard is 5 years old, not trying to brag, just give context). I regularly put 8 pages of text on the screen side by side. Split ergonomic keyboard.
It wants me to load a mobile app for "full access".
Yea, why look at the world with wide open eyes when you can view everything through a cardboard toilet paper tube and type with your thumbs???
== John == -
SharePoint things that I get yelled at by customers for:
Setting up page permissions wrong (even though the real problem is that a coworker didn’t check the page in)
Writing the workflow wrong and nobody is getting emailed (even though they didn’t select who to send the email to)
Not magically knowing that they wanted the new intern (who started Tuesday) to be given full design rights on their page
Not magically knowing that their discussion mod quit a year ago (before I started here) and now nobody can feature a post
Not spinning up an entire new site so that they could post a link to a single sign up sheet for their team (of 10 people) barbecue
Somehow making it so MS Edge can’t handle high res images correctly (because I totally created Edge (which isn’t even a supported browser here))
Not responding immediately when they submitted a ticket at 7:00pm (I’m off at 5) asking me to change one word on a page they have edit rights to
Not giving their admin assistant global design rights for our entire organization
Not giving them access to a confidential folder that has nothing to do with their job
Telling the owner of aforementioned folder that they’re not allowed to store confidential data in SharePoint
Making workflows too confusing for them to figure out
Fixing shit workflows that their ex coworker built wrong
Generally having the word SharePoint associated with my name2 -
Fun fact, I left my old job in October last year. I still have a full access to their github. With admin privileges. I could just delete all their repositories. This is too much power.7
-
Me: "I'll use my old laptop as a server to access via SSH to do my Docker Tests. I don't wanna use Keyboard and Screen. So, I'll set up Debian Server"
Also me: "Oh, full disk encryption with a preboot Login required. That's such a GOOD idea"
Introducing: Stupid me 🤗 -
Started a job as a full stack developer. My first task was shocking! Do these small edits on this backend script that collects stuff from one database and edits the entries in another... piece of cake so far!
Here is the project on the TFS...
HOLD ON! IS THIS VISUAL BASIC?!!
I came here to do .Net framework development and .Net Standard... I wasn’t told that there will be VB, I have never used vb.net before.
Now... that I’m going to maintain this script in the future, I decided to rewrite it in C#, few things I learned on my journey of doing this:
1- There is an access modifier in VB called Friend
2- There is a data structure/type called Collection, it’s a value,key pair! Not key value pair... Value first, then key!!
3- Do you know how null is null everywhere?!! In VB they call it Nothing! Yes, as in...
if(myVar == nothing)
{
//stuff
}
Asking the guy responsible for that choice... he thinks VB is easier to read than C#
I DONT WANT YOU TO READ IT, I WANT IT TO MAKE SENSE AND WORK WITH THE REST OF THE C# CODE WE HAVE!!9 -
I got a median-pay front-end job through a contractor (after a contract from hell...but yeah I didn't learn...) and I'm getting zero assignments after a month and nobody seems to know what my role is.
I'm one month in, and every week I have to email my boss to remind her to sign my paycheck, which is stressful because I'm charging for my time because my assignments are like "Research this" or "look at this Wordpress theme or brand guide". The team never communicates but once a week, and I'm beginning to believe that I'm not a good fit for the team because they are impossible to get a hold of and the sysadmin won't give me access to anything even when I CC my boss. (I don't want to grief this guy...) Despite this, I've been told privately by higher-ups on a few occasions that they plan to hire me full time by November...
My SO thinks that the reason people are so dodgy toward me is because they literally do nothing and I'm breaking the flow of that by asking for things. I'm used to agency output, which can be toxic and where everything is 'due yesterday', and I'm watching this team work on assignments ten times slower than normal. ("You want to change a phone number on a website footer? You'll get it next week...maybe." I can't step on toes because I don't have access...) I'm perfectly fine with having to wear several hats at a low-stress job, but I can't even get my first assignment and I'm still being asked who I am in weekly meetings, or asked things like, "Would you even be willing to relocate here?" (I actually live DOWN THE STREET FROM THE OFFICE!! WHY DO I HAVE TO BE REMOTE? Why am I being asked this question?) It feels like my boss impulse hired me, with zero input from the team, and had no real reason to hire me in the first place...
It could also be another issue: Yeah, my experience is in PHP/JS/React, "but here have a seven year old .NET project and a company laptop with zero documentation and make this form import data to a database we know nothing about." Lead dev won't even talk to me.
I feel like a joke.2 -
Have you ever had the moment when you were left speechless because a software system was so fucked up and you just sat there and didn't know how to grasp it? I've seen some pretty bad code, products and services but yesterday I got to the next level.
A little background: I live in Europe and we have GDPR so we are required by law to protect our customer data. We need quite a bit to fulfill our services and it is stored in our ERP system which is developed by another company.
My job is to develop services that interact with that system and they provided me with a REST service to achieve that. Since I know how sensitive that data is, I took extra good care of how I processed the data, stored secrets and so on.
Yesterday, when I was developing a new feature, my first WTF moment happened: I was able to see the passwords of every user - in CLEAR TEXT!!
I sat there and was just shocked: We trust you with our most valuable data and you can't even hash our fuckn passwords?
But that was not the end: After I grabbed a coffee and digested what I just saw, I continued to think: OK, I'm logged in with my user and I have pretty massive rights to the system. Since I now knew all the passwords of my colleagues, I could just try it with a different account and see if that works out too.
I found a nice user "test" (guess the password), logged on to the service and tried the same query again. With the same result. You can guess how mad I was - I immediately changed my password to a pretty hard.
And it didn't even end there because obviously user "test" also had full write access to the system and was probably very happy when I made him admin before deleting him on his own credentials.
It never happened to me - I just sat there and didn't know if I should laugh or cry, I even had a small existential crisis because why the fuck do I put any effort in it when the people who are supposed to put a lot of effort in it don't give a shit?
It took them half a day to fix the security issues but now I have 0 trust in the company and the people working for it.
So why - if it only takes you half a day to do the job you are supposed (and requires by law) to do - would you just not do it? Because I was already mildly annoyed of your 2+ months delay at the initial setup (and had to break my own promises to my boss)?
By sharing this story, I want to encourage everyone to have a little thought on the consequences that bad software can have on your company, your customers and your fellow devs who have to use your services.
I'm not a security guy but I guess every developer should have a basic understanding of security, especially in a GDPR area.2 -
When customers pretend to really care about security but then share server folders to "everyone" 🤨2
-
Yesterday, microsoft showed me once again, what it means to "obey".
I tried to install Microsoft SQL Server 2012 on a virtual machine with OS Windows7.
The installation-center asked me to choose an installation-folder for SQL-Server.
No matter what, for any folder i had chosen for the installation, the setup replied with the errormessage "The installation-folder is invalid"
So i considered asking our platform-services team, whether they gave me administrative rights for the vm.
They did. I had full access to the components of my vm.
After a few days i finally recognized, that i had picked a wrong iso for the installation of sql server.
Instead of sql server 2012 + Service Pack 3, i picked sql server 2012 ServicePack 3.
So after all, Microsoft tried to tell me by showing the message "The installation-folder is invalid", that the setup weren't able to find an installation of Microsoft SQL Server 2012.
God damned!!1!3 -
Fuck you Steam, just fuck you and your price politics.
I have a Swiss and one Russian Steam account. I have on my Swiss account over 450 Games and on the russian one around 4.
I have a friend in Russia and to play some games with him, I need a russian account.
Guess what? Since the last change to Steam Shop I cant use my Swiss Credit Card anymore to buy games in Russia.
Now when I want to test a game first on the russian account and when it's good to buy it after on my main Account, I can't.
Why should I pay for a game in Early Access the full price, when the game is bad and will be abadoned in a half year?
Sure they are some good early access games, which I payd the full price for (Switzerland has the highest Steam Game prices). As example ARK or Battlegrounds. I love these games and like to support the Devs.
But I get really angry when I have to pay for a Game which is worth 5 $ and sold in my Country for 20 $ and will be unsupported after a year.
Really fuck you Valve and Steam 🖕🏻🖕🏻😡
Atleast refund the people the money, when the game is abadoned! But sure, you're just in for a Cash Grab...4 -
To make matters even worse, my manager gave the horrible client also access to another clients environment just to 'compare' things, and nitpick over configuration that he is missing, but just hasn't setup yet...
Fucking fuck fuck fuck fuck fuck my manager, what a total 🌰🔩🥜nutjob5 -
So apparently google doesn't give a fuck about your money. Yes I didn't use it right now, i purchased the dev account so I will be able to publish later when I need it and already used it in the past. How is it that they will close an account that you've payed for for inactivity?
ps.: Now I understand why has the play store full garbage apps. I will do that too...
pps: I know it's only 25$ but I still payed that to have access in the first place2 -
As I already said on devrant, I'm a freelance web developer and I also often sell my services for teaching, loving that. Currently I'm teaching PHP with 30 students and it's going very well.
But yesterday, I received an offer for giving another course next month, this time on HTML and CSS, for a company I don't know yet. Almost every line of this email is wrong, outdated by 20 years, or just basically meaningless...
So I thought I could do my best to translate this as close as possible to the original, preserving the wrong formulations too, just for you devranters fellas.
"Hello,
I have an offer for a 2 days course for 5 people (level 1+ and/or 2), on HTML5 and CSS3. Below, the program :
1. XHTML AND CSS2 INTRODUCTION
Advantages and benefits of change
Understanding compatibility for different versions of browsers
HTML, XHTML, CSS edition tools : presentation of the different tools
The CSS language : different types of selectors : class of selector, identifier of selector, contextual selectors, grouped selectors
Blocks of text, boxes of text
The CSS1, CSSP, CSS2 properties
Relative and absolute measures units
2. LAYOUT TECHNIQUES
Full CSS, XHTML websites demo
Positioning with the position property, positioning with the float property
Columns creation
Layout for forms
Layout for data tables
Layout for menus
3. INTRODUCTION TO SVG (SCALABLE VECTOR GRAPHICS)
Role and importance of SVG
Using SVG on client side : basic shapes
SVG structure of document, tags examples
Using CSS styles with SVG
Different integration methods for SVG in a XHTML document
4. OPTIMISATION OF JAVASCRIPT CODE
Introduction to DOM and Javascript
Access to document objects : different access techniques, using this keyword, create elements dynamically
Positioning elements with the help of Javascript : positionning elements relatively to the mouse, move elements
Show/hide elements for creating hierarchical menus
Code optimisation techniques : using objects, objects litterals, loops optimisation
Can you please give me your availability ?"
Seriously...
CSS-fucking-1 ! Is it a course for dinosaurs ?
...And if only my rant was just about the program...
It's totally impossible to cover all these subjects in only 2 days with people of different levels and experience.
The guy exactly said to me : "don't worry about the program, it's an old text but they agreed to it anyway. They just want to learn HTML and CSS, some of them already know it but want to learn more, and the others are total beginers.".
And here is the meaning for the "(level 1+ and/or 2)" part in the email.
So... Surprizingly, I accepted the offer, but asked for at least a 3rd day. I'm waiting for their answer, but I'll do it anyway, adapting the course content to the actual students knowledge. I need the money, after all.
Wish me luck...
It's just sad that these formation companies are selling bullshit to clients that just want to learn something useful. It's too often like that, they sell shitty/useless programs and we have to catch up in real time with students that don't understand why they don't learn what was told to them.3 -
When your CTO has full access to the production servers and makes SQL changes directly without following process. Then breaks production and tells everyone "this is why we need to follow process!". Then proceeds to break it again hours later.
-
A time I (almost) screamed at co-worker?
Too many times to keep up with.
Majority of time its code like ..
try
{
using (var connection = new SqlConnection(connectionString))
{
// data access code that does stuff
}
catch (Exception e)
{
// Various ways of dealing with the error such as ..
Console.WriteLine("Here");
ShowMessage("An error occured.");
return false;
// or do nothing.
}
}
Range of excuses
- Users can't do anything about the error, so why do or show them anything?
- I'll fix the errors later
- Handling the errors were not in the end-user specification. If you want it, you'll have to perform a cost/benefit analysis, get the changes approved by the board in writing, placed in the project priority queue ...etc..etc
- I don't know.
- Users were tired of seeing database timeout errors, deadlocks, primary key violations, etc, so I fixed the problem.
On my tip of my tongue are rages of ..
"I'm going to trade you for a donkey, and shoot the donkey!"
or
"You are about as useful as a sack full of possum heads."
I haven't cast those stones (yet). I'll eventually run across my code that looks exactly like that.1 -
Tl;Dr Im the one of the few in my area that sees sftping as the prod service account shouldn't be a deployment process. And the ONLY ONE THAT CARES THAT THIS IS GONNA BREAK A BUNCH OF SHIT AT SOME POINT.
The non tl;dr:
For a whole year I've been trying to convince my area that sshing as the production service account is not the proper way to deploy and/or develop batch code. My area (my team and 3 sister teams) have no concept of using version control for our various Unix components (shell scripts and configuration files) that our CRITICAL for our teams ongoing success. Most develop in a "prodqa like" system and the remainder straight in production. Those that develop straight in prodqa have no "test" deployment so when they ssh files straight to actual production. Our area has no concept of continuous integration and automated build checking. There is no "test cases", no "systems testing" or "regression testing". No gate checks for changing production are enforced. There is a standing "approved" deployment process by the enterprise (my company is Whyyyyyyyyyy bigger than my area ) but no one uses it. In fact idk anyone in my area who knows HOW to deploy using the official deployment method. Yes, there is privileged access management on the service account. Yes the managers gets notified everytime someone accesses the privileged production account. The managers don't see fixing this as a priority. In fact I think I've only talk to ONE other person in my area who truly understands how terrible it is that we have full production change access on a daily basis. Ive brought this up so many times and so many times nothing has been done and I've tried to get it changed yet nothing has happened and I'm just SO FUCKING SICK that no one sees how big of a deal this. I mean, overall I live the area I work in, I love the people, yet this one glaring deficiency causes me so much fucking stress cause it's so fucking simple to fix.
We even have an newer enterprise deployment. Method leveraging a product called "urban code deploy" (ucd) to deploy a git repository. JUST FUCKING GIT WITH THE PROGRAM!!!!..... IT WAS RELEASED FUCKING 12 YEARS AGO......
Please..... Please..... I just want my otherwise normally awesome team to understand the importance and benefits of version control and approved/revertable deployments2 -
PouchDB.
It promised full-blown CRDT functionality. So I decided to adopt it.
Disappointment number one: you have to use CouchDB, so your data model is under strict regulations now. Okay.
Disappointment number two: absolutely messed up hack required to restrict users from accessing other users’ data, otherwise you have to store all the user data in single collection. Not the most performant solution.
Disappointment number three: pagination is utter mess. Server-side timestamps are utter mess. ANY server-side logic is utter mess.
Just to set it to work, you need PouchDB itself, websocket adapter (otherwise only three simultaneous syncs), auth adapter (doesn’t work via sockets), which came out fucking large pile of bullshit at the frontend.
Disappointment number four, the final one: auth somehow works but it doesn’t set cookie. I don’t know how to get access.
GitHub user named Wohali, number one CouchDB specialist over there, doesn’t know that either.
It also doesn’t work at Incognito mode, doesn’t work at Firefox at all.
So, if you want to use PouchDB, bear that in mind:
1. CouchDB only
2. No server-side logic
3. Authorization is a mess
4. Error logs are mess too: “ERROR 83929629 broken pipe” means “out of disk space” in Erlang, the CouchDB language.
5. No hosting solutions. No backup solutions, no infrastructure around that at all. You are tied to bare metal VPS and Ansible.
6. Huge pile of bullshit at frontend. Doesn’t work at Incognito mode, doesn’t work at Firefox.8 -
Because I am very interested in cyber security and plan on doing my masters in it security I always try to stay up to date with the latest news and tools. However sometimes its a good idea to ask similar-minded people on how they approach these things, - and maybe I can learn a couple of things. So maybe people like @linuxxx have some advice :D Let's discuss :D
1) What's your goto OS? I currently use Antergos x64 and a Win10 Dualboot. Most likely you guys will recommend Linux, but if so what ditro, and why? I know that people like Snowden use QubesOS. What makes it much better then other distro? Would you use it for everyday tasks or is it overkill? What about Kali or Parrot-OS?
2) Your go-to privacy/security tools? Personally, I am always conencted to a VPN with openvpn (Killswitch on). In my browser (Firefox) I use UBlock and HttpsEverywhere. Used NoScript for a while but had more trouble then actual use with it (blocked too much). Search engine is DDG. All of my data is stored in VeraCrypt containers, so even if the system is compromised nobody is able to access any private data. Passwords are stored in KeePass. What other tools would you recommend?
3) What websites are you browsing for competent news reports in the it security scene? What websites can you recommend to find academic writeups/white papers about certain topics?
4) Google. Yeah a hate-love relationship, but its hard to completely avoid it. I do actually have a Google-Home device (dont kill me), which I use for calender entries, timers, alarms, reminders, and weather updates as well as IOT stuff such as turning my LED lights on and off. I wouldn"t mind switching to an open source solution which is equally good, however so far I couldnt find anything that would a good option. Suggestions?
5) What actions do you take to secure your phone and prevent things such as being tracked/spyed? Personally so far I havent really done much except for installing AdAway on my rooted device aswell as the same Firefox plugins I use on my desktop PC.
6) Are there ways to create mirror images of my entire linux system? Every now and then stuff breaks, that is tedious to fix and reinstalling the system takes a couple of hours. I remember from Windows that software such as Acronis or Paragon can create a full image of your system that you can backup and restore at any point to get a stable, healthy system back (without the need to install everything by hand).
7) Would you encrypt the boot partition of your system, even tho all data is already stored in encrypted containers?
8) Any other advice you can give :P ?12 -
Python devs and data analysts....
Do you recommend using pycharm for working with jupyter notebooks? I surely had a bad time with it.
I have been using many jetbrains softwares , and am a fan of their docs search and autocompletion. But I don't think there is a full support for jupyter jn it, because sometimes my graphs made using matploit or seaborn just brakes.
And some libraries have a lot of functions taking parameters as " *args, **kwargs " , I don't know what that means but those function take a lot of "value" parameters i guess?(like this: plt.figure(figsize=[13,6], axis=False) )
Pycharm also don't seem to have access to list of those arguments...
Are you having such problems too? Have you found some better ide with autocompletions and support for jupyter? Do tell.
(Ps: i know jupyter can be run directly on a browser, but as i said "auto completions and documentations" )5 -
It's been a while DevRant!
Straight back into it with a rant that no doubt many of us have experienced.
I've been in my current job for a year and a half & accepted the role on lower pay than I normally would as it's in my home town, and jobs in development are scarce.
My background is in Full Stack Development & have a wealth of AWS experience, secure SaaS stacks etc.
My current role is a PHP Systems Developer, a step down from a senior role I was in, but a much bigger company, closer to home, with seemingly a lot more career progression.
My job role/descriptions states the following as desired:
PHP, T-SQL, MySQL, HTML, CSS, JavaScript, Jquery, XML
I am also well versed in various JS frameworks, PHP Frameworks, JAVA, C# as well as other things such as:
Xamarin, Unity3D, Vue, React, Ionic, S3, Cognito, ECS, EBS, EC2, RDS, DynamoDB etc etc.
A couple of months in, I took on all of the external web sites/apps, which historically sit with our Marketing department.
This was all over the place, and I brought it into some sort of control. The previous marketing developer hadn't left and AWS access key, so our GitLabs instance was buggered... that's one example of many many many that I had to work out and piece together, above and beyond my job role.
Done with a smile.
Did a handover to the new Marketing Dev, who still avoid certain work, meaning it gets put onto me. I have had a many a conversation with my line manager about how this is above and beyond what I was hired for and he agrees.
For the last 9 months, I have been working on a JAVA application with ML on the back end, completely separate from what the colleagues in my team do daily (tickets, reports, BI, MI etc.) and in a multi-threaded languages doing much more complicated work.
This is a prototype, been in development for 2 years before I go my hands on it. I needed to redo the entire UI, as well as add in soo many new features it was untrue (in 2 years there was no proper requirements gathering).
I was tasked initially with optimising the original code which utilised a single model & controller :o then after the first discussion with the product owner, it was clear they wanted a lot more features adding in, and that no requirement gathering had every been done effectively.
Throughout the last 9 month, arbitrary deadlines have been set, and I have pulled out all the stops, often doing work in my own time without compensation to meet deadlines set by our director (who is under the C-Suite, CEO, CTO etc.)
During this time, it became apparent that they want to take this product to market, and make it as a SaaS solution, so, given my experience, I was excited for this, and have developed quite a robust but high level view of the infrastructure we need, the Lambda / serverless functions/services we would want to set up, how we would use an API gateway and Cognito with custom claims etc etc etc.
Tomorrow, I go to London to speak with a major cloud company (one of the big ones) to discuss potential approaches & ways to stream the data we require etc.
I love this type of work, however, it is 100% so far above my current job role, and the current level (junior/mid level PHP dev at best) of pay we are given is no where near suitable for what I am doing, and have been doing for all this time, proven, consistent work.
Every conversation I have had with my line manager he tells me how I'm his best employee and how he doesn't want to lose me, and how I am worth the pay rise, (carrot dangling maybe?).
Generally I do believe him, as I too have lived in the culture of this company and there is ALOT of technical debt. Especially so with our Director who has no technical background at all.
Appraisal/review time comes around, I put in a request for a pay rise, along with market rates, lots of details, rates sources from multiple places.
As well that, I also had a job offer, and I rejected it despite it being on a lot more money for the same role as my job description (I rejected due to certain things that didn't sit well with me during the interview).
I used this in my review, and stated I had already rejected it as this is where I want to be, but wanted to use this offer as part of my research for market rates for the role I am employed to do, not the one I am doing.
My pay rise, which was only a small one really (5k, we bring in millions) to bring me in line with what is more suitable for my skills in the job I was employed to do alone.
This was rejected due to a period of sickness, despite, having made up ALL that time without compensation as mentioned.
I'm now unsure what to do, as this was rejected by my director, after my line manager agreed it, before it got to the COO etc.
Even though he sits behind me, sees all the work I put in, creates the arbitrary deadlines that I do work without compensation for, because I was sick, I'm not allowed a pay rise (doctors notes etc supplied).
What would you do in this situation?4 -
Last update on my student job.
Today is my last day. Even thought it was tough sometimes it was a really good experience.
I worked with amazing people and had a little taste of IT limitation. Didn't had full admin access so I was limited on a lot of things I had to do but that taught me to say no to my supervisors when some things were not possible.
I'm very proud of the final result so do my superiors and colleagues. I'm really impressed by what I was capable of doing and that gives more self confidence. I know I made the right choice and I know I'll continue enjoy computer science as much as I do today.2 -
I just need to vent about how frustrating and terrible Windows is.
It almost seems like consistentsy and attention to detail are completely foreign concepts to Microsoft. Everything from simple text selection (WHY DOES A DOUBLE CLICK INCLUDE THE TRAILING SPACE) to using advanced software feels like a chore.
Any sympathizers here? What problems do you need to vent about when trying to navigate your OS?
FWI I'm not a Mac or Linux user, so I have the joy of using Windows at home. I wish I could switch, but I prefer full access to my Steam library so I'm stuck with this option.rant microsoft venting windows 10 windows sucks windows 10 sucks why would you do that bad design windows7 -
Head of legal: email me details of the customer information you hold/access
Me (in head): I'm a full stack developer! I access everything!! Should I tell the truth, or "the TRUTH"3 -
Spent the entire morning updating a SQL query.
Client wanted to have different expiration times for different products. So the full package would be 1 year of access and a module would only be 6 months. Then when you renew your account the renewal is 1 year if you have the full package else it's 6 months.
The query takes 0.7s to run and left joins 3 tables. Only to return about 100 results. Still it's faster than the guy who wrote the original query which just dumped the hole db into memory then looped through it appending valid entries to a new array. -
Just got access to OpenAI beta. This thing is seriously impressive. The attached image shows it summarizing a paragraph from Friedrich Nietzsche. Apart from that, I have tried summarizing a complex Math Algo which I found on Wikipedia, getting specs for building a new PC, and also improving my Startup Idea. The results were astonishing. I can't imagine what possibilities it can have in the future.
At the same time, I can clearly see why they are not allowing open access to their APIs. The potential for abuse is so high here. Especially when most of our population is full of digital idiots. -
God fucking damn this stupid MariaDB is full of bugs... First access denied because I tried to login as root as non root and now that... Damn...6
-
Today I found out we have 5 different Customer databases, one for each product area. We don't have access to more than 2 of them, while corp. it central has full access, but we have to beg and pay to see our own customers....
Now i'm tasked with integrating all these into a Customer db. and the way i get access is cobolt made, fixed length csv files and it's different for each db.
FML1 -
Working on small scale games to working on a full blown VR 4 person MO game, the scale from one to another is pretty big, I seem to manage somehow though :D takong it all one step at a time, making sure I don't use any repeated code in places that could need it, cleaning up classes so it's easier to access for debugging, building nice inspector things so people that create art/particles and such don't have a hard time understanding my weird naming conventions.
I could go on and on really xD i've learnt so much and i'm still learning, and I really have nothing to rant about thesw days so i've gone back to lurk mode lol -
Haven't ranted for awhile but here it goes...
In a meeting with a front end user yesterday. They don't like the entry screens on our Oracle ERP system. They want us to provide them with a tool so they can create new entry screens to replace those they dont like. They want full autonomy over that tool and no interference from IT. Oh, and they want unfettered database access to the production data, including full ability to execute DML. I so wanted to say 'Are you high?'.1 -
Just as an extension of last rant to explain how much fun it is to keep up with Apple's security through obscurity bullshit.
AFAIK this full disk access (FDA) feature was touted to protect a user's data on macOS. Programs that want to access those files need to request the user's permissions to do so. Now to the fun part: Apple is not providing any API. A staff member suggested, that you should only try to access the files your app needs and if you can't as for the user's allowance. One should not use some fixed files and try to access them, because their locations might change, as well as their (UNIX file) access rights (ACL), or if they fall under FDA. Not to speak about the other security features that might hinder you accessing files (you might be sandboxed, or the files might be subject to SIP/rootless).
Honestly, you should be starting to take drugs, if you want to stay sane. I mean UNIX ACL are weird enough: e.g. you can make a directory only readable for root such that a user cannot list the files inside, but you can place files inside that the user can read (if she knows about their existence). On macOS you'll never know. You may have all the rights to access a file,.. but Apple will only give you the finger.
As they always do to us developers.2 -
A tale of silos, pivots, and mismanagement.
Background: Our consultancy has been working with this client for over a year now. It started with some of our back-end devs working on the API.
We are in Canada. The client is located in the US. There are two other teams in Canada. The client has an overseas company contracted to do the front-end of the app. And at the time we started, there was a 'UX consultancy' also in the US.
I joined the project several months in to replace the then-defunct UX company. I was the only UX consultant on the project at that time. I was also to build out a functional front-end 'prototype' (Vue/Scss) ahead of the other teams so that we could begin tying the fractured arms of the product together.
At this point there was a partial spec for the back-end, a somewhat architected API, a loose idea of a basic front-end, and a smattering of ideas, concepts, sketches, and horrific wireframes scattered about various places online.
At this point we had:
One back-end
One front-end
One functional prototype
One back-end Jira board
One front-end Jira board
No task-management for UX
You might get where this is going...
None of the teams had shared meetings. None of the team leads spoke to each other. Each team had their own terms, their own trajectory, and their own goals.
Just as our team started pushing for more alignment, and we began having shared meetings, the client decided to pivot the product in another direction.
Now we had:
One back-end
One original front-end
One first-pivot front-end
Two functional prototypes
One front-end Jira board
One back-end Jira board
No worries. We're professionals. We do this all the time. We rolled with it and we shifted focus to a new direction, with the same goals in mind internally to keep things aligned and moving along.
Slowly, the client hired managers to start leading everything in the same direction. Things started to look up. The back-end team and the product and UX teams started aligning goals and working toward the same objectives.
Then the client shifted directions again. This time bigger. More 'verticals'. I was to leave the previous 'prototypes' behind, and feature-freeze them to work on the new direction.
One back-end
One conceptual 'new' back-end
One original front-end
One first-pivot front-end
One 'all verticals' front-end
One functional prototype
One back-end Jira board
One front-end Jira board
One product Jira board
One UX Jira board
Meanwhile, the back-end team, the front-end team overseas, all kept moving in the previously agreed-upon direction.
At this stage, probably 6 months in, the 'prototypes' were much less proper 'prototypes' but actually just full apps (with a stubbed back-end since I was never given permission or support to access the actual back-end).
The state of things today:
Back to one back-end
One original front-end
One first-pivot front-end
One 'all verticals' front-end
One 'working' front-end
One 'QA' front-end
One 'demo' front-end
One functional prototype
One back-end Jira board
Two front-end Jira boards
One current product Jira board
One future product Jira board
One current UX Jira board
One future UX Jira board
One QA Jira board
I report to approximately 4 people remotely (depending on the task or the week).
There are three representatives from 'product' who dictate features and priorities (they often do not align).
I still maintain the 'prototype' to this day. The front-end team does not have access to the code of this 'prototype' (the clients' request). The client's QA team does not test against the 'prototype'.
The demos of the front-end version of the product include peanut-gallery design-by-committee 'bug call-outs', feature requests, and scope creep by attendees in the dozens from all manner of teams and directors.4 -
Google, please explain to me: Why the fuck would you create a hardcoded requirement in your libraries to use a plaintext json file with credentials to your API?
Credentials which give full access to all of the company email, addresses, cloud services, etc?
And why would you accompany this in your docs with example implementations which read as if they were an intern's first coding project — non psr compliant PHP, snippets of Go which won't compile due to type errors...
I'm starting to become convinced that the whole of the Google Cloud API was actually written by thirteen year old who found their parent's liquor cabinet.
Fuck this I'll build my own Google.1 -
Nothing makes me not want to take a full-time job at your company more than having to go through IT tickets every quarter year when my password expires to actually change my password. Why have a fucking self-service portal for employees if logging in with an expired password doesn't work and the reset password link tells me that I need to log in to enroll with security questions (???). It feels like these websites are glued together with sticks and spit and there's a million of them each sporting one specific purpose! I have to go through this shit multiple times since I'm an intern and I didn't have access to my account through the course of the semester. Get your fucking shit together!1
-
It was the last year of high school.
We had to submit our final CS homework, so it gets reviewed by someone from the ministry of education and grade it. (think of it as GPA or whatever that is in your country).
Now being me, I really didn’t do much during the whole year, All I did was learning more about C#, more about SQL, and learn from the OGs like thenewboston, derek banas, and of course kudvenkat. (Plus more)
The homework was a C# webform website of whatever theme you like (mostly a web store) that uses MS Access as DB and a C# web service in SOAP. (Don’t ask.)
Part 1/2:
Months have passed, and only had 2 days left to deadline, with nothing on my hand but website sketches, sample projects for ideas, and table schematics.
I went ahead and started to work on it, for 48 hours STRAIGHT.
No breaks, barely ate, family visited and I barely noticed, I was just disconnected from reality.
48 hours passed and finished the project, I was quite satisfied with my it, I followed the right standards from encrypting passwords to verifying emails to implementing SQL queries without the risk of SQL injection, while everyone else followed foot as the teacher taught with plain text passwords and… do I need to continue? You know what I mean here.
Anyway, I went ahead and was like, Ok, lets do one last test run, And proceeded into deleting an Item from my webstore (it was something similar to shopify).
I refreshed. Nothing. Blank page. Just nothing. Nothing is working, at all.
Went ahead to debug almost everywhere, nothing, I’ve gone mad, like REALLY mad and almost lose it, then an hour later of failed debugging attempts I decided to rewrite the whole project from scratch from rebuilding the db, to rewriting the client/backend code and ui, and whatever works just go with it.
Then I noticed a loop block that was going infinite.
NEVER WAIT FOR A DATABASE TO HAVE MINIMUM NUMBER OF ROWS, ALWAYS ASSUME THAT IT HAS NO VALUES. (and if your CPU is 100%, its an infinite loop, a hard lesson learned)
The issue was that I requested 4 or more items from a table, and if it was less it would just loop.
So I went ahead, fixed that and went to sleep.
Part 2/2:
The day has come, the guy from the ministry came in and started reviewing each one of the students homeworks, and of course, some of the projects crashed last minute and straight up stopped working, it's like watching people burning alive.
My turn was up, he came and sat next to me and was like:
Him: Alright make me an account with an email of asd@123.com with a password 123456
Me: … that won't work, got a real email?
Him: What do you mean?
Me: I implemented an email verification system.
Him: … ok … just show me the website.
Me: Alright as you can see here first of all I used mailgun service on a .tk domain in order to send verification emails you know like every single website does, encrypted passwords etc… As you can see this website allows you to sign up as a customer or as a merc…
Him: Good job.
He stood up and moved on.
YOU MOTHERFUCKER.
I WENT THROUGH HELL IN THE PAST 48 HOURS.
AND YOU JUST SAT THERE FOR A MINUTE AND GAVE UP ON REVIEWING MY ENTIRE MASTERPIECE? GO SWIM IN A POOL FULL OF BURNING OIL YOU COUNTLESS PIECE OF SHIT
I got 100/100 in the end, and I kinda feel like shit for going thought all that trouble for just one minute of project review, but hey at least it helped me practice common standards.2 -
Been working on a new project for the last couple of weeks. New client with a big name, probably lots of money for the company I work for, plus a nice bonus for myself.
But our technical referent....... Goddammit. PhD in computer science, and he probably. approved our project outline. 3 days in development, the basic features of the applications are there for him to see (yay. Agile.), and guess what? We need to change the user roles hierarchy we had agreed on. Oh, and that shouldn't be treated as extra development, it's obviously a bug! Also, these features he never talked about and never have been in the project? That's also a bug! That thing I couldn't start working on before yesterday because I was still waiting the specs from him? It should've been ready a week ago, it's a bug that it's not there! Also, he notes how he could've developes it within 40 minutes and offered to sens us the code to implement directly in our application, or he may even do so himself.... Ah, I forgot to say, he has no idea on what language we are developing the app. He said he didn't care many times so far.
But the best part? Yesterday he signales an outstanding bug: some data has been changed without anyone interacting. It was a bug! And it was costing them moneeeeey (on a dev server)! Ok, let's dig in, it may really be a bug this time, I did update the code and... Wait, what? Someone actually did update a new file? ...Oh my Anubis. HE did replace the file a few minutes before and tried to make it look like a bug! ..May as well double check. So, 15 minutes later I answer to his e-mail, saying that 4 files have been compromised by a user account with admin privileges (not mentioning I knee it was him)... And 3 minutes later he answered me. It was a message full of anger, saying (oh Lord) it was a bug! If a user can upload a new file, it's the application's fault for not blocking him (except, users ARE supposed to upload files, and admins have been requestes to be able to circumvent any kind of restriction)! Then he added how lucky I was, becausw "the issue resolved itself and the data was back, and we shouldn't waste any more yime.on thos". Let's check the logs again.... It'a true! HE UPLOADED THE ORIGINAL FILES BACK! He... He has no idea that logs do exist? A fucking PhD in computer science? He still believes no one knows it was him....... But... Why did he do that? It couldn't have been a mistake. Was he trying to troll me? Or... Or is he really that dense?
I was laughing my ass of there. But there's more! He actually phones my boss (who knew what had happened) to insult me! And to threaten not dwell on that issue anymore because "it's making them lose money". We were both speechless....
There's no way he's a PhD. Yet it's a legit piece of paper the one he has. Funny thing is, he actually manages to launch a couple of sort-of-nationally-popular webservices, and takes every opportunity to remember us how he built them from scratch and so he know what he's saying... But digging through google, you can easily find how he actually outsurced the development to Chinese companies while he "watched over their work" until he bought the code
Wait... Big ego, a decent amount of money... I'm starting to guess how he got his PhD. I also get why he's a "freelance consultant" and none of the place he worked for ever hired him again (couldn't even cover his own tracks)....
But I can't get his definition of "bug".
If it doesn't work as intended, it's a bug (ok)
If something he never communicated is not implemented, it's a bug (what.)
If development has been slowed because he failed to provide specs, it's a bug (uh?)
If he changes his own mind and wants to change a process, it's a bug it doesn't already work that way (ffs.)
If he doesn't understand or like something, it's a bug (i hopw he dies by sonic diarrhoea)
I'm just glad my boss isn't falling for him... If anything, we have enough info to accuse him of sabotage and delaying my work....
Ah, right. He also didn't get how to publish our application we needes access to the server he wantes us to deploy it on. Also, he doesn't understand why we have acces to the app's database and admin users created on the webapp don't. These are bugs (seriously his own words). Outstanding ones.
Just..... Ffs.
Also, sorry for the typos.5 -
AWS is so secure that even with full access I cannot access the resource I need and the error message is so cryptic every hacker will give up first. Amazing!3
-
Now that I've joined a proper full time "software engineering" job, I guess it's time to get back to ranting.
It's been a month and a half since I've joined here and they have no work for me. And the fact that I've been given a Windows system with restricted access makes it worse4 -
To all that read my rants regarding my webshop before! Here's the long awaited update!
So this asshole partner did just not take care of business so I decided to stand down as a director for that company. So we arranged that last monday.
I thought: let's end this properly, clean up my mail, some other stuff... tuesday he revoked me access to everything, so I couldn't access anything anymore. Wow fucker! You never did a thing and now suddenly you take action? Wtf?!
Can you please pay your part of the bill for the accountant? You already promised a couple of times.
Well of course mr retard, you really think I'll follow up on my promises? You never kept 1 of them yet expect me to keep that promise? Fuck you man.
So today he asked again. I told him that I'd like to know what he wants with all the custom made stuff as I developed it and copyright is owned by me. Then mr asshole started insulting again: just because of the fact that you're not a front end dev doesn't mean that makes.up for you taking so much time.to implement all that. I asked an expert.and he could do it in 3 hours! Wow dude! A front end dev optimizing db queries, rewriting parts of the back end in just.3 hours including the front-end?,You're so right.
Of course not cunt face. I'm already full stacking for 20 fucking years and.you tell me that?! Really? Mr insult's back again!
Then he says: I'm so fed up with all this crap that to end this properly I will have my new IT business partner look at your so called 'custom made components'.
For fuck's sake man, can I send you a tree with a rope so that you can hang yourself?
Good luck getting your domain name as it is still registered on my company's name. I might cancel it someday in the future at my convenience.
If anyone here loves fucking up a website, get in touch with me.1 -
When the CTO/CEO of your "startup" is always AFK and it takes weeks to get anything approved by them (or even secure a meeting with them) and they have almost-exclusive access to production and the admin account for all third party services.
Want to create a new messaging channel? Too bad! What about a new repository for that cool idea you had, or that new microservice you're expected to build. Expect to be blocked for at least a week.
When they also hold themselves solely responsible for security and operations, they've built their own proprietary framework that handles all the authentication, database models and microservice communications.
Speaking of which, there's more than six microservices per developer!
Oh there's a bug or limitation in the framework? Too bad. It's a black box that nobody else in the company can touch. Good luck with the two week lead time on getting anything changed there. Oh and there's no dedicated issue tracker. Have you heard of email?
When the systems and processes in place were designed for "consistency" and "scalability" in mind you can be certain that everything is consistently broken at scale. Each microservice offers:
1. Anemic & non-idempotent CRUD APIs (Can't believe it's not a Database Table™) because the consumer should do all the work.
2. Race Conditions, because transactions are "not portable" (but not to worry, all the code is written as if it were running single threaded on a single machine).
3. Fault Intolerance, just a single failure in a chain of layered microservice calls will leave the requested operation in a partially applied and corrupted state. Ger ready for manual intervention.
4. Completely Redundant Documentation, our web documentation is automatically generated and is always of the form //[FieldName] of the [ObjectName].
5. Happy Path Support, only the intended use cases and fields work, we added a bunch of others because YouAreGoingToNeedIt™ but it won't work when you do need it. The only record of this happy path is the code itself.
Consider this, you're been building a new microservice, you've carefully followed all the unwritten highly specific technical implementation standards enforced by the CTO/CEO (that your aware of). You've decided to write some unit tests, well um.. didn't you know? There's nothing scalable and consistent about running the system locally! That's not built-in to the framework. So just use curl to test your service whilst it is deployed or connected to the development environment. Then you can open a PR and once it has been approved it will be included in the next full deployment (at least a week later).
Most new 'services' feel like the are about one to five days of writing straightforward code followed by weeks to months of integration hell, testing and blocked dependencies.
When confronted/advised about these issues the response from the CTO/CEO
varies:
(A) "yes but it's an edge case, the cloud is highly available and reliable, our software doesn't crash frequently".
(B) "yes, that's why I'm thinking about adding [idempotency] to the framework to address that when I'm not so busy" two weeks go by...
(C) "yes, but we are still doing better than all of our competitors".
(D) "oh, but you can just [highly specific sequence of undocumented steps, that probably won't work when you try it].
(E) "yes, let's setup a meeting to go through this in more detail" *doesn't show up to the meeting*.
(F) "oh, but our customers are really happy with our level of [Documentation]".
Sometimes it can feel like a bit of a cult, as all of the project managers (and some of the developers) see the CTO/CEO as a sort of 'programming god' because they are never blocked on anything they work on, they're able to bypass all the limitations and obstacles they've placed in front of the 'ordinary' developers.
There's been several instances where the CTO/CEO will suddenly make widespread changes to the codebase (to enforce some 'standard') without having to go through the same review process as everybody else, these changes will usually break something like the automatic build process or something in the dev environment and its up to the developers to pick up the pieces. I think developers find it intimidating to identify issues in the CTO/CEO's code because it's implicitly defined due to their status as the "gold standard".
It's certainly frustrating but I hope this story serves as a bit of a foil to those who wish they had a more technical CTO/CEO in their organisation. Does anybody else have a similar experience or is this situation an absolute one of a kind?2 -
Just a small discussion topic, if you could look through the source code ad have full access to 1 project/application/game/moon base forever, what would you choose and why?
For me, I would love to go through the source code for the game Hyper Light Drifter, would love to see some of the inner workings and just learn new methods of doing things.10 -
Wrote this on another thread but wanted to do a full post on it.
What is a game?
I like to distinguish between 1. entertainment, 2. games, 3. fun.
both ideally are 'fun' (conveying a sense of immersion, flow, or pleasure).
a game is distinct (usually) from entertainment by the presence of interaction, but certain minimalists games have so little decision making, practice, or interaction-learning that in practice they're closer to entertainment.
theres also the issue of "interesting" interaction vs uninteresting ones. While in broad terms, it really comes down to the individual, in aggregate we can (usefully) say some things, by the utility, are either games or not. For example if having interaction were sufficient to make something a game, then light switches could become a game.
now supposed you added multiple switches and you had to hit a sequence to open a door. Now thats a sort of "game". So we see games are toys with goals.
Now what is a toy?
There are two varieties of toy: impromptu toys and intentional toys.
An impromptu toy is anything NOT intended primarily, by design, to induce pleasure or entertainment when interacted with. We'll call these "devices" or "toys" with a lowercase t.
"Toys", made with the intent of entertainment (primarily or secondarily) we'll label with an uppercase T.
Now whether something is used with the intent behind its own design (witness people using dildos, sex toys, as slapstick and gag items lol), or whether the designer achieves their intent with the toy or item is another matter entirely.
But what about more atmospheric games? What about idle games? Or clickers?
Take clickers. In the degenerate case of a single button and a number that increases, whats the difference between a clicker and a calculator? One is a device (calculator) turned into an impromptu toy and then a game by the user's intent and goal (larger number). The second, is a game proper, by the designers intent. In the degenerate case of a badly designed game it devolves into a really shitty calculator.
Likewise in the case of atmospheric games, in the degenerate case, they become mere cinematic entertainment with a glorified pause/play button.
Now while we could get into the definition of *play*, I'll only briefly get into it because there are a number of broad definitions. "Play" is loosely: freely structured (or structured) interaction with some sort of pleasure as either the primary or secondary object, with or without a goal, thats it. And by this definition you can play with a toy, you can play a game, you can play with a lightswitch, hell you can play with yourself.
This of course leaves out goals, the idea of "interesting decisions" or decision making, and a variety of other important elements.
But what makes a good game?
A lot of elements go into making a good game, and it's not a stretch to say that a good game is a totality of factors. At the core of all "good" games is a focus on mechanics, aesthetics, story, and technology. So we can already see that what makes a good game is less of an either-or-categorization and more like a rating or scale across categories of design elements.
Broadly, while aesthetics and atmosphere might be more important in games like Journey (2012) by Thatonegamecompany, for players of games like Rimworld the mechanics and interactions are going to be more important.
In fact going a little deeper, mechanics are usually (but not always) equivalent to interactions. And we see this dichtonomy arise when looking at games like Journey vs say, Dwarf Fortress. But, as an aside, is it possible to have atmospheric games that are also highly interactive or have a strong focus on mechanics? This is often what "realistic" (as opposed to *immersive*) games try to accomplish in design. Done poorly they instead lead to player frusteration, which depending on player type may or may not be pleasureable (witness 'hardcore' games whos difficulty and focus on do-overs is the fun the game is designed for, like roguelikes, and we'll get to that in a moment), but without the proper player base, leads to breaking player flow and immersion. One example of a badly designed game in the roguelike genre would be Early Access Stoneshard, where difficulty was more related to luck and chance than player skill or planning. A large part of this was because of a poorly designed stealth system, where picking off a single enemy alerted *all enemies* nearbye, who would then *stay* alerted until you changed maps, negating tactics that roguelike players enjoy and are used to resorting to. This is an important case worth examining because it shows how minor designer choices in mechanical design can radically alter the final quality of the game. Some games instead chose the cheaper route of managing player *perceptions* with a pregame note: Darkest Dungeons and Amnesia TDD are just two I can think of.11 -
!rant just a question. Sorry in advance for the long post.
I've been working in IT in Windows infrastructure and networking side of things for my entire career (5years) and recently was hired for a role working with AWS.
We use Macs and we use *nix distros for days. I've only ever dabbled for 'funsies' before with Linux because every previous job I held was a Windows house and f*** all else.
I'm just wondering if anyone here might have some insights as to a great way to learn the Linux environment and to learn it the right way. I'm not the best Windows admin ever and will never claim to be, but I have seen stuff that other people have done that makes me want to swing a brick at someone's head. And I feel that with all of the setup wizards and the "We'll just do it for you." approach that Windows has used since forever it allowed enough wiggle room for people that didn't know what they were doing to f*** sh*t up royally. I'm not familiar enough with Linux to know if this is also a common problem. I know that having literal full-access to every file in your OS can cause a n00b like myself to mess up royal, thus the question about learning Linux the right way.
I vaguely understand the organization of the folders and file structure within Linux, and I know some very basic commands.
sudo rm -rf /*
Just kidding
But All of my co-workers at my new job are like mighty oaks of knowledge while I'm a tiny sapling. And at times I've been intimidated by how little I know, but equally motivated to try and play catch-up.
In addition to all of this, I really want to start learning how to program. I've tried learning multiple times from places like codecademy.com, YouTube tutorials, and codeschool.com but I feel like I'm missing the lesson that explains why to use a certain operation instead of another. Example: if/else in lieu of a switch.
I'm also failing to get the concept of syntax in certain languages I've tried before. Java comes to mind real fast.
The first language I tried teaching myself was C++ from YouTube. I ended up having a fever dream that night about coding and woke up in a cold sweat. Literally, like brain overload or something. I was watching tutorials for like 9 hours straight.
Does anyone know of a training resource that will explain, in terms a 5 year old would understand, what the code is doing and why? I really want to learn but I'm starting to lose steam cause I'm just not getting it.
Thank you in advance for any tips guys and gals. I really appreciate it. Sorry for the ridiculously long questions.5 -
GitHub Packages Sucks. Like, it REALLY sucks.
It sounds like the best thing in the world - being able to host your project packages alongside your code! It has full support for Maven, Gradle, Ruby Gems, Node packages, Docker images and even dotnet CLI applications. It even lets you view statistics on how many developers have downloaded a given package! For public repositories, the packages are free to host as well!
So, I decide to use it for my Maven project since it's "so great". I've never used a public Maven repository before, so this was all very new to me. I follow the documentation - simply run "mvn deploy ...." and use a generated GitHub personal access token. No problems there. Deployment is a success and I feel a wave of happiness seeing my packages online. I follow through the various links and it even adds automatically generated usage information for other Maven users - fantastic!
That was, until I decide to try and download one of the files from this package repository. In order to download a file, you must have a GitHub access token. Okay, makes sense I guess? What if another developer wants to use my library? To do so, they have to generate their own GitHub access token, store it in their local ~/.m2/settings.xml file and only THEN can they use my library. So clearly, this is significantly inferior to other public Maven repositories where you don't have to get an access token to simply USE a library.
Upon discovering this, I decide to simply delete all of the packages and continue using whatever previous system I was using. Except of course, they forbid the deletion of public packages because "other projects could depend on it". The only way to delete public packages is to either:
[0] Make the repository private (losing all stargazers and watchers), delete the packages and then make the repository public again
[1] Contact support and ask them to delete the public packages. They say that they'll only do this for "special cases", such as legal issues or GDPR breaches.
I've sent a contact form and I'm currently hoping that they see things in my favor. I mean seriously - a public package repository where in order to use it you have to have a GitHub account and then generate an authentication token - it's absurd!3 -
Can't git push
because of an "access denied" error message
because I didn't set up my key file properly (with right paths, right format and so on)
because I'm working from my home laptop device
because I'm in home office
because Corona
..but..
I can connect to my work computer where git is set up properly but also I
can't git push
because I can't "cd" into the project path
because the samba mount point is messed up
because I don't reboot my machine to fix it
because I can't enter my password
because it does have a full hard drive encryption and the password screen shows up before the network services are started.2 -
Working with a group on a startup idea. We have weekly Google chat meetings with the full team and sometimes me and the other two founders have side calls. Our group is getting bigger so the weekly is getting longer so the 3 of us were talking about ways to make them more efficient. One was, background distractions like TV, random people talking in bg, kids...
So then yesterday the 3 of us went over a different topic and the guy who had brought up the distraction issue was in the bathroom shaving and trimming nose hairs the whole time. He kept asking questions about the agenda which we all had access to. I shouldn't even care much. I drink through the meetings anyways.2 -
Being victim of an arbitrary worplace's culture on dev experience and documentation makes me a very frustrated dev.
Often I do want to document, and by that, I don't mean laying an inline comment that is exactly the function's name, I mean going full technical writer on steroids. I can and WILL get very verbose, yes, explaining every single way you can use a service - no matter how self explanatory the code might look.
I know developers (and me included) can, and sometimes will, write the best variable and function names at the time, wondering if they reached the peak of clean, DRY code that would make Robert Martin have a seizure and piss himself, only to find weeks later after working on something else that their work is unreadable. Of course.
I know the doc's public, it's me, and I've done this.
But then again explain for the people in the back how the FUUUUCK are we meant to suggest improvements, when we are not the ones who are prioritising features and shit WITH the business?
Just email me when the fucking team recycles, and no new team member knows how to even setup the IDEs because this huge piece of monumental shit called CompanyTM is also run by VPN. Fuck, no one wants to access that garbage, you have no docs.
I once tried setting up a culture for documentation. I did an herculean amount of work studying what solutions were internally homologated, how steep the learning curve would be from what we had at the moment (NOTHING, WE HAD FUCKING NOTHING, jesus christ, I even interviewed SEVENTEEN other squads to PROVE they FUCKING NEED
DOCS
TO WORK
You know what happened to that effort?
It had a few "clap" reactions on a Teams meeting and it never reached the kanban.
It didn't even made it to backlog.
I honestly hope that, someday, an alien fenomenon affects the whole company, making their memories completely reset, only to have the first one - after the whole public ordeal on why our brains became milkshake -, to say: "oh, boy, I wish we had documented this".
Then I will bring them to the back and shoot them. -
Meeting for a warehouse job, where computer skills were required...
Worked 9 months there.
Me and boss was fired, he had very personal Wird ideias... And cause was a know it all never asked, never researched...
His ideia: take work from the office by giving werehouse employees full access to clients...
Best compensation I ever got by behing fired... And gained my worst enemy. -
We want to hire new dev, so, these MBA guys have a brilliant plan. Give him access to our complete repository and let him go through the full fucking code and *access it*. I don't even know what to explain here..
-
I just tested a VPS and it was kind of impressive: I just had shared hosting until now and it is a total difference when you're having full root access.
Kind of hating these greedy shared hosting fuckers now ;)
Because it was just for testing purposes, I wanted to try the mysterious command "rm -rf / --no-preserve-root".
It was working for around 5 minutes and after that literally no command worked anymore!
Not even reboot worked :P
Then I tried reboot it via the VPS panel :) End of the story: vps panel chrashed with error message: unable to start vps :P
I thought it was kind of funnny and nice to share & thanks for reading 'til here!5 -
Was motivated to do a project with ReactNative for Android but already stuck.
I need to read a SQLite DB file from /data/data/some.other.app/database/DB.db
Yes I am rooted.
1. How does I request root from the App (Android Pie)
2. What SQLite npm package can load from an absolute path. I found a few libs but they don't seem to be full access, just for dbs in the app's own data folder.8 -
Just spent all morning adding my own user account to my local MongoDB because some network security guy found I was running an unprotected server on my PC....
I tried all the admin roles to get full access across all databases I have but none worked....
Until I see one at the bottom of the official documentation:
root -
IT teachers here at my school giving us 20 different and completely unsuitable for Access databases businesses, as subjects for indeed Access databases. And then be like "Create documentations for that"
And they actually mean by that is
So I clicked here then there and then I selected and pressed the C symbol key while holding the Control key on the keyboard input device connected on my computer, which happens to be plugged into the wall outlet..
As a full-stack developer this is just so cringy I'm speechless.. -
So I am considering side games to add my main games. Mini games I guess they are called. I thought it might be fun to have random chessboards in game you can actually play. I wanted to actually have a decent chess engine behind the game. Off the bat I found a GPL one. I think it is designed to be communicated externally. So what does that mean for using it in my game? If I communicate to an external process is this violating GPL? I have no intention of making my game open source. Well it seems this use case is very nuanced:
https://opensource.stackexchange.com/...
The consensus on a lot of these discussions is the scope of the use of the program. Are you bundling for convenience or bundling for intrinsic utility? This is fascinating because using a compiler on a Windows platform could be a possibly violation. That is a proprietary program calling a GPL one. This is actually handled in the GPL as far as I know. So, if I use a GPL engine as a mini game is that the same as a full blown chess game? What if I support 10 different engines in a full blown chess game?
Now to play devil's advocate even further. Are proprietary phone apps that communicate to GPL software that serve data intrinsically linked? The app will not function without the server or computer os the server runs on. A lot of the web tech is largely GPL or has large amount of GPL programs. Should the web code be under GPL? Should the phone app be under GPL? This sounds ridiculous to some degree. But is that the same as bundling a GPL app and communicating to it from the program via network or command line? The phone app depends upon this software.
Now to protect myself I will find a decent chess engine that is either LGPL or something more permissive. I just don't want the hassle. I might make the chess engine use a parameter in case someone else might want a better engine they want to add though. At that point it is the user adding it. Maybe the fact that it would not be the only game in town is a factor as well.
I am also considering bundling python as a whole to get access to better AI tools (python is pretty small compared to game assets). It seems everything is python when it comes to AI. The licensing there is much better though. I would love to play with NLP for commanding npcs.
I am not discussing linking at all, btw.3 -
Cleaning up my desk at the office today. As I'm sure is the case with most of us, I have a draw that's full of old technical crap that's not currently in use (mice, charging cables, USB hubs, routers, access points, cameras, old phones and iPads, you get the idea).
Found out that not only do I have an extra Mini-DVI to HDMI dongle; I apparently have 3 of them. That's more than I've got available Mini-DVI ports to begin with.2 -
i have to edit a few html templates in our database, obviously automatically generated by a visual editor, full of nonsense in it, no line breaks, and i don't have access to a good html editor. fuck me6
-
This is a true story when I was working as a application technician a couple of years ago!
Before I started working there, they had a couple of incidents with ppl with less knowledge accidently deleted stuffs in prod databases, and only a handfull of ppl get the full access to them. I started working in this team, and one day I was asked to run a snippet in one of the prod databases from a co-worker with less privilege.
Loged in, run the snippet and the server STALLED for a couple of minutes! When the snippet was finished I looked at the screen and saw the output "1724217 rows deleted". The fun part here, was that we went to a coffee break right after this, and after a couple of minutes we started to hear ppl mumbling that the network was slow as f*ck, servers didn't respond etc etc.
Well, I responded that I got a snippet that deleted 1724217 row in a table and we ran back to our computers and started to work backwards to solve this.
The best part in this story is that:
* Was not my fault! Even thou I was the one that executed it.
* The tables was deleted from a live prod server that was not heavily used!
* I asked for a life line for us in this team, that we needed a prevented output so we can "match" the actual output after we ran it in prod from the ones from the developers!
Even thou it was not my fault, this is the worst mess up I have done working in IT over 10 years. O_o8 -
After two years of being in (metaphorical) jail, I once again was given the a privilege of unlocking and rooting my phone. Damn. Frick Huawei, never coming back to that experience.
I gotta say, rooting... Feels a tad less accessible nowadays than when I last practiced it. All this boot image backup, patch, copy, reflash is crying to be automised, only reason I can think of why that changed and magisk can no longer patch itself into the phone's initrd is that it's somehow locked? Was it a security concern? Or can sideloaded twrp no longer do that?
Oh, and the war... The war never changes, only exploits do - fruck safety net... Good for Google that they now have an *almost* unfoolable solution (almost). The new hardware-based check is annoying af, but luckily, can still be forced to downgrade back to the old basic check that can be fooled... Still, am I the only one who feels Google is kinda weird? On one hand, they support unlocking of their own brand of phones, but then they continuously try to come up with frameworks to make life with a rooted or unlocked phone more annoying...
On the other hand, I do like having my data encrypted in a way that even sideloading twrp doesn't give full access to all my stuff, including password manager cache...
Any recommendations what to install? I do love the basic tools like adaway (rip ads), greenify (yay battery life!), viper4android (More music out of my music!) and quite honestly even lucky patcher for apps where the dev studio practices disgust me and don't make me want to support them...2 -
I sent an e-mail to my friend containing new information about something we were discussing.
He said: "It's cumbersome for me to access my e-mail, could you take a screenshot of it to me and send it on Skype?".
I was appalled. The e-mail is full text and he wants a screenshot of text. E-mail's primary purpose is to send text content. This guy never heard of copy paste text (which is what I did)? And he works in helpdesk, which is even more ironic.3 -
It's 2016 and Android still doesn't support ODBC (let alone OLEDB). Every time somebody asks how to connect their app to a database directly, the groupthink brigade goes "dur hur, use JSON/SOAP/XML services cuz raisins!1one*." That wasn't the fucking question. I don't want your framework-cobbling make-work dependencies. Even the cretins at Xamarin, trying desperately to hook Windows C# programmers, only have SQL Server support because Microsoft fucking did it for them. WTF have Android developers done over 7 OS versions if basic features like database access are still fucking missing? No wonder the App Stores are full of Mickey Mouse garbage.
*raisins!1one = "I don't know how to secure a database so I'll just yell 'security!1one' so people think I r smrt"5 -
Finally accepted as telematics lab. assistant
Had to go to 30 years old initiation tradition by drinking 'The Drink' before getting lab. full access
Full Recipe: Mineral water, instant coffee, vanilla milk, cola, banana, pineapple, apple, melons, cup ramen, peanuts, snickers, m&m, potato chips, nata de coco.
Step:
1. Shove it all to blender
2. Blend
3. Bon Appetit3 -
And so begins week 3 of 5 without full computer access. I'm able to do some research needed but I'm still very limited. The only programs I can use are IE11, and the three basic MS Office programs. Oh well... at least I'm still getting paid by the hour1
-
How Microsoft expect anyone to develop using any technology they introduce with so many limitations.
Moi a Microsoft dumb enthusiast said to myself : hey dude you are a developer stop whining about the app gap bust a move create decent array of apps and release them, went into a full project management mode wrote requirements did sketches and some prototypes, time to execute.
1. first app: image files organizer, viewer , with some light editor capabilities and album creator after some work i came to discover that you don't have a proper file system APIs to show a folder tree view in my app "WTF" there are work arounds and dirty solutions but seriously? i can only access the stupid media folders created by Microsoft and that's it.
so i ditched the apps until uwp become a development tools with target audience other than kids who eat crayons, and while using "Edge" i thought to my self : "you know what dude extensions are cool and if you do something like a speed dial it would be awesome"
fire up my text editor started writing my extension to discover that:
"you cannot use localStorage from local HTML files".
moral of the story
MS is failing with consumers not because people hate MS but rather MS hates itself like no engineer over there said to him self this is fking stupid ?
other limitations :
no proper system tray access
no registry access what so ever
and i have started 2 days ago.
yeah Ms this is the main app gap problem the uwp sucks big time. compared to android Java which has a great access to every aspect of the device even apple provide better APIs for their systems.
if uwp is MS future then rip MS.
please i stand corrected if anyone knows better.2 -
My computer has gone to repair so for the meantime I'm computer-less. Which sucks big time because I have projects and tests coming up (not to mention personal projects and other stuff I've been asked to do) and I kinda have to leech off my friends and I don't like doing that, but, for now, it's what I'm doing. My old toshiba couldn't handle whatever I have to do, damn thing should be going through menopause or something. I wasn't a good owner LoL
I never really know if it'll boot during the first minute after I turn it on or if'll take it hours to do so, so I don't wanna risk it taking it with me to uni 😬 Not to mention it's still running Vista 😅
So my brother left to go to a friend's house until sunday so for the today and tomorrow I have access to the beast that is his computer ☺
I don't mean beast as a bad thing, it's a good computer, but it has an almost full SSD and I need to install a couple things so I can work on it :') (I'll uninstall them later and try to leave it as I found it LoL)
I can finally take a bit to play as well 😥 as I haven't been able to do so, as not only my PC is on repair, but I've been leaving uni late (after midnight - I valour my sleep OK). Luckily one of my house mates lets me use her PC after she goes to bed or her bf arrives to our house. The other day I managed to install steam and play a bit (she gave me permission to do so and I uninstalled them later) 😂 her computer almost died on me, it only has 4GB of RAM :') poor thing was over working to keep up LoL
Now, my brother's computer has a mechanical keyboard and besides the macro keys (they're on the far end of the keyboard, where you'd expect the shift/ctrl/caps lock/etc keys to be), I'm loving it tbh. It's a cheap keyboard, my mom didn't want to buy anything too fancy for him, but I like the sounds it makes 😅 may get one for myself (a mechanical keyboard I mean LoL. I really liked one I saw here on devRant that looked like a typewriter but it's WAY out of my league for now HaHa) -
What the fuck, Android? My phone was locked, and the last open app was Instagram brcause I was chatting with my friend. So I try to unlock the phone with fingerprint, as I always do. The phone unlocks (at least it looked like it) and I get straight ot my IG chat, but at the same time an error message appears on the top of the screen saying that it failed to unlock the phone. And sure enough when I check my navi bar, the recent apps button is missing, indicating that the phone is still in a locked state. So after a failed unlock, someone with enough luck can get full access to my instagram chats and whatever else the foreground app is??? What the actual fuck?2
-
Disclaimer: This is all theoretical. Neither me nor my friend (with whom I discussed this) are stupid enough to even try to pursue this, but as an idea, i believe it might generate cool/new ideas/ways for handling secure communications across social groups.
Let's do some role play. Let's design a delivery app for drug dealers, think Seamless or Uber Eats, but for drugs. Not for big deliveries, like kilograms of coke, but smaller stuff. Maybe a few grams of it or something. The clients could rate dealers, and vide-versa. This would build a level of trust within the system. There would be no names, just anonymous reviews, ratings, and prices. Only the info you'd need to know.
The biggest (only?) problem we found (besides legality) was that, how would you prove that you're a client and not a snitch (or cop). This would have to somehow be handled both on signup, as well as when ordering (let's imagine that all who are clients are pure and won't ever snitch).
One of the ways we found to combat this was to have the app invite-only. This would, in theory, do away with the problem of having snitches signing up. However, what if the phone got stolen/breached by a snitch, and they also got full access to the account. One way we thought we could combat this would be with a "dispose number" or something similar. Basically, you call a number, or send a text, or message a Signal bot etc, which would lead to the account's instant termination, no traces of that user left. Hence, a dispose number.
The flow of the app would be as follows:
A client wants some amount of heroin. He opens the app, searches for a dealer, sends the him the desired amount, and in return gets back a price from the dealer. If both parties agree on the amount and price, the deal would start.
The app would then select a random time (taken from the client's selected timeframe and the dealer's "open" time) and a location (within a certain radius of both them, somewhere in between them both for convenience). If both of them accept the time and place, they'll have to meet up at said time and place.
The actual delivery could also be done using two dead drops - the client drops the money at one of them, the dealer drops the goods at the other one. Yes, this might be subject to abuse, but it wouldn't be that bad. I doubt that clients would make huge orders to unknown/badly rated dealers, as well as dealers accepting offers from badly rated clients. My idea is that they would start small, just so if they do lose their money/goods, the actual loss wouldn't be as big for them, but for the other party, having bad ratings would mean less clients willing to buy or dealers willing to sell.
A third way would be to use crypto, but the reason I left this as the last one is because it's not that wide-spread yet, at least not in local drug dealing. With this method, the client would initiate the order, the crypto would be sent to either the dealer or an escrow account, the dealer would then drop the goods at a random place and let the client know where to go to get them. After the client has gotten the goods, they could both review/rate the quality as well as the overall experience with that dealer, which would either make or break the dealer's upcoming deals. This would be pretty much like other DNM's, but on a local scale, making deliveries faster.
So far, this would seem like something that would work. Are there any ideas that might improve this? Anything that might make things more secure/anonymous?
My reason for this post is to spark a conversation about security and anonymity, not to endorse drugs or other illegal stuff.
Cheers!
PS. Really loving the new PC design of devRant14 -
Need Advice!
The Situation (cut a lot to keep it short...):
Made a Website for a Job-Agency (~7 non tek Employees) in Germany. Website is up and live a year already and runs really well. Over 1000 Applications came in (the DB), which is a lot.
Everybody is happy, I got constant approval every post launch meeting ever since...
Now: Realized, and I checked!....none of the applications ever reached the company!
And nobody ever complained.
I have full access to all mail accounts of that company, so I really know that they were never processed...
So what to do now?
Problem was a typo. So it's an easy fix.
-> Fix it, say nothing?
They will for sure wonder about the many new applications..
-> Fix it and tell?
It was my fault, so they will be for sure pissed
-> Sell this somehow?
-> don't fix, see how crazy it can get?
Will they ever realize?
any thoughts?7 -
So I finally got full computer access 2 and a half weeks into working, and now there's "scheduled network downtime" with no indication of when it will be back up. I swear I'm never going to get anything done here
-
Hello wonderful people out there, I need some career advice and would really appreciate your help in deciding. I am sure you have perspectives and opinions that may not even have crossed my mind.
I am a Full Stack Dev with 9 years of experience. I got two overseas opportunities, one in Bucharest, Romania and the other one in Mississauga, Canada.
Now according to my research:
+ives in Romania:
> Role is good
> Low cost of living
> Money is good and company also provides 2 bed accommodation
> Access to Europe
> Is approx 8 hours far away from my country of origin
-ives in Romania (just as per my internet research when compared to Canada)
> Healthcare is not the great
> Scores low on standard of life and quality index
> Not sure I can think of settling down there
+ives in Canada
> No Language barriers
> Ample amount of opportunities in the long run
> Can strongly think of settling down there
> Scores really high in standard of life and quality index
> Strong healthcare and education system
-ives in Canada
> Living expenses are fuckin high
> Money initially is not that great and won't be able to save enough for my future goals
> Is approx 28 Hours far from my country of origin
Which one would you choose and if you can please mention why?11 -
Follow up on my internship:
>The recruiter told me to use whichever stack i prefer for the full stack development of their e-commerce website.
>I chose MERN stack.
>After completing the project 90% in 2 weeks, he wanted to host it on his shared hosting platform of godaddy.
> It doesnt have shell access nor allows node.js to install on it.
>Now he wants me to convert my node.js code to PHP using Dreamweaver software.... Shut up already. Give me my money and certificate and leave me the fuck alone.5 -
Hello everyone, looking for some career advice here.
First of let me list my credentials off here. I graduated in 2016 with a BS in Computer Science. While I was working on my degree I worked as an engineering for 3 years in a cell phone repair company. What this entailed was managing/reverse engineering a software solution of one of that companies vendors, writing documentation etc (it started as a summer internship and became a job that I worked full time over Summers and up to 30/week in the school year).
Anyway, the vendor I acted as a point of contact offered me a job before I graduated and I started with them in May 2016 as a junior most Dev. Since then I have have maintained the same job tittle (software developer), however my duties have increased.
Currently I maintain several of our build servers, manage software releases (as in I am the lead developer of this application) for the service that makes 90% of this companies money, and am the subject matter expert for everything regarding smartphone diagnostics. I've literally been entrusted with access to all of the company servers for if something goes wrong. I'm also training our newest developers and being told I'm doing a good job at doing so.
Currently with my job on a day to day basis I'm working with Java, Android, C++, Golang, MongoDB, iOS in Objective C, and Python
(Please note this is a small company of less than 50 people)
Currently I'm only being paid 60k USD and am wondering if I should hold out for a raise or consider looking for a better job? ( Please note I live in the east coast in an area where the cost of living isn't absurd).
Because this job was practically handed to me I don't know what to expect and feel imposter syndrome as I think I deserve better pay but think I don't have enough years experience. All advice is welcome4 -
rent / question (there is a question at the end and I'd appreciate your opinion)
8 months ago, I agreed to help a not too distant relative of mine to do his master thesis at the company where I work. He was supposed to build something really MVP, but useful for us and I'd help him get some scientific questions out of it, and provide him with (computing) resources to test his theories / implementations under simulated and much heavier load.
Since then, he didn't get done anything even remotely useful, always just stuck on very rudimentary issues, claimed things are almost ready, I wrote a quick smoke test to prove that the whole application blows up when you touch it, in short - a disaster and went over to radio silence.
In the meanwhile, we didn't need it anymore, so 1.5 months ago, I got in touch with him again, with an even more technical proposal, something, at least I'd think, that's even cooler to do. He asked me some question about hypothetical load, the system should be able to handle eventually, to come up with alternative implementations to compare them against each other. He said that his exam period is going to be over soon and he'll get back to me with some initial version.
2 weeks ago, I got back in touch with him, trying to urge him, to get finally started and get something done. If he'd actually sit down and do it during the holidays as a "full time job", he'd be probably done in 2 weeks. Last week, he came back to me and said he has an initial PR ready to review.
I was excited about it, but basically froze when I realized what he did. He deleted all his previous work - some infrastructure stuff which took us basically 3 months of back and forth to get running - and as far as I could see, all the new code were only auto generated clients based on a swagger specification. In short - I could do it in less then an hour. If you really have no idea what you're doing, it might take you half a day, but definitely nowhere near to a week.
His brother, which a good friend of mine, thinks I'm being too hard on him. His argument was, that it's too hard, and he has to do it in C#, but he only knows Java (I gave him access to some of our repositories to copy paste code together, he didn't need to invent anything. I also prefer C# but wrote my master thesis in Java) Personally, I'm just pissed because he promises stuff that he never does. I totally understand him - I was like that as a student as well, I guess karma is a ... but still, he's wasting my time.
Right now I'm thinking how to get out of this, without having even more time wasted. I doubt he'd ever deliver anything useful. He got plenty of input from me about what he could consider for his scientific question, how to measure performance, ... He can keep his credentials to access our test environment with the test data, but I won't give him access to any additional computing resources, to compare how his solutions might scale on our company's cost. (mainly it's not the money, but I'd have to provide that stuff, and probably help him set it up)
does it sound like a fair deal (saying, I'm done with you. You can finish your topic on your own, but don't expect any help from me)? or am I being a dick about it and too demanding?1 -
So a little while back, my location was officially switched from "Specific Office Location" to "Home Office", i.e. I was finally _officially_ full-time WFH. The other day, I had to visit one of our physical offices for the first time in years. What I didn't realise until that point was that I HAVE to work from home: I have to access a specific VPN in the US to do my work, but you can't connect to any VPNs from within our office.
Genius.
🤦🏻♂️4 -
I remember back when I was in pre calculus I decided to take a class online. So my teacher's website was made by him and run on go Daddy, he taught precalculus, calculus, algebra, algebra ii, and computer science. I decided to penetration test his website and use a web crawler. His directory that had the tests, test answers, exams, exam answers, and homework answer's as well as all the books he's written in PDFs, was unprotected, I could access and download them all. He also had a database directory that contained all the students' phone numbers, email addresses, home addresses, and their full names.
I alerted him to this and didn't get anything in turn :P2 -
With the current pace of gpt and dall-e, it’s looking more likely that a lot of development roles may go obsolete in the nearest future (3+ yrs).
I see the possibility of building full fledged websites and fixing bugs based on voice commands. The picture of this possibility is quite vivid in my head because it’s totally feasible technical-wise.
The only delay that may occur in this dynamics is the slow pace of its implementation by existing developer tools. Of which I think the reason is directly related to the cost of management of resource, quite the limiting factor here.
But imagine if a big tech like google creates a platform to build websites based on voice/text commands using advanced gpt inline with its access to existing corpus of data; that to me is “game-over” for web devs.17 -
I swear I touched some weird and complex programming shit in over a decade of programming.
I interfaced myself through C# to C++ Firmware, I wrote Rfid antennas calibration and reading software with a crappy framework called OctaneSDK (seems easy until you have to know how radio signal math and ins and outs work to configure antennas for good performance), I wrote full blown, full stack enterprise web portals and applications.with most weird ass dbs since the era of JDBC, ODBC up to managed data access and entity framework, cloud documental databases and everything.
Please, please, please, PLEASE I BEG YOU, anyone, I don't even have the enough life force to pour into this, explain me why the hell Jest is still a thing in javascript testing.
I read on the site:
"Jest is a delightful JavaScript Testing Framework with a focus on simplicity."
Using jest doesn't feel any delightful and I can't see any spark of focus and simplicity in it.
I tried to configure it in an angular project and it's a clustefuck of your worst nightmares put togheter.
The amount of errors and problems and configurations I had to put up felt like setting up a clunky version of a rube goldberg's machine.
I had to uninstall karma/jasmine, creating config files floating around, configure project files and tell trough them to jest that he has to do path transformations because he can't read his own test files by itself and can't even read file dependencies and now it has a ton of errors importing dependencies.
Sure, it's focused on simplicity.
Moreover, the test are utter trash.
Hey launch this method and verify it's been launched 1 time.
Hey check if the page title is "x"
God, I hate js with passion since years, but every shit for js I put my hands on I always hope it will rehab its reputation to me, instead every fucking time it's worse than before. -
Who the fuck authorizes a new build to be pushed at 430pm on a friday and then demands full regression testing be done immediately regardless of how long it takes? Fucking analysts shouldn't be allowed to dictate the schedule if they don't understand the effort required behind the scenes.
99% of the time I wouldn't care but I'm the only tester with DB access and I'm supposed to go on the first date I've had in months tonight at 6.
#HelloDarknessMyOldFriend2 -
LINUX MASTERS, I can't believe that linux didn't get rid off yet of the annoying user:group system.
Anyway, I have two pre-existing groups(postgres & www-data), now I need to enable both groups full access to an HD for data storing, currently the owner of /media/"user"/DATA is www-data but I need to enable the postgres group to operate in it.
I seached around and can't get around how to accomplish this, if it's even possible.
Help >_<15 -
So yeah, need money so I started looking for extra projects to develop and found a project to make "the new facebook" and it just kinda sucks.
I just got access to the whole codebase and it's done using angular, nodejs and typescript (which is cool to me), while the dude contacting me was telling me it was done in react (which is kinda a big no for me).
Well, anyway, I start by cloning the repo and the npm-i the whole thing, it's not even at 10% of the whole process and I already got like 50 deprecated packages over maybe a hundred needed (total of 2054 node modules installed).
Well I kinda don't even know where to start from this, all I know is that I'm gonna do it just for the money so I'll be a little underpaid (about 500$/month) while according to me the price should be about 1500$/month, but I can't do it full-time, so it kinda works out.4 -
So, the story starts with me getting a job. Full-time job for the first time in my 21 years old life. After short conversation about how amazing this company is, after countless lies and stood questions they decided to hire me. I had to get come on Monday a week later with everything prepared.
So of course I did that and got to my workplace on designated time. Turned out nobody was expecting me, nothing was prepared for a new programmer and everyone seemed angry at me for no apparent reason.
After long talk with my new boss I got some less than 100$ pc with CPU that couldn't handle virtualization and expected me to work on software that needed extensive use of virtual machine.
PC is of course filled with all kinds of spying software that uses most of the resources. IT teams only job is to check if programmers are working their assess off for at least 8 hours a day.
I've filled a ticket about granting me access to Debian machine on the mainframe so I could work. No response for two weeks. I've lost hope already.
I have to work on open space with more than 30 engineers. Screams, phone calls, alarms, all at once, all the time. My colleagues seem to not care and I can't understand how.
I was tasked with rewriting major application because old developer did some half assed piece of burning shit. It took him more than one year, I'm finishing it in less than two weeks.
Of course nobody except for me is preparing any kinds of documentation. I had to reverse-engineer whole API for alarm system.
Salary is less than a junior programmer should earn.
But I'm stuck here for at least a year because nobody's here wants a guy whose only experience is as a freelancer. -
Went through 60 python packages to see which fails installing on the serve. Took hrs as I have no terminal access but just via jenkins pipeline. So "edit/gitpush requirements.txt and wait" many times. Eventually looped them 1 by 1 in shell. By end of day got the list that installs.
Finally sent the whole list....with confidence
-Takes full 10 mins & Fails......
(panic mode starts)
+Changed the sequence = fails, somewhere else
+1 by 1 again = installs.....
+few random without the culprit =works
+again, whole list = fails, somewhere else
Need to sleep, brain's thinking of eagles1 -
I've heard all kinds of arguments for about how whiteboard coding interviews should be obsolete, and that they usually doesn't reflect how good you are as a developer. But I've been polishing my skills with data structures and algorithms for a few weeks (learning this stuff for the second time since years ago in college) and I get this feeling that I'm becoming a much better programmer by practicing these things. And having access to all these things in the "working memory" of my brain has made me now think of solutions I couldn't before. But then - it may be that right now I'm working on embedded systems so this efficiency matters much more, earlier while doing full stack web development I didn't care about these much except while playing with strings maybe. So it might be dependent on your niche. What do you guys think?3
-
So a long time ago, I posted Ink lyrics from ColdPlay, and gave them a DevOp twist. I will post the full lyrics, as memorabilia and for a chill moment from rants:
Got access rules said "prod/maintainer"
Pulled in your change with my cli
And you wonder when you wake up
Did it build last night?
Oh, oh, oh, oh, oh
Feels like the pipeline, is broken inside
All I know
All I know
Is that I'm host
When company broke
AIl I know
Is that I love to code
So much that it hurts
Got a homebrew but the shell aint right, oooh, oooh
Just want a way of keeping docker alive
All I know, All I know
Is that the post
BreachForums indorsed
All I know
Is that the data is sold
So much that it hurts
I see that Forbes, and New York Times
They said my boss, began to fire
I see my console and Im mashing Ctrl-C
All I know
Is that loved to code
So much it -
So I've been using Duet on my iPad Pro for a couple years now (lets me use it as an external monitor via Lightning cable) and without issue. Shit, I've been quite happy with it. Then the other day, whilst hooked up to my work laptop, there was a power fluctuation that caused my laptop to stop sending power to connected devices. Which is fine - I have it plugged into a surge protector so these fluctuations shouldn't matter. After a few seconds the laptop resumed normal operation and my connected devices were up and running again.
But the iPad Pro, for some reason, went into an infinite boot loop sequence. It reboots, gets to the white Apple logo, then reboots again.
In the end, after putting the iPad into recovery mode and running Apple's update in iTunes (as they recommend), it proceeds to wipe all my data. Without warning. I lost more than a couple of years of notes, illustrations and photos. All in one fucking swoop.
To be clear, you get 2 options in iTunes when performing a device update:
1. UPDATE - will not mess with your data, will just update the OS (in this case iPadOS)
2. RESTORE - will delete everything, basically a factory reset
I clicked UPDATE. After the first attempt, it still kept bootlooping. So I did it again, I made sure I clicked UPDATE because I had not yet backed up my data. It then proceeds to do a RESTORE even though I clicked UPDATE.
Why, Apple? WHY.
After a solemn weekend lamenting my lost data, I've come a conclusion: fuck you Apple for designing very shitty software. I mean, why can't I access my device data over a cabled connection in the event I can't boot into the OS? If you need some form of authentication to keep out thieves, surely the mutltiple times you ask me to log in with my Apple ID on iTunes upon connecting the damn thing is more than sufficient?! You keep spouting that you have a secure boot chain and shit, surely it can verify a legitimate user using authenticated hardware without having to boot into the device OS?
And on the subject of backing up my data, you really only have 2 manual options here. Either (a) open iTunes, select your device, select the installed app, then selectively download the files onto my system; or (b) do a full device backup. Neither of those procedures is time-efficient nor straightforward. And if you want to do option b wirelessly, it can only be on iCloud. Which is bullshit. And you can't even access the files in the device backup - you can only get to them by restoring to your device. Even MORE bullshit.
Conversely, on my Android phone I can automate backups of individual apps, directories or files to my cloud provider of choice, or even to an external microSD card. I can schedule when the backups happen. I can access my files ANYTIME.
I got the iPad Pro because I wanted the best drawing experience, and Apple Pencil at the time was really the best you could get. But I see now it's not worth compromise of having shitty software. I mean, It's already 2021 but these dated piles of excrement that are iOS and iPadOS still act like it's 2011; they need to be seriously reviewed and re-engineered, because eventually they're going to end up as nothing but all UI fluff to hide these extremely glaring problems.2 -
Permissions service that allows users completely unknown to the system full access.
If you happen to be a known user, but just happen to hate being restricted, just remove the connection configuration on the client side, you get full permissions anyway. -
Need some help choosing a laptop (budget is up to 2000 EUR)
Initially 6 months ago I bought Dell G5 (5587) for 1300 EUR and it had i7 8750H CPU, 6GB NVDIA GeForce GTX 1060 Max-Q GPU, 16GB RAM, 256GB SSD+1TB HDD.
However turned out to be a piece of shit because dell fucked up their thermal management badly and they don't give proper access for their users to control the fans. Even when you force fan control via Windows test build then you will face a dissapointment since most games won't run properly on Windows test mode. So anyways I got rid of that laptop. For more info you can have a look here https://dell.com/community/... and there are dozens of topics on reddit about that.
So yeah currently looking for a decent gaming/movies/coding laptop which gives full access to undervolting/fan control.
Currently I'm looking into Razer Blade 152 -
Question to you all, do you really think you own your computer or system/data when almost all sites/services out there state very clearly in there ELUA(Fuck yes ours) that they might use your data how they feel fit, now this does not stop with websites, Mac, Windows and some Linux Distros also do this.
I for one stop thinking that I own data but I just change a few bits to make it look different these days, everything on your computer is not yours, we its and hardware, read the ELUA/TOS many hold the right to recall, revoke and so on use of the items to the point you paid for it they will take it back.
Items now sending keylogs, data usage and apps usage data to MS, Apple, some big linux distro, and YES this happens don't fool yourself Apple and MS both admit this happen and both US and UK now requesting these companies to let the have full access to this data, if it was not there they wouldn't want it.
This wont stop me from messing with code and loving tech but do you really feel you own anything anymore?
I don't :P7 -
So I am pretty fair dev at Java and have been doing freelancing for sometime apart from normal full time job.
Got a client , a well funded one, who raised a decent chunk of money recently.
Got me do a couple of different areas right from refactoring and bumping their performance to all the way setting up AWS Services like RDS,Lambdas,Dynamo,SQS.
It was going good , money was coming in for the initial part.
Thinking that money is not the concern here , I accepted work at runtime and gave quotations about the additional work.
However now that all is done and deployed , the client simply refuses to pay me the money and has ghosted me horribly than my ex ever did.
I have access to their GitHub,AWS(I setup myself).
Need suggestions of whats the best way I can fuck them up if they decide to not pay even after a few more professional polite attempts I do .
sidenote : They had a pretty dumb db design and blindly had resorted to services in AWS and the pricing is still a major point of concern for them.10 -
Piggy backing off an earlier rant about Linux. Let's talk about time wasted fixing Linux.
One time for me was I couldn't get Ubuntu to boot. Whenever it booted through UEFI it would go straight to the EFI bash like command line boot screen, not allowing me to access Ubuntu.
I tried for almost a full day to fix it, Googling solutions, resetting my BIOS and fixing Boot using a Ubuntu Live USB.
In the end I found it was an issue with setting my filesystem as XFS. I reinstalled using EXT4 and it booted right up. Must've been some sort of bug. Strange because XFS boot worked with Fedora. A day wasted trying to set up Ubuntu.6 -
I recently came across this article with some basic security advices, like use 2fa security key, encrypt your USB keys, don't use untrusted USB chargers / cables / ports (or use a data blocker cable if you need to charge your device). It made me think, how relevant are the USB-related threats and risks today? Do people really still use and carry so many wired USB devices, and just drop or plug them wherever?
The last time I used an USB device to transfer some important data was probably over 10 years ago, and for the love of god I don't know anyone who still carries an USB key with sensitive data with them on a daily basis, much less actively uses it. Besides, whoever still does that probably puts their USB key on the same keychain as their ID / access tag and a bunch of other keys (including a 2fa device if they use one) - they're not going to lose just some sensitive data, they're going to lose authentication and physical access devices as well, and that could turn a small data leak into a full-scale incident, with or without an encrypted USB device.
I'm also not sure about untrusted USB cables and ports, from what I've seen the USB outlets and cables are pretty much non-existent in public places, most places offer wireless charging pads instead (usually built into a hand rest or table surface).3 -
Fucking Apples hold my bananas! Collegue and me see our naïve thought refuted that a commercial vendor, most valuable company would create an OS that is not as split and fucked up as Linux distros.
It is hard even where to begin, so deep is the shitfest they are putting developers through with Mojave and Catalina.
Our testers weren't hardly able to install Catalina beta 6-7. Behavior of kernel extension and full disk access varying on a daily basis. Fixing these bugs is like nailing a pudding to the wall.
Makes me wanna quit software. Whom should you trust if even your OS is flaky as hell?8 -
Profile (1, 1) --- (1, 1) User
Right?
- A single user *must* have *exactly* 1 profile.
- A single profile *must* belong to *exactly* 1 user.
Makes sense?
I did this because i moved user profile image and user banner image into Profile entity
So now i can easily join tables and fetch user profile image based on username or user ID
By deeply thinking like an asshole and overengineering, i stumbled upon a confusion
If i can join tables and get ALL fields (assuming its a left or full outer join) from both entities...
What is the difference between choosing which entity to fetch on the frontend?
For example if i want to fetch users, inversely, i can fetch Profile entity, which has User entity as a nested object, and that way access users. Now i have access to each user's profile image, banner image, bio etc aside from the entire user object
If the user navigates to a profile page, inversely, i can fetch User entity which will have a Profile entity as a nested object, and that way show the remaining necessary fields that the profile page needs to show
I gave these inverse examples because if i want to fetch users, surely enough i can simply fetch from User entity, and if i want to fetch someones profile data i can fetch from Profile entity directly
So if this is the case, when am i supposed to fetch one over the other?
You tell me. For simplicity lets focus on these two examples. Consider this as an exam question:
1) user navigates to home page. Now paginated users with role X need to be shown, but also their profile image. Do you fetch from User or Profile entity? If you use joins which ones and why?
2) user navigates to their or someone elses profile page. Now profile-based data needs to be shown, but also the user's username and full name need to be shown. Do you fetch from User or Profile entity? If you use joins which ones and why?21 -
App idea: Platform for ongoing entrepreneurs
I just come from a start-up weekend. I really enjoyed the support we got from 17 different mentors (most of them founded in the past on their own).
Back home start-up funders don't have the access to that mentoring. My idea is to create a platform specialized for founders, where you can share your idea, believes and ask question all around your business.
I think especially in the early founding stages entrepreneurs are full of questions. Helping and discussing with other selfminded people is probably very enjoyable for us founder folks. A difference to the f.e. reddit concept: Users can create "diaries", a place where all storys, questions and posts about your project are stored. Reading a diary from beginning to end shall be a fun experience, reviewing your or others history of their "babys" and following the entrepreneurs thoughts through all stages of founding. Users of course can create multiple diaries.
Functionality will be suited for the listed usecase, for example a "Post as Anonymous" function will be added, if you have to deal with company sensitive data and more stuff like that.
What do you think about the idea? Do you like it? Would you use it? If not, tell me why?
Cheers -
Having full access to online papers opens up a lot of benefits for students:
Online essays are available whenever you need them. You just need to have access to the Internet!
Our essays are written in accordance with all writing standards. You shouldn’t be worried about grammar mistakes because we add samples of reputable professionals to our base. It also means that structure, sequence, and logic of writing are clear, precise and understandable.
Our website contains an huge assortment of newspapers on topics that are various, which means you will not have trouble locating the one for your requirements.
You may download and use our samples! This benefit is helpful since you may look through our essays and also make up your papers that are private to fulfill both your own teachers' needs and get outstanding grades.
Specialized language can be found by you in our essays, which is quite beneficial to understand while drafting missions that are new. You could paraphrase some passages to make them seem brand new and fresh.
You can even cite some of them because quotations are used widely in our essays. Moreover, you can use references from essays to broaden your base of references. Thus, your essay may look more solid and convincing, and newly found references may help you with further research and writing.
Our site is easily navigated. It has an essay helper that facilitates to find a proper paper manyfold. It will not take much time to find a paper you really need.
Nevertheless, students who are under pressure due to lack of time and control can place an order for custom and professionally written essays. Our trustworthy service has already assisted many times in writing original and qualitative assignments. High standards of our works have helped many students to get the best grades! Your professors will be satisfied, and you will get more time to do things you really adore doing! -
It's these individually tiny annoyances in products and software that together form a huge annoyance.
For example, it's 2022 and Chromium-based web browsers still interrupt an upload when hitting CTRL+S. This is why competition is important. If there was no Firefox, the only major web browsers would, without exception, have this annoyance, since they're all based on Chrmoium.
I remember Chromium for mobile formerly locking scrolling and zooming of the currently viewed page while the next page was loading. Thankfully, this annoyance was removed.
In 2016, the Samsung camera software was updated to show a "camera has been opened via quick launch" pop-up window when both front and rear sensors of the smartphone were covered while the camera was launched by pressing the home button twice, on the camera software Samsung bundled with their custom version of Android 6. What's more, if that pointless pop-up was closed by tapping the background instead of the tiny "OK" button or not responded to within five seconds, the camera software would exit itself. Needless to say, this defeats the purpose of a quick launch. It denies quick-launching while the phone is in the pocket, and the time necessary to get the phone out could cause moments to be missed.
Another bad camera behaviour Samsung introduced with the camera software bundled with their customized Android 6 was that if it was launched again shortly after exiting or switching to stand-by mode, it would also exit itself again within a few seconds. It could be that the camera app was initially designed around Android 5.0 in 2015 and then not properly adapted to Android 6.0, and some process management behaviour of Android 6.0 causes this behaviour. But whatever causes it, it is annoying and results in moments to not be captured.
Another such annoyance is that some home screen software for smartphones only allows access to its settings by holding a blank spot not occupied by a shortcut. However, if all home screen pages are full, one either needs to create a new page if allowed by the app, or temporarily remove a shortcut to be able to access the settings.
More examples are: Forced smartphone restart when replacing the SIM card, the minimum window size being far too large in some smartphones with multi-windowing functionality, accidental triggering of burst shot mode that can't be deactivated in the camera software, only showing the estimated number of remaining photos if less than 300 and thus a late warning, transition animations that are too slow, screenshots only being captured when holding a button combination for a second rather than immediately, the terminal emulator being inaccessible for the first three minutes after the smartphone has booted, and the sound from an online advertisement video causing pain from being much louder than the playing video.
Any of these annoyances might appear minor individually, but together, they form a major burden on everyday use. Therefore, developers should eliminate annoyances, no matter how minor they might seem.
The same also applies for missing features. The individual removal of a feature might not seem like a big of a deal, but removing dozens of small features accumulates to a significant lack of functionality, undermining the sense of being able to get work done with that product or software when that feature is unexpectedly needed. Examples for a products that pruned lots of functionality from its predecessor is the Samsung Galaxy S6, and newer laptops featuring very few USB ports. Web browsers have removed lots of features as well. Some features can be retrofitted with extensions, but they rely on a third-party developer maintaining compatibility. If many minor-seeming features are removed, users will repeatedly hit "sorry, this product/software can not do that anymore" moments.