An incident which made a Security Researcher cry
--------------------------------------------------------
I was working on my laptop finishing up my code while waiting for the flight which was late . Meanwhile two guys (I'm gonna call them Fellas) in black suit and shades came to me

Fella : Sir you have to come with us .
Me : *goes along with them*
Fella : Sir please proceed *points towards the door . The room has a round table with some guys discussing something *
Fella 1 : Your passport please
Me : *Hands over the passport*
Fella 1 : Where are you traveling to sir?
Me : India
Fella 1 : Put your laptop in the desk sir.
Me : Sure thing
Fella 2 : What were you doing there? *Taps the power button*
Me : Just finishing up my work .
Fella 1 : Or hacking our systems?
Me : Seriously?
Fella 2 : The password please .
Me : Here you go
*5 minutes have passed and​ he still can't figure out how to use the machine*
Fella 2 : Which Windows is this?
Me : It's Linux
Fella 1 : So you are a hacker .
Me : Nope
Fella 1 : You are using Linux
Me : Does it matters?
Fella 1 : Where do you work?
Me : *I won't mention here but I told him*
Fella 2 : So what do you do there?
Me : I'm a Security Researcher
Fella 1 : What's your work?
Me : I find security holes in their systems .
Fella 1 : That means you are a hacker .
Me : Not at all .
Fella 2 : But they do the same and they use Linux .
Me : You can call me one .
*After 15 minutes of doo-laa-baa-dee-doo-ra-ba-doo amongst them I dunno what they were talking , they shutdown the computer and handed over it to me*
Fella 2 - So you are somewhat like a hacker .
Me - *A bit frustrated* Yes.

##And now the glorious question appeared like an angel from river ##

Can you hack Facebook?
Me - 😭😭😭

ARGH. I wrote a long rant containing a bunch of gems from the codebase at @work, and lost it.

I'll summarize the few I remember.

First, the cliche:
if (x == true) { return true; } else { return false; };
Seriously written (more than once) by the "legendary" devs themselves.

Then, lots of typos in constants (and methods, and comments, and ...) like:
SMD_AGENT_SHCEDULE_XYZ = '5-year-old-typo'

and gems like:

def hot_garbage
magic = [nil, '']
magic = [0, nil] if something_something
success = other_method_that_returns_nothing(magic)
if success == true
return true # signal success
end
end

^ That one is from our glorious self-proclaimed leader / "engineering director" / the junior dev thundercunt on a power trip. Good stuff.

Next up are a few of my personal favorites:

Report.run_every 4.hours # Every 6 hours
Daemon.run_at_hour 6 # Daily at 8am

LANG_ENGLISH = :en
LANG_SPANISH = :sp # because fuck standards, right?

And for design decisions...

The code was supposed to support multiple currencies, but just disregards them and sets a hardcoded 'usd' instead -- and the system stores that string on literally hundreds of millions of records, often multiple times too (e.g. for payment, display fees, etc). and! AND! IT'S ALWAYS A FUCKING VARCHAR(255)! So a single payment record uses 768 bytes to store 'usd' 'usd' 'usd'

I'd mention the design decisions that led to the 35 second minimum pay API response time (often 55 sec), but i don't remember the details well enough.

Also:
The senior devs can get pretty much anything through code review. So can the dev accountants. and ... well, pretty much everyone else. Seriously, i have absolutely no idea how all of this shit managed to get published.

But speaking of code reviews: Some security holes are allowed through because (and i quote) "they already exist elsewhere in the codebase." You can't make this up.

Oh, and another!
In a feature that merges two user objects and all their data, there's a method to generate a unique ID. It concatenates 12 random numbers (one at a time, ofc) then checks the database to see if that id already exists. It tries this 20 times, and uses the first unique one... or falls through and uses its last attempt. This ofc leads to collisions, and those collisions are messy and require a db rollback to fix. gg. This was written by the "legendary" dev himself, replete with his signature single-letter variable names. I brought it up and he laughed it off, saying the collisions have been rare enough it doesn't really matter so he won't fix it.

Yep, it's garbage all the way down.

I think my ISP has been a little sneaky cum gargler. Nothing wanted to stream properly for awhile now. When even youtube struggles shit is wrong.

Installed protonvpn now and by the power of some magical internet ball bag the internet came forth and is streaming at 720p no buffer even required and from a not so glorious server.

did they try to keep me blind? Not no more I have wiped that jizz off my face.

How resource calculations for software services like code analysis, monitoring, etc are done:

Opening fridge, putting all the beer one can find in it.

Opening the necessary tools, e.g Excel, Accounting software, ....

Drinking the first beer.

Starting to aggregate the monthly costs - cause you can never trust the reports written by someone else...

First beer poof.

Looking at the monthly cost, adding columns "Intended use", "Actual usage pattern", "Usage factor"...

Opening next beer...

Usage factor is btw a factor of 0.1 ... 1.0 - to give an estimate how much the products feature are actually used, for further analysis if the invest is justified or not...

Oh. Another half bottle gone...

Filling in the columns...

Oh. Bottle empty and the next one toooooooooooooooo...

*burping*
*cracking finger joints*

Now let's get to the sad part...

Next worksheet, adding infrastructure costs...

Cost and description as columns.

Hehe. Column sounds like gollum.

Another beer...

Ugh. Need the paper reports, manually typing off things for stuff that was e.g. tax deductible.

Many beers die during this task. Poor little beers, dying for such an boring and mundane task...

SUM is a real useful function. I don't think I can add numbers anymore.

Now we can add another sheet.

Hehe. Sheet sounds like shit. And yes, everything in this file is shit.

Summing up costs from both sheets and including the cost factor from 1
... Beeeeeeeer Beeeeer beer we need more beer here... Beer beer beer...

Where was I. Oh yeah. Cost factorization total vs effective.

Why do I want to get even more drunk.

Oh yeah. Most software is completely underused and the costs aren't justified.

Let's add some colored highlighting ...

Uuuuh. ,Too much red. Better change the highlights.

Too much red.

More beer.

Don't give a fuck.

Hm.

Time for some whiskey.

What else is there to do....

Oh yeah.

Diagrams.

The bloody wankers from accounting need diagrams as numbers are too boring.

Not that everything in accounting is boring, no matter how much you paint colors on it... *sigh*

Hm. More whiskey...

Hehe. Whiskey rhymes with frisky.

Uff. Now just need to write mail. Mail mail mail....

"Copy paste the last mail from last month"

Hm.

Ah.

*sipping whiskey*

Spell check extension - to the rescue.

Thesaurus *burps*.

Let's change a few words here and there... Maybe another paragraph there.

Uh....

Trying to attach file...

*fucking mouse is pretty constantly crashing into empty beer bottles*

Done.

Damn.

Need to press send button.

*Creating mess on the desk by just randomly crashing the beer bottles*

Done.

*Pressing computers power button*

Mwahahahaha. No mouse needed.

*regretting to stand up too quickly, nearly barfing on the floor*

Couch ... Where Couch...

After hitting several doors, frames and other stuff, the glorious mission ended successfully with a most graciously executed gut buster on the couch.

(Regretting next morning to have emptied two 6 packs and a few glasses of whiskey)

So my phone updated to Android 5.1.1 (can't remember the actual number of the update) against my will. I chose no a couple of times. One day I woke up and pop! New version for you! Yay!!!
Now my battery is draining faster then ever before. Camera is freezing sometimes. I hate you Lenovo. My Vibe K5 was such a glorious phone, for my use of course, but now it's just a desk phone since it's always plugged in a power outlet 😒