Art director said: "Please make everything smaller?"

Developer: "Everything?"

Art Director: "Yes everything. Font size, panel height, panel width, input height and width, photos, headers, paragraphs, everything"

Developer: "ctrl + '-' will that work?"

A client drove 3 hours, for a urgent meeting with me that was solved by me adding CORS-headers

An hour of finding an error didn't get any.
Cousin asked, "Why does iostream and conio have a ".h" but STRING DOESN'T?"
FFFFFFFFFFFFFFFFFFFFFFF

NO FIREFOX AND CHROMIUM, I ALREADY SET THE FUCKING CORS HEADERS CORRECTLY ACCORDING TO THE OFFICIAL FUCKING NGINX DOCUMENTATION. WHY THE FUCK ARE YOU STILL DISALLOWING CROSS-ORIGIN REQUESTS?!

Definately should!

Accurate summary of CORS headers

You vs the guy she told you not to worry about.

I have this little hobby project going on for a while now, and I thought it's worth sharing. Now at first blush this might seem like just another screenshot with neofetch.. but this thing has quite the story to tell. This laptop is no less than 17 years old.

So, a Compaq nx7010, a business laptop from 2004. It has had plenty of software and hardware mods alike. Let's start with the software.

It's running run-off-the-mill Debian 9, with a custom kernel. The reason why it's running that version of Debian is because of bugs in the network driver (ipw2200) in Debian 10, causing it to disconnect after a day or so. Less of an issue in Debian 9, and seemingly fixed by upgrading the kernel to a custom one. And the kernel is actually one of the things where you can save heaps of space when you do it yourself. The kernel package itself is 8.4MB for this one. The headers are 7.4MB. The stock kernels on the other hand (4.19 at downstream revisions 9, 10 and 13) took up a whole GB of space combined. That is how much I've been able to remove, even from headless systems. The stock kernels are incredibly bloated for what they are.

Other than that, most of the data storage is done through NFS over WiFi, which is actually faster than what is inside this laptop (a CF card which I will get to later).

Now let's talk hardware. And at age 17, you can imagine that it has seen quite a bit of maintenance there. The easiest mod is probably the flash mod. These old laptops use IDE for storage rather than SATA. Now the nice thing about IDE is that it actually lives on to this very day, in CF cards. The pinout is exactly the same. So you can use passive IDE-CF adapters and plug in a CF card. Easy!

The next thing I want to talk about is the battery. And um.. why that one is a bad idea to mod. Finding replacements for such old hardware.. good luck with that. So your other option is something called recelling, where you disassemble the battery and, well, replace the cells. The problem is that those battery packs are built like tanks and the disassembly will likely result in a broken battery housing (which you'll still need). Also the controllers inside those battery packs are either too smart or too stupid to play nicely with new cells. On that laptop at least, the new cells still had a perceived capacity of the old ones, while obviously the voltage on the cells themselves didn't change at all. The laptop thought the batteries were done for, despite still being chock full of juice. Then I tried to recalibrate them in the BIOS and fried the battery controller. Do not try to recell the battery, unless you have a spare already. The controllers and battery housings are complete and utter dogshit.

Next up is the display backlight. Originally this laptop used to use a CCFL backlight, which is a tiny tube that is driven at around 2000 volts. To its controller go either 7, 6, 4 or 3 wires, which are all related and I will get to. Signs of it dying are redshift, and eventually it going out until you close the lid and open it up again. The reason for it is that the voltage required to keep that CCFL "excited" rises over time, beyond what the controller can do.

So, 7-pin configuration is 2x VCC (12V), 2x enable (on or off), 1x adjust (analog brightness), and 2x ground. 6-pin gets rid of 1 enable line. Those are the configurations you'll find in CCFL. Then came LED lighting which required much less power to run. So the 4-pin configuration gets rid of a VCC and a ground line. And finally you have the 3-pin configuration which gets rid of the adjust line, and you can just short it to the enable line.

There are some other mods but I'm running out of characters. Why am I telling you all this? The reason is that this laptop doesn't feel any different to use than the ThinkPad x220 and IdeaPad Y700 I have on my desk (with 6c12t, 32G of RAM, ~1TB of SSDs and 2TB HDDs). A hefty setup compared to a very dated one, yet they feel the same. It can do web browsing, I can chat on Telegram with it, and I can do programming on it. So, if you're looking for a hobby project, maybe some kind of restrictions on your hardware to spark that creativity that makes code better, I can highly recommend it. I think I'm almost done with this project, and it was heaps of fun :D

"I made your static HTML pages into a dynamic site! Now just include <%Header%> instead of copy pasting that nav into every page!"

...1 week later...

"You made our website all crazy. None of the pages have headers in the source code but it still shows up by some kind of witchcraft. Put it back."

Fun with headers (from OWASP.org node.js security presentation)

I absolutely love the email protocols.

IMAP:
x1 LOGIN user@domain password
x2 LIST "" "*"
x3 SELECT Inbox
x4 LOGOUT

Because a state machine is clearly too hard to implement in server software, clients must instead do the state machine thing and therefore it must be in the IMAP protocol.

SMTP:
I should be careful with this one since there's already more than enough spam on the interwebs, and it's a good thing that the "developers" of these email bombers don't know jack shit about the protocol. But suffice it to say that much like on a real letter, you have an envelope and a letter inside. You know these envelopes with a transparent window so you can print the address information on the letter? Or the "regular" envelopes where you write it on the envelope itself?
Yeah not with SMTP. Both your envelope and your letter have them, and they can be different. That's why you can have an email in your inbox that seemingly came from yourself. The mail server only checks for the envelope headers, and as long as everything checks out domain-wise and such, it will be accepted. Then the mail client checks the headers in the letter itself, the data field as far as the mail server is concerned (and it doesn't look at it). Can be something else, can be nothing at all. Emails can even be sent in the future or the past.

Postfix' main.cf:
You have this property "mynetworks" in /etc/postfix/main.cf where you'd imagine you put your own networks in, right? I dunno, to let Postfix discover what your networks are.. like it says on the tin? Haha, nope. This is a property that defines which networks are allowed no authentication at all to the mail server, and that is exactly what makes an open relay an open relay. If any one of the addresses in your networks (such as a gateway, every network has one) is also where your SMTP traffic flows into the mail server from, congrats the whole internet can now send through your mail server without authentication. And all because it was part of "your networks".

Yeah when it comes to naming things, the protocol designers sure have room for improvement... And fuck email.

Oh, bonus one - STARTTLS:
So SMTP has this thing called STARTTLS where you can.. unlike mynetworks, actually starts a TLS connection like it says on the tin. The problem is that almost every mail server uses self-signed certificates so they're basically meaningless. You don't have a chain of trust. Also not everyone supports it *cough* government *cough*, so if you want to send email to those servers, your TLS policy must be opportunistic, not enforced. And as an icing on the cake, if anything is wrong with the TLS connection (such as an MITM attack), the protocol will actively downgrade to plain. I dunno.. isn't that exactly what the MITM attacker wants? Yeah, great design right there. Are the designers of the email protocols fucking retarded?

I'll point names today

Boss: Quick! The Xero integration is not working anymore!
Xero Documentation: place your client secret in the HEADERS
Me: * places client secret in headers *
Xero API: Bad Request!
Me:
*re-reads documentation*
*creates new client secret*
*1 hour of trying*
Hmmmm
* places client secret in request body, not in headers *
Xero API: Ok!

UPDATE YOUR DOCUMENTATION
TELL US ABOUT IT IN THE CHANGELOGS

One time I had this conversation with my then PM:

PM: …so in total we need like 3 extra pages; the leaders profile, event showcase and lastly a contact page.

Me: Sure, already on it.

PM: Make it simple and quick, I told the client the updates would be live in an hour.

Me: Okay.

*{5 microseconds later}*

PM: Also the page headers need to be different from the other pages.

Me: Yes, you told me that earlier.

PM: Okay, just needed to re-emphasis.

*{sad disturbing minutes later}*

PM: I don’t know if deploying on azure would be better than having the website on AWS. The pages seems slow.

Me: Yep.

PM: Or maybe we separate the asset files from the main site using a CDN.

Me: You right.

PM: The other projects on AWS seems to perform better in terms of SEO. Don’t you think?

Me: I think.

*{this dude literally just lent me a jacket and won’t allow me put it on}*

PM: So after we are done with this update we need to inform the client about the benefits of switching servers to AWS. I believe they will agree or won’t they because the event is close by?

Me: {{pointed both hands at my PC hoping they’ll get the message}}

PM: Oh you done?

Me:

Just managed to setup a tiny/simple privacy-friendly analytics system.

You basically call an api from your backend with the api key and all the headers you received from the browser (php and Apache or nginx in my case) and the analytics api gets useful stuff out of that data without sacrificing privacy.

I get a little bit more insight into my websites usage and the client isn't sacrificing identifiable information!

I've been wanting to make this fucker for fucking months.

There was maybe one of the coolest methods of apply for a job. There was a company in Sydney on linkedin on the apply href for the job was pointing to localhost (might of been a accident) so you had to find their website and with the trailing url get to the page then they said to send OPTIONS request to a endpoint here you got a link to a api doc to where you send a POST to apply for a job they had a example body to use. So sending the Post request with with postman required headers so looking more into the doc it gave the headers needed. Now the example body for the post had some errors in it and once they are fixed you can then submit the request.

NOW thats the way to find competent developers shame I'm not one of the.

Never heard of a so terribly designed online game.

For starters: the client-server model is process everything on the client, then save it on the server, and due to the nature of the site design, simply changing a tag will give you another of money.

The PayPal processing system doesn't read any headers or anything of that sort. So if you cancel your payment, this game thinks you've paid anyways.

Also, the trading system is based off of what buttons you can see so if you can see the cancel button it must be yours. So if you copy the cancel button to someones trade offering (FYI this is all done locally), and you click it you have gotten said item(s).

It gets worse, but I don't remember much more than that. The one thing they actually do is make session IDs expire.

I started color-coding my bash scripts to more easily see when things start and end.
At first it was just some headers here and there, but now my terminal looks like it's shitting rainbows all over the place.

It's so pretty :3

I showed a friend of mine a project I made in two days in Docker and Symfony php. It is a rather simple app, but it did involve my usual setup: Nginx with gzip/cache/security headers/ssl + redis caching db + php-fpm for symfony. I also used php7.4 for the lolz

He complained that he didn't like using Docker and would rather install dependencies with composer install and then run it with a Laravel command. He insisted that he wanted a non-docker installation manual.

I advised him to first install Nginx and generate some self-signed certificates, then copy all the config files and replace any environment-injected values (I use a self-made shell script for this) with the environment values in the docker-compose files.

Then I told him to download php-fpm with php 7.4 alpha, install and configure all the extensions needed, download and set up a local Redis database and at last re-implement a .env file since I removed those to replace them with a container environment.

He sent an angry emoji back (in a funny way)

God bless containerized applications, so easy to spin up entire applications (either custom or vendor like redis/mysql) and throw them away after having played with them. No need to clutter up your own pc with runtime environments.

I wonder if he relents :p

My typical morning Teams exchange:
Newb: GM (requesting connection)
Me: GM (connection established)
Newb: How r u? (requesting headers)
Me: Good (headers sent)
Newb: You free? (ready for comms?)
Me: Sure (comms ready)
…
Feels like a bad internet protocol.

I’m on this ticket, right? It’s adding some functionality to some payment file parser. The code is atrocious, but it’s getting replaced with a microservice definitely-not-soon-enough, so i don’t need to rewrite it or anything, but looking at this monstrosity of mental diarrhea … fucking UGH. The code stink is noxious.

The damn thing reads each line of a csv file, keeping track of some metadata (blah blah) and the line number (which somehow has TWO off-by-one errors, so it starts on fucking 2 — and yes, the goddamn column headers on line #0 is recorded as line #2), does the same setup shit on every goddamned iteration, then calls a *second* parser on that line. That second parser in turn stores its line state, the line number, the batch number (…which is actually a huge object…), and a whole host of other large objects on itself, and uses exception throwing to communicate, catches and re-raises those exceptions as needed (instead of using, you know, if blocks to skip like 5 lines), and then writes the results of parsing that one single line to the database, and returns. The original calling parser then reads the data BACK OUT OF THE DATABASE, branches on that, and does more shit before reading the next line out of the file and calling that line-parser again.

JESUS CHRIST WHAT THE FUCK

And that’s not including the lesser crimes like duplicated code, misleading var names, and shit like defining class instance constants but … first checking to see if they’re defined yet? They obviously aren’t because they aren’t anywhere else in the fucking file!

Whoever wrote this pile of fetid muck must have been retroactively aborted for their previous crimes against intelligence, somehow survived the attempt, and is now worse off and re-offending.

Just.
Asdkfljasdklfhgasdfdah

I don't want to come off as a linux-elitist but it's simply amazing how much easier my job is on linux. A good example recently was setting up some libraries for a C++ program I was writing to show to my class. Most of them were using Windows and visual studio, took about 15 minutes to download all the headers and libs, and show them how to configure a VS solution to link them. Not too big a deal but on linux, it only took about 30 seconds to pacman and gcc -l the lib. Little things like that keep me interested in linux as a dev tool.

A 520MB CSV file with 29 columns and no headers.

If it's not an impertinent question, why in the name of Satan's magnificent testicles would anyone do that?

I hope their pig dies.

Watch out for these fucking bug bounty idiots.

Some time back I got an email from one shortly after making a website live. Didn't find anything major and just ran a simple tool that can suggest security improvements simply loading the landing page for the site.

Might be useful for some people but not so much for me.

It's the same kind of security tool you can search for, run it and it mostly just checks things like HTTP headers. A harmless surface test. Was nice, polite and didn't demand anything but linked to their profile where you can give them some rep on a system that gamifies security bug hunting.

It's rendering services without being asked like when someone washes your windscreen while stopped at traffic but no demands and no real harm done. Spammed.

I had another one recently though that was a total disgrace.

"I'm a web security Analyst. My Job is to do penetration testing in websites to make them secure."
"While testing your site I found some critical vulnerabilities (bugs) in your site which need to be mitigated."
"If you have a bug bounty program, kindly let me know where I should report those issues."
"Waiting for response."

It immediately stands out that this person is asking for pay before disclosing vulnerabilities but this ends up being stupid on so many other levels.

The second thing that stands out is that he says he's doing a penetration test. This is illegal in most major countries. Even attempting to penetrate a system without consent is illegal.

In many cases if it's trivial or safe no harm no foul but in this case I take a look at what he's sending and he's really trying to hack the site. Sending all kinds of junk data and sending things to try to inject that if they did get through could cause damage or provide sensitive data such as trying SQL injects to get user data.

It doesn't matter the intent it's breaking criminal law and when there's the potential for damages that's serious.

It cannot be understated how unprofessional this is. Irrespective of intent, being a self proclaimed "whitehat" or "ethical hacker" if they test this on a site and some of the commands they sent my way had worked then that would have been a data breach.

These weren't commands to see if something was possible, they were commands to extract data. If some random person from Pakistan extracts sensitive data then that's a breach that has to be reported and disclosed to users with the potential for fines and other consequences.

The sad thing is looking at the logs he's doing it all manually. Copying and pasting extremely specific snippets into all the input boxes of hacked with nothing to do with the stack in use. He can't get that many hits that way.

Hate how every time I have an ubuntu box meet inode limits is always due to Linux Headers... Boss wanted me to add more storage to his box because he was at capacity..

apt-get autoremove

Drive went from 100% usage to 39%..

Everyone was a noob once. I am the first to tell that to everyone. But there are limits.

Where I work we got new colleagues, fresh from college, claims to have extensive knowledge about Ansible and knows his way around a Linux system.... Or so he claims.

I desperately need some automation reinforcements since the project requires a lot of work to be done.

I have given a half day training on how to develop, starting from ssh keys setup and local machine, the project directory layout, the components the designs, the scripts, everything...
I ask "Do you understand this?"
"Yes, I understand. " Was the reply.

I give a very simple task really. Just adapt get_url tasks in such a way that it accepts headers, of any kind.
It's literally a one line job.

A week passes by, today is "deadline".

Nothing works, guy confuses roles with playbooks, sets secrets in roles hardcodes, does not create inventory files for specifications, no playbooks, does everything on the testing machine itself, abuses SSH Keys from the Controller node.... It's a fucking ga-mess.

Clearly he does not understand at all what he is doing.

Today he comes "sorry but I cannot finish it"
"Why not?" I ask.
"I get this error" sends a fucking screenshot. I see the fucking disaster setup in one shot ...

"You totally have not done the things like I taught you. Where are your commits and what are.your branch names?"
"Euuuh I don't have any"
Saywhatnow.jpeg

I get frustrated, but nonetheless I re-explain everything from too to bottom! I actually give him a working example of what he should do!

Me: "Do you understand now?"
Colleague: "Yes, I do understand now?"
Me: "Are you sure you understand now?"
C: "yes I do"

Proceeds to do fucking shit all...

WHY FUCKING LIE ABOUT THE THINGS YOU DONT UNDERSTAND??? WHAT KIND OF COGNITIVE MALFUNCTION IA HAPPENING IN YOUR HEAD THAT EVEN GIVEN A WORKING EXAMPLE YOU CANT REPLICATE???
WHY APPLY FOR A FUCKING JOB AND LIE ABOUT YOUR COMPETENCES WHEN YOU DO T EVEN GET THE FUCKING BASICS!?!?

WHY WASTE MY FUCKING TIME?!?!?!

Told my "dear team leader" (see previous rants) that it's not okay to lie about that, we desperately need capable people and he does not seem to be one of them.

"Sorry about that NeatNerdPrime but be patient, he is still a junior"

YOU FUCKING HIRED THAT PERSON WITH FULL KNOWLEDGE ABOUT HAI RESUME AND ACCEPTED HIS WORDS AT FACE VALUE WITHOUT EVEN A PROPER TECHNICAL TEST. YOU PROMISED HE WAS CAPABLE AND HE IS FUCKING NOT, FUCK YOU AND YOUR PEOPLE MANAGEMENT SKILLS, YOU ALREADY FAIL AT THE START.

FUCK THIS. I WILL SLACK OFF TODAY BECAUSE WITHOUT ME THIS TEAM AND THIS PROJECT JUST CRUMBLES DOWN DUE TO SHEER INCOMPETENCE.

Hi lil puppies what's your problem?

*proxy vomits*

Have you eaten something wrong....

*proxy happily eats requests and answers correctly*

Hm... Seems like you are...

*proxy vomits dozen of requests at once*

... Not okay.

Ok.... What did u you get fed you lil hellspawn.

TLS handshake error.

Thousands. Of. TLS. Handshake. Errors.

*checking autonomous system information*

Yeah... Requests come from same IP or AS. Someone is actively bombing TLS requests on the TLS terminator.

Wrong / outdated TLS requests.

Let's block the IP addresses....

*Pats HAProxy on the head*

*Gets more vomit as a thank you no sir*

I've now added a list of roughly 320 IP adresses in 4 h to an actively running HAProxy in INet as some Chinese fuckers seemingly find it funny to DDOS with TLS 1.0... or Invalid HTTP Requests... Or Upgrade Headers...

Seriously. I want a fucking weekend you bastards. Shove your communism up your arse if you wanna have some illegal fun. ;)

Just had an old coworker from a previous job send me some stuff for a php script he was having issues with.

There was too much glory in what he was trying to do: mixing php inside of jquery code, not using strict types would have prevented like 10 issues he was having on his script on another portion, mixing headers, weirdly named variables, poorly constructed, reused db connections, 0 oop or proper dependency management in his code, horrible use of sessions and cookies, O (n²) logic all over the place.

But the cake.....are y'all ready for it? It was code screenshots, not even of just the section, no, the full page, from a windows machine (to make it better he is hosting the application on an IIS server and his configuration was not properly set) but I digress, back to the cake:

He was writing his code inside of wordpad :P

FUCKING WORDPAD

I just politely told him that I was busy at the moment and happily ignored him. Dude is not a good person to begin with imo, for example, he brought the subject of homosexuality during one of our talks after he saw me talking to my bf, who just so happens to be gay, his statement was "I do not understand how there can be gay people when there are women that are so hot"

My comeback was "I do not understand how we can be heterosexual when there are some really attractive dudes out there, see how stupid your logic sounds? attractiveness is not the basis for homosexuality ye dipstick" he let it go after that, but close minded people like that are not really my cup of tea.

This stupid crap is pissing me off.

I write a quick blob of code that performs an http request with custom headers and writes the response to a file. easy squeezy. Everything works.

I abstract it into a class and add request building and stages (enjoayble!), and have one method make the response, read its body, and write to a file. I literally copy/pasted most of my existing code into the method and indented it. The only changes were updating var names to instance vars.

But now? It's complaining something is trying to read the request body twice, and it's throwing a fit. What? How? You were just working!

asfklasjdf;l

The Hungarian public transport company launched an online shop (created by T-Systems), which was clearly rushed. Within the first days people found out that you could modify the headers and buy tickets for whatever price you set, and you could login as anyone else without knowing their password. And they sent out password reminders in plain text in non-encrypted emails. People reported these to the company which claims to have fixed the problems.

Instead of being ashamed of themselves now they're suing those who pointed out the flaws. Fucking dicks, if anyone they should be sued for treating confidential user data (such as national ID numbers) like idiots.

When the department’s large plotter printer broke down, the users demanded they still be able to execute their large reports. The area manager understood reality, if we are waiting on parts, not a lot we can do, but one developer decided to re-write the report/application as a web/.asp application. Mind you, he wasn’t a web developer, mostly VB experience, so the ‘report’ executed the same queries and filled up simple html tables. Did it work? Sort of. The output had none of the specialized formatting like headers, grouping, summary calculations, etc. Since the users could see the data in the web browser and scroll left/right, they were OK with the temporary fix. When I heard this:
Me: “You do know the application could output the report in HTML exactly the way it prints to the printer. All we would have to do enable that feature in the application.”
Dev: “Yea, but I thought it would be cool to do it as a web app.”
Me: “OK, but we should just update the app.”
Dev: “Um...that is going to be difficult, the boss liked my idea so much, he wanted the report replaced with my asp application. I deleted the application from source control and from the network. Sorry.”
Me: “OMFG!…tell me you make a backup!”
Dev: “Ha!...no…boss said you would fight innovation. Web is the future.”
Me: ”What is going to happen when the printer is fixed!? Users are going to flip”
Dev: “Oh, we didn’t think of that. Oh well, that’s your problem now.”
Me: “WTF? My problem?”
Dev: “Yea, you are moving to the team responsible for those legacy applications, since innovation really isn’t your thing. I just got promoted to senior developer.”

literally what the fuck is the point of C++
>takes 3 years to make anything half-functional
>language was made in like fucking 1902 so it's damn near fucking impossible to make anything that works without sifting through bumfuck retarded syntax/libraries
>error messages that tell you absolutely nothing of use and are indecipherable garbage 90% of the time
fuck C, fuck it's retarded downie little brother C++, and fuck the stupid fucking boomers who say you're not a real programmer unless you force yourself to become a masochist by using either one of these stupid fucking languages
"oh but it's fast!!11!1!!" yeah but working with it sure as fuck isn't
half the fucking time if I just stop including certain headers in another file then the compiler throws like literally 400 fucking errors at me even though the thing(s) I excluded had no bearing on whatever the compiler decides it wants to loudly bitch and whine about
"oh but games were made on it!!!!111!" yeah not without fucking horrific spaghetti code and 900000 different libraries and dependancies designed just to make a single fucking window

In my unenlightened youth, when programming was a module in my college diploma that didn't seem to be taking me where I wanted to go, I had a couple of guys guy in my class that could arguably be the weird ones.

Jonny, although he asserted that he was to be called "Jonhty", whatever, we never did. He was pretty much top of the high school food chain and for some reason elected to study computer science, none of us was prepared to put up with his shit. He was always boasting about some fanciful claim or another, famously entering the classroom and exclaiming he'd "fucked an absolute milf" and seemed somewhat evasive about the answer, turns out he was 17 and she was 35, the age difference was greater than his own age. We burst out laughing. He would also turn up late and state the college bus was late (it wasn't I got the free bus every day, he'd just not got out his wanking chariot early enough).

One valentine's day we got him a card from a mysterious stranger which was accompanied by a package containing a cucumber and Vaseline, the inside of the card read "to assist you in the following request: please go fuck yourself".

Before you think we were being unduly harsh, we had a centre table where we'd be taught from with computers around the outer rim of the room. He'd come up behind people while at the centre desk, quietly press ctrl+P and slowly walk back to the printer. I saw him do it to my machine and I got to the printer first, to which he shouted "that's MY work" which was amusing because unbeknownst to him I had put headers on all my documents so he really didn't have an answer for why my name was at the top of every page.

To top it all off he had dead eyes, there didn't appear to be much going on but the rent, there was no spark of intelligent life, and while I thought it, I never said it out loud, but other students did and I had to agree. He was just copying his way to graduation. However, he ultimately didn't graduate when people refused to allow him to copy.

Another guy, Richard I believe his name was, which is just as well because he was a right dick. In the UK our word for white trash is "chav" (that's a very naïve explanation for it but that's another rant best left for "socialsciencerant") and he was an complete idiot who was gifted with more brain cells than he ever needed to use. He actually studied hard and got reasonable grades, probably on par with me, but he boasted about smoking weed all the time, he was forever playing dark side of the moon via his loud mp3 player. I kinda left him alone generally until he was high in class one time and while we we're watching a documentary he'd shake my chair and make a weird noise in my ear every few minutes, the first couple of times startled me, the remaining multi-dozen times pissed me off.

It all came to a head with this guy when I'd been hearing about his uninteresting bs on drugs, music and how best to spend my time ("you need to lighten up man, come round my house, take a joint and relax man", that sorta thing), well this guy walked like he was mid way through shitting himself so I personally think that perhaps he is too chilled. Anyway he's arguing with me and after the exchange of him making his point, me disagreeing and expecting the end of it, he made the mistake of saying two words to me:

"Listen, mate..."

And I had him in check mate.

"Listen, I ain't your fucking mate , I don't even like you, you're a disruptive annoying twat that thinks he knows it all, we're all 17, none of us know anything, so shut the fuck up, sit the fuck down and stop boring me with your drugs, I ain't interested, and for the record I think pink Floyd ruined prog rock!"

He looked at me with sad puppy dog eyes, and started with the "but, why?", However I was interrupted and had to leave the class for unrelated reasons, I returned to be told he'd put safety pins up right on my chair so I'd sit on them, and mutual friends who TD me I'd been cruel and that he doesn't was hurt, so I should apologize, he overheard and said he was sorry for bring a bit of a dick.

However, you just know when you don't get on with someone? Yeah, that. So I said I wasn't sorry for what I said, for while it was harsh, I am not his mate, nor did I want to be his mate and that was all I had to say on the subject, and that if he wants to take offensive to a nobody not liking him then he's in for a very rough time in life.

Unsurprisingly I don't keep in touch with anyone from college!

Wanna hear a story? The consultancy firm I work for has been hired to work on a WPF project for a big Fashion Industry giant.

We are talking of their most important project yet, the ones the "buyers" use to order them their products globally, for each of the retail stores this Fashion giant has around the world. Do you want to know what I found? Wel, come my sweet summer child.

DB: not even a single foreign key. Impossibile to understand without any priopr working experience on the application. Six "quantity" tables to keep aligned with values that will dictate the quantities to be sent to production (we are talking SKUs here: shoes, bags..)

BE: autogenerated controllers using T4 templates. Inputs directly serialized in headers. Async logging (i.e. await Logger.Error(ex)). Entities returned as response to the front end, no DTOs whatsoever.

WPF: riddled with code behind and third party components (dev express) and Business Logic that should belong to the Business Layer. No real api client, just a highly customized "Rest Helper". No error reporting or dealing with exceptions. Multiple endpoints call to get data that would be combined into one single model which happens to be the one needed by the UI. No save function: a timer checks the components for changes and autosaves them every x seconds. Saving for the most critical part occurring when switching cells or rows, often resulting in race conditions at DB level.

What do you think of this piece of shit?

our university results are out
the webpage to check the results has only 3 input fields
roll number
date of birth
captcha
after checking the source code turnsout it doesn't need the date of birth and the most FUCKEDUP part is the captcha it uses is generated using javascript on the client side and literary checked using string1 == string2
I captured the post request its sending..
it only sends the roll number with some headers to the url
I wrote a quick python script to emulate the post request and got back the results of my entire college
note - the university I'm referring to has literally more than hundred thousand students under it, each and every student uses that interface to get his results

@Fast-Nop This one's for you, buddy. Took me all freaking day to figure out how to avoid unsafe-inline when registering a service worker. XD

Oh boy do I sure love designing site layouts for mobile! The limited screen space makes me think about what's absolutely necessary to have on screen at any given time, and I need to account for both portrait and landscape. I love a good challenge - aaaand done! Time to check it out.

Ah, fuck, the browser has completely disregarded the text sizes I specified and headers of any size take up the entire screen space.

Ah, fuck, the browser has decided that 4 pixels of padding should be 32.

Ah, fuck, the browser has made the executive decision that images should be whatever size it's in the mood to display today.

Ah, fuck, all this enormous text has also wrapped itself to one letter per line.

Just a wild thought here: maybe mobile browsers should actually respect CSS rules.

The company considers the project manager I work with to be the best. After working with him, I consider him to be everything that is wrong with project management.

This PM injects himself into everything and has a way of completely over-complicating the smallest of things. I will give an example:

We needed to receive around 1000 rows of data from our vendor, process each row, and host an endpoint with the data in json. This was a pretty simple task until the PM got involved and over complicated the shit out of it. He asks me what file format I need to receive the data. I say it doesnt really matter, if the vendor has the data in Excel, I can use that. After an hour long conversation about his concerns using Excel he decides CSV is better. I tell him not a problem for me, CSV works just as good. The PM then has multiple conversations with the Vendor about the specific format he wants it in. Everything seems good. The he calls me and asks how am I going to host the JSON endpoints. I tell him because its static data, I was probably going to simply convert each record into its own file and use `nginx`. He is concerned about how I would process each record into its own file. I then suggest I could use a database that stores the data and have an API endpoint that will retrieve and convert into JSON. He is concerned about the complexities of adding a database and unnecessary overhead of re-processing records every time someone hits the endpoint. No decision is made and two hours are wasted. Next day he tells me he figured out a solution, we should process each record into its own JSON file and host with `nginx`. Literally the first thing I said. I tell him great, I will do that.

Fast forward a few days and its time to receive the payload of 1000 records from the Vendor. I receive the file open it up. While they sent it in CSV format the headers and column order are different. I quietly without telling the PM, adjust my code to fit what I received, ran my unit test to make sure it processed correctly, and outputted each record into its own json file. Job is now done and the project manager gets credit for getting everything to work on the first try.

This is absolutely ridiculous, the PM has an absurd 120 hours to this task! Because of all the meetings, constant interruptions, and changing of his mind, I have 35 hours to this task. In reality the actual time I spent writing code was probably 2-3 hours and all the rest was dealing with this PM's meetings and questions and indecisiveness. From a higher level, he appears to be a great PM because of all the hours he logs but in reality he takes the easiest of tasks and turns them into a nightmare. This project could have easily been worked out between me and vendor in a 30 min conversation but this PM makes it his business to insert himself into everything. And then he has the nerve to complain that he is so overwhelmed with all the stuff going on. It drives me crazy because this inefficacy and unwanted help makes everything he touches turn into a logistical nightmare but yet he is viewed as one of the companies top Project Managers.

So, yet another "senior" web developer employed by my contractor who utterly fails to understand CORS.

I mean, easy enough to config their servers to provide the headers. A good and quick buck.

But I swear the level of idiocy I find in so called "seniors" infuriates me. I swear, he didn't even figure out that

A) you can't make the browser omit the Origin header.
(But it works on curl 😭😭😭)

B) it's the *server* who must include access-control-allow-origin in the response, not you in the request. Like, what use would that be? I don't even...

😞

I guess if I ever need to hire web devs again my only question during the interview will be "explain CORS to me".

<rant>
I fucking HATE the Arduino environment right now.

First of all: you can't fucking put your project files in a sub folder to the main file. I can't write #include "src/motor.hpp" because it doesn't fucking know what that means.
Turns out you have to put all your header files in the fucking library folder common for all Arduino projects!

Secondly, you can't call your cpp headers hpp, they HAVE to be called h, or the Arduino environment throws a fit and begins whining about being unable to find the fucking files.
Not just that! You can't reference other Arduino libraries from within your library because the environment doesn't know what that means either.
To get around that you need to fucking include the library in your main file, AND THEN you can include it in the library file that uses it. After all, it should be the programmer's job to soon feed a so called IDE, right?

I'M SO FUCKING DONE WITH THIS SHIT! 😤

I'm ready to either program the Arduino directly with an AVR programmer or even port the entire project to the raspberry pi where I have a proper fucking Linux environment with a proper fucking directory structure so I can code proper fucking C++.
Hell I'm even fucking willing to spend all weekend porting all the code myself if necessary.

It's not reasonable that correct fucking C++ code is invalidated because I called the files something "wrong" and put them in the "wrong" directory.
</rant>

"user friendly project board" my ass

Just spent like 5 minutes trying to figure out why my page would raise a blob not found in the console, then finally checked the actual origin script headers and saw this, fuck.. I should go sleep.

DEBUGGING ARDUINO IS A FUCKING PAIN WHYYYYY

FUCK THIS PROJECT
FUCK SPI
FUCK I2C
FUCK JTAG
FUCK PROPRIETARY DEBUG HEADERS
FUCK USBTINY
FUCK AVRDUDE

Product Managers worldwide are rejoicing...

{ position: sticky }

Fucking jesus christ, for some reason in chromium-based browsers if you have a table that fills up to the full height of the parent using flexbox rules, if you go to print it, it will fucking

i forgor 💀

and give it a height of minimum content height. The solution is to ALSO give it height: 100%;

Google completely unhelpful (I guess it's too specific and most people don't write web services specifically made for printing out?) but luckily it only took me like 3 guesses to figure out on my own.

But I could have easily seen this completely pissing me off to the point of quitting. FireFox doesn't have this issue.

RELATED TANGENT RANT:

Why the fuck is the default to use headers, footers, margin, and no background images (colors) ?!?!?!? The default printing for browsers COMPLETELY FUCKS UP THE PRINT

God FUCKING damnit.

Didn't know about using php includes for headers and footers when I coded my first big site. Now having to go back through and add it in page by page so I can roll out updates more easily down the line. Bleeeuuggghhh

What the sh*t is this kind of response?! One of my corporate department's internal API returns THIS.

LOOK AT IT. LOOK. "NULL". What are those malformed closing / ending brackets?!

(request headers have accept: application/json btw)

And, as a final "f*uck you", the "IPG_API_JOBD_NC_RESP_P_COLL" is returned as JSON object if response has one element to return, but will be JSON ARRAY if result has more than one element.

Good luck, you there with strongly typed languages..... Boils my blood 😅

Let's make it clear once and for all: 60% of Belgium is Dutch speaking. So stop setting my language automaticly to French because of my country! 😡

Whenever I encounter a website that does this, I tend to look for another site that either understands Accept-Language headers or knows the above fact.

Yes, I'm looking at you Ubisoft store! But there are many more of these !#@% websites out there!

Can someone help me settle an argument with a coworker?

So let's say there is a REST interface that returns a PDF representation of an resource...but it requires the authorization header in order to authorize that you have access to the document in question.

And let's say there is a link on the page that redirects to this endpoint to serve up the document. He thinks you can add a header to the HTTP request that goes out when you click on the link (a regular old anchor tag) with onclick without making an xhr call.

I told him that you would have to use an xhr call to add headers, and that even then you would receive a byte stream back, which without using a blob and an object url or a data uri you wouldn't be able to display it in a new tab or start a download.

Regardless he went on to tell me I was wrong. The next day he said he had done it. I asked him to show me, and he said "oh it's at home", and then proceeded to ridicule me in front of my architect. He always pulls this one up's man ship bullshit and I hate it. And I am pretty sure he's wrong.

Crazy... Hm, that could qualify for a *lot*.

Craziest. Probably misusage or rather "brain damaged" knowledge about HTTP.

I've seen a lot of wild things when devs start poking standards, but the tip of the iceberg was someone trying to use UTF-8 in headers...

You might have guessed it - German umlauts. :(

Coz yeah. Fucktard loved writing everything in german, so why not write custom header names in german.

The fun thing is: It *can* work, though the usual sane thing is to keep it in ASCII range for the obvious reason that using UTF-8 (or ISO-8859-1, which is *not* ASCII) is a gamble you gonna loose.

The fun game was that after putting in a much needed load balancer between services for monitoring / scaling etc suddenly *something* seemed off.

It took me 2 days and a lot of Wireshark hoola hooping to find out why, cause the header was used for device detection aka wether it's a bot or not. Or in the german term the dev used: "Geräte-Art".

As the fallback was to assume a bot, but only rate limit based on IP, only few managed to achieve the necessary rate limit to get blocked.

So when I say *something* seemed off, I really mean a spooky kind of "sometimes IP blocked for seemingly no reason at all".

Fun stuff. The dev btw germanized everything. Untangling the code base was a lot of non fun. -.-

I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *

After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...

I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges.

I am so mad, I have no words for how fucking much I hate ever having to work or pass work to other incompetent developers or teams, what a fucking waste of time and resources.

After handing off the frontend - for the client to find some team, that would do it in the short time and budget he needs (multiple developers, more fast, much good), he found a team that seemed to be alright for the job and seemed alright to me too, now maybe a month or two later, the client contacts me, that they fucked something up and if I could talk to them.

The email I then received from them seriously made me speechles, mad and sad, all at same time, I spent multiple upon multiple hours, getting a very good readable documentation up (markdown with TOC, properly rendered headers, bulletpoints, all that shit), with all files, all services used, all credentials, even converted all ssh keys into putty ppk format, in case the developers are using windows and are too dumb to do it themselves, nginx configs, it had seriously everything, even too much to list.

They somehow managed to fuck up the entire server, while attempting to "add ssh keys themselves", EVEN FUCKING THOUGH I have included all the keys they need, all the hosting credentials, everything, yet they decided to fuck with shit themselves and completely annihilate the server in the process (HOW?!), so not even the webserver works anymore.

I am fucking speechless, I made it so fucking easy to gather all info and files they need, all properly put into well named folders, along the documentation in an archive and they somehow managed to nuke the fucking server, while attempting to add ssh keys?!

If you don't know how to config a server, then don't fucking touch it and just use everything, that got served to you on a fucking silver platter.

---

I'll just instantly answer the most annoying comment, that somebody could come up with: "why didn't you do it yourself?"

Because in a perfect world, a fully managed team, can do much more than a single developer can, especially in the same timeframe and from what I heard of said client, atleast they did something in terms of developing the system. (which surprises me, considering it's the same people that nuked a server, while trying to add ssh keys)

One time I was building a custom modal for some crappy WordPress template and I was having trouble with the header rendering above my backdrop, after digging into the CSS I realized the headers z-index was literally set to 9001.

Chrome 56 supports position:sticky natively- even in table cells/headers! It's a beautiful day!

The web is just a fucked up place. Anytime i have an idea and wanna slap together an mvp, i always feel like web standards are just made by people who have no professional training and once every year come up with some bullshit so they dont get fired.

Figure 1: cors
You wpuld think that setting "access-control-allow-origin" to * would let, well, * through, like in every other field of programming, but no, make sure all 97 other headers match or you will just get a cors error. The server expects application/json and you didnt specify that? Fuck you, have a cors error. Both express and flask have specific packages addressing this one problem so i guess im not the only one.

Figure 2: frameworks
Remember reactive programming? Remember rxjs? No you dont because all frameworks reimplement rx with shadow dom fuckery. Did you know you can have your fucking templates with 5 lines of rxjs code? Amazing huh?

Figure 3: php
It still exists for some reason.

The process of making my paging MIDI player has ground to a halt IMMEDIATELY:

Format 1 MIDIs.

There are 3 MIDI types: Format 0, 1, and 2.

Format 0 is two chunks long. One track chunk and the header chunk. Can be played with literally one chunk_load() call in my player.

Format 2 is (n+1) chunks long, with n being defined in the header chunk (which makes up the +1.) Can be played with one chunk_load() call per chunk in my player.

Format 1... is (n+1) chunks long, same as Format 2, but instead of being played one chunk at a time in sequence, it requires you play all chunks

AT THE SAME FUCKING TIME.

65534 maximum chunks (first track chunk is global tempo events and has no notes), maximum notes per chunk of ((FFFFFFFFh byte max chunk data area length)/3 = 1,431,655,763d)/2 (as Note On and Note Off have to be done for every note for it to be a valid note, and each eats 3 bytes) = 715,827,881 notes (truncated from 715,827,881.5), 715,827,881 * 65534 (max number of tracks with notes) = a grand total of 46,911,064,353,454 absolute maximum notes. At 6 bytes per (valid) note, disregarding track headers and footers, that's 281,466,386,120,724 bytes of memory at absolute minimum, or 255.992 TERABYTES of note data alone.

All potentially having to be played

ALL

AT

ONCE.

This wouldn't be so bad I thought at the start... I wasn't planning on supporting them.

Except...

>= 90% of MIDIs are Format 1.

Yup. The one format seemingly deliberately built not to be paged of the three is BY FAR the most common, even in cases where Format 0 would be a better fit.

Guess this is why no other player pages out MIDIs: the files are most commonly built specifically to disallow it.

Format 1 and 2 differ in the following way: Format 1's chunks all have to hit the piano keys, so to speak, all at once. Format 2's chunks hit one-by-one, even though it can have the same staggering number of notes as Format 1. One is built for short, detailed MIDIs, one for long, sparse ones.

No one seems to be making long ones.

I'm debugging a script...

It takes 1+ minute to start because it loads data from remote API and apparently loading 80k objects takes a lot of time, even though I need only headers

I could optimize it. Like, add a local cache. But I will not.

Instead I will waste 1 minute, then another minute, then another minute, each time hoping it's the last pass, but no. I will waste the whole day on it and at the end of the day I will still NOT have the slightest idea why it is slow. That is what will happen, I predict it.

Good times

So I spent the last 2 hours trying to figure out why my co-workers source when hitting the API I built was not working. They kept saying that the problem was the API and I kept saying that it's their implementation.

Turns out it was their implementation and as well as the API. Their implementation problem was not setting the "Accept" in the header. The API problem is how Laravel will return a JSON error response ONLY IF the "Accept" is set in the header.

I actually documented this into the API documentation but it's obvious that none of my co-workers read that you need to set the headers correctly. I think the more scary thing is that they didn't know the difference between Accept and Content-Type!!

This is a story of how I did a hard thing in bash:

I need to extract all files with extension .nco from a disk. I don't want to use the GUI (which only works on windows). And I don't want to install any new programs. NCO files are basically like zip files.

Problem 1: The file headers (or something) is broken and 7zip (7z) can only extract it if has .zip extension

Problem 2: find command gives me relative to the disk path and starts with . (a dot)

Solution: Use sed to delete dot. Use sed to convert to full path. Save to file. Load lines from file and for each one, cp to ~/Desktop/file.zip then && 7z e ~/Desktop/file.zip -oOutputDir (Extract file to OutputDir).

Problem 3: Most filenames contain a whitespace. cp doesn't work when given the path wrapped in quotes.

Patch: Use bash parameter substitution to change whitespace to \whitespace.

(Note: I found it easier to apply sed one after another than to put it all in one command)

Why the fuck would anyone compress 345 images into their own archive used by an uncommon windows-only paid back-up tool?
Little me (12 years old) knowing nothing about compression or backup or common software decided to use the already installed shitty program.

This is a big deal for me because it's really the first time I string so many cool commands to achieve desired results in bash (been using Ubuntu for half a year now). Funny thing is the images uncompressed are 4.7GB and the raw files are about 1.4GB so I would have been better off not doing anything at all.

Full command:
find -type f -name "*.nco" |
sed 's/\(^./\)/\1/' |
sed 's/.*/\/media\/mitiko\/2011-2014_1&/' > unescaped-paths.txt

cat unescaped-paths.txt | while read line; do echo "${line// /\\ }" >> escaped-paths.txt; done

rm unescaped-paths.txt

cat escaped-paths.txt | while read line; do (echo "$line" | grep -Eq .*[^db].nco) && echo "$line" >> paths.txt; done

rm escaped-paths.txt

cat paths.txt | while read line; do cp $line ~/Desktop/file.zip && 7z e ~/Desktop/file.zip -oImages >/dev/null; done

I spent hours trying to enable CORS on AWS Lambda through API gateway (it was supposed to be simple and Amazon had a nice tutorial) but it turns out that there's a known bug that makes Lambda Proxy Integrations not adhere to any setting in the API Gateway, you have to respond with the headers through the Lambda yourself.

Amazon now mentions this in the tutorial, but if you click "Enable CORS" in API Gateway, it'll show you green check marks and tell you that everything went fine, but you'll find that the Lambda does not respond with the CORS headers. They shouldn't even have "Enable CORS" as an option when you use their Lambda Proxy Integration.

Me: "Need help with build config problems, please help almighty documentation page!"

Docs Page: "Nah fam, I got 4 headers about problems with no text, a blank code example, and 2 error 404 pages."

And that's why I don't like build pipelines.

I hate sticky headers on websites, especially when they take up a third of the screen on my Chromebook. The Now TV site is pretty much unusable.

"Our Data Service comes PRE-P0WN'D"

Those SHIT-FOR-BRAINS data service providers GLOAT that their data can be natively integrated into most BI platforms, no code required.
How? Because they will EXPOSE THE ENTIRE FUCKING THING ON THE INTERNET.
LITERALLY.
UNAUTHENTICATED URL WITH THE ENTIRE DATASET.
STATIC. WON'T EVER FUCKING CHANGE.
NO VPN REQUIRED. NO AUTHENTICATION HEADERS. NO IN-TRANSIT ENCRYPTION.

"It is safe! No one will know the secret token that is a parameter in the url"
BLOODY BYTE BUTTS, BATMAN! IT IS A FUCKING UNAUTHENTICATED URL THAT DOES NOT REQUIRES RENEWAL NOR A VPN, IT WILL LEAK EVENTUALLY!

That is the single fucking worst SELF-P0WN I have ever seen.
Now I know why there are fucking toddlers "hacking" large scale databases all over the globe.
Because there are plenty of data service providers that are FUCKING N00BS.

Fuck you apache server...
Why did your dumb ass developers decide it was a good idea to not support "expect 100 continue headers". I seriously suspect that the devs were high smoking dragon dildo ashes like they were getting ready to get a whole chair shoved up their asses.
I wasted alot of time thinking i was getting a 417 http code because i fucked up my API implementation... No, it was the dumb apache server that decided to give me the finger.

Also, whoever built the HttpClient for .net framework 4... Fuck you too for automatically adding that dumb header to PUT requests and not properly documenting this or allowing for it to be disabled in a non hacky way.

I appreciate and enjoy solving coding problems... I, however, can't stand dumb decisions like the two above.

!rant
Tl;Dr: I ate shit for 3 months and finally got rewarded.
If you read my last rant you might remember that for the last 3 months I was tasked with a formal QA of some hundred word documents. (Checking headers, footers etc.)
This is almost over (8 days left)... Finally...
Today I had to present the work I did to the head of IT. The presentation went fairly well and at the end she offered me that she would be willing to get me a job the city where I'll be moving to study.
I have only met her 4 times during the year that I worked there but someone or something must have convinced her to care.
So it's seems like I'm not going to have to bother with all the usual HR bullshit and will have the opportunity for a steady income during the next 3 years.
Today was a good day.

Came to know about deepin OS on devrant yesterday
Tried it just few moment ago. It's the most beautiful OS I had ever seen. But ...
There is hell lot of issues. Except for the top sites like google, facebook linkedin github, no other page or site is opening. Browser just stops by saying "site can't be reached". Also these sites are loading slower than usual.
Even internet is unaccessible from terminal. Apt-get install just stops at "getting headers 0%"

Please help

Looked up at the clock... 2 AM... Thought about giving up and going to sleep, but something kept me there...

Rewrote my encoder and decoder for my steganography program, which are used to insert and retrieve data respectively from images. Compiled, ran, and output was as expected!

Tried to write actual data, instead of just headers, to the image, and it broke... Of course it wouldn't work first try, it's me writing the code after all.

But then, after debugging for a while and changing a couple lines, the encoder looked like it had done its work properly. Then I decoded it, and voila, data completely recovered! It almost felt too magical to be true, usually I have to modify a lot more to get it working.

So now I'm in bed, after literally decimating the memory usage of the program, amongst other optimizations, and I know that the code works perfectly 😎 best part is I refactored each class down to 100 lines each, so now it's clean and dense 😇

Just had to share, feeling so good right now 😄

*laughing maniacally*

Okidoky you lil fucker where you've been hiding...

*streaming tcpdump via SSH to other box, feeding tshark with input filters*

Finally finding a request with an ominous dissector warning about headers...

Not finding anything with silversearcher / ag in the project...

*getting even more pissed causr I've been looking for lil fucker since 2 days*

*generating possible splits of the header name, piping to silversearcher*

*I/O looks like clusterfuck*

Common, it are just dozen gigabytes of text, don't choke just because you have to suck on all the sucking projects this company owns... Don't drown now, lil bukkake princess.

*half an hour later*

Oh... Interesting. Bukkake princess survived and even spilled the tea.

Someone was trying to be overly "eager" to avoid magic numbers...

They concatenated a header name out of several const vars which stem from a static class with like... 300? 400? vars of which I can make no fucking sense at all.

Class literally looks like the most braindamaged thing one could imagine.

And yes... Coming back to the network error I'm debugging since 2 days as it is occuring at erratic intervals and noone knew of course why...

One of the devs changed the const value of one of the variables to have UTF 8 characters. For "cleaner meaning".

Sometimes I just want to electrocute people ...

The reason this didn't pop up all the time was because the test system triggered one call with the header - whenever said dev pushed changes...

And yeah. Test failures can be ignored.
Why bother? Just continue meddling in shit.

I'm glad for the dev that I'm in home office... :@

TLDR: Dev changed const value without thinking, ignoring test failures and I had the fun of debunking for 2 days a mysterious HAProxy failure due to HTTP header validation...

The Zen Of Ripping Off Airtable:
(patterned after The Zen Of Python. For all those shamelessly copying airtables basic functionality)

*Columns can be *reordered* for visual priority and ease of use.

* Rows are purely presentational, and mostly for grouping and formatting.

* Data cells are objects in their own right, so they can control their own rendering, and formatting.

* Columns (as objects) are where linkages and other column specific data are stored.

* Rows (as objects) are where row specific data (full-row formatting) are stored.

* Rows are views or references *into* columns which hold references to the actual data cells

* Tables are meant for managing and structuring *small* amounts of data (less than 10k rows) per table.

* Just as you might do "=A1:A5" to reference a cell range in google or excel, you might do "opt(table1:columnN)" in a column header to create a 'type' for the cells in that column.

* An enumeration is a table with a single column, useful for doing the equivalent of airtables options and tags. You will never be able to decide if it should be stored on a specific column, on a specific table for ease of reuse, or separately where it and its brothers will visually clutter your list of tables. Take a shot if you are here.

* Typing or linking a column should be accomplishable first through a command-driven type language, held in column headers and cells as text.

* Take a shot if you somehow ended up creating any of the following: an FSM, a custom regex parser, a new programming language.

* A good structuring system gives us options or tags (multiple select), selections (single select), and many other datatypes and should be first, programmatically available through a simple command-driven language like how commands are done in datacells in excel or google sheets.

* Columns are a means to organize data cells, and set constraints and formatting on an entire range.

* Row height, can be overridden by the settings of a cell. If a cell overrides the row and column render/graphics settings, then it must be drawn last--drawing over the default grid.

* The header of a column is itself a datacell.

* Columns have no order among themselves. Order is purely presentational, and stored on the table itself.

* The last statement is because this allows us to pluck individual columns out of tables for specialized views.

*Very* fast scrolling on large datasets, with row and cell height variability is complicated. Thinking about it makes me want to drink. You should drink too before you embark on implementing it.

* Wherever possible, don't use a database.
If you're thinking about using a database, see the previous koan.

* If you use a database, expect to pick and choose among column-oriented stores, and json, while factoring for platform support, api support, whether you want your front-end users to be forced to install and setup a full database,
and if not, what file-based .so or .dll database engine is out there that also supports video, audio, images, and custom types.

* For each time you ignore one of these nuggets of wisdom, take a shot, question your sanity, quit halfway, and then write another koan about what you learned.

* If you do not have liquor on hand, for each time you would take a shot, spank yourself on the ass. For those who think this is a reward, for each time you would spank yourself on the ass, instead *don't* spank yourself on the ass.

* Take a sip if you *definitely* wildly misused terms from OOP, MVP, and spreadsheets.

CORS is shit
Stupid useless shit that protects from nothing. It is harmful mechanism that does nothing but randomly blocks browser from accessing resources - nothing more.

Main idea of CORS is that if server does not send proper header to OPTIONS request, browser will block other requests to that server.

What does stupid cocksuckers that invented CORS, think their retarded shit can protect from?
- If server is malicious, it will send any header required to let you access it.
- If client has malicious intents - he will never use your shit browser to make requests, he will use curl or any ther tool available. Also if server security bases on something as unreliable as http headers it sends to the client - its a shit server, and CORS will not save it.

Can anyone give REAL examples when CORS can really protect from anything?

So I just spent 2 hours debugging a script that fetches data from an API. Thats all it was supposed to do. Http get some data.

It wasnt working and was giving a "parse error". Worked fine in browser.

So it turns out it was using http 0.9 (first documented http version, defined in 1991) and wasnt sending any headers. And js cant do no headers...

So yea I now have to write a tcp / http 0.9 client in js

With all the stupid fucking animated shit on websites: videos that popup, advertisements that flash (really?), things that popup if you move your mouse, headers that move weirdly relative to your scrolling, and more... Its like the 90s all over again with animated gifs, popups and other garbage. Is there some stupid web designer course saying animating shit is a good idea? The videos that move around are the worst. They totally fuck with my peripheral vision and make me want to rage quit the site.

I love angular, a fucking hello world with a config file and some auth headers takes 2 fucking days to get done.

Other peoples' code... (in C++)
I am finding what some people consider good code is not as described. I found a class that provides strings. Great it gives me paths and stuff. I incorporated it in a new project.

segfaults

Hmmm, it must have an init function... It does, but not in the class. It has a friended init function:
friend init_function(). If this function is not created and called external to the class then the class will segfault...

okay...

I implement this. I use code from another project that implements this correctly. The friend class allows the private constructor to be called to create the main instance of the class. So its a fucking cryptic ass singleton. I look at this class. It uses a macro to decide what to function call in the class. The class already has function names for each call it needs to make. The class is literally a string lookup table. I vow to redo this shitty code, someday...

I start to wonder what other fragile code I will find. Not long later I keep getting errors on malloc. Like any malloc that is called results in a segfault. The malloc is not at fault though. I run valgrind and find a websocket library is returning an object a different size than the header file describes.

WTF...

Somebody has left an old ass highly modified definition of the websocket header in a location in that I include headers (partly my fault). I eliminate that from my include path. All is well, everything behaves. I will be making sure this fucking header is not used and it is going to die. Wasted a bunch of time.

Lessons learned: some code is just fucked and don't leave old ass shit you tried laying around.

Trying (for fun) to run a GNUStep Obj C program that calls c headers has proven something to me:
I really do not know what I am doing with makefiles and should probably slowly and respectfully walk away to continue doing what i was doing in c++

Kids, documentation reading is important.

I also do happen to really like objc

Today in Windows Clang misadventures from one past wtf

I have 0 fucking clue what is happening, so I am starting to think that this is a windows 11 only bug.

If I (say for example) compile all of my headers into a .dll and then link them to my executable program, an executable will be generated.

If I use the dll to be linked into my executable, but DON'T use any of the code inside, then no executable is generated.

I need to at least use something from within the headers that I create into the main program for it to build and actually throw out an executable.

I could argue that doing this would be the proper way to setup a project in some scenarios, managing your headers and what not.
The only bad part is that it essentially removes the ability for newcomers to just install clang and hello the fucking world into existence.

Mind you, using the Mingw installation is possible still. I-just-don't-fuckig-understand-why-the-fucking-official-build WORKS

THIS is why people are trying to jump into other languages. My dude's shit is solved, but this fucking infuriates me. ANd go on, try googling "clang not building executable" and see how this shit is nowhere to be fucking found sdfksakjdfa

Requests to a soap server were failing randomly. In order to contact the API provider, I tried to provide an curl example with the same payload and the error response. Yet when sending the payload over curl, the request worked just fine. When my application was building the request, it failed.

What. The. Fuck.

I checked and double-checked the request body and headers. They were identical.

Of course, no error response was returned by the API provider and, of course, they could not tell me how what error I caused in my request.

So I created a basic dummy server, installed wireshark and compared the payload when sending a request from my application and from curl to my dummy server.

It turns out: curl, if called in a certain way, automagically strips out newlines. The soap client kept them.

So that that shitty soap server crashed due to newlines in the message body!

Stripping out the newlines was rather easy.

Shame on you, your house, and entire family for letting it crash due to them!

The other day I was working with libpulse in a Qt project. Because I didn't like to deal with a C library from C++ code I copied wrapper code from a well-proven project. Suddenly the wildest compile errors occurred when I only tried to include a header from the new code. After hours of frustration towards me, C++, the compiler and everything involved I discovered that one of the headers I copied had the same include guard as one of the existing classes.

Hm... Apparently I've been doing TDD all along... it's just that I don't save the tests in a seperate project.

I just keep editing Main() to test whatever i'm working on (each class).

Also the NJTransit site is sneaky as ****. It seems the devs know a bit about how to prevent site scraping by checking Headers and Client information...

Took all afternoon to get this test to pass....

it works in Chrome but not in my code... and even after I spoofed all the headers... including GZIP.... it wouldn't work for multiple requests...

I need to create a new WebClient for each request.... no idea how it knows the difference or why it cares... maybe it's a WebClient bug...

And this is only the test app. Originally was supposed to be built in React Native but that has it's own problems...

Books are too old, the examples don't work with the latest...

But I guess this also has a upside... learn TDD and React rather than just React... hopefully can finish this week...

I'm actually on vacation... yea... i still code like a work day... 10AM - 8PM....

sigh. I hope one day Linux can be rewritten in something with more sensible package management. C/C++ can just be a real pain more often that not. My case was trying to install CUDA on ubuntu 16 following the OFFICIAL developer guide. gave up after trying for an hour. It needed the kernel headers for compile the drivers and it was jsut alot of pain dealing with files being in the wrong place and gcc version mismatching and tons of other cryptic errors. and this is for ubuntu which is a pretty mainstream distro.

I watch nerdy films and understand the jargon they use...

"strip the headers..."

I bet it's like being a surgeon watching House

Couldn't be arsed with all the conditional compilation that angelscript required, so I dumped right back to good ol' lua for now.

Got lua in, vm started, loading strings and pushing/popping the stack.

Got SDL actually drawing as intended.

I don't know even half of what I'm doing.
Apparently header files that end in ".hpp" are specific to c++, while .h are for c headers.

I like the new SDL2 though, little bit different than SDL1. Not a lot of tutorials cover the difference, but I could kinda suss out from the documentation where I needed to adapt, even though I'm still pretty loose on the library, on the docs, and on c++ itself.

Still just a learning project.

Also, I'm continually surprised there isn't a portable, platform independent tool or little language just for replacing all pseudo-languages out there like .bat and .sh, and .zsh

Maybe even just a tool that standardizes it all, then takes config files that map the new standard to system dependant commands, so you can download the damn thing, configure the relevant environment variables, drop in the platform dependent configuration (or your browser or package tool detects what platform you are on and chooses the relevant package/download for your platform), write a console script and the tool automatically translates, and emits the system-relevant commands to that platform's console (so you don't even need much platform-specific code to do things like file access).

Does anyone know why we say "hero" for big headers in webdesign ? Where does this term come from ?

Content-Type: application/xml;q=0.9; charset=utf-8…

When their app is 90% sure it serves XML.

Task: blinking light.

Boomers: One lightbulb, one bimetallic strip.

Zoomers: LED (D13), Atmega328P, Atmega328, 5V, 16MHz, 2KB SRAM, 32KB flash, 1KB EEPROM, FT232RL, 19.0mm x 43.18mm, 16 analog pins, 14 digital I/O pins, 6 PWM pins, 2 resettable fuses, 8MHz external crystal, 16MHz external crystal, 12MHz crystal, 0.5mm pitch, 0.1 inch headers, 1.27mm pitch headers, mini-USB, 3.3V regulator, 5V regulator, 16MHz ceramic resonator, 1N5819 Schottky diode, 47uF capacitor, 100uF capacitor, 10uF capacitor, 100nF capacitor, 0.1uF capacitor, 22pF capacitor, 1N4007 diode, 10K resistor, 4.7K resistor, 330 ohm resistor, 10uH inductor, 27 ohm resistor, 2x3 ICSP header, reset button, LED (D13), green LED, red LED, yellow LED, 6-pin header, 8-pin header, 28-pin DIP socket, 6-pin FTDI header, ceramic resonator, USB mini-B socket, 16MHz oscillator, M7 diode, LDO voltage regulator, 3.3V regulator, 5V voltage regulator, polyfuse, 22pF capacitors, 100nF capacitors, 10uF capacitors, 47uF capacitors, 100uF capacitors, 1N4007 diode, 1N5819 Schottky diode, 16MHz resonator, 0.1uF capacitor, 330 ohm resistors, 27 ohm resistors, 4.7K resistor, 10K resistor, 10uH inductor, 22pF capacitor, mini-USB connector, 8-pin header, 6-pin header, 2x3 ICSP header, reset button, ceramic resonator.

Contrary to popular opinion, I still firmly stand by my belief that you should thoroughly study something in-depth before you attempt to do anything serious with it. Failure to do so will have an enormous cost of waste of time attached to it.

Here's an example:
I was using AJAX to post a multi-part request containing a file.
Now here was the problem: no matter what code I forced in the backend, the browser would in all cases refuse to prompt a SaveFileDialog (and I had turned on the option in the browser to ask the user if download). This took me two entire days and at least 100 Google queries and several RFCs to figure out.

From StackOverflow:
The cause was simply that you can't (typically) make a browser prompt a SaveFileDialog via an AJAX request, even if you set the necessary headers. Why? The browser will just dump everything back into the XmlHttpRequest object..

If you make a regular request with Content-Disposition: attachment; and so on, then it works, but yeah, not with an XmlHttpRequest.

Conclusion:
Had I better studied the HTTP spec, networking and AJAX in-depth, I would have instantly known what the cause was.

Very excited, got my raspberry pi zero working over usb finally, gotta admit it took me a while to figure it out that the ifconfig IP assigned to the interface established isn't actually the raspberry pi's (seriously you don't want to see how far the visited google links go for all variations of "how to setup the otg ssh connection"), that only came to me once I was able to find the mini-hdmi to hdmi cable, before that it was a pure shitfest:

First I just tried all sort of configs, but the raspberry pi kept denying the ssh connection, slammed the microsd into my bigger Pi, even multiple times ran raspi-config, forced ssh to start in all possible ways, nothing.

Then I tried to use the TV-output on it together with my old small portable tv to maybe see some error-logs or the ssh not starting on the zero for whatever reason, even flashed a 2016 image thinking it is stretchs fault for not working, but then my fucking soldering iron cable disappeared, tried to quickly create my own, but that failed cause the 3.5mm connector it uses is different from the ones I had available, so I macgyvered a sketchy ass lose connection with male headers sticking through from the bottom and being sticked against the board with a female end on top, but the TV output wouldn't work, even with proper config options, so I gave up.

Some days later I've found the cable, connected it and realized the fucking IP it gets assigned is totally different from the interface, well fuck my life.

Atleast now I can make a clean image of that microSD and setup the portable laravel development raspi as I wanted, can't wait to try it once I get more time to fully set it up - btw even the internet bridge worked right out of the box, so I can easily use my laptops internet connection on the zero.

Who, more than I, totally HATE emoji?

lol I hate emoji after it caused so much problems with Microsoft Outlook and email backups from said program combined with emoji in subjects.

Wrote an subject filter in exim4 (took 3 days to debug and get working propely) that totally eradicate anything that isnt ISO-8859-1 from the subject line, then converts the rest to UTF-8 (because said IMAP client isnt following standards).

it also converts ISO-8859-1 characters in subjects to UTF-8 even if the original subject is declared to be UTF-8, because obviously some software (especially newsletter software) are transmitting ISO-8859-1 subjects that are declared to be in UTF-8 (but the opposite isn't true).

And also cuts subject to 100 chars, because too long subjects are a problem too. Same with date headers, I replace them with the server date/time because some software are sending Date: 1970 Jan 01 00:00:00, because some of these erronous headers are put by some mailing list software, aswell as causing problem in OEM clients like Samsung Mail.

Problem solved, all IMAP clients happy on internal network.

one of the most anoying error in php is headers already sent -_- one single white space will fuck you up

markdown is not good enough! the tools aren't there for non-devs and there's no concordance on moving forward *compatibly* for anything other than headers and __possibly__ lists.

md has been around for years and still no consensus on comments, meta data, css, data imports, etc.

i could never in good faith recommend to a non-dev to use markdown, even though every academic and professional writer from legal to journalism should exclusively be using markdown to write and store their documents. the data portability and ease of search, retrieval, collection, distribution, etc of markdown compared to pdf or docx is enormous. markdown is the hex format of text, the perfect layer of data and visual so that the user and the computer can both operate on text as blocks of data rather than weirdly styled paragraphs that need to be reformatted BY HAND for citation-style or journal format, or paper size. FOR EACH SUBMISSION. Academics literally rewrite their 100-page papers to accommodate up to 10 different submission requirements.

They could be clicking MLA vs Chicago and/or using a journal's stylesheet to recompile for its styles.

Today there is some support from zotero et al to take away some of the pain, but it makes ZERO SENSE for writers to have to keep and store and keep up to date, multiple versions of the same document. Git pull does not exist for them. But the worst part is that git isnt the solution to their problem. They need a compiler more than they need version control. But they also desperately need vcs. They ALL literally have a million files named "dumdum.dumFINAL-3084_lastversion \2020, this one.dum".

They dont have git or anything like it, because they need a line-by-line solution like markdown for git to become effective.

All of writing is basically mired in the fact that people cant even roll up their paragraphs and see what the fuck it is theyre saying. Most writing reads like a long scroll through some nonsense that goes nowhere. Like this rant. but the point is that markdown and line-by line editing actually produces more logically sound writing. You start to think in terms of defining ideas in blocks, ... like code.

Context: Can't set headers after printing from a pipe. So...

That moment the client asks to add a single link to a header and you think: "easy enough". But then you notice their CSS.
Not a single f*cking class is used in the entire header, everything is done using :nth-child selectors etc... 🤬

Also, did I mention, the CSS is used for several headers, so adding an element to the header and modifying the CSS might break any other header in the application.

And this after they mentioned last week that they don't use a library like Bootstrap because it is too cumbersome.

I'm so mad right now, have been trying to fix this for half an hour. A task like this shouldn't take more than five minutes!

CGI is fun, websockets are fun, why on earth is it so fucking hard to have both of them with proper switching using at most one extra program apart from my handlers?
By proper switching I mean that you actually track connections and upgrade headers to decide what to do, rather than forcing websocket connections onto a separate HTTP resource just to tell the difference.

FUCK YOU SYNCFUSION, JUST FUCK YOU!! TRYING TO USE YOUR FUCKING LINEAR GRAPHS AND THEY NEVER FUCKING WORK!!! THEY DON'T ADAPT THEIR OWN BOUNDS, THEY DON'T SHOW LABELS EVEN THOUGH I'M FUCKING TELLING YOU TO SHOW THEM AND EVEN WHEN I ADD HEADERS YOU REFUSE TO SHOW THEM!! AND FOR SOME GODDAMN FUCKING REASON, WHENEVER I USE A TABBED PAGE YOU JUST GO UP AND FUCKING THROW AN "UNKNOWN EXCEPTION" JUST FUCK IT FUCK YOU , FUCK YOUR GRAPHS, FUCK EVERYTHING!!!!!!

After waiting a while for another programmer on another team to provide a web service that I needed to call from a client side web form, I received word that it was ready. I could not get it to work because CORS headings were not being set correctly. After contacting them and letting them know, I got an email update to the team letting everyone know that they were waiting on me. After explaining that CORS headings were not there, I just built a PHP page to proxy the request, results and set the headers correctly so I can move on. I will remove it when they get their side fixed... if they ever do.

finally got a Powerline set, so I can actually *use* my desktop upstairs.

...wait, my ethernet isn't working.

look for the chipset's proper driver package...?

"oh it installs the wrong driver by default, which doesn't work on kernel 5.x. Use <other driver, DKMS>"

"oh it won't see your device? downgrade to <version>"

DKMS error: "<snip>/linux-headers-5.10<whatever>/Documentation/Makefile" doesn't exist

fuck it, plug laptop into powerline adapter

less useful than current situation

i'm going to fucking cry

How do you do java style oop with classes and inheritance and all that in c++?
Do I really have to make a header and a source file for each class?

And while we are on it: are there any sources of "famous" games written in cpp?

Spent about 40 minutes trying to figure out why my stupid events were not tracked, something about CORS

so digged into the htaccess file and added the correct headers but the header value was being appended although i was setting it.

So I figured the "tool" i am using is setting it too but only when I set it, that was weird.

So on to to its github I went, someone mentioned there is a CORS setting in the UI, so I added the domain i wanted to allow and done, it fucking works.

Read the documentation kids, sometimes it is useful.

YSlow, go away! Stop dropping my score for not using CDNs! I used your fucking CDN for delivery and it was tripling my load times! I know what I'm doing, now kindly fuck off!

That said, I just have a few headers to set and images to reduce and I'll be at 100% with PageSpeed (but not YSlow because they suck). At least Google knows when CDNs are and aren't beneficial!

So I applied for a Cloud Architect position. The process was very intensive. Roughly 6 interviews, 2 practical assignments and a written exam. In total it took me 3 weeks to go through the screening process. I aced everything, and was told they were going to send me an offer. I received an email on the 21st of April asking me if I was still interested. I replied back immediately saying I was most def interested. The next morning I get an email back from the hiring manager, who happened to CC the client as well, saying I took too long to reply to the offer, and the job was filled. I was perplexed as to how I took too long to reply. I went through the email chain that the client also received, and saw the hiring manager changed the email headers in the reply chain from the 21st of April, to the 12th of April. So it made out that I did indeed take too long and the client went with someone else! WTF! Very unprofessional, but very little I could do.. I wasted a lot of time and energy and heartache with this!

Technical question that I just cant find the answer to anywhere.

I have a load balancer and want it to pass the IP of the original caller to the server. Usually it is done by modifying the header? of the Request HTTP packet? and adding X-Forwarded-For: ....

The LB team though says it needs to modify X-Originating-IP and somehow causes a noticeable impact of the speed of all requests.

I don't know the details but it should only modify the first Packet that has the HTTP headers and should be appending X-Forwarded-For. If only need to modify the Header packet, how can it slow down the whole interaction so much:

-Adds 100ms to a 200ms request
-Increases a 10 minute download to like 20-30 minutes

Wonderful experience today

I'm scraping data from an old system, saving that data as json and my next step is transforming the data and pushing it to an api (thank god the new system has an api)

Now I stumbled upon an issue, I found it a bit hard to retrieve a file with the scraper library I'm using, it was also quite difficult to set specific headers to download the file I was looking for instead of navigating to the index of the website. Then I tried a built-in language function to retrieve the files that I needed during the scrape, no luck 'cause I had to login to the website first.

I didn't want to use a different library since I worked so hard and got so far.

My quick solution: Perform a get request to the website, borrow the session ID cookie and then use the built-in function's http headers functionality to retrieve the file.

Luckily this is a throwaway script so being dirty for this once is OK, it works now :)

Why the fuck do I need an Accept, A content-type AND and responseType (which, by the way doesn't go with the rest of the request headers, it has to sit outside them just to fuck you up). Just so angular will stop trying to parse absolutely fucking every request as JSON?

I'm well aware my knowledge of http protocols and angulars apis's are not the best but for fuck sake. What dark book of secrets must I uncover to illuminate the strategies behind these choices?

Why, when the Accept type is text, the Content-Type is text. When the request itself is handwritten beautifully on parchment and sent via fucking carrier pigeon to the backend and returned by horse and carriage, does ANGULAR STILL TRY TO PARSE IT AS FUCKING JSON. JUST STOP.

OK I need some help. I need to make sure I’m not losing my mind.

We are using an ERP which is hosted by another company. We are supposed to be able to access the data via a REST API. This works fine using Insomnia or Postman, but when I attempt to hit the API from my web application, CORS blocks the localhost origin.

I contacted the company’s technical team to request that they change the CORS configuration to allow localhost. They keep running me around in circles telling me that I don’t know what I’m talking about because localhost isn’t a DNS resolvable name and I’m doing something wrong and they don’t need to change any configuration.

They insist that if anything would need white listed, it would be my IP, not localhost.

I sent them screenshots and stack overflow posts and documentation links, showing them exactly what headers need to be set and where the configuration needs to be set in the ERP. They tell me I don’t know what I’m talking about.

They tell me that if I can hit the API from Postman, I can hit it from my browser.

Am I losing my mind? Have I fundamentally misunderstood CORS all these years? I’m sure I’m right. But I’m starting to feel like I’m crazy.

Installing C++ libraries. There's no standardised system to download a library and link it's headers into my project as of now, so I generally end up symlinking its headers into an include directory, which can be very annoying.

Now why would you set Content-type application/json as a response header if your response is plaintext? 🤔

Have people no respect for http headers anymore?

HTML Writers Guidelines

When designing your web site you want to make the visiting experience as enjoyable as possible and at the same time make it so that if the site needs to be changed in any way, the changes are not too difficult to make. You want the look to be as appealing as possible for all browsers and also make the site accessible to users with disabilities. In order to accomplish all this there are some general guidelines when creating your HTML code.

1. The first thing that will really make your life easier is through the use of Cascading Style Sheets (CSS) - CSS is used to maintain the look of the document such as the fonts, margins and color. HTML directly on the page is not a good choice to handle these aspects because if say, the font color you are using for certain paragraphs needs to be changed from blue to red, you would have to go in and change each color tag manually. By using CSS you can designate the color for each of those paragraphs just once in the CSS file. That way if you have to change the font color from blue to red you make one change instead of the countless number of changes you might have to make, especially if your web site contains hundreds of pages. This is a big time saver and a must for all professionally designed web sites.

2. Don't use the FONT tag directly in your HTML code - This becomes a problem when using some cheap authoring tools that try to mimic what a web page should look like by using excessive FONT tags and nbsp characters. These tools end up creating web pages that are impossible to keep maintained. There is a program you can use, if you've created one of these disaster pages, called the HTML Tidy Program which you can actually download here . This will clean up your code as well as possible.

3. You want your web pages readable to people who have disabilities - People who surf the Internet depend on speech synthesizers or Braille readers to interpret the text on the page. If your HTML markup is sloppy or isn't contained in CSS the software these people use to read pages have a difficult time in interpreting these pages. You should also include descriptions for each image on your page. Also, don't use server side image maps. If you are using tables you should include a summary of the table's structure and also associate table data with the correct headers. This gives non visual browsers a chance to follow the page as they go from one cell to another. And finally, for forms, make sure you include labels for form fields.

By following just these three guidelines you give your visitors, especially disabled visitors the best chance of having an enjoyable visit to your site while at the same time making it so that if you have to make changes to your site, those changes can be made easily and quickly.

Ugh I hate having to write c/c++ files in pairs of implementation and headers... Oh wait that's what bash scripts are made to solve! :D

So, today, I wanted to try setting up a wireguard VPN server on my little raspberry pi at home. I... expected /some/ issues, but what I found dumbfounded me.

1 - I already had the wireguard package from the unstable branch of the main raspbian repo installed... Huh, okay.
2 - Setting up config was extremely easy... Wow, so the rumors were true. Wireguard really is almost dumb-simple.
3 - Failed to create a network interface? Oh, trouble, here it is! So lets see... modprobe wireguard... Nope. Don't have the module? What?
4 - Reconfigure package to rebuild the module - missing kernel headers? Huh... weird

This was the simple stuff... Then I went down the rabbit hole of the Raspberry Pi ecosystem:

1 - There is the Raspberry Pi Bootloader, that is apparently separate from the Kernel itself. And I didn't seem to have any of the standard linux-image-* installed... What? Weird, yet there I was, running a 4.19.42-v7+ kernel...
2 - No kernel and no headers... What... The... Fuck
3 - Okay, so... Lets just... try to install the latest kernel image then? One apt-get install... It downloaded the image, but during package configuration, it failed because... I didn't have... its headers? What? What for? And if it needs them (for whatever reason), why isn't the headers package as a dependency? Ugh, whatever...
4 - Another apt-get install and... Okay, building the initrd image aaaaand...
FAIL
WHAT. What is it this time!?

Oh... Ran... No more space on device? What? Is /boot independent? Of course it is, it has to be, its a bloody different filesystem

Okay, so, lets che-OH MY GOD WTF.

Its just bloody 45 MBs big! The entire /boot is just 45 MBs large. WHY. THE. FUCK.

This was a default raspbian install from I have no idea when. But... Why. Oh WHY would ANYONE pre-configure /boot to be this incredibly tiny!?

No wonder the new init ramdisk couldn't fit in there! Its already used up from 64%!

Thanks, Raspbian Devs, now I gotta reinstall the whole system because, yes, the /boot is, of course, sector 8192. Just far enough from 2048 that there are *some* sectors free - About 3 MBs.

So what did I try? Remove the partition and recreate it from the very beginning. Only... I never tried in in the past, and okay, kernel doesn't like having the partition where its image resides deleted on the fly, it will not give up FDs pointing there or something.

So now, I have a system I cannot reboot, or it will never boot back up :|

Thanks, Raspbian!

I need to get a cheap 1U somewhere or something T.T

I recently received a text to a sketchy URL. In my curiosity I tried to see if I could get the source code from said URL without actually going there directly.

My first attempt I did this with apitester.com, a website that is intended for testing APIs but comes in handy for a quick URL test and seeing what gets returned. Next, I tried an official website dedicated to telling me if a site is sketchy. Finally, I tried to CURL the url with a variety of different headers. Alas, all these attempts gave me nothing. I know if I clicked on this link through my Phone it would definitely direct me to a sketchy website, but I just can't for the life of me figure out how their backend is setup to know what is a real request and what is not.

My Question is this; what is the potential stack setup that this person could be using that would disallow anyone from testing the URL and force them to redirect to google and any real request to redirect to the actual website?

questions I want to ask at work but I am too afriad to:

aren't we supposed to use .hpp for C++ headers instead of .h?

Someone, somewhere, in the standard C library headers for my particular libc implementation, is #undef'ing assert() unconditionally and it's causing massive headaches.

Fuck the C preprocessor. There's no way I can track this down it seems, but my assert implementation is being quietly ignored and I have no recourse for it.

Gotta change all of my asserts to a different name now. Fun.

*long sigh*

Software idea: A text software that lets you fold based on tab indentation, and define arbitrary text as headers tags and also define their format.

Example of the text describing the configurations that would be used (format wouldn't be inline oc but just in case any of you complains):

# Header, blue, slightly bigger text, bold
item 1
item 2
! red line of text, indicating to-do or current state
arbitrarily
indented
foldable
text

Now the rant: I can't find any software that offers this. :/ I have to define a whole language spec to do this in the editors I've checked.
If you happen to think about some editor, tell me.
Of course, I could code it myself, but I'm married to University for now.

Can't set the cache headers in GitHub Pages. Now people are criticizing my old portfolio site. Great. Thanks GitHub.

I was programming a nodejs app using an api written by two other devs in my company. I tried catching the cases where the requests fail, but it just did not work. Then i found out what the reason was: Apparently the other devs thought, it is enough to send the appropriate status in the json body and did not set it in the headers, so I always got a 200 back even if it failed and there was no usable data in the body.

Job's are here and there

Already starting to regret trying to learn c++ AND test driven development at the same time. Do you think i can even get the boost-test headers located anywhere from a binary package installation.
3 days on no learning code cause i cant even get the testing suite up and verified.

let rant: (Bool, Bool, String) -> Void = { (isRant, isDev, contents) in
print(contents)
}

rant(false, true, "

So, a year ago more or less, I set out to teach myself some server-side programming on the side.

Many (MANY) tutorials, Digital Ocean droplets created and destroyed, coffee mugs and FMLs later, I can say 'Hello World' from Node.js - built from source and not running as a sudoer - using express and forever on Ubuntu, behind another Ubuntu server running nginx - also built from source so to add headers-more and naxsi - using all sorts of goodies to enhance security and talking to each other via SSH. Oh, and taking to the world over HTTPS with a grade A on SSL Labs (I know this doesn't mean much to you. Yeah you, rolling your eyes over there. So why don't you just bugger off before even commenting? Haha)

Feels good man.

")

The CORS implementation has made the web overall less secure. It insists on the 99% pain in the ass solution rather than the 98% easy to use solution. So what happens? People work *around* it a lot, and that degrades web security overall.

Had *.mydomain been available as a header value, it would have been fine. Update your CORS headers? Good luck when your users' browsers have a cached copies of the old headers. Instant CORS violations.

A mix of both python 2 and python 3. 4 entry points (although, this was done for the sake of microservices).

All in 1 big monorepo. Hosting a site in mostly static form (i.e each page had it's own index.html with completely different headers and footers, no templates).

bcp in SQL Server can't export column headers. WTF?! Spent hours trying to find a solution that doesn't involve me typing all 250 columns.

Still haven't...

Has anyone maybe a link to HTTP security topics in general?

I find often breadcrumbs, like in several different attack possibilities, but nothing comprehensive.

Mostly regarding HTTP 1.1 / HTTP 2 (h2c) and proxying.

I'm currently unclogging an whole ecosystem of proxies, endpoints, edge nodes and so on...

My knowledge is limited and it's frustrating to Google cause seemingly I get always just pieces of the puzzles but not a collection -.-

(Looking for specific information, e.g. regarding attacks like H2C Smuggling, HPACK attacks, stuff regarding Cookies / Headers / Encoding... But please not spread over several dozen pages where it becomes frustrating to read the same shit over and over again without learning something new :( )

i compiled an app on mingw on linux, for windows using qt4, when trying to run it on windows it crashes with no understandable error, i installed wine and tried to run it there, got a proper error message, it was missing dlls
before someone tells me, i know i need a debugger, I'm just hello worlding around to check that i have all headers and libs in place on both linux native and mingw

TMW CURL doesn't want to download website content (yes, headers are set and correct), but the provided URL works in your browser.

Consider an API that uses the HTTP path to represent position in a tree that literally represents a file tree with minimal constraints, and GET/PUT/DELETE methods to read, write and destroy the nodes. How would you encode read/write operations to per-node metadata? The kinds of metadata are static and around 4, so inventing HTTP verbs for each of them is infeasible but filtering is not necessary.

Options considered so far:
- toplevel resources alongside a namespaced /data such as /acl, /lock
- magic keywords to the Range header (this is apparently compliant)
- mimetypes such as text/plain+acl
- SETPROP / PROP methods in the spirit of WebDAV
- headers (I worry this may become an immitigable bottleneck really fast)

I'm looking for any kind of suggestion or insight, not perfect answers.

I read the WebDAV specification and I won't even suggest that I'm trying to align with it, the only protocol I'd seen in the past with comparable scope bloat is WebRTC.

Used cocoapods to install VideoCore on demo. Everything's working. Nice!

Transferred to actual project - pod file has 'use_frameworks!' in it, fucked up the headers, project broke. Spent whole Saturday trying to solve it cos i suck!
..I thought I would be done in an hour..

I'm working on some custom software for work, and I've been keeping a changelog. I use three main headers: Added, Fixed, and Changed. Under what header should 'general stability improvements' go? These stability improvements are too vague and broad to specifically mention what changed (because nothing changed, just some source code was re-arranged/re-worded) What category would you put this?
Edit: This changelog is for the `non-tech` employees

Why the fuck is MQL C++ based? Why not make a simple scripting language which gets interpreted by your application? I don't want to write headers and definitions constantly, I'm just trying to write a trading indicator ffs

Setting Cache-Control headers that are aware of future changes on a given page is freakishly complex. Too bad the Expires header doesn't overrule Cache-Control.

We go together like CORS and cookies...said no one ever.

Use headers for Pete's sake!

When building a REST-API, that is secured with tokens (JWT or something),
Should the token be included in the body or in the headers?

What's the most sensible way to build and use 32/64-bit libraries with MSYS on Windows? Specifically, I am wondering about zlib and libpng along with SDL2.

I know there are pre-built versions available, but I am inevitably going to need to build other libraries in future.

I'm expecting things to go into /usr/local (which they do), but I'd like to have separate builds for 32-bit and 64-bit. I know I can put things into "lib32" or "lib64" using ./configure options pretty easily, but DLLs (e.g. SDL) seem to end up in "bin" so I assume I should create a "bin32" and "bin64" for those?

Then there's the issue of e.g. libpng not being able to find zlib's headers when using its MSYS makefile... Should I be editing these makefiles? It looks as though I should (things are commented-out etc.) but when I want to update to a newer version, I'll need to modify the makefile again.

It probably sounds like a really silly set of questions but I've always found that building and installing libraries on Windows feels really clumsy and I just want to make sure I'm not making a really messy dev environment.

Is there anyway to post a data to a apache server without using headerless data? (A http packet without headers, just raw data string)

so I got the reverse proxy all set up on my server, forwarding all the right headers to enable SSL behind reverse proxy. awesome! my only problem remaining is, since nginx only handles HTTP/S traffic, I can't connect to my gitlab instance via ssh. anyone know how I can proxy this traffic as well to enable ssh connection for git?